[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Oct 2 17:00:02 MDT 2012
The branch, master has been updated
via dfd3c31 Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
from c251a6b When creating a new file/directory, we need to obey the create mask/directory mask parameters.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit dfd3c31a3f9eea96854b2d22574856368e86b245
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 14:10:21 2012 -0700
Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_negprot.c | 10 ++++++----
source3/smbd/smb2_sesssetup.c | 6 ++++++
2 files changed, 12 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 6adc581..826e0d1 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -92,7 +92,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
DATA_BLOB security_buffer;
size_t expected_dyn_size = 0;
size_t c;
- uint16_t security_mode;
+ uint16_t security_mode = 0;
uint16_t dialect_count;
uint16_t in_security_mode;
uint32_t in_capabilities;
@@ -244,9 +244,11 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
}
- security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
- security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+ if (lp_server_signing() != SMB_SIGNING_OFF) {
+ security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+ security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+ }
}
capabilities = 0;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2599d2a..8bdfd49 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -185,6 +185,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
struct smbXsrv_session *x = session;
struct smbXsrv_connection *conn = session->connection;
+ if ((lp_server_signing() == SMB_SIGNING_OFF) &&
+ (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
+ DEBUG(0,("SMB2 signing required and we have disabled it.\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == SMB_SIGNING_REQUIRED) {
x->global->signing_required = true;
--
Samba Shared Repository
More information about the samba-cvs
mailing list