The branch, master has been updated
       via  39dcf4b s3:smb2-server: session setup replies should always be 
signed (except for guest sessions)
      from  95b2e5a tdb2: change --enable-tdb2-breaks-compat to --enable-tdb2

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 39dcf4bf02d13201b2da11f4b9fd3b972da87c80
Author: Michael Adam <ob...@samba.org>
Date:   Wed Sep 21 03:56:30 2011 +0200

    s3:smb2-server: session setup replies should always be signed (except for 
guest sessions)
    
    not only if the session should be signed
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User: Stefan Metzmacher <me...@samba.org>
    Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_sesssetup.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17..c81baa5 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct 
smbd_smb2_session *session,
        char *real_username;
        bool username_was_mapped = false;
        bool map_domainuser_to_guest = false;
+       bool guest = false;
 
        if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
                status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct 
smbd_smb2_session *session,
                *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
                /* force no signing */
                session->do_signing = false;
+               guest = true;
        }
 
        session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct 
smbd_smb2_session *session,
         * so that the response can be signed
         */
        smb2req->session = session;
-       if (session->do_signing) {
+       if (guest) {
                smb2req->do_signing = true;
        }
 
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct 
smbd_smb2_session *s
                                        uint16_t *out_session_flags,
                                        uint64_t *out_session_id)
 {
+       bool guest = false;
+
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
            lp_server_signing() == Required) {
                session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct 
smbd_smb2_session *s
                *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
                /* force no signing */
                session->do_signing = false;
+               guest = true;
        }
 
        session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct 
smbd_smb2_session *s
         * so that the response can be signed
         */
        smb2req->session = session;
-       if (session->do_signing) {
+       if (!guest) {
                smb2req->do_signing = true;
        }
 


-- 
Samba Shared Repository

Reply via email to