diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-12-21 10:27:33 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:25 +0200 |
commit | e71be8099af8347a487e63b2044d41e9c5dabfc8 (patch) | |
tree | 2b720d48266f8ad632b1538d7cb3fc1dd23e7963 /selftest/target | |
parent | c5c5735c1fab19da235af65dd910fcd547cdfa14 (diff) | |
download | samba-e71be8099af8347a487e63b2044d41e9c5dabfc8.tar.gz |
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
The default is "ldap server require strong auth = yes",
ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls",
fl2008r2dc uses "ldap server require strong auth = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Diffstat (limited to 'selftest/target')
-rwxr-xr-x | selftest/target/Samba4.pm | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 7ad3b6daa39..14fddcfb83f 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -545,6 +545,7 @@ sub provision_raw_step1($$) dcerpc endpoint servers = +winreg +srvsvc notify:inotify = false ldb:nosync = true + ldap server require strong auth = yes #We don't want to pass our self-tests if the PAC code is wrong gensec:require_pac = true log file = $ctx->{logdir}/log.\%m @@ -1334,7 +1335,9 @@ sub provision_ad_dc_ntvfs($$) print "PROVISIONING AD DC (NTVFS)..."; my $extra_conf_options = "netbios aliases = localDC1-a - server services = +winbind -winbindd"; + server services = +winbind -winbindd + ldap server require strong auth = allow_sasl_over_tls + "; my $ret = $self->provision($prefix, "domain controller", "localdc", @@ -1452,6 +1455,7 @@ sub provision_fl2008r2dc($$$) my ($self, $prefix, $dcvars) = @_; print "PROVISIONING DC WITH FOREST LEVEL 2008r2..."; + my $extra_conf_options = "ldap server require strong auth = no"; my $ret = $self->provision($prefix, "domain controller", "dc7", @@ -1461,7 +1465,7 @@ sub provision_fl2008r2dc($$$) "locDCpass7", undef, undef, - "", + $extra_conf_options, "", undef); |