From f1b6cd794dd5de853c4b068361a326160a3d0384 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 17 Jul 2003 00:48:21 +0000
Subject: Putting the framework for server signing in place. Ensure we don't
 use sendfile when signing (I need to add this for readbraw/writebraw too...).
 Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)

---
 source3/smbd/negprot.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'source3/smbd/negprot.c')

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f452dd845b..0b58eb3eb2 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -277,6 +277,14 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	if (global_encrypted_passwords_negotiated)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	
+	if (lp_server_signing()) {
+		secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+		/* No raw mode with smb signing. */
+		capabilities &= ~CAP_RAW_MODE;
+		if (lp_server_signing() == Required)
+			secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+	}
+
 	set_message(outbuf,17,0,True);
 	
 	SCVAL(outbuf,smb_vwv1,secword);
@@ -521,6 +529,10 @@ int reply_negprot(connection_struct *conn,
   
 	DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
+	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
+		exit_server("SMB signing is required and client negotiated a downlevel protocol");
+	}
+
 	END_PROFILE(SMBnegprot);
 	return(outsize);
 }
-- 
cgit