Merge from HEAD:

A much better SMB signing module, that allows for mulitple signing algorithms
and correctly backs down from signing when the server cannot sign the reply.

This also attempts to enable SMB signing on NTLMSSP connections, but I don't
know what NTLMSSP flags to set yet.

This would allow 'client use signing' to be set by default, for server
compatability.  (A seperate option value should be provided for mandetory
signing, which would not back down).

Andrew Bartlett
(This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)

2 files changed, 25 insertions, 6 deletions

diff --git a/source3/include/client.h b/source3/include/client.h
index 28d6a8c330..0ea793de68 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -58,14 +58,15 @@ struct print_job_info
 };
 
 typedef struct smb_sign_info {
-	BOOL use_smb_signing;
+	void (*sign_outgoing_message)(struct cli_state *cli);
+	BOOL (*check_incoming_message)(struct cli_state *cli);
+	void (*free_signing_context)(struct cli_state *cli);
+	void *signing_context;
+
 	BOOL negotiated_smb_signing;
-	BOOL temp_smb_signing;
-	size_t mac_key_len;
-	uint8 mac_key[64];
-	uint32 send_seq_num;
-	uint32 reply_seq_num;
 	BOOL allow_smb_signing;
+	BOOL doing_signing;
+	BOOL mandetory_signing;
 } smb_sign_info;
 
 struct cli_state {
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 2fcefaaef3..f0278ffece 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -110,6 +110,24 @@ typedef struct ntlmssp_client_state
 	DATA_BLOB session_key;
 	
 	uint32 neg_flags;
+	
+	/* SMB Signing */
+	
+	uint32 ntlmssp_seq_num;
+
+	/* ntlmv2 */
+	char cli_sign_const[16];
+	char cli_seal_const[16];
+	char srv_sign_const[16];
+	char srv_seal_const[16];
+
+	unsigned char cli_sign_hash[258];
+	unsigned char cli_seal_hash[258];
+	unsigned char srv_sign_hash[258];
+	unsigned char srv_seal_hash[258];
+
+	/* ntlmv1 */
+	unsigned char ntlmssp_hash[258];
 
 } NTLMSSP_CLIENT_STATE;