git.samba.org / amitay / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9c1ead5)
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
authorStefan Metzmacher <metze@samba.org>
Mon, 12 Dec 2016 04:49:46 +0000 (05:49 +0100)
committerKarolin Seeger <kseeger@samba.org>
Wed, 20 Sep 2017 11:04:10 +0000 (13:04 +0200)
It's important that we use a signed connection to get the GPOs!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
libgpo/gpo_fetch.c patch | blob | history

diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 836bc23f2d286986ffbfcd3248996eb21680904e..3740d4e4b577a249521a0f42e8007631e4de5052 100644 (file)
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -133,7 +133,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
                        ads->auth.password,
                        CLI_FULL_CONNECTION_USE_KERBEROS |
                        CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-                       Undefined);
+                       SMB_SIGNING_REQUIRED);
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(10,("check_refresh_gpo: "
                                "failed to connect: %s\n",
Amitay's Samba development tree