From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Mon, 24 Mar 2025 22:26:12 +0000 (+0000)
Subject: python:gp_cert_auto_enrol: fix GUID stringification
X-Git-Tag: samba-4.21.6~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2216a4396054e1e67a0fb98cfb7965b6d20411aa;p=thirdparty%2Fsamba.git

python:gp_cert_auto_enrol: fix GUID stringification

We were using some broken ad-hoc unpacking to do what the ndr
unpacker does perfectly well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15839

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Mar 25 05:21:49 UTC 2025 on atb-devel-224

(cherry picked from commit 47ff42232048c008a7b361a948e5ac79311b5458)

Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Thu Apr 17 12:53:59 UTC 2025 on atb-devel-224
---

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 9b743cb7f9b..877659b043e 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -19,6 +19,9 @@ import operator
 import requests
 from samba.gp.gpclass import gp_pol_ext, gp_applier, GPOSTATE
 from samba import Ldb
+from samba.dcerpc import misc
+from samba.ndr import ndr_unpack
+
 from ldb import SCOPE_SUBTREE, SCOPE_BASE
 from samba.auth import system_session
 from samba.gp.gpclass import get_dc_hostname
@@ -52,14 +55,6 @@ global_trust_dirs = ['/etc/pki/trust/anchors',           # SUSE
                      '/etc/pki/ca-trust/source/anchors', # RHEL/Fedora
                      '/usr/local/share/ca-certificates'] # Debian/Ubuntu
 
-def octet_string_to_objectGUID(data):
-    """Convert an octet string to an objectGUID."""
-    return '%s-%s-%s-%s-%s' % ('%02x' % struct.unpack('<L', data[0:4])[0],
-                               '%02x' % struct.unpack('<H', data[4:6])[0],
-                               '%02x' % struct.unpack('<H', data[6:8])[0],
-                               '%02x' % struct.unpack('>H', data[8:10])[0],
-                               '%02x%02x' % struct.unpack('>HL', data[10:]))
-
 
 def group_and_sort_end_point_information(end_point_information):
     """Group and Sort End Point Information.
@@ -480,7 +475,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
                 # instance. If the values do not match, continue with the next
                 # group.
                 objectGUID = '{%s}' % \
-                    octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper()
+                    str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper()
                 if objectGUID != e['PolicyID']:
                     continue
 
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 9177eef5afa..2e4696cd926 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -53,7 +53,9 @@ from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
 from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
 from samba.common import get_bytes
 from samba.dcerpc import preg
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import misc
+
 import codecs
 from shutil import copyfile
 import xml.etree.ElementTree as etree
@@ -7654,7 +7656,7 @@ class GPOTests(tests.TestCase):
                           _ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
         self.assertTrue(len(res2) == 1, 'objectGUID not found')
         objectGUID = b'{%s}' % \
-            cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
+            str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper().encode()
         parser = GPPolParser()
         parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() %
             (objectGUID, objectGUID, objectGUID, objectGUID)))