Ok, now I can try my first client test...

Jeremy.
(This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)

2 files changed, 33 insertions, 8 deletions

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ebd25627c1..33e2b28609 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -53,6 +53,9 @@ static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user,
 		return False;
 	}
 
+	/* Lanman2 cannot use SMB signing. */
+	cli->sign_info.use_smb_signing = False;
+
 	/* if in share level security then don't send a password now */
 	if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
 		passlen = 0;
@@ -199,6 +202,9 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
 
 	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_ASCII);
 
+	/* Plaintext password cannot use SMB signing. */
+	cli->sign_info.use_smb_signing = False;
+
 	set_message(cli->outbuf,13,0,True);
 	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
 	cli_setup_packet(cli);
@@ -269,6 +275,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
 		ntpasslen = 24;
 		SMBencrypt((uchar *)pass,cli->secblob.data,(uchar *)pword);
 		SMBNTencrypt((uchar *)pass,cli->secblob.data,(uchar *)ntpword);
+		cli_calculate_mac_key(cli, (uchar *)pass, (uchar *)ntpword);
 	} else {
 		memcpy(pword, pass, passlen);
 		memcpy(ntpword, ntpass, ntpasslen);
@@ -339,6 +346,9 @@ static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
 	/* send a session setup command */
 	memset(cli->outbuf,'\0',smb_size);
 
+	/* Extended security cannot use SMB signing (for now). */
+	cli->sign_info.use_smb_signing = False;
+
 	set_message(cli->outbuf,12,0,True);
 	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
 	cli_setup_packet(cli);
@@ -522,6 +532,9 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
 	int i;
 	BOOL got_kerberos_mechanism = False;
 
+	/* spnego security cannot use SMB signing (for now). */
+	cli->sign_info.use_smb_signing = False;
+
 	DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length));
 
 	/* the server might not even do spnego */
@@ -638,18 +651,18 @@ BOOL cli_session_setup(struct cli_state *cli,
 
 BOOL cli_ulogoff(struct cli_state *cli)
 {
-        memset(cli->outbuf,'\0',smb_size);
-        set_message(cli->outbuf,2,0,True);
-        SCVAL(cli->outbuf,smb_com,SMBulogoffX);
-        cli_setup_packet(cli);
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,2,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBulogoffX);
+	cli_setup_packet(cli);
 	SSVAL(cli->outbuf,smb_vwv0,0xFF);
 	SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
 
-        cli_send_smb(cli);
-        if (!cli_receive_smb(cli))
-                return False;
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
 
-        return !cli_is_error(cli);
+	return !cli_is_error(cli);
 }
 
 /****************************************************************************
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index de469c0293..29e168f7bf 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -334,6 +334,18 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 }
 
 /***********************************************************
+ SMB signing - setup the MAC key.
+************************************************************/
+
+void cli_calculate_mac_key(struct cli_state *cli, const unsigned char *ntpasswd, const uchar resp[24])
+{
+	/* Get first 16 bytes. */
+	E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]);
+	memcpy(&cli->sign_info.mac_key[16],resp,24);
+	cli->sign_info.mac_key_len = 40;
+}
+
+/***********************************************************
  SMB signing - calculate a MAC to send.
 ************************************************************/