From: Jeremy Allison Date: Sat, 14 Apr 2007 00:53:38 +0000 (+0000) Subject: r22212: Cope with signature errors on sessionsetupX logins X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~717 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6cf0b93b1d8cb97dc665e14ace94a259def67724;p=thirdparty%2Fsamba.git r22212: Cope with signature errors on sessionsetupX logins where the server just reflects our signature back to us. Allow the upper layer to see the real error. Jeremy. --- diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index e4712d2f655..de575e83a21 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -139,6 +139,26 @@ BOOL cli_receive_smb_internal(struct cli_state *cli, BOOL eat_keepalives) } if (!cli_check_sign_mac(cli)) { + /* + * If we get a signature failure in sessionsetup, then + * the server sometimes just reflects the sent signature + * back to us. Detect this and allow the upper layer to + * retrieve the correct Windows error message. + */ + if (CVAL(cli->outbuf,smb_com) == SMBsesssetupX && + (smb_len(cli->inbuf) > (smb_ss_field + 8 - 4)) && + (SVAL(cli->inbuf,smb_flg2) & FLAGS2_SMB_SECURITY_SIGNATURES) && + memcmp(&cli->outbuf[smb_ss_field],&cli->inbuf[smb_ss_field],8) == 0 && + cli_is_error(cli)) { + + /* + * Reflected signature on login error. + * Set bad sig but don't close fd. + */ + cli->smb_rw_error = READ_BAD_SIG; + return True; + } + DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); cli->smb_rw_error = READ_BAD_SIG; close(cli->fd);