sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code
v4-6-test
samba-mirror/source4
History
Tim Beale 9f166c0222 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case 
The acl_read.c code contains a special case to allow dirsync to
work-around having insufficient access rights. We had a concern that
the dirsync module could leak sensitive information for deleted objects.
This patch adds a test-case to prove whether or not this is happening.

The new test case is similar to the existing dirsync test except:
- We make the confidential attribute also preserve-on-delete, so it
  hangs around for deleted objcts. Because the attributes now persist
  across test case runs, I've used a different attribute to normal.
  (Technically, the dirsync search expressions are now specific enough
  that the regular attribute could be used, but it would make things
  quite fragile if someone tried to add a new test case).
- To handle searching for deleted objects, the search expressions are
  now more complicated. Currently dirsync adds an extra-filter to the
  '!' searches to exclude deleted objects, i.e. samaccountname matches
  the test-objects AND the object is not deleted. We now extend this to
  include deleted objects with lastKnownParent equal to the test OU.
  The search expression matches either case so that we can use the same
  expression throughout the test (regardless of whether the object is
  deleted yet or not).

This test proves that the dirsync corner-case does not actually leak
sensitive information on Samba. This is due to a bug in the dirsync
code - when the buggy line is removed, this new test promptly fails.
Test also passes against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-13 09:13:36 +02:00
..
auth s4:gensec_gssapi: Correctly handle external trusts with MIT 2017-03-14 12:18:27 +01:00
build/pasn1
cldap_server Avoid including libds/common/roles.h in public loadparm.h header. 2016-01-13 04:43:23 +01:00
client smbclient4: xfile->stdio 2016-12-11 11:17:23 +01:00
cluster Remove callers of lp_use_ntdb 2015-03-17 11:30:51 +01:00
dns_server dnsserver_common: Add name check in name2dn 2016-12-12 05:00:19 +01:00
dsdb CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case 2018-08-13 09:13:36 +02:00
echo_server Avoid including libds/common/roles.h in public loadparm.h header. 2016-01-13 04:43:23 +01:00
heimdal Revert "HEIMDAL:kdc: fix memory leak when decryption AuthorizationData" 2018-02-21 15:14:49 +01:00
heimdal_build Wrap krb5_cc_copy_creds and krb5_cc_copy_cache 2016-07-25 21:27:57 +02:00
include lib: Remove global xfile.h includes 2016-11-20 06:23:19 +01:00
kdc Revert "s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob" 2018-02-21 11:23:24 +01:00
ldap_server s4:ldap_server: match windows in the error messages of failing LDAP Bind requests 2017-03-06 19:40:23 +01:00
lib lib/registry/regf: better initialise nk_block 2016-11-30 20:36:24 +01:00
libcli CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control 2018-03-13 10:28:56 +01:00
libnet py_net: make use of pytalloc_GenericObject_steal() 2017-02-28 16:55:16 +01:00
librpc pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping 2017-02-28 16:55:16 +01:00
nbt_server dlist: remove unneeded type argument from DLIST_ADD_END() 2016-02-06 21:48:17 +01:00
ntp_signd build: Build with system md5.h on OpenIndiana 2013-06-19 21:32:36 +02:00
ntvfs wbclient: "ev" is no longer used in wbc_xids_to_sids 2016-09-28 00:04:36 +02:00
param s4:pyparam: Fix resource leaks on error 2017-11-02 13:01:22 +01:00
rpc_server dnsserver: Stop dns_name_equal doing OOB read 2017-07-13 20:01:25 +02:00
script find_unused_macros: Remove obsolete script that finds unused macros. 2014-08-31 21:21:13 +02:00
scripting s4:scripting: use generate_random_machine_password() for machine passwords 2017-02-25 01:34:34 +01:00
selftest CVE-2018-10919 tests: Add tests for guessing confidential attributes 2018-08-13 09:13:35 +02:00
setup CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control 2018-03-13 10:28:56 +01:00
smb_server pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFID 2016-08-19 09:35:14 +02:00
smbd samba: Only use async signal-safe functions in signal handler 2018-02-20 17:03:44 +01:00
torture torture: Test compound request request counters 2018-04-12 21:56:31 +02:00
utils man pages: change http://samba.org to https://www.samba.org 2016-12-09 13:10:26 +01:00
web_server python: Remove Python 2.4 support macros 2016-01-07 23:33:10 +01:00
winbind winbind4: Remove unused code 2017-01-02 18:04:13 +01:00
wrepl_server dlist: remove unneeded type argument from DLIST_ADD_END() 2016-02-06 21:48:17 +01:00
.clang_complete
.valgrind_suppressions
wscript_build Do not install smbclient4 and nmblookup4 2014-04-15 03:25:13 +02:00