From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 29 Aug 2021 22:10:56 +0000 (+1200)
Subject: CVE-2020-25722 selftest: Use addCleanup rather than tearDown in user_account_control.py
X-Git-Tag: samba-4.13.14~221
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0777ea3d6600863afbf216bf8219bd3c9d4517cd;p=thirdparty%2Fsamba.git

CVE-2020-25722 selftest: Use addCleanup rather than tearDown in user_account_control.py

self.addCleanup() is called regardless of the test failure or error status
and so is more reliable, particularly during development.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 8c455268165f0bbfce17407df2c1746a0e03f828)
---

diff --git a/source4/dsdb/tests/python/user_account_control.py b/source4/dsdb/tests/python/user_account_control.py
index cb614b165e5..81664079adf 100755
--- a/source4/dsdb/tests/python/user_account_control.py
+++ b/source4/dsdb/tests/python/user_account_control.py
@@ -144,6 +144,7 @@ class UserAccountControlTests(samba.tests.TestCase):
 
         self.unpriv_user_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
         self.unpriv_user_dn = res[0].dn
+        self.addCleanup(self.admin_samdb.delete, self.unpriv_user_dn)
 
         self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
 
@@ -153,6 +154,7 @@ class UserAccountControlTests(samba.tests.TestCase):
 
         self.sd_utils = sd_utils.SDUtils(self.admin_samdb)
         self.admin_samdb.create_ou(self.OU)
+        self.addCleanup(self.admin_samdb.delete, self.OU, ["tree_delete:1"])
 
         self.unpriv_user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
         mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(self.unpriv_user_sid)
@@ -180,14 +182,6 @@ class UserAccountControlTests(samba.tests.TestCase):
         # Now reconnect without domain admin rights
         self.samdb = SamDB(url=ldaphost, credentials=self.unpriv_creds, lp=lp)
 
-    def tearDown(self):
-        super(UserAccountControlTests, self).tearDown()
-        for computername in self.computernames:
-            delete_force(self.admin_samdb, "CN=%s,OU=test_computer_ou1,%s" % (computername, self.base_dn))
-        delete_force(self.admin_samdb, "CN=testcomputer-t,OU=test_computer_ou1,%s" % (self.base_dn))
-        delete_force(self.admin_samdb, "OU=test_computer_ou1,%s" % (self.base_dn))
-        delete_force(self.admin_samdb, "CN=%s,CN=Users,%s" % (self.unpriv_user, self.base_dn))
-
     def test_add_computer_sd_cc(self):
         user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
         mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)