From 059cd93497c4c81d6ab957144beb6ae58e1638dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 5 Sep 2008 16:45:10 +1000 Subject: Move our DC to implement mandetory signing. (this does not change the file server role, and only really changes what 'server signing = auto' means) Optional signing really isn't any benifit to network security. In doing so, allow anonymous clients (if permitted by policy) to log in without signing, as Samba3 does not sign these connections (which would use an all-zero key, so pointless). Andrew Bartlett (This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797) --- source4/smb_server/smb/sesssetup.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/sesssetup.c') diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 9d0d1533ce..f45cbf1756 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -200,7 +200,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, /* Unfortunetly win2k3 as a client doesn't sign the request * packet here, so we have to force signing to start again */ - smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2); + smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2, + session_info->server_info->authenticated); done: status = NT_STATUS_OK; @@ -325,7 +326,8 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv /* Force check of the request packet, now we know the session key */ smbsrv_signing_check_incoming(req); - smbsrv_signing_restart(req->smb_conn, &session_key, NULL); + smbsrv_signing_restart(req->smb_conn, &session_key, NULL, + session_info->server_info->authenticated); } /* Ensure this is marked as a 'real' vuid, not one -- cgit