From: Samuel Cabrero <scabrero@suse.de>
Date: Thu, 22 Dec 2022 15:46:15 +0000 (+0100)
Subject: CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f82c786072aaf3fe8ecf6762f3c8f3ab6203d7e1;p=thirdparty%2Fsamba.git

CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'

Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3cd18690f83d2f85e847fc703ac127b4b04189fc)
---

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index fdb550a8f66..9dd9e23a555 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -259,7 +259,6 @@ sub setup_nt4_dc
 	lanman auth = yes
 	ntlm auth = yes
 	raw NTLMv2 auth = yes
-	server schannel = auto
 
 	rpc_server:epmapper = external
 	rpc_server:spoolss = external
@@ -273,6 +272,22 @@ sub setup_nt4_dc
 	rpc_daemon:spoolssd = fork
 	rpc_daemon:lsasd = fork
 	rpc_daemon:fssd = fork
+
+	CVE_2020_1472:warn_about_unused_debug_level = 3
+	server require schannel:schannel0\$ = no
+	server require schannel:schannel1\$ = no
+	server require schannel:schannel2\$ = no
+	server require schannel:schannel3\$ = no
+	server require schannel:schannel4\$ = no
+	server require schannel:schannel5\$ = no
+	server require schannel:schannel6\$ = no
+	server require schannel:schannel7\$ = no
+	server require schannel:schannel8\$ = no
+	server require schannel:schannel9\$ = no
+	server require schannel:schannel10\$ = no
+	server require schannel:schannel11\$ = no
+	server require schannel:torturetest\$ = no
+
 	fss: sequence timeout = 1
 	check parent directory delete on close = yes
 ";