DATA_BLOB preauth_hash = data_blob_null;
size_t nonce_size = 0;
+DBG_ERR("_session_key.length[%zu]\n", _session_key.length);
+dump_data(0, _session_key.data, _session_key.length);
+
if (conn == NULL) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
check_signature = conn->mandatory_signing;
+ check_signature = false;
hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
/*
}
if (conn->protocol >= PROTOCOL_SMB3_11) {
- check_signature = true;
+ //check_signature = true;
}
+ //check_signature = false;
if (check_signature) {
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->smb2->should_encrypt = false;
}
+ session->smb2->should_sign = check_signature;
/*
* CCM and GCM algorithms must never have their
* nonce wrap, or the security of the whole
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
{
+ session->smb2->should_sign = true;
if (!session->smb2->should_sign) {
/*
* We need required signing on the session
* in order to prevent man in the middle attacks.
*/
- return NT_STATUS_INVALID_PARAMETER_MIX;
+// return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (session->smb2->should_encrypt) {