CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>

source4/librpc/rpc/dcerpc_util.c

@@ -678,15 +678,15 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
 
 	/* Perform an authenticated DCE-RPC bind
 	 */
-	if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+	if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
 		/*
 		  we are doing an authenticated connection,
-		  but not using sign or seal. We must force
-		  the CONNECT dcerpc auth type as a NONE auth
-		  type doesn't allow authentication
-		  information to be passed.
+		  which needs to use [connect], [sign] or [seal].
+		  If nothing is specified, we default to [sign] now.
+		  This give roughly the same protection as
+		  ncacn_np with smb signing.
 		*/
-		conn->flags |= DCERPC_CONNECT;
+		conn->flags |= DCERPC_SIGN;
 	}
 
 	if (conn->flags & DCERPC_AUTH_SPNEGO) {