From 3a0df993f19e3e00059029a166c256e4c5b54656 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 29 Jun 2006 21:44:49 +0000
Subject: [PATCH] r16697: merge Jeremy's client SMB signing fix and tidy up
 release notes some more

---
 WHATSNEW.txt                | 25 +++++++++++++++----------
 source/libsmb/smb_signing.c | 24 ++++++++++++++++++++++--
 2 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1edd9b8e946..c7131874205 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -3,16 +3,20 @@
                               Jun XX, 2006
                    ==============================
 
+This is the latest stable release of Samba. This is the version
+that production Samba servers should be running for all current
+bug-fixes.  Please read the following important changes in this
+release.
+
 We would like to thank the developers of Klocwork for their 
-analysis of the Samba source tree.  This release includes 
-fixes for over 200 defects reported by the Klocwork code 
-analyzer.
+analysis of the Samba source tree.  This release includes fixes 
+for over 200 defects reported by the Klocwork code analyzer.
 
 Thanks very much to those people who spent time testing the 
 release candidates and reported their findings.  We would 
-like to especially thank Thomas Bork <tombork@web.de> for 
-his numerous reports.  We believe that the final is in much 
-better shape in a large part due to his efforts.
+like to especially thank Thomas Bork <tombork@web.de> for his 
+numerous reports.  We believe that the final is in much better 
+shape in a large part due to his efforts.
 
 
 New features in 3.0.23 include:
@@ -23,10 +27,10 @@ New features in 3.0.23 include:
    o New handling of unmapped users and groups. 
    o New non-root share management tools.
    o Improved support for local and BUILTIN groups.
-   o Winbind IDMAP integration with RFC2307 schema objects 
-     supported by Windows 2003 R2.
-   o Rewritten 'net ads join' to mimic Windows XP without 
-     requiring administrative rights to join a domain.
+   o Winbind IDMAP integration with RFC2307 schema objects supported 
+     by Windows 2003 R2.
+   o Rewritten 'net ads join' to mimic Windows XP without requiring 
+     administrative rights to join a domain.
 
 User and Group changes
 ======================
@@ -148,6 +152,7 @@ o   Jeremy Allison <jra@samba.org>
     * Fix various issues raised by the Klocwork code analyzer.
     * Fix nmbd WINS serving bug causing duplicate IPs in the *<1b> 
       query reply ("enhanced browsing = yes").
+    * Fix SMB signing failures in client tools.
 
 
 o   Nicholas Brealey <nick@brealey.org>
diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c
index d68f161e231..68c259ba035 100644
--- a/source/libsmb/smb_signing.c
+++ b/source/libsmb/smb_signing.c
@@ -332,7 +332,22 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si)
 /*	cli->outbuf[smb_ss_field+2]=0; 
 	Uncomment this to test if the remote server actually verifies signatures...*/
 
-	data->send_seq_num += 2;
+	/* Instead of re-introducing the trans_info_conect we
+	   used to have here, we use the fact that during a
+	   SMBtrans/SMBtrans2/SMBnttrans send that the mid stays
+	   constant. This means that calling store_sequence_for_reply()
+	   will return False for all trans secondaries, as the mid is already
+	   on the stored sequence list. As the send_seqence_number must
+	   remain constant for all primary+secondary trans sends, we
+	   only increment the send sequence number when we successfully
+	   add a new entry to the outstanding sequence list. This means
+	   I can isolate the fix here rather than re-adding the trans
+	   signing on/off calls in libsmb/clitrans2.c JRA.
+	 */
+	
+	if (store_sequence_for_reply(&data->outstanding_packet_list, SVAL(outbuf,smb_mid), data->send_seq_num + 1)) {
+		data->send_seq_num += 2;
+	}
 }
 
 /***********************************************************
@@ -356,7 +371,12 @@ static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si,
 		return False;
 	}
 
-	reply_seq_number = data->send_seq_num - 1;
+	if (!get_sequence_for_reply(&data->outstanding_packet_list, SVAL(inbuf, smb_mid), &reply_seq_number)) {
+		DEBUG(1, ("client_check_incoming_message: received message "
+			"with mid %u with no matching send record.\n", (unsigned int)SVAL(inbuf, smb_mid) ));
+		return False;
+	}
+
 	simple_packet_signature(data, (const unsigned char *)inbuf,
 				reply_seq_number, calc_md5_mac);
 
-- 
2.11.4.GIT