mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-38023 selftest:Samba4: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 63c96ea6c0
)
This commit is contained in:
parent
82af786a36
commit
066dafb07a
@ -1616,10 +1616,27 @@ sub provision_ad_dc_ntvfs($$$)
|
|||||||
dsdb event notification = true
|
dsdb event notification = true
|
||||||
dsdb password event notification = true
|
dsdb password event notification = true
|
||||||
dsdb group change notification = true
|
dsdb group change notification = true
|
||||||
server schannel = auto
|
|
||||||
# override the new SMB2 only default
|
# override the new SMB2 only default
|
||||||
client min protocol = CORE
|
client min protocol = CORE
|
||||||
server min protocol = LANMAN1
|
server min protocol = LANMAN1
|
||||||
|
|
||||||
|
CVE_2020_1472:warn_about_unused_debug_level = 3
|
||||||
|
server require schannel:schannel0\$ = no
|
||||||
|
server require schannel:schannel1\$ = no
|
||||||
|
server require schannel:schannel2\$ = no
|
||||||
|
server require schannel:schannel3\$ = no
|
||||||
|
server require schannel:schannel4\$ = no
|
||||||
|
server require schannel:schannel5\$ = no
|
||||||
|
server require schannel:schannel6\$ = no
|
||||||
|
server require schannel:schannel7\$ = no
|
||||||
|
server require schannel:schannel8\$ = no
|
||||||
|
server require schannel:schannel9\$ = no
|
||||||
|
server require schannel:schannel10\$ = no
|
||||||
|
server require schannel:schannel11\$ = no
|
||||||
|
server require schannel:torturetest\$ = no
|
||||||
|
|
||||||
|
# needed for 'samba.tests.auth_log' tests
|
||||||
|
server require schannel:LOCALDC\$ = no
|
||||||
";
|
";
|
||||||
push (@{$extra_provision_options}, "--use-ntvfs");
|
push (@{$extra_provision_options}, "--use-ntvfs");
|
||||||
my $ret = $self->provision($prefix,
|
my $ret = $self->provision($prefix,
|
||||||
@ -1968,8 +1985,22 @@ sub provision_ad_dc($$$$$$$)
|
|||||||
lpq cache time = 0
|
lpq cache time = 0
|
||||||
print notify backchannel = yes
|
print notify backchannel = yes
|
||||||
|
|
||||||
server schannel = auto
|
CVE_2020_1472:warn_about_unused_debug_level = 3
|
||||||
auth event notification = true
|
server require schannel:schannel0\$ = no
|
||||||
|
server require schannel:schannel1\$ = no
|
||||||
|
server require schannel:schannel2\$ = no
|
||||||
|
server require schannel:schannel3\$ = no
|
||||||
|
server require schannel:schannel4\$ = no
|
||||||
|
server require schannel:schannel5\$ = no
|
||||||
|
server require schannel:schannel6\$ = no
|
||||||
|
server require schannel:schannel7\$ = no
|
||||||
|
server require schannel:schannel8\$ = no
|
||||||
|
server require schannel:schannel9\$ = no
|
||||||
|
server require schannel:schannel10\$ = no
|
||||||
|
server require schannel:schannel11\$ = no
|
||||||
|
server require schannel:torturetest\$ = no
|
||||||
|
|
||||||
|
auth event notification = true
|
||||||
dsdb event notification = true
|
dsdb event notification = true
|
||||||
dsdb password event notification = true
|
dsdb password event notification = true
|
||||||
dsdb group change notification = true
|
dsdb group change notification = true
|
||||||
@ -2658,6 +2689,9 @@ sub setup_ad_dc_smb1
|
|||||||
[global]
|
[global]
|
||||||
client min protocol = CORE
|
client min protocol = CORE
|
||||||
server min protocol = LANMAN1
|
server min protocol = LANMAN1
|
||||||
|
|
||||||
|
# needed for 'samba.tests.auth_log' tests
|
||||||
|
server require schannel:ADDCSMB1\$ = no
|
||||||
";
|
";
|
||||||
return _setup_ad_dc($self, $path, $conf_opts, "addcsmb1", "addom2.samba.example.com");
|
return _setup_ad_dc($self, $path, $conf_opts, "addcsmb1", "addom2.samba.example.com");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user