[PATCH] fix smb signing in connect_to_service() for non-ipc$ shares in net
Günther Deschner
gd at samba.org
Wed Nov 23 11:37:11 UTC 2016
Hi,
On 23/11/16 05:29, Ralph Böhme wrote:
> Moin!
>
> On Wed, Nov 23, 2016 at 12:49:23AM +0100, Günther Deschner wrote:
>> smb signing fails for non-ipc$ shares in the 'net' helper call. Noticed
>> while working on new core printer driver migration utility.
>
> I haven't looked closely, but iirc we need something like this
>
> if (strequal(service_type, "IPC")) {
> signing_setting = SMB_SIGNING_IPC_DEFAULT;
> }
>
> if (signing_setting == SMB_SIGNING_IPC_DEFAULT) {
> /*
> * Ensure for IPC/RPC the default is to require
> * signing unless explicitly turned off by the
> * administrator.
> */
> signing_setting = lp_client_ipc_signing();
> }
>
> if (signing_setting == SMB_SIGNING_DEFAULT) {
> signing_setting = lp_client_signing();
> }
>
> cf source3/libsmb/clientgen.c
>
> Cheerio!
> -slow
>
Ok, I checked again and saw that while 'net' calls cli_full_connection()
in connect_to_serice() it already calls into that exact piece of code
from source3/libsmb/clientgen.c. Given that I guess it's fine to not
duplicate these checks?
Cheers,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 201 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161123/967507e0/signature.sig>
More information about the samba-technical
mailing list