CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max...

Use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol() for RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 9736adab9f6cc582be2d999dbd9d186cc78d17d0..3b8767672e339a2960011f45c173fd3e6bec4ef8 100644 (file)
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -57,7 +57,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
        *err_str = NULL;
 
        result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
-                               SMB_SIGNING_DEFAULT, 0, &cli);
+                               SMB_SIGNING_IPC_DEFAULT, 0, &cli);
        if (!NT_STATUS_IS_OK(result)) {
                if (asprintf(err_str, "Unable to connect to SMB server on "
                         "machine %s. Error was : %s.\n",
@@ -67,8 +67,9 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
                return result;
        }
 
-       result = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
-                                PROTOCOL_NT1);
+       result = smbXcli_negprot(cli->conn, cli->timeout,
+                                lp_client_ipc_min_protocol(),
+                                lp_client_ipc_max_protocol());
 
        if (!NT_STATUS_IS_OK(result)) {
                if (asprintf(err_str, "machine %s rejected the negotiate "