sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-08 05:57:51 +03:00
Code

CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc

Browse Source 
We want to test against all "ldap server require strong auth" combinations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-12-21 10:04:48 +01:00
parent e71be8099a
commit 2b40fb8509
3 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
selftest/knownfail
View File

@ -301,3 +301,9 @@
# match Windows 2012R2 behaviour. # match Windows 2012R2 behaviour.
# #
^samba4.ldap.sort.python.+UnicodeSortTests ^samba4.ldap.sort.python.+UnicodeSortTests
#
## We assert all "ldap server require strong auth" combinations
#
^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls
^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes
^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes

24
source4/selftest/tests.py
View File

@ -74,6 +74,30 @@ if have_tls_support:
plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs", plantestsuite("samba4.ldb.ldaps with options %s(ad_dc_ntvfs)" % options, "ad_dc_ntvfs",
"%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options)) "%s/test_ldb.sh ldaps $SERVER_IP %s" % (bbdir, options))
# test all "ldap server require strong auth" combinations
for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
options = '--simple-bind-dn="$USERNAME@$REALM" --password="$PASSWORD"'
plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
if have_tls_support:
plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
auth_options = [
'--option=clientldapsaslwrapping=plain',
'--sign',
'--encrypt',
]
for auth_option in auth_options:
options = '-U"$USERNAME%$PASSWORD"' + ' ' + auth_option
plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
if have_tls_support:
options = '-U"$USERNAME%$PASSWORD"'
plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
for options in ['-U"$USERNAME%$PASSWORD"']: for options in ['-U"$USERNAME%$PASSWORD"']:
plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local", plantestsuite("samba4.ldb.ldapi with options %s(ad_dc_ntvfs:local)" % options, "ad_dc_ntvfs:local",
"%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options)) "%s/test_ldb.sh ldapi $PREFIX_ABS/ad_dc_ntvfs/private/ldapi %s" % (bbdir, options))

41
testprogs/blackbox/test_ldb_simple.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/sh
if [ $# -lt 2 ]; then
cat <<EOF
Usage: test_ldb_simple.sh PROTOCOL SERVER [OPTIONS]
EOF
exit 1;
fi
p=$1
SERVER=$2
PREFIX=$3
shift 2
options="$*"
. `dirname $0`/subunit.sh
check() {
name="$1"
shift
cmdline="$*"
echo "test: $name"
$cmdline
status=$?
if [ x$status = x0 ]; then
echo "success: $name"
else
echo "failure: $name"
failed=`expr $failed + 1`
fi
return $status
}
export PATH="$BINDIR:$PATH"
ldbsearch="$VALGRIND ldbsearch"
check "currentTime" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base currentTime || failed=`expr $failed + 1`
exit $failed