The Samba-Bugzilla – Bug 12431
net rap commands broken since fix for CVE-2016-2115
Last modified: 2017-04-15 01:54:08 UTC
It seems to me like this commit:
had the unintended result of breaking net rap commands. net rap user/server domain etc all return no results after this change and only adding:
client ipc max protocol = NT1
to smb.conf can fix it.
this of course is in effect the same as changing from SMB_SIGNING_IPC_DEFAULT to SMB_SIGNING_DEFAULT (a code change which makes things work again).
smbtree uses the same rap commands but with SMB_SIGNING_DEFAULT and thus returns results.
I'm not sure RAP works when using the later SMB versions and this is why the change breaks it? Seems like the code could do with a NET_FLAGS_RAP flag passed by all the methods in net_rap.c which sets the signing mode to SMB_SIGNING_DEFAULT.
Created attachment 12702 [details]
patch to allow rap commands to work
have attached a patch which makes rap commands return something again by default.
RAP commands can only work over SMB1. Might be better to just issue an error message if the protocol is greater than NT1.
Created attachment 12717 [details]
patch that actually works