CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

author Andrew Bartlett <abartlet@samba.org>

Thu, 21 Mar 2019 04:21:58 +0000 (17:21 +1300)

committer Karolin Seeger <kseeger@samba.org>

Mon, 8 Apr 2019 10:27:34 +0000 (10:27 +0000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 21 Mar 2019 04:21:58 +0000 (17:21 +1300)
committer Karolin Seeger <kseeger@samba.org>
Mon, 8 Apr 2019 10:27:34 +0000 (10:27 +0000)
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py

index b6689dcd515586dc2454b31d3090541b619c9d14..d92299187f391c31e9848fe3dbed4825e554abe8 100644 (file)
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -111,6 +111,12 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
  
          dirpath = os.path.join(self.service_root, 'a-dir')
          smbd.mkdir(dirpath, self.service)
+        mode = os.stat(dirpath).st_mode
+
+        # This works in conjunction with the TEST_UMASK in smbd_base
+        # to ensure that permissions are not related to the umask
+        # but instead the smb.conf settings
+        self.assertEquals(mode & 0o777, 0o755)
          self.assertTrue(os.path.isdir(dirpath))
  
      def test_smbd_create_file(self):
@@ -122,6 +128,13 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
          smbd.create_file(filepath, self.service)
          self.assertTrue(os.path.isfile(filepath))
  
+        mode = os.stat(filepath).st_mode
+
+        # This works in conjunction with the TEST_UMASK in smbd_base
+        # to ensure that permissions are not related to the umask
+        # but instead the smb.conf settings
+        self.assertEquals(mode & 0o777, 0o644)
+
          # As well as checking that unlink works, this removes the
          # fake xattrs from the dev/inode based DB
          smbd.unlink(filepath, self.service)
diff --git a/python/samba/tests/smbd_base.py b/python/samba/tests/smbd_base.py

index 4e5c3641e2c11f5656d3200ea92558ad97b5c672..b49bcc0828f8094dc2fff733fc693e21b9a1a274 100644 (file)
--- a/python/samba/tests/smbd_base.py
+++ b/python/samba/tests/smbd_base.py
@@ -17,7 +17,7 @@
  from samba.tests import TestCaseInTempDir
  import os
  
-TEST_UMASK = 0o022
+TEST_UMASK = 0o042
  
  class SmbdBaseTests(TestCaseInTempDir):
  
diff --git a/selftest/knownfail.d/pymkdir-umask b/selftest/knownfail.d/pymkdir-umask

new file mode 100644 (file)

index 0000000..5af01be
--- /dev/null
+++ b/selftest/knownfail.d/pymkdir-umask
@@ -0,0 +1 @@
+^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_mkdir
+\ No newline at end of file
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 21 Mar 2019 04:21:58 +0000 (17:21 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 8 Apr 2019 10:27:34 +0000 (10:27 +0000)
python/samba/tests/ntacls_backup.py		patch \| blob \| history
python/samba/tests/smbd_base.py		patch \| blob \| history
selftest/knownfail.d/pymkdir-umask	[new file with mode: 0644]	patch \| blob