From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 18 May 2016 07:56:02 +0000 (+0200)
Subject: s3:smbd: fix anonymous authentication if signing is mandatory
X-Git-Tag: tdb-1.3.10~1107
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aa5760433b219de7b41d35ca7ad6d4d702b89adf;p=thirdparty%2Fsamba.git

s3:smbd: fix anonymous authentication if signing is mandatory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 18 15:49:46 CEST 2016 on sn-devel-144
---

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 62dc49e186d..c058eac3363 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -130,6 +130,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 	struct smbXsrv_connection *xconn = req->xconn;
 	struct smbd_server_connection *sconn = req->sconn;
 	uint16_t action = 0;
+	bool is_authenticated = false;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 	struct smbXsrv_session *session = NULL;
 	uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
@@ -336,12 +337,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		sconn->num_users++;
 
 		if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+			is_authenticated = true;
 			session->compat->homes_snum =
 				register_homes_share(session_info->unix_info->unix_name);
 		}
 
 		if (srv_is_signing_negotiated(xconn) &&
-		    action == 0 &&
+		    is_authenticated &&
 		    session->global->signing_key.length > 0)
 		{
 			/*
@@ -601,6 +603,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	struct auth_session_info *session_info = NULL;
 	uint16_t smb_flag2 = req->flags2;
 	uint16_t action = 0;
+	bool is_authenticated = false;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 	struct smbXsrv_session *session = NULL;
 	NTSTATUS nt_status;
@@ -1038,12 +1041,13 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	sconn->num_users++;
 
 	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+		is_authenticated = true;
 		session->compat->homes_snum =
 			register_homes_share(session_info->unix_info->unix_name);
 	}
 
 	if (srv_is_signing_negotiated(xconn) &&
-	    action == 0 &&
+	    is_authenticated &&
 	    session->global->signing_key.length > 0)
 	{
 		/*