From 39dcf4bf02d13201b2da11f4b9fd3b972da87c80 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 21 Sep 2011 03:56:30 +0200 Subject: s3:smb2-server: session setup replies should always be signed (except for guest sessions) not only if the session should be signed Signed-off-by: Stefan Metzmacher Autobuild-User: Stefan Metzmacher Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104 --- source3/smbd/smb2_sesssetup.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index e535f17e49..c81baa53dc 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, char *real_username; bool username_was_mapped = false; bool map_domainuser_to_guest = false; + bool guest = false; if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) { status = NT_STATUS_LOGON_FAILURE; @@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; + guest = true; } session->session_key = session->session_info->session_key; @@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, * so that the response can be signed */ smb2req->session = session; - if (session->do_signing) { + if (guest) { smb2req->do_signing = true; } @@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint16_t *out_session_flags, uint64_t *out_session_id) { + bool guest = false; + if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == Required) { session->do_signing = true; @@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; + guest = true; } session->session_key = session->session_info->session_key; @@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s * so that the response can be signed */ smb2req->session = session; - if (session->do_signing) { + if (!guest) { smb2req->do_signing = true; } -- cgit