1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Fix client autonegotiate signing.

Jeremy.
(This used to be commit a4d2dd1d40)
This commit is contained in:
Volker Lendecke 2003-08-12 01:15:23 +00:00
parent dffd0f379f
commit 46e0d25b7f
2 changed files with 17 additions and 11 deletions

View File

@ -335,7 +335,8 @@ static void popt_common_credentials_callback(poptContext con,
cmdline_auth_info.signing_state = -1;
if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
cmdline_auth_info.signing_state = False;
else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true"))
else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") ||
strequal(arg, "auto") )
cmdline_auth_info.signing_state = True;
else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
cmdline_auth_info.signing_state = Required;

View File

@ -1025,23 +1025,28 @@ BOOL cli_negprot(struct cli_state *cli)
smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) {
/* Fail if signing is mandatory and we don't want to support it. */
/*
* As signing is slow we only turn it on if either the client or
* the server require it. JRA.
*/
if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
/* Fail if server says signing is mandatory and we don't want to support it. */
if (!cli->sign_info.allow_smb_signing) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
return False;
}
cli->sign_info.negotiated_smb_signing = True;
}
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) && cli->sign_info.allow_smb_signing)
cli->sign_info.negotiated_smb_signing = True;
/* Fail if signing is mandatory and the server doesn't support it. */
if (cli->sign_info.mandatory_signing && !(cli->sign_info.negotiated_smb_signing)) {
cli->sign_info.mandatory_signing = True;
} else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
/* Fail if client says signing is mandatory and the server doesn't support it. */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
return False;
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
}
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
cli->use_spnego = False;