CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/selftest/knownfail.d/CVE-2019-10197 b/selftest/knownfail.d/CVE-2019-10197
new file mode 100644 (file)
index 0000000..f7056bb
--- /dev/null
+++ b/selftest/knownfail.d/CVE-2019-10197
@@ -0,0 +1 @@
+^samba3.blackbox.smbclient_s3.*.noperm.share.regression

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 5e9daf3eec4698a41210a6af5299a918122f67cc..22e5035b0794b212a63870a50d99d56687747720 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1450,6 +1450,9 @@ sub provision($$$$$$$$$)
        my $ro_shrdir="$shrdir/root-tmp";
        push(@dirs,$ro_shrdir);
 
+       my $noperm_shrdir="$shrdir/noperm-tmp";
+       push(@dirs,$noperm_shrdir);
+
        my $msdfs_shrdir="$shrdir/msdfsshare";
        push(@dirs,$msdfs_shrdir);
 
@@ -1520,6 +1523,11 @@ sub provision($$$$$$$$$)
        chmod 0755, $piddir;
 
 
+       ##
+       ## Create a directory without permissions to enter
+       ##
+       chmod 0000, $noperm_shrdir;
+
        ##
        ## create ro and msdfs share layout
        ##
@@ -1828,6 +1836,10 @@ sub provision($$$$$$$$$)
 [ro-tmp]
        path = $ro_shrdir
        guest ok = yes
+[noperm]
+       path = $noperm_shrdir
+       wide links = yes
+       guest ok = yes
 [write-list-tmp]
        path = $shrdir
         read only = yes

diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index bf033ccd2fbf6bbbb5bbf09b4701b92d9a46e5b3..0bae1d78fac981849be6494838eeb8956291f1b7 100755 (executable)
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -1329,6 +1329,32 @@ EOF
     fi
 }
 
+#
+# Regression test for CVE-2019-10197
+# we should always get ACCESS_DENIED
+#
+test_noperm_share_regression()
+{
+    cmd='$SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/noperm -I $SERVER_IP $LOCAL_ADDARGS -c "ls;ls"  2>&1'
+    eval echo "$cmd"
+    out=`eval $cmd`
+    ret=$?
+    if [ $ret -eq 0 ] ; then
+       echo "$out"
+       echo "failed accessing no perm share should not work"
+       return 1
+    fi
+
+    num=`echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' | wc -l`
+    if [ "$num" -ne "2" ] ; then
+       echo "$out"
+       echo "failed num[$num] - two NT_STATUS_ACCESS_DENIED lines expected"
+       return 1
+    fi
+
+    return 0
+}
+
 # Test smbclient deltree command
 test_deltree()
 {
@@ -1857,6 +1883,10 @@ testit "follow local symlinks" \
     test_local_symlinks || \
     failed=`expr $failed + 1`
 
+testit "noperm share regression" \
+    test_noperm_share_regression || \
+    failed=`expr $failed + 1`
+
 testit "smbclient deltree command" \
     test_deltree || \
     failed=`expr $failed + 1`