libsmb always enables signing when server has support

Ben Winslow rain at
Thu Aug 17 18:06:17 GMT 2006

On Fri, 09 Jun 2006 11:36:06 -0400
Ben Winslow <rain at> wrote:

> It appears that libsmb always enables signing when the server supports
> it (even if client signing = No).


> I'm not sure where exactly the signing logic is intended to be
> controlled, but if it IS in cli_set_smb_signing_common(), the logic is
> wrong.
> Comments/fixes?


I never got any response on this, but someone else sent me an email
asking whether I had, since he was having the same problem, and he
also pointed out a nearly two-year-old list post of someone else
having similar problems:

Since I didn't get any comments on where the signing logic should be
controlled, I handled it on cli_set_smb_signing_common() with the
attached patch (against 3.0.23b.)  I tested every relevant
combination of client signing and server signing (all connecting
from Samba to Samba), and everything behaved properly, so I don't
expect any problems with other clients.

My particular problem was with smbmount, but no additional fixage
is necessary there, since smbmount already attempts to disable client
signing (see smbmount.c:167), which actually succeeds with the
attached patch.

Ben Winslow <rain at>
-------------- next part --------------
--- samba-3.0.23b.orig/source/libsmb/smb_signing.c	2006-08-07 12:46:33.000000000 -0400
+++ samba-3.0.23b/source/libsmb/smb_signing.c	2006-08-16 14:20:47.882469846 -0400
@@ -108,6 +108,9 @@
 static BOOL cli_set_smb_signing_common(struct cli_state *cli) 
+	if (!cli->sign_info.allow_smb_signing)
+		return False;
 	if (!cli->sign_info.negotiated_smb_signing 
 	    && !cli->sign_info.mandatory_signing) {
 		return False;

More information about the samba-technical mailing list