CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested

With forced encryption or required signing we should also don't fallback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-12-12 06:07:56 +0100
committer: Karolin Seeger <kseeger@samba.org> 2017-09-13 09:19:49 -0700
commit: 81f1804d45c1b698ee87ee4d4c84197df98ea4f2 (patch)
tree: 38e3703df3d87e4d6616d0f5cca21d5b2d71ee4f
parent: 4a91f4ab82e3f729a12947ff65a74b072dd94acc (diff)
download: samba-81f1804d45c1b698ee87ee4d4c84197df98ea4f2.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index d2a4c194f44..3b3e6b9dc74 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -203,7 +203,9 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		/* If a password was not supplied then
 		 * try again with a null username. */
 		if (password[0] || !username[0] ||
+			force_encrypt || smbXcli_conn_signing_mandatory(c->conn) ||
 			get_cmdline_auth_info_use_kerberos(auth_info) ||
+			get_cmdline_auth_info_use_ccache(auth_info) ||
 			!NT_STATUS_IS_OK(status = cli_session_setup(c, "",
 				    		"", 0,
 						"", 0,
author	Stefan Metzmacher <metze@samba.org>	2016-12-12 06:07:56 +0100
committer	Karolin Seeger <kseeger@samba.org>	2017-09-13 09:19:49 -0700
commit	81f1804d45c1b698ee87ee4d4c84197df98ea4f2 (patch)
tree	38e3703df3d87e4d6616d0f5cca21d5b2d71ee4f
parent	4a91f4ab82e3f729a12947ff65a74b072dd94acc (diff)
download	samba-81f1804d45c1b698ee87ee4d4c84197df98ea4f2.tar.gz