From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 26 Mar 2016 21:24:23 +0000 (+0100)
Subject: CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
X-Git-Tag: samba-4.2.10~177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1bcc5826208cac3306e435c4147c23517a630c4;p=thirdparty%2Fsamba.git

CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c
index 6a792b2781f..5d4efc7b68c 100644
--- a/source4/torture/basic/base.c
+++ b/source4/torture/basic/base.c
@@ -1527,6 +1527,7 @@ static bool torture_chkpath_test(struct torture_context *tctx,
 static bool torture_samba3_errorpaths(struct torture_context *tctx)
 {
 	bool nt_status_support;
+	bool client_ntlmv2_auth;
 	struct smbcli_state *cli_nt = NULL, *cli_dos = NULL;
 	bool result = false;
 	int fnum;
@@ -1536,18 +1537,27 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx)
 	NTSTATUS status;
 
 	nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx);
+	client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx);
 
 	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) {
 		torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = yes'\n");
 		goto fail;
 	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n");
+		goto fail;
+	}
 
 	if (!torture_open_connection(&cli_nt, tctx, 0)) {
 		goto fail;
 	}
 
 	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) {
-		torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = yes'\n");
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n");
+		goto fail;
+	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n");
 		goto fail;
 	}
 
@@ -1557,7 +1567,12 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx)
 
 	if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support",
 			    nt_status_support ? "yes":"no")) {
-		torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support = yes'");
+		torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'");
+		goto fail;
+	}
+	if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth",
+			       client_ntlmv2_auth ? "yes":"no")) {
+		torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'");
 		goto fail;
 	}