From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 18 Aug 2018 13:01:59 +0000 (+0300)
Subject: CVE-2018-16853: Add a test to verify s4u2self doesn't crash
X-Git-Tag: ldb-1.2.4~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03607d79e358c664bcf25a5304684dccb49b3ffe;p=thirdparty%2Fsamba.git

CVE-2018-16853: Add a test to verify s4u2self doesn't crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh
index 35c08b0c866..f1567caa3a1 100755
--- a/testprogs/blackbox/test_kinit_mit.sh
+++ b/testprogs/blackbox/test_kinit_mit.sh
@@ -24,6 +24,7 @@ samba_srcdir="$SRCDIR/source4"
 samba_kinit=kinit
 samba_kdestroy=kdestroy
 samba_kpasswd=kpasswd
+samba_kvno=kvno
 
 samba_tool="$samba_bindir/samba-tool"
 samba_texpect="$samba_bindir/texpect"
@@ -299,6 +300,17 @@ test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes ||
 
 testit "reset password policies" $VALGRIND $samba_tool domain passwordsettings $ADMIN_LDBMODIFY_CONFIG set --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
 
+###########################################################
+### Test basic s4u2self request
+###########################################################
+
+# Use previous acquired machine creds to request a ticket for self.
+# We expect it to fail for now.
+MACHINE_ACCOUNT="$(hostname -s | tr [a-z] [A-Z])\$@$REALM"
+$samba_kvno -U$MACHINE_ACCOUNT $MACHINE_ACCOUNT
+# But we expect the KDC to be up and running still
+testit "kinit with machineaccountccache after s4u2self" $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
+
 ### Cleanup
 
 $samba_kdestroy