Badlock regression fixes

Stefan Metzmacher metze at samba.org
Thu May 12 21:04:44 UTC 2016 

Am 12.05.2016 um 19:14 schrieb Christian Ambach:
>> I've pushed
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-tmp1
>> to autobuild after review from Andreas and Günther.
> 
> I am afraid those have brought new regressions.
> Look at Bug 11910. It's reproducible when having an AD DC with default
> server signing setting and attempting to connect with smbclient and -U%.
> This seems to falsely activate SMB signing chcks on the server side
> where it shouldn't.
> 
> It does not show up in our automated testing as the DC that we provision
> uses server signing = auto (not the default).
> We could apply a patch like the one that I have attached, but I am not
> sure which testcases that will break.

I've the following patch sitting in my wip branches:

I'm currently trying a private autobuild with it.

metze
-------------- next part --------------
From ec861a4bd4542a81a9a45729828db77a9548dc3a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Wed, 15 Jul 2015 11:10:24 +0200
Subject: [PATCH] selftest:Samba4: use the default values for "smb signing"

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail        | 3 +++
 selftest/target/Samba4.pm | 6 +-----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index c9f4fb0..9dd39d3 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -326,3 +326,6 @@
 #
 ^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore
 ^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype
+# ad_dc requires signing
+#
+^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 6daa6b2..dd63461 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -568,10 +568,6 @@ sub provision_raw_step1($$)
 
         vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
 
-	# remove this again, when our smb2 client library
-	# supports signin on compound related requests
-	server signing = on
-
         idmap_ldb:use rfc2307=yes
 	winbind enum users = yes
 	winbind enum groups = yes
@@ -947,6 +943,7 @@ sub provision_s4member($$$)
 	print "PROVISIONING MEMBER...";
 	my $extra_smb_conf = "
         passdb backend = samba_dsdb
+server signing = enabled
 winbindd:use external pipes = true
 
 rpc_server:default = external
@@ -1638,7 +1635,6 @@ sub provision_ad_dc($$)
 
 	max protocol = SMB3
 	read only = no
-	server signing = auto
 
 	smbd:sharedelay = 100000
 	smbd:writetimeupdatedelay = 500000
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160512/6346fb9d/signature.sig>

More information about the samba-technical mailing list