s3:smb2_server: allow reauthentication without signing

If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 4a2c87541451b1ad905cdef2806de08055c01550..46bf6f96ee1ad72f85b170261827cf63c0db951f 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1990,11 +1990,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
        if (x != NULL) {
                signing_required = x->global->signing_required;
                encryption_required = x->global->encryption_required;
-
-               if (opcode == SMB2_OP_SESSSETUP &&
-                   x->global->signing_key.length > 0) {
-                       signing_required = true;
-               }
        }
 
        req->do_signing = false;

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 78cafe8f78e7512e55ac03c7539d0c3c1e5d4bf0..2f58e44f55a0a86b8c9da2269a8525dc250f3e5c 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
        conn_clear_vuid_caches(smb2req->sconn, session->compat->vuid);
 
+       if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+               smb2req->do_signing = true;
+       }
+
        *out_session_id = session->global->session_wire_id;
 
        return NT_STATUS_OK;