Move our DC to implement mandetory signing.

(this does not change the file server role, and only really changes
what 'server signing = auto' means)

Optional signing really isn't any benifit to network security.

In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).

Andrew Bartlett

diff --git a/source/smb_server/smb/sesssetup.c b/source/smb_server/smb/sesssetup.c
index 9d0d1533cea756f6071c10247e2985da0e87b186..f45cbf17562d411b2a461ee876b5224a90960a0c 100644 (file)
--- a/source/smb_server/smb/sesssetup.c
+++ b/source/smb_server/smb/sesssetup.c
@@ -200,7 +200,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
        /* Unfortunetly win2k3 as a client doesn't sign the request
         * packet here, so we have to force signing to start again */
 
-       smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
+       smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2, 
+                              session_info->server_info->authenticated);
 
 done:
        status = NT_STATUS_OK;
@@ -325,7 +326,8 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv
                /* Force check of the request packet, now we know the session key */
                smbsrv_signing_check_incoming(req);
 
-               smbsrv_signing_restart(req->smb_conn, &session_key, NULL);
+               smbsrv_signing_restart(req->smb_conn, &session_key, NULL, 
+                                      session_info->server_info->authenticated);
        }
 
        /* Ensure this is marked as a 'real' vuid, not one

diff --git a/source/smb_server/smb/signing.c b/source/smb_server/smb/signing.c
index 186f5548ab8cb2c6a28822dd871222d4005d84d2..ee4531c8f69bde31e29ddffc56c0327fce70c0fd 100644 (file)
--- a/source/smb_server/smb/signing.c
+++ b/source/smb_server/smb/signing.c
@@ -77,7 +77,8 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
 
 void smbsrv_signing_restart(struct smbsrv_connection *smb_conn,
                            DATA_BLOB *session_key,
-                           DATA_BLOB *response) 
+                           DATA_BLOB *response,
+                           bool authenticated_session) 
 {
        if (!smb_conn->signing.seen_valid) {
                DEBUG(5, ("Client did not send a valid signature on "
@@ -85,7 +86,9 @@ void smbsrv_signing_restart(struct smbsrv_connection *smb_conn,
                /* force things back on (most clients do not sign this packet)... */
                smbsrv_setup_signing(smb_conn, session_key, response);
                smb_conn->signing.next_seq_num = 2;
-               if (smb_conn->signing.mandatory_signing) {
+
+               /* If mandetory_signing is set, and this was an authenticated logon, then force on */
+               if (smb_conn->signing.mandatory_signing && authenticated_session) {
                        DEBUG(5, ("Configured for mandatory signing, 'good packet seen' forced on\n"));
                        /* if this is mandatory, then
                         * pretend we have seen a
@@ -117,6 +120,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
        case SMB_SIGNING_AUTO:
                if (lp_server_role(smb_conn->lp_ctx) == ROLE_DOMAIN_CONTROLLER) {
                        smb_conn->signing.allow_smb_signing = true;
+                       smb_conn->signing.mandatory_signing = true;
                } else {
                        smb_conn->signing.allow_smb_signing = false;
                }