mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
b644bb0665
commit
76b8d3edce
1
selftest/knownfail.d/dirsync
Normal file
1
selftest/knownfail.d/dirsync
Normal file
@ -0,0 +1 @@
|
||||
^samba4.ldap.dirsync.python\(.*\).__main__.SimpleDirsyncTests.test_dirsync_unicodePwd
|
@ -742,6 +742,18 @@ class SimpleDirsyncTests(DirsyncBaseTests):
|
||||
self.assertEqual(guid2, guid)
|
||||
self.assertEqual(str(res[0].dn), "")
|
||||
|
||||
def test_dirsync_unicodePwd(self):
|
||||
res = self.ldb_admin.search(self.base_dn,
|
||||
attrs=["unicodePwd", "supplementalCredentials", "samAccountName"],
|
||||
expression="(samAccountName=krbtgt)",
|
||||
controls=["dirsync:1:0:0"])
|
||||
|
||||
self.assertTrue(len(res) == 1)
|
||||
# This form ensures this is a case insensitive comparison
|
||||
self.assertTrue("samAccountName" in res[0])
|
||||
self.assertTrue(res[0].get("samAccountName"))
|
||||
self.assertTrue(res[0].get("unicodePwd") is None)
|
||||
self.assertTrue(res[0].get("supplementalCredentials") is None)
|
||||
|
||||
if not getattr(opts, "listtests", False):
|
||||
lp = sambaopts.get_loadparm()
|
||||
|
Loading…
Reference in New Issue
Block a user