1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/selftest
Tim Beale fc45da529d CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches
A user that doesn't have access to view an attribute can still guess the
attribute's value via repeated LDAP searches. This affects confidential
attributes, as well as ACLs applied to an object/attribute to deny
access.

Currently the code will hide objects if the attribute filter contains an
attribute they are not authorized to see. However, the code still
returns objects as results if confidential attribute is in the search
expression itself, but not in the attribute filter.

To fix this problem we have to check the access rights on the attributes
in the search-tree, as well as the attributes returned in the message.

Points of note:
- I've preserved the existing dirsync logic (the dirsync module code
  suppresses the result as long as the replPropertyMetaData attribute is
  removed). However, there doesn't appear to be any test that highlights
  that this functionality is required for dirsync.
- To avoid this fix breaking the acl.py tests, we need to still permit
  searches like 'objectClass=*', even though we don't have Read Property
  access rights for the objectClass attribute. The logic that Windows
  uses does not appear to be clearly documented, so I've made a best
  guess that seems to mirror Windows behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-14 13:57:16 +02:00
..
flapping.d samba_tool_showrepl_pull_summary_all_good is flapping 2018-07-05 04:01:26 +02:00
gnupg selftest:gnupg: add a gpg key for Samba Selftest <selftest@samba.example.com> 2016-07-22 16:03:27 +02:00
knownfail.d CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches 2018-08-14 13:57:16 +02:00
manage-ca selftest/manage-ca: update manage-CA-samba.example.com.sh 2016-07-22 23:34:21 +02:00
target selftest: Load time_audit and full_audit modules for all tests 2018-08-13 22:35:20 +02:00
devel_env.sh selftest: Add a bash env file you can source. 2014-04-17 14:56:05 +02:00
filter-subunit selftest: use an additional directory of knownfail/flapping files 2017-06-03 13:55:41 +02:00
flapping source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections 2017-05-25 02:25:13 +02:00
format-subunit format-subunit: Remove import of unnecessary third party modules testtools and subunit. 2015-03-06 04:41:47 +01:00
format-subunit-json selftest/wscript: format perftest as json 2016-08-31 07:09:26 +02:00
gdb_backtrace selftest/gdb_*: make use of 'mktemp' 2016-12-01 05:54:21 +01:00
gdb_backtrace_test.c
gdb_run selftest/gdb_*: make use of 'mktemp' 2016-12-01 05:54:21 +01:00
in_screen selftest: Give tmux a bit of time to establish 2017-06-21 03:14:17 +02:00
knownfail CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". 2018-08-14 13:57:15 +02:00
perf_tests.py add provision performance tests 2017-06-23 02:25:25 +02:00
quick
README Remove documentation for testsuite-count subunit extension, which is no longer used. 2015-02-17 15:41:10 +01:00
save.env.sh selftest: add save.env.sh helper script. 2016-06-27 05:00:15 +02:00
selftest.pl selftest: Allow make test to run with --address-sanitizer 2018-05-03 08:17:44 +02:00
selftest.pl.1
selftesthelpers.py selftest: convert print func to be py2/py3 compatible 2018-03-23 07:28:24 +01:00
skip torture: Remove GETADDRINFO test 2017-10-20 20:03:13 +02:00
skip_mit_kdc selftest: Skip s4u2proxy tests, no support yet 2017-04-29 23:31:11 +02:00
skip.no-GSS_KRB5_CRED_NO_CI_FLAGS_X script/autobuild.py: try make test TESTS=samba3.*ktest for samba-systemkrb5 2017-01-10 13:54:17 +01:00
slow
SocketWrapper.pm
Subunit.pm selftest: consistently produce high-res UTC time 2018-03-22 13:26:44 +01:00
subunithelper.py python: bulk replace dict.iteritems to items for py3 2018-04-13 07:27:12 +02:00
tap2subunit Add basic tap2subunit converter, rather than relying on the one from subunit-tools. 2015-03-06 04:41:47 +01:00
tests.py CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() 2018-08-14 13:57:15 +02:00
TODO
valgrind_run selftest: set valgrind options 2013-12-11 17:14:21 +01:00
wscript selftest: Allow make test to run with --address-sanitizer 2018-05-03 08:17:44 +02:00

# vim: ft=rst

This directory contains test scripts that are useful for running a
bunch of tests all at once.

There are two parts to this:

 * The test runner (selftest/selftest.pl)
 * The test formatter

selftest.pl simply outputs subunit, which can then be formatted or analyzed
by tools that understand the subunit protocol. One of these tools is
format-subunit, which is used by default as part of "make test".

Available testsuites
====================
The available testsuites are obtained from a script, usually
source{3,4}/selftest/tests.py. This script should for each testsuite output
the name of the test, the command to run and the environment that should be
provided. Use the included "plantest" function to generate the required output.

Testsuite behaviour
===================

Exit code
------------
The testsuites should exit with a non-zero exit code if at least one
test failed. Skipped tests should not influence the exit code.

Output format
-------------
Testsuites can simply use the exit code to indicate whether all of their
tests have succeeded or one or more have failed. It is also possible to
provide more granular information using the Subunit protocol.

This protocol works by writing simple messages to standard output. Any
messages that can not be interpreted by this protocol are considered comments
for the last announced test.

For a full description of the subunit protocol, see the README file in the subunit
repository at http://github.com/testing-cabal/subunit.

The following commands are Samba extensions to Subunit:

start-testsuite
~~~~~~~~~~~~~~~
start-testsuite: name

The testsuite name is used as prefix for all containing tests.

skip-testsuite
~~~~~~~~~~~~~~
skip-testsuite: name

Mark the testsuite with the specified name as skipped.

testsuite-success
~~~~~~~~~~~~~~~~~
testsuite-success: name

Indicate that the testsuite has succeeded successfully.

testsuite-fail
~~~~~~~~~~~~~~
testsuite-fail: name

Indicate that a testsuite has failed.

Environments
============
Tests often need to run against a server with particular things set up,
a "environment". This environment is provided by the test "target": Samba 3,
Samba 4 or Windows.

The environments are currently available include

 - none: No server set up, no variables set.
 - dc,s3dc: Domain controller set up. The following environment variables will
   be set:

     * USERNAME: Administrator user name
     * PASSWORD: Administrator password
     * DOMAIN: Domain name
     * REALM: Realm name
     * SERVER: DC host name
     * SERVER_IP: DC IPv4 address
     * SERVER_IPV6: DC IPv6 address
     * NETBIOSNAME: DC NetBIOS name
     * NETIOSALIAS: DC NetBIOS alias

 - member,s4member,s3member: Domain controller and member server that is joined to it set up. The
   following environment variables will be set:

     * USERNAME: Domain administrator user name
     * PASSWORD: Domain administrator password
     * DOMAIN: Domain name
     * REALM: Realm name
     * SERVER: Name of the member server

See Samba.pm, Samba3.pm and Samba4.pm for the full list.

Running tests
=============

To run all the tests use::

   make test

To run a quicker subset run::

   make quicktest

To run a specific test, use this syntax::

   make test TESTS=testname

for example::

   make test TESTS=samba4.BASE-DELETE