s3:smb2_server: allow reauthentication without signing

If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index fe58ca57105ae748eac959205d3c22357da5a60b..d0dec0f89a7fcfa351fa25519efba779d5b291ee 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1910,11 +1910,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
        if (x != NULL) {
                signing_required = x->global->signing_required;
                encryption_required = x->global->encryption_required;
-
-               if (opcode == SMB2_OP_SESSSETUP &&
-                   x->global->signing_key.length > 0) {
-                       signing_required = true;
-               }
        }
 
        req->do_signing = false;

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e911945fb64020b5501eada3484d92d9f87f9411..a82d6960270be2637da585e71ed1148433f8a03f 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
        conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
 
+       if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+               smb2req->do_signing = true;
+       }
+
        *out_session_id = session->global->session_wire_id;
 
        return NT_STATUS_OK;