[Pkg-samba-maint] [samba] 05/12: CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()

Mathieu Parent sathieu at moszumanska.debian.org
Thu Sep 21 07:26:01 UTC 2017


This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch stretch-security
in repository samba.

commit a85975ede5afbc550e253856b5f16dd6d0b4ebd4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 12 05:49:46 2016 +0100

    CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
    
    It's important that we use a signed connection to get the GPOs!
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 libgpo/gpo_fetch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 836bc23..3740d4e 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -133,7 +133,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
 			ads->auth.password,
 			CLI_FULL_CONNECTION_USE_KERBEROS |
 			CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-			Undefined);
+			SMB_SIGNING_REQUIRED);
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(10,("check_refresh_gpo: "
 				"failed to connect: %s\n",

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git




More information about the Pkg-samba-maint mailing list