Bug 15412 - anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022)
Summary: anonymous smb3 signing/encryption should be allowed (similar to Windows Serve...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.18.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-03 13:01 UTC by Stefan Metzmacher
Modified: 2024-06-19 14:35 UTC (History)
4 users (show)

See Also:


Attachments
Patches for v4-20-test (54.43 KB, patch)
2024-05-29 13:06 UTC, Stefan Metzmacher
gd: review+
Details
Patches for v4-19-test (54.43 KB, text/plain)
2024-05-29 13:09 UTC, Stefan Metzmacher
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2023-07-03 13:01:34 UTC
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before the fixes for https://bugzilla.samba.org/show_bug.cgi?id=14512 / commit da7dcc443f45d07d9963df9daae458fbdd991a47

It changed with samba-4.15.0rc1

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
Comment 1 Samba QA Contact 2024-05-23 13:38:04 UTC
This bug was referenced in samba master:

14d6e2672126adee85997dc3d3c64607c987e8b9
6a89615d78119c0bff2fb07bd0c62e4c31ea8441
6c5781b5f154857f1454f41133687fba8c4c9df9
596a10d1079f5c4a954108c81efc862c22a11f28
5089d8550640f72b1e0373f8ac321378ccaa8bd5
8119fd6d6a49b869bd9e8ff653b500e194b070de
551756abd2c9e4922075bc3037db645355542363
5a54c9b28abb1464c84cb4be15a49718d8ae6795
Comment 2 Stefan Metzmacher 2024-05-29 13:06:27 UTC
Created attachment 18306 [details]
Patches for v4-20-test
Comment 3 Stefan Metzmacher 2024-05-29 13:09:39 UTC
Created attachment 18307 [details]
Patches for v4-19-test
Comment 4 Guenther Deschner 2024-05-29 18:05:33 UTC
Comment on attachment 18306 [details]
Patches for v4-20-test

LGTM, RB+
Comment 5 Guenther Deschner 2024-05-29 18:05:48 UTC
Comment on attachment 18307 [details]
Patches for v4-19-test

LGTM, RB+
Comment 6 Guenther Deschner 2024-05-29 18:08:14 UTC
Jule, please add to v4-19 and v4-20. Thanks!
Comment 7 Samba QA Contact 2024-05-29 19:26:07 UTC
This bug was referenced in samba v4-19-test:

7a75e6bdaf0c8fa7aed25f50198de18b84b5ed5e
3f476fd8bf34209f9e74041f8254250aed59fb2f
a6c549db3d85d358e1e99b90230d1cd50da6646e
8b6b837eb7dff229ac4659ea7681738badcb3bd5
8cc6ccb54a37680aa8a1f91b2ca871a405daf59d
70969d8da5ae893a50b2d0ecfc0f163e960aaf04
1925abda4c44421aabdb92a3fa1e9a97ec2e1898
92a0533a9ea31f40a0a38f78e2b63c8e250972b0
Comment 8 Samba QA Contact 2024-05-30 10:58:22 UTC
This bug was referenced in samba v4-20-test:

b7606714959a5d0ca31e3e805b9a0f9aab13682a
b945f645732a3545fdbc9d410c8ddda1bcbb3e29
cd05e7ed9377abc6fdb72b3951e0dffa8ed84e55
fe91ed785edc68b5e2dfb2471ffcaa7ca5ea970e
c547e0c0ff7508eb972143b4de27ecf716d85585
6fbf5deb559286a0b943bcb53eb371b805a96ad8
610e11af858982d8ba81933f9cf8cb9d5217a14a
2954489bd56914a16efab2d3239d54b450c97982
Comment 9 Samba QA Contact 2024-06-10 15:31:25 UTC
This bug was referenced in samba v4-19-stable (Release samba-4.19.7):

7a75e6bdaf0c8fa7aed25f50198de18b84b5ed5e
3f476fd8bf34209f9e74041f8254250aed59fb2f
a6c549db3d85d358e1e99b90230d1cd50da6646e
8b6b837eb7dff229ac4659ea7681738badcb3bd5
8cc6ccb54a37680aa8a1f91b2ca871a405daf59d
70969d8da5ae893a50b2d0ecfc0f163e960aaf04
1925abda4c44421aabdb92a3fa1e9a97ec2e1898
92a0533a9ea31f40a0a38f78e2b63c8e250972b0
Comment 10 Samba QA Contact 2024-06-19 14:35:51 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.2):

b7606714959a5d0ca31e3e805b9a0f9aab13682a
b945f645732a3545fdbc9d410c8ddda1bcbb3e29
cd05e7ed9377abc6fdb72b3951e0dffa8ed84e55
fe91ed785edc68b5e2dfb2471ffcaa7ca5ea970e
c547e0c0ff7508eb972143b4de27ecf716d85585
6fbf5deb559286a0b943bcb53eb371b805a96ad8
610e11af858982d8ba81933f9cf8cb9d5217a14a
2954489bd56914a16efab2d3239d54b450c97982