samba/CVE-2019-3870-1.patch

From c25348e1f2a7fd0801e06918d67c469f1912f311 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale@catalyst.net.nz>
Date: Fri, 15 Mar 2019 15:20:21 +1300
Subject: [PATCH 1/5] CVE-2019-3870 tests: Extend smbd tests to check for umask
 being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(This backport to Samba 4.9 by Andrew Bartlett was not a pure
cherry-pick due to merge conflicts)
---
 python/samba/tests/ntacls_backup.py |  4 ++--
 python/samba/tests/posixacl.py      |  4 ++--
 python/samba/tests/smbd_base.py     | 48 +++++++++++++++++++++++++++++++++++++
 selftest/knownfail.d/umask-leak     |  3 +++
 4 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 python/samba/tests/smbd_base.py
 create mode 100644 selftest/knownfail.d/umask-leak

diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index 9ab264a27fd..763804fd63f 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -27,10 +27,10 @@ from samba import ntacls
 from samba.auth import system_session
 from samba.param import LoadParm
 from samba.dcerpc import security
-from samba.tests import TestCaseInTempDir
+from samba.tests.smbd_base import SmbdBaseTests
 
 
-class NtaclsBackupRestoreTests(TestCaseInTempDir):
+class NtaclsBackupRestoreTests(SmbdBaseTests):
     """
     Tests for NTACLs backup and restore.
     """
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index 8b48825fc6f..2005f4eef59 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -20,7 +20,7 @@
 
 from samba.ntacls import setntacl, getntacl, checkset_backend
 from samba.dcerpc import security, smb_acl, idmap
-from samba.tests import TestCaseInTempDir
+from samba.tests.smbd_base import SmbdBaseTests
 from samba import provision
 import os
 from samba.samba3 import smbd, passdb
@@ -32,7 +32,7 @@ DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"
 ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
 
 
-class PosixAclMappingTests(TestCaseInTempDir):
+class PosixAclMappingTests(SmbdBaseTests):
 
     def setUp(self):
         super(PosixAclMappingTests, self).setUp()
diff --git a/python/samba/tests/smbd_base.py b/python/samba/tests/smbd_base.py
new file mode 100644
index 00000000000..4e5c3641e2c
--- /dev/null
+++ b/python/samba/tests/smbd_base.py
@@ -0,0 +1,48 @@
+# Unix SMB/CIFS implementation. Common code for smbd python bindings tests
+# Copyright (C) Catalyst.Net Ltd 2019
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+from samba.tests import TestCaseInTempDir
+import os
+
+TEST_UMASK = 0o022
+
+class SmbdBaseTests(TestCaseInTempDir):
+
+    def get_umask(self):
+        # we can only get the umask by setting it to something
+        curr_umask = os.umask(0)
+        # restore the old setting
+        os.umask(curr_umask)
+        return curr_umask
+
+    def setUp(self):
+        super(SmbdBaseTests, self).setUp()
+        self.orig_umask = self.get_umask()
+
+        # set an arbitrary umask - the underlying smbd code should override
+        # this, but it allows us to check if umask is left unset
+        os.umask(TEST_UMASK)
+
+    def tearDown(self):
+        # the current umask should be what we set it to earlier - if it's not,
+        # it indicates the code has changed it and not restored it
+        self.assertEqual(self.get_umask(), TEST_UMASK,
+                         "umask unexpectedly overridden by test")
+
+        # restore the original umask value (before we interferred with it)
+        os.umask(self.orig_umask)
+
+        super(SmbdBaseTests, self).tearDown()
diff --git a/selftest/knownfail.d/umask-leak b/selftest/knownfail.d/umask-leak
new file mode 100644
index 00000000000..5580beb4b68
--- /dev/null
+++ b/selftest/knownfail.d/umask-leak
@@ -0,0 +1,3 @@
+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_create_file
+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_online
+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_offline
-- 
2.11.0
Package init 2019-09-30 11:16:38 -04:00			`From c25348e1f2a7fd0801e06918d67c469f1912f311 Mon Sep 17 00:00:00 2001`
			`From: Tim Beale <timbeale@catalyst.net.nz>`
			`Date: Fri, 15 Mar 2019 15:20:21 +1300`
			`Subject: [PATCH 1/5] CVE-2019-3870 tests: Extend smbd tests to check for umask`
			`being overwritten`

			`The smbd changes the umask - if the code fails to restore the umask to`
			`what it was, then this is very bad. Add an extra check to every`
			`smbd-related test that the umask at the end of the test is the same as`
			`what it was at the beginning (i.e. if the smbd code changed the umask`
			`then it correctly restored the value afterwards).`

			`As the selftest sets the umask for all tests to zero, it makes it hard`
			`to detect this problem, so the test setUp() needs to set it to something`
			`else first.`

			`This extra checking is added to the setUp()/tearDown() so that it`
			`applies to all test-cases. However, any failure that occur with this`
			`approach will not be able to be known-failed.`

			`BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834`

			`Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>`
			`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`

			`(This backport to Samba 4.9 by Andrew Bartlett was not a pure`
			`cherry-pick due to merge conflicts)`
			`---`
			`python/samba/tests/ntacls_backup.py \| 4 ++--`
			`python/samba/tests/posixacl.py \| 4 ++--`
			`python/samba/tests/smbd_base.py \| 48 +++++++++++++++++++++++++++++++++++++`
			`selftest/knownfail.d/umask-leak \| 3 +++`
			`4 files changed, 55 insertions(+), 4 deletions(-)`
			`create mode 100644 python/samba/tests/smbd_base.py`
			`create mode 100644 selftest/knownfail.d/umask-leak`

			`diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py`
			`index 9ab264a27fd..763804fd63f 100644`
			`--- a/python/samba/tests/ntacls_backup.py`
			`+++ b/python/samba/tests/ntacls_backup.py`
			`@@ -27,10 +27,10 @@ from samba import ntacls`
			`from samba.auth import system_session`
			`from samba.param import LoadParm`
			`from samba.dcerpc import security`
			`-from samba.tests import TestCaseInTempDir`
			`+from samba.tests.smbd_base import SmbdBaseTests`


			`-class NtaclsBackupRestoreTests(TestCaseInTempDir):`
			`+class NtaclsBackupRestoreTests(SmbdBaseTests):`
			`"""`
			`Tests for NTACLs backup and restore.`
			`"""`
			`diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py`
			`index 8b48825fc6f..2005f4eef59 100644`
			`--- a/python/samba/tests/posixacl.py`
			`+++ b/python/samba/tests/posixacl.py`
			`@@ -20,7 +20,7 @@`

			`from samba.ntacls import setntacl, getntacl, checkset_backend`
			`from samba.dcerpc import security, smb_acl, idmap`
			`-from samba.tests import TestCaseInTempDir`
			`+from samba.tests.smbd_base import SmbdBaseTests`
			`from samba import provision`
			`import os`
			`from samba.samba3 import smbd, passdb`
			`@@ -32,7 +32,7 @@ DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"`
			`ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"`


			`-class PosixAclMappingTests(TestCaseInTempDir):`
			`+class PosixAclMappingTests(SmbdBaseTests):`

			`def setUp(self):`
			`super(PosixAclMappingTests, self).setUp()`
			`diff --git a/python/samba/tests/smbd_base.py b/python/samba/tests/smbd_base.py`
			`new file mode 100644`
			`index 00000000000..4e5c3641e2c`
			`--- /dev/null`
			`+++ b/python/samba/tests/smbd_base.py`
			`@@ -0,0 +1,48 @@`
			`+# Unix SMB/CIFS implementation. Common code for smbd python bindings tests`
			`+# Copyright (C) Catalyst.Net Ltd 2019`
			`+#`
			`+# This program is free software; you can redistribute it and/or modify`
			`+# it under the terms of the GNU General Public License as published by`
			`+# the Free Software Foundation; either version 3 of the License, or`
			`+# (at your option) any later version.`
			`+#`
			`+# This program is distributed in the hope that it will be useful,`
			`+# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`+# GNU General Public License for more details.`
			`+#`
			`+# You should have received a copy of the GNU General Public License`
			`+# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`+#`
			`+from samba.tests import TestCaseInTempDir`
			`+import os`
			`+`
			`+TEST_UMASK = 0o022`
			`+`
			`+class SmbdBaseTests(TestCaseInTempDir):`
			`+`
			`+ def get_umask(self):`
			`+ # we can only get the umask by setting it to something`
			`+ curr_umask = os.umask(0)`
			`+ # restore the old setting`
			`+ os.umask(curr_umask)`
			`+ return curr_umask`
			`+`
			`+ def setUp(self):`
			`+ super(SmbdBaseTests, self).setUp()`
			`+ self.orig_umask = self.get_umask()`
			`+`
			`+ # set an arbitrary umask - the underlying smbd code should override`
			`+ # this, but it allows us to check if umask is left unset`
			`+ os.umask(TEST_UMASK)`
			`+`
			`+ def tearDown(self):`
			`+ # the current umask should be what we set it to earlier - if it's not,`
			`+ # it indicates the code has changed it and not restored it`
			`+ self.assertEqual(self.get_umask(), TEST_UMASK,`
			`+ "umask unexpectedly overridden by test")`
			`+`
			`+ # restore the original umask value (before we interferred with it)`
			`+ os.umask(self.orig_umask)`
			`+`
			`+ super(SmbdBaseTests, self).tearDown()`
			`diff --git a/selftest/knownfail.d/umask-leak b/selftest/knownfail.d/umask-leak`
			`new file mode 100644`
			`index 00000000000..5580beb4b68`
			`--- /dev/null`
			`+++ b/selftest/knownfail.d/umask-leak`
			`@@ -0,0 +1,3 @@`
			`+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_create_file`
			`+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_online`
			`+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_backup_offline`
			`--`
			`2.11.0`