From d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 29 Nov 2022 14:14:32 +0100 Subject: CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports This allows the tests to be executed without an explicit PYTHONPATH="bin/python". BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Dec 13 14:06:14 UTC 2022 on sn-devel-184 (similar to commit 987cba90573f955fe9c781830daec85ad4d5bf92) [jsutton@samba.org Fixed conflicts; removed changes to non-existent tests] [jsutton@samba.org Fixed conflicts; removed changes to non-existent tests] [metze@samba.org private autobuild and a pipeline passes] --- python/samba/tests/krb5/alias_tests.py | 6 +++--- python/samba/tests/krb5/as_canonicalization_tests.py | 5 +++-- python/samba/tests/krb5/etype_tests.py | 8 +++++--- python/samba/tests/krb5/fast_tests.py | 11 ++++++----- python/samba/tests/krb5/kdc_base_test.py | 7 ++++--- python/samba/tests/krb5/kpasswd_tests.py | 8 ++++---- python/samba/tests/krb5/rodc_tests.py | 4 ++-- python/samba/tests/krb5/s4u_tests.py | 3 ++- python/samba/tests/krb5/salt_tests.py | 6 +++--- python/samba/tests/krb5/spn_tests.py | 8 ++++---- python/samba/tests/krb5/test_ccache.py | 6 +++--- python/samba/tests/krb5/test_idmap_nss.py | 6 +++--- python/samba/tests/krb5/test_ldap.py | 6 +++--- python/samba/tests/krb5/test_min_domain_uid.py | 7 ++++--- python/samba/tests/krb5/test_rpc.py | 6 +++--- python/samba/tests/krb5/test_smb.py | 6 +++--- 16 files changed, 55 insertions(+), 48 deletions(-) diff --git a/python/samba/tests/krb5/alias_tests.py b/python/samba/tests/krb5/alias_tests.py index 1f63775c189..3ddfe4ecc75 100755 --- a/python/samba/tests/krb5/alias_tests.py +++ b/python/samba/tests/krb5/alias_tests.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, 'bin/python') +os.environ['PYTHONUNBUFFERED'] = '1' + import ldb from samba.tests import delete_force @@ -32,9 +35,6 @@ from samba.tests.krb5.rfc4120_constants import ( NT_PRINCIPAL, ) -sys.path.insert(0, 'bin/python') -os.environ['PYTHONUNBUFFERED'] = '1' - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py index 674fcb37101..2ad28fc27d3 100755 --- a/python/samba/tests/krb5/as_canonicalization_tests.py +++ b/python/samba/tests/krb5/as_canonicalization_tests.py @@ -19,12 +19,13 @@ import sys import os -from enum import Enum, unique -import pyasn1 sys.path.insert(0, "bin/python") os.environ["PYTHONUNBUFFERED"] = "1" +from enum import Enum, unique +import pyasn1 + from samba.tests.krb5.kdc_base_test import KDCBaseTest import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 from samba.credentials import DONT_USE_KERBEROS diff --git a/python/samba/tests/krb5/etype_tests.py b/python/samba/tests/krb5/etype_tests.py index 9725d544c2a..46ccc70f07d 100755 --- a/python/samba/tests/krb5/etype_tests.py +++ b/python/samba/tests/krb5/etype_tests.py @@ -17,10 +17,14 @@ # along with this program. If not, see . # -import itertools import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + +import itertools + from samba.dcerpc import security from samba.tests import DynamicTestCase @@ -34,8 +38,6 @@ from samba.tests.krb5.rfc4120_constants import ( ) import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/fast_tests.py b/python/samba/tests/krb5/fast_tests.py index 66cbf23978a..907649b4159 100755 --- a/python/samba/tests/krb5/fast_tests.py +++ b/python/samba/tests/krb5/fast_tests.py @@ -17,9 +17,13 @@ # along with this program. If not, see . # -import functools -import os import sys +import os + +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + +import functools import collections import ldb @@ -51,9 +55,6 @@ from samba.tests.krb5.rfc4120_constants import ( import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 import samba.tests.krb5.kcrypto as kcrypto -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 1a554016b1e..1616f2d085a 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -18,6 +18,10 @@ import sys import os + +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + from datetime import datetime, timezone import tempfile import binascii @@ -91,9 +95,6 @@ from samba.tests.krb5.rfc4120_constants import ( PADATA_ETYPE_INFO2, ) -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/kpasswd_tests.py b/python/samba/tests/krb5/kpasswd_tests.py index 0db857f7bbd..014bd10aebd 100755 --- a/python/samba/tests/krb5/kpasswd_tests.py +++ b/python/samba/tests/krb5/kpasswd_tests.py @@ -17,8 +17,11 @@ # along with this program. If not, see . # -import os import sys +import os + +sys.path.insert(0, 'bin/python') +os.environ['PYTHONUNBUFFERED'] = '1' from functools import partial @@ -41,9 +44,6 @@ from samba.tests.krb5.rfc4120_constants import ( NT_SRV_INST, ) -sys.path.insert(0, 'bin/python') -os.environ['PYTHONUNBUFFERED'] = '1' - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/rodc_tests.py b/python/samba/tests/krb5/rodc_tests.py index 3e0e2a7712e..71ef603f49a 100755 --- a/python/samba/tests/krb5/rodc_tests.py +++ b/python/samba/tests/krb5/rodc_tests.py @@ -19,11 +19,11 @@ import sys import os -from samba.tests.krb5.kdc_base_test import KDCBaseTest - sys.path.insert(0, "bin/python") os.environ["PYTHONUNBUFFERED"] = "1" +from samba.tests.krb5.kdc_base_test import KDCBaseTest + global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py index 38e1bd7c65d..fcaac31874e 100755 --- a/python/samba/tests/krb5/s4u_tests.py +++ b/python/samba/tests/krb5/s4u_tests.py @@ -18,11 +18,12 @@ import sys import os -import functools sys.path.insert(0, "bin/python") os.environ["PYTHONUNBUFFERED"] = "1" +import functools + from samba import dsdb, ntstatus from samba.dcerpc import krb5pac, lsa diff --git a/python/samba/tests/krb5/salt_tests.py b/python/samba/tests/krb5/salt_tests.py index db777f8b7bc..b9e82f984b3 100755 --- a/python/samba/tests/krb5/salt_tests.py +++ b/python/samba/tests/krb5/salt_tests.py @@ -19,14 +19,14 @@ import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import ldb from samba.tests.krb5.as_req_tests import AsReqBaseTest import samba.tests.krb5.kcrypto as kcrypto -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/spn_tests.py b/python/samba/tests/krb5/spn_tests.py index 62d2ea081bc..f4f20bea4f2 100755 --- a/python/samba/tests/krb5/spn_tests.py +++ b/python/samba/tests/krb5/spn_tests.py @@ -17,8 +17,11 @@ # along with this program. If not, see . # -import os import sys +import os + +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" from samba.tests import DynamicTestCase @@ -33,9 +36,6 @@ from samba.tests.krb5.rfc4120_constants import ( NT_PRINCIPAL, ) -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py index 75038ea5cc1..6413bfa2115 100755 --- a/python/samba/tests/krb5/test_ccache.py +++ b/python/samba/tests/krb5/test_ccache.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import ldb from ldb import SCOPE_SUBTREE @@ -31,9 +34,6 @@ from samba.ntstatus import NT_STATUS_NO_IMPERSONATION_TOKEN from samba.tests.krb5.kdc_base_test import KDCBaseTest -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/test_idmap_nss.py b/python/samba/tests/krb5/test_idmap_nss.py index d3480dbca3f..1ee020122b9 100755 --- a/python/samba/tests/krb5/test_idmap_nss.py +++ b/python/samba/tests/krb5/test_idmap_nss.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, 'bin/python') +os.environ['PYTHONUNBUFFERED'] = '1' + from ldb import SCOPE_SUBTREE from samba import NTSTATUSError from samba.credentials import DONT_USE_KERBEROS @@ -34,9 +37,6 @@ from samba.samba3 import param as s3param from samba.tests.krb5.kdc_base_test import KDCBaseTest -sys.path.insert(0, 'bin/python') -os.environ['PYTHONUNBUFFERED'] = '1' - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py index c1375730e6f..eaf79e7fa01 100755 --- a/python/samba/tests/krb5/test_ldap.py +++ b/python/samba/tests/krb5/test_ldap.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import ldb from ldb import LdbError, ERR_OPERATIONS_ERROR, SCOPE_BASE, SCOPE_SUBTREE @@ -30,9 +33,6 @@ from samba import credentials from samba.tests.krb5.kdc_base_test import KDCBaseTest -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/test_min_domain_uid.py b/python/samba/tests/krb5/test_min_domain_uid.py index 77414b239f0..7c7942c6cbe 100755 --- a/python/samba/tests/krb5/test_min_domain_uid.py +++ b/python/samba/tests/krb5/test_min_domain_uid.py @@ -18,6 +18,10 @@ import sys import os + +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import pwd import ctypes @@ -29,9 +33,6 @@ from samba import NTSTATUSError, ntstatus from samba.tests.krb5.kdc_base_test import KDCBaseTest from samba.credentials import MUST_USE_KERBEROS, DONT_USE_KERBEROS -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - class SmbMinDomainUid(KDCBaseTest): """Test for SMB authorization without NSS winbind. In such setup domain accounts are mapped to local accounts using the 'username map' option. diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py index 5a3c7339cea..6faf2a06063 100755 --- a/python/samba/tests/krb5/test_rpc.py +++ b/python/samba/tests/krb5/test_rpc.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import ldb from samba import NTSTATUSError, credentials @@ -31,9 +34,6 @@ from samba.ntstatus import ( from samba.tests.krb5.kdc_base_test import KDCBaseTest -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py index 47e9e48c971..f0a82a43229 100755 --- a/python/samba/tests/krb5/test_smb.py +++ b/python/samba/tests/krb5/test_smb.py @@ -20,6 +20,9 @@ import sys import os +sys.path.insert(0, "bin/python") +os.environ["PYTHONUNBUFFERED"] = "1" + import ldb from ldb import SCOPE_SUBTREE @@ -32,9 +35,6 @@ from samba.samba3 import param as s3param from samba.tests.krb5.kdc_base_test import KDCBaseTest -sys.path.insert(0, "bin/python") -os.environ["PYTHONUNBUFFERED"] = "1" - global_asn1_print = False global_hexdump = False -- cgit v1.2.1