The branch, master has been updated
via 9d2bf015378 s3:libsmb: fix signing regression SMBC_server_internal()
via 0a808f6b53f s4:selftest: run libsmbclient.noanon_list against
maptoguest
via 59e436297b0 s4:torture/libsmbclient: add libsmbclient.noanon_list
test
via 648b476dcdb selftest/Samba3: enable SMB1 for maptoguest
from 9a68025ad39 s4:rpc_server/netlogon: adjust the valid_flags based on
dsdb_dc_functional_level()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9d2bf015378c5bc630c92618e034c5eba95cc6b4
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 11:19:40 2021 +0100
s3:libsmb: fix signing regression SMBC_server_internal()
commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.
That broke guest authentication for libsmbclient using applications.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
commit 0a808f6b53f50f426bd706f5327f610bb9e5967d
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 12:05:13 2021 +0100
s4:selftest: run libsmbclient.noanon_list against maptoguest
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 59e436297b0a4baa01e4e8a4bbb9c0bc9d7e1f29
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 12:04:30 2021 +0100
s4:torture/libsmbclient: add libsmbclient.noanon_list test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 648b476dcdb6f378b627266cb787fd8f38fba56a
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 14:39:25 2021 +0100
selftest/Samba3: enable SMB1 for maptoguest
guest authentication is an old school concept,
so we should make sure it also works with SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail.d/smb1-tests | 10 +++---
selftest/target/Samba3.pm | 1 +
source3/libsmb/libsmb_server.c | 2 +-
source4/selftest/tests.py | 16 +++++++++
source4/torture/libsmbclient/libsmbclient.c | 50 +++++++++++++++++++++++++++++
5 files changed, 72 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests
index 4790ef0f46c..28a74863c6a 100644
--- a/selftest/knownfail.d/smb1-tests
+++ b/selftest/knownfail.d/smb1-tests
@@ -1,9 +1,7 @@
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
anonymous.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
baduser.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
username.password.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
username.password.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient
anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient
-L.*\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L
LOCALADMEMBER -I.*\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive
smbclient does not prompt\((ad_member|nt4_member)\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 7385b755273..83941a85e15 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2096,6 +2096,7 @@ sub setup_maptoguest
my $options = "
map to guest = bad user
ntlm auth = yes
+server min protocol = LANMAN1
[force_user_error_inject]
path = $share_dir
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 3ac915e775d..b92477c88fe 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -498,7 +498,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
status = NT_STATUS_UNSUCCESSFUL;
- if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+ if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) {
signing_state = SMB_SIGNING_REQUIRED;
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index ca6a0ae9a03..e496499da23 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -415,6 +415,22 @@ for t in libsmbclient:
[ "--option=torture:clientprotocol=%s" % proto],
"samba4.%s.%s" % (t, proto))
+url = "smb://baduser:invalidpw@$SERVER/tmpguest"
+t = "libsmbclient.noanon_list"
+libsmbclient_testargs = [
+ '//$SERVER/tmpguest',
+ '-U$USERNAME%$PASSWORD',
+ "--option=torture:smburl=" + url,
+ "--option=torture:replace_smbconf="
+ "%s/testdata/samba3/smb_new.conf" % srcdir()
+ ]
+for proto in protocols:
+ plansmbtorture4testsuite(t,
+ "maptoguest",
+ libsmbclient_testargs +
+ [ "--option=torture:clientprotocol=%s" % proto],
+ "samba4.%s.baduser.%s" % (t, proto))
+
plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$
-U$USERNAME%$PASSWORD')
for t in smbtorture4_testsuites("rap."):
diff --git a/source4/torture/libsmbclient/libsmbclient.c
b/source4/torture/libsmbclient/libsmbclient.c
index 669189d7785..fd770e5002f 100644
--- a/source4/torture/libsmbclient/libsmbclient.c
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -1255,6 +1255,54 @@ static bool torture_libsmbclient_utimes(struct
torture_context *tctx)
return true;
}
+static bool torture_libsmbclient_noanon_list(struct torture_context *tctx)
+{
+ const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+ struct smbc_dirent *dirent = NULL;
+ SMBCCTX *ctx = NULL;
+ int dhandle = -1;
+ bool ok = true;
+
+ if (smburl == NULL) {
+ torture_fail(tctx,
+ "option --option=torture:smburl="
+ "smb://user:password@server missing\n");
+ }
+
+ ok = torture_libsmbclient_init_context(tctx, &ctx);
+ torture_assert_goto(tctx,
+ ok,
+ ok,
+ out,
+ "Failed to init context");
+ torture_comment(tctx,
+ "Testing smbc_setOptionNoAutoAnonymousLogin\n");
+ smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+ smbc_set_context(ctx);
+
+ torture_comment(tctx, "Listing: %s\n", smburl);
+ dhandle = smbc_opendir(smburl);
+ torture_assert_int_not_equal_goto(tctx,
+ dhandle,
+ -1,
+ ok,
+ out,
+ "Failed to open smburl");
+
+ while((dirent = smbc_readdir(dhandle)) != NULL) {
+ torture_comment(tctx, "DIR: %s\n", dirent->name);
+ torture_assert_not_null_goto(tctx,
+ dirent->name,
+ ok,
+ out,
+ "Failed to read name");
+ }
+
+out:
+ smbc_closedir(dhandle);
+ return ok;
+}
+
NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
{
struct torture_suite *suite;
@@ -1276,6 +1324,8 @@ NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
torture_libsmbclient_readdirplus2);
torture_suite_add_simple_test(
suite, "utimes", torture_libsmbclient_utimes);
+ torture_suite_add_simple_test(
+ suite, "noanon_list", torture_libsmbclient_noanon_list);
suite->description = talloc_strdup(suite, "libsmbclient interface
tests");
--
Samba Shared Repository
