CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/selftest/knownfail b/selftest/knownfail
index 104ddbd4029771cdc40b0ca0620e9ce95aff4480..ac374c0dab1d5d4f0a7f6afbf12a9c2b6f5bb81a 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -16,6 +16,7 @@
 ^samba3.smbtorture_s3.plain\(dc\).UID-REGRESSION-TEST # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server
+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 786b52ab217120d25aaf7210feaae50ba1f1fb93..abd9b3ff0b841cf587e4afdb59c7c0b6956ed0fd 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -79,7 +79,7 @@ tests = ["RW1", "RW2", "RW3"]
 for t in tests:
     plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
 
-posix_tests = ["POSIX", "POSIX-APPEND"]
+posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"]
 
 for t in posix_tests:
     plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 2e66912a9422316b6c4f4947eba26342ac2332bb..82ff1ca236d1cc5dcd5f5150edab79982b10ace5 100644 (file)
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5754,6 +5754,203 @@ static bool run_simple_posix_open_test(int dummy)
        return correct;
 }
 
+/*
+ Test POSIX and Windows ACLs are rejected on symlinks.
+ */
+static bool run_acl_symlink_test(int dummy)
+{
+       static struct cli_state *cli;
+       const char *fname = "posix_file";
+       const char *sname = "posix_symlink";
+       uint16_t fnum = (uint16_t)-1;
+       bool correct = false;
+       NTSTATUS status;
+       char *posix_acl = NULL;
+       size_t posix_acl_len = 0;
+       char *posix_acl_sym = NULL;
+       size_t posix_acl_len_sym = 0;
+       struct security_descriptor *sd = NULL;
+       struct security_descriptor *sd_sym = NULL;
+       TALLOC_CTX *frame = NULL;
+
+       frame = talloc_stackframe();
+
+       printf("Starting acl symlink test\n");
+
+       if (!torture_open_connection(&cli, 0)) {
+               TALLOC_FREE(frame);
+               return false;
+       }
+
+       smbXcli_conn_set_sockopt(cli->conn, sockops);
+
+       status = torture_setup_unix_extensions(cli);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return false;
+       }
+
+       cli_setatr(cli, fname, 0, 0);
+       cli_posix_unlink(cli, fname);
+       cli_setatr(cli, sname, 0, 0);
+       cli_posix_unlink(cli, sname);
+
+       status = cli_ntcreate(cli,
+                       fname,
+                       0,
+                       READ_CONTROL_ACCESS,
+                       0,
+                       FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+                       FILE_CREATE,
+                       0x0,
+                       0x0,
+                       &fnum,
+                       NULL);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("cli_ntcreate of %s failed (%s)\n",
+                       fname,
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Get the Windows ACL on the file. */
+       status = cli_query_secdesc(cli,
+                               fnum,
+                               frame,
+                               &sd);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("cli_query_secdesc failed (%s)\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Get the POSIX ACL on the file. */
+       status = cli_posix_getacl(cli,
+                               fname,
+                               frame,
+                               &posix_acl_len,
+                               &posix_acl);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("cli_posix_getacl failed (%s)\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       status = cli_close(cli, fnum);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("close failed (%s)\n", nt_errstr(status));
+               goto out;
+       }
+       fnum = (uint16_t)-1;
+
+       /* Now create a symlink. */
+       status = cli_posix_symlink(cli, fname, sname);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("cli_posix_symlink of %s -> %s failed (%s)\n",
+                       sname,
+                       fname,
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Open a handle on the symlink. */
+       status = cli_ntcreate(cli,
+                       sname,
+                       0,
+                       READ_CONTROL_ACCESS|SEC_STD_WRITE_DAC,
+                       0,
+                       FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+                       FILE_OPEN,
+                       0x0,
+                       0x0,
+                       &fnum,
+                       NULL);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("cli_posix_open of %s failed (%s)\n",
+                       sname,
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Get the Windows ACL on the symlink handle. Should fail */
+       status = cli_query_secdesc(cli,
+                               fnum,
+                               frame,
+                               &sd_sym);
+
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               printf("cli_query_secdesc on a symlink gave %s. "
+                       "Should be NT_STATUS_ACCESS_DENIED.\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Get the POSIX ACL on the symlink pathname. Should fail. */
+       status = cli_posix_getacl(cli,
+                               sname,
+                               frame,
+                               &posix_acl_len_sym,
+                               &posix_acl_sym);
+
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               printf("cli_posix_getacl on a symlink gave %s. "
+                       "Should be NT_STATUS_ACCESS_DENIED.\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Set the Windows ACL on the symlink handle. Should fail */
+       status = cli_set_security_descriptor(cli,
+                               fnum,
+                               SECINFO_DACL,
+                               sd);
+
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               printf("cli_query_secdesc on a symlink gave %s. "
+                       "Should be NT_STATUS_ACCESS_DENIED.\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       /* Set the POSIX ACL on the symlink pathname. Should fail. */
+       status = cli_posix_setacl(cli,
+                               sname,
+                               posix_acl,
+                               posix_acl_len);
+
+       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               printf("cli_posix_getacl on a symlink gave %s. "
+                       "Should be NT_STATUS_ACCESS_DENIED.\n",
+                       nt_errstr(status));
+               goto out;
+       }
+
+       printf("ACL symlink test passed\n");
+       correct = true;
+
+  out:
+
+       if (fnum != (uint16_t)-1) {
+               cli_close(cli, fnum);
+               fnum = (uint16_t)-1;
+       }
+
+       cli_setatr(cli, sname, 0, 0);
+       cli_posix_unlink(cli, sname);
+       cli_setatr(cli, fname, 0, 0);
+       cli_posix_unlink(cli, fname);
+
+       if (!torture_close_connection(cli)) {
+               correct = false;
+       }
+
+       TALLOC_FREE(frame);
+       return correct;
+}
+
 
 static uint32 open_attrs_table[] = {
                FILE_ATTRIBUTE_NORMAL,
@@ -9458,6 +9655,7 @@ static struct {
        {"OPEN", run_opentest, 0},
        {"POSIX", run_simple_posix_open_test, 0},
        {"POSIX-APPEND", run_posix_append, 0},
+       {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0},
        {"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0},
        {"ASYNC-ECHO", run_async_echo, 0},
        { "UID-REGRESSION-TEST", run_uid_regression_test, 0},