The Samba-Bugzilla – Attachment 12855 Details for
Bug 12540
server min protocol = SMB3_00 prevents client min protocol >= SMB3_00 from connecting
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-5-test
tmp45.diff.txt (text/plain), 4.17 KB, created by
Stefan Metzmacher
on 2017-01-27 12:22:15 UTC
(
hide
)
Description:
Patches for v4-5-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-01-27 12:22:15 UTC
Size:
4.17 KB
patch
obsolete
>From 5fe8fa7f0b137434c1eda4e32c97c8e55050942f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 18 Jan 2017 08:37:30 +0100 >Subject: [PATCH 1/2] s3:smbd: allow "server min protocol = SMB3_00" to go via > "SMB 2.???" negprot > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12540 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit c207f2a989fc791b5f9bf9043d3c6ac31db5cdfd) >--- > source3/smbd/negprot.c | 23 +++++++++++++++++++++-- > 1 file changed, 21 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c >index d2e5e2e..793306a 100644 >--- a/source3/smbd/negprot.c >+++ b/source3/smbd/negprot.c >@@ -544,6 +544,8 @@ void reply_negprot(struct smb_request *req) > struct smbXsrv_connection *xconn = req->xconn; > struct smbd_server_connection *sconn = req->sconn; > bool signing_required = true; >+ int max_proto; >+ int min_proto; > > START_PROFILE(SMBnegprot); > >@@ -688,11 +690,28 @@ void reply_negprot(struct smb_request *req) > FLAG_MSG_GENERAL|FLAG_MSG_SMBD > |FLAG_MSG_PRINT_GENERAL); > >+ /* >+ * Anything higher than PROTOCOL_SMB2_10 still >+ * needs to go via "SMB 2.???", which is marked >+ * as PROTOCOL_SMB2_10. >+ * >+ * The real negotiation happens via reply_smb20ff() >+ * using SMB2 Negotiation. >+ */ >+ max_proto = lp_server_max_protocol(); >+ if (max_proto > PROTOCOL_SMB2_10) { >+ max_proto = PROTOCOL_SMB2_10; >+ } >+ min_proto = lp_server_min_protocol(); >+ if (min_proto > PROTOCOL_SMB2_10) { >+ min_proto = PROTOCOL_SMB2_10; >+ } >+ > /* Check for protocols, most desirable first */ > for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) { > i = 0; >- if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) && >- (supported_protocols[protocol].protocol_level >= lp_server_min_protocol())) >+ if ((supported_protocols[protocol].protocol_level <= max_proto) && >+ (supported_protocols[protocol].protocol_level >= min_proto)) > while (i < num_cliprotos) { > if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) { > choice = i; >-- >1.9.1 > > >From 91aa539fb85eee1d1458a3064eae18e3b83ab429 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 25 Jan 2017 21:15:44 +0100 >Subject: [PATCH 2/2] selftest/Samba3: use "server min protocol = SMB3_00" for > "ktest" > >This verifies that clients can still connect with that setting. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12540 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Fri Jan 27 12:03:39 CET 2017 on sn-devel-144 > >(cherry picked from commit 348bcca76855798d60c04ddb30f1e13b2ac2d7cd) >--- > selftest/target/Samba3.pm | 2 ++ > source3/selftest/tests.py | 6 +++++- > 2 files changed, 7 insertions(+), 1 deletion(-) > >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 8f2a1f5..b987222 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -757,6 +757,8 @@ sub setup_ktest($$$) > security = ads > username map = $prefix/lib/username.map > server signing = required >+ server min protocol = SMB3_00 >+ client max protocol = SMB3 > "; > > my $ret = $self->provision($prefix, >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index d80750e..7fef950 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -442,8 +442,12 @@ for s in signseal_options: > > # We should try more combinations in future, but this is all > # the pre-calculated credentials cache supports at the moment >+ # >+ # As the ktest env requires SMB3_00 we need to use "smb2" until >+ # dcerpc client code in smbtorture support autonegotiation >+ # of any smb dialect. > e = "" >- a = "" >+ a = "smb2" > binding_string = "ncacn_np:$SERVER[%s%s%s]" % (a, s, e) > options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2" > plansmbtorture4testsuite(test, "ktest", options, 'krb5 with old ccache ncacn_np with [%s%s%s] ' % (a, s, e)) >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 12540
:
12854
| 12855 |
12856