added server side SMB2 signing

[metze/samba/wip.git] / source / smb_server / smb2 / negprot.c

diff --git a/source/smb_server/smb2/negprot.c b/source/smb_server/smb2/negprot.c
index 4479ae2da1d7ff9d234acbc3ffed6118193980f2..2da39001ab1f4045d2c1566f1b8b5ee07d2efd9f 100644 (file)
--- a/source/smb_server/smb2/negprot.c
+++ b/source/smb_server/smb2/negprot.c
@@ -111,7 +111,18 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
        boot_time = timeval_current(); /* TODO: fix me */
 
        ZERO_STRUCT(io->out);
-       io->out.security_mode      = 0; /* no signing yet */
+       switch (lp_server_signing(req->smb_conn->lp_ctx)) {
+       case SMB_SIGNING_OFF:
+               io->out.security_mode = 0;
+               break;
+       case SMB_SIGNING_SUPPORTED:
+       case SMB_SIGNING_AUTO:
+               io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+               break;
+       case SMB_SIGNING_REQUIRED:
+               io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
+               break;
+       }
        io->out.dialect_revision   = SMB2_DIALECT_REVISION;
        io->out.capabilities       = 0;
        io->out.max_transact_size  = lp_parm_ulong(req->smb_conn->lp_ctx, NULL,