CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
authorStefan Metzmacher <metze@samba.org>
Fri, 18 Dec 2015 16:16:04 +0000 (17:16 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:26 +0000 (19:25 +0200)
We need NT1 => LATEST in order to work against all servers which support
DCERPC over ncacn_np.

This is a mini step in using SMB2/3 in our client side by default.

This gives us a higher chance that SMB signing is supported by the
server (as it can't be turned off for SMB2 and higher).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/libsmb/cliconnect.c

index d1848a279edce3d48a4462dd9634a8b2c6e38599..2c351dda9c51238c006d1f45b64a5b3b63d5d79e 100644 (file)
@@ -3152,6 +3152,8 @@ fail:
 struct cli_start_connection_state {
        struct tevent_context *ev;
        struct cli_state *cli;
 struct cli_start_connection_state {
        struct tevent_context *ev;
        struct cli_state *cli;
+       int min_protocol;
+       int max_protocol;
 };
 
 static void cli_start_connection_connected(struct tevent_req *subreq);
 };
 
 static void cli_start_connection_connected(struct tevent_req *subreq);
@@ -3181,6 +3183,14 @@ static struct tevent_req *cli_start_connection_send(
        }
        state->ev = ev;
 
        }
        state->ev = ev;
 
+       if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
+               state->min_protocol = lp_client_ipc_min_protocol();
+               state->max_protocol = lp_client_ipc_max_protocol();
+       } else {
+               state->min_protocol = lp_client_min_protocol();
+               state->max_protocol = lp_client_max_protocol();
+       }
+
        subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
                                     0x20, my_name, signing_state, flags);
        if (tevent_req_nomem(subreq, req)) {
        subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
                                     0x20, my_name, signing_state, flags);
        if (tevent_req_nomem(subreq, req)) {
@@ -3206,8 +3216,8 @@ static void cli_start_connection_connected(struct tevent_req *subreq)
 
        subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn,
                                      state->cli->timeout,
 
        subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn,
                                      state->cli->timeout,
-                                     lp_client_min_protocol(),
-                                     lp_client_max_protocol());
+                                     state->min_protocol,
+                                     state->max_protocol);
        if (tevent_req_nomem(subreq, req)) {
                return;
        }
        if (tevent_req_nomem(subreq, req)) {
                return;
        }