|
|
ca1eb8 |
From a7b308a01914458234bc05539e773e4c0762ad4b Mon Sep 17 00:00:00 2001
|
|
|
ca1eb8 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ca1eb8 |
Date: Thu, 28 Jun 2018 12:41:41 +0200
|
|
|
ca1eb8 |
Subject: [PATCH] AD: consider resource_groups in PAC as well
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
With recent versions of Active Directory the SIDs of Domain Local groups
|
|
|
ca1eb8 |
might be only available in the resource_groups section of the PAC, this
|
|
|
ca1eb8 |
feature is also called SID compression. To get a complete list of groups
|
|
|
ca1eb8 |
the user is a member of the SIDs from this section must be extracted as
|
|
|
ca1eb8 |
well.
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Resolves https://pagure.io/SSSD/sssd/issue/3767
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ca1eb8 |
(cherry picked from commit 13c8450788a429fa49ba532b40ebfd7f3a4132e4)
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
DOWNSTREAM:
|
|
|
ca1eb8 |
Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd
|
|
|
ca1eb8 |
---
|
|
|
ca1eb8 |
src/external/samba.m4 | 8 ++
|
|
|
ca1eb8 |
src/providers/ad/ad_pac.c | 130 ++++++++++++++++++++++++------
|
|
|
ca1eb8 |
src/tests/cmocka/test_ad_common.c | 95 ++++++++++++++++++++++
|
|
|
ca1eb8 |
3 files changed, 210 insertions(+), 23 deletions(-)
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
diff --git a/src/external/samba.m4 b/src/external/samba.m4
|
|
|
ca1eb8 |
index 794cac2461d7fbd5e690ea105cd346cbe6fcce9a..7a8c1eb7b9069f18def4e915b0fb9ab054a68e01 100644
|
|
|
ca1eb8 |
--- a/src/external/samba.m4
|
|
|
ca1eb8 |
+++ b/src/external/samba.m4
|
|
|
ca1eb8 |
@@ -122,3 +122,11 @@ int main(void)
|
|
|
ca1eb8 |
AC_DEFINE_UNQUOTED(SMB_IDMAP_INTERFACE_VERSION, $idmap_version,
|
|
|
ca1eb8 |
[Detected version of Samba's idmap plugin interface])
|
|
|
ca1eb8 |
fi
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+SAVE_CFLAGS=$CFLAGS
|
|
|
ca1eb8 |
+CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS -I/usr/include/samba-4.0"
|
|
|
ca1eb8 |
+AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_groups], , ,
|
|
|
ca1eb8 |
+ [[ #include <ndr.h>
|
|
|
ca1eb8 |
+ #include <gen_ndr/krb5pac.h>
|
|
|
ca1eb8 |
+ #include <gen_ndr/krb5pac.h>]])
|
|
|
ca1eb8 |
+CFLAGS=$SAVE_CFLAGS
|
|
|
ca1eb8 |
diff --git a/src/providers/ad/ad_pac.c b/src/providers/ad/ad_pac.c
|
|
|
ca1eb8 |
index 1a344725fbf57d4d95c46163f2e31d44e69b3e65..80424b44e334958402cb8cfebedc1898f1e2f9c8 100644
|
|
|
ca1eb8 |
--- a/src/providers/ad/ad_pac.c
|
|
|
ca1eb8 |
+++ b/src/providers/ad/ad_pac.c
|
|
|
ca1eb8 |
@@ -146,6 +146,87 @@ errno_t check_if_pac_is_available(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
return EOK;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+static errno_t
|
|
|
ca1eb8 |
+add_sids_from_rid_array_to_hash_table(struct dom_sid *dom_sid,
|
|
|
ca1eb8 |
+ struct samr_RidWithAttributeArray *groups,
|
|
|
ca1eb8 |
+ struct sss_idmap_ctx *idmap_ctx,
|
|
|
ca1eb8 |
+ hash_table_t *sid_table)
|
|
|
ca1eb8 |
+{
|
|
|
ca1eb8 |
+ enum idmap_error_code err;
|
|
|
ca1eb8 |
+ char *dom_sid_str = NULL;
|
|
|
ca1eb8 |
+ size_t dom_sid_str_len;
|
|
|
ca1eb8 |
+ char *sid_str = NULL;
|
|
|
ca1eb8 |
+ char *rid_start;
|
|
|
ca1eb8 |
+ hash_key_t key;
|
|
|
ca1eb8 |
+ hash_value_t value;
|
|
|
ca1eb8 |
+ int ret;
|
|
|
ca1eb8 |
+ size_t c;
|
|
|
ca1eb8 |
+ TALLOC_CTX *tmp_ctx = NULL;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
ca1eb8 |
+ if (tmp_ctx == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
|
|
|
ca1eb8 |
+ return ENOMEM;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ key.type = HASH_KEY_STRING;
|
|
|
ca1eb8 |
+ value.type = HASH_VALUE_ULONG;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ err = sss_idmap_smb_sid_to_sid(idmap_ctx, dom_sid, &dom_sid_str);
|
|
|
ca1eb8 |
+ if (err != IDMAP_SUCCESS) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "sss_idmap_smb_sid_to_sid failed.\n");
|
|
|
ca1eb8 |
+ ret = EFAULT;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ dom_sid_str_len = strlen(dom_sid_str);
|
|
|
ca1eb8 |
+ sid_str = talloc_zero_size(tmp_ctx, dom_sid_str_len + 12);
|
|
|
ca1eb8 |
+ if (sid_str == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n");
|
|
|
ca1eb8 |
+ ret = ENOMEM;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+ rid_start = sid_str + dom_sid_str_len;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ memcpy(sid_str, dom_sid_str, dom_sid_str_len);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ for (c = 0; c < groups->count; c++) {
|
|
|
ca1eb8 |
+ memset(rid_start, '\0', 12);
|
|
|
ca1eb8 |
+ ret = snprintf(rid_start, 12, "-%lu",
|
|
|
ca1eb8 |
+ (unsigned long) groups->rids[c].rid);
|
|
|
ca1eb8 |
+ if (ret < 0 || ret > 12) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "snprintf failed.\n");
|
|
|
ca1eb8 |
+ ret = EIO;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ key.str = sid_str;
|
|
|
ca1eb8 |
+ value.ul = 0;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = hash_enter(sid_table, &key, &value);
|
|
|
ca1eb8 |
+ if (ret != HASH_SUCCESS) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "hash_enter failed [%d][%s].\n",
|
|
|
ca1eb8 |
+ ret, hash_error_string(ret));
|
|
|
ca1eb8 |
+ ret = EIO;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = EOK;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+done:
|
|
|
ca1eb8 |
+ sss_idmap_free_sid(idmap_ctx, dom_sid_str);
|
|
|
ca1eb8 |
+ talloc_free(tmp_ctx);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ return ret;
|
|
|
ca1eb8 |
+}
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+struct resource_groups {
|
|
|
ca1eb8 |
+ struct dom_sid2 *domain_sid;
|
|
|
ca1eb8 |
+ struct samr_RidWithAttributeArray groups;
|
|
|
ca1eb8 |
+};
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
errno_t ad_get_sids_from_pac(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
struct sss_idmap_ctx *idmap_ctx,
|
|
|
ca1eb8 |
struct PAC_LOGON_INFO *logon_info,
|
|
|
ca1eb8 |
@@ -157,6 +238,7 @@ errno_t ad_get_sids_from_pac(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
int ret;
|
|
|
ca1eb8 |
size_t s;
|
|
|
ca1eb8 |
struct netr_SamInfo3 *info3;
|
|
|
ca1eb8 |
+ struct resource_groups resource_groups = { 0 };
|
|
|
ca1eb8 |
char *sid_str = NULL;
|
|
|
ca1eb8 |
char *msid_str = NULL;
|
|
|
ca1eb8 |
char *user_dom_sid_str = NULL;
|
|
|
ca1eb8 |
@@ -188,9 +270,15 @@ errno_t ad_get_sids_from_pac(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
info3 = &logon_info->info3;
|
|
|
ca1eb8 |
+#ifdef HAVE_STRUCT_PAC_LOGON_INFO_RESOURCE_GROUPS
|
|
|
ca1eb8 |
+ resource_groups.domain_sid = logon_info->resource_groups.domain_sid;
|
|
|
ca1eb8 |
+ resource_groups.groups.count = logon_info->resource_groups.groups.count;
|
|
|
ca1eb8 |
+ resource_groups.groups.rids = logon_info->resource_groups.groups.rids;
|
|
|
ca1eb8 |
+#endif
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
ret = sss_hash_create(tmp_ctx,
|
|
|
ca1eb8 |
- info3->sidcount + info3->base.groups.count + 2,
|
|
|
ca1eb8 |
+ info3->sidcount + info3->base.groups.count + 2
|
|
|
ca1eb8 |
+ + resource_groups.groups.count,
|
|
|
ca1eb8 |
&sid_table);
|
|
|
ca1eb8 |
if (ret != EOK) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_OP_FAILURE, "sss_hash_create failed.\n");
|
|
|
ca1eb8 |
@@ -265,28 +353,13 @@ errno_t ad_get_sids_from_pac(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- for (s = 0; s < info3->base.groups.count; s++) {
|
|
|
ca1eb8 |
- memset(rid_start, '\0', 12);
|
|
|
ca1eb8 |
- ret = snprintf(rid_start, 12, "-%lu",
|
|
|
ca1eb8 |
- (unsigned long) info3->base.groups.rids[s].rid);
|
|
|
ca1eb8 |
- if (ret < 0 || ret > 12) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_OP_FAILURE, "snprintf failed.\n");
|
|
|
ca1eb8 |
- ret = EIO;
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- key.str = sid_str;
|
|
|
ca1eb8 |
- value.ul = 0;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = hash_enter(sid_table, &key, &value);
|
|
|
ca1eb8 |
- if (ret != HASH_SUCCESS) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_OP_FAILURE, "hash_enter failed [%d][%s].\n",
|
|
|
ca1eb8 |
- ret, hash_error_string(ret));
|
|
|
ca1eb8 |
- ret = EIO;
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
+ ret = add_sids_from_rid_array_to_hash_table(info3->base.domain_sid,
|
|
|
ca1eb8 |
+ &info3->base.groups,
|
|
|
ca1eb8 |
+ idmap_ctx, sid_table);
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
ca1eb8 |
+ "add_sids_from_rid_array_to_hash_table failed.\n");
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
for(s = 0; s < info3->sidcount; s++) {
|
|
|
ca1eb8 |
@@ -311,6 +384,17 @@ errno_t ad_get_sids_from_pac(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+ if (resource_groups.domain_sid != NULL) {
|
|
|
ca1eb8 |
+ ret = add_sids_from_rid_array_to_hash_table(resource_groups.domain_sid,
|
|
|
ca1eb8 |
+ &resource_groups.groups,
|
|
|
ca1eb8 |
+ idmap_ctx, sid_table);
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
ca1eb8 |
+ "add_sids_from_rid_array_to_hash_table failed.\n");
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
num_sids = hash_count(sid_table);
|
|
|
ca1eb8 |
sid_list = talloc_array(tmp_ctx, char *, num_sids);
|
|
|
ca1eb8 |
if (sid_list == NULL) {
|
|
|
ca1eb8 |
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
|
|
|
ca1eb8 |
index 39ebbc63324ca40d071f30582d2f15d732f6c466..ac3b0d0ab3c7b0a0ee4d21d96e1b4783ff1b4139 100644
|
|
|
ca1eb8 |
--- a/src/tests/cmocka/test_ad_common.c
|
|
|
ca1eb8 |
+++ b/src/tests/cmocka/test_ad_common.c
|
|
|
ca1eb8 |
@@ -207,6 +207,29 @@ static void test_check_if_pac_is_available(void **state)
|
|
|
ca1eb8 |
"BEAEUAVgBFAEwAdv///4yBQZ5ZQnp3qwj2lKGcd0UAAAAAdv//" \
|
|
|
ca1eb8 |
"/39fn4UneD5l6YxP8w/U0coAAAAA"
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+#define TEST_PAC_RESOURCE_GROUPS_BASE64 \
|
|
|
ca1eb8 |
+ "BQAAAAAAAAABAAAA8AEAAFgAAAAAAAAACgAAABQAAABIAgAA" \
|
|
|
ca1eb8 |
+ "AAAAAAwAAABYAAAAYAIAAAAAAAAGAAAAEAAAALgCAAAAAAAA" \
|
|
|
ca1eb8 |
+ "BwAAABQAAADIAgAAAAAAAAEQCADMzMzM4AEAAAAAAAAAAAIA" \
|
|
|
ca1eb8 |
+ "Rr0gPUQO1AH/////////f/////////9/TRPNRwtu0wFN0zZy" \
|
|
|
ca1eb8 |
+ "1G7TAf////////9/CgAKAAQAAgAKAAoACAACAAAAAAAMAAIA" \
|
|
|
ca1eb8 |
+ "AAAAABAAAgAAAAAAFAACAAAAAAAYAAIACwAAAFEEAAABAgAA" \
|
|
|
ca1eb8 |
+ "AwAAABwAAgAgAgAAAAAAAAAAAAAAAAAAAAAAAAQABgAgAAIA" \
|
|
|
ca1eb8 |
+ "BgAIACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAA" \
|
|
|
ca1eb8 |
+ "AAAAAAAAAAAAAAAAAAAAAAEAAAAsAAIANAACAAEAAAA4AAIA" \
|
|
|
ca1eb8 |
+ "BQAAAAAAAAAFAAAAdAB1AHMAZQByAAAABQAAAAAAAAAFAAAA" \
|
|
|
ca1eb8 |
+ "dAB1AHMAZQByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \
|
|
|
ca1eb8 |
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAECAAAHAAAA" \
|
|
|
ca1eb8 |
+ "YgQAAAcAAABjBAAABwAAAAMAAAAAAAAAAgAAAEQAQwAEAAAA" \
|
|
|
ca1eb8 |
+ "AAAAAAMAAABXAEkATgAAAAQAAAABBAAAAAAABRUAAAAkYm0r" \
|
|
|
ca1eb8 |
+ "SyFumd73jX0BAAAAMAACAAcAAAABAAAAAQEAAAAAABIBAAAA" \
|
|
|
ca1eb8 |
+ "BAAAAAEEAAAAAAAFFQAAACRibStLIW6Z3veNfQEAAABoBAAA" \
|
|
|
ca1eb8 |
+ "BwAAIAAAAACAEuVfRA7UAQoAdAB1AHMAZQByAAAAAAAoABAA" \
|
|
|
ca1eb8 |
+ "HAA4AAAAAAAAAAAAdAB1AHMAZQByAEAAdwBpAG4ALgB0AHIA" \
|
|
|
ca1eb8 |
+ "dQBzAHQALgB0AGUAcwB0AFcASQBOAC4AVABSAFUAUwBUAC4A" \
|
|
|
ca1eb8 |
+ "VABFAFMAVAAAAAAAEAAAAOGTj7I9Qn7XebOqdHb///+fHhrZ" \
|
|
|
ca1eb8 |
+ "kBt0So4jOFBk84sDAAAAAA=="
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
static void test_ad_get_data_from_pac(void **state)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
int ret;
|
|
|
ca1eb8 |
@@ -303,6 +326,73 @@ static void test_ad_get_sids_from_pac(void **state)
|
|
|
ca1eb8 |
sss_idmap_free(idmap_ctx);
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+#ifdef HAVE_STRUCT_PAC_LOGON_INFO_RESOURCE_GROUPS
|
|
|
ca1eb8 |
+static void test_ad_get_sids_from_pac_with_resource_groups(void **state)
|
|
|
ca1eb8 |
+{
|
|
|
ca1eb8 |
+ int ret;
|
|
|
ca1eb8 |
+ struct PAC_LOGON_INFO *logon_info;
|
|
|
ca1eb8 |
+ uint8_t *test_pac_blob;
|
|
|
ca1eb8 |
+ size_t test_pac_blob_size;
|
|
|
ca1eb8 |
+ char *user_sid;
|
|
|
ca1eb8 |
+ char *primary_group_sid;
|
|
|
ca1eb8 |
+ size_t num_sids;
|
|
|
ca1eb8 |
+ char **sid_list;
|
|
|
ca1eb8 |
+ struct sss_idmap_ctx *idmap_ctx;
|
|
|
ca1eb8 |
+ enum idmap_error_code err;
|
|
|
ca1eb8 |
+ size_t c;
|
|
|
ca1eb8 |
+ size_t s;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ const char *sid_check_list[] = { "S-1-5-21-728588836-2574131531-2106456030-513",
|
|
|
ca1eb8 |
+ "S-1-5-21-728588836-2574131531-2106456030-1122",
|
|
|
ca1eb8 |
+ "S-1-5-21-728588836-2574131531-2106456030-1123",
|
|
|
ca1eb8 |
+ "S-1-5-21-728588836-2574131531-2106456030-1128",
|
|
|
ca1eb8 |
+ "S-1-18-1",
|
|
|
ca1eb8 |
+ NULL };
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
|
|
|
ca1eb8 |
+ struct ad_common_test_ctx);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free,
|
|
|
ca1eb8 |
+ &idmap_ctx);
|
|
|
ca1eb8 |
+ assert_int_equal(err, IDMAP_SUCCESS);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_RESOURCE_GROUPS_BASE64,
|
|
|
ca1eb8 |
+ &test_pac_blob_size);
|
|
|
ca1eb8 |
+ assert_non_null(test_pac_blob_size);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size,
|
|
|
ca1eb8 |
+ &logon_info);
|
|
|
ca1eb8 |
+ assert_int_equal(ret, EOK);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = ad_get_sids_from_pac(test_ctx, idmap_ctx, logon_info, &user_sid,
|
|
|
ca1eb8 |
+ &primary_group_sid, &num_sids, &sid_list);
|
|
|
ca1eb8 |
+ assert_int_equal(ret, EOK);
|
|
|
ca1eb8 |
+ assert_string_equal(user_sid,
|
|
|
ca1eb8 |
+ "S-1-5-21-728588836-2574131531-2106456030-1105");
|
|
|
ca1eb8 |
+ assert_string_equal(primary_group_sid,
|
|
|
ca1eb8 |
+ "S-1-5-21-728588836-2574131531-2106456030-513");
|
|
|
ca1eb8 |
+ assert_int_equal(num_sids, 5);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ for (c = 0; sid_check_list[c] != NULL; c++) {
|
|
|
ca1eb8 |
+ for (s = 0; s < num_sids; s++) {
|
|
|
ca1eb8 |
+ if (strcmp(sid_check_list[c], sid_list[s]) == 0) {
|
|
|
ca1eb8 |
+ break;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+ if (s == num_sids) {
|
|
|
ca1eb8 |
+ fail_msg("SID [%s] not found in SID list.", sid_check_list[c]);
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ talloc_free(test_pac_blob);
|
|
|
ca1eb8 |
+ talloc_free(logon_info);
|
|
|
ca1eb8 |
+ talloc_free(user_sid);
|
|
|
ca1eb8 |
+ talloc_free(primary_group_sid);
|
|
|
ca1eb8 |
+ talloc_free(sid_list);
|
|
|
ca1eb8 |
+ sss_idmap_free(idmap_ctx);
|
|
|
ca1eb8 |
+}
|
|
|
ca1eb8 |
+#endif
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
static void test_ad_get_pac_data_from_user_entry(void **state)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
int ret;
|
|
|
ca1eb8 |
@@ -912,6 +1002,11 @@ int main(int argc, const char *argv[])
|
|
|
ca1eb8 |
cmocka_unit_test_setup_teardown(test_ad_get_sids_from_pac,
|
|
|
ca1eb8 |
test_ad_common_setup,
|
|
|
ca1eb8 |
test_ad_common_teardown),
|
|
|
ca1eb8 |
+#ifdef HAVE_STRUCT_PAC_LOGON_INFO_RESOURCE_GROUPS
|
|
|
ca1eb8 |
+ cmocka_unit_test_setup_teardown(test_ad_get_sids_from_pac_with_resource_groups,
|
|
|
ca1eb8 |
+ test_ad_common_setup,
|
|
|
ca1eb8 |
+ test_ad_common_teardown),
|
|
|
ca1eb8 |
+#endif
|
|
|
ca1eb8 |
cmocka_unit_test_setup_teardown(test_ad_get_pac_data_from_user_entry,
|
|
|
ca1eb8 |
test_ad_common_setup,
|
|
|
ca1eb8 |
test_ad_common_teardown),
|
|
|
ca1eb8 |
--
|
|
|
ca1eb8 |
2.17.1
|
|
|
ca1eb8 |
|