[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Tue, 02 Oct 2012 15:57:49 -0700

The branch, master has been updated
       via  dfd3c31 Fix bug #9222 - smbd ignores the "server signing = no" 
setting for SMB2.
      from  c251a6b When creating a new file/directory, we need to obey the 
create mask/directory mask parameters.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dfd3c31a3f9eea96854b2d22574856368e86b245
Author: Jeremy Allison <j...@samba.org>
Date:   Tue Oct 2 14:10:21 2012 -0700

    Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
    
    Still sign if client request is signed, just don't negotiate it in
    negprot or sessionsetup.
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Wed Oct  3 00:59:42 CEST 2012 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_negprot.c   |   10 ++++++----
 source3/smbd/smb2_sesssetup.c |    6 ++++++
 2 files changed, 12 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 6adc581..826e0d1 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -92,7 +92,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct 
smbd_smb2_request *req)
        DATA_BLOB security_buffer;
        size_t expected_dyn_size = 0;
        size_t c;
-       uint16_t security_mode;
+       uint16_t security_mode = 0;
        uint16_t dialect_count;
        uint16_t in_security_mode;
        uint32_t in_capabilities;
@@ -244,9 +244,11 @@ NTSTATUS smbd_smb2_request_process_negprot(struct 
smbd_smb2_request *req)
                return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
        }
 
-       security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
-       if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
-               security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+       if (lp_server_signing() != SMB_SIGNING_OFF) {
+               security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+               if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+                       security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+               }
        }
 
        capabilities = 0;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2599d2a..8bdfd49 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -185,6 +185,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        struct smbXsrv_session *x = session;
        struct smbXsrv_connection *conn = session->connection;
 
+       if ((lp_server_signing() == SMB_SIGNING_OFF) &&
+                       (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
+               DEBUG(0,("SMB2 signing required and we have disabled it.\n"));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
            lp_server_signing() == SMB_SIGNING_REQUIRED) {
                x->global->signing_required = true;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to