CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CO...

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index ac7576fc01750696eef4e1d6c55ff04e51bcfa2c..a35e4223327abd7b0b19a2ce91dc9ac916c60753 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -1110,10 +1110,9 @@ out_free:
                }
        }
        if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
-               /* If neither Integrity or Privacy are requested then
-                * Use just Connect level */
+               /* If nothing is requested then default to integrity */
                if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-                       pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+                       pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
                }
        }