[REGRESSION] sever signing = default (false) for smbd (with CVE-2016-2115)

Thu Apr 14 06:42:56 UTC 2016

On 2016-04-14 at 08:35 +0200, Andreas Schneider wrote:
> Hello,
> 
> at least in Samba 3.6 we have 'server signing = false' as the default case. 
> With CVE-2016-2115 we have 'client ipc signing = required'. This means that 
> Samba clients which try a RPC connection to a PDC will fail because the server 
> doesn't support signing!
> 
> Shouldn't we set 'server singing = auto' as the default for all Samba versions 
> now?

Agreed.

I guess the attached (untested) patch should implement this.

Cheers - Michael
-------------- next part --------------
From 36cb10254b5a82b91cf93a534b3e36466fa9a303 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 14 Apr 2016 08:33:46 +0200
Subject: [PATCH] loadparm: default "server signing" to auto instead of
 disabled for non-AD/DC use case

This is to fix a regression introduced by the introduction of
client ipc signing with the default value of mandatory.
This leads to (e.g.) a Samba member sever not able to talk to
(e.g. join) a samba classic DC.

Signed-off-by: Michael Adam <obnox at samba.org>
---
 docs-xml/smbdotconf/security/serversigning.xml | 2 +-
 lib/param/loadparm.c                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml
index 0b7755a..33f418d 100644
--- a/docs-xml/smbdotconf/security/serversigning.xml
+++ b/docs-xml/smbdotconf/security/serversigning.xml
@@ -13,7 +13,7 @@
     <para>By default, and when smb signing is set to
     <emphasis>default</emphasis>, smb signing is required when
     <smbconfoption name="server role"/> is <emphasis>active directory
-    domain controller</emphasis> and disabled otherwise.</para>
+    domain controller</emphasis> and auto otherwise.</para>
 
     <para>When set to auto, SMB1 signing is offered, but not enforced.
     When set to mandatory, SMB1 signing is required and if set
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 73d4204..005f68b 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3380,7 +3380,7 @@ bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandato
 		if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
 			signing_setting = SMB_SIGNING_REQUIRED;
 		} else {
-			signing_setting = SMB_SIGNING_OFF;
+			signing_setting = SMB_SIGNING_IF_REQUIRED;
 		}
 	}
 
-- 
2.5.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160414/2288e376/signature.sig>
