diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-01-20 23:39:37 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-01-20 23:44:05 +0100 |
| commit | fbe6d155bf177c610ee549cc534650b0f0700e8a (patch) | |
| tree | 58d82c2cadfc460ad8cf6a7e9b3ec6c162234ec7 /source4/torture/auth | |
| parent | cce5231b4d4ee9d4918004586bda9d499596d3d4 (diff) | |
| download | samba-fbe6d155bf177c610ee549cc534650b0f0700e8a.tar.gz samba-fbe6d155bf177c610ee549cc534650b0f0700e8a.tar.bz2 samba-fbe6d155bf177c610ee549cc534650b0f0700e8a.zip | |
s4-auth Remove special case for account_sid from auth_serversupplied_info
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
Diffstat (limited to 'source4/torture/auth')
| -rw-r--r-- | source4/torture/auth/pac.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index 13796bd3db..e76f0820d4 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -167,8 +167,9 @@ static bool torture_pac_self_check(struct torture_context *tctx) smb_krb5_context->krb5_context, &server_info_out); - if (!dom_sid_equal(server_info->account_sid, - server_info_out->account_sid)) { + /* The user's SID is the first element in the list */ + if (!dom_sid_equal(server_info->sids, + server_info_out->sids)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -179,8 +180,8 @@ static bool torture_pac_self_check(struct torture_context *tctx) torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC Decode resulted in *different* domain SID: %s != %s", - dom_sid_string(mem_ctx, server_info->account_sid), - dom_sid_string(mem_ctx, server_info_out->account_sid))); + dom_sid_string(mem_ctx, server_info->sids), + dom_sid_string(mem_ctx, server_info_out->sids))); } talloc_free(server_info_out); @@ -229,13 +230,13 @@ static bool torture_pac_self_check(struct torture_context *tctx) nt_errstr(nt_status))); } - if (!dom_sid_equal(server_info->account_sid, - server_info_out->account_sid)) { + if (!dom_sid_equal(server_info->sids, + server_info_out->sids)) { torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC Decode resulted in *different* domain SID: %s != %s", - dom_sid_string(mem_ctx, server_info->account_sid), - dom_sid_string(mem_ctx, server_info_out->account_sid))); + dom_sid_string(mem_ctx, server_info->sids), + dom_sid_string(mem_ctx, server_info_out->sids))); } return true; } @@ -444,7 +445,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) if (!pac_file && !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, "S-1-5-21-3048156945-3961193616-3706469200-1005"), - server_info_out->account_sid)) { + server_info_out->sids)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -455,7 +456,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) talloc_asprintf(tctx, "(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s", "S-1-5-21-3048156945-3961193616-3706469200-1005", - dom_sid_string(mem_ctx, server_info_out->account_sid))); + dom_sid_string(mem_ctx, server_info_out->sids))); } talloc_free(server_info_out); @@ -503,7 +504,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) if (!pac_file && !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, "S-1-5-21-3048156945-3961193616-3706469200-1005"), - server_info_out->account_sid)) { + server_info_out->sids)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -514,7 +515,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) talloc_asprintf(tctx, "(saved test) PAC Decode resulted in *different* domain SID: %s != %s", "S-1-5-21-3048156945-3961193616-3706469200-1005", - dom_sid_string(mem_ctx, server_info_out->account_sid))); + dom_sid_string(mem_ctx, server_info_out->sids))); } if (krbtgt_bytes == NULL) { |