summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rwxr-xr-xsource4/dsdb/tests/python/token_group.py24
1 files changed, 21 insertions, 3 deletions
diff --git a/source4/dsdb/tests/python/token_group.py b/source4/dsdb/tests/python/token_group.py
index ee90dd480c..0314cd3332 100755
--- a/source4/dsdb/tests/python/token_group.py
+++ b/source4/dsdb/tests/python/token_group.py
@@ -63,11 +63,13 @@ class TokenTest(unittest.TestCase):
for sid in res[0]['tokenGroups']:
tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+ user_sid_dn = "<SID=%s>" % tokengroups[0]
+
print("Geting token from user session")
session_info_flags = ( AUTH_SESSION_INFO_DEFAULT_GROUPS |
AUTH_SESSION_INFO_AUTHENTICATED |
AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
- session = samba.auth.user_session(self.ldb, lp_ctx=lp, dn="<SID=%s>" % tokengroups[0],
+ session = samba.auth.user_session(self.ldb, lp_ctx=lp, dn=user_sid_dn,
session_info_flags=session_info_flags)
token = session.security_token
@@ -76,14 +78,30 @@ class TokenTest(unittest.TestCase):
sids.append(str(s))
sidset1 = set(tokengroups)
sidset2 = set(sids)
- if sidset1 != sidset2:
+ if len(sidset1.difference(sidset2)):
print("token sids don't match")
print("tokengroups: %s" % tokengroups)
print("calculated : %s" % sids);
print("difference : %s" % sidset1.difference(sidset2))
- self.fail(msg="token groups don't match")
+ self.fail(msg="calculated groups don't match against rootDSE tokenGroups")
+ res = self.ldb.search(user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
+ self.assertEquals(len(res), 1)
+ print("Geting tokenGroups from user DN")
+ dn_tokengroups = []
+ for sid in res[0]['tokenGroups']:
+ dn_tokengroups.append(str(ndr_unpack(samba.dcerpc.security.dom_sid, sid)))
+
+ sidset1 = set(dn_tokengroups)
+ sidset2 = set(sids)
+ if len(sidset1.difference(sidset2)):
+ print("token sids don't match")
+ print("tokengroups: %s" % tokengroups)
+ print("calculated : %s" % sids);
+ print("difference : %s" % sidset1.difference(sidset2))
+ self.fail(msg="calculated groups don't match against user DN tokenGroups")
+
if not "://" in url:
if os.path.isfile(url):