From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 28 Mar 2014 12:44:29 +0000 (+0100)
Subject: CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
X-Git-Tag: talloc-2.1.7~391
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=b6debbcfec1dd87028a37027539f0480e09080be;p=samba.git

CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 9c5dbebcc1d..8ed12578e21 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -183,6 +183,11 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
 		conn->in.fallback_to_anonymous  = false;
 	}
 
+	conn->in.options.min_protocol = PROTOCOL_NT1;
+	conn->in.options.max_protocol = PROTOCOL_NT1;
+
+	conn->in.options.signing = lpcfg_client_ipc_signing(lp_ctx);
+
 	/* send smb connect request */
 	conn_req = smb_composite_connect_send(conn, s->io.conn,
 					      s->io.resolve_ctx,
@@ -277,6 +282,17 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb2_send(
 
 	lpcfg_smbcli_options(lp_ctx, &options);
 
+	options.min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx);
+	if (options.min_protocol < PROTOCOL_SMB2_02) {
+		options.min_protocol = PROTOCOL_SMB2_02;
+	}
+	options.max_protocol = lpcfg_client_ipc_max_protocol(lp_ctx);
+	if (options.max_protocol < PROTOCOL_SMB2_02) {
+		options.max_protocol = PROTOCOL_SMB2_02;
+	}
+
+	options.signing = lpcfg_client_ipc_signing(lp_ctx);
+
 	/* send smb2 connect request */
 	subreq = smb2_connect_send(s, c->event_ctx,
 			host,
@@ -773,6 +789,7 @@ static void continue_connect(struct composite_context *c, struct pipe_connect_st
 	struct composite_context *ncacn_unix_req;
 	struct composite_context *ncalrpc_req;
 	enum dcerpc_transport_t transport;
+	enum protocol_types min_ipc_protocol;
 	uint32_t flags;
 
 	/* dcerpc pipe connect input parameters */
@@ -786,6 +803,11 @@ static void continue_connect(struct composite_context *c, struct pipe_connect_st
 	transport = dcerpc_binding_get_transport(s->binding);
 	flags = dcerpc_binding_get_flags(s->binding);
 
+	min_ipc_protocol = lpcfg_client_ipc_min_protocol(s->lp_ctx);
+	if (min_ipc_protocol >= PROTOCOL_SMB2_02) {
+		flags |= DCERPC_SMB2;
+	}
+
 	/* connect dcerpc pipe depending on required transport */
 	switch (transport) {
 	case NCACN_NP: