Attachment 17103 Details for Bug 14950 – Patch for 4.13

[patch] Patch for 4.13

spn-re-add_4-13.patch (text/plain), 3.58 KB, created by Joseph Sutton on 2022-01-18 01:22:56 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joseph Sutton

Created: 2022-01-18 01:22:56 UTC

Size: 3.58 KB

patch

obsolete

>From 58d8a5665e0e68502cf09074a7b25adb451f3908 Mon Sep 17 00:00:00 2001
>From: Joseph Sutton <josephsutton@catalyst.net.nz>
>Date: Tue, 18 Jan 2022 11:56:38 +1300
>Subject: [PATCH 1/2] pytest: Add a test for an SPN conflict with a re-added
> SPN
>
>This test currently fails, as re-adding an SPN means that later checks
>do not run.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
>
>Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
>---
> python/samba/tests/ldap_spn.py | 7 +++++++
> selftest/knownfail.d/ldap_spn  | 1 +
> 2 files changed, 8 insertions(+)
>
>diff --git a/python/samba/tests/ldap_spn.py b/python/samba/tests/ldap_spn.py
>index 8a398ffaa49..6ebdf8f9a32 100644
>--- a/python/samba/tests/ldap_spn.py
>+++ b/python/samba/tests/ldap_spn.py
>@@ -268,6 +268,8 @@ class LdapSpnTestBase(TestCase):
>             for k in ('dNSHostName', 'servicePrincipalName'):
>                 if isinstance(m.get(k), str):
>                     m[k] = m[k].format(dnsname=f"x.{REALM}")
>+                elif isinstance(m.get(k), list):
>+                    m[k] = [x.format(dnsname=f"x.{REALM}") for x in m[k]]
> 
>             msg = ldb.Message.from_dict(samdb, m, op)
> 
>@@ -727,6 +729,11 @@ class LdapSpnSambaOnlyTest(LdapSpnTestBase):
>          ('user:C', 'host/{dnsname}', '*', ok),
>          ('user:D', 'www/{dnsname}', 'D', denied),
>         ),
>+        ("add a conflict, along with a re-added SPN",
>+         ('A', 'cifs/{dnsname}', '*', ok),
>+         ('B', 'cifs/heeble.example.net', 'B', ok),
>+         ('B', ['cifs/heeble.example.net', 'host/{dnsname}'], 'B', constraint),
>+        ),
> 
>         ("changing dNSHostName after host",
>          ('A', {'dNSHostName': '{dnsname}'}, '*', ok),
>diff --git a/selftest/knownfail.d/ldap_spn b/selftest/knownfail.d/ldap_spn
>index 63f9fe02ef7..16dafa91b66 100644
>--- a/selftest/knownfail.d/ldap_spn
>+++ b/selftest/knownfail.d/ldap_spn
>@@ -1 +1,2 @@
> samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
>+samba.tests.ldap_spn.+LdapSpnSambaOnlyTest.test_spn_add_a_conflict_along_with_a_re_added_SPN
>-- 
>2.31.1.362.g311531c9de
>
>
>From 75a53da2b1ddaa5e322705ccfc660942c5c407ad Mon Sep 17 00:00:00 2001
>From: Joseph Sutton <josephsutton@catalyst.net.nz>
>Date: Tue, 18 Jan 2022 12:02:45 +1300
>Subject: [PATCH 2/2] s4/dsdb/samldb: Don't return early when an SPN is
> re-added to an object
>
>If an added SPN already exists on an object, we still want to check the
>rest of the element values for conflicts.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
>
>Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
>---
> selftest/knownfail.d/ldap_spn           | 1 -
> source4/dsdb/samdb/ldb_modules/samldb.c | 3 +--
> 2 files changed, 1 insertion(+), 3 deletions(-)
>
>diff --git a/selftest/knownfail.d/ldap_spn b/selftest/knownfail.d/ldap_spn
>index 16dafa91b66..63f9fe02ef7 100644
>--- a/selftest/knownfail.d/ldap_spn
>+++ b/selftest/knownfail.d/ldap_spn
>@@ -1,2 +1 @@
> samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
>-samba.tests.ldap_spn.+LdapSpnSambaOnlyTest.test_spn_add_a_conflict_along_with_a_re_added_SPN
>diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
>index f0227411ccd..a219446bba7 100644
>--- a/source4/dsdb/samdb/ldb_modules/samldb.c
>+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
>@@ -4001,8 +4001,7 @@ static int samldb_spn_uniqueness_check(struct samldb_ctx *ac,
> 						 ac->msg->dn);
> 		if (ret == LDB_ERR_COMPARE_TRUE) {
> 			DBG_INFO("SPN %s re-added to the same object\n", spn);
>-			talloc_free(tmp_ctx);
>-			return LDB_SUCCESS;
>+			continue;
> 		}
> 		if (ret != LDB_SUCCESS) {
> 			DBG_ERR("SPN %s failed direct uniqueness check\n", spn);
>-- 
>2.31.1.362.g311531c9de
>

Flags:

dbagnall: review+
jsutton: ci-passed+

Actions: View

Attachments on bug 14950: 17100 | 17101 | 17102 | 17103 | 17105 | 17106 | 17108 | 17109 | 17110 | 17111 | 17112 | 17113 | 17114