SMB signing glitch
Michael B Allen
mba2000 at ioplex.com
Sun Dec 28 07:08:56 GMT 2003
> On Sat, Dec 27, 2003 at 12:57:56AM +0100, Volker.Lendecke at SerNet.DE wrote:
>> On an unsuccessful NTLMSSP session setup we're doing signing wrong:
>> vlendec at delphin:~> smbclient -L w2k3ts -Uvl%asdfg
>> [2003/12/27 00:51:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
>> SMB Signature verification failed on incoming packet!
>> session setup failed: Server packet had invalid SMB signature!
>> The following patch makes us match W2k behaviour.
>> Jeremy, what do you think about that? It's not elegant, but it seems to do
>> the job.
> I need to test this in my test rig at home (don't get
> back unti Jan 3rd) to make sure, but it looks ok. I
> remember the problem and was looking for an "elegant"
> way of fixing it :-).
Even though I don't know the smbclient code too well I think I can say
something about where the state of signing apparatus should be. Signing
is initiated with the first successful session setup but the sequence
counter, mac key, and whatever other signing state is associated with the
transport (originally I believe we had everyting crammed into the session
code). So we just added a clause in the session setup code that obtained
a referece to that session's transport and initialize the signing state
there. From then on the transport only needs to update the message digest,
copy in the hash, and increment the sequence counter by 2. The verify
sequence value is always just 1 more than the value in the corresponding
request so we added a sequenceValue member to the response object and
set it to sequenceCounter + 1 before we even sent the request. So when
the response is recieved we already know the correct verify sequence
value even if responses are received in a different order.
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.
More information about the samba-technical