Even if signing is mandatory.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL
response1 => BSRSPYL
request2 => <SIGNATURE>
response2 => <SIGNATURE>
metze
case SMB_SIGNING_ENGINE_OFF:
return true;
case SMB_SIGNING_ENGINE_BSRSPYL:
+ if (req->in.size < (HDR_SS_FIELD + 8)) {
+ return false;
+ }
+
+ good = check_signed_incoming_message(&req->in,
+ &req->transport->negotiate.sign_info.mac_key,
+ req->seq_num+1);
+ if (good) {
+ return signing_good(&req->transport->negotiate.sign_info,
+ req->seq_num+1, good);
+ }
+ /*
+ * It's not an error if the signature isn't valid.
+ * It could be "BSRSPYL " or any other value
+ */
+ return true;
+
case SMB_SIGNING_ENGINE_ON:
{
if (req->in.size < (HDR_SS_FIELD + 8)) {