From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Dec 2016 05:07:56 +0000 (+0100)
Subject: CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
X-Git-Tag: samba-4.5.14~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=609e6b09feb4b00ee52db4a9df258cb9061f4ad8;p=thirdparty%2Fsamba.git

CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested

With forced encryption or required signing we should also don't fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 16b21bdf6de..0b7c281280b 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -203,7 +203,9 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		/* If a password was not supplied then
 		 * try again with a null username. */
 		if (password[0] || !username[0] ||
+			force_encrypt || smbXcli_conn_signing_mandatory(c->conn) ||
 			get_cmdline_auth_info_use_kerberos(auth_info) ||
+			get_cmdline_auth_info_use_ccache(auth_info) ||
 			!NT_STATUS_IS_OK(status = cli_session_setup(c, "",
 				    		"", 0,
 						"", 0,