From 16edb6eb7bf48026129a85e3c00ca9309d5c54c5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Aug 2012 15:14:51 +0200 Subject: [PATCH] s3:smb2_server: try to sign an error response if we have a signing key metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104 --- source3/smbd/smb2_server.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 027334ce135..ff4ee60e95c 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1789,8 +1789,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) signing_key = x->global->channels[0].signing_key; + /* + * If we have a signing key, we should + * sign the response + */ + if (signing_key.length > 0) { + req->do_signing = true; + } - req->do_signing = true; status = smb2_signing_check_pdu(signing_key, conn->protocol, SMBD_SMB2_IN_HDR_IOV(req), @@ -1799,12 +1805,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, status); } + /* + * Now that we know the request was correctly signed + * we have to sign the response too. + */ + req->do_signing = true; + if (!NT_STATUS_IS_OK(session_status)) { return smbd_smb2_request_error(req, session_status); } } else if (opcode == SMB2_OP_CANCEL) { /* Cancel requests are allowed to skip the signing */ } else if (signing_required) { + /* + * If signing is required we try to sign + * a possible error response + */ + req->do_signing = true; return smbd_smb2_request_error(req, NT_STATUS_ACCESS_DENIED); } -- 2.11.4.GIT