diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/smb_server/smb2/negprot.c | 2 | ||||
-rw-r--r-- | source4/smb_server/smb2/receive.c | 4 | ||||
-rw-r--r-- | source4/smb_server/smb2/sesssetup.c | 3 |
3 files changed, 7 insertions, 2 deletions
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 2da39001ab..3e6e2e1a43 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -121,6 +121,8 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 break; case SMB_SIGNING_REQUIRED: io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED; + /* force signing on immediately */ + req->smb_conn->doing_signing = true; break; } io->out.dialect_revision = SMB2_DIALECT_REVISION; diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 3def8fe563..2f4e9df2b6 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -321,6 +321,10 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) smb2srv_send_error(req, status); return NT_STATUS_OK; } + } else if (req->smb_conn->doing_signing && req->session != NULL) { + /* we require signing and this request was not signed */ + smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED); + return NT_STATUS_OK; } /* TODO: check the seqnum */ diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 482dd181c2..9fb3220005 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -181,8 +181,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses /* note that we ignore SMB2_NEGOTIATE_SIGNING_ENABLED from the client. This is deliberate as windows does not set it even when it does set SMB2_NEGOTIATE_SIGNING_REQUIRED */ - if ((io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || - lp_server_signing(req->smb_conn->lp_ctx) == SMB_SIGNING_REQUIRED) { + if (io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) { req->smb_conn->doing_signing = true; } |