Fix SMB signing when using NTLMSSP...

It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).

Note:  This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins.  (NTLMv2 is better,
fortunetly).

Andrew Bartlett
(This used to be commit 95ec8317d4c6817d192bcd52eec44a22286e10ee)

1 files changed, 5 insertions, 2 deletions

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index cdd80b7f0c..8c02c4fdfe 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -551,6 +551,7 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
 						  blob_in, &blob_out);
 		data_blob_free(&blob_in);
 		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			DATA_BLOB null = data_blob(NULL, 0);
 			if (turn == 1) {
 				/* and wrap it in a SPNEGO wrapper */
 				msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
@@ -559,14 +560,16 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
 				msg1 = spnego_gen_auth(blob_out);
 			}
 		
+			cli_simple_set_signing(cli, 
+					       ntlmssp_state->session_key.data, 
+					       null); 
+			
 			/* now send that blob on its way */
 			if (!cli_session_setup_blob_send(cli, msg1)) {
 				return False;
 			}
 			data_blob_free(&msg1);
 			
-			cli_ntlmssp_set_signing(cli, ntlmssp_state);
-			
 			blob = cli_session_setup_blob_receive(cli);
 
 			nt_status = cli_nt_error(cli);