From b2bc50e2f4132b2e38fb8ce9de9db8df3c46aaf5 Mon Sep 17 00:00:00 2001 From: Gabriel Nagy Date: Tue, 24 Oct 2023 10:32:30 +0300 Subject: [PATCH] Ensure GPO URLs contain the FQDN of the controller This is the main driver for the changes in the previous commits. The way this behavior worked in the past is that we would use the URL returned in the gPCFileSysPath field without any changes. This introduced an inconsistency that went unobserved until recently. Namely, we would get the list of GPOs using the FQDN of the domain controller (e.g. adc.example.com), whereas the list of GPO URLs only included the domain name (e.g. example.com). This meant that when downloading the actual GPO data, libsmbclient would try to autodiscover a domain controller from which to perform the download, given only the domain name. In some cases, especially complicated AD deployments with lots of DCs, libsmbclient could autoresolve to an unhealthy DC (we take unhealthy to mean any DC from which GPO files cannot be downloaded, regardless of reason). This would fail the GPO download with a cryptic "invalid argument" error. Besides the chance of the above happening, autodiscovery also takes longer as opposed to passing a valid DC FQDN to libsmbclient from the start. To fix this, we rewrite the GPO URL in the gPCFileSysPath field to include the FQDN of the domain controller which essentially ensures the DC we get the GPO list from, and the DC we download the GPO data from are the same, minimizing the chance of mismatches like this occurring. This has some drawbacks in the integration tests where we set up a real SMB share and download from it, so we need to ensure the mocked server URL is the actual SMB server. Fixes #733 / UDENG-843 --- .../integration_tests/systemdaemons/system_daemons.py | 5 ++++- ...invalid_startup_time_leads_to_unknown_refresh_time | 2 +- ...id_unit_refresh_time_leads_to_unknown_refresh_time | 2 +- .../no_startup_time_leads_to_unknown_refresh_time | 2 +- ...no_unit_refresh_time_leads_to_unknown_refresh_time | 2 +- .../golden/status_is_always_authorized | 2 +- .../golden/status_no_user_connected_and_no_machine | 2 +- .../golden/status_on_user_connected_with_no_cache | 2 +- .../golden/status_with_static_ad_server | 2 +- .../golden/status_with_users_and_machines | 2 +- .../golden/ubuntu_pro_subscription_is_not_active | 2 +- .../sssd-configs/sssd.conf-example.com_static-server | 2 +- internal/ad/adsys-gpolist | 11 ++++++++++- internal/ad/backends/winbind/mock/libwbclient_mock.c | 2 +- .../TestWinbind/golden/error_when_domain_is_offline | 2 +- .../golden/error_when_getting_online_status | 2 +- .../TestWinbind/golden/error_when_requesting_krb5cc | 2 +- .../testdata/TestWinbind/golden/lookup_is_successful | 2 +- .../lookup_with_different_hostname_is_successful | 2 +- .../golden/lookup_with_overridden_ad_domain | 2 +- .../TestAdsysGPOList/golden/block_inheritance | 2 +- .../golden/computers_truncated_at_15_characters | 6 +++--- .../ad/testdata/TestAdsysGPOList/golden/disabled_gpos | 6 +++--- .../TestAdsysGPOList/golden/filter_machine_only_gpos | 4 ++-- .../TestAdsysGPOList/golden/filter_user_only_gpos | 4 ++-- .../golden/forced_gpo_and_blocked_inheritance | 6 +++--- .../golden/forced_gpo_are_first_by_reverse_order | 10 +++++----- ...me_without_file_is_supported_by_the_samba_bindings | 2 +- .../golden/long_computer_name,_not_truncated | 6 +++--- .../ad/testdata/TestAdsysGPOList/golden/machine_gpos | 6 +++--- .../TestAdsysGPOList/golden/multiple_gpos_in_same_ou | 8 ++++---- .../golden/no_@_in_user_name_returns_the_same_thing | 2 +- .../TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes | 2 +- .../TestAdsysGPOList/golden/no_gpo_on_ou_-_string | 2 +- .../golden/no_gpoptions_fallbacks_to_0 | 4 ++-- .../testdata/TestAdsysGPOList/golden/return_hierarchy | 4 ++-- .../testdata/TestAdsysGPOList/golden/return_one_gpo | 2 +- .../security_descriptor_accepted_is_for_another_user | 4 ++-- .../security_descriptor_access_denied_ignores_gpo | 4 ++-- .../golden/security_descriptor_missing_ignores_gpo | 4 ++-- 40 files changed, 76 insertions(+), 64 deletions(-) diff --git a/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py b/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py index eea43806b..c7489f8b6 100644 --- a/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py +++ b/cmd/adsysd/integration_tests/systemdaemons/system_daemons.py @@ -111,7 +111,10 @@ def sssd_on_bus(bus: dbus.Bus): False) main_object.AddMethods("", [ ("IsOnline", "", "b", "ret = True"), - ("ActiveServer", "s", "s", 'ret = "adc.example.com"'), + # In real environments this is the FQDN of a domain controller + # For testing purposes we need to match the value to the underlying SMB + # server running on localhost + ("ActiveServer", "s", "s", 'ret = "localhost:1446"'), ]) main_object.AddObject( diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time index 9a095a864..a4da4324e 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_startup_time_leads_to_unknown_refresh_time @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time index 9a095a864..a4da4324e 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/invalid_unit_refresh_time_leads_to_unknown_refresh_time @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time index 9a095a864..a4da4324e 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_startup_time_leads_to_unknown_refresh_time @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time index 9a095a864..a4da4324e 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/no_unit_refresh_time_leads_to_unknown_refresh_time @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized index 81f1c4cd6..e252ece89 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_is_always_authorized @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine index 83888955b..f5e08e221 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_no_user_connected_and_no_machine @@ -10,7 +10,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache index b5830811f..bdfc2c875 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_on_user_connected_with_no_cache @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server index 5916b0415..86429cd70 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_static_ad_server @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com_static-server Cache: /tmp/sss_cache Domain: example.com - Server FQDN: staticserver.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines index 81f1c4cd6..e252ece89 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/status_with_users_and_machines @@ -11,7 +11,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active index 110720199..d707af33b 100644 --- a/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active +++ b/cmd/adsysd/integration_tests/testdata/TestServiceStatus/golden/ubuntu_pro_subscription_is_not_active @@ -17,7 +17,7 @@ Active Directory: Configuration: testdata/sssd-configs/sssd.conf-example.com Cache: /tmp/sss_cache Domain: example.com - Server FQDN: adc.example.com + Server FQDN: localhost:1446 Daemon: Timeout after 30s diff --git a/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server b/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server index 9144a7b36..3f706c62d 100644 --- a/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server +++ b/cmd/adsysd/integration_tests/testdata/sssd-configs/sssd.conf-example.com_static-server @@ -3,4 +3,4 @@ domains = example.com [domain/example.com] ad_domain = example.com -ad_server = staticserver.example.com +ad_server = localhost:1446 diff --git a/internal/ad/adsys-gpolist b/internal/ad/adsys-gpolist index 4f95ac9a6..48441c8ee 100755 --- a/internal/ad/adsys-gpolist +++ b/internal/ad/adsys-gpolist @@ -283,8 +283,17 @@ def main(): return ReturnCode.GPO_FAILED for g in gpos: - print("%s\tsmb:%s" % (g[0], str(g[1]).replace("\\", "/"))) + gpo_name = g[0] + gpo_path = parse_gpo_path(g[1], fqdn) + print("%s\t%s" % (gpo_name, gpo_path)) +def parse_gpo_path(gpo_path, dc_fqdn): + ''' Parse a GPO path to a SMB path with the appropriate DC FQDN ''' + path = str(gpo_path).replace("\\", "/") + parts = path[2:].split("/") + parts[0] = dc_fqdn + + return "smb://" +"/".join(parts) if __name__ == "__main__": exit(main()) diff --git a/internal/ad/backends/winbind/mock/libwbclient_mock.c b/internal/ad/backends/winbind/mock/libwbclient_mock.c index 20ce13092..41a0ae999 100644 --- a/internal/ad/backends/winbind/mock/libwbclient_mock.c +++ b/internal/ad/backends/winbind/mock/libwbclient_mock.c @@ -22,7 +22,7 @@ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcD struct wbcDomainControllerInfo *dc = malloc(sizeof(struct wbcDomainControllerInfo)); // This is the only field used at the moment - dc->dc_name = "\\\\adcontroller.example.com"; + dc->dc_name = "\\\\localhost:1446"; *dc_info = dc; return WBC_ERR_SUCCESS; } diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline index 40475c9be..a72f499ec 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_domain_is_offline @@ -1,5 +1,5 @@ * Domain(): example.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline(): false * HostKrb5CCName(): /tmp/krb5cc_0 * DefaultDomainSuffix(): example.com diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status index 2526b760c..b3c308f0a 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_getting_online_status @@ -1,5 +1,5 @@ * Domain(): example.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline ERROR(): could not get online status for domain "example.com": status code 2 * HostKrb5CCName(): /tmp/krb5cc_0 * DefaultDomainSuffix(): example.com diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc index 88b3125e0..26f51b80f 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/error_when_requesting_krb5cc @@ -1,5 +1,5 @@ * Domain(): example.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline(): true * HostKrb5CCName ERROR(): could not get krb5 cached ticket for "UBUNTU$@EXAMPLE.COM": exit status 1: EXIT 1 requested in mock diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful index 98c4e2e9c..55ac55aaf 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_is_successful @@ -1,5 +1,5 @@ * Domain(): example.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline(): true * HostKrb5CCName(): /tmp/krb5cc_0 * DefaultDomainSuffix(): example.com diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful index e3c81b5fb..999abd792 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_different_hostname_is_successful @@ -1,5 +1,5 @@ * Domain(): example.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline(): true * HostKrb5CCName(): /tmp/krb5cc_0 * DefaultDomainSuffix(): example.com diff --git a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain index 818159f03..f783078d1 100644 --- a/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain +++ b/internal/ad/backends/winbind/testdata/TestWinbind/golden/lookup_with_overridden_ad_domain @@ -1,5 +1,5 @@ * Domain(): overridden.com -* ServerFQDN(): adcontroller.example.com +* ServerFQDN(): localhost:1446 * IsOnline(): true * HostKrb5CCName(): /tmp/krb5cc_0 * DefaultDomainSuffix(): overridden.com diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance b/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance index ba0945ebb..e0d1abd97 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance +++ b/internal/ad/testdata/TestAdsysGPOList/golden/block_inheritance @@ -1 +1 @@ -RnDDepBlockInheritance GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDepBlockInheritance_GPO +RnDDepBlockInheritance GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDepBlockInheritance_GPO diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters b/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters index cb0d225e5..3f4f45786 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters +++ b/internal/ad/testdata/TestAdsysGPOList/golden/computers_truncated_at_15_characters @@ -1,4 +1,4 @@ Searching for account failed with: Failed to find account hostnameWithTruncatedLongName -ITDep1 GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO -IT GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +ITDep1 GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO +IT GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos index 775433add..69767d92c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos +++ b/internal/ad/testdata/TestAdsysGPOList/golden/disabled_gpos @@ -1,3 +1,3 @@ -RnDDep3 GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep3_GPO -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnDDep3 GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep3_GPO +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos index 577d92ecb..0e72ed2db 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos +++ b/internal/ad/testdata/TestAdsysGPOList/golden/filter_machine_only_gpos @@ -1,2 +1,2 @@ -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos index ebdbe2815..89109893f 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos +++ b/internal/ad/testdata/TestAdsysGPOList/golden/filter_user_only_gpos @@ -1,2 +1,2 @@ -IT GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +IT GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance index 9ac052e77..7915a28c9 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance +++ b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_and_blocked_inheritance @@ -1,3 +1,3 @@ -RnDDep2 Forced GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO -SubBlocked GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubBlocked_GPO -SubDep2BlockInheritance GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubDep2BlockInheritance_GPO +RnDDep2 Forced GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO +SubBlocked GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubBlocked_GPO +SubDep2BlockInheritance GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubDep2BlockInheritance_GPO diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order index 8f44c57e5..4f59045d0 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order +++ b/internal/ad/testdata/TestAdsysGPOList/golden/forced_gpo_are_first_by_reverse_order @@ -1,5 +1,5 @@ -RnDDep2 Forced GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO -SubDep2ForcedPolicy Forced GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/SubDep2ForcedPolicy_Forced_GPO -RnDDep2 GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep2_GPO -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnDDep2 Forced GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_Forced_GPO +SubDep2ForcedPolicy Forced GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/SubDep2ForcedPolicy_Forced_GPO +RnDDep2 GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep2_GPO +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings b/internal/ad/testdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings index 21b3cbe04..66f1a012c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings +++ b/internal/ad/testdata/TestAdsysGPOList/golden/krb5ccname_without_file_is_supported_by_the_samba_bindings @@ -1 +1 @@ -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated b/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated index c32596344..ac725295e 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated +++ b/internal/ad/testdata/TestAdsysGPOList/golden/long_computer_name,_not_truncated @@ -1,3 +1,3 @@ -ITDep1 GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO -IT GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +ITDep1 GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO +IT GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos b/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos index c32596344..ac725295e 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos +++ b/internal/ad/testdata/TestAdsysGPOList/golden/machine_gpos @@ -1,3 +1,3 @@ -ITDep1 GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/ITDep1_GPO -IT GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/IT_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +ITDep1 GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/ITDep1_GPO +IT GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/IT_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou b/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou index a7af82013..4db85dafa 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou +++ b/internal/ad/testdata/TestAdsysGPOList/golden/multiple_gpos_in_same_ou @@ -1,4 +1,4 @@ -RnDDep1 GPO1 smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO1 -RnDDep1 GPO2 smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO2 -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnDDep1 GPO1 smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO1 +RnDDep1 GPO2 smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnDDep1_GPO2 +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing b/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing index 21b3cbe04..66f1a012c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing +++ b/internal/ad/testdata/TestAdsysGPOList/golden/no_@_in_user_name_returns_the_same_thing @@ -1 +1 @@ -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes index 21b3cbe04..66f1a012c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes +++ b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_bytes @@ -1 +1 @@ -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string index 21b3cbe04..66f1a012c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string +++ b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpo_on_ou_-_string @@ -1 +1 @@ -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0 b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0 index 1eab1fe8f..0abeb3e3d 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0 +++ b/internal/ad/testdata/TestAdsysGPOList/golden/no_gpoptions_fallbacks_to_0 @@ -1,2 +1,2 @@ -NogPOptions GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/NogPOptions_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +NogPOptions GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/NogPOptions_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy b/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy index 577d92ecb..0e72ed2db 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy +++ b/internal/ad/testdata/TestAdsysGPOList/golden/return_hierarchy @@ -1,2 +1,2 @@ -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo index 21b3cbe04..66f1a012c 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo +++ b/internal/ad/testdata/TestAdsysGPOList/golden/return_one_gpo @@ -1 +1 @@ -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user index 577d92ecb..0e72ed2db 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user +++ b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_accepted_is_for_another_user @@ -1,2 +1,2 @@ -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo index 577d92ecb..0e72ed2db 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo +++ b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_access_denied_ignores_gpo @@ -1,2 +1,2 @@ -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} diff --git a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo index 6c7ada083..e6543c7f0 100644 --- a/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo +++ b/internal/ad/testdata/TestAdsysGPOList/golden/security_descriptor_missing_ignores_gpo @@ -1,4 +1,4 @@ Failed to fetch gpo object with nTSecurityDescriptor RnDDep4_Security_descriptor_missing_GPO -RnD GPO smb://localhost:1445/SYSVOL/gpoonly.com/Policies/RnD_GPO -Default Domain Policy smb://localhost:1445/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} +RnD GPO smb://ldap_url/SYSVOL/gpoonly.com/Policies/RnD_GPO +Default Domain Policy smb://ldap_url/SYSVOL/gpoonly.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}