[PATCH] smb encrypt - new value desired
Stefan (metze) Metzmacher
metze at samba.org
Tue Jun 30 10:07:42 MDT 2015
Am 30.06.2015 um 17:58 schrieb Michael Adam:
>
> - if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) &&
> + if ((lp_smb_encrypt(-1) >= SMB_SIGNING_DESIRED) &&
> (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
> x->global->encryption_required = true;
> }
> diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
> index eb66ea0..0e3f580 100644
> --- a/source3/smbd/smb2_tcon.c
> +++ b/source3/smbd/smb2_tcon.c
> @@ -266,7 +266,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
> return NT_STATUS_BAD_NETWORK_NAME;
> }
>
> - if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) &&
> + if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) &&
> (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
> encryption_required = true;
> }
We should not set 'encryption_required', smbd_smb2_request_dispatch()
would then reject non encrypted requests.
We should add a new bool encryption_requested, which just enounce
the flags to the client.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150630/47f3d790/attachment.pgp>
More information about the samba-technical
mailing list