SMB signing glitch

Andrew Bartlett abartlet at samba.org
Sat Dec 27 06:50:47 GMT 2003


On Sat, 2003-12-27 at 10:57, Volker.Lendecke at SerNet.DE wrote:
> Hi!
> 
> On an unsuccessful NTLMSSP session setup we're doing signing wrong:
> 
> vlendec at delphin:~> smbclient -L w2k3ts -Uvl%asdfg
> [2003/12/27 00:51:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
>   SMB Signature verification failed on incoming packet!
> session setup failed: Server packet had invalid SMB signature!

The problem is that we don't follow the spec - the spec indicates that
we can only consider signing 'on' if we have received a valid
signature.  I *thought* I had such a system, but this area changed a lot
between my prototype and jra fixing all the special cases.

> The following patch makes us match W2k behaviour.
> 
> Jeremy, what do you think about that? It's not elegant, but it seems to do
> the job.

If we do it this way, I think that the BSRSPYL signing engine should
just increment the sequence number, rather than assuming a magic '2'.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031227/5388259b/attachment.bin


More information about the samba-technical mailing list