mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
We need NT1 => LATEST in order to work against all servers which support DCERPC over ncacn_np. This is a mini step in using SMB2/3 in our client side by default. This gives us a higher chance that SMB signing is supported by the server (as it can't be turned off for SMB2 and higher). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
b720575f16
commit
5c8721ebf3
@ -3152,6 +3152,8 @@ fail:
|
||||
struct cli_start_connection_state {
|
||||
struct tevent_context *ev;
|
||||
struct cli_state *cli;
|
||||
int min_protocol;
|
||||
int max_protocol;
|
||||
};
|
||||
|
||||
static void cli_start_connection_connected(struct tevent_req *subreq);
|
||||
@ -3181,6 +3183,14 @@ static struct tevent_req *cli_start_connection_send(
|
||||
}
|
||||
state->ev = ev;
|
||||
|
||||
if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
|
||||
state->min_protocol = lp_client_ipc_min_protocol();
|
||||
state->max_protocol = lp_client_ipc_max_protocol();
|
||||
} else {
|
||||
state->min_protocol = lp_client_min_protocol();
|
||||
state->max_protocol = lp_client_max_protocol();
|
||||
}
|
||||
|
||||
subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
|
||||
0x20, my_name, signing_state, flags);
|
||||
if (tevent_req_nomem(subreq, req)) {
|
||||
@ -3206,8 +3216,8 @@ static void cli_start_connection_connected(struct tevent_req *subreq)
|
||||
|
||||
subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn,
|
||||
state->cli->timeout,
|
||||
lp_client_min_protocol(),
|
||||
lp_client_max_protocol());
|
||||
state->min_protocol,
|
||||
state->max_protocol);
|
||||
if (tevent_req_nomem(subreq, req)) {
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user