diff options
author | Jeremy Allison <jra@samba.org> | 2021-12-07 22:15:46 -0800 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-01-31 12:23:53 +0100 |
commit | d46ffccc0780b9ef6b5a49e3e17b665345bd4362 (patch) | |
tree | edfc50466c409408efe11ab9010d618f85dc04af | |
parent | 9371ace08e603c745be14d6131b7a7713b36e782 (diff) | |
download | samba-d46ffccc0780b9ef6b5a49e3e17b665345bd4362.tar.gz |
CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
Add a knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | selftest/knownfail.d/posix_sylink_rename | 1 | ||||
-rwxr-xr-x | source3/script/tests/test_symlink_rename_smb1_posix.sh | 186 | ||||
-rwxr-xr-x | source3/selftest/tests.py | 5 |
3 files changed, 192 insertions, 0 deletions
diff --git a/selftest/knownfail.d/posix_sylink_rename b/selftest/knownfail.d/posix_sylink_rename new file mode 100644 index 00000000000..9c3cc0a41ba --- /dev/null +++ b/selftest/knownfail.d/posix_sylink_rename @@ -0,0 +1 @@ +^samba3.blackbox.test_symlink_rename.SMB1.posix.symlink_rename_SMB1_posix\(fileserver_smb1_done\) diff --git a/source3/script/tests/test_symlink_rename_smb1_posix.sh b/source3/script/tests/test_symlink_rename_smb1_posix.sh new file mode 100755 index 00000000000..7d2e0037b8d --- /dev/null +++ b/source3/script/tests/test_symlink_rename_smb1_posix.sh @@ -0,0 +1,186 @@ +#!/bin/sh + +if [ $# -lt 7 ]; then +cat <<EOF +Usage: test_symlink_rename_smb1_posix.sh SERVER SERVER_IP USERNAME PASSWORD LOCAL_PATH PREFIX SMBCLIENT +EOF +exit 1; +fi + +SERVER="${1}" +SERVER_IP="${2}" +USERNAME="${3}" +PASSWORD="${4}" +LOCAL_PATH="${5}" +PREFIX="${6}" +SMBCLIENT="${7}" +SMBCLIENT="$VALGRIND ${SMBCLIENT}" +shift 6 + +incdir=$(dirname "$0")/../../../testprogs/blackbox +. "$incdir"/subunit.sh + +failed=0 + +# Do not let deprecated option warnings muck this up +SAMBA_DEPRECATED_SUPPRESS=1 +export SAMBA_DEPRECATED_SUPPRESS + + +# Define the test environment/filenames. +# +share_test_dir="$LOCAL_PATH" +# +# These files/directories will be created. +# +file_outside_share="/tmp/symlink_rename_test_file.$$" +dir_outside_share="/tmp/symlink_rename_test_dir.$$" +file_outside_share_noperms="/tmp/symlink_rename_test_file_noperm.$$" +dir_outside_share_noperms="/tmp/symlink_rename_test_dir_noperm.$$" +# +# These two objects do not exist. +# +file_outside_share_noexist="/tmp/symlink_rename_test_noexist.$$" +dir_outside_share_noexist="/tmp/symlink_rename_test_dir_noexist.$$" + +# +# Cleanup function. +# +do_cleanup() +{ +( +#subshell. +cd "$share_test_dir" || return +rm -f "file_exists" +rm -f "symlink_noexist" +rm -f "symlink_file_outside_share" +rm -f "symlink_file_outside_share_noexist" +rm -f "symlink_dir_outside_share" +rm -f "symlink_dir_outside_share_noexist" +rm -f "symlink_file_outside_share_noperms" +rm -f "symlink_dir_outside_share_noperms" +# Links inside share. +rm -f "symlink_file_inside_share_noperms" +rm -f "file_inside_share_noperms" +rm -f "symlink_dir_inside_share_noperms" +chmod 755 "dir_inside_share_noperms" +rm -rf "dir_inside_share_noperms" +) +rm -f "$file_outside_share" +rm -rf "$dir_outside_share" +rm -f "$file_outside_share_noperms" +rm -rf "$dir_outside_share_noperms" +} + +# +# Ensure we start from a clean slate. +# +do_cleanup + +# +# Create the test files/directories/symlinks. +# +# File/directory explicitly outside share. +touch "$file_outside_share" +mkdir "$dir_outside_share" +# File/directory explicitly outside share with permission denied. +touch "$file_outside_share_noperms" +chmod 0 "$file_outside_share_noperms" +mkdir "$dir_outside_share_noperms" +chmod 0 "$dir_outside_share_noperms" +# +# Create links to these objects inside the share definition. +( +#subshell. +cd "$share_test_dir" || return +# Source file for all renames. None of these should succeed. +touch "file_exists" +ln -s "noexist" "symlink_noexist" +ln -s "$file_outside_share" "symlink_file_outside_share" +ln -s "$file_outside_share_noexist" "symlink_file_outside_share_noexist" +ln -s "$dir_outside_share" "symlink_dir_outside_share" +ln -s "$dir_outside_share_noexist" "symlink_dir_outside_share_noexist" +ln -s "$file_outside_share_noperms" "symlink_file_outside_share_noperms" +ln -s "$dir_outside_share_noperms" "symlink_dir_outside_share_noperms" +# +# Create symlinks to access denied file and directory +# objects within the share +touch "file_inside_share_noperms" +chmod 0 "file_inside_share_noperms" +ln -s "file_inside_share_noperms" "symlink_file_inside_share_noperms" +mkdir "dir_inside_share_noperms" +touch "dir_inside_share_noperms/noperm_file_exists" +chmod 0 "dir_inside_share_noperms" +ln -s "dir_inside_share_noperms" "symlink_dir_inside_share_noperms" +) + +# +# smbclient function given command, path, expected error, and posix. +# +smbclient_expect_error() +{ + filecmd="$1" + filename1="$2" + filename2="$3" + expected_error="$4" + tmpfile=$PREFIX/smbclient_interactive_prompt_commands + cat > "$tmpfile" <<EOF +posix +$filecmd $filename1 $filename2 +quit +EOF + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/local_symlinks -I$SERVER_IP -mNT1 < $tmpfile 2>&1' + eval echo "$cmd" + out=$(eval "$cmd") + ret=$? + rm -f "$tmpfile" + + if [ $ret != 0 ] ; then + printf "%s\n" "$out" + printf "failed accessing local_symlinks with error %s\n" "$ret" + return 1 + fi + + if [ "$expected_error" = "NT_STATUS_OK" ] ; then + printf "%s" "$out" | grep -v "NT_STATUS_" + else + printf "%s" "$out" | grep "$expected_error" + fi + ret=$? + if [ $ret != 0 ] ; then + printf "%s\n" "$out" + printf "failed - should get %s doing posix \"%s %s %s\"\n" "$expected_error" "$filecmd" "$filename1" "$filename2" + return 1 + fi +} + +# +# SMB1+posix tests. +# +test_symlink_rename_SMB1_posix() +{ +# +# rename commands. +# As all the targets exist as symlinks, these should all fail. +# + smbclient_expect_error "rename" "file_exists" "symlink_noexist" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_file_outside_share" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_file_outside_share_noexist" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_dir_outside_share" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_dir_outside_share_noexist" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_file_outside_share_noperms" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_dir_outside_share_noperms" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_file_inside_share_noperms" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + smbclient_expect_error "rename" "file_exists" "symlink_dir_inside_share_noperms" "NT_STATUS_OBJECT_NAME_COLLISION" || return 1 + return 0 +} + +testit "symlink_rename_SMB1_posix" \ + test_symlink_rename_SMB1_posix || \ + failed=$((failed+1)) + +# +# Cleanup. +do_cleanup + +testok "$0" "$failed" diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 1746fbf2244..701be011f70 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -594,6 +594,11 @@ for env in ["fileserver"]: '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/local_symlinks', '$PREFIX', smbclient3]) + plantestsuite("samba3.blackbox.test_symlink_rename.SMB1.posix", env + "_smb1_done", + [os.path.join(samba3srcdir, "script/tests/test_symlink_rename_smb1_posix.sh"), + '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/local_symlinks', + '$PREFIX', smbclient3]) + # # tar command tests # |