git.ipfire.org Git - thirdparty/samba.git/commit

author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 3 Nov 2022 01:54:23 +0000 (14:54 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 8 Nov 2022 02:39:37 +0000 (02:39 +0000)
commit	8556576d8df47710757ff4e32b04668fa5045daf
tree	c468f15d7962817db2446fb1875ca1b2beae1ff9	tree \| snapshot
parent	5a613db6f511cfe3739cfe04cefa84e4f6681c99	commit \| diff

tests/krb5: Overhaul PAC logon info group checking

We can now verify attributes of SIDs and the PAC locations in which SIDs
are placed. We also gain the ability to assert that no SIDs are present
in the PAC other than the ones we expect.

We lighten somewhat the requirement that no duplicates are present among
the SIDs, as such a situation may arise even with Windows, especially if
group types are changed. For example, if a Universal group containing a
user is changed to a Domain-Local group in between an AS-REQ and a
TGS-REQ, the group's SID will be added to the PAC once for each request.
We only verify that there are no exact duplicates (SID, attributes, and
PAC location all being identical).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/krb5/raw_testcase.py		diff \| blob \| blame \| history
python/samba/tests/krb5/s4u_tests.py		diff \| blob \| blame \| history