1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"

We need NT1 => LATEST in order to work against all servers which support
DCERPC over ncacn_np.

This is a mini step in using SMB2/3 in our client side by default.

This gives us a higher chance that SMB signing is supported by the
server (as it can't be turned off for SMB2 and higher).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-12-18 17:16:04 +01:00
parent b720575f16
commit 5c8721ebf3

View File

@ -3152,6 +3152,8 @@ fail:
struct cli_start_connection_state {
struct tevent_context *ev;
struct cli_state *cli;
int min_protocol;
int max_protocol;
};
static void cli_start_connection_connected(struct tevent_req *subreq);
@ -3181,6 +3183,14 @@ static struct tevent_req *cli_start_connection_send(
}
state->ev = ev;
if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
state->min_protocol = lp_client_ipc_min_protocol();
state->max_protocol = lp_client_ipc_max_protocol();
} else {
state->min_protocol = lp_client_min_protocol();
state->max_protocol = lp_client_max_protocol();
}
subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
0x20, my_name, signing_state, flags);
if (tevent_req_nomem(subreq, req)) {
@ -3206,8 +3216,8 @@ static void cli_start_connection_connected(struct tevent_req *subreq)
subreq = smbXcli_negprot_send(state, state->ev, state->cli->conn,
state->cli->timeout,
lp_client_min_protocol(),
lp_client_max_protocol());
state->min_protocol,
state->max_protocol);
if (tevent_req_nomem(subreq, req)) {
return;
}