return False;
}
+ /* Lanman2 cannot use SMB signing. */
+ cli->sign_info.use_smb_signing = False;
+
/* if in share level security then don't send a password now */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
passlen = 0;
passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_ASCII);
+ /* Plaintext password cannot use SMB signing. */
+ cli->sign_info.use_smb_signing = False;
+
set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
ntpasslen = 24;
SMBencrypt((uchar *)pass,cli->secblob.data,(uchar *)pword);
SMBNTencrypt((uchar *)pass,cli->secblob.data,(uchar *)ntpword);
+ cli_calculate_mac_key(cli, (uchar *)pass, (uchar *)ntpword);
} else {
memcpy(pword, pass, passlen);
memcpy(ntpword, ntpass, ntpasslen);
/* send a session setup command */
memset(cli->outbuf,'\0',smb_size);
+ /* Extended security cannot use SMB signing (for now). */
+ cli->sign_info.use_smb_signing = False;
+
set_message(cli->outbuf,12,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
int i;
BOOL got_kerberos_mechanism = False;
+ /* spnego security cannot use SMB signing (for now). */
+ cli->sign_info.use_smb_signing = False;
+
DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length));
/* the server might not even do spnego */
BOOL cli_ulogoff(struct cli_state *cli)
{
- memset(cli->outbuf,'\0',smb_size);
- set_message(cli->outbuf,2,0,True);
- SCVAL(cli->outbuf,smb_com,SMBulogoffX);
- cli_setup_packet(cli);
+ memset(cli->outbuf,'\0',smb_size);
+ set_message(cli->outbuf,2,0,True);
+ SCVAL(cli->outbuf,smb_com,SMBulogoffX);
+ cli_setup_packet(cli);
SSVAL(cli->outbuf,smb_vwv0,0xFF);
SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
- cli_send_smb(cli);
- if (!cli_receive_smb(cli))
- return False;
+ cli_send_smb(cli);
+ if (!cli_receive_smb(cli))
+ return False;
- return !cli_is_error(cli);
+ return !cli_is_error(cli);
}
/****************************************************************************
return True;
}
+/***********************************************************
+ SMB signing - setup the MAC key.
+************************************************************/
+
+void cli_calculate_mac_key(struct cli_state *cli, const unsigned char *ntpasswd, const uchar resp[24])
+{
+ /* Get first 16 bytes. */
+ E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]);
+ memcpy(&cli->sign_info.mac_key[16],resp,24);
+ cli->sign_info.mac_key_len = 40;
+}
+
/***********************************************************
SMB signing - calculate a MAC to send.
************************************************************/