summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c11
-rw-r--r--source3/libsmb/smbencrypt.c10
2 files changed, 12 insertions, 9 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 135238b9a7..893d194a87 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -258,6 +258,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
uint32 capabilities = cli_session_setup_capabilities(cli);
fstring pword, ntpword;
char *p;
+ BOOL tried_signing = False;
if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
return False;
@@ -269,15 +270,15 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
ntpasslen = 24;
SMBencrypt((uchar *)pass,cli->secblob.data,(uchar *)pword);
SMBNTencrypt((uchar *)pass,cli->secblob.data,(uchar *)ntpword);
+ if (!cli->sign_info.use_smb_signing && cli->sign_info.negotiated_smb_signing) {
+ cli_calculate_mac_key(cli, (uchar *)pass, (uchar *)ntpword);
+ tried_signing = True;
+ }
} else {
memcpy(pword, pass, passlen);
memcpy(ntpword, ntpass, ntpasslen);
}
- if (cli->sign_info.negotiated_smb_signing) {
- cli_calculate_mac_key(cli, (uchar *)pass, (uchar *)ntpword);
- }
-
/* send a session setup command */
memset(cli->outbuf,'\0',smb_size);
@@ -308,7 +309,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
show_msg(cli->inbuf);
- if (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */) {
+ if (tried_signing && (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */)) {
/* We only use it if we have a successful non-guest connect */
cli->sign_info.use_smb_signing = False;
}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 9ae6da0ced..95434d0ae4 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -345,6 +345,12 @@ void cli_calculate_mac_key(struct cli_state *cli, const unsigned char *ntpasswd,
cli->sign_info.mac_key_len = 40;
cli->sign_info.use_smb_signing = True;
+ /* These calls are INCONPATIBLE with SMB signing */
+ cli->readbraw_supported = False;
+ cli->writebraw_supported = False;
+
+ /* Reset the sequence number in case we had a previous (aborted) attempt */
+ cli->sign_info.send_seq_num = 0;
}
/***********************************************************
@@ -360,10 +366,6 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
return;
}
- /* These calls are INCONPATIBLE with SMB signing */
- cli->readbraw_supported = False;
- cli->writebraw_supported = False;
-
/*
* Firstly put the sequence number into the first 4 bytes.
* and zero out the next 4 bytes.
generated by cgit (git 2.34.1) at 2024-10-05 01:21:01 +0000