From 2b67554e6ccca6dd4616dea672890e0a56bed8bd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 18 May 2016 09:56:02 +0200
Subject: [PATCH] s3:smbd: fix anonymous authentication if signing is mandatory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/smbd/sesssetup.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 62dc49e..c058eac 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -130,6 +130,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 	struct smbXsrv_connection *xconn = req->xconn;
 	struct smbd_server_connection *sconn = req->sconn;
 	uint16_t action = 0;
+	bool is_authenticated = false;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 	struct smbXsrv_session *session = NULL;
 	uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
@@ -336,12 +337,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		sconn->num_users++;
 
 		if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+			is_authenticated = true;
 			session->compat->homes_snum =
 				register_homes_share(session_info->unix_info->unix_name);
 		}
 
 		if (srv_is_signing_negotiated(xconn) &&
-		    action == 0 &&
+		    is_authenticated &&
 		    session->global->signing_key.length > 0)
 		{
 			/*
@@ -601,6 +603,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	struct auth_session_info *session_info = NULL;
 	uint16_t smb_flag2 = req->flags2;
 	uint16_t action = 0;
+	bool is_authenticated = false;
 	NTTIME now = timeval_to_nttime(&req->request_time);
 	struct smbXsrv_session *session = NULL;
 	NTSTATUS nt_status;
@@ -1038,12 +1041,13 @@ void reply_sesssetup_and_X(struct smb_request *req)
 	sconn->num_users++;
 
 	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+		is_authenticated = true;
 		session->compat->homes_snum =
 			register_homes_share(session_info->unix_info->unix_name);
 	}
 
 	if (srv_is_signing_negotiated(xconn) &&
-	    action == 0 &&
+	    is_authenticated &&
 	    session->global->signing_key.length > 0)
 	{
 		/*
-- 
1.9.1