SMB signing updates - this gets NTLMSSP signing workin to the point where I

just need to get the verifiction code working - we get back a signiture from
the server, and just can't verify it yet.

This also brings the short-packet checks into common code, and breaks the
connection if the server sends a signed reply, on an established connection,
that fails the test.

This breaks our read/write code at the moment, as we need to keep a list
of outstanding packets.

(signing is not enabled by default, unless the server demands it)

Not for 3.0 till I fix the outstanding packet list.

Andrew Barlett
(This used to be commit 808d1fcf20153970d587cb631a08607beb09703a)

1 files changed, 4 insertions, 1 deletions

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 0da9a8932f..fe9453e6f2 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -118,7 +118,10 @@ BOOL cli_receive_smb(struct cli_state *cli)
 	}
 
 	if (!cli_check_sign_mac(cli)) {
-		DEBUG(0, ("SMB Signiture verification failed on incoming packet!\n"));
+		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+		cli->smb_rw_error = READ_BAD_SIG;
+		close(cli->fd);
+		cli->fd = -1;
 		return False;
 	};
 	return True;