CVE-2018-10919 tests: Add test case for object visibility with limited rights
commit9eb8340e328757b1a1c6238f47d2a2404f7fbe38
authorTim Beale <timbeale@catalyst.net.nz>
Tue, 24 Jul 2018 22:08:34 +0000 (25 10:08 +1200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 14 Aug 2018 11:57:16 +0000 (14 13:57 +0200)
tree19c3333bbf6d4e46dbfbeb882e179634bd92be8a
parent375f48f779fd6c62080efb03949cc25fa9515c3b
CVE-2018-10919 tests: Add test case for object visibility with limited rights

Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e.
attribute=*) searches compared to Windows.

All the acl.py tests are based on objectClass=* searches, where Windows
will happily tell a user about objects they have List Contents rights,
but not Read Property rights for. However, if you change the attribute
being searched for, suddenly the objects are no longer visible on
Windows (whereas they are on Samba).

This is a problem, because Samba can tell you about which objects have
confidential attributes, which in itself could be disclosive.

This patch adds a acl.py test-case that highlights this behaviour. The
test passes against Windows but fails against Samba.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
selftest/knownfail.d/acl [new file with mode: 0644]
source4/dsdb/tests/python/acl.py