libcli/smb_composite: for spnego session setups check the smb signature manually
authorStefan Metzmacher <metze@samba.org>
Tue, 9 Sep 2008 16:02:07 +0000 (18:02 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 23 Sep 2008 09:30:03 +0000 (11:30 +0200)
commitc01426ce731e2cf0b04ee3a0376e613f4970fb30
tree09286f405154fe2f5d8dff9fb1be6c03f88ca810
parent8c3d96993421e8e6a9fc5d265e4caa71acbd80c8
libcli/smb_composite: for spnego session setups check the smb signature manually

We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.

This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.

With NTLMSSP this happens for the session setup:

request1  => BSRSPYL seqnum: 0
response1 => BSRSPYL seqnum: 0
request2  => BSRSPYL seqnum: 0
response2  => <SIGNATURE> seqnum: 1

and with krb5:

request1  => BSRSPYL seqnum: 0
response1  => <SIGNATURE> seqnum: 1

metze
source4/libcli/smb_composite/sesssetup.c