smbd: Make SMB3 clients use encryption with "smb encrypt = auto"

Slight modification for 4.1 by Michael Adam <obnox@samba.org>
(s/xconn/conn/ in smb2_sesssetup.c)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  3 10:40:42 CET 2015 on sn-devel-104

(cherry picked from commit b3385f74db54bd8a07a0be5515151b633c067da4)

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 9f34a09931d000c2596d65b2a601afc25816d5cd..e7fc403c9be26bf8db48de63b9fe57cd61dcbaf4 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -190,6 +190,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                x->global->signing_required = true;
        }
 
+       if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) &&
+           (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+               x->global->encryption_required = true;
+       }
+
        if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
                x->global->encryption_required = true;
        }

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index ef2e318b24c30ccd20340050adc9bcf440334068..bde05b5f360d7b95828e619e58e6cb86e7861044 100644 (file)
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -236,6 +236,11 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                return NT_STATUS_BAD_NETWORK_NAME;
        }
 
+       if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) &&
+           (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+               encryption_required = true;
+       }
+
        if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
                encryption_required = true;
        }