diff options
author | Michael Adam <obnox@samba.org> | 2015-07-01 18:07:52 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2015-07-07 14:05:27 +0200 |
commit | 41cb881e775ea7eb0c59d9e0cafb6ab5531918d9 (patch) | |
tree | 6ec0c23c76f939a90a5d70169e5dec51eea8e21a /source3 | |
parent | fc228025d78f165815d3fa1670d51f0c27ed2091 (diff) | |
download | samba-41cb881e775ea7eb0c59d9e0cafb6ab5531918d9.tar.gz |
smbd:smb2: only enable encryption in tcon if desired
Don't enforce it but only announce DATA_ENCRYPT,
making use of encryption_desired in tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/smb2_tcon.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index eb66ea04303..99e2f215ca4 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -193,6 +193,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, connection_struct *compat_conn = NULL; struct user_struct *compat_vuser = req->session->compat; NTSTATUS status; + bool encryption_desired = req->session->encryption_desired; bool encryption_required = req->session->global->encryption_required; bool guest_session = false; bool require_signed_tcon = false; @@ -266,12 +267,13 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, return NT_STATUS_BAD_NETWORK_NAME; } - if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) && + if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) && (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { - encryption_required = true; + encryption_desired = true; } if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) { + encryption_desired = true; encryption_required = true; } @@ -296,6 +298,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, return status; } + tcon->encryption_desired = encryption_desired; tcon->global->encryption_required = encryption_required; compat_conn = make_connection_smb2(req, @@ -366,7 +369,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, *out_share_flags |= SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM; } - if (encryption_required) { + if (encryption_desired) { *out_share_flags |= SMB2_SHAREFLAG_ENCRYPT_DATA; } |