I have captures where a client tries smb3 encryption on an anonymous session, we used to allow that before the fixes for https://bugzilla.samba.org/show_bug.cgi?id=14512 / commit da7dcc443f45d07d9963df9daae458fbdd991a47 It changed with samba-4.15.0rc1 Testing against Windows Server 2022 revealed that anonymous signing is always allowed (with the session key derived from 16 zero bytes) and anonymous encryption is allowed after one authenticated session setup on the tcp connection.
This bug was referenced in samba master: 14d6e2672126adee85997dc3d3c64607c987e8b9 6a89615d78119c0bff2fb07bd0c62e4c31ea8441 6c5781b5f154857f1454f41133687fba8c4c9df9 596a10d1079f5c4a954108c81efc862c22a11f28 5089d8550640f72b1e0373f8ac321378ccaa8bd5 8119fd6d6a49b869bd9e8ff653b500e194b070de 551756abd2c9e4922075bc3037db645355542363 5a54c9b28abb1464c84cb4be15a49718d8ae6795
Created attachment 18306 [details] Patches for v4-20-test
Created attachment 18307 [details] Patches for v4-19-test
Comment on attachment 18306 [details] Patches for v4-20-test LGTM, RB+
Comment on attachment 18307 [details] Patches for v4-19-test LGTM, RB+
Jule, please add to v4-19 and v4-20. Thanks!
This bug was referenced in samba v4-19-test: 7a75e6bdaf0c8fa7aed25f50198de18b84b5ed5e 3f476fd8bf34209f9e74041f8254250aed59fb2f a6c549db3d85d358e1e99b90230d1cd50da6646e 8b6b837eb7dff229ac4659ea7681738badcb3bd5 8cc6ccb54a37680aa8a1f91b2ca871a405daf59d 70969d8da5ae893a50b2d0ecfc0f163e960aaf04 1925abda4c44421aabdb92a3fa1e9a97ec2e1898 92a0533a9ea31f40a0a38f78e2b63c8e250972b0
This bug was referenced in samba v4-20-test: b7606714959a5d0ca31e3e805b9a0f9aab13682a b945f645732a3545fdbc9d410c8ddda1bcbb3e29 cd05e7ed9377abc6fdb72b3951e0dffa8ed84e55 fe91ed785edc68b5e2dfb2471ffcaa7ca5ea970e c547e0c0ff7508eb972143b4de27ecf716d85585 6fbf5deb559286a0b943bcb53eb371b805a96ad8 610e11af858982d8ba81933f9cf8cb9d5217a14a 2954489bd56914a16efab2d3239d54b450c97982
This bug was referenced in samba v4-19-stable (Release samba-4.19.7): 7a75e6bdaf0c8fa7aed25f50198de18b84b5ed5e 3f476fd8bf34209f9e74041f8254250aed59fb2f a6c549db3d85d358e1e99b90230d1cd50da6646e 8b6b837eb7dff229ac4659ea7681738badcb3bd5 8cc6ccb54a37680aa8a1f91b2ca871a405daf59d 70969d8da5ae893a50b2d0ecfc0f163e960aaf04 1925abda4c44421aabdb92a3fa1e9a97ec2e1898 92a0533a9ea31f40a0a38f78e2b63c8e250972b0
This bug was referenced in samba v4-20-stable (Release samba-4.20.2): b7606714959a5d0ca31e3e805b9a0f9aab13682a b945f645732a3545fdbc9d410c8ddda1bcbb3e29 cd05e7ed9377abc6fdb72b3951e0dffa8ed84e55 fe91ed785edc68b5e2dfb2471ffcaa7ca5ea970e c547e0c0ff7508eb972143b4de27ecf716d85585 6fbf5deb559286a0b943bcb53eb371b805a96ad8 610e11af858982d8ba81933f9cf8cb9d5217a14a 2954489bd56914a16efab2d3239d54b450c97982