]> git.ipfire.org Git - thirdparty/samba.git/commit
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
authorRalph Boehme <slow@samba.org>
Thu, 5 Jan 2017 11:14:35 +0000 (12:14 +0100)
committerKarolin Seeger <kseeger@samba.org>
Wed, 1 Feb 2017 11:53:21 +0000 (12:53 +0100)
commit3805e2ff50c2cc5981ee291f4e6cc8ddc6469ba2
tree7370472ca116061ed641a2f89c07ddabdd5e73b8
parent080ce6e3fc243c98b386dfe7d5ff7e9b12814fc5
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients

If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share]
  smb encrypt = required

must be to completely deny access to the share "share".

This was working correctly for clients when using SMB 3 dialects <
3.1.1, but not for 3.1.1 with a negprot encryption context.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6ae63d42f5aacddf5b7b6dbdfbe620344989e4e5)
source3/smbd/smb2_negprot.c