Commit to HEAD the updates to smb signing code that I was propsing for 3.0.

This code implements 'opportunistic signing' in our client (when the
server supports it, we will use it), and correct downgrading on both
the client and server for the 'enabled' (rather than required) signing
level.

This means that we can actually set 'server signing = yes' and not
have the world fall apart.  We had a number of bugs in that code, and
it certainly looks like most of the testing was with the 'requried'
setting.

While the changes are reasonable, I'm putting this into HEAD rather
than 3.0 for the timebeing.  SMB signing, like NTLMSSP, tends to have
gotchas in it :-)

(I also need to give it a workout with more than smbclient before I
move it across).

Andrew Bartlett
(This used to be commit 6bad895462cf076a7e917c909e2a461d1b360bf1)

1 files changed, 2 insertions, 1 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 298944a0b1..60be41b12e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1650,7 +1650,7 @@ struct ip_service {
 
 typedef struct smb_sign_info {
 	void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si);
-	BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si);
+	BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok);
 	void (*free_signing_context)(struct smb_sign_info *si);
 	void *signing_context;
 
@@ -1658,6 +1658,7 @@ typedef struct smb_sign_info {
 	BOOL allow_smb_signing;
 	BOOL doing_signing;
 	BOOL mandatory_signing;
+	BOOL seen_valid; /* Have I ever seen a validly signed packet? */
 } smb_sign_info;
 
 #endif /* _SMB_H */