]> git.ipfire.org Git - thirdparty/samba.git/commit
projects / thirdparty / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 43a90ce) | patch
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
authorRalph Boehme <slow@samba.org>
Thu, 5 Jan 2017 11:14:35 +0000 (12:14 +0100)
committerJeremy Allison <jra@samba.org>
Fri, 27 Jan 2017 21:00:17 +0000 (22:00 +0100)
commit6ae63d42f5aacddf5b7b6dbdfbe620344989e4e5
tree601d2a50cf579ca6b0046531d5ba996d2cf3b695tree
parent43a90cee46bb7a70f7973c4fc51eee7634e43145commit | diff
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients

If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share]
  smb encrypt = required

must be to completely deny access to the share "share".

This was working correctly for clients when using SMB 3 dialects <
3.1.1, but not for 3.1.1 with a negprot encryption context.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/smbd/smb2_negprot.c diff | blob | blame | history
Mirror of https://github.com/samba-team/samba.git