auth: Discard non-base SIDs when creating SamInfo2

Our SamLogon tests are now all passing.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index fd94bdbc5057f3baedbf7ab091c3fb3e2b42a9b0..23579eb40352cb450b35ae03ac4128974a1fdea7 100644 (file)
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -453,6 +453,12 @@ NTSTATUS auth_convert_user_info_dc_saminfo2(TALLOC_CTX *mem_ctx,
                return status;
        }
        sam2->base      = sam6->base;
+       /*
+        * We have nowhere to put sam6->sids, so we follow Windows here and drop
+        * it. Any resource groups it happened to be contain are lost.
+        */
+       sam2->base.user_flags &= ~NETLOGON_EXTRA_SIDS;
+       TALLOC_FREE(sam6->sids);
 
        *_sam2 = sam2;
        return NT_STATUS_OK;

diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index b173ad851b56e87be19cdf7886bd349d6ec37511..99f687e32126abe1b466176fc7925a1d386ee5b6 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -142,7 +142,3 @@
 ^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_tgs_claims_remove_claims.ad_dc
 ^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_tgs_claims_remove_claims_to_krbtgt.ad_dc
 ^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_tgs_claims_to_krbtgt.ad_dc
-#
-# Group tests
-#
-^samba.tests.krb5.group_tests.samba.tests.krb5.group_tests.GroupTests.test_samlogon_SamInfo.ad_dc

diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index dd28acf959a2cb45b4dd808b00978b0a91c51d7b..4832e83150808c751577b885a21e6252d78d1e74 100644 (file)
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -612,7 +612,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.group_tests.samba.tests.krb5.group_tests.GroupTests.test_group_universal_as_req_to_service.ad_dc
 ^samba.tests.krb5.group_tests.samba.tests.krb5.group_tests.GroupTests.test_group_user_group_removal_tgs_req_to_krbtgt.ad_dc
 ^samba.tests.krb5.group_tests.samba.tests.krb5.group_tests.GroupTests.test_group_user_group_removal_tgs_req_to_service.ad_dc
-^samba.tests.krb5.group_tests.samba.tests.krb5.group_tests.GroupTests.test_samlogon_SamInfo.ad_dc
 #
 # Encryption type tests
 #