struct timespec ts;
ssize_t ret;
struct smbd_server_connection *sconn = req->sconn;
- bool signing_enabled = false;
+ bool signing_desired = false;
bool signing_required = false;
sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
- signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state);
+ signing_desired = smb_signing_is_desired(req->sconn->smb1.signing_state);
signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
- if (signing_enabled) {
+ if (signing_desired) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
bool srv_init_signing(struct smbd_server_connection *conn)
{
- bool allowed;
+ bool allowed = true;
bool desired;
bool mandatory = false;
* This matches Windows behavior and is needed
* because not every client that requires signing
* sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
+ *
+ * Note that we'll always allow signing if the client
+ * does send FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
*/
- allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
+ desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
talloc_unlink(conn, lp_ctx);
if (lp_async_smb_echo_handler()) {