return nt_status;
}
+DBG_ERR("session_key.length[%zu]\n", session_key.length);
+dump_data(0, session_key.data, session_key.length);
+
if (!(flags & CLI_CRED_LANMAN_AUTH)) {
/* LM Key is still possible, just silly, so we do not
* allow it. Fortunetly all LM crypto is off by
return NT_STATUS_INVALID_PARAMETER_MIX;
}
+DBG_ERR("ntlmssp_state->session_key.length[%zu]\n", ntlmssp_state->session_key.length);
+dump_data(0, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length);
+
if (ntlmssp_state->force_wrap_seal &&
(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN))
{
DATA_BLOB preauth_hash = data_blob_null;
size_t nonce_size = 0;
+DBG_ERR("_session_key.length[%zu]\n", _session_key.length);
+dump_data(0, _session_key.data, _session_key.length);
+
if (conn == NULL) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
check_signature = conn->mandatory_signing;
+ check_signature = false;
hdr_flags = IVAL(recv_iov[0].iov_base, SMB2_HDR_FLAGS);
if (hdr_flags & SMB2_HDR_FLAG_SIGNED) {
/*
}
if (conn->protocol >= PROTOCOL_SMB3_11) {
- check_signature = true;
+ //check_signature = true;
}
+ //check_signature = false;
if (check_signature) {
status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
session->smb2->should_encrypt = false;
}
+ session->smb2->should_sign = check_signature;
/*
* CCM and GCM algorithms must never have their
* nonce wrap, or the security of the whole
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
{
+ session->smb2->should_sign = true;
if (!session->smb2->should_sign) {
/*
* We need required signing on the session
* in order to prevent man in the middle attacks.
*/
- return NT_STATUS_INVALID_PARAMETER_MIX;
+// return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (session->smb2->should_encrypt) {
}
status = cli_session_setup_creds(c, creds);
+ cli_ulogoff(c);
+ status = cli_session_setup_anon(c);
if (!NT_STATUS_IS_OK(status)) {
/* If a password was not supplied then
* try again with a null username. */