]>
Commit | Line | Data |
---|---|---|
1d13e637 AF |
1 | From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001 |
2 | From: Stefan Metzmacher <metze@samba.org> | |
3 | Date: Wed, 30 Sep 2015 21:17:02 +0200 | |
4 | Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring | |
5 | encryption in do_connect() | |
6 | ||
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 | |
8 | ||
9 | Signed-off-by: Stefan Metzmacher <metze@samba.org> | |
10 | Reviewed-by: Jeremy Allison <jra@samba.org> | |
11 | --- | |
12 | source3/libsmb/clidfs.c | 7 ++++++- | |
13 | 1 file changed, 6 insertions(+), 1 deletion(-) | |
14 | ||
15 | diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c | |
16 | index 23e1471..f153b6b 100644 | |
17 | --- a/source3/libsmb/clidfs.c | |
18 | +++ b/source3/libsmb/clidfs.c | |
19 | @@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, | |
20 | const char *username; | |
21 | const char *password; | |
22 | NTSTATUS status; | |
23 | + int signing_state = get_cmdline_auth_info_signing_state(auth_info); | |
24 | + | |
25 | + if (force_encrypt) { | |
26 | + signing_state = Required; | |
27 | + } | |
28 | ||
29 | /* make a copy so we don't modify the global string 'service' */ | |
30 | servicename = talloc_strdup(ctx,share); | |
31 | @@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, | |
32 | zero_sockaddr(&ss); | |
33 | ||
34 | /* have to open a new connection */ | |
35 | - c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)); | |
36 | + c = cli_initialise_ex(signing_state); | |
37 | if (c == NULL) { | |
38 | d_printf("Connection to %s failed\n", server_n); | |
39 | return NULL; | |
40 | -- | |
41 | 2.5.0 | |
42 | ||
43 | ||
44 | From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001 | |
45 | From: Stefan Metzmacher <metze@samba.org> | |
46 | Date: Wed, 30 Sep 2015 21:17:02 +0200 | |
47 | Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring | |
48 | encryption in SMBC_server_internal() | |
49 | ||
50 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 | |
51 | ||
52 | Signed-off-by: Stefan Metzmacher <metze@samba.org> | |
53 | Reviewed-by: Jeremy Allison <jra@samba.org> | |
54 | --- | |
55 | source3/libsmb/libsmb_server.c | 13 +++++++++++-- | |
56 | 1 file changed, 11 insertions(+), 2 deletions(-) | |
57 | ||
58 | diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c | |
59 | index 45be660..167f2c9 100644 | |
60 | --- a/source3/libsmb/libsmb_server.c | |
61 | +++ b/source3/libsmb/libsmb_server.c | |
62 | @@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, | |
63 | const char *username_used; | |
64 | NTSTATUS status; | |
65 | char *newserver, *newshare; | |
66 | + int signing_state = Undefined; | |
67 | ||
68 | zero_sockaddr(&ss); | |
69 | ZERO_STRUCT(c); | |
70 | @@ -404,8 +405,12 @@ again: | |
71 | ||
72 | zero_sockaddr(&ss); | |
73 | ||
74 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { | |
75 | + signing_state = Required; | |
76 | + } | |
77 | + | |
78 | /* have to open a new connection */ | |
79 | - if ((c = cli_initialise()) == NULL) { | |
80 | + if ((c = cli_initialise_ex(signing_state)) == NULL) { | |
81 | errno = ENOMEM; | |
82 | return NULL; | |
83 | } | |
84 | @@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, | |
85 | ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", | |
86 | pp_workgroup, pp_username, pp_password); | |
87 | if (!ipc_srv) { | |
88 | + int signing_state = Undefined; | |
89 | ||
90 | /* We didn't find a cached connection. Get the password */ | |
91 | if (!*pp_password || (*pp_password)[0] == '\0') { | |
92 | @@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx, | |
93 | if (smbc_getOptionUseCCache(context)) { | |
94 | flags |= CLI_FULL_CONNECTION_USE_CCACHE; | |
95 | } | |
96 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { | |
97 | + signing_state = Required; | |
98 | + } | |
99 | ||
100 | zero_sockaddr(&ss); | |
101 | nt_status = cli_full_connection(&ipc_cli, | |
102 | @@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, | |
103 | *pp_workgroup, | |
104 | *pp_password, | |
105 | flags, | |
106 | - Undefined); | |
107 | + signing_state); | |
108 | if (! NT_STATUS_IS_OK(nt_status)) { | |
109 | DEBUG(1,("cli_full_connection failed! (%s)\n", | |
110 | nt_errstr(nt_status))); | |
111 | -- | |
112 | 2.5.0 | |
113 |