smb_server/smb: return an error if we're getting an invalid signature

metze

diff --git a/source/smb_server/smb/sesssetup.c b/source/smb_server/smb/sesssetup.c
index f45cbf17562d411b2a461ee876b5224a90960a0c..c6e4055b62046eaaadbc32b6d3220157db5b9d44 100644 (file)
--- a/source/smb_server/smb/sesssetup.c
+++ b/source/smb_server/smb/sesssetup.c
@@ -194,8 +194,10 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
        }
 
        /* Force check of the request packet, now we know the session key */
-       smbsrv_signing_check_incoming(req);
-/* TODO: why don't we check the result here? */
+       if (!smbsrv_signing_check_incoming(req)) {
+               status = NT_STATUS_ACCESS_DENIED;
+               goto failed;
+       }
 
        /* Unfortunetly win2k3 as a client doesn't sign the request
         * packet here, so we have to force signing to start again */
@@ -324,7 +326,10 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv
        if (NT_STATUS_IS_OK(skey_status) &&
            smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) {
                /* Force check of the request packet, now we know the session key */
-               smbsrv_signing_check_incoming(req);
+               if (!smbsrv_signing_check_incoming(req)) {
+                       status = NT_STATUS_ACCESS_DENIED;
+                       goto failed;
+               }
 
                smbsrv_signing_restart(req->smb_conn, &session_key, NULL, 
                                       session_info->server_info->authenticated);