From f82c786072aaf3fe8ecf6762f3c8f3ab6203d7e1 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Thu, 22 Dec 2022 16:46:15 +0100 Subject: CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto' Instead of using the generic deprecated option use the specific server require schannel:COMPUTERACCOUNT = no in order to allow legacy tests for pass. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero Reviewed-by: Andreas Schneider (cherry picked from commit 3cd18690f83d2f85e847fc703ac127b4b04189fc) --- selftest/target/Samba3.pm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index fdb550a8f66..9dd9e23a555 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -259,7 +259,6 @@ sub setup_nt4_dc lanman auth = yes ntlm auth = yes raw NTLMv2 auth = yes - server schannel = auto rpc_server:epmapper = external rpc_server:spoolss = external @@ -273,6 +272,22 @@ sub setup_nt4_dc rpc_daemon:spoolssd = fork rpc_daemon:lsasd = fork rpc_daemon:fssd = fork + + CVE_2020_1472:warn_about_unused_debug_level = 3 + server require schannel:schannel0\$ = no + server require schannel:schannel1\$ = no + server require schannel:schannel2\$ = no + server require schannel:schannel3\$ = no + server require schannel:schannel4\$ = no + server require schannel:schannel5\$ = no + server require schannel:schannel6\$ = no + server require schannel:schannel7\$ = no + server require schannel:schannel8\$ = no + server require schannel:schannel9\$ = no + server require schannel:schannel10\$ = no + server require schannel:schannel11\$ = no + server require schannel:torturetest\$ = no + fss: sequence timeout = 1 check parent directory delete on close = yes "; -- cgit v1.2.1