From a4193a790354414542eb8d049b0f77b9005f51cb Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Tue, 7 Feb 2023 09:48:37 +1300 Subject: [PATCH] CVE-2023-0614 s4:dsdb:tests: Fix search in confidential attributes test The object returned by schema_format_value() is a bytes object. Therefore the search expression would resemble: (lastKnownParent=) which, due to the extra characters, would fail to match anything. Fix it to be: (lastKnownParent=) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- source4/dsdb/tests/python/confidential_attr.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py index d5c7785485a..1c9c456917a 100755 --- a/source4/dsdb/tests/python/confidential_attr.py +++ b/source4/dsdb/tests/python/confidential_attr.py @@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon): self.assert_negative_searches(has_rights_to="all", samdb=self.ldb_admin) - def get_guid(self, dn): + def get_guid_string(self, dn): """Returns an object's GUID (in string format)""" res = self.ldb_admin.search(base=dn, attrs=["objectGUID"], scope=SCOPE_BASE) guid = res[0]['objectGUID'][0] - return self.ldb_admin.schema_format_value("objectGUID", guid) + return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8') def make_attr_preserve_on_delete(self): """Marks the attribute under test as being preserve on delete""" @@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon): # deleted objects, but only from this particular test run. We can do # this by matching lastKnownParent against this test case's OU, which # will match any deleted child objects. - ou_guid = self.get_guid(self.ou) + ou_guid = self.get_guid_string(self.ou) deleted_filter = "(lastKnownParent=)".format(ou_guid) # the extra-filter will get combined via AND with the search expression