From 2ae75184fcb5dc90602aeef113d4c13540073324 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 3 Apr 2019 19:45:02 +0300
Subject: [PATCH] Add PrimaryGroupId to group array in DC response

This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  3 13:52:55 UTC 2019 on sn-devel-184
---
 auth/auth_sam_reply.c                  | 8 ++++++--
 selftest/knownfail.d/pac_primary_group | 1 -
 2 files changed, 6 insertions(+), 3 deletions(-)
 delete mode 100644 selftest/knownfail.d/pac_primary_group

diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index bd695151dc0..b5b6362dc93 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -89,7 +89,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
 	sam->groups.count = 0;
 	sam->groups.rids = NULL;
 
-	if (user_info_dc->num_sids > 2) {
+	if (user_info_dc->num_sids > PRIMARY_GROUP_SID_INDEX) {
 		size_t i;
 		sam->groups.rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
 						user_info_dc->num_sids);
@@ -97,7 +97,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
 		if (sam->groups.rids == NULL)
 			return NT_STATUS_NO_MEMORY;
 
-		for (i=2; i<user_info_dc->num_sids; i++) {
+		for (i=PRIMARY_GROUP_SID_INDEX; i<user_info_dc->num_sids; i++) {
 			struct dom_sid *group_sid = &user_info_dc->sids[i];
 			if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
 				/* We handle this elsewhere */
@@ -451,6 +451,10 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
 	}
 
 	for (i = 0; i < base->groups.count; i++) {
+		/* Skip primary group, already added above */
+		if (base->groups.rids[i].rid == base->primary_gid) {
+			continue;
+		}
 		user_info_dc->sids[user_info_dc->num_sids] = *base->domain_sid;
 		if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids], base->groups.rids[i].rid)) {
 			return NT_STATUS_INVALID_PARAMETER;
diff --git a/selftest/knownfail.d/pac_primary_group b/selftest/knownfail.d/pac_primary_group
deleted file mode 100644
index b0efd7d6385..00000000000
--- a/selftest/knownfail.d/pac_primary_group
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.rpc.pac.*s4u2self
-- 
2.34.1