CVE-2020-25722 selftest: Catch possible errors in PasswordSettingsTestCase.test_pso_none_applied()

This allows future patches to restrict changing the account type without triggering an error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2021-09-20 14:54:03 +1200
committer: Jule Anger <janger@samba.org> 2021-11-09 19:45:32 +0000
commit: 63eb24f0925f0a3d117fc5eb2dc728a5af121f6a (patch)
tree: 9020247efafa998c626db8dfb9ab2b1a229c67a8 /source4
parent: 0d804cfd07789c6bcd8c252756ead99e92bceb1b (diff)
download: samba-63eb24f0925f0a3d117fc5eb2dc728a5af121f6a.tar.gz
1 files changed, 19 insertions, 11 deletions
diff --git a/source4/dsdb/tests/python/password_settings.py b/source4/dsdb/tests/python/password_settings.py
index fcb671690c3..e1c49d7bffb 100644
--- a/source4/dsdb/tests/python/password_settings.py
+++ b/source4/dsdb/tests/python/password_settings.py
@@ -594,19 +594,27 @@ class PasswordSettingsTestCase(PasswordTestCase):
         dummy_pso.apply_to(user.dn)
         self.assertTrue(user.get_resultant_PSO() == dummy_pso.dn)
 
-        # now clear the ADS_UF_NORMAL_ACCOUNT flag for the user, which should
-        # mean a resultant PSO is no longer returned (we're essentially turning
-        # the user into a DC here, which is a little overkill but tests
-        # behaviour as per the Windows specification)
-        self.set_attribute(user.dn, "userAccountControl",
-                           str(dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
-                           operation=FLAG_MOD_REPLACE)
+        try:
+            # now clear the ADS_UF_NORMAL_ACCOUNT flag for the user, which should
+            # mean a resultant PSO is no longer returned (we're essentially turning
+            # the user into a DC here, which is a little overkill but tests
+            # behaviour as per the Windows specification)
+            self.set_attribute(user.dn, "userAccountControl",
+                               str(dsdb.UF_WORKSTATION_TRUST_ACCOUNT),
+                               operation=FLAG_MOD_REPLACE)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.fail("Failed to change user into a workstation: {msg}")
         self.assertIsNone(user.get_resultant_PSO())
 
-        # reset it back to a normal user account
-        self.set_attribute(user.dn, "userAccountControl",
-                           str(dsdb.UF_NORMAL_ACCOUNT),
-                           operation=FLAG_MOD_REPLACE)
+        try:
+            # reset it back to a normal user account
+            self.set_attribute(user.dn, "userAccountControl",
+                               str(dsdb.UF_NORMAL_ACCOUNT),
+                               operation=FLAG_MOD_REPLACE)
+        except ldb.LdbError as e:
+            (num, msg) = e.args
+            self.fail("Failed to change user back into a user: {msg}")
         self.assertTrue(user.get_resultant_PSO() == dummy_pso.dn)
 
         # no PSO should be returned if RID is equal to DOMAIN_USER_RID_KRBTGT
author	Andrew Bartlett <abartlet@samba.org>	2021-09-20 14:54:03 +1200
committer	Jule Anger <janger@samba.org>	2021-11-09 19:45:32 +0000
commit	63eb24f0925f0a3d117fc5eb2dc728a5af121f6a (patch)
tree	9020247efafa998c626db8dfb9ab2b1a229c67a8 /source4
parent	0d804cfd07789c6bcd8c252756ead99e92bceb1b (diff)
download	samba-63eb24f0925f0a3d117fc5eb2dc728a5af121f6a.tar.gz