From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Aug 2012 13:14:51 +0000 (+0200)
Subject: s3:smb2_server: try to sign an error response if we have a signing key
X-Git-Tag: samba-4.0.0beta7~162
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=16edb6eb7bf48026129a85e3c00ca9309d5c54c5;p=thirdparty%2Fsamba.git

s3:smb2_server: try to sign an error response if we have a signing key

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104
---

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 027334ce135..ff4ee60e95c 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1789,8 +1789,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 
 		signing_key = x->global->channels[0].signing_key;
 
+		/*
+		 * If we have a signing key, we should
+		 * sign the response
+		 */
+		if (signing_key.length > 0) {
+			req->do_signing = true;
+		}
 
-		req->do_signing = true;
 		status = smb2_signing_check_pdu(signing_key,
 						conn->protocol,
 						SMBD_SMB2_IN_HDR_IOV(req),
@@ -1799,12 +1805,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 			return smbd_smb2_request_error(req, status);
 		}
 
+		/*
+		 * Now that we know the request was correctly signed
+		 * we have to sign the response too.
+		 */
+		req->do_signing = true;
+
 		if (!NT_STATUS_IS_OK(session_status)) {
 			return smbd_smb2_request_error(req, session_status);
 		}
 	} else if (opcode == SMB2_OP_CANCEL) {
 		/* Cancel requests are allowed to skip the signing */
 	} else if (signing_required) {
+		/*
+		 * If signing is required we try to sign
+		 * a possible error response
+		 */
+		req->do_signing = true;
 		return smbd_smb2_request_error(req, NT_STATUS_ACCESS_DENIED);
 	}