From be504b486d78133fd28ad3d7adfe589a99338846 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 21 Mar 2019 17:21:58 +1300
Subject: [PATCH 3/5] CVE-2019-3870 pysmbd: Include tests to show the outside
 umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 python/samba/tests/ntacls_backup.py | 13 +++++++++++++
 python/samba/tests/smbd_base.py     |  2 +-
 selftest/knownfail.d/pymkdir-umask  |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 selftest/knownfail.d/pymkdir-umask

diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index 763804fd63f..b7defd35903 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -112,6 +112,12 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
 
         dirpath = os.path.join(self.service_root, 'a-dir')
         smbd.mkdir(dirpath, self.service)
+        mode = os.stat(dirpath).st_mode
+
+        # This works in conjunction with the TEST_UMASK in smbd_base
+        # to ensure that permissions are not related to the umask
+        # but instead the smb.conf settings
+        self.assertEquals(mode & 0o777, 0o755)
         self.assertTrue(os.path.isdir(dirpath))
 
     def test_smbd_create_file(self):
@@ -123,6 +129,13 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
         smbd.create_file(filepath, self.service)
         self.assertTrue(os.path.isfile(filepath))
 
+        mode = os.stat(filepath).st_mode
+
+        # This works in conjunction with the TEST_UMASK in smbd_base
+        # to ensure that permissions are not related to the umask
+        # but instead the smb.conf settings
+        self.assertEquals(mode & 0o777, 0o644)
+
         # As well as checking that unlink works, this removes the
         # fake xattrs from the dev/inode based DB
         smbd.unlink(filepath, self.service)
diff --git a/python/samba/tests/smbd_base.py b/python/samba/tests/smbd_base.py
index 4e5c3641e2c..b49bcc0828f 100644
--- a/python/samba/tests/smbd_base.py
+++ b/python/samba/tests/smbd_base.py
@@ -17,7 +17,7 @@
 from samba.tests import TestCaseInTempDir
 import os
 
-TEST_UMASK = 0o022
+TEST_UMASK = 0o042
 
 class SmbdBaseTests(TestCaseInTempDir):
 
diff --git a/selftest/knownfail.d/pymkdir-umask b/selftest/knownfail.d/pymkdir-umask
new file mode 100644
index 00000000000..5af01be44e3
--- /dev/null
+++ b/selftest/knownfail.d/pymkdir-umask
@@ -0,0 +1 @@
+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_mkdir
\ No newline at end of file
-- 
2.11.0