CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT

SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index c416368ccc270ff30667336a4a6495ac985e776c..878744f805f399aff41fe7132e80b836d04066f3 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3393,10 +3393,13 @@ bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandato
        case SMB_SIGNING_DESIRED:
        case SMB_SIGNING_IF_REQUIRED:
                break;
-       case SMB_SIGNING_DEFAULT:
        case SMB_SIGNING_OFF:
                allowed = false;
                break;
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_IPC_DEFAULT:
+               smb_panic(__location__);
+               break;
        }
 
        return allowed;

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 48388b617fc78ec5e9ab1145998c81ac84205043..6a717661846d88770e06d53cd92ed418cdba326d 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -382,6 +382,7 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
                conn->desire_signing = true;
                conn->mandatory_signing = false;
                break;
+       case SMB_SIGNING_IPC_DEFAULT:
        case SMB_SIGNING_REQUIRED:
                /* always */
                conn->allow_signing = true;

diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index 563a574521f540149120a7c7436bb36bf12624c8..57915d94722c90727489178068f8576acb78721c 100644 (file)
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -95,6 +95,7 @@ enum protocol_types {
 #define PROTOCOL_LATEST PROTOCOL_SMB3_11
 
 enum smb_signing_setting {
+       SMB_SIGNING_IPC_DEFAULT = -2, /* Only used in C code */
        SMB_SIGNING_DEFAULT = -1,
        SMB_SIGNING_OFF = 0,
        SMB_SIGNING_IF_REQUIRED = 1,

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 6f28dfa40163f2b9c5911c2b75e64f9cd3e4e8fe..cfb3b162358ef3da6d82ebf7c0eeb1f3f1b71bb7 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -170,6 +170,15 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
                use_level_II_oplocks = true;
        }
 
+       if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
+               /*
+                * Ensure for IPC/RPC the default is to require
+                * signing unless explicitly turned off by the
+                * administrator.
+                */
+               signing_state = lp_client_ipc_signing();
+       }
+
        if (signing_state == SMB_SIGNING_DEFAULT) {
                signing_state = lp_client_signing();
        }

diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index e654392ccbf503478edd8270db0de0a14ee1c651..addd278eb4c2068a3448274139975a564abbc0b2 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -147,6 +147,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
 
        switch (signing_setting) {
        case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_IPC_DEFAULT:
                smb_panic(__location__);
                break;
        case SMB_SIGNING_OFF: