git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 8ff6a95)
CVE-2016-2115: docs-xml: add "client ipc signing" option
authorStefan Metzmacher <metze@samba.org>
Sat, 27 Feb 2016 02:43:58 +0000 (03:43 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:26 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
docs-xml/smbdotconf/security/clientipcsigning.xml [new file with mode: 0644] patch | blob
docs-xml/smbdotconf/security/clientsigning.xml patch | blob | history
lib/param/loadparm.c patch | blob | history
source3/include/proto.h patch | blob | history
source3/param/loadparm.c patch | blob | history

diff --git a/docs-xml/smbdotconf/security/clientipcsigning.xml b/docs-xml/smbdotconf/security/clientipcsigning.xml
new file mode 100644 (file)
index 0000000..d976f2d
--- /dev/null
+++ b/docs-xml/smbdotconf/security/clientipcsigning.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="client ipc signing"
+                 context="G"
+                 type="enum"
+                 function="_client_ipc_signing"
+                 enumlist="enum_smb_signing_vals"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>This controls whether the client is allowed or required to use SMB signing for IPC$
+    connections as DCERPC transport. Possible values
+    are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
+    and <emphasis>disabled</emphasis>.
+    </para>
+
+    <para>The default value is the same as the effective value of
+    <smbconfoption name="client signing"/> if the effective value of
+    <smbconfoption name="client ipc min protocol"/> is
+    <constant>NT1</constant>. In any other case the default value is
+    <constant>mandatory</constant>.</para>
+
+    <para>Note that the default value will be changed to <constant>mandatory</constant>
+    in all cases for Samba 4.5</para>
+
+    <para>When the effective value of this option is <constant>mandatory</constant>, SMB signing is required.</para>
+
+    <para>When set to auto, SMB signing is offered, but not enforced and if set
+    to disabled, SMB signing is not offered either.</para>
+
+    <para>Connections from winbindd to Active Directory Domain Controllers
+    always enforce signing.</para>
+</description>
+
+<related>client signing</related>
+
+<value type="default">default</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/clientsigning.xml b/docs-xml/smbdotconf/security/clientsigning.xml
index 2af5ada63e8102f12ca30817fd23f1539947b7db..8addf8a3834e9d0477fcf1b520fe325ac257bf5a 100644 (file)
--- a/docs-xml/smbdotconf/security/clientsigning.xml
+++ b/docs-xml/smbdotconf/security/clientsigning.xml
@@ -9,14 +9,16 @@
     and <emphasis>disabled</emphasis>. 
     </para>
 
     and <emphasis>disabled</emphasis>. 
     </para>
 
-    <para>When set to auto or default, SMB signing is offered, but not
-    enforced, except in winbindd, where it is enforced to Active
-    Directory Domain Controllers. </para>
+    <para>When set to auto or default, SMB signing is offered, but not enforced.</para>
 
     <para>When set to mandatory, SMB signing is required and if set
 
     <para>When set to mandatory, SMB signing is required and if set
-       to disabled, SMB signing is not offered either.
-</para>
+    to disabled, SMB signing is not offered either.</para>
+
+    <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
+    <smbconfoption name="client ipc signing"/> option.</para>
 </description>
 
 </description>
 
+<related>client ipc signing</related>
+
 <value type="default">default</value>
 </samba:parameter>
 <value type="default">default</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 6247f88c19df5135cdc72814f546635e4f6ed51b..c416368ccc270ff30667336a4a6495ac985e776c 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2656,6 +2656,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
 
        lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
        lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
 
        lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
+       lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default");
        lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
 
        lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
        lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
 
        lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
@@ -3345,6 +3346,19 @@ int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx)
        return client_ipc_max_protocol;
 }
 
        return client_ipc_max_protocol;
 }
 
+int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx)
+{
+       int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx);
+       if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+               int ipc_min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx);
+               if (ipc_min_protocol >= PROTOCOL_SMB2_02) {
+                       return SMB_SIGNING_REQUIRED;
+               }
+               return lpcfg_client_signing(lp_ctx);
+       }
+       return client_ipc_signing;
+}
+
 bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
 {
        bool allowed = true;
 bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
 {
        bool allowed = true;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5b7ceaa9cd78373a454ca183d328f11cee9c311e..a6573fbf4ec4c025ae1f4dfd5d1df5275b08279c 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -899,6 +899,7 @@ int lp_client_max_protocol(void);
 int lp_winbindd_max_protocol(void);
 int lp_client_ipc_min_protocol(void);
 int lp_client_ipc_max_protocol(void);
 int lp_winbindd_max_protocol(void);
 int lp_client_ipc_min_protocol(void);
 int lp_client_ipc_max_protocol(void);
+int lp_client_ipc_signing(void);
 int lp_smb2_max_credits(void);
 int lp_cups_encrypt(void);
 bool lp_widelinks(int );
 int lp_smb2_max_credits(void);
 int lp_cups_encrypt(void);
 bool lp_widelinks(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bcd3322c77a7d704a6d7f01b5b71a0316aba9825..a893c5db9396e31dfe45d1e01cb3b9bb2e036abb 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -824,6 +824,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.client_use_spnego = true;
 
        Globals.client_signing = SMB_SIGNING_DEFAULT;
        Globals.client_use_spnego = true;
 
        Globals.client_signing = SMB_SIGNING_DEFAULT;
+       Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
        Globals.server_signing = SMB_SIGNING_DEFAULT;
 
        Globals.defer_sharing_violations = true;
        Globals.server_signing = SMB_SIGNING_DEFAULT;
 
        Globals.defer_sharing_violations = true;
@@ -4470,6 +4471,19 @@ int lp_client_ipc_max_protocol(void)
        return client_ipc_max_protocol;
 }
 
        return client_ipc_max_protocol;
 }
 
+int lp_client_ipc_signing(void)
+{
+       int client_ipc_signing = lp__client_ipc_signing();
+       if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+               int ipc_min_protocol = lp_client_ipc_min_protocol();
+               if (ipc_min_protocol >= PROTOCOL_SMB2_02) {
+                       return SMB_SIGNING_REQUIRED;
+               }
+               return lp_client_signing();
+       }
+       return client_ipc_signing;
+}
+
 struct loadparm_global * get_globals(void)
 {
        return &Globals;
 struct loadparm_global * get_globals(void)
 {
        return &Globals;
Samba Shared Repository