BED-5036 integration test written, working on race condition for test…

… harness
SpecterOps · Dec 13, 2024 · a165818 · a165818
1 parent e33b88d
commit a165818
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/cmd/api/src/analysis/ad/ntlm_integration_test.go b/cmd/api/src/analysis/ad/ntlm_integration_test.go
@@ -32,6 +32,7 @@ import (
 	"github.com/specterops/bloodhound/graphschema"
 	"github.com/specterops/bloodhound/graphschema/ad"
 	"github.com/specterops/bloodhound/src/test/integration"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -71,9 +72,10 @@ func TestPostNtlm(t *testing.T) {
 			} else {
 				require.Equal(t, 1, len(results))
 
-				require.True(t, results.Contains(harness.NtlmCoerceAndRelayNtlmToSmb.DomainAdminsUser))
-				require.True(t, results.Contains(harness.NtlmCoerceAndRelayNtlmToSmb.AuthenticatedUsers))
-				require.True(t, results.Contains(harness.NtlmCoerceAndRelayNtlmToSmb.ServerAdmins))
+				objectId, err := results[0].Properties.Get("objectid").String()
+				require.NoError(t, err)
+
+				assert.Equal(t, "authenticated-users-S-1-5-11", objectId)
 
 			}
 			return nil

diff --git a/cmd/api/src/test/integration/harnesses.go b/cmd/api/src/test/integration/harnesses.go
@@ -8412,11 +8412,25 @@ type NtlmCoerceAndRelayNtlmToSmb struct {
 
 func (s *NtlmCoerceAndRelayNtlmToSmb) Setup(graphTestContext *GraphTestContext) {
 	domainSid := RandomDomainSID()
-	s.AuthenticatedUsers = graphTestContext.NewActiveDirectoryUser("Authenticated Users", domainSid)
+	s.AuthenticatedUsers = graphTestContext.NewActiveDirectoryGroup("Authenticated Users", domainSid)
+	s.AuthenticatedUsers.Properties.Set("objectid", fmt.Sprintf("authenticated-users%s", adAnalysis.AuthenticatedUsersSuffix))
+	s.AuthenticatedUsers.Properties.Set("Domain", domainSid)
+	graphTestContext.UpdateNode(s.AuthenticatedUsers)
+
 	s.DomainAdminsUser = graphTestContext.NewActiveDirectoryUser("Domain Admins User", domainSid)
+
 	s.ServerAdmins = graphTestContext.NewActiveDirectoryDomain("Server Admins", domainSid, false, true)
+	s.ServerAdmins.Properties.Set("objectid", fmt.Sprintf("server-admins%s", adAnalysis.AuthenticatedUsersSuffix))
+	s.ServerAdmins.Properties.Set("Domain", domainSid)
+	graphTestContext.UpdateNode(s.ServerAdmins)
+
+	s.DomainAdminsUser.Properties.Set("objectid", fmt.Sprintf("domainadminuser-users%s", adAnalysis.AuthenticatedUsersSuffix))
 	s.computer3 = graphTestContext.NewActiveDirectoryComputer("computer3", domainSid)
+
 	s.computer8 = graphTestContext.NewActiveDirectoryComputer("computer8", domainSid)
+	s.computer8.Properties.Set("smb_signing", "false")
+	graphTestContext.UpdateNode(s.computer8)
+
 	graphTestContext.NewRelationship(s.computer3, s.ServerAdmins, ad.MemberOf)
 	graphTestContext.NewRelationship(s.ServerAdmins, s.computer8, ad.AdminTo)
 	graphTestContext.NewRelationship(s.AuthenticatedUsers, s.computer8, ad.CoerceAndRelayNTLMToSMB)

diff --git a/cmd/api/src/test/integration/harnesses/CoerceAndRelayNTLMToSMB.json b/cmd/api/src/test/integration/harnesses/CoerceAndRelayNTLMToSMB.json
@@ -97,7 +97,9 @@
       "caption": "Authenticated Users",
       "style": {},
       "labels": [],
-      "properties": {}
+      "properties": {
+        "objectid": "authenticatedusers-S-1-5-11"
+      }
     },
     {
       "id": "n4",