r21990: Stop messing with the signing engine just because

we're encrypted. This will make further changes and
spec much more clear.
Jeremy.
(This used to be commit ffa3a5c508a494d22e8ee3ada424a6517ddf8923)

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index a58fb03e775b7941549abe7cb9727389100a7b41..2ddce70fbb5eba38a51a123eeabd45033b74489f 100644 (file)
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -746,15 +746,15 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
                        }
                        return False;
                }
-       } else {
-               /* Check the incoming SMB signature. */
-               if (!srv_check_sign_mac(buffer, True)) {
-                       DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
-                       if (smb_read_error == 0) {
-                               smb_read_error = READ_BAD_SIG;
-                       }
-                       return False;
+       }
+
+       /* Check the incoming SMB signature. */
+       if (!srv_check_sign_mac(buffer, True)) {
+               DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
+               if (smb_read_error == 0) {
+                       smb_read_error = READ_BAD_SIG;
                }
+               return False;
        }
 
        return True;
@@ -772,9 +772,9 @@ BOOL send_smb(int fd, char *buffer)
        char *buf_out = buffer;
 
        /* Sign the outgoing packet if required. */
-       if (!srv_encryption_on()) {
-               srv_calculate_sign_mac(buf_out);
-       } else {
+       srv_calculate_sign_mac(buf_out);
+
+       if (srv_encryption_on()) {
                NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 15dac093da4438711acbcf5feb5d2367598b45f4..3970731b45fba45eff90e3533a23e1e6c4c6c640 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -742,25 +742,25 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
                DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
                                          ntlmssp_state->session_key.length);
                DATA_BLOB null_blob = data_blob(NULL, 0);
+               BOOL res;
 
                fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
                cli_set_session_key(cli, ntlmssp_state->session_key);
 
-               if (!cli_encryption_on(cli)) {
-                       BOOL res = cli_simple_set_signing(cli, key, null_blob);
+               res = cli_simple_set_signing(cli, key, null_blob);
 
-                       if (res) {
+               data_blob_free(&key);
+
+               if (res) {
                        
-                               /* 'resign' the last message, so we get the right sequence numbers
-                                  for checking the first reply from the server */
-                               cli_calculate_sign_mac(cli);
+                       /* 'resign' the last message, so we get the right sequence numbers
+                          for checking the first reply from the server */
+                       cli_calculate_sign_mac(cli);
                        
-                               if (!cli_check_sign_mac(cli)) {
-                                       nt_status = NT_STATUS_ACCESS_DENIED;
-                               }
+                       if (!cli_check_sign_mac(cli)) {
+                               nt_status = NT_STATUS_ACCESS_DENIED;
                        }
                }
-               data_blob_free(&key);
        }
 
        /* we have a reference counter on ntlmssp_state, if we are signing

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index a3873a47fea086ddd7d0a88e8a6f290d77b171bc..92fc72fd5c4d0edece0a92d5f3c0263668895f67 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -74,6 +74,7 @@ static BOOL client_receive_smb(struct cli_state *cli)
                if(CVAL(buffer,0) != SMBkeepalive)
                        break;
        }
+
        if (cli_encryption_on(cli)) {
                NTSTATUS status = cli_decrypt_message(cli);
                if (!NT_STATUS_IS_OK(status)) {
@@ -130,15 +131,14 @@ BOOL cli_receive_smb(struct cli_state *cli)
                return ret;
        }
 
-       if (!cli_encryption_on(cli)) {
-               if (!cli_check_sign_mac(cli)) {
-                       DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
-                       cli->smb_rw_error = READ_BAD_SIG;
-                       close(cli->fd);
-                       cli->fd = -1;
-                       return False;
-               }
+       if (!cli_check_sign_mac(cli)) {
+               DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
+               cli->smb_rw_error = READ_BAD_SIG;
+               close(cli->fd);
+               cli->fd = -1;
+               return False;
        }
+
        return True;
 }
 
@@ -173,6 +173,8 @@ BOOL cli_send_smb(struct cli_state *cli)
                return False;
        }
 
+       cli_calculate_sign_mac(cli);
+
        if (cli_encryption_on(cli)) {
                NTSTATUS status = cli_encrypt_message(cli, &buf_out);
                if (!NT_STATUS_IS_OK(status)) {
@@ -183,8 +185,6 @@ BOOL cli_send_smb(struct cli_state *cli)
                                nt_errstr(status) ));
                        return False;
                }
-       } else {
-               cli_calculate_sign_mac(cli);
        }
 
        len = smb_len(buf_out) + 4;