diff options
| author | Jeremy Allison <jra@samba.org> | 2016-01-07 14:26:35 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:38:54 +0100 |
| commit | 5b5fcbf8a535c196b38a1c4028f43770d5938dcf (patch) | |
| tree | 2bc3b6b99c6ed37507ec983a2033dcadd778d129 | |
| parent | 2a7b77b4704ab17a8576eeda9f194e6f4693f1e5 (diff) | |
| download | samba-5b5fcbf8a535c196b38a1c4028f43770d5938dcf.tar.gz | |
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | selftest/knownfail | 1 | ||||
| -rwxr-xr-x | source3/selftest/tests.py | 2 | ||||
| -rw-r--r-- | source3/torture/torture.c | 178 |
3 files changed, 180 insertions, 1 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index ac374c0dab1..bf35b75d558 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -17,6 +17,7 @@ ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index abd9b3ff0b8..02adeed5c7a 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -79,7 +79,7 @@ tests = ["RW1", "RW2", "RW3"] for t in tests: plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) -posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"] +posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA"] for t in posix_tests: plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 82ff1ca236d..78803cf7b5a 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5951,6 +5951,183 @@ static bool run_acl_symlink_test(int dummy) return correct; } +/* + Test setting EA's are rejected on symlinks. + */ +static bool run_ea_symlink_test(int dummy) +{ + static struct cli_state *cli; + const char *fname = "posix_file_ea"; + const char *sname = "posix_symlink_ea"; + const char *ea_name = "testea_name"; + const char *ea_value = "testea_value"; + uint16_t fnum = (uint16_t)-1; + bool correct = false; + NTSTATUS status; + size_t i, num_eas; + struct ea_struct *eas = NULL; + TALLOC_CTX *frame = NULL; + + frame = talloc_stackframe(); + + printf("Starting EA symlink test\n"); + + if (!torture_open_connection(&cli, 0)) { + TALLOC_FREE(frame); + return false; + } + + smbXcli_conn_set_sockopt(cli->conn, sockops); + + status = torture_setup_unix_extensions(cli); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return false; + } + + cli_setatr(cli, fname, 0, 0); + cli_posix_unlink(cli, fname); + cli_setatr(cli, sname, 0, 0); + cli_posix_unlink(cli, sname); + + status = cli_ntcreate(cli, + fname, + 0, + READ_CONTROL_ACCESS, + 0, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_CREATE, + 0x0, + 0x0, + &fnum, + NULL); + + if (!NT_STATUS_IS_OK(status)) { + printf("cli_ntcreate of %s failed (%s)\n", + fname, + nt_errstr(status)); + goto out; + } + + status = cli_close(cli, fnum); + if (!NT_STATUS_IS_OK(status)) { + printf("close failed (%s)\n", + nt_errstr(status)); + goto out; + } + fnum = (uint16_t)-1; + + /* Set an EA on the path. */ + status = cli_set_ea_path(cli, + fname, + ea_name, + ea_value, + strlen(ea_value)+1); + + if (!NT_STATUS_IS_OK(status)) { + printf("cli_set_ea_path failed (%s)\n", + nt_errstr(status)); + goto out; + } + + /* Now create a symlink. */ + status = cli_posix_symlink(cli, fname, sname); + if (!NT_STATUS_IS_OK(status)) { + printf("cli_posix_symlink of %s -> %s failed (%s)\n", + sname, + fname, + nt_errstr(status)); + goto out; + } + + /* Get the EA list on the path. Should return value set. */ + status = cli_get_ea_list_path(cli, + fname, + frame, + &num_eas, + &eas); + + if (!NT_STATUS_IS_OK(status)) { + printf("cli_get_ea_list_path failed (%s)\n", + nt_errstr(status)); + goto out; + } + + /* Ensure the EA we set is there. */ + for (i=0; i<num_eas; i++) { + if (strcmp(eas[i].name, ea_name) == 0 && + eas[i].value.length == strlen(ea_value)+1 && + memcmp(eas[i].value.data, + ea_value, + eas[i].value.length) == 0) { + break; + } + } + + if (i == num_eas) { + printf("Didn't find EA on pathname %s\n", + fname); + goto out; + } + + num_eas = 0; + TALLOC_FREE(eas); + + /* Get the EA list on the symlink. Should return empty list. */ + status = cli_get_ea_list_path(cli, + sname, + frame, + &num_eas, + &eas); + + if (!NT_STATUS_IS_OK(status)) { + printf("cli_get_ea_list_path failed (%s)\n", + nt_errstr(status)); + goto out; + } + + if (num_eas != 0) { + printf("cli_get_ea_list_path failed (%s)\n", + nt_errstr(status)); + goto out; + } + + /* Set an EA on the symlink. Should fail. */ + status = cli_set_ea_path(cli, + sname, + ea_name, + ea_value, + strlen(ea_value)+1); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("cli_set_ea_path on a symlink gave %s. " + "Should be NT_STATUS_ACCESS_DENIED.\n", + nt_errstr(status)); + goto out; + } + + printf("EA symlink test passed\n"); + correct = true; + + out: + + if (fnum != (uint16_t)-1) { + cli_close(cli, fnum); + fnum = (uint16_t)-1; + } + + cli_setatr(cli, sname, 0, 0); + cli_posix_unlink(cli, sname); + cli_setatr(cli, fname, 0, 0); + cli_posix_unlink(cli, fname); + + if (!torture_close_connection(cli)) { + correct = false; + } + + TALLOC_FREE(frame); + return correct; +} static uint32 open_attrs_table[] = { FILE_ATTRIBUTE_NORMAL, @@ -9656,6 +9833,7 @@ static struct { {"POSIX", run_simple_posix_open_test, 0}, {"POSIX-APPEND", run_posix_append, 0}, {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0}, + {"POSIX-SYMLINK-EA", run_ea_symlink_test, 0}, {"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0}, {"ASYNC-ECHO", run_async_echo, 0}, { "UID-REGRESSION-TEST", run_uid_regression_test, 0}, |