git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2cad86c)
smbd:smb2: only enable encryption in tcon if desired
authorMichael Adam <obnox@samba.org>
Wed, 1 Jul 2015 16:07:52 +0000 (18:07 +0200)
committerKarolin Seeger <kseeger@samba.org>
Sun, 19 Jul 2015 18:13:10 +0000 (20:13 +0200)
Don't enforce it but only announce DATA_ENCRYPT,
making use of encryption_desired in tcon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 41cb881e775ea7eb0c59d9e0cafb6ab5531918d9)

source3/smbd/smb2_tcon.c patch | blob | history

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index bde05b5f360d7b95828e619e58e6cb86e7861044..014264d9abd2a2bbb15a2e7f3f93b349edaf9999 100644 (file)
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -185,6 +185,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
        connection_struct *compat_conn = NULL;
        struct user_struct *compat_vuser = req->session->compat;
        NTSTATUS status;
+       bool encryption_desired = req->session->encryption_desired;
        bool encryption_required = req->session->global->encryption_required;
        bool guest_session = false;
 
@@ -236,12 +237,13 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                return NT_STATUS_BAD_NETWORK_NAME;
        }
 
-       if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) &&
+       if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) &&
            (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
-               encryption_required = true;
+               encryption_desired = true;
        }
 
        if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
+               encryption_desired = true;
                encryption_required = true;
        }
 
@@ -270,6 +272,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                return status;
        }
 
+       tcon->encryption_desired = encryption_desired;
        tcon->global->encryption_required = encryption_required;
 
        compat_conn = make_connection_smb2(req->sconn,
@@ -340,7 +343,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                *out_share_flags |= SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM;
        }
 
-       if (encryption_required) {
+       if (encryption_desired) {
                *out_share_flags |= SMB2_SHAREFLAG_ENCRYPT_DATA;
        }
 
Samba Shared Repository