From 915a7f710eef083d181ea1158eaf3d06fd513123 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 26 Sep 2013 02:55:19 -0700
Subject: [PATCH] s3: smb2 server - fix bug 10167 smb2 breaks "smb encryption =
 mandatory

Refuse an SMB2 tcon on a share wher eencryption is required.
SMB2 doesn't support this.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/smb2_tcon.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 5f0e3a9..8b955ff 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -207,6 +207,15 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 		return NT_STATUS_BAD_NETWORK_NAME;
 	}
 
+	/* Don't allow connection if encryption is required. */
+	if (lp_smb_encrypt(snum) == Required) {
+		DEBUG(0,("Connection refused on share %s as encryption is"
+			" required on this share and SMB2 does not support"
+			" this.\n",
+			lp_servicename(snum)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	/* create a new tcon as child of the session */
 	tcon = talloc_zero(req->session, struct smbd_smb2_tcon);
 	if (tcon == NULL) {
-- 
1.8.1.2