[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-196-g918e628

Stefan Metzmacher metze at samba.org
Fri Mar 6 15:23:50 GMT 2009


The branch, master has been updated
       via  918e6288fa775893a7e895334e05ce7780f89eaf (commit)
      from  5ce523bbed4196fda6716b71ef6080c3c5522838 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 918e6288fa775893a7e895334e05ce7780f89eaf
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 6 16:18:50 2009 +0100

    s3:libsmb: smb signing works the same for extented and non-extended security
    
    This is only cosmetic, but it makes it easier to understand.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source3/libsmb/cliconnect.c |   23 ++++++++++++++++++-----
 1 files changed, 18 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ad11ee0..58e7dd1 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -379,6 +379,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
 	DATA_BLOB session_key = data_blob_null;
 	NTSTATUS result;
 	char *p;
+	bool ok;
 
 	if (passlen == 0) {
 		/* do nothing - guest login */
@@ -436,11 +437,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
 			SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
 #endif
 		}
-#ifdef LANMAN_ONLY
-		cli_simple_set_signing(cli, session_key, lm_response); 
-#else
-		cli_simple_set_signing(cli, session_key, nt_response); 
-#endif
+		cli_temp_set_signing(cli);
 	} else {
 		/* pre-encrypted password supplied.  Only used for 
 		   security=server, can't do
@@ -492,6 +489,22 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
 		goto end;
 	}
 
+#ifdef LANMAN_ONLY
+	ok = cli_simple_set_signing(cli, session_key, lm_response);
+#else
+	ok = cli_simple_set_signing(cli, session_key, nt_response);
+#endif
+	if (ok) {
+		/* 'resign' the last message, so we get the right sequence numbers
+		   for checking the first reply from the server */
+		cli_calculate_sign_mac(cli, cli->outbuf);
+
+		if (!cli_check_sign_mac(cli, cli->inbuf)) {
+			result = NT_STATUS_ACCESS_DENIED;
+			goto end;
+		}
+	}
+
 	/* use the returned vuid from now on */
 	cli->vuid = SVAL(cli->inbuf,smb_uid);
 	


-- 
Samba Shared Repository


More information about the samba-cvs mailing list