From 88f326a2c0be88bf1eb6fb7ae5348c69544815de Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 23 Jul 2012 13:47:24 +0200
Subject: s3:smb2_tcon: reject access to shares mark as "smb encrypt =
 required"

We do not support SMB2 transport encryption yet.

metze
---
 source3/smbd/smb2_tcon.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'source3/smbd')

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 4549d3aa84..96a5c12b2a 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -231,6 +231,14 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 		return NT_STATUS_BAD_NETWORK_NAME;
 	}
 
+	if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
+		status = NT_STATUS_ACCESS_DENIED;
+		DEBUG(3,("smbd_smb2_tree_connect: "
+			 "service %s needs encryption - %s\n",
+			 service, nt_errstr(status)));
+		return status;
+	}
+
 	/* create a new tcon as child of the session */
 	status = smb2srv_tcon_create(req->session, now, &tcon);
 	if (!NT_STATUS_IS_OK(status)) {
-- 
cgit