From dfd3c31a3f9eea96854b2d22574856368e86b245 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Oct 2012 14:10:21 -0700 Subject: Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2. Still sign if client request is signed, just don't negotiate it in negprot or sessionsetup. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104 --- source3/smbd/smb2_sesssetup.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/smbd/smb2_sesssetup.c') diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 2599d2a63d..8bdfd49644 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -185,6 +185,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_session *x = session; struct smbXsrv_connection *conn = session->connection; + if ((lp_server_signing() == SMB_SIGNING_OFF) && + (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) { + DEBUG(0,("SMB2 signing required and we have disabled it.\n")); + return NT_STATUS_ACCESS_DENIED; + } + if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == SMB_SIGNING_REQUIRED) { x->global->signing_required = true; -- cgit