[SCM] Samba Shared Repository - branch master updated

David Mulder Tue, 25 Oct 2022 08:22:14 -0700

The branch, master has been updated
       via  4f63c128078 gpo: Fix startup scripts to not fail w/out params
       via  42069152554 gpo: Test to ensure startup scripts don't crash w/out 
params
      from  d385058ce7c CVE-2022-3592 smbd: Slightly simplify 
filename_convert_dirfsp()


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4f63c1280786a47185b0e1aac40ab96a2ac78ee3
Author: David Mulder <dmul...@samba.org>
Date:   Mon Oct 24 16:50:37 2022 -0600

    gpo: Fix startup scripts to not fail w/out params
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
    
    Signed-off-by: David Mulder <dmul...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    
    Autobuild-User(master): David Mulder <dmul...@samba.org>
    Autobuild-Date(master): Tue Oct 25 15:21:08 UTC 2022 on sn-devel-184

commit 42069152554f2768e52424841e633eeeb154aed5
Author: David Mulder <dmul...@samba.org>
Date:   Mon Oct 24 16:49:21 2022 -0600

    gpo: Test to ensure startup scripts don't crash w/out params
    
    Startup scripts were failing to execute when no
    parameters were provided to the script.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
    
    Signed-off-by: David Mulder <dmul...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/gp/vgp_startup_scripts_ext.py | 12 ++++++--
 python/samba/tests/gpo.py                  | 49 +++++++++++++++++++++++++++++-
 2 files changed, 58 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/gp/vgp_startup_scripts_ext.py 
b/python/samba/gp/vgp_startup_scripts_ext.py
index 71be4c0e32c..b46c641d6d3 100644
--- a/python/samba/gp/vgp_startup_scripts_ext.py
+++ b/python/samba/gp/vgp_startup_scripts_ext.py
@@ -62,7 +62,11 @@ class vgp_startup_scripts_ext(gp_xml_ext):
                     script_file = os.path.join(local_path,
                         os.path.dirname(check_safe_path(path)).upper(),
                                         script.upper())
-                    parameters = listelement.find('parameters').text
+                    parameters = listelement.find('parameters')
+                    if parameters is not None:
+                        parameters = parameters.text
+                    else:
+                        parameters = ''
                     hash = listelement.find('hash').text
                     attribute = '%s:%s:%s' % (script, hash, parameters)
                     old_val = self.gp_db.retrieve(str(self), attribute)
@@ -105,7 +109,11 @@ class vgp_startup_scripts_ext(gp_xml_ext):
                 script_file = os.path.join(local_path,
                     os.path.dirname(check_safe_path(path)).upper(),
                                     script.upper())
-                parameters = listelement.find('parameters').text
+                parameters = listelement.find('parameters')
+                if parameters is not None:
+                    parameters = parameters.text
+                else:
+                    parameters = ''
                 run_as = listelement.find('run_as')
                 if run_as is not None:
                     run_as = run_as.text
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 48f794b490c..c620a1270f7 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -8240,7 +8240,6 @@ class GPOTests(tests.TestCase):
 
         # Unstage the manifest.xml and script files
         unstage_file(manifest)
-        unstage_file(test_script)
 
         # Stage the manifest.xml file for run once scripts
         etree.SubElement(listelement, 'run_once')
@@ -8285,6 +8284,54 @@ class GPOTests(tests.TestCase):
             self.assertIn(entry, list(ret.values())[0][0],
                           'The target entry was not listed by rsop')
 
+        # Unstage the manifest.xml and script files
+        unstage_file(manifest)
+
+        # Stage the manifest.xml file for a script without parameters
+        stage = etree.Element('vgppolicy')
+        policysetting = etree.SubElement(stage, 'policysetting')
+        version = etree.SubElement(policysetting, 'version')
+        version.text = '1'
+        data = etree.SubElement(policysetting, 'data')
+        listelement = etree.SubElement(data, 'listelement')
+        script = etree.SubElement(listelement, 'script')
+        script.text = os.path.basename(test_script).lower()
+        hash = etree.SubElement(listelement, 'hash')
+        hash.text = \
+            hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
+        run_as = etree.SubElement(listelement, 'run_as')
+        run_as.text = 'root'
+        ret = stage_file(manifest, etree.tostring(stage))
+        self.assertTrue(ret, 'Could not create the target %s' % manifest)
+
+        # Process all gpos, with temp output directory
+        with TemporaryDirectory() as dname:
+            try:
+                ext.process_group_policy([], gpos, dname)
+            except Exception as e:
+                self.fail(str(e))
+            files = os.listdir(dname)
+            self.assertEquals(len(files), 1,
+                              'The target script was not created')
+            entry = '@reboot %s %s' % (run_as.text, test_script)
+            self.assertIn(entry,
+                          open(os.path.join(dname, files[0]), 'r').read(),
+                          'The test entry was not found')
+
+            # Remove policy
+            gp_db = store.get_gplog(machine_creds.get_username())
+            del_gpos = get_deleted_gpos_list(gp_db, [])
+            ext.process_group_policy(del_gpos, [])
+            files = os.listdir(dname)
+            self.assertEquals(len(files), 0,
+                              'The target script was not removed')
+
+            # Test rsop
+            g = [g for g in gpos if g.name == guid][0]
+            ret = ext.rsop(g)
+            self.assertIn(entry, list(ret.values())[0][0],
+                          'The target entry was not listed by rsop')
+
         # Unstage the manifest.xml and script files
         unstage_file(manifest)
         unstage_file(test_script)


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to