samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

History

Tim Beale 9eb8340e32 CVE-2018-10919 tests: Add test case for object visibility with limited rights

Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e.
attribute=*) searches compared to Windows.

All the acl.py tests are based on objectClass=* searches, where Windows
will happily tell a user about objects they have List Contents rights,
but not Read Property rights for. However, if you change the attribute
being searched for, suddenly the objects are no longer visible on
Windows (whereas they are on Samba).

This is a problem, because Samba can tell you about which objects have
confidential attributes, which in itself could be disclosive.

This patch adds a acl.py test-case that highlights this behaviour. The
test passes against Windows but fails against Samba.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

2018-08-14 13:57:16 +02:00

acl

CVE-2018-10919 tests: Add test case for object visibility with limited rights

2018-08-14 13:57:16 +02:00

confidential_attr

CVE-2018-10919 tests: Add tests for guessing confidential attributes

2018-08-14 13:57:15 +02:00

dns

dns scavenging: Add extra tests for custom filter

2018-08-06 05:36:42 +02:00

encrypted_secrets

selftest fl2000dc provision with --plaintext-secrets

2017-12-18 00:10:17 +01:00

getncchanges

getncchanges.py: Add a multi-valued linked attribute test

2017-09-18 05:51:25 +02:00

keytab

auth: keytab invalidation fix

2018-05-15 15:45:08 +02:00

labdc

selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed

2018-07-10 04:42:10 +02:00

netlogon

smbtorture: Add more tests around NETLOGON challenge reuse

2017-06-27 16:57:42 +02:00

ntlmv1-restrictions

selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options

2017-07-04 06:57:20 +02:00

ntlmv2-restrictions

s4:selftest: replace --option=usespnego= with --option=clientusespnego=

2018-01-10 01:01:24 +01:00

password_settings

tests: Add tests for domain pwdHistoryLength

2018-05-23 06:55:32 +02:00

README

selftest: use an additional directory of knownfail/flapping files

2017-06-03 13:55:41 +02:00

replica_sync

selftest: Add test for a re-animated object conflict

2017-09-26 05:33:17 +02:00

s3-lsa-server

test_trust_ntlm.sh: add lookup name tests

2018-02-21 14:19:19 +01:00

samba3.vfs.fruit

s3:smbd: don't allow renaming basefile if streams are open

2018-05-30 19:10:26 +02:00

smbclient-smb3

s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3

2017-06-27 16:57:48 +02:00

upn_handling

s3:winbind: Do not lookup local system accounts in AD

2018-07-04 23:55:56 +02:00

README

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines begining with '#' are ignored.
# Please don't add tests to this README!