s3:smb2_server: use the global signing key to check if signing is required

If we have a channel session key, we also always have a global session key.

For multi-channel it's possible that the channel session key is not in place
yet, in that case the global session key needs to be used.

In both cases (reauth or session bind) we session setup requests need to be
signed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 7e006d11134cdc37ea0fc13110fe5bbfb9de3f14)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index b46f9944a1619c2f0721f5107a501fb66e74f27b..fe58ca57105ae748eac959205d3c22357da5a60b 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1912,7 +1912,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                encryption_required = x->global->encryption_required;
 
                if (opcode == SMB2_OP_SESSSETUP &&
-                   x->global->channels[0].signing_key.length) {
+                   x->global->signing_key.length > 0) {
                        signing_required = true;
                }
        }