From ca9850029b7310f34aaf8b234e0f4f0f8297806d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 7 Aug 2015 09:50:30 +0200
Subject: [PATCH] CVE-2016-2118: s4:rpc_server/lsa: reject
 DCERPC_AUTH_LEVEL_CONNECT by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index c40322f50c5..8a0f66badc1 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -34,6 +34,14 @@
 #include "libcli/lsarpc/util_lsarpc.h"
 #include "lib/messaging/irpc.h"
 
+#define DCESRV_INTERFACE_LSARPC_BIND(call, iface) \
+       dcesrv_interface_lsarpc_bind(call, iface)
+static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_call_state *dce_call,
+					     const struct dcesrv_interface *iface)
+{
+	return dcesrv_interface_bind_reject_connect(dce_call, iface);
+}
+
 /*
   this type allows us to distinguish handle types
 */