1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start

Rather than fail, if the last run failed to reset things, just force
the DC into the required state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett 2023-08-07 14:44:28 +12:00 committed by Jule Anger
parent 649bccf87e
commit 8a9dac9d4e

View File

@ -136,10 +136,12 @@ class ConfidentialAttrCommon(samba.tests.TestCase):
# sanity-check the flag is not already set (this'll cause problems if
# previous test run didn't clean up properly)
search_flags = self.get_attr_search_flags(self.attr_dn)
self.assertEqual(0, int(search_flags) & SEARCH_FLAG_CONFIDENTIAL,
"{0} searchFlags already {1}".format(self.conf_attr,
search_flags))
search_flags = int(self.get_attr_search_flags(self.attr_dn))
if search_flags & SEARCH_FLAG_CONFIDENTIAL:
self.set_attr_search_flags(self.attr_dn, str(search_flags &~ SEARCH_FLAG_CONFIDENTIAL))
search_flags = int(self.get_attr_search_flags(self.attr_dn))
self.assertEqual(0, search_flags & SEARCH_FLAG_CONFIDENTIAL,
f"{self.conf_attr} searchFlags did not reset to omit SEARCH_FLAG_CONFIDENTIAL ({search_flags})")
def add_attr(self, dn, attr, value):
m = Message()