sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

CVE-2020-25722 selftest: Allow self.assertRaisesLdbError() to take a list of errors to match with

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2021-10-22 22:40:06 +13:00 committed by Jule Anger
parent 7196ae9d9a
commit bcd8f88fe5
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
python/samba/tests/__init__.py
View File

@ -21,6 +21,7 @@ from __future__ import print_function
import os import os
import tempfile import tempfile
import warnings import warnings
import collections
import ldb import ldb
import samba import samba
from samba import param from samba import param
@ -196,23 +197,32 @@ class TestCase(unittest.TestCase):
f(*args, **kwargs) f(*args, **kwargs)
except ldb.LdbError as e: except ldb.LdbError as e:
(num, msg) = e.args (num, msg) = e.args
if num != errcode: if isinstance(errcode, collections.abc.Container):
found = num in errcode
else:
found = num == errcode
if not found:
lut = {v: k for k, v in vars(ldb).items() lut = {v: k for k, v in vars(ldb).items()
if k.startswith('ERR_') and isinstance(v, int)} if k.startswith('ERR_') and isinstance(v, int)}
self.fail("%s, expected " if isinstance(errcode, collections.abc.Container):
"LdbError %s, (%d) " errcode_name = ' '.join(lut.get(x) for x in errcode)
"got %s (%d) " else:
"%s" % (message, errcode_name = lut.get(errcode)
lut.get(errcode), errcode, self.fail(f"{message}, expected "
lut.get(num), num, f"LdbError {errcode_name}, {errcode} "
msg)) f"got {lut.get(num)} ({num}) "
f"{msg}")
else: else:
lut = {v: k for k, v in vars(ldb).items() lut = {v: k for k, v in vars(ldb).items()
if k.startswith('ERR_') and isinstance(v, int)} if k.startswith('ERR_') and isinstance(v, int)}
if isinstance(errcode, collections.abc.Container):
errcode_name = ' '.join(lut.get(x) for x in errcode)
else:
errcode_name = lut.get(errcode)
self.fail("%s, expected " self.fail("%s, expected "
"LdbError %s, (%d) " "LdbError %s, (%s) "
"but we got success" % (message, "but we got success" % (message,
lut.get(errcode), errcode_name,
errcode)) errcode))

2
selftest/knownfail.d/uac_objectclass_restrict
View File

@ -20,8 +20,6 @@
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_NORMAL_ACCOUNT_user_replace\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_NORMAL_ACCOUNT_user_replace\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_SERVER_TRUST_ACCOUNT_computer_replace\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_SERVER_TRUST_ACCOUNT_computer_replace\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_WORKSTATION_TRUST_ACCOUNT_computer_replace\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_mod_lock_UF_WORKSTATION_TRUST_ACCOUNT_computer_replace\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_set_UF_SERVER_TRUST_ACCOUNT\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_set_UF_WORKSTATION_TRUST_ACCOUNT\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_unrelated_modify_UF_NORMAL_ACCOUNT\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_unrelated_modify_UF_NORMAL_ACCOUNT\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_unrelated_modify_UF_WORKSTATION_TRUST_ACCOUNT\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_uac_bits_unrelated_modify_UF_WORKSTATION_TRUST_ACCOUNT\(ad_dc_default\)
^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_uac_mod_lock_UF_NORMAL_ACCOUNT_UF_SERVER_TRUST_ACCOUNT_deladd_priv\(ad_dc_default\) ^samba4.user_account_control.python\(ad_dc_default\).__main__.UserAccountControlTests.test_objectclass_uac_mod_lock_UF_NORMAL_ACCOUNT_UF_SERVER_TRUST_ACCOUNT_deladd_priv\(ad_dc_default\)

5
source4/dsdb/tests/python/user_account_control.py
View File

@ -594,6 +594,9 @@ class UserAccountControlTests(samba.tests.TestCase):
if (bit in priv_bits): if (bit in priv_bits):
self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s), on %s" self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s), on %s"
% (bit, bit_str, m.dn)) % (bit, bit_str, m.dn))
if (bit in account_types and bit != UF_NORMAL_ACCOUNT):
self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s), on %s"
% (bit, bit_str, m.dn))
except LdbError as e: except LdbError as e:
(enum, estr) = e.args (enum, estr) = e.args
if bit in invalid_bits: if bit in invalid_bits:
@ -601,6 +604,8 @@ class UserAccountControlTests(samba.tests.TestCase):
ldb.ERR_OTHER, ldb.ERR_OTHER,
"was not able to set 0x%08X (%s) on %s" "was not able to set 0x%08X (%s) on %s"
% (bit, bit_str, m.dn)) % (bit, bit_str, m.dn))
elif (bit in account_types):
self.assertIn(enum, [ldb.ERR_OBJECT_CLASS_VIOLATION, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS])
elif (bit in priv_bits): elif (bit in priv_bits):
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum) self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
else: else: