github.com/jcmturner/gokrb5/v8@v8.4.4/pac/kerb_validation_info_test.go (about) 1 package pac 2 3 import ( 4 "encoding/hex" 5 "testing" 6 "time" 7 8 "github.com/jcmturner/gokrb5/v8/test/testdata" 9 "github.com/jcmturner/rpc/v2/mstypes" 10 "github.com/stretchr/testify/assert" 11 ) 12 13 func TestKerbValidationInfo_Unmarshal(t *testing.T) { 14 t.Parallel() 15 b, err := hex.DecodeString(testdata.MarshaledPAC_Kerb_Validation_Info_MS) 16 if err != nil { 17 t.Fatal("Could not decode test data hex string") 18 } 19 var k KerbValidationInfo 20 err = k.Unmarshal(b) 21 if err != nil { 22 t.Fatalf("Error unmarshaling KerbValidationInfo: %v", err) 23 } 24 assert.Equal(t, time.Date(2006, 4, 28, 1, 42, 50, 925640100, time.UTC), k.LogOnTime.Time(), "LogOnTime not as expected") 25 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k.LogOffTime.Time(), "LogOffTime not as expected") 26 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k.KickOffTime.Time(), "KickOffTime not as expected") 27 assert.Equal(t, time.Date(2006, 3, 18, 10, 44, 54, 837147900, time.UTC), k.PasswordLastSet.Time(), "PasswordLastSet not as expected") 28 assert.Equal(t, time.Date(2006, 3, 19, 10, 44, 54, 837147900, time.UTC), k.PasswordCanChange.Time(), "PasswordCanChange not as expected") 29 30 assert.Equal(t, "lzhu", k.EffectiveName.Value, "EffectiveName not as expected") 31 assert.Equal(t, "Liqiang(Larry) Zhu", k.FullName.String(), "EffectiveName not as expected") 32 assert.Equal(t, "ntds2.bat", k.LogonScript.String(), "EffectiveName not as expected") 33 assert.Equal(t, "", k.ProfilePath.String(), "EffectiveName not as expected") 34 assert.Equal(t, "", k.HomeDirectory.String(), "EffectiveName not as expected") 35 assert.Equal(t, "", k.HomeDirectoryDrive.String(), "EffectiveName not as expected") 36 37 assert.Equal(t, uint16(4180), k.LogonCount, "LogonCount not as expected") 38 assert.Equal(t, uint16(0), k.BadPasswordCount, "BadPasswordCount not as expected") 39 assert.Equal(t, uint32(2914711), k.UserID, "UserID not as expected") 40 assert.Equal(t, uint32(513), k.PrimaryGroupID, "PrimaryGroupID not as expected") 41 assert.Equal(t, uint32(26), k.GroupCount, "GroupCount not as expected") 42 43 gids := []mstypes.GroupMembership{ 44 {RelativeID: 3392609, Attributes: 7}, 45 {RelativeID: 2999049, Attributes: 7}, 46 {RelativeID: 3322974, Attributes: 7}, 47 {RelativeID: 513, Attributes: 7}, 48 {RelativeID: 2931095, Attributes: 7}, 49 {RelativeID: 3338539, Attributes: 7}, 50 {RelativeID: 3354830, Attributes: 7}, 51 {RelativeID: 3026599, Attributes: 7}, 52 {RelativeID: 3338538, Attributes: 7}, 53 {RelativeID: 2931096, Attributes: 7}, 54 {RelativeID: 3392610, Attributes: 7}, 55 {RelativeID: 3342740, Attributes: 7}, 56 {RelativeID: 3392630, Attributes: 7}, 57 {RelativeID: 3014318, Attributes: 7}, 58 {RelativeID: 2937394, Attributes: 7}, 59 {RelativeID: 3278870, Attributes: 7}, 60 {RelativeID: 3038018, Attributes: 7}, 61 {RelativeID: 3322975, Attributes: 7}, 62 {RelativeID: 3513546, Attributes: 7}, 63 {RelativeID: 2966661, Attributes: 7}, 64 {RelativeID: 3338434, Attributes: 7}, 65 {RelativeID: 3271401, Attributes: 7}, 66 {RelativeID: 3051245, Attributes: 7}, 67 {RelativeID: 3271606, Attributes: 7}, 68 {RelativeID: 3026603, Attributes: 7}, 69 {RelativeID: 3018354, Attributes: 7}, 70 } 71 assert.Equal(t, gids, k.GroupIDs, "GroupIDs not as expected") 72 73 assert.Equal(t, uint32(32), k.UserFlags, "UserFlags not as expected") 74 75 assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k.UserSessionKey, "UserSessionKey not as expected") 76 77 assert.Equal(t, "NTDEV-DC-05", k.LogonServer.Value, "LogonServer not as expected") 78 assert.Equal(t, "NTDEV", k.LogonDomainName.Value, "LogonDomainName not as expected") 79 80 assert.Equal(t, "S-1-5-21-397955417-626881126-188441444", k.LogonDomainID.String(), "LogonDomainID not as expected") 81 82 assert.Equal(t, uint32(16), k.UserAccountControl, "UserAccountControl not as expected") 83 assert.Equal(t, uint32(0), k.SubAuthStatus, "SubAuthStatus not as expected") 84 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k.LastSuccessfulILogon.Time(), "LastSuccessfulILogon not as expected") 85 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k.LastFailedILogon.Time(), "LastSuccessfulILogon not as expected") 86 assert.Equal(t, uint32(0), k.FailedILogonCount, "FailedILogonCount not as expected") 87 88 assert.Equal(t, uint32(13), k.SIDCount, "SIDCount not as expected") 89 assert.Equal(t, int(k.SIDCount), len(k.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same") 90 91 var es = []struct { 92 sid string 93 attr uint32 94 }{ 95 {"S-1-5-21-773533881-1816936887-355810188-513", uint32(7)}, 96 {"S-1-5-21-397955417-626881126-188441444-3101812", uint32(536870919)}, 97 {"S-1-5-21-397955417-626881126-188441444-3291368", uint32(536870919)}, 98 {"S-1-5-21-397955417-626881126-188441444-3291341", uint32(536870919)}, 99 {"S-1-5-21-397955417-626881126-188441444-3322973", uint32(536870919)}, 100 {"S-1-5-21-397955417-626881126-188441444-3479105", uint32(536870919)}, 101 {"S-1-5-21-397955417-626881126-188441444-3271400", uint32(536870919)}, 102 {"S-1-5-21-397955417-626881126-188441444-3283393", uint32(536870919)}, 103 {"S-1-5-21-397955417-626881126-188441444-3338537", uint32(536870919)}, 104 {"S-1-5-21-397955417-626881126-188441444-3038991", uint32(536870919)}, 105 {"S-1-5-21-397955417-626881126-188441444-3037999", uint32(536870919)}, 106 {"S-1-5-21-397955417-626881126-188441444-3248111", uint32(536870919)}, 107 } 108 for i, s := range es { 109 assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected") 110 assert.Equal(t, s.attr, k.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected") 111 } 112 113 assert.Equal(t, uint8(0), k.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected") 114 assert.Equal(t, 0, len(k.ResourceGroupIDs), "ResourceGroupIDs not as expected") 115 116 b, err = hex.DecodeString(testdata.MarshaledPAC_Kerb_Validation_Info) 117 if err != nil { 118 t.Fatal("Could not decode test data hex string") 119 } 120 var k2 KerbValidationInfo 121 err = k2.Unmarshal(b) 122 if err != nil { 123 t.Fatal("Could not unmarshal KerbValidationInfo") 124 } 125 126 assert.Equal(t, time.Date(2017, 5, 6, 15, 53, 11, 825766900, time.UTC), k2.LogOnTime.Time(), "LogOnTime not as expected") 127 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k2.LogOffTime.Time(), "LogOffTime not as expected") 128 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k2.KickOffTime.Time(), "KickOffTime not as expected") 129 assert.Equal(t, time.Date(2017, 5, 6, 7, 23, 8, 968750000, time.UTC), k2.PasswordLastSet.Time(), "PasswordLastSet not as expected") 130 assert.Equal(t, time.Date(2017, 5, 7, 7, 23, 8, 968750000, time.UTC), k2.PasswordCanChange.Time(), "PasswordCanChange not as expected") 131 132 assert.Equal(t, "testuser1", k2.EffectiveName.String(), "EffectiveName not as expected") 133 assert.Equal(t, "Test1 User1", k2.FullName.String(), "EffectiveName not as expected") 134 assert.Equal(t, "", k2.LogonScript.String(), "EffectiveName not as expected") 135 assert.Equal(t, "", k2.ProfilePath.String(), "EffectiveName not as expected") 136 assert.Equal(t, "", k2.HomeDirectory.String(), "EffectiveName not as expected") 137 assert.Equal(t, "", k2.HomeDirectoryDrive.String(), "EffectiveName not as expected") 138 139 assert.Equal(t, uint16(216), k2.LogonCount, "LogonCount not as expected") 140 assert.Equal(t, uint16(0), k2.BadPasswordCount, "BadPasswordCount not as expected") 141 assert.Equal(t, uint32(1105), k2.UserID, "UserID not as expected") 142 assert.Equal(t, uint32(513), k2.PrimaryGroupID, "PrimaryGroupID not as expected") 143 assert.Equal(t, uint32(5), k2.GroupCount, "GroupCount not as expected") 144 145 gids = []mstypes.GroupMembership{ 146 {RelativeID: 513, Attributes: 7}, 147 {RelativeID: 1108, Attributes: 7}, 148 {RelativeID: 1109, Attributes: 7}, 149 {RelativeID: 1115, Attributes: 7}, 150 {RelativeID: 1116, Attributes: 7}, 151 } 152 assert.Equal(t, gids, k2.GroupIDs, "GroupIDs not as expected") 153 154 assert.Equal(t, uint32(32), k2.UserFlags, "UserFlags not as expected") 155 156 assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k2.UserSessionKey, "UserSessionKey not as expected") 157 158 assert.Equal(t, "ADDC", k2.LogonServer.Value, "LogonServer not as expected") 159 assert.Equal(t, "TEST", k2.LogonDomainName.Value, "LogonDomainName not as expected") 160 161 assert.Equal(t, "S-1-5-21-3167651404-3865080224-2280184895", k2.LogonDomainID.String(), "LogonDomainID not as expected") 162 163 assert.Equal(t, uint32(528), k2.UserAccountControl, "UserAccountControl not as expected") 164 assert.Equal(t, uint32(0), k2.SubAuthStatus, "SubAuthStatus not as expected") 165 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k2.LastSuccessfulILogon.Time(), "LastSuccessfulILogon not as expected") 166 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k2.LastFailedILogon.Time(), "LastSuccessfulILogon not as expected") 167 assert.Equal(t, uint32(0), k2.FailedILogonCount, "FailedILogonCount not as expected") 168 169 assert.Equal(t, uint32(2), k2.SIDCount, "SIDCount not as expected") 170 assert.Equal(t, int(k2.SIDCount), len(k2.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same") 171 172 var es2 = []struct { 173 sid string 174 attr uint32 175 }{ 176 {"S-1-5-21-3167651404-3865080224-2280184895-1114", uint32(536870919)}, 177 {"S-1-5-21-3167651404-3865080224-2280184895-1111", uint32(536870919)}, 178 } 179 for i, s := range es2 { 180 assert.Equal(t, s.sid, k2.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected") 181 assert.Equal(t, s.attr, k2.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected") 182 } 183 184 assert.Equal(t, uint8(0), k2.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected") 185 assert.Equal(t, 0, len(k2.ResourceGroupIDs), "ResourceGroupIDs not as expected") 186 } 187 188 func TestKerbValidationInfo_Unmarshal_DomainTrust(t *testing.T) { 189 b, err := hex.DecodeString(testdata.MarshaledPAC_Kerb_Validation_Info_Trust) 190 if err != nil { 191 t.Fatal("Could not decode test data hex string") 192 } 193 var k KerbValidationInfo 194 err = k.Unmarshal(b) 195 if err != nil { 196 t.Fatalf("Error unmarshaling KerbValidationInfo: %v", err) 197 } 198 assert.Equal(t, time.Date(2017, 10, 14, 12, 03, 41, 52409900, time.UTC), k.LogOnTime.Time(), "LogOnTime not as expected") 199 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k.LogOffTime.Time(), "LogOffTime not as expected") 200 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551516, time.UTC), k.KickOffTime.Time(), "KickOffTime not as expected") 201 assert.Equal(t, time.Date(2017, 10, 10, 20, 42, 56, 220282300, time.UTC), k.PasswordLastSet.Time(), "PasswordLastSet not as expected") 202 assert.Equal(t, time.Date(2017, 10, 11, 20, 42, 56, 220282300, time.UTC), k.PasswordCanChange.Time(), "PasswordCanChange not as expected") 203 204 assert.Equal(t, "testuser1", k.EffectiveName.String(), "EffectiveName not as expected") 205 assert.Equal(t, "Test1 User1", k.FullName.String(), "EffectiveName not as expected") 206 assert.Equal(t, "", k.LogonScript.String(), "EffectiveName not as expected") 207 assert.Equal(t, "", k.ProfilePath.String(), "EffectiveName not as expected") 208 assert.Equal(t, "", k.HomeDirectory.String(), "EffectiveName not as expected") 209 assert.Equal(t, "", k.HomeDirectoryDrive.String(), "EffectiveName not as expected") 210 211 assert.Equal(t, uint16(46), k.LogonCount, "LogonCount not as expected") 212 assert.Equal(t, uint16(0), k.BadPasswordCount, "BadPasswordCount not as expected") 213 assert.Equal(t, uint32(1106), k.UserID, "UserID not as expected") 214 assert.Equal(t, uint32(513), k.PrimaryGroupID, "PrimaryGroupID not as expected") 215 assert.Equal(t, uint32(3), k.GroupCount, "GroupCount not as expected") 216 217 gids := []mstypes.GroupMembership{ 218 {RelativeID: 1110, Attributes: 7}, 219 {RelativeID: 513, Attributes: 7}, 220 {RelativeID: 1109, Attributes: 7}, 221 } 222 assert.Equal(t, gids, k.GroupIDs, "GroupIDs not as expected") 223 224 assert.Equal(t, uint32(544), k.UserFlags, "UserFlags not as expected") 225 226 assert.Equal(t, mstypes.UserSessionKey{CypherBlock: [2]mstypes.CypherBlock{{Data: [8]byte{}}, {Data: [8]byte{}}}}, k.UserSessionKey, "UserSessionKey not as expected") 227 228 assert.Equal(t, "UDC", k.LogonServer.Value, "LogonServer not as expected") 229 assert.Equal(t, "USER", k.LogonDomainName.Value, "LogonDomainName not as expected") 230 231 assert.Equal(t, "S-1-5-21-2284869408-3503417140-1141177250", k.LogonDomainID.String(), "LogonDomainID not as expected") 232 233 assert.Equal(t, uint32(528), k.UserAccountControl, "UserAccountControl not as expected") 234 assert.Equal(t, uint32(0), k.SubAuthStatus, "SubAuthStatus not as expected") 235 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k.LastSuccessfulILogon.Time(), "LastSuccessfulILogon not as expected") 236 assert.Equal(t, time.Date(2185, 7, 21, 23, 34, 33, 709551616, time.UTC), k.LastFailedILogon.Time(), "LastSuccessfulILogon not as expected") 237 assert.Equal(t, uint32(0), k.FailedILogonCount, "FailedILogonCount not as expected") 238 239 assert.Equal(t, uint32(1), k.SIDCount, "SIDCount not as expected") 240 assert.Equal(t, int(k.SIDCount), len(k.ExtraSIDs), "SIDCount and size of ExtraSIDs list are not the same") 241 242 var es = []struct { 243 sid string 244 attr uint32 245 }{ 246 {"S-1-18-1", uint32(7)}, 247 } 248 for i, s := range es { 249 assert.Equal(t, s.sid, k.ExtraSIDs[i].SID.String(), "ExtraSID SID value not as epxected") 250 assert.Equal(t, s.attr, k.ExtraSIDs[i].Attributes, "ExtraSID Attributes value not as epxected") 251 } 252 253 assert.Equal(t, uint8(4), k.ResourceGroupDomainSID.SubAuthorityCount, "ResourceGroupDomainSID not as expected") 254 assert.Equal(t, "S-1-5-21-3062750306-1230139592-1973306805", k.ResourceGroupDomainSID.String(), "ResourceGroupDomainSID value not as expected") 255 assert.Equal(t, 2, len(k.ResourceGroupIDs), "ResourceGroupIDs not as expected") 256 rgids := []mstypes.GroupMembership{ 257 {RelativeID: 1107, Attributes: 536870919}, 258 {RelativeID: 1108, Attributes: 536870919}, 259 } 260 assert.Equal(t, rgids, k.ResourceGroupIDs, "ResourceGroupIDs not as expected") 261 groupSids := []string{"S-1-5-21-2284869408-3503417140-1141177250-1110", 262 "S-1-5-21-2284869408-3503417140-1141177250-513", 263 "S-1-5-21-2284869408-3503417140-1141177250-1109", 264 "S-1-18-1", 265 "S-1-5-21-3062750306-1230139592-1973306805-1107", 266 "S-1-5-21-3062750306-1230139592-1973306805-1108"} 267 assert.Equal(t, groupSids, k.GetGroupMembershipSIDs(), "GroupMembershipSIDs not as expected") 268 }