Removing smbclient Domain=... banner (Re: Default setting for "client max protocol" is NT1)

Stefan Metzmacher metze at samba.org
Mon Jun 26 21:32:49 UTC 2017


Hi Jeremy,

>> +1. I'm OK with losing that prompt - especially if we
>> also enhance "showconnect".
> 
> I think enhancing is a future improvement.
> 
> For now an interactive session will start like this:
> 
>   $ smbclient -Uadministrator //dc1/netlogon
>   Try "help" do get a list of possible commands.
>   smb: \>
> 
> 
> The attached patches are currently in a private autobuild.

Here's a patchset that includes the banner change and also
changes the effective default of "client max protocol" to
SMB3_11 and makes sure we run the most important tests
with -mNT1 and with -mSMB3.

Please review and push:-)

Thanks!
metze

-------------- next part --------------
From bcf23c8b5cb989b807e842227df5054a2eae0bb1 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 16:33:04 +0200
Subject: [PATCH 01/19] s3:test_smbclient_s3.sh: improve the error handling

We should directly return if he hit an error.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_smbclient_s3.sh | 279 ++++++++++++------------------
 1 file changed, 109 insertions(+), 170 deletions(-)

diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 050dd81..fab074a 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -45,8 +45,7 @@ test_noninteractive_no_prompt()
     if [ $? != 0 ] ; then
 	echo "$out"
 	echo "command failed"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep $prompt >/dev/null 2>&1
@@ -54,10 +53,10 @@ test_noninteractive_no_prompt()
     if [ $? = 0 ] ; then
 	# got a prompt .. fail
 	echo matched interactive prompt in non-interactive mode
-	false
-    else
-	true
+	return 1
     fi
+
+    return 0
 }
 
 # Test that an interactive smbclient prompts to stdout
@@ -80,19 +79,17 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "command failed"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep $prompt >/dev/null 2>&1
 
-    if [ $? = 0 ] ; then
-	# got a prompt .. succeed
-	true
-    else
+    if [ $? != 0 ] ; then
 	echo failed to match interactive prompt on stdout
-	false
+	return 1
     fi
+
+    return 0
 }
 
 # Test creating a bad symlink and deleting it.
@@ -118,21 +115,19 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed create then delete bad symlink with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt" >/dev/null 2>&1
 
     ret=$?
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed create then delete bad symlink - grep failed with $ret"
-	false
+	return 1
     fi
+
+    return 0
 }
 
 # Test creating a good symlink and deleting it by path.
@@ -160,28 +155,25 @@ EOF
 	echo "failed delete good symlink with error $ret"
 	rm $slink_target
 	rm $slink_name
-	false
-	return
+	return 1
     fi
 
     if [ ! -e $slink_target ] ; then
 	echo "failed delete good symlink - symlink target deleted !"
 	rm $slink_target
 	rm $slink_name
-	false
-	return
+	return 1
     fi
 
     if [ -e $slink_name ] ; then
 	echo "failed delete good symlink - symlink still exists"
 	rm $slink_target
 	rm $slink_name
-	false
-    else
-	# got the correct prompt .. succeed
-	rm $slink_target
-	true
+	return 1
     fi
+
+    rm $slink_target
+    return 0
 }
 
 # Test writing into a read-only directory (logon as guest) fails.
@@ -196,8 +188,7 @@ test_read_only_dir()
 ##
     if [ "$USERID" != 0 ] ; then
 	echo "skipping test_read_only_dir as non-root"
-	true
-	return
+	return 0
     fi
 
 ##
@@ -206,8 +197,7 @@ test_read_only_dir()
 ##
     if [ "$ADDARGS" = "-e" ] ; then
 	echo "skipping test_read_only_dir with encrypted connection"
-	true
-	return
+	return 0
     fi
 
     cat > $tmpfile <<EOF
@@ -225,21 +215,19 @@ EOF
 	echo "$out"
 	echo "failed writing into read-only directory with error $ret"
 
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt" >/dev/null 2>&1
 
     ret=$?
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed writing into read-only directory - grep failed with $ret"
-	false
+	return 1
     fi
+
+    return 0
 }
 
 
@@ -260,9 +248,8 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed sending message to $SERVER with error $ret"
-	false
 	rm -f $tmpfile
-	return
+	return 1
     fi
 
     # The server writes this into a file message.msgtest, via message.%m to test the % sub code
@@ -274,16 +261,15 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed getting sent message from $SERVER with error $ret"
-	false
-	return
+	return 1
     fi
 
     if [ cmp $PREFIX/message_out.$$ $tmpfile != 0 ] ; then
 	echo "failed comparison of message from $SERVER"
-	false
-	return
+	return 1
     fi
-    true
+
+    return 0
 }
 
 # Test reading an owner-only file (logon as guest) fails.
@@ -298,8 +284,7 @@ test_owner_only_file()
 ##
     if [ "$USERID" != 0 ] ; then
 	echo "skipping test_owner_only_file as non-root"
-	true
-	return
+	return 0
     fi
 
 ##
@@ -308,8 +293,7 @@ test_owner_only_file()
 ##
     if [ "$ADDARGS" = "-e" ] ; then
 	echo "skipping test_owner_only_file with encrypted connection"
-	true
-	return
+	return 0
     fi
 
     cat > $tmpfile <<EOF
@@ -326,21 +310,19 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed reading owner-only file with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt" >/dev/null 2>&1
 
     ret=$?
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed reading owner-only file - grep failed with $ret"
-	false
+	return 1
     fi
+
+    return 0
 }
 
 # Test accessing an msdfs path.
@@ -356,8 +338,7 @@ test_msdfs_link()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing msfds-share\ with error $ret"
-	false
-	return
+	return 1
     fi
 
     cat > $tmpfile <<EOF
@@ -376,8 +357,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing \\msdfs-src1 link with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt" >/dev/null 2>&1
@@ -386,7 +366,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\msdfs-src1 - grep failed with $ret"
-	false
+	return 1
     fi
 
     cat > $tmpfile <<EOF
@@ -405,8 +385,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing \\deeppath\\msdfs-src2 link with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt" >/dev/null 2>&1
@@ -415,12 +394,10 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\deeppath\\msdfs-src2 - grep failed with $ret"
-	false
-	return
-    else
-	true
-	return
+	return 1
     fi
+
+    return 0
 }
 
 # Archive bits are correctly set on file/dir creation and rename.
@@ -462,8 +439,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating file $filename with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt_file" >/dev/null 2>&1
@@ -474,13 +450,10 @@ EOF
     rm -f $local_name1
     rm -f $local_name2
 
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "Attributes incorrect on new file $ret"
-	false
+	return 1
     fi
 
 # Now check if we remove 'A' and rename, the A comes back.
@@ -504,8 +477,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating file and renaming $filename with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt_file" >/dev/null 2>&1
@@ -516,13 +488,10 @@ EOF
     rm -f $local_name1
     rm -f $local_name2
 
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "Attributes incorrect on renamed file $ret"
-	false
+	return 1
     fi
 
     rm -rf $local_dir_name1
@@ -545,8 +514,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating directory $dirname with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt_dir" >/dev/null 2>&1
@@ -556,13 +524,10 @@ EOF
     rm -rf $local_dir_name1
     rm -rf $local_dir_name2
 
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "Attributes incorrect on new directory $ret"
-	false
+	return 1
     fi
 
 # Now check if we rename, we still only have 'D' attributes
@@ -583,8 +548,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating directory $dirname and renaming with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep "$prompt_dir" >/dev/null 2>&1
@@ -594,14 +558,13 @@ EOF
     rm -f $local_name1
     rm -f $local_name2
 
-    if [ $ret = 0 ] ; then
-	# got the correct prompt .. succeed
-	true
-    else
+    if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "Attributes incorrect on renamed directory $ret"
-	false
+	return 1
     fi
+
+    return 0
 }
 
 # Test authenticating using the winbind ccache
@@ -612,8 +575,7 @@ test_ccache_access()
 
     if [ $ret != 0 ] ; then
 	echo "wbinfo failed to store creds in cache (user='${USERNAME}', pass='${PASSWORD}')"
-	false
-	return
+	return 1
     fi
 
     $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" $ADDARGS -c quit 2>&1
@@ -621,8 +583,7 @@ test_ccache_access()
 
     if [ $ret != 0 ] ; then
 	echo "smbclient failed to use cached credentials"
-	false
-	return
+	return 1
     fi
 
     $WBINFO --ccache-save="${USERNAME}%GarBage"
@@ -630,8 +591,7 @@ test_ccache_access()
 
     if [ $ret != 0 ] ; then
 	echo "wbinfo failed to store creds in cache (user='${USERNAME}', pass='GarBage')"
-	false
-	return
+	return 1
     fi
 
     $SMBCLIENT //$SERVER_IP/tmp -C -U "${USERNAME}" $ADDARGS -c quit 2>&1
@@ -639,8 +599,7 @@ test_ccache_access()
 
     if [ $ret -eq 0 ] ; then
 	echo "smbclient succeeded with wrong cached credentials"
-	false
-	return
+	return 1
     fi
 
     $WBINFO --logoff
@@ -661,8 +620,7 @@ EOF
 
     if [ $ret != 0 ] ; then
 	echo "smbclient failed to use auth file"
-	false
-	return
+	return 1
     fi
 
     cat > $tmpfile <<EOF
@@ -676,8 +634,7 @@ EOF
 
     if [ $ret -eq 0 ] ; then
 	echo "smbclient succeeded with wrong auth file credentials"
-	false
-	return
+	return 1
     fi
 }
 
@@ -699,8 +656,7 @@ test_backup_privilege_list()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "Failed to add SeBackupPrivilege to user $priv_username - $ret"
-	false
-	return
+	return 1
     fi
 
     cat > $tmpfile <<EOF
@@ -718,8 +674,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed backup privilege list $ret"
-	false
-	return
+	return 1
     fi
 
 # Now remove all privileges from this SID.
@@ -727,8 +682,7 @@ EOF
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "failed to remove SeBackupPrivilege from user $priv_username - $ret"
-	false
-	return
+	return 1
     fi
 }
 
@@ -744,8 +698,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing badname-tmp (SMB1) with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | wc -l 2>&1 | grep 6
@@ -753,7 +706,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep of number of lines (1) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep 'Domain=.*OS=.*Server='
@@ -761,7 +714,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (1) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  \. *D'
@@ -769,7 +722,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (2) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  \.\. *D'
@@ -777,7 +730,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (3) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  blank.txt *N'
@@ -785,7 +738,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (4) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^ *$'
@@ -793,7 +746,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (5) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep 'blocks of size.*blocks available'
@@ -801,7 +754,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - grep (6) failed with $ret"
-	false
+	return 1
     fi
 
     # Now check again with -mSMB3
@@ -813,8 +766,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing badname-tmp (SMB3) with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | wc -l 2>&1 | grep 6
@@ -822,7 +774,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep of number of lines (1) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep 'Domain=.*OS=.*Server='
@@ -830,7 +782,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (1) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  \. *D'
@@ -838,7 +790,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (2) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  \.\. *D'
@@ -846,7 +798,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (3) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^  blank.txt *N'
@@ -854,7 +806,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (4) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep '^ *$'
@@ -862,7 +814,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (5) failed with $ret"
-	false
+	return 1
     fi
 
     echo "$out" | grep 'blocks of size.*blocks available'
@@ -870,7 +822,7 @@ test_bad_names()
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed listing \\badname-tmp - SMB3 grep (6) failed with $ret"
-	false
+	return 1
     fi
 }
 
@@ -894,8 +846,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing manglenames_share with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep 'NT_STATUS'
@@ -903,7 +854,7 @@ EOF
     if [ $ret == 0 ] ; then
 	echo "$out"
 	echo "failed - NT_STATUS_XXXX listing \\manglenames_share\\FF4GBY~Q"
-	false
+	return 1
     fi
 }
 
@@ -936,14 +887,13 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed scopy test (1) with output $ret"
-	false
-	return
+	return 1
     fi
 
     if [ $out1 != $out2 ] ; then
 	echo "$out1 $out2"
 	echo "failed md5sum (1)"
-	false
+	return 1
     fi
 
 #
@@ -972,14 +922,13 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed scopy test (2) with output $ret"
-	false
-	return
+	return 1
     fi
 
     if [ $out1 != $out2 ] ; then
 	echo "$out1 $out2"
 	echo "failed md5sum (2)"
-	false
+	return 1
     fi
 }
 
@@ -1003,8 +952,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating toplevel stream :foobar with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep '^stream:.*:foobar'
@@ -1012,7 +960,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating toplevel stream :foobar"
-	false
+	return 1
     fi
 }
 
@@ -1034,8 +982,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing widelinks_share with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep 'NT_STATUS'
@@ -1043,7 +990,7 @@ EOF
     if [ $ret == 0 ] ; then
 	echo "$out"
 	echo "failed - NT_STATUS_XXXX listing \\widelinks_share\\dot"
-	false
+	return 1
     fi
 
     cat > $tmpfile <<EOF
@@ -1059,8 +1006,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed accessing widelinks_share with error $ret"
-	false
-	return
+	return 1
     fi
 
 # This should fail with NT_STATUS_ACCESS_DENIED
@@ -1069,7 +1015,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed - should get NT_STATUS_ACCESS_DENIED listing \\widelinks_share\\source"
-	false
+	return 1
     fi
 }
 
@@ -1095,8 +1041,7 @@ EOF
     if [ $ret != 0 ] ; then
 	echo "$out"
 	echo "failed creating then deleting foo:bar with error $ret"
-	false
-	return
+	return 1
     fi
 
     echo "$out" | grep 'NT_STATUS_NO_SUCH_FILE listing \\lost\*'
@@ -1105,8 +1050,7 @@ EOF
 	echo "$out"
 	echo "deleting foo:bar left lost-XXX directory"
 	rm -rf "$LOCAL_PATH/lost-*"
-	false
-	return
+	return 1
     fi
 }
 
@@ -1145,8 +1089,7 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed accessing nosymlinks with error $ret"
-       false
-       return
+       return 1
     fi
 
     echo "$out" | grep 'NT_STATUS_ACCESS_DENIED'
@@ -1154,8 +1097,7 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed - should get NT_STATUS_ACCESS_DENIED getting \\nosymlinks\\source"
-       false
-       return
+       return 1
     fi
 
 # But we should be able to create and delete directories.
@@ -1173,8 +1115,7 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed accessing nosymlinks with error $ret"
-       false
-       return
+       return 1
     fi
 
     echo "$out" | grep 'NT_STATUS'
@@ -1182,7 +1123,7 @@ EOF
     if [ $ret -eq 0 ] ; then
 	echo "$out"
 	echo "failed - NT_STATUS_XXXX doing mkdir a; mkdir a\\b on \\nosymlinks"
-	false
+	return 1
     fi
 
 # Ensure regular file/directory access also works.
@@ -1201,8 +1142,7 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed accessing nosymlinks with error $ret"
-       false
-       return
+       return 1
     fi
 
     echo "$out" | grep 'NT_STATUS'
@@ -1210,8 +1150,7 @@ EOF
     if [ $ret -eq 0 ] ; then
        echo "$out"
        echo "failed - NT_STATUS_XXXX doing cd foo\\bar; get testfile on \\nosymlinks"
-       false
-       return
+       return 1
     fi
 }
 
@@ -1231,8 +1170,7 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed to connect error $ret"
-       false
-       return
+       return 1
     fi
 
     echo "$out" | grep "Domain=\[[a-zA-Z][a-zA-Z0-9.-]*\] OS=\[Windows [0-9]\.[0-9]\] Server=\[Samba"
@@ -1240,9 +1178,10 @@ EOF
     if [ $ret -ne 0 ] ; then
        echo "$out"
        echo "failed - should get: Domain=[...] OS=[Windows 6.1] Server=..."
-       false
-       return
+       return 1
     fi
+
+    return 0
 }
 
 LOGDIR_PREFIX=test_smbclient_s3
-- 
1.9.1


From abef757e17373d6f3651456c6fc30b36de2e6673 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 16:58:42 +0200
Subject: [PATCH 02/19] s3:smbclient: remove unreliable Domain=[...]
 OS=[Windows 6.1] Server=[...] banner

On interactive sessions we print the following instead now:

Try "help" do get a list of possible commands.
smb: >

The reason for this is that we don't get these information via SMB2
and the we only get the domain name via some layering violations
from the NTLMSSP state.

It's better to remove this consitently for all SMB and auth
protocol combinations.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/client/client.c                   | 12 +++++----
 source3/script/tests/test_smbclient_s3.sh | 44 ++++++++++---------------------
 2 files changed, 21 insertions(+), 35 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index 375d9e3..df36028 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5155,7 +5155,7 @@ static int process_command_string(const char *cmd_in)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : desthost,
 				     service, popt_get_cmdline_auth_info(),
-				     true, smb_encrypt,
+				     false, smb_encrypt,
 				     max_protocol, port, name_type,
 				     &cli);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -5521,6 +5521,8 @@ static int process_stdin(void)
 {
 	int rc = 0;
 
+	d_printf("Try \"help\" do get a list of possible commands.\n");
+
 	while (!finished) {
 		TALLOC_CTX *frame = talloc_stackframe();
 		char *tok = NULL;
@@ -5584,7 +5586,7 @@ static int process(const char *base_directory)
 	status = cli_cm_open(talloc_tos(), NULL,
 			     have_ip ? dest_ss_str : desthost,
 			     service, popt_get_cmdline_auth_info(),
-			     true, smb_encrypt, max_protocol, port,
+			     false, smb_encrypt, max_protocol, port,
 			     name_type, &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		return 1;
@@ -5621,7 +5623,7 @@ static int do_host_query(const char *query_host)
 	status = cli_cm_open(talloc_tos(), NULL,
 			     have_ip ? dest_ss_str : query_host,
 			     "IPC$", popt_get_cmdline_auth_info(),
-			     true, smb_encrypt, max_protocol, port,
+			     false, smb_encrypt, max_protocol, port,
 			     name_type, &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		return 1;
@@ -5660,7 +5662,7 @@ static int do_host_query(const char *query_host)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : query_host,
 				     "IPC$", popt_get_cmdline_auth_info(),
-				     true, smb_encrypt, max_proto,
+				     false, smb_encrypt, max_proto,
 				     NBT_SMB_PORT, name_type, &cli);
 		if (!NT_STATUS_IS_OK(status)) {
 			cli = NULL;
@@ -5696,7 +5698,7 @@ static int do_tar_op(const char *base_directory)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : desthost,
 				     service, popt_get_cmdline_auth_info(),
-				     true, smb_encrypt, max_protocol,
+				     false, smb_encrypt, max_protocol,
 				     port, name_type, &cli);
 		if (!NT_STATUS_IS_OK(status)) {
             ret = 1;
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index fab074a..2db7cc0 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -701,7 +701,7 @@ test_bad_names()
 	return 1
     fi
 
-    echo "$out" | wc -l 2>&1 | grep 6
+    echo "$out" | wc -l 2>&1 | grep 5
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
@@ -709,19 +709,11 @@ test_bad_names()
 	return 1
     fi
 
-    echo "$out" | grep 'Domain=.*OS=.*Server='
-    ret=$?
-    if [ $ret != 0 ] ; then
-	echo "$out"
-	echo "failed listing \\badname-tmp - grep (1) failed with $ret"
-	return 1
-    fi
-
     echo "$out" | grep '^  \. *D'
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - grep (2) failed with $ret"
+	echo "failed listing \\badname-tmp - grep (1) failed with $ret"
 	return 1
     fi
 
@@ -729,7 +721,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - grep (3) failed with $ret"
+	echo "failed listing \\badname-tmp - grep (2) failed with $ret"
 	return 1
     fi
 
@@ -737,7 +729,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - grep (4) failed with $ret"
+	echo "failed listing \\badname-tmp - grep (3) failed with $ret"
 	return 1
     fi
 
@@ -745,7 +737,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - grep (5) failed with $ret"
+	echo "failed listing \\badname-tmp - grep (4) failed with $ret"
 	return 1
     fi
 
@@ -753,7 +745,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - grep (6) failed with $ret"
+	echo "failed listing \\badname-tmp - grep (5) failed with $ret"
 	return 1
     fi
 
@@ -769,7 +761,7 @@ test_bad_names()
 	return 1
     fi
 
-    echo "$out" | wc -l 2>&1 | grep 6
+    echo "$out" | wc -l 2>&1 | grep 5
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
@@ -777,19 +769,11 @@ test_bad_names()
 	return 1
     fi
 
-    echo "$out" | grep 'Domain=.*OS=.*Server='
-    ret=$?
-    if [ $ret != 0 ] ; then
-	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (1) failed with $ret"
-	return 1
-    fi
-
     echo "$out" | grep '^  \. *D'
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (2) failed with $ret"
+	echo "failed listing \\badname-tmp - SMB3 grep (1) failed with $ret"
 	return 1
     fi
 
@@ -797,7 +781,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (3) failed with $ret"
+	echo "failed listing \\badname-tmp - SMB3 grep (2) failed with $ret"
 	return 1
     fi
 
@@ -805,7 +789,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (4) failed with $ret"
+	echo "failed listing \\badname-tmp - SMB3 grep (3) failed with $ret"
 	return 1
     fi
 
@@ -813,7 +797,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (5) failed with $ret"
+	echo "failed listing \\badname-tmp - SMB3 grep (4) failed with $ret"
 	return 1
     fi
 
@@ -821,7 +805,7 @@ test_bad_names()
     ret=$?
     if [ $ret != 0 ] ; then
 	echo "$out"
-	echo "failed listing \\badname-tmp - SMB3 grep (6) failed with $ret"
+	echo "failed listing \\badname-tmp - SMB3 grep (5) failed with $ret"
 	return 1
     fi
 }
@@ -1173,11 +1157,11 @@ EOF
        return 1
     fi
 
-    echo "$out" | grep "Domain=\[[a-zA-Z][a-zA-Z0-9.-]*\] OS=\[Windows [0-9]\.[0-9]\] Server=\[Samba"
+    echo "$out" | grep 'Try "help" do get a list of possible commands.'
     ret=$?
     if [ $ret -ne 0 ] ; then
        echo "$out"
-       echo "failed - should get: Domain=[...] OS=[Windows 6.1] Server=..."
+       echo 'failed - should get: Try "help" do get a list of possible commands.'
        return 1
     fi
 
-- 
1.9.1


From a9f70996c0e7a2d9f53b78425e7fe81cd86dc3a3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 17:03:05 +0200
Subject: [PATCH 03/19] s3:libsmb: remove unused show_sessetup handling from
 do_connect()

All caller pass in 'false'.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/clidfs.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 060c4e9..b0b33d3 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -134,7 +134,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 					const char *server,
 					const char *share,
 					const struct user_auth_info *auth_info,
-					bool show_sessetup,
 					bool force_encrypt,
 					int max_protocol,
 					int port,
@@ -259,15 +258,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		return status;
 	}
 
-	if ( show_sessetup ) {
-		if (*c->server_domain) {
-			DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
-				c->server_domain,c->server_os,c->server_type));
-		} else if (*c->server_os || *c->server_type) {
-			DEBUG(0,("OS=[%s] Server=[%s]\n",
-				 c->server_os,c->server_type));
-		}
-	}
 	DEBUG(4,(" session setup ok\n"));
 
 	/* here's the fun part....to support 'msdfs proxy' shares
@@ -281,7 +271,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 				force_encrypt, creds)) {
 		cli_shutdown(c);
 		return do_connect(ctx, newserver,
-				newshare, auth_info, false,
+				newshare, auth_info,
 				force_encrypt, max_protocol,
 				port, name_type, pcli);
 	}
@@ -348,7 +338,7 @@ static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
 
 	status = do_connect(ctx, server, share,
 				auth_info,
-				show_hdr, force_encrypt, max_protocol,
+				force_encrypt, max_protocol,
 				port, name_type, &cli);
 
 	if (!NT_STATUS_IS_OK(status)) {
-- 
1.9.1


From 1e57dfb658a0575320749ebfbdbcdee175dae06e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 17:03:05 +0200
Subject: [PATCH 04/19] s3:libsmb: remove unused 'bool show_hdr' from
 cli_cm_connect()

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/clidfs.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index b0b33d3..017e368 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -326,7 +326,6 @@ static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
 			       const char *server,
 			       const char *share,
 			       const struct user_auth_info *auth_info,
-			       bool show_hdr,
 			       bool force_encrypt,
 			       int max_protocol,
 			       int port,
@@ -444,7 +443,6 @@ NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
 				server,
 				share,
 				auth_info,
-				show_hdr,
 				force_encrypt,
 				max_protocol,
 				port,
@@ -1034,7 +1032,6 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 				dfs_refs[count].server,
 				dfs_refs[count].share,
 				dfs_auth_info,
-				false,
 				smb1cli_conn_encryption_on(rootcli->conn),
 				smbXcli_conn_protocol(rootcli->conn),
 				0,
-- 
1.9.1


From 0627c12b15af33ef5abce35c1b45b1e02cfb6f10 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 17:03:05 +0200
Subject: [PATCH 05/19] s3:libsmb: remove unused 'bool show_hdr' from
 cli_cm_open()

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/client/client.c | 10 +++++-----
 source3/lib/netapi/cm.c |  2 +-
 source3/libsmb/clidfs.c |  2 --
 source3/libsmb/proto.h  |  1 -
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/source3/client/client.c b/source3/client/client.c
index df36028..c431a01 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5155,7 +5155,7 @@ static int process_command_string(const char *cmd_in)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : desthost,
 				     service, popt_get_cmdline_auth_info(),
-				     false, smb_encrypt,
+				     smb_encrypt,
 				     max_protocol, port, name_type,
 				     &cli);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -5586,7 +5586,7 @@ static int process(const char *base_directory)
 	status = cli_cm_open(talloc_tos(), NULL,
 			     have_ip ? dest_ss_str : desthost,
 			     service, popt_get_cmdline_auth_info(),
-			     false, smb_encrypt, max_protocol, port,
+			     smb_encrypt, max_protocol, port,
 			     name_type, &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		return 1;
@@ -5623,7 +5623,7 @@ static int do_host_query(const char *query_host)
 	status = cli_cm_open(talloc_tos(), NULL,
 			     have_ip ? dest_ss_str : query_host,
 			     "IPC$", popt_get_cmdline_auth_info(),
-			     false, smb_encrypt, max_protocol, port,
+			     smb_encrypt, max_protocol, port,
 			     name_type, &cli);
 	if (!NT_STATUS_IS_OK(status)) {
 		return 1;
@@ -5662,7 +5662,7 @@ static int do_host_query(const char *query_host)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : query_host,
 				     "IPC$", popt_get_cmdline_auth_info(),
-				     false, smb_encrypt, max_proto,
+				     smb_encrypt, max_proto,
 				     NBT_SMB_PORT, name_type, &cli);
 		if (!NT_STATUS_IS_OK(status)) {
 			cli = NULL;
@@ -5698,7 +5698,7 @@ static int do_tar_op(const char *base_directory)
 		status = cli_cm_open(talloc_tos(), NULL,
 				     have_ip ? dest_ss_str : desthost,
 				     service, popt_get_cmdline_auth_info(),
-				     false, smb_encrypt, max_protocol,
+				     smb_encrypt, max_protocol,
 				     port, name_type, &cli);
 		if (!NT_STATUS_IS_OK(status)) {
             ret = 1;
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
index 57e44ac..95132f2 100644
--- a/source3/lib/netapi/cm.c
+++ b/source3/lib/netapi/cm.c
@@ -110,7 +110,7 @@ static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
 	status = cli_cm_open(ctx, NULL,
 			     server_name, "IPC$",
 			     auth_info,
-			     false, false,
+			     false,
 			     lp_client_ipc_max_protocol(),
 			     0, 0x20, &cli_ipc);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 017e368..207b324 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -413,7 +413,6 @@ NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
 				const char *server,
 				const char *share,
 				const struct user_auth_info *auth_info,
-				bool show_hdr,
 				bool force_encrypt,
 				int max_protocol,
 				int port,
@@ -974,7 +973,6 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
 			     smbXcli_conn_remote_name(rootcli->conn),
 			     "IPC$",
 			     dfs_auth_info,
-			     false,
 			     smb1cli_conn_encryption_on(rootcli->conn),
 			     smbXcli_conn_protocol(rootcli->conn),
 			     0,
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index fb122b9..47b9cf1 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -145,7 +145,6 @@ NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
 				const char *server,
 				const char *share,
 				const struct user_auth_info *auth_info,
-				bool show_hdr,
 				bool force_encrypt,
 				int max_protocol,
 				int port,
-- 
1.9.1


From d933a679ca51b124546d5dc834d9dfecbf99677d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 23 Jun 2017 17:11:51 +0200
Subject: [PATCH 06/19] WHATSNEW: document the new smbclient banner

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 WHATSNEW.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6d145b0..6d01b7d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -12,6 +12,15 @@ Samba 4.7 will be the next version of the Samba suite.
 UPGRADING
 =========
 
+smbclient changes
+-----------------
+
+smbclient no longer prints a 'Domain=[...] OS=[Windows 6.1] Server=[...]'
+banner when connecting to the first server. With SMB2 and Kerberos
+there's no way to print this information reliable. Now we avoid it at all
+consistently. In interactive session the following banner is now presented
+to the user: 'Try "help" do get a list of possible commands.'.
+
 
 NEW FEATURES/CHANGES
 ====================
-- 
1.9.1


From 19fcfeaba5d2e78e83a2635a40519a89331c1010 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 20 Jun 2017 09:07:44 +0200
Subject: [PATCH 07/19] s3:selftest: also run test_smbclient_s3.sh with
 PROTO=SMB3

This makes sure only the "creating a bad symlink and deleting it"
is failing with -mSMB3.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail.d/smbclient-smb3 | 1 +
 source3/selftest/tests.py           | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 selftest/knownfail.d/smbclient-smb3

diff --git a/selftest/knownfail.d/smbclient-smb3 b/selftest/knownfail.d/smbclient-smb3
new file mode 100644
index 0000000..5c31d70
--- /dev/null
+++ b/selftest/knownfail.d/smbclient-smb3
@@ -0,0 +1 @@
+^samba3.blackbox.smbclient_s3.SMB3.*.creating.a.bad.symlink.and.deleting.it
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index a28ab67..cca2ee1 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -212,19 +212,24 @@ plantestsuite("samba3.blackbox.smbclient_ntlm.plain (%s)" % env, env, [os.path.j
 # plain
 for env in ["nt4_dc"]:
     plantestsuite("samba3.blackbox.smbclient_s3.NT1.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1"])
+    plantestsuite("samba3.blackbox.smbclient_s3.SMB3.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "SMB3"])
 
 for env in ["nt4_member", "ad_member"]:
     plantestsuite("samba3.blackbox.smbclient_s3.NT1.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1"])
+    plantestsuite("samba3.blackbox.smbclient_s3.SMB3.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "SMB3"])
 
 for env in ["nt4_dc"]:
     plantestsuite("samba3.blackbox.smbclient_s3.NT1.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "--signing=required"])
+    plantestsuite("samba3.blackbox.smbclient_s3.SMB3.sign (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "SMB3", "--signing=required"])
 
 for env in ["nt4_member", "ad_member"]:
     plantestsuite("samba3.blackbox.smbclient_s3.NT1.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "--signing=required"])
+    plantestsuite("samba3.blackbox.smbclient_s3.SMB3.sign (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER/$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "SMB3", "--signing=required"])
 
 for env in ["nt4_dc"]:
     # encrypted
     plantestsuite("samba3.blackbox.smbclient_s3.NT1.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "NT1", "-e"])
+    plantestsuite("samba3.blackbox.smbclient_s3.SMB3.crypt (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration, "SMB3", "-e"])
 
 for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.preserve_case (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_preserve_case.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3])
-- 
1.9.1


From 8df1d991128e627f5abde8af946a8ac63b5b46ad Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Sun, 25 Jun 2017 19:59:46 +0200
Subject: [PATCH 08/19] s3:test_acl_xattr.sh: allow passing additional
 arguments for smbclient and smbcacls

This will make it possible to test with -mNT1 as well as -mSMB3
in a following patch.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_acl_xattr.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh
index 4435199..01a48f2 100755
--- a/source3/script/tests/test_acl_xattr.sh
+++ b/source3/script/tests/test_acl_xattr.sh
@@ -15,8 +15,10 @@ PASSWORD="$3"
 PREFIX="$4"
 SMBCLIENT="$5"
 SMBCACLS="$6"
-SMBCLIENT="$VALGRIND ${SMBCLIENT}"
-SMBCACLS="$VALGRIND ${SMBCACLS}"
+shift 6
+ADDARGS="$*"
+SMBCLIENT="$VALGRIND ${SMBCLIENT} ${ADDARGS}"
+SMBCACLS="$VALGRIND ${SMBCACLS} ${ADDARGS}"
 
 incdir=`dirname $0`/../../../testprogs/blackbox
 . $incdir/subunit.sh
-- 
1.9.1


From 373717bad09790b651593871984e42793a6a233e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Sun, 25 Jun 2017 20:44:47 +0200
Subject: [PATCH 09/19] Revert "s3:test_acl_xattr.sh: use -mNT1 for the
 'getfacl' commands"

This reverts commit 4eb29ce3266a8c05047ecf33a98d1dbdbbbd63c6.

This will be passed by the caller in a following commit.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_acl_xattr.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh
index 01a48f2..9a4664d 100755
--- a/source3/script/tests/test_acl_xattr.sh
+++ b/source3/script/tests/test_acl_xattr.sh
@@ -39,9 +39,9 @@ nt_affects_posix() {
     local b4
     local af
     local fname="$share.$$"
-    b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -a "ACL:$SERVER\force_user:ALLOWED/0x0/READ" 2>/dev/null || exit 1
-    af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     echo "before: $b4"
     echo "after: $af"
     if test "$expected" = "true" ; then
@@ -72,10 +72,10 @@ nt_affects_chown() {
     #basic sanity...
     test "$b4_expected != $af_expected" || exit 1
 
-    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
     $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -C force_user 2>/dev/null || exit 1
-    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
     echo "before: $b4_actual"
     echo "after: $af_actual"
@@ -103,10 +103,10 @@ nt_affects_chgrp() {
     #basic sanity...
     test "$b4_expected != $af_expected" || exit 1
 
-    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
     $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
-    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -mNT1 -c "getfacl $fname" 2>/dev/null) || exit 1
+    af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
     echo "before: $b4_actual"
     echo "after: $af_actual"
-- 
1.9.1


From 17ae5b9f8d99d07d749dd9733f3f4104f5eae1fe Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:32:54 +0200
Subject: [PATCH 10/19] s3:test_acl_xattr.sh: add more assertion about the
 expected output.

We should not treat 'test "" = ""' as success.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_acl_xattr.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/source3/script/tests/test_acl_xattr.sh b/source3/script/tests/test_acl_xattr.sh
index 9a4664d..ddccf4f 100755
--- a/source3/script/tests/test_acl_xattr.sh
+++ b/source3/script/tests/test_acl_xattr.sh
@@ -44,6 +44,8 @@ nt_affects_posix() {
     af=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     echo "before: $b4"
     echo "after: $af"
+    echo "${b4}" | grep -q "^# owner:" || exit 1
+    echo "${af}" | grep -q "^# owner:" || exit 1
     if test "$expected" = "true" ; then
         test "$b4" != "$af"
     else
@@ -73,9 +75,11 @@ nt_affects_chown() {
     test "$b4_expected != $af_expected" || exit 1
 
     b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    echo "${b4_actual}" | grep -q "^# owner:" || exit 1
     b4_actual=$(echo "$b4_actual" | sed -rn 's/^# owner: (.*)/\1/p')
     $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -C force_user 2>/dev/null || exit 1
     af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    echo "${af_actual}" | grep -q "^# owner:" || exit 1
     af_actual=$(echo "$af_actual" | sed -rn 's/^# owner: (.*)/\1/p')
     echo "before: $b4_actual"
     echo "after: $af_actual"
@@ -101,12 +105,14 @@ nt_affects_chgrp() {
     echo "$af_expected"
 
     #basic sanity...
-    test "$b4_expected != $af_expected" || exit 1
+    test "$b4_expected" != "$af_expected" || exit 1
 
     b4_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
     b4_actual=$(echo "$b4_actual" | sed -rn 's/^# group: (.*)/\1/p')
+    echo "${b4_actual}" | grep -q "^# group:" || exit 1
     $SMBCACLS //$SERVER/$share $fname -U $USERNAME%$PASSWORD -G domadmins 2>/dev/null || exit 1
     af_actual=$($SMBCLIENT //$SERVER/$share -U $USERNAME%$PASSWORD -c "getfacl $fname" 2>/dev/null) || exit 1
+    echo "${af_actual}" | grep -q "^# group:" || exit 1
     af_actual=$(echo "$af_actual" | sed -rn 's/^# group: (.*)/\1/p')
     echo "before: $b4_actual"
     echo "after: $af_actual"
-- 
1.9.1


From e85938ce58638fddd996175c40b3a610aab85efc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:34:38 +0200
Subject: [PATCH 11/19] s3:selftest: run samba3.blackbox.acl_xattr with NT1 and
 SMB3

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail.d/smbclient-smb3 | 3 +++
 source3/selftest/tests.py           | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/selftest/knownfail.d/smbclient-smb3 b/selftest/knownfail.d/smbclient-smb3
index 5c31d70..5766818 100644
--- a/selftest/knownfail.d/smbclient-smb3
+++ b/selftest/knownfail.d/smbclient-smb3
@@ -1 +1,4 @@
 ^samba3.blackbox.smbclient_s3.SMB3.*.creating.a.bad.symlink.and.deleting.it
+^samba3.blackbox.acl_xattr.SMB3.nt_affects_posix
+^samba3.blackbox.acl_xattr.SMB3.nt_affects_chown
+^samba3.blackbox.acl_xattr.SMB3.nt_affects_chgrp
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index cca2ee1..bfb0c42 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -242,7 +242,8 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.smbclient.forceuser_validusers (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_forceuser_validusers.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
     plantestsuite("samba3.blackbox.smbget (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbget.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', 'smbget_user', '$PASSWORD', '$LOCAL_PATH/smbget', smbget])
     plantestsuite("samba3.blackbox.netshareenum (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shareenum.sh"), '$SERVER', '$USERNAME', '$PASSWORD', rpcclient])
-    plantestsuite("samba3.blackbox.acl_xattr (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls])
+    plantestsuite("samba3.blackbox.acl_xattr.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, '-mNT1'])
+    plantestsuite("samba3.blackbox.acl_xattr.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, '-mSMB3'])
     plantestsuite("samba3.blackbox.smb2.not_casesensitive (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smb2_not_casesensitive.sh"), '//$SERVER/tmp', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
     plantestsuite("samba3.blackbox.inherit_owner.default(%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'tmp', '0', '0', '-m', 'NT1'])
     plantestsuite("samba3.blackbox.inherit_owner.full (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner', '1', '1', '-m', 'NT1'])
-- 
1.9.1


From a7a745322b1f61c091a6346f7cd2e93a63a3287b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:25:17 +0200
Subject: [PATCH 12/19] s3:selftest: run samba3.blackbox.inherit_owner tests
 with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail.d/smbclient-smb3 | 1 +
 source3/selftest/tests.py           | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/selftest/knownfail.d/smbclient-smb3 b/selftest/knownfail.d/smbclient-smb3
index 5766818..119e93e 100644
--- a/selftest/knownfail.d/smbclient-smb3
+++ b/selftest/knownfail.d/smbclient-smb3
@@ -2,3 +2,4 @@
 ^samba3.blackbox.acl_xattr.SMB3.nt_affects_posix
 ^samba3.blackbox.acl_xattr.SMB3.nt_affects_chown
 ^samba3.blackbox.acl_xattr.SMB3.nt_affects_chgrp
+^samba3.blackbox.inherit_owner.*.SMB3.*unix.owner
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index bfb0c42..c15ffe7 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -245,9 +245,12 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.acl_xattr.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, '-mNT1'])
     plantestsuite("samba3.blackbox.acl_xattr.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, '-mSMB3'])
     plantestsuite("samba3.blackbox.smb2.not_casesensitive (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smb2_not_casesensitive.sh"), '//$SERVER/tmp', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
-    plantestsuite("samba3.blackbox.inherit_owner.default(%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'tmp', '0', '0', '-m', 'NT1'])
-    plantestsuite("samba3.blackbox.inherit_owner.full (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner', '1', '1', '-m', 'NT1'])
-    plantestsuite("samba3.blackbox.inherit_owner.unix (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner_u', '0', '1', '-m', 'NT1'])
+    plantestsuite("samba3.blackbox.inherit_owner.default.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'tmp', '0', '0', '-m', 'NT1'])
+    plantestsuite("samba3.blackbox.inherit_owner.default.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'tmp', '0', '0', '-m', 'SMB3'])
+    plantestsuite("samba3.blackbox.inherit_owner.full.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner', '1', '1', '-m', 'NT1'])
+    plantestsuite("samba3.blackbox.inherit_owner.full.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner', '1', '1', '-m', 'SMB3'])
+    plantestsuite("samba3.blackbox.inherit_owner.unix.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner_u', '0', '1', '-m', 'NT1'])
+    plantestsuite("samba3.blackbox.inherit_owner.unix.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner_u', '0', '1', '-m', 'SMB3'])
     plantestsuite("samba3.blackbox.large_acl (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls])
 
     #
-- 
1.9.1


From ad9984388997dfea5cae747060bfe1251b8da949 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:39:31 +0200
Subject: [PATCH 13/19] s3:selftest: run samba3.blackbox.large_acl tests with
 NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/selftest/tests.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c15ffe7..29c9dfd 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -251,7 +251,8 @@ for env in ["fileserver"]:
     plantestsuite("samba3.blackbox.inherit_owner.full.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner', '1', '1', '-m', 'SMB3'])
     plantestsuite("samba3.blackbox.inherit_owner.unix.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner_u', '0', '1', '-m', 'NT1'])
     plantestsuite("samba3.blackbox.inherit_owner.unix.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_inherit_owner.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, 'inherit_owner_u', '0', '1', '-m', 'SMB3'])
-    plantestsuite("samba3.blackbox.large_acl (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls])
+    plantestsuite("samba3.blackbox.large_acl.NT1", env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls, '-m', 'NT1'])
+    plantestsuite("samba3.blackbox.large_acl.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls, '-m', 'SMB3'])
 
     #
     # tar command tests
-- 
1.9.1


From 8bb656e6f7c4dc74260fc23d7b633c4dc9ef21e6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:40:08 +0200
Subject: [PATCH 14/19] s3:selftest: run samba3.blackbox.smbclient_tar* tests
 with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/selftest/tests.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 29c9dfd..7d2d4c6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -261,18 +261,28 @@ for env in ["fileserver"]:
     # tar command enabled only if built with libarchive
     if have_libarchive:
         # Test smbclient/tarmode
-        plantestsuite("samba3.blackbox.smbclient_tarmode (%s)" % env, env,
+        plantestsuite("samba3.blackbox.smbclient_tarmode.NT1", env,
                       [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.sh"),
                        '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD',
-                       '$LOCAL_PATH', '$PREFIX', smbclient3, configuration])
+                       '$LOCAL_PATH', '$PREFIX', smbclient3, configuration, "-mNT1"])
+        plantestsuite("samba3.blackbox.smbclient_tarmode.SMB3", env,
+                      [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.sh"),
+                       '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD',
+                       '$LOCAL_PATH', '$PREFIX', smbclient3, configuration, "-mSMB3"])
 
         # Test suite for new smbclient/tar with libarchive (GSoC 13)
-        plantestsuite("samba3.blackbox.smbclient_tar (%s)" % env, env,
+        plantestsuite("samba3.blackbox.smbclient_tar.NT1", env,
+                      [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.pl"),
+                       '-n', '$SERVER', '-i', '$SERVER_IP', '-s', 'tmp',
+                       '-u', '$USERNAME', '-p', '$PASSWORD', '-l', '$LOCAL_PATH',
+                       '-d', '$PREFIX', '-b', smbclient3,
+                       '--subunit', '--', configuration, '-mNT1'])
+        plantestsuite("samba3.blackbox.smbclient_tar.SMB3", env,
                       [os.path.join(samba3srcdir, "script/tests/test_smbclient_tarmode.pl"),
                        '-n', '$SERVER', '-i', '$SERVER_IP', '-s', 'tmp',
                        '-u', '$USERNAME', '-p', '$PASSWORD', '-l', '$LOCAL_PATH',
                        '-d', '$PREFIX', '-b', smbclient3,
-                       '--subunit', '--', configuration])
+                       '--subunit', '--', configuration, '-mSMB3'])
 
 #TODO encrypted against member, with member creds, and with DC creds
 plantestsuite("samba3.blackbox.net.misc", "nt4_dc:local",
-- 
1.9.1


From 10065f24c336282da4e2cea96a5ac7ab92a7cbf4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:41:47 +0200
Subject: [PATCH 15/19] s3:selftest: also run samba3.blackbox.smbclient_krb5
 with the new ccache

There's no point in running it twice with the old ccache.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/selftest/tests.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 7d2d4c6..bdb9a5a 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -585,9 +585,9 @@ for options in options_list:
                    "$PREFIX/ktest/krb5_ccache-2",
                    smbclient3, "$SERVER", options, configuration])
 
-    plantestsuite("samba3.blackbox.smbclient_krb5 old ccache %s" % options, "ktest:local",
+    plantestsuite("samba3.blackbox.smbclient_krb5 new ccache %s" % options, "ktest:local",
                   [os.path.join(samba3srcdir, "script/tests/test_smbclient_krb5.sh"),
-                   "$PREFIX/ktest/krb5_ccache-2",
+                   "$PREFIX/ktest/krb5_ccache-3",
                    smbclient3, "$SERVER", options, configuration])
 
     plantestsuite("samba3.blackbox.smbclient_large_file %s" % options, "ktest:local",
-- 
1.9.1


From c3f907af93f85b9de8cfebd13b4fce2c4996fac6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:55:34 +0200
Subject: [PATCH 16/19] s3:test_smbclient_posix_large.sh: there's no posix test
 to rename to test_smbclient_large_file.sh

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_smbclient_large_file.sh  | 62 ++++++++++++++++++++++
 source3/script/tests/test_smbclient_posix_large.sh | 62 ----------------------
 source3/selftest/tests.py                          | 13 ++---
 3 files changed, 66 insertions(+), 71 deletions(-)
 create mode 100755 source3/script/tests/test_smbclient_large_file.sh
 delete mode 100755 source3/script/tests/test_smbclient_posix_large.sh

diff --git a/source3/script/tests/test_smbclient_large_file.sh b/source3/script/tests/test_smbclient_large_file.sh
new file mode 100755
index 0000000..0aee7af
--- /dev/null
+++ b/source3/script/tests/test_smbclient_large_file.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: test_smbclient_posix_large.sh ccache smbclient3 server prefix <smbclient args>
+EOF
+exit 1;
+fi
+
+KRB5CCNAME=$1
+export KRB5CCNAME
+SMBCLIENT3=$2
+SERVER=$3
+PREFIX=$4
+shift 4
+ADDARGS="$*"
+
+# Test that a noninteractive smbclient does not prompt
+test_large_write_read()
+{
+
+    cat > $PREFIX/largefile-script <<EOF
+posix
+put $PREFIX/largefile largefile
+get largefile $PREFIX/largefile2
+rm largefile
+quit
+EOF
+
+    cmd='$SMBCLIENT3 //$SERVER/xcopy_share $ADDARGS < $PREFIX/largefile-script 2>&1'
+    eval echo "$cmd"
+    out=`eval $cmd`
+
+    if [ $? != 0 ] ; then
+	echo "$out"
+	echo "command failed"
+	false
+	return
+    fi
+
+    echo "$out" | grep "getting file" >/dev/null 2>&1
+
+    if [ $? = 0 ] ; then
+	true
+    else
+	echo did not get success message
+	false
+    fi
+}
+
+rm -f $PREFIX/largefile
+dd if=/dev/zero of=$PREFIX/largefile skip=$((20*1024*1024)) count=1 bs=1
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+testit "smbclient large posix write read" test_large_write_read || failed=`expr $failed + 1`
+
+testit "cmp of read and written files" cmp $PREFIX/largefile $PREFIX/largefile2 || failed=`expr $failed + 1`
+rm -f $PREFIX/largefile2
+
+testok $0 $failed
diff --git a/source3/script/tests/test_smbclient_posix_large.sh b/source3/script/tests/test_smbclient_posix_large.sh
deleted file mode 100755
index 0aee7af..0000000
--- a/source3/script/tests/test_smbclient_posix_large.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/sh
-
-if [ $# -lt 1 ]; then
-cat <<EOF
-Usage: test_smbclient_posix_large.sh ccache smbclient3 server prefix <smbclient args>
-EOF
-exit 1;
-fi
-
-KRB5CCNAME=$1
-export KRB5CCNAME
-SMBCLIENT3=$2
-SERVER=$3
-PREFIX=$4
-shift 4
-ADDARGS="$*"
-
-# Test that a noninteractive smbclient does not prompt
-test_large_write_read()
-{
-
-    cat > $PREFIX/largefile-script <<EOF
-posix
-put $PREFIX/largefile largefile
-get largefile $PREFIX/largefile2
-rm largefile
-quit
-EOF
-
-    cmd='$SMBCLIENT3 //$SERVER/xcopy_share $ADDARGS < $PREFIX/largefile-script 2>&1'
-    eval echo "$cmd"
-    out=`eval $cmd`
-
-    if [ $? != 0 ] ; then
-	echo "$out"
-	echo "command failed"
-	false
-	return
-    fi
-
-    echo "$out" | grep "getting file" >/dev/null 2>&1
-
-    if [ $? = 0 ] ; then
-	true
-    else
-	echo did not get success message
-	false
-    fi
-}
-
-rm -f $PREFIX/largefile
-dd if=/dev/zero of=$PREFIX/largefile skip=$((20*1024*1024)) count=1 bs=1
-
-incdir=`dirname $0`/../../../testprogs/blackbox
-. $incdir/subunit.sh
-
-testit "smbclient large posix write read" test_large_write_read || failed=`expr $failed + 1`
-
-testit "cmp of read and written files" cmp $PREFIX/largefile $PREFIX/largefile2 || failed=`expr $failed + 1`
-rm -f $PREFIX/largefile2
-
-testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index bdb9a5a..809eb5e 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -590,18 +590,13 @@ for options in options_list:
                    "$PREFIX/ktest/krb5_ccache-3",
                    smbclient3, "$SERVER", options, configuration])
 
-    plantestsuite("samba3.blackbox.smbclient_large_file %s" % options, "ktest:local",
-                  [os.path.join(samba3srcdir, "script/tests/test_smbclient_posix_large.sh"),
+    plantestsuite("samba3.blackbox.smbclient_large_file %s krb5" % options, "ktest:local",
+                  [os.path.join(samba3srcdir, "script/tests/test_smbclient_large_file.sh"),
                    "$PREFIX/ktest/krb5_ccache-3",
                    smbclient3, "$SERVER", "$PREFIX", options, "-k " + configuration])
 
-    plantestsuite("samba3.blackbox.smbclient_posix_large %s krb5" % options, "ktest:local",
-                  [os.path.join(samba3srcdir, "script/tests/test_smbclient_posix_large.sh"),
-                   "$PREFIX/ktest/krb5_ccache-3",
-                   smbclient3, "$SERVER", "$PREFIX", options, "-k " + configuration])
-
-    plantestsuite("samba3.blackbox.smbclient_posix_large %s NTLM" % options, "nt4_dc:local",
-                  [os.path.join(samba3srcdir, "script/tests/test_smbclient_posix_large.sh"),
+    plantestsuite("samba3.blackbox.smbclient_large_file %s NTLM" % options, "nt4_dc:local",
+                  [os.path.join(samba3srcdir, "script/tests/test_smbclient_large_file.sh"),
                    "none",
                    smbclient3, "$SERVER", "$PREFIX", options, "-U$USERNAME%$PASSWORD " + configuration])
 
-- 
1.9.1


From 0eca5ade84616f4c15b9bd72b18bac5f4d89d4b9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 09:48:21 +0200
Subject: [PATCH 17/19] s3:selftest: run samba3.blackbox.smbclient_large_file
 (NTLM) with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/selftest/tests.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 809eb5e..83e5778 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -578,6 +578,9 @@ plantestsuite("samba3.blackbox.smbclient.encryption_off", "simpleserver",
                "$USERNAME", "$PASSWORD", "$SERVER",
                smbclient3])
 
+# The ktest environment uses:
+# server min protocol = SMB3_00
+# client max protocol = SMB3
 options_list = ["", "-e"]
 for options in options_list:
     plantestsuite("samba3.blackbox.smbclient_krb5 old ccache %s" % options, "ktest:local",
@@ -595,6 +598,8 @@ for options in options_list:
                    "$PREFIX/ktest/krb5_ccache-3",
                    smbclient3, "$SERVER", "$PREFIX", options, "-k " + configuration])
 
+options_list = ["-mNT1", "-mNT1 -e", "-mSMB3", "-mSMB3 -e"]
+for options in options_list:
     plantestsuite("samba3.blackbox.smbclient_large_file %s NTLM" % options, "nt4_dc:local",
                   [os.path.join(samba3srcdir, "script/tests/test_smbclient_large_file.sh"),
                    "none",
-- 
1.9.1


From 6e93755d0f82ff0d8db46a9194092ae0e3af7889 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 10:00:53 +0200
Subject: [PATCH 18/19] param: change the effective default for "client max
 protocol" to the latest supported protocol

Currently it's SMB3_11.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 2 +-
 lib/param/loadparm.c                               | 2 +-
 source3/param/loadparm.c                           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
index 0131331..eba18bf 100644
--- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -79,7 +79,7 @@
     negotiation phase in the SMB protocol takes care of choosing 
     the appropriate protocol.</para>
 
-    <para>The value <constant>default</constant> refers to <constant>NT1</constant>.</para>
+    <para>The value <constant>default</constant> refers to <constant>SMB3_11</constant>.</para>
 
     <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
     <smbconfoption name="client ipc max protocol"/> option.</para>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 9f32d7b..3ceea50 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3401,7 +3401,7 @@ int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
 {
 	int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
 	if (client_max_protocol == PROTOCOL_DEFAULT) {
-		return PROTOCOL_NT1;
+		return PROTOCOL_LATEST;
 	}
 	return client_max_protocol;
 }
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 297a7e9..fdebf52 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4528,7 +4528,7 @@ int lp_client_max_protocol(void)
 {
 	int client_max_protocol = lp__client_max_protocol();
 	if (client_max_protocol == PROTOCOL_DEFAULT) {
-		return PROTOCOL_NT1;
+		return PROTOCOL_LATEST;
 	}
 	return client_max_protocol;
 }
-- 
1.9.1


From 58f0a1d2677abe837b3f33eb563f284ec311c785 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 10:24:45 +0200
Subject: [PATCH 19/19] WHATSNEW: document "client max protocol" change to
 SMB3_11

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 WHATSNEW.txt | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6d01b7d..e8fbecb2 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -21,6 +21,26 @@ there's no way to print this information reliable. Now we avoid it at all
 consistently. In interactive session the following banner is now presented
 to the user: 'Try "help" do get a list of possible commands.'.
 
+The default for "client max protocol" has changed to "SMB3_11",
+which means that smbclient (and related commands) will work against
+servers without SMB1 support.
+
+It's possible to use the '-m/--max-protocol' option to overwrite
+the "client max protocol" option temporary.
+
+Note that the '-e/--encrypt' option also works with most SMB3 servers
+(e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
+are not required for encryption.
+
+The change to SMB3_11 as default also  means smbclient no longer
+negotiates SMB1 unix extensions by default, when talking to a Samba server with
+"unix extensions = yes".  As a result some commands are not available, e.g.
+posix_encrypt, posix_open, posix_mkdir, posix_rmdir, posix_unlink, posix_whoami,
+getfacl and symlink. Using "-mNT1" reenabled them, if the server supports SMB1.
+
+Note the default ("CORE") for "client min protocol" hasn't changed,
+so it's still possible to connect to SMB1-only servers by default.
+
 
 NEW FEATURES/CHANGES
 ====================
@@ -139,6 +159,8 @@ smb.conf changes
   allow unsafe cluster upgrade  New parameter           no
   auth event notification       New parameter           no
   auth methods                  Deprecated
+  client max protocol           Effective               SMB3_11
+                                default changed
   map untrusted to domain       New value/              auto
                                 Default changed/
                                 Deprecated
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170626/aaec27ff/signature-0001.sig>


More information about the samba-technical mailing list