diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-02-07 09:48:37 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-20 10:03:44 +0100 |
commit | d9a20068a3dd9905763c5f5991eb8e555da94605 (patch) | |
tree | d301c91fdf6c905ca875957040082f8db0cdf64e | |
parent | 2ea5bbc269e3d7796247ccf428e082f383d51ec8 (diff) | |
download | samba-d9a20068a3dd9905763c5f5991eb8e555da94605.tar.gz |
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:
(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)
which, due to the extra characters, would fail to match anything.
Fix it to be:
(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rwxr-xr-x | source4/dsdb/tests/python/confidential_attr.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py index d5c7785485a..1c9c456917a 100755 --- a/source4/dsdb/tests/python/confidential_attr.py +++ b/source4/dsdb/tests/python/confidential_attr.py @@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon): self.assert_negative_searches(has_rights_to="all", samdb=self.ldb_admin) - def get_guid(self, dn): + def get_guid_string(self, dn): """Returns an object's GUID (in string format)""" res = self.ldb_admin.search(base=dn, attrs=["objectGUID"], scope=SCOPE_BASE) guid = res[0]['objectGUID'][0] - return self.ldb_admin.schema_format_value("objectGUID", guid) + return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8') def make_attr_preserve_on_delete(self): """Marks the attribute under test as being preserve on delete""" @@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon): # deleted objects, but only from this particular test run. We can do # this by matching lastKnownParent against this test case's OU, which # will match any deleted child objects. - ou_guid = self.get_guid(self.ou) + ou_guid = self.get_guid_string(self.ou) deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid) # the extra-filter will get combined via AND with the search expression |