python:gp_cert_auto_enrol: fix GUID stringification

We were using some broken ad-hoc unpacking to do what the ndr
unpacker does perfectly well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15839

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Mar 25 05:21:49 UTC 2025 on atb-devel-224

(cherry picked from commit 47ff42232048c008a7b361a948e5ac79311b5458)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Apr 17 12:49:13 UTC 2025 on atb-devel-224

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 9b743cb7f9baa946cff24efd4966d58d3f2f91c5..877659b043edfedf64d7853e0a97cab38171ae60 100644 (file)
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -19,6 +19,9 @@ import operator
 import requests
 from samba.gp.gpclass import gp_pol_ext, gp_applier, GPOSTATE
 from samba import Ldb
+from samba.dcerpc import misc
+from samba.ndr import ndr_unpack
+
 from ldb import SCOPE_SUBTREE, SCOPE_BASE
 from samba.auth import system_session
 from samba.gp.gpclass import get_dc_hostname
@@ -52,14 +55,6 @@ global_trust_dirs = ['/etc/pki/trust/anchors',           # SUSE
                      '/etc/pki/ca-trust/source/anchors', # RHEL/Fedora
                      '/usr/local/share/ca-certificates'] # Debian/Ubuntu
 
-def octet_string_to_objectGUID(data):
-    """Convert an octet string to an objectGUID."""
-    return '%s-%s-%s-%s-%s' % ('%02x' % struct.unpack('<L', data[0:4])[0],
-                               '%02x' % struct.unpack('<H', data[4:6])[0],
-                               '%02x' % struct.unpack('<H', data[6:8])[0],
-                               '%02x' % struct.unpack('>H', data[8:10])[0],
-                               '%02x%02x' % struct.unpack('>HL', data[10:]))
-
 
 def group_and_sort_end_point_information(end_point_information):
     """Group and Sort End Point Information.
@@ -480,7 +475,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
                 # instance. If the values do not match, continue with the next
                 # group.
                 objectGUID = '{%s}' % \
-                    octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper()
+                    str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper()
                 if objectGUID != e['PolicyID']:
                     continue
 

diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 9177eef5afaa2bdf64582d7908199fd98b4181f3..2e4696cd9267abc5250d4a6b9fb0105054347684 100644 (file)
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -53,7 +53,9 @@ from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
 from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
 from samba.common import get_bytes
 from samba.dcerpc import preg
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import misc
+
 import codecs
 from shutil import copyfile
 import xml.etree.ElementTree as etree
@@ -7654,7 +7656,7 @@ class GPOTests(tests.TestCase):
                           _ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
         self.assertTrue(len(res2) == 1, 'objectGUID not found')
         objectGUID = b'{%s}' % \
-            cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
+            str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper().encode()
         parser = GPPolParser()
         parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() %
             (objectGUID, objectGUID, objectGUID, objectGUID)))