Hi,

I have researched the bug 12997(CVE-2017-12150) and found
there also is a code path which ignores smb signing requirement
and falls back to anonymous.

SMBC_server_internal uses cli_session_setup_anon when login fails.
It sees NO_AUTO_ANONYMOUS_LOGON option flag but ignores for example,
client signing = mandatory in smb.conf. Is this by design?
Don't we need to see smbXcli_conn_signing_mandatory also?

Sample session on Fedora 25 follows.

$ smbd --version
Version 4.5.14

# smbclient does not fall back to anonymous due to fix on do_connect.

$ smbclient -U kanda //kandaw2016/temp
Enter kanda's password:
session setup failed: NT_STATUS_LOGON_FAILURE

# testread uses SMBC_server via smbc_open.

$ pwd
/home/kanda/rpmbuild/BUILD/samba-4.5.14/bin/default/examples/libsmbclient

$ ./testread
Path: smb://kandaw2016/temp/hello
Workgroup: [KANDA]
Username: [kanda]
Password:
smbc_open: File exists
Path: ^C
$

Packet monitor shows that after ntlm session setup error, libsmbclient
attempts anonymous login and succeeds. It then tries tree connect to "temp"
and gets STATUS_ACCESS_DENIED from Windows server 2016.
It has restrictnullsessaccess=1 and maybe that's the cause of the error.

The point is, libsmbclient sometimes falls back to anonymous session
and messages go unsigned on wire, unless the caller sets NO_AUTO_ANONYMOUS_LOGON option.