From e4ad580b99c5b372353c285569204ab94c177748 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 7 Jun 2008 08:14:25 -0700
Subject: fixed mandatory signing

Metze pointed out that if signing is mandatory in the server then we
need to reject packets without the signed flag if the packet contains
a session id.
(This used to be commit 056f16e664e581bab1c07759e99ad4f6685c58eb)
---
 source4/smb_server/smb2/receive.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/smb_server/smb2/receive.c')

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 3def8fe563..2f4e9df2b6 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -321,6 +321,10 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
 			smb2srv_send_error(req, status);
 			return NT_STATUS_OK;			
 		}
+	} else if (req->smb_conn->doing_signing && req->session != NULL) {
+		/* we require signing and this request was not signed */
+		smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
+		return NT_STATUS_OK;					
 	}
 
 	/* TODO: check the seqnum */
-- 
cgit