[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha4-42-g8e96f2e

Stefan (metze) Metzmacher metze at samba.org
Sat Jun 7 07:31:55 GMT 2008

Hi Tridge,

> +	/* supporting signing is mandatory in SMB2, and is per-packet. So we 
> +	   should check the signature on any incoming packet that is signed, and 
> +	   should give a signed reply to any signed request */

shouldn't we reject a request with a session but without signing,
if signing is negotiated as mendatory?

> +	if (flags & SMB2_HDR_FLAG_SIGNED) {
> +		NTSTATUS status;
> +		if (req->session == NULL) {
> +			/* we can't check signing with no session */
> +			smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);

I think windows gives NT_STATUS_USER_SESSION_DELETED here...

Can you also change the client back to allow per smb2_session signing,
and we should only sign packets, which belong to a session.

We also need to take care of Oplocks breaks, from the server to the


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080607/045aa26c/signature.bin

More information about the samba-technical mailing list