Description: fix man-in-the-middle attack via encrypted-to-unencrypted downgrade Origin: upstream, https://bugzilla.samba.org/show_bug.cgi?id=11536 Bug: https://bugzilla.samba.org/show_bug.cgi?id=11536 Index: samba-3.6.3/source3/libsmb/clidfs.c =================================================================== --- samba-3.6.3.orig/source3/libsmb/clidfs.c 2012-01-29 14:40:43.000000000 -0500 +++ samba-3.6.3/source3/libsmb/clidfs.c 2016-01-04 14:49:46.464603048 -0500 @@ -98,6 +98,11 @@ const char *username; const char *password; NTSTATUS status; + int signing_state = get_cmdline_auth_info_signing_state(auth_info); + + if (force_encrypt) { + signing_state = Required; + } /* make a copy so we don't modify the global string 'service' */ servicename = talloc_strdup(ctx,share); @@ -132,7 +137,7 @@ zero_sockaddr(&ss); /* have to open a new connection */ - c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)); + c = cli_initialise_ex(signing_state); if (c == NULL) { d_printf("Connection to %s failed\n", server_n); return NULL; Index: samba-3.6.3/source3/libsmb/libsmb_server.c =================================================================== --- samba-3.6.3.orig/source3/libsmb/libsmb_server.c 2012-01-29 14:40:43.000000000 -0500 +++ samba-3.6.3/source3/libsmb/libsmb_server.c 2016-01-04 14:49:46.464603048 -0500 @@ -258,6 +258,7 @@ const char *username_used; NTSTATUS status; char *newserver, *newshare; + int signing_state = Undefined; zero_sockaddr(&ss); ZERO_STRUCT(c); @@ -404,8 +405,12 @@ zero_sockaddr(&ss); + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { + signing_state = Required; + } + /* have to open a new connection */ - if ((c = cli_initialise()) == NULL) { + if ((c = cli_initialise_ex(signing_state)) == NULL) { errno = ENOMEM; return NULL; } @@ -750,6 +755,7 @@ ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", pp_workgroup, pp_username, pp_password); if (!ipc_srv) { + int signing_state = Undefined; /* We didn't find a cached connection. Get the password */ if (!*pp_password || (*pp_password)[0] == '\0') { @@ -771,6 +777,9 @@ if (smbc_getOptionUseCCache(context)) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; } + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { + signing_state = Required; + } zero_sockaddr(&ss); nt_status = cli_full_connection(&ipc_cli, @@ -780,7 +789,7 @@ *pp_workgroup, *pp_password, flags, - Undefined); + signing_state); if (! NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));