summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c20
-rw-r--r--source3/libsmb/clientgen.c20
2 files changed, 20 insertions, 20 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 15dac093da..3970731b45 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
ntlmssp_state->session_key.length);
DATA_BLOB null_blob = data_blob(NULL, 0);
+ BOOL res;
fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
cli_set_session_key(cli, ntlmssp_state->session_key);
- if (!cli_encryption_on(cli)) {
- BOOL res = cli_simple_set_signing(cli, key, null_blob);
+ res = cli_simple_set_signing(cli, key, null_blob);
- if (res) {
+ data_blob_free(&key);
+
+ if (res) {
- /* 'resign' the last message, so we get the right sequence numbers
- for checking the first reply from the server */
- cli_calculate_sign_mac(cli);
+ /* 'resign' the last message, so we get the right sequence numbers
+ for checking the first reply from the server */
+ cli_calculate_sign_mac(cli);
- if (!cli_check_sign_mac(cli)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- }
+ if (!cli_check_sign_mac(cli)) {
+ nt_status = NT_STATUS_ACCESS_DENIED;
}
}
- data_blob_free(&key);
}
/* we have a reference counter on ntlmssp_state, if we are signing
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index a3873a47fe..92fc72fd5c 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -74,6 +74,7 @@ static BOOL client_receive_smb(struct cli_state *cli)
if(CVAL(buffer,0) != SMBkeepalive)
break;
}
+
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_decrypt_message(cli);
if (!NT_STATUS_IS_OK(status)) {
@@ -130,15 +131,14 @@ BOOL cli_receive_smb(struct cli_state *cli)
return ret;
}
- if (!cli_encryption_on(cli)) {
- if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
- cli->smb_rw_error = READ_BAD_SIG;
- close(cli->fd);
- cli->fd = -1;
- return False;
- }
+ if (!cli_check_sign_mac(cli)) {
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
+ return False;
}
+
return True;
}
@@ -173,6 +173,8 @@ BOOL cli_send_smb(struct cli_state *cli)
return False;
}
+ cli_calculate_sign_mac(cli);
+
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_encrypt_message(cli, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
@@ -183,8 +185,6 @@ BOOL cli_send_smb(struct cli_state *cli)
nt_errstr(status) ));
return False;
}
- } else {
- cli_calculate_sign_mac(cli);
}
len = smb_len(buf_out) + 4;