1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2021-3738 s4:torture/drsuapi: don't pass DsPrivate to test_DsBind()

This will make it easier to reuse.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-08-05 11:24:26 +02:00 committed by Jule Anger
parent c17f4256e5
commit 923c80eea9
3 changed files with 16 additions and 11 deletions

View File

@ -28,12 +28,14 @@
#define TEST_MACHINE_NAME "torturetest"
bool test_DsBind(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct DsPrivate *priv)
static bool test_DsBind(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct policy_handle *bind_handle,
struct drsuapi_DsBindInfo28 *srv_info28)
{
NTSTATUS status;
struct drsuapi_DsBind r;
struct GUID bind_guid;
struct drsuapi_DsBindInfo28 *bind_info28;
struct drsuapi_DsBindInfoCtr bind_info_ctr;
@ -70,19 +72,20 @@ bool test_DsBind(struct dcerpc_pipe *p,
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
r.in.bind_guid = &priv->bind_guid;
r.in.bind_guid = &bind_guid;
r.in.bind_info = &bind_info_ctr;
r.out.bind_handle = &priv->bind_handle;
r.out.bind_handle = bind_handle;
torture_comment(tctx, "Testing DsBind\n");
status = dcerpc_drsuapi_DsBind_r(p->binding_handle, tctx, &r);
torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
/* cache server supported extensions, i.e. bind_info */
priv->srv_bind_info = r.out.bind_info->info.info28;
if (srv_info28 != NULL) {
*srv_info28 = r.out.bind_info->info.info28;
}
return true;
}
@ -786,7 +789,10 @@ bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct DsP
&machine_credentials);
torture_assert(tctx, priv->join, "Failed to join as BDC");
if (!test_DsBind(priv->drs_pipe, tctx, priv)) {
if (!test_DsBind(priv->drs_pipe, tctx,
&priv->bind_handle,
&priv->srv_bind_info))
{
/* clean up */
torture_drsuapi_tcase_teardown_common(tctx, priv);
torture_fail(tctx, "Failed execute test_DsBind()");

View File

@ -29,7 +29,6 @@
struct DsPrivate {
struct dcerpc_pipe *drs_pipe;
struct policy_handle bind_handle;
struct GUID bind_guid;
struct drsuapi_DsBindInfo28 srv_bind_info;
const char *domain_obj_dn;

View File

@ -801,7 +801,7 @@ bool test_DsCrackNames(struct torture_context *tctx,
.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.comment = "BIND GUID (ie, not in the directory)",
.str = GUID_string2(mem_ctx, &priv->bind_guid),
.str = DRSUAPI_DS_BIND_GUID,
.status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
},
{