The branch, master has been updated
       via  af1a2ee s3:smbd: calculate the negprot signing flags from the 
signing_state
      from  1a72b6c s3: Fix wbinfo socket dir path.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit af1a2eecce1155618173aa2c9a8d9f687082a449
Author: Stefan Metzmacher <me...@samba.org>
Date:   Wed Nov 16 15:06:30 2011 +0100

    s3:smbd: calculate the negprot signing flags from the signing_state
    
    We should map from lp_server_signing() just once in srv_init_signing().
    
    metze
    
    Signed-off-by: Günther Deschner <g...@samba.org>
    
    Autobuild-User: Günther Deschner <g...@samba.org>
    Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/negprot.c |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9b58a79..ae9ce5a 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -28,6 +28,7 @@
 #include "messages.h"
 #include "smbprofile.h"
 #include "auth/gensec/gensec.h"
+#include "../libcli/smb/smb_signing.h"
 
 extern fstring remote_proto;
 
@@ -307,6 +308,8 @@ static void reply_nt1(struct smb_request *req, uint16 
choice)
        struct timespec ts;
        ssize_t ret;
        struct smbd_server_connection *sconn = req->sconn;
+       bool signing_enabled = false;
+       bool signing_required = false;
 
        sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
 
@@ -368,16 +371,20 @@ static void reply_nt1(struct smb_request *req, uint16 
choice)
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
        }
 
-       if (lp_server_signing() != SMB_SIGNING_OFF) {
+       signing_enabled = 
smb_signing_is_allowed(req->sconn->smb1.signing_state);
+       signing_required = 
smb_signing_is_mandatory(req->sconn->smb1.signing_state);
+
+       if (signing_enabled) {
                if (lp_security() >= SEC_USER) {
                        secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
                        /* No raw mode with smb signing. */
                        capabilities &= ~CAP_RAW_MODE;
-                       if (lp_server_signing() == SMB_SIGNING_REQUIRED)
+                       if (signing_required) {
                                secword 
|=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+                       }
                } else {
                        DEBUG(0,("reply_nt1: smb signing is incompatible with 
share level security !\n"));
-                       if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+                       if (signing_required) {
                                exit_server_cleanly("reply_nt1: smb signing 
required and share level security selected.");
                        }
                }


-- 
Samba Shared Repository

Reply via email to