From 85e4de988bb70b6ed475240d5220f48d82ba47ca Mon Sep 17 00:00:00 2001
From: Harrison Neal <hneal@whatdidibreak.com>
Date: Tue, 26 Mar 2019 15:45:02 -0400
Subject: [PATCH] Fix false positive signing disabled with SMB2/3

Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection.  When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state.  Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite.  The latter contributed to many false positives in the --gen-relay-list output file.  This is a hackish change that addressed the issue for me.
---
 cme/protocols/smb.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py
index 94a7c6daf..a96f4588c 100755
--- a/cme/protocols/smb.py
+++ b/cme/protocols/smb.py
@@ -209,7 +209,7 @@ def enum_host_info(self):
         self.domain    = self.conn.getServerDomain()
         self.hostname  = self.conn.getServerName()
         self.server_os = self.conn.getServerOS()
-        self.signing   = self.conn.isSigningRequired()
+        self.signing   = self.conn.isSigningRequired() if self.smbv1 else self.conn._SMBConnection._Connection['RequireSigning']
         self.os_arch   = self.get_os_arch()
 
         self.output_filename = os.path.expanduser('~/.cme/logs/{}_{}_{}'.format(self.hostname, self.host, datetime.now().strftime("%Y-%m-%d_%H%M%S")))