[linux-cifs-client] mandatory signatures and NT error codes

[Yehuda Sadeh Weinraub]

There's a strange problem that happens when I set mandatory signatures
on win2k server. The problem is that when the error code type bit in the
flags2 field of the negprot request is not set (hence - DOS error
codes), the server response with security mode 0x03 ( = signatures are
not enabled an not required). This leads to a later disconnection of the
client with access denied due to the signatures requirement.
When I force the negprot to request NT error codes, the server returns
with security mode 0x0f which is fine and I'm able to connect to the
server. I'm not sure whether this is the best way to solve the problem.
I've used the following patch to force NT error codes:

Index: cifssmb.c
===================================================================
--- cifssmb.c   (revision 111)
+++ cifssmb.c   (working copy)
@@ -433,7 +433,7 @@
        cFYI(1,("secFlags 0x%x",secFlags));

        pSMB->hdr.Mid = GetNextMid(server);
-       pSMB->hdr.Flags2 |= SMBFLG2_UNICODE;
+       pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);
        if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)
                pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;


I'm not sure what the consequences of setting the NT error codes are. It
might be better to have a configurable option that forces signatures (as
once was). Signing is currently directed by the negprot response that is
broken in the scenario that I've described.

Yehuda