CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max...
authorRalph Boehme <slow@samba.org>
Wed, 16 Dec 2015 09:04:35 +0000 (10:04 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:26 +0000 (19:25 +0200)
Use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol() for RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/libsmb/passchange.c

index 4676b7266e59ef4ee3e36830c4fdbfbf4289fbb6..49b9ad60964ffe6d38e65e10f098c22c9e098caa 100644 (file)
@@ -57,7 +57,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
        *err_str = NULL;
 
        result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
-                               SMB_SIGNING_DEFAULT, 0, &cli);
+                               SMB_SIGNING_IPC_DEFAULT, 0, &cli);
        if (!NT_STATUS_IS_OK(result)) {
                if (asprintf(err_str, "Unable to connect to SMB server on "
                         "machine %s. Error was : %s.\n",
@@ -67,8 +67,9 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
                return result;
        }
 
-       result = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
-                                PROTOCOL_NT1);
+       result = smbXcli_negprot(cli->conn, cli->timeout,
+                                lp_client_ipc_min_protocol(),
+                                lp_client_ipc_max_protocol());
 
        if (!NT_STATUS_IS_OK(result)) {
                if (asprintf(err_str, "machine %s rejected the negotiate "