CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete

Note that the request using the clearTextPassword attribute for the password change is already correctly rejected by the server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2018-02-15 12:43:09 +0100
committer: Stefan Metzmacher <metze@samba.org> 2018-03-13 10:23:09 +0100
commit: ccb38e965a2bfa875b5988e160924946dd437662 (patch)
tree: 0546093f47624c4a7ee0ebdc50cf57001ecbfc9b /source4/dsdb
parent: 60c7969e20ddc72d1d2a9dd1bd116d47df07ab02 (diff)
download: samba-ccb38e965a2bfa875b5988e160924946dd437662.tar.gz
1 files changed, 49 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index db013ea46ad..be1f34d2312 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -1020,6 +1020,55 @@ userPassword: thatsAcomplPASS4
         # Reset the "minPwdLength" as it was before
         self.ldb.set_minPwdLength(minPwdLength)
 
+    def test_pw_change_delete_no_value_userPassword(self):
+        """Test password change with userPassword where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+        except LdbError, (num, msg):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
+    def test_pw_change_delete_no_value_clearTextPassword(self):
+        """Test password change with clearTextPassword where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+add: clearTextPassword
+clearTextPassword: thatsAcomplPASS2
+""")
+        except LdbError, (num, msg):
+            self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+                            num == ERR_NO_SUCH_ATTRIBUTE) # for Windows
+        else:
+            self.fail()
+
+    def test_pw_change_delete_no_value_unicodePwd(self):
+        """Test password change with unicodePwd where the delete attribute doesn't have a value"""
+
+        try:
+            self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')) + """
+""")
+        except LdbError, (num, msg):
+            self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
     def tearDown(self):
         super(PasswordTests, self).tearDown()
         delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)
author	Ralph Boehme <slow@samba.org>	2018-02-15 12:43:09 +0100
committer	Stefan Metzmacher <metze@samba.org>	2018-03-13 10:23:09 +0100
commit	ccb38e965a2bfa875b5988e160924946dd437662 (patch)
tree	0546093f47624c4a7ee0ebdc50cf57001ecbfc9b /source4/dsdb
parent	60c7969e20ddc72d1d2a9dd1bd116d47df07ab02 (diff)
download	samba-ccb38e965a2bfa875b5988e160924946dd437662.tar.gz