From 34dac35e48ca0c03d2744d9925566665285eb973 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Mar 2007 18:04:36 +0000 Subject: r21990: Stop messing with the signing engine just because we're encrypted. This will make further changes and spec much more clear. Jeremy. (This used to be commit ffa3a5c508a494d22e8ee3ada424a6517ddf8923) --- source3/lib/util_sock.c | 22 +++++++++++----------- source3/libsmb/cliconnect.c | 20 ++++++++++---------- source3/libsmb/clientgen.c | 20 ++++++++++---------- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index a58fb03e77..2ddce70fbb 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -746,15 +746,15 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout) } return False; } - } else { - /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { - DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_SIG; - } - return False; + } + + /* Check the incoming SMB signature. */ + if (!srv_check_sign_mac(buffer, True)) { + DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_SIG; } + return False; } return True; @@ -772,9 +772,9 @@ BOOL send_smb(int fd, char *buffer) char *buf_out = buffer; /* Sign the outgoing packet if required. */ - if (!srv_encryption_on()) { - srv_calculate_sign_mac(buf_out); - } else { + srv_calculate_sign_mac(buf_out); + + if (srv_encryption_on()) { NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n", diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 15dac093da..3970731b45 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use DATA_BLOB key = data_blob(ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); DATA_BLOB null_blob = data_blob(NULL, 0); + BOOL res; fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - if (!cli_encryption_on(cli)) { - BOOL res = cli_simple_set_signing(cli, key, null_blob); + res = cli_simple_set_signing(cli, key, null_blob); - if (res) { + data_blob_free(&key); + + if (res) { - /* 'resign' the last message, so we get the right sequence numbers - for checking the first reply from the server */ - cli_calculate_sign_mac(cli); + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli); - if (!cli_check_sign_mac(cli)) { - nt_status = NT_STATUS_ACCESS_DENIED; - } + if (!cli_check_sign_mac(cli)) { + nt_status = NT_STATUS_ACCESS_DENIED; } } - data_blob_free(&key); } /* we have a reference counter on ntlmssp_state, if we are signing diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index a3873a47fe..92fc72fd5c 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -74,6 +74,7 @@ static BOOL client_receive_smb(struct cli_state *cli) if(CVAL(buffer,0) != SMBkeepalive) break; } + if (cli_encryption_on(cli)) { NTSTATUS status = cli_decrypt_message(cli); if (!NT_STATUS_IS_OK(status)) { @@ -130,15 +131,14 @@ BOOL cli_receive_smb(struct cli_state *cli) return ret; } - if (!cli_encryption_on(cli)) { - if (!cli_check_sign_mac(cli)) { - DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); - cli->smb_rw_error = READ_BAD_SIG; - close(cli->fd); - cli->fd = -1; - return False; - } + if (!cli_check_sign_mac(cli)) { + DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); + cli->smb_rw_error = READ_BAD_SIG; + close(cli->fd); + cli->fd = -1; + return False; } + return True; } @@ -173,6 +173,8 @@ BOOL cli_send_smb(struct cli_state *cli) return False; } + cli_calculate_sign_mac(cli); + if (cli_encryption_on(cli)) { NTSTATUS status = cli_encrypt_message(cli, &buf_out); if (!NT_STATUS_IS_OK(status)) { @@ -183,8 +185,6 @@ BOOL cli_send_smb(struct cli_state *cli) nt_errstr(status) )); return False; } - } else { - cli_calculate_sign_mac(cli); } len = smb_len(buf_out) + 4; -- cgit