smbd: Make SMB3 clients use encryption with "smb encrypt = auto"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  3 10:40:42 CET 2015 on sn-devel-104

2 files changed, 10 insertions, 0 deletions

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 2f58e44f55..fb7edce38c 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -190,6 +190,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 		x->global->signing_required = true;
 	}
 
+	if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) &&
+	    (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+		x->global->encryption_required = true;
+	}
+
 	if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
 		x->global->encryption_required = true;
 	}
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index bf33fcbf72..cf085a5258 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -235,6 +235,11 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 		return NT_STATUS_BAD_NETWORK_NAME;
 	}
 
+	if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) &&
+	    (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+		encryption_required = true;
+	}
+
 	if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
 		encryption_required = true;
 	}