From 8cde23709050533c0da898ca0a1072bca0845890 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 1 Sep 2021 18:35:02 +1200
Subject: [PATCH] CVE-2020-25722 tests: blackbox samba-tool spn non-admin test

It is soon going to be impossible to add duplicate SPNs (short of
going behind DSDB's back on the local filesystem). Our test of adding
SPNs on non-admin users doubled as the test for adding a duplicate (using
--force). As --force is gone, we add these tests on Guest after the SPN
on Administrator is gone.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/setup/tests/blackbox_spn.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source4/setup/tests/blackbox_spn.sh b/source4/setup/tests/blackbox_spn.sh
index 764ded4c88b..8f0258d0db8 100755
--- a/source4/setup/tests/blackbox_spn.sh
+++ b/source4/setup/tests/blackbox_spn.sh
@@ -24,6 +24,8 @@ testit "readdspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
 testit_expect_failure "failexistingspn" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
 testit_expect_failure "faildelspnnotgooduser" $PYTHON $samba_tool spn delete FOO/bar krbtgt $CONFIG
 testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readd_spn_guest" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit "deluserspn_guest" $PYTHON $samba_tool spn delete FOO/bar Guest $CONFIG
 testit_expect_failure "faildelspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
 testit_expect_failure "failaddspn" $PYTHON $samba_tool spn add FOO/bar nonexistinguser $CONFIG