diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cliconnect.c | 5 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 7 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 11 |
3 files changed, 15 insertions, 8 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 389b7a1733..c13881bc21 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -942,7 +942,10 @@ BOOL cli_negprot(struct cli_state *cli) smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN); } - if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) + if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) + cli->sign_info.negotiated_smb_signing = True; + + if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) && cli->sign_info.allow_smb_signing) cli->sign_info.negotiated_smb_signing = True; } else if (cli->protocol >= PROTOCOL_LANMAN1) { diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index ed1286d627..3d0bad6c99 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -249,15 +249,16 @@ struct cli_state *cli_initialise(struct cli_state *cli) if (lp_use_spnego()) cli->use_spnego = True; + cli->capabilities = CAP_UNICODE | CAP_STATUS32; + /* Set the CLI_FORCE_DOSERR environment variable to test client routines using DOS errors instead of STATUS32 ones. This intended only as a temporary hack. */ if (getenv("CLI_FORCE_DOSERR")) cli->force_dos_errors = True; - /* A way to attempt to force SMB signing */ - if (getenv("CLI_FORCE_SMB_SIGNING")) - cli->sign_info.negotiated_smb_signing = True; + if (lp_client_signing()) + cli->sign_info.allow_smb_signing = True; if (!cli->outbuf || !cli->inbuf) goto error; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index a57a98e3ea..022a57ef6a 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -362,10 +362,12 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd, SMB signing - setup the MAC key. ************************************************************/ -void cli_calculate_mac_key(struct cli_state *cli, const char *ntpasswd, const uchar resp[24]) +void cli_calculate_mac_key(struct cli_state *cli, const char *plain_passwd, const uchar resp[24]) { - /* Get first 16 bytes. */ - E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]); + uchar nt_hash[16]; + E_md4hash(plain_passwd, nt_hash); + + mdfour(&cli->sign_info.mac_key[0], nt_hash, sizeof(nt_hash)); memcpy(&cli->sign_info.mac_key[16],resp,24); cli->sign_info.mac_key_len = 40; cli->sign_info.use_smb_signing = True; @@ -375,7 +377,7 @@ void cli_calculate_mac_key(struct cli_state *cli, const char *ntpasswd, const uc cli->writebraw_supported = False; /* Reset the sequence number in case we had a previous (aborted) attempt */ - cli->sign_info.send_seq_num = 0; + cli->sign_info.send_seq_num = 2; } /*********************************************************** @@ -411,6 +413,7 @@ void cli_caclulate_sign_mac(struct cli_state *cli) MD5Final(calc_md5_mac, &md5_ctx); memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8); + /* cli->outbuf[smb_ss_field+2]=0; Uncomment this to test if the remote server actually verifies signitures...*/ cli->sign_info.send_seq_num++; |