From 50f649e7d0b27bcd7eaab7d8223ef9ccd99782dc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 17 Dec 2016 10:36:49 +0100
Subject: [PATCH] CVE-2017-12151: s3:libsmb: make use of
 cli_state_is_encryption_on()

This will keep enforced encryption across dfs referrals.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libsmb/clidfs.c         | 4 ++--
 source3/libsmb/libsmb_context.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 3b3e6b9dc74..074f8ed4dfd 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -954,7 +954,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 			     "IPC$",
 			     dfs_auth_info,
 			     false,
-			     smb1cli_conn_encryption_on(rootcli->conn),
+			     cli_state_is_encryption_on(rootcli),
 			     smbXcli_conn_protocol(rootcli->conn),
 			     0,
 			     0x20,
@@ -1012,7 +1012,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 				dfs_refs[count].share,
 				dfs_auth_info,
 				false,
-				smb1cli_conn_encryption_on(rootcli->conn),
+				cli_state_is_encryption_on(rootcli),
 				smbXcli_conn_protocol(rootcli->conn),
 				0,
 				0x20,
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index 5e31dfbafb1..05133743c56 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -485,7 +485,7 @@ smbc_option_get(SMBCCTX *context,
 
                 for (s = context->internal->servers; s; s = s->next) {
                         num_servers++;
-                        if (!smb1cli_conn_encryption_on(s->cli->conn)) {
+                        if (!cli_state_is_encryption_on(s->cli)) {
                                 return (void *)false;
                         }
                 }
-- 
2.47.2