[SCM] Samba Shared Repository - branch v4-15-test updated

Jule Anger janger at samba.org
Tue Jan 18 18:43:01 UTC 2022


The branch, v4-15-test has been updated
       via  6d158512e8d s3:smbd: handle --build-options without parsing smb.conf
       via  a4281c9ea7f s3:libsmb: fix signing regression SMBC_server_internal()
       via  a9c32e69546 s4:selftest: run libsmbclient.noanon_list against maptoguest
       via  025749c3773 s4:torture/libsmbclient: add libsmbclient.noanon_list test
       via  dfabc5da386 selftest/Samba3: enable SMB1 for maptoguest
      from  5a2227d704c s3: smbd: Add missing pop_sec_ctx() in error code path of close_directory()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test


- Log -----------------------------------------------------------------
commit 6d158512e8d5a98870016b169fe2f6fb69513808
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jan 13 15:31:33 2022 +0100

    s3:smbd: handle --build-options without parsing smb.conf
    
    The smb.conf is parsed in post mode of a popt callback. The smbd
    --build-options parameter should be handled when first encountered
    to avoid requiring smb.conf presence.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14945
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>
    (cherry picked from commit 6a463c40d755b75b02884f123c19cc2c2845d729)
    
    Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-15-test): Tue Jan 18 18:42:28 UTC 2022 on sn-devel-184

commit a4281c9ea7fed0abc2d0a9301a5ca684e9386efe
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 21 11:19:40 2021 +0100

    s3:libsmb: fix signing regression SMBC_server_internal()
    
    commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
    SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
    signing wasn't adjusted, so we required smb signing by default.
    
    That broke guest authentication for libsmbclient using applications.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
    
    (cherry picked from commit 9d2bf015378c5bc630c92618e034c5eba95cc6b4)

commit a9c32e69546975687d87c5f803c1d092559a0664
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 21 12:05:13 2021 +0100

    s4:selftest: run libsmbclient.noanon_list against maptoguest
    
    This demonstrates the problem with guest access being rejected
    by default.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 0a808f6b53f50f426bd706f5327f610bb9e5967d)

commit 025749c3773b64d82dca1edfc82fc1898c7c1763
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 21 12:04:30 2021 +0100

    s4:torture/libsmbclient: add libsmbclient.noanon_list test
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 59e436297b0a4baa01e4e8a4bbb9c0bc9d7e1f29)

commit dfabc5da3863fecaf408ab8550645518c097302d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Dec 21 14:39:25 2021 +0100

    selftest/Samba3: enable SMB1 for maptoguest
    
    guest authentication is an old school concept,
    so we should make sure it also works with SMB1.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 648b476dcdb6f378b627266cb787fd8f38fba56a)

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail.d/smb1-tests             | 10 +++---
 selftest/target/Samba3.pm                   |  1 +
 source3/libsmb/libsmb_server.c              |  2 +-
 source3/smbd/server.c                       |  9 ++----
 source4/selftest/tests.py                   | 16 +++++++++
 source4/torture/libsmbclient/libsmbclient.c | 50 +++++++++++++++++++++++++++++
 6 files changed, 74 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests
index 4790ef0f46c..28a74863c6a 100644
--- a/selftest/knownfail.d/smb1-tests
+++ b/selftest/knownfail.d/smb1-tests
@@ -1,9 +1,7 @@
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient baduser.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L.*\((ad_member|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L LOCALADMEMBER -I.*\((ad_member|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient does not prompt\((ad_member|nt4_member)\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d1ac5c16c26..84903b87d3e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2091,6 +2091,7 @@ sub setup_maptoguest
 	my $options = "
 map to guest = bad user
 ntlm auth = yes
+server min protocol = LANMAN1
 
 [force_user_error_inject]
 	path = $share_dir
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 5a1055ba773..d5c9fac6f05 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -498,7 +498,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
 
 	status = NT_STATUS_UNSUCCESSFUL;
 
-	if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+	if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) {
 		signing_state = SMB_SIGNING_REQUIRED;
 	}
 
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d02ff1bd883..dc34f800e3f 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1545,7 +1545,6 @@ extern void build_options(bool screen);
 	char *profile_level = NULL;
 	int opt;
 	poptContext pc;
-	bool print_build_options = False;
 	bool serving_printers = false;
 	struct server_id main_server_id = {0};
 	struct poptOption long_options[] = {
@@ -1650,7 +1649,8 @@ extern void build_options(bool screen);
 	while((opt = poptGetNextOpt(pc)) != -1) {
 		switch (opt)  {
 		case 'b':
-			print_build_options = True;
+			build_options(true); /* Display output to screen as well as debug */
+			exit(0);
 			break;
 		default:
 			d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
@@ -1667,11 +1667,6 @@ extern void build_options(bool screen);
 		log_stdout = True;
 	}
 
-	if (print_build_options) {
-		build_options(True); /* Display output to screen as well as debug */
-		exit(0);
-	}
-
 #ifdef HAVE_SETLUID
 	/* needed for SecureWare on SCO */
 	setluid(0);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 61cbca43132..1e4b2ae6dd3 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -408,6 +408,22 @@ for t in libsmbclient:
             [ "--option=torture:clientprotocol=%s" % proto],
             "samba4.%s.%s" % (t, proto))
 
+url = "smb://baduser:invalidpw@$SERVER/tmpguest"
+t = "libsmbclient.noanon_list"
+libsmbclient_testargs = [
+    '//$SERVER/tmpguest',
+    '-U$USERNAME%$PASSWORD',
+    "--option=torture:smburl=" + url,
+    "--option=torture:replace_smbconf="
+    "%s/testdata/samba3/smb_new.conf" % srcdir()
+    ]
+for proto in protocols:
+    plansmbtorture4testsuite(t,
+        "maptoguest",
+        libsmbclient_testargs +
+        [ "--option=torture:clientprotocol=%s" % proto],
+        "samba4.%s.baduser.%s" % (t, proto))
+
 plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
 
 for t in smbtorture4_testsuites("rap."):
diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
index 669189d7785..fd770e5002f 100644
--- a/source4/torture/libsmbclient/libsmbclient.c
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -1255,6 +1255,54 @@ static bool torture_libsmbclient_utimes(struct torture_context *tctx)
 	return true;
 }
 
+static bool torture_libsmbclient_noanon_list(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	struct smbc_dirent *dirent = NULL;
+	SMBCCTX *ctx = NULL;
+	int dhandle = -1;
+	bool ok = true;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert_goto(tctx,
+			    ok,
+			    ok,
+			    out,
+			    "Failed to init context");
+	torture_comment(tctx,
+			"Testing smbc_setOptionNoAutoAnonymousLogin\n");
+	smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+	smbc_set_context(ctx);
+
+	torture_comment(tctx, "Listing: %s\n", smburl);
+	dhandle = smbc_opendir(smburl);
+	torture_assert_int_not_equal_goto(tctx,
+					  dhandle,
+					  -1,
+					  ok,
+					  out,
+					  "Failed to open smburl");
+
+	while((dirent = smbc_readdir(dhandle)) != NULL) {
+		torture_comment(tctx, "DIR: %s\n", dirent->name);
+		torture_assert_not_null_goto(tctx,
+					     dirent->name,
+					     ok,
+					     out,
+					     "Failed to read name");
+	}
+
+out:
+	smbc_closedir(dhandle);
+	return ok;
+}
+
 NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite;
@@ -1276,6 +1324,8 @@ NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
 		torture_libsmbclient_readdirplus2);
 	torture_suite_add_simple_test(
 		suite, "utimes", torture_libsmbclient_utimes);
+	torture_suite_add_simple_test(
+		suite, "noanon_list", torture_libsmbclient_noanon_list);
 
 	suite->description = talloc_strdup(suite, "libsmbclient interface tests");
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list