diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-12-12 06:07:56 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2017-09-04 11:35:31 +0200 |
commit | 609e6b09feb4b00ee52db4a9df258cb9061f4ad8 (patch) | |
tree | 6fbb4376255ec02d7af689a8485b2e879bcea2a4 | |
parent | f30ea84489e9ee6ab65279bc3ea62ce4f954f965 (diff) | |
download | samba-609e6b09feb4b00ee52db4a9df258cb9061f4ad8.tar.gz |
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/libsmb/clidfs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 16b21bdf6de..0b7c281280b 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -203,7 +203,9 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, /* If a password was not supplied then * try again with a null username. */ if (password[0] || !username[0] || + force_encrypt || smbXcli_conn_signing_mandatory(c->conn) || get_cmdline_auth_info_use_kerberos(auth_info) || + get_cmdline_auth_info_use_ccache(auth_info) || !NT_STATUS_IS_OK(status = cli_session_setup(c, "", "", 0, "", 0, |