svn commit: samba r21990 - in branches/SAMBA_3_0/source: lib libsmb
jra at samba.org
jra at samba.org
Tue Mar 27 18:04:37 GMT 2007
Author: jra
Date: 2007-03-27 18:04:36 +0000 (Tue, 27 Mar 2007)
New Revision: 21990
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21990
Log:
Stop messing with the signing engine just because
we're encrypted. This will make further changes and
spec much more clear.
Jeremy.
Modified:
branches/SAMBA_3_0/source/lib/util_sock.c
branches/SAMBA_3_0/source/libsmb/cliconnect.c
branches/SAMBA_3_0/source/libsmb/clientgen.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_sock.c
===================================================================
--- branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-27 18:04:36 UTC (rev 21990)
@@ -746,15 +746,15 @@
}
return False;
}
- } else {
- /* Check the incoming SMB signature. */
- if (!srv_check_sign_mac(buffer, True)) {
- DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
- if (smb_read_error == 0) {
- smb_read_error = READ_BAD_SIG;
- }
- return False;
+ }
+
+ /* Check the incoming SMB signature. */
+ if (!srv_check_sign_mac(buffer, True)) {
+ DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+ if (smb_read_error == 0) {
+ smb_read_error = READ_BAD_SIG;
}
+ return False;
}
return True;
@@ -772,9 +772,9 @@
char *buf_out = buffer;
/* Sign the outgoing packet if required. */
- if (!srv_encryption_on()) {
- srv_calculate_sign_mac(buf_out);
- } else {
+ srv_calculate_sign_mac(buf_out);
+
+ if (srv_encryption_on()) {
NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-27 18:04:36 UTC (rev 21990)
@@ -742,25 +742,25 @@
DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
ntlmssp_state->session_key.length);
DATA_BLOB null_blob = data_blob(NULL, 0);
+ BOOL res;
fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
cli_set_session_key(cli, ntlmssp_state->session_key);
- if (!cli_encryption_on(cli)) {
- BOOL res = cli_simple_set_signing(cli, key, null_blob);
+ res = cli_simple_set_signing(cli, key, null_blob);
- if (res) {
+ data_blob_free(&key);
+
+ if (res) {
- /* 'resign' the last message, so we get the right sequence numbers
- for checking the first reply from the server */
- cli_calculate_sign_mac(cli);
+ /* 'resign' the last message, so we get the right sequence numbers
+ for checking the first reply from the server */
+ cli_calculate_sign_mac(cli);
- if (!cli_check_sign_mac(cli)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- }
+ if (!cli_check_sign_mac(cli)) {
+ nt_status = NT_STATUS_ACCESS_DENIED;
}
}
- data_blob_free(&key);
}
/* we have a reference counter on ntlmssp_state, if we are signing
Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c 2007-03-27 18:04:36 UTC (rev 21990)
@@ -74,6 +74,7 @@
if(CVAL(buffer,0) != SMBkeepalive)
break;
}
+
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_decrypt_message(cli);
if (!NT_STATUS_IS_OK(status)) {
@@ -130,15 +131,14 @@
return ret;
}
- if (!cli_encryption_on(cli)) {
- if (!cli_check_sign_mac(cli)) {
- DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
- cli->smb_rw_error = READ_BAD_SIG;
- close(cli->fd);
- cli->fd = -1;
- return False;
- }
+ if (!cli_check_sign_mac(cli)) {
+ DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+ cli->smb_rw_error = READ_BAD_SIG;
+ close(cli->fd);
+ cli->fd = -1;
+ return False;
}
+
return True;
}
@@ -173,6 +173,8 @@
return False;
}
+ cli_calculate_sign_mac(cli);
+
if (cli_encryption_on(cli)) {
NTSTATUS status = cli_encrypt_message(cli, &buf_out);
if (!NT_STATUS_IS_OK(status)) {
@@ -183,8 +185,6 @@
nt_errstr(status) ));
return False;
}
- } else {
- cli_calculate_sign_mac(cli);
}
len = smb_len(buf_out) + 4;
More information about the samba-cvs
mailing list