aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRalph Boehme <slow@samba.org>2018-02-15 12:43:09 +0100
committerKarolin Seeger <kseeger@samba.org>2018-03-12 10:05:43 +0100
commit429a17f9b034fcdb4711d2405079c62b9af4b987 (patch)
tree12690dcc7ca173a980044d0225d3dc1fda8fe17e
parent189d12940caffa66e6a11e226591bb2a20d4fa34 (diff)
downloadsamba-429a17f9b034fcdb4711d2405079c62b9af4b987.tar.gz
samba-429a17f9b034fcdb4711d2405079c62b9af4b987.tar.xz
samba-429a17f9b034fcdb4711d2405079c62b9af4b987.zip
CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
Note that the request using the clearTextPassword attribute for the password change is already correctly rejected by the server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--selftest/knownfail.d/samba4.ldap.passwords.python2
-rwxr-xr-xsource4/dsdb/tests/python/passwords.py49
2 files changed, 51 insertions, 0 deletions
diff --git a/selftest/knownfail.d/samba4.ldap.passwords.python b/selftest/knownfail.d/samba4.ldap.passwords.python
new file mode 100644
index 00000000000..343c5a7867d
--- /dev/null
+++ b/selftest/knownfail.d/samba4.ldap.passwords.python
@@ -0,0 +1,2 @@
+samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_userPassword
+samba4.ldap.passwords.python.*.__main__.PasswordTests.test_pw_change_delete_no_value_unicodePwd
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index db013ea46ad..be1f34d2312 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -1020,6 +1020,55 @@ userPassword: thatsAcomplPASS4
# Reset the "minPwdLength" as it was before
self.ldb.set_minPwdLength(minPwdLength)
+ def test_pw_change_delete_no_value_userPassword(self):
+ """Test password change with userPassword where the delete attribute doesn't have a value"""
+
+ try:
+ self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: userPassword
+add: userPassword
+userPassword: thatsAcomplPASS1
+""")
+ except LdbError, (num, msg):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ else:
+ self.fail()
+
+ def test_pw_change_delete_no_value_clearTextPassword(self):
+ """Test password change with clearTextPassword where the delete attribute doesn't have a value"""
+
+ try:
+ self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: clearTextPassword
+add: clearTextPassword
+clearTextPassword: thatsAcomplPASS2
+""")
+ except LdbError, (num, msg):
+ self.assertTrue(num == ERR_CONSTRAINT_VIOLATION or
+ num == ERR_NO_SUCH_ATTRIBUTE) # for Windows
+ else:
+ self.fail()
+
+ def test_pw_change_delete_no_value_unicodePwd(self):
+ """Test password change with unicodePwd where the delete attribute doesn't have a value"""
+
+ try:
+ self.ldb2.modify_ldif("""
+dn: cn=testuser,cn=users,""" + self.base_dn + """
+changetype: modify
+delete: unicodePwd
+add: unicodePwd
+unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS3\"".encode('utf-16-le')) + """
+""")
+ except LdbError, (num, msg):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+ else:
+ self.fail()
+
def tearDown(self):
super(PasswordTests, self).tearDown()
delete_force(self.ldb, "cn=testuser,cn=users," + self.base_dn)