CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'

Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 917c2957b977c2fb08c1e5a5d5ebaa10906aeca2..aee3460627f5ce3402a67325c26db2d1e0eb3ee6 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -272,9 +272,23 @@ sub setup_nt4_dc
        lanman auth = yes
        ntlm auth = yes
        raw NTLMv2 auth = yes
-       server schannel = auto
        rpc start on demand helpers = false
 
+       CVE_2020_1472:warn_about_unused_debug_level = 3
+       server require schannel:schannel0\$ = no
+       server require schannel:schannel1\$ = no
+       server require schannel:schannel2\$ = no
+       server require schannel:schannel3\$ = no
+       server require schannel:schannel4\$ = no
+       server require schannel:schannel5\$ = no
+       server require schannel:schannel6\$ = no
+       server require schannel:schannel7\$ = no
+       server require schannel:schannel8\$ = no
+       server require schannel:schannel9\$ = no
+       server require schannel:schannel10\$ = no
+       server require schannel:schannel11\$ = no
+       server require schannel:torturetest\$ = no
+
        vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
 
        fss: sequence timeout = 1