diff options
| author | Tim Beale <timbeale@catalyst.net.nz> | 2018-07-09 15:57:59 +1200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2018-08-11 08:16:01 +0200 |
| commit | 77421f33f853aed254ed67a6541f86e4070c4128 (patch) | |
| tree | f929b61335b7130fee8f3bc12e22ee6c90070a5c /nsswitch | |
| parent | a81f32e73026c02491983a3136834c3c72d1d03f (diff) | |
| download | samba-77421f33f853aed254ed67a6541f86e4070c4128.tar.gz | |
CVE-2018-10919 tests: Add tests for guessing confidential attributes
Adds tests that assert that a confidential attribute cannot be guessed
by an unprivileged user through wildcard DB searches.
The tests basically consist of a set of DB searches/assertions that
get run for:
- basic searches against a confidential attribute
- confidential attributes that get overridden by giving access to the
user via an ACE (run against a variety of ACEs)
- protecting a non-confidential attribute via an ACL that denies read-
access (run against a variety of ACEs)
- querying confidential attributes via the dirsync controls
These tests all pass when run against a Windows Dc and all fail against
a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Diffstat (limited to 'nsswitch')
0 files changed, 0 insertions, 0 deletions