mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp
We need to have the SPNs there before someone else nabs them, which makes the re-provisioned old releases different from the reference versions that we keep for this comparison. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall
Jule Anger
parent
0a555cf097
commit
55752c12cf
@ -1,4 +0,0 @@
|
|||||||
samba4.blackbox.dbcheck.release-4-0-0
|
|
||||||
samba4.blackbox.dbcheck.release-4-0-0.quick
|
|
||||||
samba4.blackbox.upgradeprovision.release-4-0-0
|
|
||||||
samba4.blackbox.functionalprep.check_databases_same
|
|
||||||
@ -42,19 +42,19 @@ upgradeprovision_full() {
|
|||||||
# really doesn't change anything.
|
# really doesn't change anything.
|
||||||
|
|
||||||
ldapcmp() {
|
ldapcmp() {
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_full() {
|
ldapcmp_full() {
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_sd() {
|
ldapcmp_sd() {
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_full_sd() {
|
ldapcmp_full_sd() {
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
|
||||||
}
|
}
|
||||||
|
|
||||||
testit "upgradeprovision" upgradeprovision
|
testit "upgradeprovision" upgradeprovision
|
||||||
|
|||||||
@ -483,13 +483,13 @@ referenceprovision() {
|
|||||||
|
|
||||||
ldapcmp() {
|
ldapcmp() {
|
||||||
if [ x$RELEASE = x"release-4-0-0" ]; then
|
if [ x$RELEASE = x"release-4-0-0" ]; then
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes,servicePrincipalName
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_sd() {
|
ldapcmp_sd() {
|
||||||
if [ x$RELEASE = x"release-4-0-0" ]; then
|
if [ x$RELEASE = x"release-4-0-0" ]; then
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --sd --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -72,7 +72,7 @@ provision_2012r2() {
|
|||||||
ldapcmp_ignore() {
|
ldapcmp_ignore() {
|
||||||
# At some point we will need to ignore, but right now, it should be perfect
|
# At some point we will need to ignore, but right now, it should be perfect
|
||||||
IGNORE_ATTRS=$1
|
IGNORE_ATTRS=$1
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2/private/sam.ldb tdb://$PREFIX_ABS/$3/private/sam.ldb --two --skip-missing-dn --filter msDS-SupportedEncryptionTypes
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2/private/sam.ldb tdb://$PREFIX_ABS/$3/private/sam.ldb --two --skip-missing-dn --filter msDS-SupportedEncryptionTypes,servicePrincipalName
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp() {
|
ldapcmp() {
|
||||||
|
|||||||
@ -182,12 +182,12 @@ referenceprovision() {
|
|||||||
|
|
||||||
ldapcmp() {
|
ldapcmp() {
|
||||||
if [ x$RELEASE != x"alpha13" ]; then
|
if [ x$RELEASE != x"alpha13" ]; then
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes,servicePrincipalName
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_full() {
|
ldapcmp_full() {
|
||||||
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade_full/private/sam.ldb --two --filter=dNSProperty,dnsRecord,cn,displayName,versionNumber,systemFlags,msDS-HasInstantiatedNCs --skip-missing-dn
|
$PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade_full/private/sam.ldb --two --filter=dNSProperty,dnsRecord,cn,displayName,versionNumber,systemFlags,msDS-HasInstantiatedNCs,servicePrincipalName --skip-missing-dn
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapcmp_sd() {
|
ldapcmp_sd() {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user