From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 12 Dec 2014 08:22:15 +0000 (+0100)
Subject: s3:smb2_server: allow reauthentication without signing
X-Git-Tag: samba-4.0.26~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f27d938a674308e8d0a4b6b24f67af596f1bf8f9;p=thirdparty%2Fsamba.git

s3:smb2_server: allow reauthentication without signing

If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)
---

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index fe58ca57105..d0dec0f89a7 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1910,11 +1910,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 	if (x != NULL) {
 		signing_required = x->global->signing_required;
 		encryption_required = x->global->encryption_required;
-
-		if (opcode == SMB2_OP_SESSSETUP &&
-		    x->global->signing_key.length > 0) {
-			signing_required = true;
-		}
 	}
 
 	req->do_signing = false;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e911945fb64..a82d6960270 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 
 	conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
 
+	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+		smb2req->do_signing = true;
+	}
+
 	*out_session_id = session->global->session_wire_id;
 
 	return NT_STATUS_OK;