From: Stefan Metzmacher Date: Mon, 21 Dec 2015 09:27:33 +0000 (+0100) Subject: CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth"... X-Git-Tag: samba-4.2.10~155 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ded3595c711340c490d5302479c45d6e3a49397f;p=thirdparty%2Fsamba.git CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options The default is "ldap server require strong auth = yes", ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls", fl2008r2dc uses "ldap server require strong auth = no". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher Reviewed-by: Günther Deschner Reviewed-by: Alexander Bokovoy --- diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index eb9c572192a..4b9f158eb99 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -430,6 +430,7 @@ sub provision_raw_step1($$) dcerpc endpoint servers = +winreg +srvsvc notify:inotify = false ldb:nosync = true + ldap server require strong auth = yes #We don't want to pass our self-tests if the PAC code is wrong gensec:require_pac = true log file = $ctx->{logdir}/log.\%m @@ -1105,7 +1106,9 @@ sub provision_dc($$) print "PROVISIONING DC..."; my $extra_conf_options = "netbios aliases = localDC1-a - server services = +winbind -winbindd"; + server services = +winbind -winbindd + ldap server require strong auth = allow_sasl_over_tls + "; my $ret = $self->provision($prefix, "domain controller", "localdc", @@ -1211,6 +1214,7 @@ sub provision_fl2008r2dc($$) my ($self, $prefix) = @_; print "PROVISIONING DC..."; + my $extra_conf_options = "ldap server require strong auth = no"; my $ret = $self->provision($prefix, "domain controller", "dc7", @@ -1218,7 +1222,8 @@ sub provision_fl2008r2dc($$) "samba2008R2.example.com", "2008_R2", "locDCpass7", - undef, "", "", undef); + undef, $extra_conf_options, + "", undef); unless ($self->add_wins_config("$prefix/private")) { warn("Unable to add wins configuration");