CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"

We sadly need to allow this for now by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

1 files changed, 29 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
new file mode 100644
index 00000000000..27a9733475e
--- /dev/null
+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="allow dcerpc auth level connect"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>This option controls whether DCERPC services are allowed to
+	be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication,
+	but no per message integrity nor privacy protection.</para>
+
+	<para>Some interfaces like samr, lsarpc and netlogon have a hard-coded default of
+	<constant>no</constant> and epmapper, mgmt and rpcecho have a hard-coded default of
+	<constant>yes</constant>.
+	</para>
+
+	<para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
+	winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para>
+
+	<para>This option yields precedence to the implementation specific restrictions.
+	E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
+	The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
+	</para>
+
+	<para>Note the default will very likely change to <constant>no</constant> for Samba 4.5.</para>
+</description>
+
+<value type="default">yes</value>
+<value type="example">no</value>
+
+</samba:parameter>