From 190515b0584b256774ade691dbf3acc0785aad38 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 19 May 2016 11:47:18 +0200
Subject: [PATCH] s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT

This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".

The following can be used to alter the max protocol

rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144

(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86)
---
 source3/rpcclient/rpcclient.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index c32fbc7..a4edbe8 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -904,6 +904,7 @@ out_free:
 	const char *binding_string = NULL;
 	char *user, *domain, *q;
 	const char *host;
+	int signing_state = SMB_SIGNING_IPC_DEFAULT;
 
 	/* make sure the vars that get altered (4th field) are in
 	   a fixed location or certain compilers complain */
@@ -1077,6 +1078,16 @@ out_free:
 		}
 	}
 
+	signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info);
+	switch (signing_state) {
+	case SMB_SIGNING_OFF:
+		lp_set_cmdline("client ipc signing", "no");
+		break;
+	case SMB_SIGNING_REQUIRED:
+		lp_set_cmdline("client ipc signing", "required");
+		break;
+	}
+
 	if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
 		flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
 			 CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
@@ -1104,7 +1115,7 @@ out_free:
 					get_cmdline_auth_info_domain(rpcclient_auth_info),
 					get_cmdline_auth_info_password(rpcclient_auth_info),
 					flags,
-					get_cmdline_auth_info_signing_state(rpcclient_auth_info));
+					SMB_SIGNING_IPC_DEFAULT);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("Cannot connect to server.  Error was %s\n", nt_errstr(nt_status)));
-- 
1.9.1