CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 9adaa613b9bd1cb24d7ec84933824e6bfebf993a..e2e4a641e1fd73fed774dbe9ab27fc862bd3bd90 100644 (file)
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -678,15 +678,15 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
 
        /* Perform an authenticated DCE-RPC bind
         */
-       if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+       if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
                /*
                  we are doing an authenticated connection,
-                 but not using sign or seal. We must force
-                 the CONNECT dcerpc auth type as a NONE auth
-                 type doesn't allow authentication
-                 information to be passed.
+                 which needs to use [connect], [sign] or [seal].
+                 If nothing is specified, we default to [sign] now.
+                 This give roughly the same protection as
+                 ncacn_np with smb signing.
                */
-               conn->flags |= DCERPC_CONNECT;
+               conn->flags |= DCERPC_SIGN;
        }
 
        if (conn->flags & DCERPC_AUTH_SPNEGO) {