112 lines
3.0 KiB
Diff
112 lines
3.0 KiB
Diff
From 409447f3258b87745a2248570278b1c6da8991f4 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Tue, 16 Jul 2019 15:40:38 +0200
|
|
Subject: [PATCH 5/6] CVE-2019-10197: test_smbclient_s3.sh: add regression test
|
|
for the no permission on share root problem
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
---
|
|
selftest/knownfail.d/CVE-2019-10197 | 1 +
|
|
selftest/target/Samba3.pm | 12 +++++++++
|
|
source3/script/tests/test_smbclient_s3.sh | 30 +++++++++++++++++++++++
|
|
3 files changed, 43 insertions(+)
|
|
create mode 100644 selftest/knownfail.d/CVE-2019-10197
|
|
|
|
diff --git a/selftest/knownfail.d/CVE-2019-10197 b/selftest/knownfail.d/CVE-2019-10197
|
|
new file mode 100644
|
|
index 000000000000..f7056bbf3ad4
|
|
--- /dev/null
|
|
+++ b/selftest/knownfail.d/CVE-2019-10197
|
|
@@ -0,0 +1 @@
|
|
+^samba3.blackbox.smbclient_s3.*.noperm.share.regression
|
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
index f7eb314138a0..2f491441815f 100755
|
|
--- a/selftest/target/Samba3.pm
|
|
+++ b/selftest/target/Samba3.pm
|
|
@@ -1516,6 +1516,9 @@ sub provision($$$$$$$$$)
|
|
my $ro_shrdir="$shrdir/root-tmp";
|
|
push(@dirs,$ro_shrdir);
|
|
|
|
+ my $noperm_shrdir="$shrdir/noperm-tmp";
|
|
+ push(@dirs,$noperm_shrdir);
|
|
+
|
|
my $msdfs_shrdir="$shrdir/msdfsshare";
|
|
push(@dirs,$msdfs_shrdir);
|
|
|
|
@@ -1586,6 +1589,11 @@ sub provision($$$$$$$$$)
|
|
chmod 0755, $piddir;
|
|
|
|
|
|
+ ##
|
|
+ ## Create a directory without permissions to enter
|
|
+ ##
|
|
+ chmod 0000, $noperm_shrdir;
|
|
+
|
|
##
|
|
## create ro and msdfs share layout
|
|
##
|
|
@@ -1902,6 +1910,10 @@ sub provision($$$$$$$$$)
|
|
[ro-tmp]
|
|
path = $ro_shrdir
|
|
guest ok = yes
|
|
+[noperm]
|
|
+ path = $noperm_shrdir
|
|
+ wide links = yes
|
|
+ guest ok = yes
|
|
[write-list-tmp]
|
|
path = $shrdir
|
|
read only = yes
|
|
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
|
|
index bf033ccd2fbf..0bae1d78fac9 100755
|
|
--- a/source3/script/tests/test_smbclient_s3.sh
|
|
+++ b/source3/script/tests/test_smbclient_s3.sh
|
|
@@ -1329,6 +1329,32 @@ EOF
|
|
fi
|
|
}
|
|
|
|
+#
|
|
+# Regression test for CVE-2019-10197
|
|
+# we should always get ACCESS_DENIED
|
|
+#
|
|
+test_noperm_share_regression()
|
|
+{
|
|
+ cmd='$SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/noperm -I $SERVER_IP $LOCAL_ADDARGS -c "ls;ls" 2>&1'
|
|
+ eval echo "$cmd"
|
|
+ out=`eval $cmd`
|
|
+ ret=$?
|
|
+ if [ $ret -eq 0 ] ; then
|
|
+ echo "$out"
|
|
+ echo "failed accessing no perm share should not work"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ num=`echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' | wc -l`
|
|
+ if [ "$num" -ne "2" ] ; then
|
|
+ echo "$out"
|
|
+ echo "failed num[$num] - two NT_STATUS_ACCESS_DENIED lines expected"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ return 0
|
|
+}
|
|
+
|
|
# Test smbclient deltree command
|
|
test_deltree()
|
|
{
|
|
@@ -1857,6 +1883,10 @@ testit "follow local symlinks" \
|
|
test_local_symlinks || \
|
|
failed=`expr $failed + 1`
|
|
|
|
+testit "noperm share regression" \
|
|
+ test_noperm_share_regression || \
|
|
+ failed=`expr $failed + 1`
|
|
+
|
|
testit "smbclient deltree command" \
|
|
test_deltree || \
|
|
failed=`expr $failed + 1`
|
|
--
|
|
2.17.1
|
|
|