git.samba.org - samba.git/commit

author	Gabriel Nagy <gabriel.nagy@canonical.com>
	Mon, 8 Jan 2024 16:05:08 +0000 (18:05 +0200)
committer	Jule Anger <janger@samba.org>
	Mon, 5 Feb 2024 11:32:09 +0000 (11:32 +0000)
commit	a50016bc7aec83b21cb9ac15af29a35575c8c365
tree	3171aa8aebc1c7e3be070d8786b2106bf3519b1d	tree
parent	41cd6b95d49845a9c865ec0adfa30f775b6117ba	commit \| diff

gpo: Test certificate policy without NDES

As of 8231eaf856b, the NDES feature is no longer required on Windows, as
cert auto-enroll can use the certificate from the LDAP request.

However, 157335ee93e changed the implementation to convert the LDAP
certificate to base64 due to it failing to cleanly convert to a string.

Because of insufficient test coverage I missed handling the part where
NDES is disabled or not reachable and the LDAP certificate was imported.
The call to load_der_x509_certificate now fails with an error because it
expects binary data, yet it receives a base64 encoded string.

This adds a test to confirm the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0d1ff69936f18ea729fc11fbbb1569a833302572)

python/samba/tests/gpo.py		diff \| blob \| history
selftest/knownfail.d/gpo	[new file with mode: 0644]	blob