CVS update: samba/source/libsmb

Andrew Bartlett abartlet at
Thu Jul 31 12:55:29 GMT 2003

On Thu, 2003-07-31 at 10:30, jra at wrote:
> Date:	Thu Jul 31 00:30:01 2003
> Author:	jra
> Update of /data/cvs/samba/source/libsmb
> In directory
> Modified Files:
>       Tag: SAMBA_3_0
> 	smb_signing.c 
> Log Message:
> Turn the 'doing_signing' variable on - fix bug where it was only being set
> on when signing was mandatory.
> Jeremy.

Firstly, thanks for doing the hard yards on this - there sure is a lot
between figuring out the crypto and turning it into a working system...

Anyway, I think the meaning of that variable has changed over time - let
me explain what my original intent was:

Samba needs to deal with servers and clients that somehow find
themselves incapable of generating a valid signature, where signing in
negotiated.  (like we have done with win2000 servers, pre sp4 and before
we knew the algorithms)

The original idea was that we would 'enable' signing on the connection -
by setting the function pointers etc, but that we would only set
'doing_signing' when our partner correctly signed a response.  In
particular, the idea was to ensure that on a login failure, we would
correctly back down, and not enforce signing on subsequent packets. 
Likewise, we need to cope with a server that has an invalid session
key.  This would occour if the PDC it is attached to is Samba 2.2.

Does this make sense?

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list