From ebc21376e6a8362bbc7ac1d330da995af10a1c26 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 15 Mar 2018 17:40:07 +0100
Subject: [PATCH] s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for
 anonymous

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 82d8aa3b9cb15512d29a97b5a7e55ea1a052734f)
---
 source3/torture/proto.h     |  1 +
 source3/torture/test_smb2.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 source3/torture/torture.c   |  1 +
 3 files changed, 44 insertions(+)

diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 7ab2fe1f39b..45870c904fb 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -95,6 +95,7 @@ bool run_nttrans_create(int dummy);
 bool run_nttrans_fsctl(int dummy);
 bool run_smb2_basic(int dummy);
 bool run_smb2_negprot(int dummy);
+bool run_smb2_anonymous(int dummy);
 bool run_smb2_session_reconnect(int dummy);
 bool run_smb2_tcon_dependence(int dummy);
 bool run_smb2_multi_channel(int dummy);
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
index 297c3abca9f..897d034f6a9 100644
--- a/source3/torture/test_smb2.c
+++ b/source3/torture/test_smb2.c
@@ -24,6 +24,7 @@
 #include "../libcli/smb/smbXcli_base.h"
 #include "libcli/security/security.h"
 #include "libsmb/proto.h"
+#include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "auth_generic.h"
 #include "../librpc/ndr/libndr.h"
@@ -274,6 +275,47 @@ bool run_smb2_negprot(int dummy)
 	return true;
 }
 
+bool run_smb2_anonymous(int dummy)
+{
+	struct cli_state *cli = NULL;
+	NTSTATUS status;
+	struct cli_credentials *anon_creds = NULL;
+	bool guest = false;
+
+	printf("Starting SMB2-ANONYMOUS\n");
+
+	if (!torture_init_connection(&cli)) {
+		return false;
+	}
+
+	status = smbXcli_negprot(cli->conn, cli->timeout,
+				 PROTOCOL_SMB2_02, PROTOCOL_LATEST);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+		return false;
+	}
+
+	anon_creds = cli_credentials_init_anon(talloc_tos());
+	if (anon_creds == NULL) {
+		printf("cli_credentials_init_anon failed\n");
+		return false;
+	}
+
+	status = cli_session_setup_creds(cli, anon_creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("cli_session_setup returned %s\n", nt_errstr(status));
+		return false;
+	}
+
+	guest = smbXcli_session_is_guest(cli->smb2.session);
+	if (guest) {
+		printf("anonymous session should not have guest authentication\n");
+		return false;
+	}
+
+	return true;
+}
+
 bool run_smb2_session_reconnect(int dummy)
 {
 	struct cli_state *cli1;
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index ae502f280fe..df6604de9fe 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -11588,6 +11588,7 @@ static struct {
 	{ "NOTIFY-ONLINE", run_notify_online },
 	{ "SMB2-BASIC", run_smb2_basic },
 	{ "SMB2-NEGPROT", run_smb2_negprot },
+	{ "SMB2-ANONYMOUS", run_smb2_anonymous },
 	{ "SMB2-SESSION-RECONNECT", run_smb2_session_reconnect },
 	{ "SMB2-TCON-DEPENDENCE", run_smb2_tcon_dependence },
 	{ "SMB2-MULTI-CHANNEL", run_smb2_multi_channel },
-- 
2.11.4.GIT