From 2d2e5629e5570c4215e7dac792450758921a9b4e Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Tue, 7 Jan 2025 03:19:32 +1000
Subject: [PATCH] Add NTLM SIGN flag for SMB Server (#1826)

Adds the NTLMSSP_NEGOTIATE_SIGN flag to the NTLM CHALLENGE message
returned by the SMB server. This is needeed for clients that generate a
SPNEGO mechListMIC which require signing to be enabled on the NTLM
context.
---
 impacket/smbserver.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/impacket/smbserver.py b/impacket/smbserver.py
index 5cf877ffa..581c40988 100644
--- a/impacket/smbserver.py
+++ b/impacket/smbserver.py
@@ -2926,6 +2926,8 @@ def smb2SessionSetup(connId, smbServer, recvPacket):
                 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_UNICODE
             if negotiateMessage['flags'] & ntlm.NTLM_NEGOTIATE_OEM:
                 ansFlags |= ntlm.NTLM_NEGOTIATE_OEM
+            if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_SIGN:
+                ansFlags |= ntlm.NTLMSSP_NEGOTIATE_SIGN
 
             ansFlags |= ntlm.NTLMSSP_NEGOTIATE_VERSION | ntlm.NTLMSSP_NEGOTIATE_TARGET_INFO | ntlm.NTLMSSP_TARGET_TYPE_SERVER | ntlm.NTLMSSP_NEGOTIATE_NTLM | ntlm.NTLMSSP_REQUEST_TARGET