CVE-2020-25722 selftest: Ensure check for duplicate servicePrincipalNames is not...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

If one of the objectClass checks passed, samldb_add() could return
through one of the samldb_fill_*() functions and skip the
servicePrincipalName uniqueness checking.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/selftest/knownfail.d/spn_uniqueness b/selftest/knownfail.d/spn_uniqueness
deleted file mode 100644 (file)
index 3f6c2f0..0000000
--- a/selftest/knownfail.d/spn_uniqueness
+++ /dev/null
@@ -1,2 +0,0 @@
-^samba4.sam.python\(ad_dc_default\).__main__.SamTests.test_service_principal_name_uniqueness\(ad_dc_default\)
-^samba4.sam.python\(fl2008r2dc\).__main__.SamTests.test_service_principal_name_uniqueness\(fl2008r2dc\)

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 810365ca0304956940a4603b375ac4f0f71d1bc3..f0227411ccd2c03eb35ed7a8cf570a796eaf2758 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -4838,6 +4838,18 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
                }
        }
 
+       el = ldb_msg_find_element(ac->msg, "servicePrincipalName");
+       if ((el != NULL)) {
+               /*
+                * We need to check whether the SPN collides with an existing
+                * one (anywhere) including via aliases.
+                */
+               ret = samldb_spn_uniqueness_check(ac, el);
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
+       }
+
        if (samdb_find_attribute(ldb, ac->msg,
                                 "objectclass", "user") != NULL) {
                ac->type = SAMLDB_TYPE_USER;
@@ -4936,19 +4948,6 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
                return samldb_fill_object(ac);
        }
 
-
-       el = ldb_msg_find_element(ac->msg, "servicePrincipalName");
-       if ((el != NULL)) {
-               /*
-                * We need to check whether the SPN collides with an existing
-                * one (anywhere) including via aliases.
-                */
-               ret = samldb_spn_uniqueness_check(ac, el);
-               if (ret != LDB_SUCCESS) {
-                       return ret;
-               }
-       }
-
        if (samdb_find_attribute(ldb, ac->msg,
                                 "objectclass", "subnet") != NULL) {
                ret = samldb_verify_subnet(ac, ac->msg->dn);