From 52aa7b60f3ca9325d30af9f8676471afcbda87be Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 15 Dec 2015 14:49:36 +0100
Subject: [PATCH] CVE-2016-2118: librpc: change the default auth level from
 DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY

ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 librpc/rpc/binding.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 37e0c4f54f6..6407a8d4ee1 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -591,7 +591,7 @@ _PUBLIC_ void dcerpc_binding_get_auth_info(const struct dcerpc_binding *b,
 	} else if (b->flags & DCERPC_CONNECT) {
 		auth_level = DCERPC_AUTH_LEVEL_CONNECT;
 	} else if (auth_type != DCERPC_AUTH_TYPE_NONE) {
-		auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+		auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
 	} else {
 		auth_level = DCERPC_AUTH_LEVEL_NONE;
 	}
-- 
2.47.2