mirror of
https://github.com/samba-team/samba.git
synced 2025-08-08 13:49:29 +03:00
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.
The behaviour of setting
[Global]
smb encrypt = off
[share]
smb encrypt = required
must be to completely deny access to the share "share".
This was working correctly for clients when using SMB 3 dialects <
3.1.1, but not for 3.1.1 with a negprot encryption context.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6ae63d42f5
)
This commit is contained in:
committed by
Karolin Seeger
parent
4f1ac976be
commit
e138848456
@ -441,7 +441,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
|
||||
req->preauth = &req->xconn->smb2.preauth;
|
||||
}
|
||||
|
||||
if (in_cipher != NULL) {
|
||||
if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
|
||||
size_t needed = 2;
|
||||
uint16_t cipher_count;
|
||||
const uint8_t *p;
|
||||
|
Reference in New Issue
Block a user