mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords
The sort behaviour for child records is not correct in Samba so we add a flapping entry. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett
Karolin Seeger
parent
8b06cabc7d
commit
a25a2e4513
@ -156,6 +156,107 @@ class DnsserverTests(RpcInterfaceTestCase):
|
||||
None)
|
||||
super(DnsserverTests, self).tearDown()
|
||||
|
||||
def test_enum_is_sorted(self):
|
||||
"""
|
||||
Confirm the zone is sorted
|
||||
"""
|
||||
|
||||
record_str = "192.168.50.50"
|
||||
record_type_str = "A"
|
||||
self.add_record(self.custom_zone, "atestrecord-1", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-2", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-3", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-4", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-0", record_type_str, record_str)
|
||||
|
||||
# This becomes an extra A on the zone itself by server-side magic
|
||||
self.add_record(self.custom_zone, self.custom_zone, record_type_str, record_str)
|
||||
|
||||
_, result = self.conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
|
||||
0,
|
||||
self.server,
|
||||
self.custom_zone,
|
||||
"@",
|
||||
None,
|
||||
self.record_type_int(record_type_str),
|
||||
dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA,
|
||||
None,
|
||||
None)
|
||||
|
||||
self.assertEqual(len(result.rec), 6)
|
||||
self.assertEqual(result.rec[0].dnsNodeName.str, "")
|
||||
self.assertEqual(result.rec[1].dnsNodeName.str, "atestrecord-0")
|
||||
self.assertEqual(result.rec[2].dnsNodeName.str, "atestrecord-1")
|
||||
self.assertEqual(result.rec[3].dnsNodeName.str, "atestrecord-2")
|
||||
self.assertEqual(result.rec[4].dnsNodeName.str, "atestrecord-3")
|
||||
self.assertEqual(result.rec[5].dnsNodeName.str, "atestrecord-4")
|
||||
|
||||
def test_enum_is_sorted_children_prefix_first(self):
|
||||
"""
|
||||
Confirm the zone returns the selected prefix first but no more
|
||||
as Samba is flappy for the full sort
|
||||
"""
|
||||
|
||||
record_str = "192.168.50.50"
|
||||
record_type_str = "A"
|
||||
self.add_record(self.custom_zone, "atestrecord-1.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-2.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-3.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-4.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-0.a.b", record_type_str, record_str)
|
||||
|
||||
# Not expected to be returned
|
||||
self.add_record(self.custom_zone, "atestrecord-0.b.b", record_type_str, record_str)
|
||||
|
||||
_, result = self.conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
|
||||
0,
|
||||
self.server,
|
||||
self.custom_zone,
|
||||
"a.b",
|
||||
None,
|
||||
self.record_type_int(record_type_str),
|
||||
dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA,
|
||||
None,
|
||||
None)
|
||||
|
||||
self.assertEqual(len(result.rec), 6)
|
||||
self.assertEqual(result.rec[0].dnsNodeName.str, "")
|
||||
|
||||
def test_enum_is_sorted_children(self):
|
||||
"""
|
||||
Confirm the zone is sorted
|
||||
"""
|
||||
|
||||
record_str = "192.168.50.50"
|
||||
record_type_str = "A"
|
||||
self.add_record(self.custom_zone, "atestrecord-1.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-2.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-3.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-4.a.b", record_type_str, record_str)
|
||||
self.add_record(self.custom_zone, "atestrecord-0.a.b", record_type_str, record_str)
|
||||
|
||||
# Not expected to be returned
|
||||
self.add_record(self.custom_zone, "atestrecord-0.b.b", record_type_str, record_str)
|
||||
|
||||
_, result = self.conn.DnssrvEnumRecords2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
|
||||
0,
|
||||
self.server,
|
||||
self.custom_zone,
|
||||
"a.b",
|
||||
None,
|
||||
self.record_type_int(record_type_str),
|
||||
dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA,
|
||||
None,
|
||||
None)
|
||||
|
||||
self.assertEqual(len(result.rec), 6)
|
||||
self.assertEqual(result.rec[0].dnsNodeName.str, "")
|
||||
self.assertEqual(result.rec[1].dnsNodeName.str, "atestrecord-0")
|
||||
self.assertEqual(result.rec[2].dnsNodeName.str, "atestrecord-1")
|
||||
self.assertEqual(result.rec[3].dnsNodeName.str, "atestrecord-2")
|
||||
self.assertEqual(result.rec[4].dnsNodeName.str, "atestrecord-3")
|
||||
self.assertEqual(result.rec[5].dnsNodeName.str, "atestrecord-4")
|
||||
|
||||
# This test fails against Samba (but passes against Windows),
|
||||
# because Samba does not return the record when we enum records.
|
||||
# Records can be given DNS_RANK_NONE when the zone they are in
|
||||
|
||||
2
selftest/flapping.d/dnsserver
Normal file
2
selftest/flapping.d/dnsserver
Normal file
@ -0,0 +1,2 @@
|
||||
# This is not stable in samba due to a bug
|
||||
^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_enum_is_sorted_children
|
||||
Loading…
x
Reference in New Issue
Block a user