sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-13 08:23:49 +03:00
Code Activity

r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB

Browse Source 
signing code to be able to cope.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2004-08-13 00:16:57 +00:00
committed by Gerald (Jerry) Carter
parent c4036f2189
commit cb74d52b56
10 changed files with 258 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
source/smb_server/negprot.c
View File

@@ -57,6 +57,11 @@ static void reply_corep(struct smbsrv_request *req, uint16_t choice)
req->smb_conn->negotiate.protocol = PROTOCOL_CORE;
if (req->smb_conn->signing.mandatory_signing) {
smbsrv_terminate_connection(req->smb_conn,
"CORE does not support SMB signing, and it is mandetory\n");
}
req_send_reply(req);
}
@@ -84,6 +89,11 @@ static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS;
if (req->smb_conn->signing.mandatory_signing) {
smbsrv_terminate_connection(req->smb_conn,
"COREPLUS does not support SMB signing, and it is mandetory\n");
}
req_send_reply(req);
}
@@ -128,6 +138,11 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
get_challenge(req->smb_conn, req->out.data);
}
if (req->smb_conn->signing.mandatory_signing) {
smbsrv_terminate_connection(req->smb_conn,
"LANMAN1 does not support SMB signing, and it is mandetory\n");
}
req_send_reply(req);
}
@@ -171,6 +186,10 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
req_push_str(req, NULL, lp_workgroup(), -1, STR_TERMINATE);
if (req->smb_conn->signing.mandatory_signing) {
smbsrv_terminate_connection(req->smb_conn,
"LANMAN2 does not support SMB signing, and it is mandetory\n");
}
req_send_reply(req);
}
@@ -198,7 +217,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (0 && req->smb_conn->negotiate.encrypted_passwords &&
if (req->smb_conn->negotiate.encrypted_passwords &&
(lp_security() != SEC_SHARE) &&
lp_use_spnego() &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
@@ -241,18 +260,12 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
req->smb_conn->signing.signing_state = lp_server_signing();
switch (req->smb_conn->signing.signing_state) {
case SMB_SIGNING_OFF:
break;
case SMB_SIGNING_SUPPORTED:
if (req->smb_conn->signing.allow_smb_signing) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
break;
case SMB_SIGNING_REQUIRED:
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED |
NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
break;
}
if (req->smb_conn->signing.mandatory_signing) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
}
req->smb_conn->negotiate.protocol = PROTOCOL_NT1;