From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Dec 2016 04:49:46 +0000 (+0100)
Subject: CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
X-Git-Tag: samba-4.5.14~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d296e6ea32ca2df035dd35e6f21b82390f87f86;p=thirdparty%2Fsamba.git

CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()

It's important that we use a signed connection to get the GPOs!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 836bc23f2d2..3740d4e4b57 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -133,7 +133,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
 			ads->auth.password,
 			CLI_FULL_CONNECTION_USE_KERBEROS |
 			CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-			Undefined);
+			SMB_SIGNING_REQUIRED);
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(10,("check_refresh_gpo: "
 				"failed to connect: %s\n",