From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 28 Jul 2021 05:38:50 +0000 (+0000)
Subject: CVE-2020-25722 samba-tool spn: accept -H for database url
X-Git-Tag: samba-4.13.14~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55c6c01a65e6c2343ebf350e4d54d27a64f13faf;p=thirdparty%2Fsamba.git

CVE-2020-25722 samba-tool spn: accept -H for database url

Following the convention and making testing easier

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/spn.py b/python/samba/netcmd/spn.py
index f0069460e3e..46e9c59272a 100644
--- a/python/samba/netcmd/spn.py
+++ b/python/samba/netcmd/spn.py
@@ -18,7 +18,6 @@
 
 import samba.getopt as options
 import ldb
-from samba import provision
 from samba.samdb import SamDB
 from samba.auth import system_session
 from samba.netcmd.common import _get_user_realm_domain
@@ -40,14 +39,20 @@ class cmd_spn_list(Command):
         "credopts": options.CredentialsOptions,
         "versionopts": options.VersionOptions,
     }
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server",
+               type=str, metavar="URL", dest="H"),
+    ]
 
     takes_args = ["user"]
 
-    def run(self, user, credopts=None, sambaopts=None, versionopts=None):
+    def run(self, user, H=None,
+            credopts=None,
+            sambaopts=None,
+            versionopts=None):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
-        paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
-        sam = SamDB(paths.samdb, session_info=system_session(),
+        sam = SamDB(H, session_info=system_session(),
                     credentials=creds, lp=lp)
         # TODO once I understand how, use the domain info to naildown
         # to the correct domain
@@ -82,17 +87,20 @@ class cmd_spn_add(Command):
         "versionopts": options.VersionOptions,
     }
     takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server",
+               type=str, metavar="URL", dest="H"),
         Option("--force", help="Force the addition of the spn"
                                " even it exists already", action="store_true"),
-            ]
+    ]
     takes_args = ["name", "user"]
 
-    def run(self, name, user, force=False, credopts=None, sambaopts=None,
+    def run(self, name, user, H=None, force=False,
+            credopts=None,
+            sambaopts=None,
             versionopts=None):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
-        paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
-        sam = SamDB(paths.samdb, session_info=system_session(),
+        sam = SamDB(H, session_info=system_session(),
                     credentials=creds, lp=lp)
         res = sam.search(
             expression="servicePrincipalName=%s" % ldb.binary_encode(name),
@@ -141,15 +149,18 @@ class cmd_spn_delete(Command):
         "credopts": options.CredentialsOptions,
         "versionopts": options.VersionOptions,
     }
+    takes_options = [
+        Option("-H", "--URL", help="LDB URL for database or target server",
+               type=str, metavar="URL", dest="H"),
+    ]
 
     takes_args = ["name", "user?"]
 
-    def run(self, name, user=None, credopts=None, sambaopts=None,
+    def run(self, name, user=None, H=None, credopts=None, sambaopts=None,
             versionopts=None):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
-        paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
-        sam = SamDB(paths.samdb, session_info=system_session(),
+        sam = SamDB(H, session_info=system_session(),
                     credentials=creds, lp=lp)
         res = sam.search(
             expression="servicePrincipalName=%s" % ldb.binary_encode(name),