summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2015-02-25 16:59:26 +0100
committerKarolin Seeger <kseeger@samba.org>2015-07-19 20:13:10 +0200
commit0b97972bb1e31acbded8c8b674594441c1544269 (patch)
tree060ec29c03d0ae0893b63df1c27abc42af42e01f
parent15b323d38c3730f697dd821a798503b9f890b6bd (diff)
downloadsamba-0b97972bb1e31acbded8c8b674594441c1544269.tar.gz
smbd: Make SMB3 clients use encryption with "smb encrypt = auto"
Slight modification for 4.1 by Michael Adam <obnox@samba.org> (s/xconn/conn/ in smb2_sesssetup.c) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 10:40:42 CET 2015 on sn-devel-104 (cherry picked from commit b3385f74db54bd8a07a0be5515151b633c067da4)
-rw-r--r--source3/smbd/smb2_sesssetup.c5
-rw-r--r--source3/smbd/smb2_tcon.c5
2 files changed, 10 insertions, 0 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 9f34a09931d..e7fc403c9be 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -190,6 +190,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
x->global->signing_required = true;
}
+ if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) &&
+ (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+ x->global->encryption_required = true;
+ }
+
if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
x->global->encryption_required = true;
}
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index ef2e318b24c..bde05b5f360 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -236,6 +236,11 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
return NT_STATUS_BAD_NETWORK_NAME;
}
+ if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) &&
+ (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+ encryption_required = true;
+ }
+
if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
encryption_required = true;
}