diff options
author | Jeremy Allison <jra@samba.org> | 2007-03-27 18:04:36 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:57 -0500 |
commit | 34dac35e48ca0c03d2744d9925566665285eb973 (patch) | |
tree | 3c2f13d88a36242f6c5e0dea5d831e5f2509578a /source3 | |
parent | 110980d7715769e88411fcb28f401bdb28389781 (diff) | |
download | samba-34dac35e48ca0c03d2744d9925566665285eb973.tar.gz samba-34dac35e48ca0c03d2744d9925566665285eb973.tar.bz2 samba-34dac35e48ca0c03d2744d9925566665285eb973.zip |
r21990: Stop messing with the signing engine just because
we're encrypted. This will make further changes and
spec much more clear.
Jeremy.
(This used to be commit ffa3a5c508a494d22e8ee3ada424a6517ddf8923)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/util_sock.c | 22 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 20 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 20 |
3 files changed, 31 insertions, 31 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index a58fb03e77..2ddce70fbb 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -746,15 +746,15 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout) } return False; } - } else { - /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { - DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_SIG; - } - return False; + } + + /* Check the incoming SMB signature. */ + if (!srv_check_sign_mac(buffer, True)) { + DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_SIG; } + return False; } return True; @@ -772,9 +772,9 @@ BOOL send_smb(int fd, char *buffer) char *buf_out = buffer; /* Sign the outgoing packet if required. */ - if (!srv_encryption_on()) { - srv_calculate_sign_mac(buf_out); - } else { + srv_calculate_sign_mac(buf_out); + + if (srv_encryption_on()) { NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n", diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 15dac093da..3970731b45 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use DATA_BLOB key = data_blob(ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); DATA_BLOB null_blob = data_blob(NULL, 0); + BOOL res; fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - if (!cli_encryption_on(cli)) { - BOOL res = cli_simple_set_signing(cli, key, null_blob); + res = cli_simple_set_signing(cli, key, null_blob); - if (res) { + data_blob_free(&key); + + if (res) { - /* 'resign' the last message, so we get the right sequence numbers - for checking the first reply from the server */ - cli_calculate_sign_mac(cli); + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli); - if (!cli_check_sign_mac(cli)) { - nt_status = NT_STATUS_ACCESS_DENIED; - } + if (!cli_check_sign_mac(cli)) { + nt_status = NT_STATUS_ACCESS_DENIED; } } - data_blob_free(&key); } /* we have a reference counter on ntlmssp_state, if we are signing diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index a3873a47fe..92fc72fd5c 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -74,6 +74,7 @@ static BOOL client_receive_smb(struct cli_state *cli) if(CVAL(buffer,0) != SMBkeepalive) break; } + if (cli_encryption_on(cli)) { NTSTATUS status = cli_decrypt_message(cli); if (!NT_STATUS_IS_OK(status)) { @@ -130,15 +131,14 @@ BOOL cli_receive_smb(struct cli_state *cli) return ret; } - if (!cli_encryption_on(cli)) { - if (!cli_check_sign_mac(cli)) { - DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); - cli->smb_rw_error = READ_BAD_SIG; - close(cli->fd); - cli->fd = -1; - return False; - } + if (!cli_check_sign_mac(cli)) { + DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); + cli->smb_rw_error = READ_BAD_SIG; + close(cli->fd); + cli->fd = -1; + return False; } + return True; } @@ -173,6 +173,8 @@ BOOL cli_send_smb(struct cli_state *cli) return False; } + cli_calculate_sign_mac(cli); + if (cli_encryption_on(cli)) { NTSTATUS status = cli_encrypt_message(cli, &buf_out); if (!NT_STATUS_IS_OK(status)) { @@ -183,8 +185,6 @@ BOOL cli_send_smb(struct cli_state *cli) nt_errstr(status) )); return False; } - } else { - cli_calculate_sign_mac(cli); } len = smb_len(buf_out) + 4; |