]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 26b87d0)
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
authorStefan Metzmacher <metze@samba.org>
Mon, 12 Dec 2016 04:49:46 +0000 (05:49 +0100)
committerKarolin Seeger <kseeger@samba.org>
Wed, 13 Sep 2017 16:19:48 +0000 (09:19 -0700)
It's important that we use a signed connection to get the GPOs!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
libgpo/gpo_fetch.c patch | blob | blame | history

diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 6b01544faeeedc46417b12852b44d6edb5ed5e7d..cb969ff42703d0dabea710aa16427a64202bd429 100644 (file)
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -133,7 +133,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
                        ads->auth.password,
                        CLI_FULL_CONNECTION_USE_KERBEROS |
                        CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-                       Undefined);
+                       SMB_SIGNING_REQUIRED);
        if (!NT_STATUS_IS_OK(result)) {
                DEBUG(10,("check_refresh_gpo: "
                                "failed to connect: %s\n",
Mirror of https://github.com/samba-team/samba.git