From 918e6288fa775893a7e895334e05ce7780f89eaf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 6 Mar 2009 16:18:50 +0100 Subject: s3:libsmb: smb signing works the same for extented and non-extended security This is only cosmetic, but it makes it easier to understand. metze --- source3/libsmb/cliconnect.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source3/libsmb/cliconnect.c') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ad11ee0ed4..58e7dd1f8e 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -379,6 +379,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, DATA_BLOB session_key = data_blob_null; NTSTATUS result; char *p; + bool ok; if (passlen == 0) { /* do nothing - guest login */ @@ -436,11 +437,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); #endif } -#ifdef LANMAN_ONLY - cli_simple_set_signing(cli, session_key, lm_response); -#else - cli_simple_set_signing(cli, session_key, nt_response); -#endif + cli_temp_set_signing(cli); } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -492,6 +489,22 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, goto end; } +#ifdef LANMAN_ONLY + ok = cli_simple_set_signing(cli, session_key, lm_response); +#else + ok = cli_simple_set_signing(cli, session_key, nt_response); +#endif + if (ok) { + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli, cli->outbuf); + + if (!cli_check_sign_mac(cli, cli->inbuf)) { + result = NT_STATUS_ACCESS_DENIED; + goto end; + } + } + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); -- cgit