CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Thu, 28 Oct 2021 00:07:01 +0000 (13:07 +1300)

committer Jule Anger <janger@samba.org>

Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 28 Oct 2021 00:07:01 +0000 (13:07 +1300)
committer Jule Anger <janger@samba.org>
Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
diff --git a/selftest/knownfail.d/cve-2020-25722-provision b/selftest/knownfail.d/cve-2020-25722-provision

deleted file mode 100644 (file)

index 7fd4b4b..0000000
--- a/selftest/knownfail.d/cve-2020-25722-provision
+++ /dev/null
@@ -1,4 +0,0 @@
-samba4.blackbox.dbcheck.release-4-0-0
-samba4.blackbox.dbcheck.release-4-0-0.quick
-samba4.blackbox.upgradeprovision.release-4-0-0
-samba4.blackbox.functionalprep.check_databases_same
diff --git a/source4/setup/tests/blackbox_upgradeprovision.sh b/source4/setup/tests/blackbox_upgradeprovision.sh

index e53e7031cd2fffcc2430cc2ca4e5a7f1523b8628..58f8af7672e2f2048b212497e642503179d3869e 100755 (executable)
--- a/source4/setup/tests/blackbox_upgradeprovision.sh
+++ b/source4/setup/tests/blackbox_upgradeprovision.sh
@@ -42,19 +42,19 @@ upgradeprovision_full() {
  # really doesn't change anything.
  
  ldapcmp() {
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
  }
  
  ldapcmp_full() {
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
  }
  
  ldapcmp_sd() {
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
  }
  
  ldapcmp_full_sd() {
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
  }
  
  testit "upgradeprovision" upgradeprovision
diff --git a/testprogs/blackbox/dbcheck-oldrelease.sh b/testprogs/blackbox/dbcheck-oldrelease.sh

index 0866627c42b5c9bb187f3736c43d42f6454e7d2b..1c558202bc545c11c4f245f9e4e6943fbdedfe39 100755 (executable)
--- a/testprogs/blackbox/dbcheck-oldrelease.sh
+++ b/testprogs/blackbox/dbcheck-oldrelease.sh
@@ -483,13 +483,13 @@ referenceprovision() {
  
  ldapcmp() {
      if [ x$RELEASE = x"release-4-0-0" ]; then
-         $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes
+         $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes,servicePrincipalName
      fi
  }
  
  ldapcmp_sd() {
      if [ x$RELEASE = x"release-4-0-0" ]; then
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --sd --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
      fi
  }
  
diff --git a/testprogs/blackbox/functionalprep.sh b/testprogs/blackbox/functionalprep.sh

index a5ac4b8bc7f5e8e80eaacd0571eb62ef946db623..e9ab0854cff728a21afd769551e6f8a61d8994a2 100755 (executable)
--- a/testprogs/blackbox/functionalprep.sh
+++ b/testprogs/blackbox/functionalprep.sh
@@ -72,7 +72,7 @@ provision_2012r2() {
  ldapcmp_ignore() {
      # At some point we will need to ignore, but right now, it should be perfect
      IGNORE_ATTRS=$1
-    $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2/private/sam.ldb tdb://$PREFIX_ABS/$3/private/sam.ldb --two --skip-missing-dn --filter msDS-SupportedEncryptionTypes
+    $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/$2/private/sam.ldb tdb://$PREFIX_ABS/$3/private/sam.ldb --two --skip-missing-dn --filter msDS-SupportedEncryptionTypes,servicePrincipalName
  }
  
  ldapcmp() {
diff --git a/testprogs/blackbox/upgradeprovision-oldrelease.sh b/testprogs/blackbox/upgradeprovision-oldrelease.sh

index b02aef9f91f22d54288b7a1949d69e362c65a9c7..c6251796878369479a1dbb32c21e3f43b6e462ec 100755 (executable)
--- a/testprogs/blackbox/upgradeprovision-oldrelease.sh
+++ b/testprogs/blackbox/upgradeprovision-oldrelease.sh
@@ -182,12 +182,12 @@ referenceprovision() {
  
  ldapcmp() {
      if [ x$RELEASE != x"alpha13" ]; then
-         $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes
+         $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade/private/sam.ldb --two --skip-missing-dn --filter=dnsRecord,displayName,msDS-SupportedEncryptionTypes,servicePrincipalName
      fi
  }
  
  ldapcmp_full() {
-        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade_full/private/sam.ldb --two --filter=dNSProperty,dnsRecord,cn,displayName,versionNumber,systemFlags,msDS-HasInstantiatedNCs --skip-missing-dn
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX_ABS/${RELEASE}_upgrade_reference/private/sam.ldb tdb://$PREFIX_ABS/${RELEASE}_upgrade_full/private/sam.ldb --two --filter=dNSProperty,dnsRecord,cn,displayName,versionNumber,systemFlags,msDS-HasInstantiatedNCs,servicePrincipalName --skip-missing-dn
  }
  
  ldapcmp_sd() {
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Thu, 28 Oct 2021 00:07:01 +0000 (13:07 +1300)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
selftest/knownfail.d/cve-2020-25722-provision	[deleted file]	patch \| blob \| blame \| history
source4/setup/tests/blackbox_upgradeprovision.sh		patch \| blob \| blame \| history
testprogs/blackbox/dbcheck-oldrelease.sh		patch \| blob \| blame \| history
testprogs/blackbox/functionalprep.sh		patch \| blob \| blame \| history
testprogs/blackbox/upgradeprovision-oldrelease.sh		patch \| blob \| blame \| history