svn commit: samba r21990 - in branches/SAMBA_3_0/source: lib libsmb

Tue Mar 27 18:04:37 GMT 2007

Author: jra
Date: 2007-03-27 18:04:36 +0000 (Tue, 27 Mar 2007)
New Revision: 21990

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21990

Log:
Stop messing with the signing engine just because
we're encrypted. This will make further changes and
spec much more clear.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/lib/util_sock.c
   branches/SAMBA_3_0/source/libsmb/cliconnect.c
   branches/SAMBA_3_0/source/libsmb/clientgen.c


Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_sock.c
===================================================================

--- branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/lib/util_sock.c	2007-03-27 18:04:36 UTC (rev 21990)
@@ -746,15 +746,15 @@
 			}
 			return False;
 		}
-	} else {
-		/* Check the incoming SMB signature. */
-		if (!srv_check_sign_mac(buffer, True)) {
-			DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
-			if (smb_read_error == 0) {
-				smb_read_error = READ_BAD_SIG;
-			}
-			return False;
+	}
+
+	/* Check the incoming SMB signature. */
+	if (!srv_check_sign_mac(buffer, True)) {
+		DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+		if (smb_read_error == 0) {
+			smb_read_error = READ_BAD_SIG;
 		}
+		return False;
 	}
 
 	return True;
@@ -772,9 +772,9 @@
 	char *buf_out = buffer;
 
 	/* Sign the outgoing packet if required. */
-	if (!srv_encryption_on()) {
-		srv_calculate_sign_mac(buf_out);
-	} else {
+	srv_calculate_sign_mac(buf_out);
+
+	if (srv_encryption_on()) {
 		NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",

Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c	2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c	2007-03-27 18:04:36 UTC (rev 21990)
@@ -742,25 +742,25 @@
 		DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
 					  ntlmssp_state->session_key.length);
 		DATA_BLOB null_blob = data_blob(NULL, 0);
+		BOOL res;
 
 		fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
 		cli_set_session_key(cli, ntlmssp_state->session_key);
 
-		if (!cli_encryption_on(cli)) {
-			BOOL res = cli_simple_set_signing(cli, key, null_blob);
+		res = cli_simple_set_signing(cli, key, null_blob);
 
-			if (res) {
+		data_blob_free(&key);
+
+		if (res) {
 			
-				/* 'resign' the last message, so we get the right sequence numbers
-				   for checking the first reply from the server */
-				cli_calculate_sign_mac(cli);
+			/* 'resign' the last message, so we get the right sequence numbers
+			   for checking the first reply from the server */
+			cli_calculate_sign_mac(cli);
 			
-				if (!cli_check_sign_mac(cli)) {
-					nt_status = NT_STATUS_ACCESS_DENIED;
-				}
+			if (!cli_check_sign_mac(cli)) {
+				nt_status = NT_STATUS_ACCESS_DENIED;
 			}
 		}
-		data_blob_free(&key);
 	}
 
 	/* we have a reference counter on ntlmssp_state, if we are signing

Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-27 11:22:07 UTC (rev 21989)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c	2007-03-27 18:04:36 UTC (rev 21990)
@@ -74,6 +74,7 @@
 		if(CVAL(buffer,0) != SMBkeepalive)
 			break;
 	}
+
 	if (cli_encryption_on(cli)) {
 		NTSTATUS status = cli_decrypt_message(cli);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -130,15 +131,14 @@
 		return ret;
 	}
 
-	if (!cli_encryption_on(cli)) {
-		if (!cli_check_sign_mac(cli)) {
-			DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
-			cli->smb_rw_error = READ_BAD_SIG;
-			close(cli->fd);
-			cli->fd = -1;
-			return False;
-		}
+	if (!cli_check_sign_mac(cli)) {
+		DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+		cli->smb_rw_error = READ_BAD_SIG;
+		close(cli->fd);
+		cli->fd = -1;
+		return False;
 	}
+
 	return True;
 }
 
@@ -173,6 +173,8 @@
 		return False;
 	}
 
+	cli_calculate_sign_mac(cli);
+
 	if (cli_encryption_on(cli)) {
 		NTSTATUS status = cli_encrypt_message(cli, &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -183,8 +185,6 @@
 				nt_errstr(status) ));
 			return False;
 		}
-	} else {
-		cli_calculate_sign_mac(cli);
 	}
 
 	len = smb_len(buf_out) + 4;

