Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problems

when reverse connecting back to a client for printer notify.
Jeremy.
(This used to be commit 7fde193efeb856ec325d5d563f1e710c45dc65d7)

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index b8b847170841c796705f9e6363954e73a35c4f84..5a1f631ba4321fd5dc87a156626dbe846b448a26 100644 (file)
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -497,9 +497,10 @@ ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout)
  BUFFER_SIZE+SAFETY_MARGIN.
  The timeout is in milliseconds. 
  This function will return on receipt of a session keepalive packet.
+ Doesn't check the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
+BOOL receive_smb_raw(int fd,char *buffer, unsigned int timeout)
 {
        ssize_t len,ret;
 
@@ -509,7 +510,7 @@ BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
 
        len = read_smb_length_return_keepalive(fd,buffer,timeout);
        if (len < 0) {
-               DEBUG(10,("receive_smb: length < 0!\n"));
+               DEBUG(10,("receive_smb_raw: length < 0!\n"));
 
                /*
                 * Correct fix. smb_read_error may have already been
@@ -552,6 +553,20 @@ BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
                }
        }
 
+       return True;
+}
+
+/****************************************************************************
+ Wrapper for receive_smb_raw().
+ Checks the MAC on signed packets.
+****************************************************************************/
+
+BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
+{
+       if (!receive_smb_raw(fd, buffer, timeout)) {
+               return False;
+       }
+
        /* Check the incoming SMB signature. */
        if (!srv_check_sign_mac(buffer)) {
                DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 0a134f715dcbd6e4276468441e0877d4b2f7fbc9..9b54acf77561f807d3e0f6208e0f6b30f28ab691 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -59,7 +59,7 @@ static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
        BOOL ret;
 
        for(;;) {
-               ret = receive_smb(fd, buffer, timeout);
+               ret = receive_smb_raw(fd, buffer, timeout);
 
                if (!ret) {
                        DEBUG(10,("client_receive_smb failed\n"));

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index f2fb02176b564b8a229522ddeceed63afd1d0a45..15578f6148293d2108ff4575160f1fb160cecfac 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -2598,7 +2598,8 @@ static BOOL spoolss_connect_to_client(struct cli_state *the_cli,
        }
 
        the_cli->protocol = PROTOCOL_NT1;
-    
+       cli_setup_signing_state(the_cli, lp_client_signing());
+  
        if (!cli_negprot(the_cli)) {
                DEBUG(0,("spoolss_connect_to_client: machine %s rejected the negotiate protocol. Error was : %s.\n", remote_machine, cli_errstr(the_cli) ));
                cli_shutdown(the_cli);

diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index f43790bfe03bd5279bd0f127b054c2d0d9e07c03..c0512d5539b4d47280fc23d0e468e87788f51085 100644 (file)
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -149,7 +149,7 @@ for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
                blr->fsp->fnum, blr->fsp->fsp_name ));
 
        /* Push the MID of this packet on the signing queue. */
-       srv_defer_sign_response(SVAL(inbuf,smb_mid), True);
+       srv_defer_sign_response(SVAL(inbuf,smb_mid));
 
        return True;
 }