SMB: Validate negotiate (to protect against downgrade) even if signing off
As long as signing is supported (ie not a guest user connection) and connection is SMB3 or SMB3.02, then validate negotiate (protect against man in the middle downgrade attacks). We had been doing this only when signing was required, not when signing was just enabled, but this more closely matches recommended SMB3 behavior and is better security. Suggested by Metze. Signed-off-by: NSteve French <smfrench@gmail.com> Reviewed-by: NJeremy Allison <jra@samba.org> Acked-by: NStefan Metzmacher <metze@samba.org> Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com> CC: Stable <stable@vger.kernel.org>
Showing
想要评论请 注册 或 登录