sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-23 06:50:21 +03:00
Code

s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().

Browse Source 
Correctly initialize and look at xconn->smb2.signing_mandatory
for the SMB2 signing state (this gets set correctly for the AD-DC
case etc. inside smb2_srv_init_signing()).

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
This commit is contained in:
Jeremy Allison 2022-03-07 19:04:23 -08:00 committed by David Mulder
parent 3f9d528f38
commit 1f3f6e20dc
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/smbd/signing.c
View File

@ -170,7 +170,7 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
Called by server negprot when signing has been negotiated.
************************************************************/
bool srv_init_signing(struct smbXsrv_connection *conn)
static bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
{
bool allowed = true;
bool desired;
@ -232,7 +232,6 @@ bool srv_init_signing(struct smbXsrv_connection *conn)
return true;
}
#if 0
static bool smb2_srv_init_signing(struct smbXsrv_connection *conn)
{
struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
@ -249,7 +248,15 @@ static bool smb2_srv_init_signing(struct smbXsrv_connection *conn)
talloc_unlink(conn, lp_ctx);
return true;
}
#endif
bool srv_init_signing(struct smbXsrv_connection *conn)
{
if (conn->protocol >= PROTOCOL_SMB2_02) {
return smb2_srv_init_signing(conn);
} else {
return smb1_srv_init_signing(conn);
}
}
void srv_set_signing_negotiated(struct smbXsrv_connection *conn,
bool allowed, bool mandatory)

9
source3/smbd/smb2_negprot.c
View File

@ -176,7 +176,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
NTTIME now = timeval_to_nttime(&req->request_time);
bool signing_required = true;
bool ok;
status = smbd_smb2_request_verify_sizes(req, 0x24);
@ -360,12 +359,12 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
/*
* We use xconn->smb1.signing_state as that's already present
* and used lpcfg_server_signing_allowed() to get the correct
* We use xconn->smb2.signing_mandatory set up via
* srv_init_signing() -> smb2_srv_init_signing().
* This calls lpcfg_server_signing_allowed() to get the correct
* defaults, e.g. signing_required for an ad_dc.
*/
signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
if (signing_required) {
if (xconn->smb2.signing_mandatory) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}