diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-08-26 03:59:01 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-08-26 03:59:01 +0000 |
commit | e32fdc10015ad57739c3db4ff476379274f09c77 (patch) | |
tree | ad8db0ef315bcbfb4d1f7f9e2af2cdb3e326985c | |
parent | d8767bcdad96355b54a02fdf8cc9be6c569bc49d (diff) | |
download | samba-e32fdc10015ad57739c3db4ff476379274f09c77.tar.gz samba-e32fdc10015ad57739c3db4ff476379274f09c77.tar.bz2 samba-e32fdc10015ad57739c3db4ff476379274f09c77.zip |
Some fixes for SMB signing. I can now get Win2k to correctly respond with a
security signiture, but I can't get it to accept ours.
Andrew Bartlett
(This used to be commit 7746de6a3c5798e321ed8300f763588fa3807964)
-rw-r--r-- | source3/libsmb/cliconnect.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ded5a843f3..0d033c9b59 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -241,9 +241,19 @@ static void set_signing_on_cli (struct cli_state *cli, char* pass, uint8 respons { uint8 zero_sig[8]; ZERO_STRUCT(zero_sig); - if (memcmp(&cli->outbuf[smb_ss_field], zero_sig, 8) != 0) { + + DEBUG(5, ("Server returned security sig:\n")); + dump_data(5, &cli->inbuf[smb_ss_field], 8); + + if (cli->sign_info.use_smb_signing) { + DEBUG(5, ("smb signing already active on connection\n")); + } else if (memcmp(&cli->inbuf[smb_ss_field], zero_sig, 8) != 0) { + + DEBUG(3, ("smb signing enabled!\n")); cli->sign_info.use_smb_signing = True; cli_calculate_mac_key(cli, pass, response); + } else { + DEBUG(5, ("smb signing NOT enabled!\n")); } } @@ -273,6 +283,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, uchar pword[24]; uchar ntpword[24]; char *p; + BOOL have_plaintext = False; if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword)) { return False; @@ -285,8 +296,8 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, SMBencrypt(pass,cli->secblob.data,pword); SMBNTencrypt(pass,cli->secblob.data,ntpword); + have_plaintext = True; set_temp_signing_on_cli(cli); - } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -347,7 +358,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, fstrcpy(cli->user_name, user); - if (passlen != 24) { + if (have_plaintext) { /* Have plaintext orginal */ set_signing_on_cli(cli, pass, ntpword); } |