git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ac2254)
CVE-2020-25722 selftest: Add test for duplicate servicePrincipalNames on an add operation
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 2 Nov 2021 08:21:17 +0000 (21:21 +1300)
committerJule Anger <janger@samba.org>
Mon, 8 Nov 2021 09:52:13 +0000 (10:52 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
selftest/knownfail.d/spn_uniqueness [new file with mode: 0644] patch | blob
source4/dsdb/tests/python/sam.py patch | blob | history

diff --git a/selftest/knownfail.d/spn_uniqueness b/selftest/knownfail.d/spn_uniqueness
new file mode 100644 (file)
index 0000000..3f6c2f0
--- /dev/null
+++ b/selftest/knownfail.d/spn_uniqueness
@@ -0,0 +1,2 @@
+^samba4.sam.python\(ad_dc_default\).__main__.SamTests.test_service_principal_name_uniqueness\(ad_dc_default\)
+^samba4.sam.python\(fl2008r2dc\).__main__.SamTests.test_service_principal_name_uniqueness\(fl2008r2dc\)
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index faa882e128781877c6b9daf686e5c87cadb61ed7..44be10fce2cd552937c26091254216d63a5230af 100755 (executable)
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -90,6 +90,7 @@ class SamTests(samba.tests.TestCase):
         delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
         delete_force(self.ldb, "cn=ldaptest\,specialuser,cn=users," + self.base_dn)
         delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
+        delete_force(self.ldb, "cn=ldaptestcomputer2,cn=computers," + self.base_dn)
         delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
         delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
 
@@ -3501,6 +3502,26 @@ class SamTests(samba.tests.TestCase):
 
         delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
 
+    def test_service_principal_name_uniqueness(self):
+        """Test the servicePrincipalName uniqueness behaviour"""
+        print("Testing servicePrincipalName uniqueness behaviour")
+
+        ldb.add({
+            "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
+            "objectclass": "computer",
+            "servicePrincipalName": "HOST/testname.testdom"})
+
+        try:
+            ldb.add({
+                "dn": "cn=ldaptestcomputer2,cn=computers," + self.base_dn,
+                "objectclass": "computer",
+                "servicePrincipalName": "HOST/testname.testdom"})
+        except LdbError as e:
+            num, _ = e.args
+            self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
+        else:
+            self.fail()
+
     def test_sam_description_attribute(self):
         """Test SAM description attribute"""
         print("Test SAM description attribute")
Samba Shared Repository