s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT

This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".

The following can be used to alter the max protocol

rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144

(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon May 30 13:55:41 CEST 2016 on sn-devel-104

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a35e4223327abd7b0b19a2ce91dc9ac916c60753..ebe72b99bd5b8d86c673719a0fc57a1d1ccb824e 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -944,6 +944,7 @@ out_free:
        const char *binding_string = NULL;
        char *user, *domain, *q;
        const char *host;
+       int signing_state = SMB_SIGNING_IPC_DEFAULT;
 
        /* make sure the vars that get altered (4th field) are in
           a fixed location or certain compilers complain */
@@ -1116,6 +1117,16 @@ out_free:
                }
        }
 
+       signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info);
+       switch (signing_state) {
+       case SMB_SIGNING_OFF:
+               lp_set_cmdline("client ipc signing", "no");
+               break;
+       case SMB_SIGNING_REQUIRED:
+               lp_set_cmdline("client ipc signing", "required");
+               break;
+       }
+
        if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
                flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
                         CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
@@ -1143,7 +1154,7 @@ out_free:
                                        get_cmdline_auth_info_domain(rpcclient_auth_info),
                                        get_cmdline_auth_info_password(rpcclient_auth_info),
                                        flags,
-                                       get_cmdline_auth_info_signing_state(rpcclient_auth_info));
+                                       SMB_SIGNING_IPC_DEFAULT);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0,("Cannot connect to server.  Error was %s\n", nt_errstr(nt_status)));