SMB signing - setup the MAC key.
************************************************************/
-void cli_calculate_mac_key(struct cli_state *cli, const char *ntpasswd, const uchar resp[24])
+void cli_calculate_mac_key(struct cli_state *cli, const char *plain_passwd, const uchar resp[24])
{
- /* Get first 16 bytes. */
- E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]);
+ uchar nt_hash[16];
+ E_md4hash(plain_passwd, nt_hash);
+
+ mdfour(&cli->sign_info.mac_key[0], nt_hash, sizeof(nt_hash));
memcpy(&cli->sign_info.mac_key[16],resp,24);
cli->sign_info.mac_key_len = 40;
cli->sign_info.use_smb_signing = True;
cli->writebraw_supported = False;
/* Reset the sequence number in case we had a previous (aborted) attempt */
- cli->sign_info.send_seq_num = 0;
+ cli->sign_info.send_seq_num = 2;
}
/***********************************************************
MD5Final(calc_md5_mac, &md5_ctx);
memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
+
/* cli->outbuf[smb_ss_field+2]=0;
Uncomment this to test if the remote server actually verifies signitures...*/
cli->sign_info.send_seq_num++;
char *szWinbindUID;
char *szWinbindGID;
char *szNonUnixAccountRange;
- BOOL bAlgorithmicRidBase;
+ int AlgorithmicRidBase;
char *szTemplateHomedir;
char *szTemplateShell;
char *szWinbindSeparator;
BOOL bKernelChangeNotify;
int restrict_anonymous;
int name_cache_timeout;
+ BOOL client_signing;
param_opt_struct *param_opt;
}
global;
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"sam backend", P_LIST, P_GLOBAL, &Globals.szSamBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER},
+ {"client signing", P_BOOL, P_GLOBAL, &Globals.client_signing, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"Tuning Options", P_SEP, P_SEPARATOR},
string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast");
string_set(&Globals.szPasswordServer, "*");
- Globals.bAlgorithmicRidBase = BASE_RID;
+ Globals.AlgorithmicRidBase = BASE_RID;
Globals.bLoadPrinters = True;
Globals.mangled_stack = 50;
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
-FN_GLOBAL_BOOL(lp_algorithmic_rid_base, &Globals.bAlgorithmicRidBase)
+FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
+FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing)
/* local prototypes */