CVE-2020-25717: selftest: Add ad_member_no_nss_wb environment

author Samuel Cabrero <scabrero@samba.org>

Tue, 5 Oct 2021 10:31:29 +0000 (12:31 +0200)

committer Jule Anger <janger@samba.org>

Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
author Samuel Cabrero <scabrero@samba.org>
Tue, 5 Oct 2021 10:31:29 +0000 (12:31 +0200)
committer Jule Anger <janger@samba.org>
Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm

index 10353008b888de5fc26612a8a029acda07e0a61e..69e6dcee591003354f0ed7e77049d6360cb93f27 100644 (file)
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -610,6 +610,7 @@ sub get_interface($)
                 fipsadmember      => 57,
                 offlineadmem      => 58,
                 s2kmember         => 59,
+               admemnonsswb      => 60,
  
                 rootdnsforwarder  => 64,
  
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm

index 8ecfc1aaf82d6e1310ec2ff9633b55c7b491a25c..a04df4e7ae670be87df5447181c87801e0fe7430 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -240,6 +240,7 @@ sub check_env($$)
         ad_member_fips      => ["ad_dc_fips"],
         ad_member_offlogon  => ["ad_dc"],
         ad_member_oneway    => ["fl2000dc"],
+       ad_member_no_nss_wb => ["ad_dc"],
  
         clusteredmember => ["nt4_dc"],
  );
@@ -653,8 +654,15 @@ sub provision_ad_member
             $dcvars,
             $trustvars_f,
             $trustvars_e,
+           $extra_member_options,
             $force_fips_mode,
-           $offline_logon) = @_;
+           $offline_logon,
+           $no_nss_winbind) = @_;
+
+       if (defined($offline_logon) && defined($no_nss_winbind)) {
+               warn ("Offline logon incompatible with no nss winbind\n");
+               return undef;
+       }
  
         my $prefix_abs = abs_path($prefix);
         my @dirs = ();
@@ -696,6 +704,10 @@ sub provision_ad_member
                 $netbios_aliases = "netbios aliases = foo bar";
         }
  
+       unless (defined($extra_member_options)) {
+               $extra_member_options = "";
+       }
+
         my $member_options = "
         security = ads
          workgroup = $dcvars->{DOMAIN}
@@ -719,6 +731,10 @@ sub provision_ad_member
         rpc_daemon:epmd = fork
         rpc_daemon:lsasd = fork
  
+       # Begin extra member options
+       $extra_member_options
+       # End extra member options
+
  [sub_dug]
         path = $share_dir/D_%D/U_%U/G_%G
         writeable = yes
@@ -920,6 +936,11 @@ sub provision_ad_member
                 $ENV{SOCKET_WRAPPER_DIR} = $swrap_env;
  
         } else {
+               if (defined($no_nss_winbind)) {
+                       $ret->{NSS_WRAPPER_MODULE_SO_PATH} = "";
+                       $ret->{NSS_WRAPPER_MODULE_FN_PREFIX} = "";
+               }
+
                 if (not $self->check_or_start(
                         env_vars => $ret,
                         nmbd => "yes",
@@ -1398,6 +1419,7 @@ sub setup_ad_member_fips
                                           $dcvars,
                                           $trustvars_f,
                                           $trustvars_e,
+                                         undef,
                                           1);
  }
  
@@ -1422,9 +1444,48 @@ sub setup_ad_member_offlogon
                                           $trustvars_f,
                                           $trustvars_e,
                                           undef,
+                                         undef,
                                           1);
  }
  
+sub setup_ad_member_no_nss_wb
+{
+       my ($self,
+           $prefix,
+           $dcvars,
+           $trustvars_f,
+           $trustvars_e) = @_;
+
+       # If we didn't build with ADS, pretend this env was never available
+       if (not $self->have_ads()) {
+               return "UNKNOWN";
+       }
+
+       print "PROVISIONING AD MEMBER WITHOUT NSS WINBIND...";
+
+       my $extra_member_options = "
+       username map = $prefix/lib/username.map
+";
+
+       my $ret = $self->provision_ad_member($prefix,
+                                            "ADMEMNONSSWB",
+                                            $dcvars,
+                                            $trustvars_f,
+                                            $trustvars_e,
+                                            $extra_member_options,
+                                            undef,
+                                            undef,
+                                            1);
+
+       open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
+       print USERMAP "
+root = $dcvars->{DOMAIN}/root
+";
+       close(USERMAP);
+
+       return $ret;
+}
+
  sub setup_simpleserver
  {
         my ($self, $path) = @_;
author	Samuel Cabrero <scabrero@samba.org>
	Tue, 5 Oct 2021 10:31:29 +0000 (12:31 +0200)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
selftest/target/Samba.pm		patch \| blob \| history
selftest/target/Samba3.pm		patch \| blob \| history