The branch, v4-15-test has been updated via 6d158512e8d s3:smbd: handle --build-options without parsing smb.conf via a4281c9ea7f s3:libsmb: fix signing regression SMBC_server_internal() via a9c32e69546 s4:selftest: run libsmbclient.noanon_list against maptoguest via 025749c3773 s4:torture/libsmbclient: add libsmbclient.noanon_list test via dfabc5da386 selftest/Samba3: enable SMB1 for maptoguest from 5a2227d704c s3: smbd: Add missing pop_sec_ctx() in error code path of close_directory()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log ----------------------------------------------------------------- commit 6d158512e8d5a98870016b169fe2f6fb69513808 Author: Andreas Schneider <a...@samba.org> Date: Thu Jan 13 15:31:33 2022 +0100 s3:smbd: handle --build-options without parsing smb.conf The smb.conf is parsed in post mode of a popt callback. The smbd --build-options parameter should be handled when first encountered to avoid requiring smb.conf presence. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14945 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 6a463c40d755b75b02884f123c19cc2c2845d729) Autobuild-User(v4-15-test): Jule Anger <jan...@samba.org> Autobuild-Date(v4-15-test): Tue Jan 18 18:42:28 UTC 2022 on sn-devel-184 commit a4281c9ea7fed0abc2d0a9301a5ca684e9386efe Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 21 11:19:40 2021 +0100 s3:libsmb: fix signing regression SMBC_server_internal() commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce signing wasn't adjusted, so we required smb signing by default. That broke guest authentication for libsmbclient using applications. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184 (cherry picked from commit 9d2bf015378c5bc630c92618e034c5eba95cc6b4) commit a9c32e69546975687d87c5f803c1d092559a0664 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 21 12:05:13 2021 +0100 s4:selftest: run libsmbclient.noanon_list against maptoguest This demonstrates the problem with guest access being rejected by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 0a808f6b53f50f426bd706f5327f610bb9e5967d) commit 025749c3773b64d82dca1edfc82fc1898c7c1763 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 21 12:04:30 2021 +0100 s4:torture/libsmbclient: add libsmbclient.noanon_list test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 59e436297b0a4baa01e4e8a4bbb9c0bc9d7e1f29) commit dfabc5da3863fecaf408ab8550645518c097302d Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 21 14:39:25 2021 +0100 selftest/Samba3: enable SMB1 for maptoguest guest authentication is an old school concept, so we should make sure it also works with SMB1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 648b476dcdb6f378b627266cb787fd8f38fba56a) ----------------------------------------------------------------------- Summary of changes: selftest/knownfail.d/smb1-tests | 10 +++--- selftest/target/Samba3.pm | 1 + source3/libsmb/libsmb_server.c | 2 +- source3/smbd/server.c | 9 ++---- source4/selftest/tests.py | 16 +++++++++ source4/torture/libsmbclient/libsmbclient.c | 50 +++++++++++++++++++++++++++++ 6 files changed, 74 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests index 4790ef0f46c..28a74863c6a 100644 --- a/selftest/knownfail.d/smb1-tests +++ b/selftest/knownfail.d/smb1-tests @@ -1,9 +1,7 @@ -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.badpassword.NT1NEW.guest\(maptoguest\) -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient baduser.badpassword.NT1NEW.guest\(maptoguest\) -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\) -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\) -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\) -^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\) +^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\) ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L.*\((ad_member|nt4_member)\) ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L LOCALADMEMBER -I.*\((ad_member|nt4_member)\) ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient does not prompt\((ad_member|nt4_member)\) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d1ac5c16c26..84903b87d3e 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2091,6 +2091,7 @@ sub setup_maptoguest my $options = " map to guest = bad user ntlm auth = yes +server min protocol = LANMAN1 [force_user_error_inject] path = $share_dir diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index 5a1055ba773..d5c9fac6f05 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -498,7 +498,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, status = NT_STATUS_UNSUCCESSFUL; - if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { + if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) { signing_state = SMB_SIGNING_REQUIRED; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d02ff1bd883..dc34f800e3f 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1545,7 +1545,6 @@ extern void build_options(bool screen); char *profile_level = NULL; int opt; poptContext pc; - bool print_build_options = False; bool serving_printers = false; struct server_id main_server_id = {0}; struct poptOption long_options[] = { @@ -1650,7 +1649,8 @@ extern void build_options(bool screen); while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case 'b': - print_build_options = True; + build_options(true); /* Display output to screen as well as debug */ + exit(0); break; default: d_fprintf(stderr, "\nInvalid option %s: %s\n\n", @@ -1667,11 +1667,6 @@ extern void build_options(bool screen); log_stdout = True; } - if (print_build_options) { - build_options(True); /* Display output to screen as well as debug */ - exit(0); - } - #ifdef HAVE_SETLUID /* needed for SecureWare on SCO */ setluid(0); diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 61cbca43132..1e4b2ae6dd3 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -408,6 +408,22 @@ for t in libsmbclient: [ "--option=torture:clientprotocol=%s" % proto], "samba4.%s.%s" % (t, proto)) +url = "smb://baduser:invalidpw@$SERVER/tmpguest" +t = "libsmbclient.noanon_list" +libsmbclient_testargs = [ + '//$SERVER/tmpguest', + '-U$USERNAME%$PASSWORD', + "--option=torture:smburl=" + url, + "--option=torture:replace_smbconf=" + "%s/testdata/samba3/smb_new.conf" % srcdir() + ] +for proto in protocols: + plansmbtorture4testsuite(t, + "maptoguest", + libsmbclient_testargs + + [ "--option=torture:clientprotocol=%s" % proto], + "samba4.%s.baduser.%s" % (t, proto)) + plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD') for t in smbtorture4_testsuites("rap."): diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c index 669189d7785..fd770e5002f 100644 --- a/source4/torture/libsmbclient/libsmbclient.c +++ b/source4/torture/libsmbclient/libsmbclient.c @@ -1255,6 +1255,54 @@ static bool torture_libsmbclient_utimes(struct torture_context *tctx) return true; } +static bool torture_libsmbclient_noanon_list(struct torture_context *tctx) +{ + const char *smburl = torture_setting_string(tctx, "smburl", NULL); + struct smbc_dirent *dirent = NULL; + SMBCCTX *ctx = NULL; + int dhandle = -1; + bool ok = true; + + if (smburl == NULL) { + torture_fail(tctx, + "option --option=torture:smburl=" + "smb://user:password@server missing\n"); + } + + ok = torture_libsmbclient_init_context(tctx, &ctx); + torture_assert_goto(tctx, + ok, + ok, + out, + "Failed to init context"); + torture_comment(tctx, + "Testing smbc_setOptionNoAutoAnonymousLogin\n"); + smbc_setOptionNoAutoAnonymousLogin(ctx, true); + smbc_set_context(ctx); + + torture_comment(tctx, "Listing: %s\n", smburl); + dhandle = smbc_opendir(smburl); + torture_assert_int_not_equal_goto(tctx, + dhandle, + -1, + ok, + out, + "Failed to open smburl"); + + while((dirent = smbc_readdir(dhandle)) != NULL) { + torture_comment(tctx, "DIR: %s\n", dirent->name); + torture_assert_not_null_goto(tctx, + dirent->name, + ok, + out, + "Failed to read name"); + } + +out: + smbc_closedir(dhandle); + return ok; +} + NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx) { struct torture_suite *suite; @@ -1276,6 +1324,8 @@ NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx) torture_libsmbclient_readdirplus2); torture_suite_add_simple_test( suite, "utimes", torture_libsmbclient_utimes); + torture_suite_add_simple_test( + suite, "noanon_list", torture_libsmbclient_noanon_list); suite->description = talloc_strdup(suite, "libsmbclient interface tests"); -- Samba Shared Repository