[SCM] Samba Shared Repository - branch v4-14-test updated
Jule Anger
janger at samba.org
Tue Jan 18 18:57:01 UTC 2022
The branch, v4-14-test has been updated
via be1b37e7c6e s3:libsmb: fix signing regression SMBC_server_internal()
via 7aa5875ff92 s4:selftest: run libsmbclient.noanon_list against maptoguest
via 8feb866c215 s4:torture/libsmbclient: add libsmbclient.noanon_list test
via 72e5b758e04 selftest/Samba3: enable SMB1 for maptoguest
from 4a6813f7bc9 s3: smbd: Add missing pop_sec_ctx() in error code path of close_directory()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit be1b37e7c6ebd5a38202d807df990793fd450b68
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 21 11:19:40 2021 +0100
s3:libsmb: fix signing regression SMBC_server_internal()
commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.
That broke guest authentication for libsmbclient using applications.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
(cherry picked from commit 9d2bf015378c5bc630c92618e034c5eba95cc6b4)
Autobuild-User(v4-14-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-14-test): Tue Jan 18 18:56:06 UTC 2022 on sn-devel-184
commit 7aa5875ff926b14cd4feb183a308bb39cf6ad77d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 21 12:05:13 2021 +0100
s4:selftest: run libsmbclient.noanon_list against maptoguest
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0a808f6b53f50f426bd706f5327f610bb9e5967d)
commit 8feb866c2151ec88a61598abd4f602aefeb26aea
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 21 12:04:30 2021 +0100
s4:torture/libsmbclient: add libsmbclient.noanon_list test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 59e436297b0a4baa01e4e8a4bbb9c0bc9d7e1f29)
commit 72e5b758e04dab11fccc21d3c7bc22aace393527
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 21 14:39:25 2021 +0100
selftest/Samba3: enable SMB1 for maptoguest
guest authentication is an old school concept,
so we should make sure it also works with SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 648b476dcdb6f378b627266cb787fd8f38fba56a)
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail.d/smb1-tests | 10 +++---
selftest/target/Samba3.pm | 1 +
source3/libsmb/libsmb_server.c | 2 +-
source4/selftest/tests.py | 16 +++++++++
source4/torture/libsmbclient/libsmbclient.c | 50 +++++++++++++++++++++++++++++
5 files changed, 72 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests
index 4ba1365b3a4..5d7ac923da8 100644
--- a/selftest/knownfail.d/smb1-tests
+++ b/selftest/knownfail.d/smb1-tests
@@ -1,9 +1,7 @@
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient baduser.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L.*\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L LOCALADMEMBER -I.*\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient does not prompt\((ad_member|nt4_member)\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 588d7779dd4..9a8c9ee2604 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1866,6 +1866,7 @@ sub setup_maptoguest
my $options = "
map to guest = bad user
ntlm auth = yes
+server min protocol = LANMAN1
[force_user_error_inject]
path = $share_dir
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 5a1055ba773..d5c9fac6f05 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -498,7 +498,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
status = NT_STATUS_UNSUCCESSFUL;
- if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+ if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) {
signing_state = SMB_SIGNING_REQUIRED;
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 98def4ef84a..50a77a08009 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -409,6 +409,22 @@ for t in libsmbclient:
[ "--option=torture:clientprotocol=%s" % proto],
"samba4.%s.%s" % (t, proto))
+url = "smb://baduser:invalidpw@$SERVER/tmpguest"
+t = "libsmbclient.noanon_list"
+libsmbclient_testargs = [
+ '//$SERVER/tmpguest',
+ '-U$USERNAME%$PASSWORD',
+ "--option=torture:smburl=" + url,
+ "--option=torture:replace_smbconf="
+ "%s/testdata/samba3/smb_new.conf" % srcdir()
+ ]
+for proto in protocols:
+ plansmbtorture4testsuite(t,
+ "maptoguest",
+ libsmbclient_testargs +
+ [ "--option=torture:clientprotocol=%s" % proto],
+ "samba4.%s.baduser.%s" % (t, proto))
+
plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
for t in smbtorture4_testsuites("rap."):
diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
index 4fbd759487b..97c2268aa81 100644
--- a/source4/torture/libsmbclient/libsmbclient.c
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -1254,6 +1254,54 @@ static bool torture_libsmbclient_utimes(struct torture_context *tctx)
return true;
}
+static bool torture_libsmbclient_noanon_list(struct torture_context *tctx)
+{
+ const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+ struct smbc_dirent *dirent = NULL;
+ SMBCCTX *ctx = NULL;
+ int dhandle = -1;
+ bool ok = true;
+
+ if (smburl == NULL) {
+ torture_fail(tctx,
+ "option --option=torture:smburl="
+ "smb://user:password@server missing\n");
+ }
+
+ ok = torture_libsmbclient_init_context(tctx, &ctx);
+ torture_assert_goto(tctx,
+ ok,
+ ok,
+ out,
+ "Failed to init context");
+ torture_comment(tctx,
+ "Testing smbc_setOptionNoAutoAnonymousLogin\n");
+ smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+ smbc_set_context(ctx);
+
+ torture_comment(tctx, "Listing: %s\n", smburl);
+ dhandle = smbc_opendir(smburl);
+ torture_assert_int_not_equal_goto(tctx,
+ dhandle,
+ -1,
+ ok,
+ out,
+ "Failed to open smburl");
+
+ while((dirent = smbc_readdir(dhandle)) != NULL) {
+ torture_comment(tctx, "DIR: %s\n", dirent->name);
+ torture_assert_not_null_goto(tctx,
+ dirent->name,
+ ok,
+ out,
+ "Failed to read name");
+ }
+
+out:
+ smbc_closedir(dhandle);
+ return ok;
+}
+
NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
{
struct torture_suite *suite;
@@ -1275,6 +1323,8 @@ NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
torture_libsmbclient_readdirplus2);
torture_suite_add_simple_test(
suite, "utimes", torture_libsmbclient_utimes);
+ torture_suite_add_simple_test(
+ suite, "noanon_list", torture_libsmbclient_noanon_list);
suite->description = talloc_strdup(suite, "libsmbclient interface tests");
--
Samba Shared Repository
More information about the samba-cvs
mailing list