diff options
author | Stefan Metzmacher <metze@samba.org> | 2014-04-15 10:08:12 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-04-16 10:07:56 +0200 |
commit | a56c35a4deec9745ff27a66ddc85db48c5dfaf97 (patch) | |
tree | b0f88e5f593f67a2a17d56b8e1b1cc248ee07ede /source3/smbd/negprot.c | |
parent | 6d6bd9612c758906f575aa8269adc672c5976f4a (diff) | |
download | samba-a56c35a4deec9745ff27a66ddc85db48c5dfaf97.tar.gz samba-a56c35a4deec9745ff27a66ddc85db48c5dfaf97.tar.xz samba-a56c35a4deec9745ff27a66ddc85db48c5dfaf97.zip |
s3:smbd: always allow SMB1 signing, but only announce it if configured.
Always allow the client to turn on SMB1 signing using
FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 16 10:07:56 CEST 2014 on sn-devel-104
Diffstat (limited to 'source3/smbd/negprot.c')
-rw-r--r-- | source3/smbd/negprot.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index f470d0b0571..4cd12d82d47 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -250,7 +250,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) struct timespec ts; ssize_t ret; struct smbd_server_connection *sconn = req->sconn; - bool signing_enabled = false; + bool signing_desired = false; bool signing_required = false; sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords(); @@ -313,10 +313,10 @@ static void reply_nt1(struct smb_request *req, uint16 choice) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } - signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state); + signing_desired = smb_signing_is_desired(req->sconn->smb1.signing_state); signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state); - if (signing_enabled) { + if (signing_desired) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; /* No raw mode with smb signing. */ capabilities &= ~CAP_RAW_MODE; |