|
|
8aada9 |
From a7c755672cd277497da3df4714f6d9457b6ac5ae Mon Sep 17 00:00:00 2001
|
|
|
8aada9 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
8aada9 |
Date: Thu, 28 May 2020 15:02:43 +0200
|
|
|
8aada9 |
Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
|
|
|
8aada9 |
MIME-Version: 1.0
|
|
|
8aada9 |
Content-Type: text/plain; charset=UTF-8
|
|
|
8aada9 |
Content-Transfer-Encoding: 8bit
|
|
|
8aada9 |
|
|
|
8aada9 |
This patch add another update to the ndr code which was previously
|
|
|
8aada9 |
updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
|
|
|
8aada9 |
1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
|
|
|
8aada9 |
|
|
|
8aada9 |
As missing update in ndr_pull_security_ace() cased
|
|
|
8aada9 |
a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
|
|
|
8aada9 |
added to prevent similar issues in future.
|
|
|
8aada9 |
|
|
|
8aada9 |
Resolves: https://github.com/SSSD/sssd/issues/5183
|
|
|
8aada9 |
|
|
|
8aada9 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
8aada9 |
---
|
|
|
8aada9 |
src/providers/ad/ad_gpo_ndr.c | 1 +
|
|
|
8aada9 |
src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
|
|
|
8aada9 |
2 files changed, 58 insertions(+)
|
|
|
8aada9 |
|
|
|
8aada9 |
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
|
|
|
8aada9 |
index acd7b77c8..71d6d40f2 100644
|
|
|
8aada9 |
--- a/src/providers/ad/ad_gpo_ndr.c
|
|
|
8aada9 |
+++ b/src/providers/ad/ad_gpo_ndr.c
|
|
|
8aada9 |
@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
|
|
|
8aada9 |
ndr->offset += pad;
|
|
|
8aada9 |
}
|
|
|
8aada9 |
if (ndr_flags & NDR_BUFFERS) {
|
|
|
8aada9 |
+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
|
|
|
8aada9 |
NDR_CHECK(ndr_pull_security_ace_object_ctr
|
|
|
8aada9 |
(ndr, NDR_BUFFERS, &r->object));
|
|
|
8aada9 |
}
|
|
|
8aada9 |
diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
|
|
|
8aada9 |
index 97f70408a..d1f7a6915 100644
|
|
|
8aada9 |
--- a/src/tests/cmocka/test_ad_gpo.c
|
|
|
8aada9 |
+++ b/src/tests/cmocka/test_ad_gpo.c
|
|
|
8aada9 |
@@ -347,6 +347,60 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state)
|
|
|
8aada9 |
group_size, ace_dom_sid, true);
|
|
|
8aada9 |
}
|
|
|
8aada9 |
|
|
|
8aada9 |
+uint8_t test_sid_data[] = {
|
|
|
8aada9 |
+0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
8aada9 |
+0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
|
|
|
8aada9 |
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
|
|
|
8aada9 |
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
|
|
|
8aada9 |
+0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
|
|
|
8aada9 |
+0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
|
|
|
8aada9 |
+0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
|
|
|
8aada9 |
+0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
|
|
|
8aada9 |
+0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
|
|
|
8aada9 |
+0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
|
|
|
8aada9 |
+0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
|
|
|
8aada9 |
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
|
|
|
8aada9 |
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
|
|
|
8aada9 |
+0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
|
|
|
8aada9 |
+0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
|
|
|
8aada9 |
+0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
|
|
|
8aada9 |
+0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
|
|
|
8aada9 |
+0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
|
|
|
8aada9 |
+0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
|
|
|
8aada9 |
+0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
|
|
|
8aada9 |
+0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
|
|
|
8aada9 |
+};
|
|
|
8aada9 |
+
|
|
|
8aada9 |
+void test_ad_gpo_parse_sd(void **state)
|
|
|
8aada9 |
+{
|
|
|
8aada9 |
+ int ret;
|
|
|
8aada9 |
+ struct security_descriptor *sd = NULL;
|
|
|
8aada9 |
+
|
|
|
8aada9 |
+ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
|
|
|
8aada9 |
+ assert_int_equal(ret, EINVAL);
|
|
|
8aada9 |
+
|
|
|
8aada9 |
+ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
|
|
|
8aada9 |
+ assert_int_equal(ret, EOK);
|
|
|
8aada9 |
+ assert_non_null(sd);
|
|
|
8aada9 |
+ assert_int_equal(sd->revision, 1);
|
|
|
8aada9 |
+ assert_int_equal(sd->type, 39940);
|
|
|
8aada9 |
+ assert_null(sd->owner_sid);
|
|
|
8aada9 |
+ assert_null(sd->group_sid);
|
|
|
8aada9 |
+ assert_null(sd->sacl);
|
|
|
8aada9 |
+ assert_non_null(sd->dacl);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->revision, 4);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->size, 308);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->num_aces, 10);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->aces[0].type, 0);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->aces[0].flags, 0);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->aces[0].size, 36);
|
|
|
8aada9 |
+ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
|
|
|
8aada9 |
+ /* There are more components and ACEs in the security_descriptor struct
|
|
|
8aada9 |
+ * which are not checked here. */
|
|
|
8aada9 |
+
|
|
|
8aada9 |
+ talloc_free(sd);
|
|
|
8aada9 |
+}
|
|
|
8aada9 |
+
|
|
|
8aada9 |
int main(int argc, const char *argv[])
|
|
|
8aada9 |
{
|
|
|
8aada9 |
poptContext pc;
|
|
|
8aada9 |
@@ -385,6 +439,9 @@ int main(int argc, const char *argv[])
|
|
|
8aada9 |
cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_host_sid_true,
|
|
|
8aada9 |
ad_gpo_test_setup,
|
|
|
8aada9 |
ad_gpo_test_teardown),
|
|
|
8aada9 |
+ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
|
|
|
8aada9 |
+ ad_gpo_test_setup,
|
|
|
8aada9 |
+ ad_gpo_test_teardown),
|
|
|
8aada9 |
};
|
|
|
8aada9 |
|
|
|
8aada9 |
/* Set debug level to invalid value so we can decide if -d 0 was used. */
|
|
|
8aada9 |
--
|
|
|
8aada9 |
2.21.1
|
|
|
8aada9 |
|