Add PrimaryGroupId to group array in DC response

This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  3 13:52:55 UTC 2019 on sn-devel-184

diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index bd695151dc0d434c7a2cf9a3a1e8fc9802b7da75..b5b6362dc93bf5515f9cfb45496809f097ca62d7 100644 (file)
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -89,7 +89,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
        sam->groups.count = 0;
        sam->groups.rids = NULL;
 
-       if (user_info_dc->num_sids > 2) {
+       if (user_info_dc->num_sids > PRIMARY_GROUP_SID_INDEX) {
                size_t i;
                sam->groups.rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
                                                user_info_dc->num_sids);
@@ -97,7 +97,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
                if (sam->groups.rids == NULL)
                        return NT_STATUS_NO_MEMORY;
 
-               for (i=2; i<user_info_dc->num_sids; i++) {
+               for (i=PRIMARY_GROUP_SID_INDEX; i<user_info_dc->num_sids; i++) {
                        struct dom_sid *group_sid = &user_info_dc->sids[i];
                        if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
                                /* We handle this elsewhere */
@@ -451,6 +451,10 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
        }
 
        for (i = 0; i < base->groups.count; i++) {
+               /* Skip primary group, already added above */
+               if (base->groups.rids[i].rid == base->primary_gid) {
+                       continue;
+               }
                user_info_dc->sids[user_info_dc->num_sids] = *base->domain_sid;
                if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids], base->groups.rids[i].rid)) {
                        return NT_STATUS_INVALID_PARAMETER;

diff --git a/selftest/knownfail.d/pac_primary_group b/selftest/knownfail.d/pac_primary_group
deleted file mode 100644 (file)
index b0efd7d..0000000
--- a/selftest/knownfail.d/pac_primary_group
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.rpc.pac.*s4u2self