s3:smbd: always allow SMB1 signing, but only announce it if configured.

Always allow the client to turn on SMB1 signing using
FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 16 10:07:56 CEST 2014 on sn-devel-104

1 files changed, 3 insertions, 3 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f470d0b0571..4cd12d82d47 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -250,7 +250,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 	struct timespec ts;
 	ssize_t ret;
 	struct smbd_server_connection *sconn = req->sconn;
-	bool signing_enabled = false;
+	bool signing_desired = false;
 	bool signing_required = false;
 
 	sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
@@ -313,10 +313,10 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	}
 
-	signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state);
+	signing_desired = smb_signing_is_desired(req->sconn->smb1.signing_state);
 	signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
 
-	if (signing_enabled) {
+	if (signing_desired) {
 		secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
 		/* No raw mode with smb signing. */
 		capabilities &= ~CAP_RAW_MODE;