More of SMB signing for client - not yet finished (should be harmless).

Jeremy.
(This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)

2 files changed, 41 insertions, 9 deletions

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index dee86b2b05..5f42148078 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -107,7 +107,7 @@ BOOL cli_receive_smb(struct cli_state *cli)
 }
 
 /****************************************************************************
-  send an smb to a fd.
+ Send an smb to a fd.
 ****************************************************************************/
 
 BOOL cli_send_smb(struct cli_state *cli)
@@ -117,31 +117,34 @@ BOOL cli_send_smb(struct cli_state *cli)
 	ssize_t ret;
 
 	/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
-	if (cli->fd == -1) return False;
+	if (cli->fd == -1)
+		return False;
+
+	if (SVAL(cli->outbuf,smb_flg2) & FLAGS2_SMB_SECUIRTY_SIGNITURES)
+		cli_caclulate_sign_mac(cli);
 
 	len = smb_len(cli->outbuf) + 4;
 
 	while (nwritten < len) {
 		ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
 		if (ret <= 0) {
-                        close(cli->fd);
-                        cli->fd = -1;
-			DEBUG(0,("Error writing %d bytes to client. %d\n",
-				 (int)len,(int)ret));
+			close(cli->fd);
+			cli->fd = -1;
+			DEBUG(0,("Error writing %d bytes to client. %d\n", (int)len,(int)ret));
 			return False;
 		}
 		nwritten += ret;
 	}
-	
 	return True;
 }
 
 /****************************************************************************
-setup basics in a outgoing packet
+ Setup basics in a outgoing packet.
 ****************************************************************************/
+
 void cli_setup_packet(struct cli_state *cli)
 {
-        cli->rap_error = 0;
+	cli->rap_error = 0;
 	SSVAL(cli->outbuf,smb_pid,cli->pid);
 	SSVAL(cli->outbuf,smb_uid,cli->vuid);
 	SSVAL(cli->outbuf,smb_mid,cli->mid);
@@ -158,6 +161,8 @@ void cli_setup_packet(struct cli_state *cli)
 		if (cli->use_spnego) {
 			flags2 |= FLAGS2_EXTENDED_SECURITY;
 		}
+		if (cli->sign_info.use_smb_signing)
+			flags2 |= FLAGS2_SMB_SECUIRTY_SIGNITURES;
 		SSVAL(cli->outbuf,smb_flg2, flags2);
 	}
 }
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index fa1eaedb5a..de469c0293 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -331,5 +331,32 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 #endif
 	
 	return True;
+}
+
+/***********************************************************
+ SMB signing - calculate a MAC to send.
+************************************************************/
 
+void cli_caclulate_sign_mac(struct cli_state *cli)
+{
+	unsigned char calc_md5_mac[16];
+	struct MD5Context md5_ctx;
+
+	/*
+	 * Firstly put the sequence number into the first 4 bytes.
+	 * and zero out the next 4 bytes.
+	 */
+	SIVAL(cli->outbuf, smb_ss_field, cli->sign_info.send_seq_num);
+	SIVAL(cli->outbuf, smb_ss_field + 4, 0);
+
+	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+	MD5Init(&md5_ctx);
+	MD5Update(&md5_ctx, cli->sign_info.mac_key, cli->sign_info.mac_key_len);
+	MD5Update(&md5_ctx, cli->outbuf + 4, smb_len(cli->outbuf));
+	MD5Final(calc_md5_mac, &md5_ctx);
+
+	memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
+	cli->sign_info.send_seq_num++;
+	cli->sign_info.reply_seq_num = cli->sign_info.send_seq_num;
+	cli->sign_info.send_seq_num++;
 }