1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett 2023-08-07 11:56:56 +12:00 committed by Jule Anger
parent b644bb0665
commit 76b8d3edce
2 changed files with 13 additions and 0 deletions

View File

@ -0,0 +1 @@
^samba4.ldap.dirsync.python\(.*\).__main__.SimpleDirsyncTests.test_dirsync_unicodePwd

View File

@ -742,6 +742,18 @@ class SimpleDirsyncTests(DirsyncBaseTests):
self.assertEqual(guid2, guid)
self.assertEqual(str(res[0].dn), "")
def test_dirsync_unicodePwd(self):
res = self.ldb_admin.search(self.base_dn,
attrs=["unicodePwd", "supplementalCredentials", "samAccountName"],
expression="(samAccountName=krbtgt)",
controls=["dirsync:1:0:0"])
self.assertTrue(len(res) == 1)
# This form ensures this is a case insensitive comparison
self.assertTrue("samAccountName" in res[0])
self.assertTrue(res[0].get("samAccountName"))
self.assertTrue(res[0].get("unicodePwd") is None)
self.assertTrue(res[0].get("supplementalCredentials") is None)
if not getattr(opts, "listtests", False):
lp = sambaopts.get_loadparm()