libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATA

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 23 20:14:07 CEST 2012 on sn-devel-104

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index b85c5ab9a85c634f6187063d13e463f0cae7ce4b..326a43df055a7b6f002e4ba68c9df87630cddad0 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2427,13 +2427,14 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
                        state->smb2.should_sign = true;
                }
 
-               if (cmd == SMB2_OP_SESSSETUP) {
+               if (cmd == SMB2_OP_SESSSETUP &&
+                   session->smb2.channel_signing_key.length == 0) {
                        state->smb2.should_encrypt = false;
                }
 
                if (state->smb2.should_encrypt) {
                        state->smb2.should_sign = false;
-               };
+               }
        }
 
        state->smb2.recv_iov = talloc_zero_array(state, struct iovec, 3);
@@ -4382,6 +4383,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
                session->smb2.should_sign = true;
        }
 
+       if (session->smb2.session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) {
+               session->smb2.should_encrypt = true;
+       }
+
+       if (conn->protocol < PROTOCOL_SMB2_24) {
+               session->smb2.should_encrypt = false;
+       }
+
+       if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+               session->smb2.should_encrypt = false;
+       }
+
        generate_random_buffer((uint8_t *)&session->smb2.channel_nonce,
                               sizeof(session->smb2.channel_nonce));
        session->smb2.channel_next = 1;