CVS update: samba/source/libsmb

[Andrew Bartlett]

On Thu, 2003-07-31 at 10:30, jra at samba.org wrote:
> Date:	Thu Jul 31 00:30:01 2003
> Author:	jra
> 
> Update of /data/cvs/samba/source/libsmb
> In directory dp.samba.org:/tmp/cvs-serv11078/libsmb
> 
> Modified Files:
>       Tag: SAMBA_3_0
> 	smb_signing.c 
> Log Message:
> Turn the 'doing_signing' variable on - fix bug where it was only being set
> on when signing was mandatory.
> Jeremy.

Firstly, thanks for doing the hard yards on this - there sure is a lot
between figuring out the crypto and turning it into a working system...
:-)

Anyway, I think the meaning of that variable has changed over time - let
me explain what my original intent was:

Samba needs to deal with servers and clients that somehow find
themselves incapable of generating a valid signature, where signing in
negotiated.  (like we have done with win2000 servers, pre sp4 and before
we knew the algorithms)

The original idea was that we would 'enable' signing on the connection -
by setting the function pointers etc, but that we would only set
'doing_signing' when our partner correctly signed a response.  In
particular, the idea was to ensure that on a login failure, we would
correctly back down, and not enforce signing on subsequent packets. 
Likewise, we need to cope with a server that has an invalid session
key.  This would occour if the PDC it is attached to is Samba 2.2.

Does this make sense?

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030731/160c88ee/attachment.bin