libsmb always enables signing when server has support

[Ben Winslow]

On Fri, 09 Jun 2006 11:36:06 -0400
Ben Winslow <rain at bluecherry.net> wrote:

> It appears that libsmb always enables signing when the server supports
> it (even if client signing = No).

...

> I'm not sure where exactly the signing logic is intended to be
> controlled, but if it IS in cli_set_smb_signing_common(), the logic is
> wrong.
>
> Comments/fixes?

Ping?

I never got any response on this, but someone else sent me an email
asking whether I had, since he was having the same problem, and he
also pointed out a nearly two-year-old list post of someone else
having similar problems:
http://lists.samba.org/archive/samba-technical/2005-January/039121.html

Since I didn't get any comments on where the signing logic should be
controlled, I handled it on cli_set_smb_signing_common() with the
attached patch (against 3.0.23b.)  I tested every relevant
combination of client signing and server signing (all connecting
from Samba to Samba), and everything behaved properly, so I don't
expect any problems with other clients.

My particular problem was with smbmount, but no additional fixage
is necessary there, since smbmount already attempts to disable client
signing (see smbmount.c:167), which actually succeeds with the
attached patch.

-- 
Ben Winslow <rain at bluecherry.net>
-------------- next part --------------
--- samba-3.0.23b.orig/source/libsmb/smb_signing.c	2006-08-07 12:46:33.000000000 -0400
+++ samba-3.0.23b/source/libsmb/smb_signing.c	2006-08-16 14:20:47.882469846 -0400
@@ -108,6 +108,9 @@
 
 static BOOL cli_set_smb_signing_common(struct cli_state *cli) 
 {
+	if (!cli->sign_info.allow_smb_signing)
+		return False;
+
 	if (!cli->sign_info.negotiated_smb_signing 
 	    && !cli->sign_info.mandatory_signing) {
 		return False;