From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 1 Sep 2021 06:35:02 +0000 (+1200)
Subject: CVE-2020-25722 tests: blackbox samba-tool spn non-admin test
X-Git-Tag: samba-4.13.14~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5650323f79cbf0dcdd74bc318be589a80000afd1;p=thirdparty%2Fsamba.git

CVE-2020-25722 tests: blackbox samba-tool spn non-admin test

It is soon going to be impossible to add duplicate SPNs (short of
going behind DSDB's back on the local filesystem). Our test of adding
SPNs on non-admin users doubled as the test for adding a duplicate (using
--force). As --force is gone, we add these tests on Guest after the SPN
on Administrator is gone.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/setup/tests/blackbox_spn.sh b/source4/setup/tests/blackbox_spn.sh
index 764ded4c88b..8f0258d0db8 100755
--- a/source4/setup/tests/blackbox_spn.sh
+++ b/source4/setup/tests/blackbox_spn.sh
@@ -24,6 +24,8 @@ testit "readdspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
 testit_expect_failure "failexistingspn" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
 testit_expect_failure "faildelspnnotgooduser" $PYTHON $samba_tool spn delete FOO/bar krbtgt $CONFIG
 testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readd_spn_guest" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit "deluserspn_guest" $PYTHON $samba_tool spn delete FOO/bar Guest $CONFIG
 testit_expect_failure "faildelspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
 testit_expect_failure "failaddspn" $PYTHON $samba_tool spn add FOO/bar nonexistinguser $CONFIG