mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Fix client autonegotiate signing.
Jeremy.
(This used to be commit a4d2dd1d40
)
This commit is contained in:
parent
dffd0f379f
commit
46e0d25b7f
@ -335,7 +335,8 @@ static void popt_common_credentials_callback(poptContext con,
|
||||
cmdline_auth_info.signing_state = -1;
|
||||
if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
|
||||
cmdline_auth_info.signing_state = False;
|
||||
else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true"))
|
||||
else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") ||
|
||||
strequal(arg, "auto") )
|
||||
cmdline_auth_info.signing_state = True;
|
||||
else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
|
||||
cmdline_auth_info.signing_state = Required;
|
||||
|
@ -1025,23 +1025,28 @@ BOOL cli_negprot(struct cli_state *cli)
|
||||
smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
|
||||
}
|
||||
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) {
|
||||
/* Fail if signing is mandatory and we don't want to support it. */
|
||||
/*
|
||||
* As signing is slow we only turn it on if either the client or
|
||||
* the server require it. JRA.
|
||||
*/
|
||||
|
||||
if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
|
||||
/* Fail if server says signing is mandatory and we don't want to support it. */
|
||||
if (!cli->sign_info.allow_smb_signing) {
|
||||
DEBUG(1,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
|
||||
return False;
|
||||
}
|
||||
cli->sign_info.negotiated_smb_signing = True;
|
||||
}
|
||||
|
||||
if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) && cli->sign_info.allow_smb_signing)
|
||||
cli->sign_info.negotiated_smb_signing = True;
|
||||
|
||||
/* Fail if signing is mandatory and the server doesn't support it. */
|
||||
if (cli->sign_info.mandatory_signing && !(cli->sign_info.negotiated_smb_signing)) {
|
||||
cli->sign_info.mandatory_signing = True;
|
||||
} else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
|
||||
/* Fail if client says signing is mandatory and the server doesn't support it. */
|
||||
if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
|
||||
DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
|
||||
return False;
|
||||
}
|
||||
cli->sign_info.negotiated_smb_signing = True;
|
||||
cli->sign_info.mandatory_signing = True;
|
||||
}
|
||||
|
||||
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
|
||||
cli->use_spnego = False;
|
||||
|
Loading…
Reference in New Issue
Block a user