sid: sid_test: make subauthorities mandatory

Both the constructor “Sid.create” and the string format parser must reject inputs lacking a subauthorities array of at least size one. Since the array is no longer optional, reorder the the constructor arguments to match the data representation. It is still possible to create SIDs without subauthorities via the “Sid.create_unsafe” constructor. Also, the packet representation will happily accept them because their definition (as well as that that of the identical RPC version) does not specify a minimum count. This is all rather ambiguous and exacerbated by the fact that [MS-DTYP] happily specifies an invalid SID “S-1-5” as the “NT_AUTHORITY”. However, both the grammar and the Win API “ConvertStringSidToSidA()” function reject SA-less inputs as invalid, so we should too.
author: Philipp Gesang <phg@phi-gamma.net> 2018-11-07 23:40:26 +0100
committer: Philipp Gesang <phg@phi-gamma.net> 2018-11-07 23:40:32 +0100
commit: 010d9d9d7f82e6d880da646c810492618476ee32 (patch)
tree: 6f356707ca0019da3e27dc62377b379656be5c68 /sid_test.ml
parent: 39b9f77dbccecad50fb355cffb0e8e432e28f825 (diff)
download: ocaml-sid-010d9d9d7f82e6d880da646c810492618476ee32.tar.gz
1 files changed, 23 insertions, 7 deletions
diff --git a/sid_test.ml b/sid_test.ml
index e7b6c24..7da0d7f 100644
--- a/sid_test.ml
+++ b/sid_test.ml
@@ -14,18 +14,18 @@ let () = Printexc.record_backtrace true ;;
 (* S-1-1-0-1-2-3-4-5-6-7-8-9-10-11-12-13-14 *)
 let max_sid =
       Sid.create_unsafe
+         U64.one
          [| U32.zero      ; U32.one       ; U32.of_int  2
           ; U32.of_int  3 ; U32.of_int  4 ; U32.of_int  5
           ; U32.of_int  6 ; U32.of_int  7 ; U32.of_int  8
           ; U32.of_int  9 ; U32.of_int 10 ; U32.of_int 11
           ; U32.of_int 12 ; U32.of_int 13 ; U32.of_int 14
          |]
-         U64.one
 
 let create_ok () =
   let w = Sid.WellKnown.everyone
   and s =
-    match Sid.create ~sa:[| U32.zero |] U64.one with
+    match Sid.create U64.one [| U32.zero |] with
       | None -> assert_failure "Sid.create failed for S-1-0"
       | Some s -> s
   in
@@ -33,16 +33,21 @@ let create_ok () =
     (Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string s) (Sid.to_string w))
     (Sid.equal s w)
 
+let create_nosa_fail () =
+  match Sid.create U64.zero [| |] with
+    | None -> ()
+    | Some s -> assert_failure ("Sid.create succeeded despite lack of sas")
+
 let create_etoomany_fail () =
   let sas = Array.make 16 U32.one in
-  match Sid.create ~sa:sas U64.zero with
+  match Sid.create U64.zero sas with
     | None -> ()
     | Some s -> assert_failure ("Sid.create succeeded on invalid sa array")
 
 let create_iatoobig_fail () =
   let sas = Array.make 2 U32.one in
   let ia = U64.add max_ident_auth U64.one in
-  match Sid.create ~sa:sas ia with
+  match Sid.create ia sas with
     | None -> ()
     | Some s -> assert_failure ("Sid.create succeeded on invalid ident auth")
 
@@ -55,7 +60,7 @@ let unwrap_of_string s =
 
 let sf_parse_ok () =
   let s = unwrap_of_string "S-1-1-0"
-  and z = Sid.create_unsafe [| U32.zero |] U64.one in
+  and z = Sid.create_unsafe U64.one [| U32.zero |] in
   assert_bool
     (Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string s) (Sid.to_string z))
     (Sid.equal s z);
@@ -99,6 +104,16 @@ let sf_parse_ver_inval2_fail () =
       assert_equal
         e "Invalid SID [S-10-0]: expected ‘-’ at position 3, found ‘0’"
 
+let sf_parse_nosa_fail () =
+  match Sid.of_string "S-1-1" with
+    | Ok s ->
+      assert_failure
+        (Printf.sprintf "unexpectedly parsed garbage as SID [%s]"
+           (Sid.to_string s))
+    | Error e ->
+      assert_equal e "Invalid SID: error parsing SID [S-1-1] at position 5, \
+                      grammar mandates at least one subauthority"
+
 let sf_parse_trailing_ok () =
   let s = unwrap_of_string "S-1-0-0-" in
   assert_equal (Sid.to_string s) "S-1-0-0"
@@ -221,8 +236,8 @@ let sf_parse_iaxxlong_fail () =
   (* too many digits, need exactly 12 *)
   match Sid.of_string "S-1-0xC01DC01DB100D-17-01" with
     | Error e ->
-      let expect = "Invalid SID [S-1-0xC01DC01DB100D-17-01]: expected ‘-’ \
-                    at position 18, found ‘D’"
+      let expect = "Invalid SID: error parsing SID [S-1-0xC01DC01DB100D-17-01] \
+                    at position 18, grammar mandates at least one subauthority"
       in
       assert_equal
         ~msg:(Printf.sprintf "[%s] ≠ [%s]" e expect)
@@ -425,6 +440,7 @@ let string_format_test = "string-format-syntax" >:::
   ; "parse-ver-junk-fail"   >:: sf_parse_ver_junk_fail
   ; "parse-ver-inval-fail"  >:: sf_parse_ver_inval_fail
   ; "parse-ver-inval2-fail" >:: sf_parse_ver_inval2_fail
+  ; "parse-nosa-fail"       >:: sf_parse_nosa_fail
   ; "parse-trailing-ok"     >:: sf_parse_trailing_ok
   ; "parse-maxint-ok"       >:: sf_parse_maxint_ok
   ; "parse-oobia-fail"      >:: sf_parse_oobia_fail
author	Philipp Gesang <phg@phi-gamma.net>	2018-11-07 23:40:26 +0100
committer	Philipp Gesang <phg@phi-gamma.net>	2018-11-07 23:40:32 +0100
commit	010d9d9d7f82e6d880da646c810492618476ee32 (patch)
tree	6f356707ca0019da3e27dc62377b379656be5c68 /sid_test.ml
parent	39b9f77dbccecad50fb355cffb0e8e432e28f825 (diff)
download	ocaml-sid-010d9d9d7f82e6d880da646c810492618476ee32.tar.gz