CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-12-18 08:29:50 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:24 +0200
commit: 05692ec958e64cca8ef19795e51bb39a242c3dd4 (patch)
tree: e8e49ec93ddb3ec1f7634646f3694bf5187d5bd9 /source4/libcli
parent: 1da744b2f9371c005c68a89f72b475e42e8b2b64 (diff)
download: samba-05692ec958e64cca8ef19795e51bb39a242c3dd4.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 79478e775d8..c5d821982c6 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -437,6 +437,13 @@ try_logon_again:
 
 		result = response->r.BindResponse.response.resultcode;
 
+		if (result == LDAP_STRONG_AUTH_REQUIRED) {
+			if (wrap_flags == 0) {
+				wrap_flags = ADS_AUTH_SASL_SIGN;
+				goto try_logon_again;
+			}
+		}
+
 		if (result == LDAP_INVALID_CREDENTIALS) {
 			/*
 			  try a second time on invalid credentials, to
author	Stefan Metzmacher <metze@samba.org>	2015-12-18 08:29:50 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:24 +0200
commit	05692ec958e64cca8ef19795e51bb39a242c3dd4 (patch)
tree	e8e49ec93ddb3ec1f7634646f3694bf5187d5bd9 /source4/libcli
parent	1da744b2f9371c005c68a89f72b475e42e8b2b64 (diff)
download	samba-05692ec958e64cca8ef19795e51bb39a242c3dd4.tar.gz