summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2015-09-30 21:17:02 +0200
committerKarolin Seeger <kseeger@samba.org>2015-12-10 11:10:54 +0100
commitd9e943e351a752ba627314da7fb8d2f6f1eb44b3 (patch)
treeb56eead4d782ea171bcf2dd14995b862b5da96c5
parentfa777786d75272e3190dcbd32eeff9b3e4f03bde (diff)
downloadsamba-d9e943e351a752ba627314da7fb8d2f6f1eb44b3.tar.gz
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat
-rw-r--r--source3/libsmb/clidfs.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 729f4fe0edf..c72cbfdcc80 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -114,6 +114,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
const char *domain;
NTSTATUS status;
int flags = 0;
+ int signing_state = get_cmdline_auth_info_signing_state(auth_info);
+
+ if (force_encrypt) {
+ signing_state = SMB_SIGNING_REQUIRED;
+ }
/* make a copy so we don't modify the global string 'service' */
servicename = talloc_strdup(ctx,share);
@@ -152,7 +157,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
status = cli_connect_nb(
server, NULL, port, name_type, NULL,
- get_cmdline_auth_info_signing_state(auth_info),
+ signing_state,
flags, &c);
if (!NT_STATUS_IS_OK(status)) {
View Lorry Controller Status