1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00

CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test

The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:

(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)

which, due to the extra characters, would fail to match anything.

Fix it to be:

(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-02-07 09:48:37 +13:00 committed by Jule Anger
parent d096cd4ed9
commit a4193a7903

View File

@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
self.assert_negative_searches(has_rights_to="all", self.assert_negative_searches(has_rights_to="all",
samdb=self.ldb_admin) samdb=self.ldb_admin)
def get_guid(self, dn): def get_guid_string(self, dn):
"""Returns an object's GUID (in string format)""" """Returns an object's GUID (in string format)"""
res = self.ldb_admin.search(base=dn, attrs=["objectGUID"], res = self.ldb_admin.search(base=dn, attrs=["objectGUID"],
scope=SCOPE_BASE) scope=SCOPE_BASE)
guid = res[0]['objectGUID'][0] guid = res[0]['objectGUID'][0]
return self.ldb_admin.schema_format_value("objectGUID", guid) return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8')
def make_attr_preserve_on_delete(self): def make_attr_preserve_on_delete(self):
"""Marks the attribute under test as being preserve on delete""" """Marks the attribute under test as being preserve on delete"""
@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
# deleted objects, but only from this particular test run. We can do # deleted objects, but only from this particular test run. We can do
# this by matching lastKnownParent against this test case's OU, which # this by matching lastKnownParent against this test case's OU, which
# will match any deleted child objects. # will match any deleted child objects.
ou_guid = self.get_guid(self.ou) ou_guid = self.get_guid_string(self.ou)
deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid) deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)
# the extra-filter will get combined via AND with the search expression # the extra-filter will get combined via AND with the search expression