From 95e334bef43d2e8bf57e30d5151803cadc4636a5 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 16 Dec 2015 09:55:37 +0100
Subject: [PATCH] CVE-2016-2115: s3:libsmb: add signing constant
 SMB_SIGNING_IPC_DEFAULT

SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 lib/param/loadparm.c              | 5 ++++-
 libcli/smb/smbXcli_base.c         | 1 +
 libcli/smb/smb_constants.h        | 1 +
 source3/libsmb/clientgen.c        | 9 +++++++++
 source4/smb_server/smb2/negprot.c | 1 +
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 13835f1a12b..b2159b6d9c9 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3255,10 +3255,13 @@ bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandato
 	case SMB_SIGNING_DESIRED:
 	case SMB_SIGNING_IF_REQUIRED:
 		break;
-	case SMB_SIGNING_DEFAULT:
 	case SMB_SIGNING_OFF:
 		allowed = false;
 		break;
+	case SMB_SIGNING_DEFAULT:
+	case SMB_SIGNING_IPC_DEFAULT:
+		smb_panic(__location__);
+		break;
 	}
 
 	return allowed;
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index b00afbc2d5a..7bf48c80437 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -363,6 +363,7 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
 		conn->desire_signing = true;
 		conn->mandatory_signing = false;
 		break;
+	case SMB_SIGNING_IPC_DEFAULT:
 	case SMB_SIGNING_REQUIRED:
 		/* always */
 		conn->allow_signing = true;
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index 9b570782b64..c68c9b34d3c 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -93,6 +93,7 @@ enum protocol_types {
 #define PROTOCOL_LATEST PROTOCOL_SMB3_02
 
 enum smb_signing_setting {
+	SMB_SIGNING_IPC_DEFAULT = -2, /* Only used in C code */
 	SMB_SIGNING_DEFAULT = -1,
 	SMB_SIGNING_OFF = 0,
 	SMB_SIGNING_IF_REQUIRED = 1,
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 6bed5105b02..79e1392c5db 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -231,6 +231,15 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 		use_level_II_oplocks = true;
 	}
 
+	if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
+		/*
+		 * Ensure for IPC/RPC the default is to require
+		 * signing unless explicitly turned off by the
+		 * administrator.
+		 */
+		signing_state = lp_client_ipc_signing();
+	}
+
 	if (signing_state == SMB_SIGNING_DEFAULT) {
 		signing_state = lp_client_signing();
 	}
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index e654392ccbf..addd278eb4c 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -147,6 +147,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
 
 	switch (signing_setting) {
 	case SMB_SIGNING_DEFAULT:
+	case SMB_SIGNING_IPC_DEFAULT:
 		smb_panic(__location__);
 		break;
 	case SMB_SIGNING_OFF:
-- 
2.47.2