CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT

SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening RPC connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2015-12-16 09:55:37 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:26 +0200
commit: b720575f16d8a2006d10eb8a94c7134a30d5309d (patch)
tree: c36f252f4daaa0db61beb71859719e11592bb2cd /source3/libsmb
parent: a046ffd6cd9ab81af33d4ccf2e683acf5bb6c5eb (diff)
download: samba-b720575f16d8a2006d10eb8a94c7134a30d5309d.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 6f28dfa4016..cfb3b162358 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -170,6 +170,15 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 		use_level_II_oplocks = true;
 	}
 
+	if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
+		/*
+		 * Ensure for IPC/RPC the default is to require
+		 * signing unless explicitly turned off by the
+		 * administrator.
+		 */
+		signing_state = lp_client_ipc_signing();
+	}
+
 	if (signing_state == SMB_SIGNING_DEFAULT) {
 		signing_state = lp_client_signing();
 	}
author	Ralph Boehme <slow@samba.org>	2015-12-16 09:55:37 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:26 +0200
commit	b720575f16d8a2006d10eb8a94c7134a30d5309d (patch)
tree	c36f252f4daaa0db61beb71859719e11592bb2cd /source3/libsmb
parent	a046ffd6cd9ab81af33d4ccf2e683acf5bb6c5eb (diff)
download	samba-b720575f16d8a2006d10eb8a94c7134a30d5309d.tar.gz