CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()

author Stefan Metzmacher <metze@samba.org>

Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 10 Dec 2015 10:10:54 +0000 (11:10 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 10 Dec 2015 10:10:54 +0000 (11:10 +0100)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c

index 729f4fe0edf79fcff7d8e5946f466b677bc25a59..c72cbfdcc80184a6402a5c5a9e32f4ecde48e230 100644 (file)
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -114,6 +114,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
         const char *domain;
         NTSTATUS status;
         int flags = 0;
+       int signing_state = get_cmdline_auth_info_signing_state(auth_info);
+
+       if (force_encrypt) {
+               signing_state = SMB_SIGNING_REQUIRED;
+       }
  
         /* make a copy so we don't modify the global string 'service' */
         servicename = talloc_strdup(ctx,share);
@@ -152,7 +157,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
  
         status = cli_connect_nb(
                 server, NULL, port, name_type, NULL,
-               get_cmdline_auth_info_signing_state(auth_info),
+               signing_state,
                 flags, &c);
  
         if (!NT_STATUS_IS_OK(status)) {
author	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 10 Dec 2015 10:10:54 +0000 (11:10 +0100)