diff options
author | Isaac Boukris <iboukris@gmail.com> | 2018-08-18 16:01:59 +0300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-12-04 13:55:09 +0100 |
commit | a2f4d49c1c545d9a64d34d0413f3e840d8f109f6 (patch) | |
tree | 40d0fcab9128059bf8d0235ec455497d3ae39cad | |
parent | 09f9bb2837180ca27085b27aa636bfbae975f294 (diff) | |
download | samba-a2f4d49c1c545d9a64d34d0413f3e840d8f109f6.tar.gz |
CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rwxr-xr-x | testprogs/blackbox/test_kinit_mit.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh index 370542536e1..f691b0f15d7 100755 --- a/testprogs/blackbox/test_kinit_mit.sh +++ b/testprogs/blackbox/test_kinit_mit.sh @@ -24,6 +24,7 @@ samba_srcdir="$SRCDIR/source4" samba_kinit=kinit samba_kdestroy=kdestroy samba_kpasswd=kpasswd +samba_kvno=kvno samba_tool="$samba_bindir/samba-tool" samba_texpect="$samba_bindir/texpect" @@ -299,6 +300,17 @@ test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes || testit "reset password policies" $VALGRIND $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1` +########################################################### +### Test basic s4u2self request +########################################################### + +# Use previous acquired machine creds to request a ticket for self. +# We expect it to fail for now. +MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM" +$samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT +# But we expect the KDC to be up and running still +testit "kinit with machineaccountccache after s4u2self" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1` + ### Cleanup $samba_kdestroy |