94 lines
3.3 KiB
Diff
94 lines
3.3 KiB
Diff
From 94f64296ad7de354af25b81b98f7d4153cabca43 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Wed, 30 Nov 2022 12:26:01 +0100
|
|
Subject: [PATCH 13/30] CVE-2022-38023 selftest:Samba4: avoid global 'server
|
|
schannel = auto'
|
|
|
|
Instead of using the generic deprecated option use the specific
|
|
server require schannel:COMPUTERACCOUNT = no in order to allow
|
|
legacy tests for pass.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit 63c96ea6c02981795e67336401143f2a8836992c)
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17692
|
|
---
|
|
selftest/target/Samba4.pm | 40 ++++++++++++++++++++++++++++++++++++---
|
|
1 file changed, 37 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
|
index dcf00e85e9c7..191aa3b749ee 100755
|
|
--- a/selftest/target/Samba4.pm
|
|
+++ b/selftest/target/Samba4.pm
|
|
@@ -1617,10 +1617,27 @@ sub provision_ad_dc_ntvfs($$$)
|
|
dsdb event notification = true
|
|
dsdb password event notification = true
|
|
dsdb group change notification = true
|
|
- server schannel = auto
|
|
# override the new SMB2 only default
|
|
client min protocol = CORE
|
|
server min protocol = LANMAN1
|
|
+
|
|
+ CVE_2020_1472:warn_about_unused_debug_level = 3
|
|
+ server require schannel:schannel0\$ = no
|
|
+ server require schannel:schannel1\$ = no
|
|
+ server require schannel:schannel2\$ = no
|
|
+ server require schannel:schannel3\$ = no
|
|
+ server require schannel:schannel4\$ = no
|
|
+ server require schannel:schannel5\$ = no
|
|
+ server require schannel:schannel6\$ = no
|
|
+ server require schannel:schannel7\$ = no
|
|
+ server require schannel:schannel8\$ = no
|
|
+ server require schannel:schannel9\$ = no
|
|
+ server require schannel:schannel10\$ = no
|
|
+ server require schannel:schannel11\$ = no
|
|
+ server require schannel:torturetest\$ = no
|
|
+
|
|
+ # needed for 'samba.tests.auth_log' tests
|
|
+ server require schannel:LOCALDC\$ = no
|
|
";
|
|
push (@{$extra_provision_options}, "--use-ntvfs");
|
|
my $ret = $self->provision($prefix,
|
|
@@ -1969,8 +1986,22 @@ sub provision_ad_dc($$$$$$$)
|
|
lpq cache time = 0
|
|
print notify backchannel = yes
|
|
|
|
- server schannel = auto
|
|
- auth event notification = true
|
|
+ CVE_2020_1472:warn_about_unused_debug_level = 3
|
|
+ server require schannel:schannel0\$ = no
|
|
+ server require schannel:schannel1\$ = no
|
|
+ server require schannel:schannel2\$ = no
|
|
+ server require schannel:schannel3\$ = no
|
|
+ server require schannel:schannel4\$ = no
|
|
+ server require schannel:schannel5\$ = no
|
|
+ server require schannel:schannel6\$ = no
|
|
+ server require schannel:schannel7\$ = no
|
|
+ server require schannel:schannel8\$ = no
|
|
+ server require schannel:schannel9\$ = no
|
|
+ server require schannel:schannel10\$ = no
|
|
+ server require schannel:schannel11\$ = no
|
|
+ server require schannel:torturetest\$ = no
|
|
+
|
|
+ auth event notification = true
|
|
dsdb event notification = true
|
|
dsdb password event notification = true
|
|
dsdb group change notification = true
|
|
@@ -2659,6 +2690,9 @@ sub setup_ad_dc_smb1
|
|
[global]
|
|
client min protocol = CORE
|
|
server min protocol = LANMAN1
|
|
+
|
|
+ # needed for 'samba.tests.auth_log' tests
|
|
+ server require schannel:ADDCSMB1\$ = no
|
|
";
|
|
return _setup_ad_dc($self, $path, $conf_opts, "addcsmb1", "addom2.samba.example.com");
|
|
}
|
|
--
|
|
2.34.1
|