CVE-2020-25722 samba-tool spn add: remove --force option

This did not actually *force* the creation of a duplicate SPN, it just
ignored the client-side check for the existing copy. Soon we are going
to enforce SPN uniqueness on the server side, and this --force will not
work. This will make the --force test fail, and if that tests fail, so
will others that depend the duplicate values. So we remove those tests.

It is wrong-headed to try to make duplicate SPNs in any case, which is
probably why there is no sign of anyone ever having used this option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/netcmd/spn.py b/python/samba/netcmd/spn.py
index 46e9c59272af5562858a74d8fab60ffdece99a06..2676ff34fac3a26c14e624a6533b00920e78469e 100644 (file)
--- a/python/samba/netcmd/spn.py
+++ b/python/samba/netcmd/spn.py
@@ -89,12 +89,10 @@ class cmd_spn_add(Command):
     takes_options = [
         Option("-H", "--URL", help="LDB URL for database or target server",
                type=str, metavar="URL", dest="H"),
-        Option("--force", help="Force the addition of the spn"
-                               " even it exists already", action="store_true"),
     ]
     takes_args = ["name", "user"]
 
-    def run(self, name, user, H=None, force=False,
+    def run(self, name, user, H=None,
             credopts=None,
             sambaopts=None,
             versionopts=None):
@@ -105,7 +103,7 @@ class cmd_spn_add(Command):
         res = sam.search(
             expression="servicePrincipalName=%s" % ldb.binary_encode(name),
             scope=ldb.SCOPE_SUBTREE)
-        if len(res) != 0 and not force:
+        if len(res) != 0:
             raise CommandError("Service principal %s already"
                                " affected to another user" % name)
 

diff --git a/source4/setup/tests/blackbox_spn.sh b/source4/setup/tests/blackbox_spn.sh
index 429ace9494f4d43a48528e2437160a27dd800dc2..764ded4c88b7d00856501ecdba12aa333882bda8 100755 (executable)
--- a/source4/setup/tests/blackbox_spn.sh
+++ b/source4/setup/tests/blackbox_spn.sh
@@ -22,11 +22,8 @@ testit "addspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
 testit "delspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
 testit "readdspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
 testit_expect_failure "failexistingspn" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
-testit "existingspnforce" $PYTHON $samba_tool spn add --force FOO/bar Guest  $CONFIG
 testit_expect_failure "faildelspnnotgooduser" $PYTHON $samba_tool spn delete FOO/bar krbtgt $CONFIG
-testit_expect_failure "faildelspnmoreoneuser" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
-testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar Guest $CONFIG
-testit "dellastuserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
 testit_expect_failure "faildelspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
 testit_expect_failure "failaddspn" $PYTHON $samba_tool spn add FOO/bar nonexistinguser $CONFIG