From 49a335731a7139a5c66be596f3d544bef72a8556 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 3 Oct 2012 12:50:42 -0700 Subject: Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2." This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245. As Metze pointed out: From MS-SMB2 section 2.2.4: SMB2_NEGOTIATE_SIGNING_ENABLED When set, indicates that security signatures are enabled on the server. The server MUST set this bit, and the client MUST return STATUS_INVALID_NETWORK_RESPONSE if the flag is missing. I'll submit a documentation bug to fix #9222 that way. --- source3/smbd/smb2_negprot.c | 10 ++++------ source3/smbd/smb2_sesssetup.c | 6 ------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 826e0d1d2a..6adc5819ec 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -92,7 +92,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) DATA_BLOB security_buffer; size_t expected_dyn_size = 0; size_t c; - uint16_t security_mode = 0; + uint16_t security_mode; uint16_t dialect_count; uint16_t in_security_mode; uint32_t in_capabilities; @@ -244,11 +244,9 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR); } - if (lp_server_signing() != SMB_SIGNING_OFF) { - security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; - if (lp_server_signing() == SMB_SIGNING_REQUIRED) { - security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; - } + security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; + if (lp_server_signing() == SMB_SIGNING_REQUIRED) { + security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; } capabilities = 0; diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 8bdfd49644..2599d2a63d 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -185,12 +185,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_session *x = session; struct smbXsrv_connection *conn = session->connection; - if ((lp_server_signing() == SMB_SIGNING_OFF) && - (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) { - DEBUG(0,("SMB2 signing required and we have disabled it.\n")); - return NT_STATUS_ACCESS_DENIED; - } - if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == SMB_SIGNING_REQUIRED) { x->global->signing_required = true; -- cgit