[Samba] SMB signing broken? 3.0.7 -> 3.0.8

Tue Mar 15 18:19:01 GMT 2005

On Tue, Mar 15, 2005 at 03:00:17PM +0000, Tim wrote:
> Hi all.
> 
> I originally suspected this problem was with netbios (which I have
> disabled by default) and Jerry has helped me out a bit with but I've
> been doing some more digging and I think the problem lies back further
> than I expected.
> 
> I was trying to upgrade from 3.0.7 to 3.0.11 so I've recompiled all
> versions back from 3.0.11 and the problem first occured in 3.0.8.  The
> issue is with winbind, and the error I'm getting is
> "failed tcon_X with NT_STATUS_ACCESS_DENIED":
> 
> === 3.0.8:  /usr/bin/winbind -i -d10 ===
> ...
> Got KRB5 session key of length 8
> SMB signing enabled!
> cli_simple_set_signing: user_session_key
> [000] C8 5E D6 1A A1 46 10 BA                           .^...F..
> cli_simple_set_signing: NULL response_data
> simple_packet_signature: sequence number 0
> client_sign_outgoing_message: sent SMB signature of
> [000] 84 84 78 B3 60 4A 05 5B                           ..x.`J.[
> store_sequence_for_reply: stored seq = 1 mid = 2
> ...
> client_check_incoming_message: BAD SIG: wanted SMB signature of
> [000] D7 08 07 13 97 AC E9 8B                           ........
> client_check_incoming_message: BAD SIG: got SMB signature of
> [000] EF 85 1C D4 6A 1D AC 9D                           ....j...
> 
> 
> 
> So... and please correct me if I'm wrong, but something changed
> between 3.0.7 and 3.0.8 to do with SMB signing.  The signature
> size seems to have changed, but I don't know enough about the
> SMB protocol to work out what this would mean.
> 
> I also notice this in the Changelog:
> 
>   o Fixes for kerberos interoperability with Windows 200x
>     domains when using DES keys.

Can you try this patch. It reverts that change.

Jeremy.
-------------- next part --------------
Index: libsmb/smb_signing.c
===================================================================

--- libsmb/smb_signing.c	(revision 5789)
+++ libsmb/smb_signing.c	(working copy)
@@ -277,14 +277,17 @@
 	MD5Init(&md5_ctx);
 
 	/* intialise with the key */
+	MD5Update(&md5_ctx, data->mac_key.data, data->mac_key.length); 
+#if 0
+	/* JRA - apparently this is incorrect. */
 	/* NB. When making and verifying SMB signatures, Windows apparently
 		zero-pads the key to 128 bits if it isn't long enough.
 		From Nalin Dahyabhai <nalin at redhat.com> */
-	MD5Update(&md5_ctx, data->mac_key.data, data->mac_key.length); 
 	if (data->mac_key.length < sizeof(key_buf)) {
 		memset(key_buf, 0, sizeof(key_buf));
 		MD5Update(&md5_ctx, key_buf, sizeof(key_buf) - data->mac_key.length);
 	}
+#endif
 
 	/* copy in the first bit of the SMB header */
 	MD5Update(&md5_ctx, buf + 4, smb_ss_field - 4);
