From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 15 Dec 2015 13:49:36 +0000 (+0100)
Subject: CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CO... 
X-Git-Tag: samba-4.2.10~113
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dab41dee8a4fb27dbf3913b0e44a4cc726e3ac98;p=thirdparty%2Fsamba.git

CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index ac7576fc017..a35e4223327 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -1110,10 +1110,9 @@ out_free:
 		}
 	}
 	if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
-		/* If neither Integrity or Privacy are requested then
-		 * Use just Connect level */
+		/* If nothing is requested then default to integrity */
 		if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-			pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+			pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
 		}
 	}