r22212: Cope with signature errors on sessionsetupX logins

where the server just reflects our signature back
to us. Allow the upper layer to see the real error.
Jeremy.
(This used to be commit 6cf0b93b1d8cb97dc665e14ace94a259def67724)

1 files changed, 20 insertions, 0 deletions

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e4712d2f65..de575e83a2 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -139,6 +139,26 @@ BOOL cli_receive_smb_internal(struct cli_state *cli, BOOL eat_keepalives)
 	}
 
 	if (!cli_check_sign_mac(cli)) {
+		/*
+		 * If we get a signature failure in sessionsetup, then
+		 * the server sometimes just reflects the sent signature
+		 * back to us. Detect this and allow the upper layer to
+		 * retrieve the correct Windows error message.
+		 */
+		if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX &&
+			(smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) &&
+			(SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) &&
+			memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 &&
+			cli_is_error(cli)) {
+
+			/*
+			 * Reflected signature on login error. 
+			 * Set bad sig but don't close fd.
+			 */
+			cli->smb_rw_error = READ_BAD_SIG;
+			return True;
+		}
+
 		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
 		cli->smb_rw_error = READ_BAD_SIG;
 		close(cli->fd);