SMB signing glitch

Andrew Bartlett abartlet at
Sat Dec 27 06:50:47 GMT 2003

On Sat, 2003-12-27 at 10:57, Volker.Lendecke at SerNet.DE wrote:
> Hi!
> On an unsuccessful NTLMSSP session setup we're doing signing wrong:
> vlendec at delphin:~> smbclient -L w2k3ts -Uvl%asdfg
> [2003/12/27 00:51:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
>   SMB Signature verification failed on incoming packet!
> session setup failed: Server packet had invalid SMB signature!

The problem is that we don't follow the spec - the spec indicates that
we can only consider signing 'on' if we have received a valid
signature.  I *thought* I had such a system, but this area changed a lot
between my prototype and jra fixing all the special cases.

> The following patch makes us match W2k behaviour.
> Jeremy, what do you think about that? It's not elegant, but it seems to do
> the job.

If we do it this way, I think that the BSRSPYL signing engine should
just increment the sequence number, rather than assuming a magic '2'.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list