[PATCH] Fix Bug 11103: - Samba does not set the required flags in the SMB2/SMB3 Negotiate Protocol Response when signing required by client
Stefan (metze) Metzmacher
metze at samba.org
Thu Feb 19 01:28:35 MST 2015
Hi Jeremy,
> +++ b/source3/smbd/smb2_negprot.c
> @@ -221,7 +221,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
> }
>
> security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
> - if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
> + if (lp_server_signing() == SMB_SIGNING_REQUIRED ||
> + (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
> security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
> }
>
> diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
> index 2f58e44..f918328 100644
> --- a/source3/smbd/smb2_sesssetup.c
> +++ b/source3/smbd/smb2_sesssetup.c
> @@ -186,7 +186,9 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
> struct smbXsrv_connection *xconn = smb2req->xconn;
>
> if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
> - lp_server_signing() == SMB_SIGNING_REQUIRED) {
> + lp_server_signing() == SMB_SIGNING_REQUIRED ||
> + (xconn->smb2.server.security_mode &
> + SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
> x->global->signing_required = true;
> }
I think we can remove the lp_server_signing() == SMB_SIGNING_REQUIRED) here
as smbd_smb2_request_process_negprot() already sets
xconn->smb2.server.security_mode.
Can you or Steve please also upload a capture that shows the correct
behavior
of a Windows server to the bug report?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150219/796952dd/attachment.pgp>
More information about the samba-technical
mailing list