SMB signing glitch
abartlet at samba.org
Sat Dec 27 06:50:47 GMT 2003
On Sat, 2003-12-27 at 10:57, Volker.Lendecke at SerNet.DE wrote:
> On an unsuccessful NTLMSSP session setup we're doing signing wrong:
> vlendec at delphin:~> smbclient -L w2k3ts -Uvl%asdfg
> [2003/12/27 00:51:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
> SMB Signature verification failed on incoming packet!
> session setup failed: Server packet had invalid SMB signature!
The problem is that we don't follow the spec - the spec indicates that
we can only consider signing 'on' if we have received a valid
signature. I *thought* I had such a system, but this area changed a lot
between my prototype and jra fixing all the special cases.
> The following patch makes us match W2k behaviour.
> Jeremy, what do you think about that? It's not elegant, but it seems to do
> the job.
If we do it this way, I think that the BSRSPYL signing engine should
just increment the sequence number, rather than assuming a magic '2'.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031227/5388259b/attachment.bin
More information about the samba-technical