[PATCH] samba-tool: Easily edit a users object in AD V3 with test
Rowland Penny
rpenny at samba.org
Tue Jul 4 12:25:56 UTC 2017
On Tue, 4 Jul 2017 14:11:23 +0300
Alexander Bokovoy <ab at samba.org> wrote:
> On ti, 04 heinä 2017, Rowland Penny via samba-technical wrote:
> > On Tue, 4 Jul 2017 12:39:00 +0300
> > Alexander Bokovoy <ab at samba.org> wrote:
> >
> > > On ti, 04 heinä 2017, Rowland Penny via samba-technical wrote:
> > > > On Mon, 3 Jul 2017 18:07:49 +0300
> > > > Alexander Bokovoy <ab at samba.org> wrote:
> > > >
> > > > > Looks like it works! Great!
> > > >
> > > > OK, one step forward, three steps back ;-)
> > > >
> > > > How do you create a new file ?
> > > >
> > > > I have created the edit.sh file in my local git, but when I run:
> > > >
> > > > git commit -s -a
> > > >
> > > > I get:
> > > >
> > > > On branch master
> > > > Your branch is ahead of 'origin/master' by 1 commit.
> > > > (use "git push" to publish your local commits)
> > > > Untracked files:
> > > > python/samba/tests/samba_tool/edit.sh
> > > >
> > > > nothing added to commit but untracked files present
> > > >
> > > > I don't think I should run 'git push' as, from reading the
> > > > manpage, it looks like this will try to create 'edit.sh' in the
> > > > Samba git.
> > > git add <file>
> > > https://www.atlassian.com/git/tutorials/saving-changes
> >
> > I did wonder about that, but 'man git commit' said this:
> >
> > The command git commit -a first looks at your working tree,
> > notices that you have modified hello.c and removed goodbye.c, and
> > performs necessary git add and git rm for you.
> >
> > Looks like the manpage lies, because I was using '-a' and it didn't
> > add the file ;-)
> >
> > I followed the suggestion and it worked, so I have attached my new
> > patches for editing users and the test for this.
> Ok, I have only one comment I'd like to be addressed before we accept
> this changeset:
>
> +# create editor.sh
> +echo "#!/usr/bin/env bash" > /tmp/editor.sh
> +echo "user_ldif=\"\$1\"" >> /tmp/editor.sh
> +echo "SED=\$(which sed)" >> /tmp/editor.sh
> +echo "\$SED -i -e 's/userAccountControl: 512/userAccountControl:
> 514/' \$user_ldif" >> /tmp/editor.sh +
> +chmod +x /tmp/editor.sh
> +
>
> Please don't use a static path here. It would prevent multiple
> parallel 'make test' runs on the same machine by different users. And
> also would allow an attacker (whoever that be) to rewrite your
> editor.sh and inject an execution into your 'make test' run.
>
> Instead, create a temporary file:
>
> tmpeditor=$(mktemp --suffix .sh samba-tool-editor-XXXXXXXX)
>
> And put the content into it:
>
> cat >$tmpeditor <<-'EOF'
> #!/usr/bin/env bash
> user_ldif="$1"
> SED=$(which sed)
> $SED -i -e 's/userAccountControl: 512/userAccountControl:
> 514/' $user_ldif EOF
>
> chmod +x $tmpeditor
>
> <<-'EOF' means to start here document which ends with EOF, strip
> leading tabs, do not perform interpolation within the document. This
> allows you to keep the content of the script clean from shell
> expansion protection.
>
>
OK, here are the new patches ;-)
Rowland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-tool-Easily-edit-a-users-object-in-AD.patch
Type: text/x-patch
Size: 6439 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170704/9509033f/samba-tool-Easily-edit-a-users-object-in-AD.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Add-test-for-samba-tool-user-edit.patch
Type: text/x-patch
Size: 2326 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170704/9509033f/Add-test-for-samba-tool-user-edit.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Add-code-to-run-the-tests-for-samba-tool-user-edit.patch
Type: text/x-patch
Size: 1182 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170704/9509033f/Add-code-to-run-the-tests-for-samba-tool-user-edit.bin>
More information about the samba-technical
mailing list