CVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ

Tested against Windows 1709.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/tests/python/asq.py b/source4/dsdb/tests/python/asq.py
index a32c9f40cd38d73424baab51a6cddc6057121653..1c93a45f131d8402e124080a8aec218e4188a69d 100644 (file)
--- a/source4/dsdb/tests/python/asq.py
+++ b/source4/dsdb/tests/python/asq.py
@@ -162,6 +162,33 @@ class ASQLDAPTest(samba.tests.TestCase):
                 self.assertIn(ldb.Dn(self.ldb, str(group)),
                               self.members)
 
+    def test_asq_vlv(self):
+        """Testing ASQ behaviour with VLV set.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        """
+
+        sort_control = "server_sort:1:0:cn"
+
+        msgs = self.ldb.search(base=self.top_dn,
+                               scope=ldb.SCOPE_BASE,
+                               attrs=["objectGUID", "cn", "member"],
+                               controls=["asq:1:member",
+                                         sort_control,
+                                         "vlv:1:20:20:11:0"])
+
+        self.assertEqual(len(msgs), 20)
+
+        for msg in msgs:
+            self.assertNotEqual(msg.dn, self.top_dn)
+            self.assertIn(msg.dn, self.members2)
+            for group in msg["member"]:
+                self.assertIn(ldb.Dn(self.ldb, str(group)),
+                              self.members)
+
 if "://" not in url:
     if os.path.isfile(url):
         url = "tdb://%s" % url