r21990: Stop messing with the signing engine just because

we're encrypted. This will make further changes and
spec much more clear.
Jeremy.
(This used to be commit ffa3a5c508a494d22e8ee3ada424a6517ddf8923)

3 files changed, 31 insertions, 31 deletions

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index a58fb03e77..2ddce70fbb 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -746,15 +746,15 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
 			}
 			return False;
 		}
-	} else {
-		/* Check the incoming SMB signature. */
-		if (!srv_check_sign_mac(buffer, True)) {
-			DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
-			if (smb_read_error == 0) {
-				smb_read_error = READ_BAD_SIG;
-			}
-			return False;
+	}
+
+	/* Check the incoming SMB signature. */
+	if (!srv_check_sign_mac(buffer, True)) {
+		DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+		if (smb_read_error == 0) {
+			smb_read_error = READ_BAD_SIG;
 		}
+		return False;
 	}
 
 	return True;
@@ -772,9 +772,9 @@ BOOL send_smb(int fd, char *buffer)
 	char *buf_out = buffer;
 
 	/* Sign the outgoing packet if required. */
-	if (!srv_encryption_on()) {
-		srv_calculate_sign_mac(buf_out);
-	} else {
+	srv_calculate_sign_mac(buf_out);
+
+	if (srv_encryption_on()) {
 		NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 15dac093da..3970731b45 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
 		DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
 					  ntlmssp_state->session_key.length);
 		DATA_BLOB null_blob = data_blob(NULL, 0);
+		BOOL res;
 
 		fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
 		cli_set_session_key(cli, ntlmssp_state->session_key);
 
-		if (!cli_encryption_on(cli)) {
-			BOOL res = cli_simple_set_signing(cli, key, null_blob);
+		res = cli_simple_set_signing(cli, key, null_blob);
 
-			if (res) {
+		data_blob_free(&key);
+
+		if (res) {
 			
-				/* 'resign' the last message, so we get the right sequence numbers
-				   for checking the first reply from the server */
-				cli_calculate_sign_mac(cli);
+			/* 'resign' the last message, so we get the right sequence numbers
+			   for checking the first reply from the server */
+			cli_calculate_sign_mac(cli);
 			
-				if (!cli_check_sign_mac(cli)) {
-					nt_status = NT_STATUS_ACCESS_DENIED;
-				}
+			if (!cli_check_sign_mac(cli)) {
+				nt_status = NT_STATUS_ACCESS_DENIED;
 			}
 		}
-		data_blob_free(&key);
 	}
 
 	/* we have a reference counter on ntlmssp_state, if we are signing
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index a3873a47fe..92fc72fd5c 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -74,6 +74,7 @@ static BOOL client_receive_smb(struct cli_state *cli)
 		if(CVAL(buffer,0) != SMBkeepalive)
 			break;
 	}
+
 	if (cli_encryption_on(cli)) {
 		NTSTATUS status = cli_decrypt_message(cli);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -130,15 +131,14 @@ BOOL cli_receive_smb(struct cli_state *cli)
 		return ret;
 	}
 
-	if (!cli_encryption_on(cli)) {
-		if (!cli_check_sign_mac(cli)) {
-			DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
-			cli->smb_rw_error = READ_BAD_SIG;
-			close(cli->fd);
-			cli->fd = -1;
-			return False;
-		}
+	if (!cli_check_sign_mac(cli)) {
+		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+		cli->smb_rw_error = READ_BAD_SIG;
+		close(cli->fd);
+		cli->fd = -1;
+		return False;
 	}
+
 	return True;
 }
 
@@ -173,6 +173,8 @@ BOOL cli_send_smb(struct cli_state *cli)
 		return False;
 	}
 
+	cli_calculate_sign_mac(cli);
+
 	if (cli_encryption_on(cli)) {
 		NTSTATUS status = cli_encrypt_message(cli, &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -183,8 +185,6 @@ BOOL cli_send_smb(struct cli_state *cli)
 				nt_errstr(status) ));
 			return False;
 		}
-	} else {
-		cli_calculate_sign_mac(cli);
 	}
 
 	len = smb_len(buf_out) + 4;