CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()

author Stefan Metzmacher <metze@samba.org>

Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 16 Dec 2015 11:56:48 +0000 (12:56 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 16 Dec 2015 11:56:48 +0000 (12:56 +0100)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c

index 2121ad09f3459e40281b9115a7b93e26c34e4847..d3b0580230bddbed28c2e741ab793698a177bdb4 100644 (file)
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -114,6 +114,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
         const char *domain;
         NTSTATUS status;
         int flags = 0;
+       int signing_state = get_cmdline_auth_info_signing_state(auth_info);
+
+       if (force_encrypt) {
+               signing_state = SMB_SIGNING_REQUIRED;
+       }
  
         /* make a copy so we don't modify the global string 'service' */
         servicename = talloc_strdup(ctx,share);
@@ -152,7 +157,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
  
         status = cli_connect_nb(
                 server, NULL, port, name_type, NULL,
-               get_cmdline_auth_info_signing_state(auth_info),
+               signing_state,
                 flags, &c);
  
         if (!NT_STATUS_IS_OK(status)) {
author	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 16 Dec 2015 11:56:48 +0000 (12:56 +0100)