From 3cfcec325630dfa255a3f2b80bbec3e174ac00e3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 21 Dec 2021 14:39:25 +0100
Subject: [PATCH 1/4] selftest/Samba3: enable SMB1 for maptoguest

guest authentication is an old school concept,
so we should make sure it also works with SMB1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 648b476dcdb6f378b627266cb787fd8f38fba56a)
---
 selftest/knownfail.d/smb1-tests | 10 ++++------
 selftest/target/Samba3.pm       |  1 +
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests
index 4ba1365b3a43..5d7ac923da85 100644
--- a/selftest/knownfail.d/smb1-tests
+++ b/selftest/knownfail.d/smb1-tests
@@ -1,9 +1,7 @@
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient baduser.badpassword.NT1NEW.guest\(maptoguest\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|maptoguest|nt4_member)\)
-^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|maptoguest|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient username.password.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1OLD\((ad_member|fl2000dc|nt4_member)\)
+^samba3.blackbox.smbclient_ntlm.plain.*NT1.smbclient anonymous.nopassword.NT1NEW\((ad_member|fl2000dc|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L.*\((ad_member|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.smbclient -L LOCALADMEMBER -I.*\((ad_member|nt4_member)\)
 ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.noninteractive smbclient does not prompt\((ad_member|nt4_member)\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 588d7779dd47..9a8c9ee26044 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1866,6 +1866,7 @@ sub setup_maptoguest
 	my $options = "
 map to guest = bad user
 ntlm auth = yes
+server min protocol = LANMAN1
 
 [force_user_error_inject]
 	path = $share_dir
-- 
2.25.1


From bf4dbb0897e00547bb8bef76e6ac190049f72e67 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 21 Dec 2021 12:04:30 +0100
Subject: [PATCH 2/4] s4:torture/libsmbclient: add libsmbclient.noanon_list
 test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 59e436297b0a4baa01e4e8a4bbb9c0bc9d7e1f29)
---
 source4/torture/libsmbclient/libsmbclient.c | 50 +++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
index 4fbd759487b0..97c2268aa81e 100644
--- a/source4/torture/libsmbclient/libsmbclient.c
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -1254,6 +1254,54 @@ static bool torture_libsmbclient_utimes(struct torture_context *tctx)
 	return true;
 }
 
+static bool torture_libsmbclient_noanon_list(struct torture_context *tctx)
+{
+	const char *smburl = torture_setting_string(tctx, "smburl", NULL);
+	struct smbc_dirent *dirent = NULL;
+	SMBCCTX *ctx = NULL;
+	int dhandle = -1;
+	bool ok = true;
+
+	if (smburl == NULL) {
+		torture_fail(tctx,
+			     "option --option=torture:smburl="
+			     "smb://user:password@server missing\n");
+	}
+
+	ok = torture_libsmbclient_init_context(tctx, &ctx);
+	torture_assert_goto(tctx,
+			    ok,
+			    ok,
+			    out,
+			    "Failed to init context");
+	torture_comment(tctx,
+			"Testing smbc_setOptionNoAutoAnonymousLogin\n");
+	smbc_setOptionNoAutoAnonymousLogin(ctx, true);
+	smbc_set_context(ctx);
+
+	torture_comment(tctx, "Listing: %s\n", smburl);
+	dhandle = smbc_opendir(smburl);
+	torture_assert_int_not_equal_goto(tctx,
+					  dhandle,
+					  -1,
+					  ok,
+					  out,
+					  "Failed to open smburl");
+
+	while((dirent = smbc_readdir(dhandle)) != NULL) {
+		torture_comment(tctx, "DIR: %s\n", dirent->name);
+		torture_assert_not_null_goto(tctx,
+					     dirent->name,
+					     ok,
+					     out,
+					     "Failed to read name");
+	}
+
+out:
+	smbc_closedir(dhandle);
+	return ok;
+}
+
 NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite;
@@ -1275,6 +1323,8 @@ NTSTATUS torture_libsmbclient_init(TALLOC_CTX *ctx)
 		torture_libsmbclient_readdirplus2);
 	torture_suite_add_simple_test(
 		suite, "utimes", torture_libsmbclient_utimes);
+	torture_suite_add_simple_test(
+		suite, "noanon_list", torture_libsmbclient_noanon_list);
 
 	suite->description = talloc_strdup(suite, "libsmbclient interface tests");
 
-- 
2.25.1


From 8c897c5e91b63f281ad173948f5a2df9e8e4a6cf Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 21 Dec 2021 12:05:13 +0100
Subject: [PATCH 3/4] s4:selftest: run libsmbclient.noanon_list against
 maptoguest

This demonstrates the problem with guest access being rejected
by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0a808f6b53f50f426bd706f5327f610bb9e5967d)
---
 selftest/knownfail.d/libsmbclient.noanon_list |  1 +
 source4/selftest/tests.py                     | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 selftest/knownfail.d/libsmbclient.noanon_list

diff --git a/selftest/knownfail.d/libsmbclient.noanon_list b/selftest/knownfail.d/libsmbclient.noanon_list
new file mode 100644
index 000000000000..1901166f3fc3
--- /dev/null
+++ b/selftest/knownfail.d/libsmbclient.noanon_list
@@ -0,0 +1 @@
+^samba4.libsmbclient.noanon_list.baduser
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 98def4ef84ae..50a77a08009e 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -409,6 +409,22 @@ for t in libsmbclient:
             [ "--option=torture:clientprotocol=%s" % proto],
             "samba4.%s.%s" % (t, proto))
 
+url = "smb://baduser:invalidpw@$SERVER/tmpguest"
+t = "libsmbclient.noanon_list"
+libsmbclient_testargs = [
+    '//$SERVER/tmpguest',
+    '-U$USERNAME%$PASSWORD',
+    "--option=torture:smburl=" + url,
+    "--option=torture:replace_smbconf="
+    "%s/testdata/samba3/smb_new.conf" % srcdir()
+    ]
+for proto in protocols:
+    plansmbtorture4testsuite(t,
+        "maptoguest",
+        libsmbclient_testargs +
+        [ "--option=torture:clientprotocol=%s" % proto],
+        "samba4.%s.baduser.%s" % (t, proto))
+
 plansmbtorture4testsuite("raw.qfileinfo.ipc", "ad_dc_ntvfs", '//$SERVER/ipc\$ -U$USERNAME%$PASSWORD')
 
 for t in smbtorture4_testsuites("rap."):
-- 
2.25.1


From 3e7c3b6a4b96d83b5d303151d9b947cbe6110a30 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 21 Dec 2021 11:19:40 +0100
Subject: [PATCH 4/4] s3:libsmb: fix signing regression SMBC_server_internal()

commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.

That broke guest authentication for libsmbclient using applications.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184

(cherry picked from commit 9d2bf015378c5bc630c92618e034c5eba95cc6b4)
---
 selftest/knownfail.d/libsmbclient.noanon_list | 1 -
 source3/libsmb/libsmb_server.c                | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 selftest/knownfail.d/libsmbclient.noanon_list

diff --git a/selftest/knownfail.d/libsmbclient.noanon_list b/selftest/knownfail.d/libsmbclient.noanon_list
deleted file mode 100644
index 1901166f3fc3..000000000000
--- a/selftest/knownfail.d/libsmbclient.noanon_list
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.libsmbclient.noanon_list.baduser
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 5a1055ba773c..d5c9fac6f055 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -498,7 +498,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
 
 	status = NT_STATUS_UNSUCCESSFUL;
 
-	if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+	if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) {
 		signing_state = SMB_SIGNING_REQUIRED;
 	}
 
-- 
2.25.1