From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 2 Mar 2023 23:25:06 +0000 (+1300)
Subject: tests/krb5: Test more descriptive security descriptor
X-Git-Tag: talloc-2.4.1~1467
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98393d7bfa0a291743d6a2ce9308287c3426f85d;p=thirdparty%2Fsamba.git

tests/krb5: Test more descriptive security descriptor

This one has more flags set, so we can test whether we're getting our
string representation right.

Samba prints the flags in a different order from Windows, but fixing
that now would be too risky and involve far too much churn for minimal
benefit. (Consider how many tests verify security descriptors against
string constants...) Instead, allow one of two possible security
descriptors.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/krb5/claims_tests.py b/python/samba/tests/krb5/claims_tests.py
index 8919af6a95d..00a4363dfb8 100755
--- a/python/samba/tests/krb5/claims_tests.py
+++ b/python/samba/tests/krb5/claims_tests.py
@@ -691,11 +691,11 @@ class ClaimsTests(KDCBaseTest):
 
     sample_dn = object()
     binary_dn = object()
-    security_descriptor = (b'\x01\x00\x04\x80\x14\x00\x00\x00\x00\x00\x00\x00'
+    security_descriptor = (b'\x01\x00\x04\x95\x14\x00\x00\x00\x00\x00\x00\x00'
                            b'\x00\x00\x00\x00$\x00\x00\x00\x01\x02\x00\x00\x00'
                            b'\x00\x00\x05 \x00\x00\x00 \x02\x00\x00\x04\x00'
-                           b'\x1c\x00\x01\x00\x00\x00\x00\x00\x14\x00\xff\x01'
-                           b'\x0f\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00'
+                           b'\x1c\x00\x01\x00\x00\x00\x00\x1f\x14\x00\xff\x01'
+                           b'\x0f\xf0\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00'
                            b'\x00\x00')
 
     cases = [
@@ -904,8 +904,10 @@ class ClaimsTests(KDCBaseTest):
                     'for_classes': ['computer'],
                     'value_type': claims.CLAIM_TYPE_STRING,
                     'values': [security_descriptor],
-                    'expected_values': ['O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;'
-                                        ';;S-1-0-0)'],
+                    'expected_values': OneOf([{
+                        'O:BAD:PARAI(A;OICINPIOID;CCDCLCSWRPWPDTLOCRSDRCWDWOGAGXGWGR;;;S-1-0-0)',  # Windows
+                        'O:BAD:PARAI(A;OICINPIOID;RPWPCRCCDCLCLORCWOWDSDDTSWGAGRGWGX;;;S-1-0-0)',  # Samba
+                    }]),
                     'expected': True,
                 },
             ],