Bug 9222 - smbd ignores the "server signing = no" setting for SMB2.
Summary: smbd ignores the "server signing = no" setting for SMB2.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Docs (show other bugs)
Version: unspecified
Hardware: All All
: P5 regression
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba Documentation QA Contact~
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-28 16:33 UTC by Jeremy Allison
Modified: 2012-10-09 07:31 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 3.6.x and 4.0.0rc3. (2.19 KB, patch)
2012-10-03 22:13 UTC, Jeremy Allison
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-09-28 16:33:46 UTC
Tested with Herb yesterday.

Even setting "server signing = no" the SMB2 server will still negotiate signing in the negprot security settings and in sessionsetup.

I know SMB2 requires that signed packets incoming are signed in return, but with "server signing = no" we shouldn't be negotiating it.

Patch for 4.0.0rc2 and 3.6.next to follow (after the fix for master is in).

Jeremy.
Comment 1 Stefan Metzmacher 2012-10-03 12:11:59 UTC
A smb server should always support signing.
Comment 2 Stefan Metzmacher 2012-10-03 12:12:21 UTC
(In reply to comment #1)
> A smb server should always support signing.

smb2 server...
Comment 3 Stefan Metzmacher 2012-10-03 12:21:26 UTC
From MS-SMB2 section 2.2.4:

SMB2_NEGOTIATE_SIGNING_ENABLED 
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the
client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is
missing.

Jeremy, please revert this change
Comment 4 Jeremy Allison 2012-10-03 19:48:46 UTC
Ok, thanks for the clarification. I'll change this out to a documentation bug then, as people expect to be able to turn signing off using "server signing = no".

Documentation patch to follow.

Jeremy.
Comment 5 Jeremy Allison 2012-10-03 22:13:11 UTC
Created attachment 7984 [details]
git-am fix for 3.6.x and 4.0.0rc3.

Ok, modified to be a documentation fix.

Metze please review !

Thanks,

Jeremy.
Comment 6 Stefan Metzmacher 2012-10-08 12:14:02 UTC
Comment on attachment 7984 [details]
git-am fix for 3.6.x and 4.0.0rc3.

Looks good
Comment 7 Stefan Metzmacher 2012-10-08 12:14:35 UTC
Karolin, please pick for the next releases
Comment 8 Karolin Seeger 2012-10-09 07:31:57 UTC
Pushed to v3-6-test and autobuild-v4-0-test.
Closing out bug report.

Thanks!