CVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible

As tested against Windows Server 1709

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/tests/python/asq.py b/source4/dsdb/tests/python/asq.py
index 1c93a45f131d8402e124080a8aec218e4188a69d..33973d66c374fa1f8d30828443fb4108cf85ebc7 100644 (file)
--- a/source4/dsdb/tests/python/asq.py
+++ b/source4/dsdb/tests/python/asq.py
@@ -189,6 +189,33 @@ class ASQLDAPTest(samba.tests.TestCase):
                 self.assertIn(ldb.Dn(self.ldb, str(group)),
                               self.members)
 
+    def test_asq_vlv_paged(self):
+        """Testing ASQ behaviour with VLV and paged_results set.
+
+        ASQ is very strange, it turns a BASE search into a search for
+        all the objects pointed to by the specified attribute,
+        returning multiple entries!
+
+        Thankfully combining both of these gives
+        unavailable-critical-extension against Windows 1709
+
+        """
+
+        sort_control = "server_sort:1:0:cn"
+
+        try:
+            msgs = self.ldb.search(base=self.top_dn,
+                                   scope=ldb.SCOPE_BASE,
+                                   attrs=["objectGUID", "cn", "member"],
+                                   controls=["asq:1:member",
+                                             sort_control,
+                                             "vlv:1:20:20:11:0",
+                                             "paged_results:1:1024"])
+            self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION")
+        except ldb.LdbError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION)
+
 if "://" not in url:
     if os.path.isfile(url):
         url = "tdb://%s" % url

diff --git a/source4/dsdb/tests/python/vlv.py b/source4/dsdb/tests/python/vlv.py
index bc07a53d57584244dd96e59810ed12d00e9819bc..ce7aa213c36f9f146e5aa003fbb85fa3a9da7cda 100644 (file)
--- a/source4/dsdb/tests/python/vlv.py
+++ b/source4/dsdb/tests/python/vlv.py
@@ -1644,6 +1644,29 @@ class PagedResultsTests(TestsWithUserOU):
                                        page_size=len(self.users))
         self.assertEqual(results, set_2[ps*2:])
 
+    def test_vlv_paged(self):
+        """Testing behaviour with VLV and paged_results set.
+
+        A strange combination, certainly
+
+        Thankfully combining both of these gives
+        unavailable-critical-extension against Windows 1709
+
+        """
+        sort_control = "server_sort:1:0:cn"
+
+        try:
+            msgs = self.ldb.search(base=self.base_dn,
+                                   scope=ldb.SCOPE_SUBTREE,
+                                   attrs=["objectGUID", "cn", "member"],
+                                   controls=["vlv:1:20:20:11:0",
+                                             sort_control,
+                                             "paged_results:1:1024"])
+            self.fail("should have failed with LDAP_UNAVAILABLE_CRITICAL_EXTENSION")
+        except ldb.LdbError as e:
+            (enum, estr) = e.args
+            self.assertEqual(enum, ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION)
+
 
 if "://" not in host:
     if os.path.isfile(host):