From af290a03cef63c3b08446c1980de064a3b1c8804 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Sep 2013 04:12:30 +0200
Subject: [PATCH] libcli/smb: fix non mendatory signing against some vendor
 SMB2 servers.

Windows and Samba always sign the final session setup response
even if signing is not mendatory, but it ensures that the signing
key is correctly in place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
---
 libcli/smb/smbXcli_base.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 0fd3d4c..f59f1f7 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4843,7 +4843,16 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 					session->conn->protocol,
 					recv_iov, 3);
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+		/*
+		 * Sadly some vendors don't sign the
+		 * final SMB2 session setup response
+		 *
+		 * At least Windows and Samba are always doing this
+		 * if there's a session key available.
+		 */
+		if (conn->mandatory_signing) {
+			return status;
+		}
 	}
 
 	session->smb2->should_sign = false;
-- 
1.8.1.2