diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-12-18 08:29:50 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:24 +0200 |
commit | 05692ec958e64cca8ef19795e51bb39a242c3dd4 (patch) | |
tree | e8e49ec93ddb3ec1f7634646f3694bf5187d5bd9 /source4/libcli | |
parent | 1da744b2f9371c005c68a89f72b475e42e8b2b64 (diff) | |
download | samba-05692ec958e64cca8ef19795e51bb39a242c3dd4.tar.gz |
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/ldap/ldap_bind.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index 79478e775d8..c5d821982c6 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -437,6 +437,13 @@ try_logon_again: result = response->r.BindResponse.response.resultcode; + if (result == LDAP_STRONG_AUTH_REQUIRED) { + if (wrap_flags == 0) { + wrap_flags = ADS_AUTH_SASL_SIGN; + goto try_logon_again; + } + } + if (result == LDAP_INVALID_CREDENTIALS) { /* try a second time on invalid credentials, to |