[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Tue Mar 21 01:20:01 UTC 2023 

The branch, master has been updated
       via  be1aae77b76 libcli/security: Reorder SDDL access flags table to match Windows
      from  35380fa6a5b gpupdate: Use winbind separator in PAM Access Policies

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit be1aae77b7610933b1121f207e0a4df523c2d278
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date:   Tue Mar 15 14:01:13 2022 +1300

    libcli/security: Reorder SDDL access flags table to match Windows
    
    This means that encoding an ACE in string form will now match Windows.
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Mar 21 01:19:16 UTC 2023 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/sddl.c                      | 18 +++++++++---------
 python/samba/tests/upgradeprovision.py      | 20 ++++++++++----------
 source4/dsdb/tests/python/sec_descriptor.py | 12 ++++++------
 source4/torture/ldb/ldb.c                   | 18 +++++++++---------
 4 files changed, 34 insertions(+), 34 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index dad5ce8f413..508ac3e5666 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -258,23 +258,23 @@ static const struct flag_map ace_flags[] = {
 };
 
 static const struct flag_map ace_access_mask[] = {
-	{ "RP", SEC_ADS_READ_PROP },
-	{ "WP", SEC_ADS_WRITE_PROP },
-	{ "CR", SEC_ADS_CONTROL_ACCESS },
 	{ "CC", SEC_ADS_CREATE_CHILD },
 	{ "DC", SEC_ADS_DELETE_CHILD },
 	{ "LC", SEC_ADS_LIST },
+	{ "SW", SEC_ADS_SELF_WRITE },
+	{ "RP", SEC_ADS_READ_PROP },
+	{ "WP", SEC_ADS_WRITE_PROP },
+	{ "DT", SEC_ADS_DELETE_TREE },
 	{ "LO", SEC_ADS_LIST_OBJECT },
+	{ "CR", SEC_ADS_CONTROL_ACCESS },
+	{ "SD", SEC_STD_DELETE },
 	{ "RC", SEC_STD_READ_CONTROL },
-	{ "WO", SEC_STD_WRITE_OWNER },
 	{ "WD", SEC_STD_WRITE_DAC },
-	{ "SD", SEC_STD_DELETE },
-	{ "DT", SEC_ADS_DELETE_TREE },
-	{ "SW", SEC_ADS_SELF_WRITE },
+	{ "WO", SEC_STD_WRITE_OWNER },
 	{ "GA", SEC_GENERIC_ALL },
-	{ "GR", SEC_GENERIC_READ },
-	{ "GW", SEC_GENERIC_WRITE },
 	{ "GX", SEC_GENERIC_EXECUTE },
+	{ "GW", SEC_GENERIC_WRITE },
+	{ "GR", SEC_GENERIC_READ },
 	{ NULL, 0 }
 };
 
diff --git a/python/samba/tests/upgradeprovision.py b/python/samba/tests/upgradeprovision.py
index 5f77a777fc9..b281ad8722f 100644
--- a/python/samba/tests/upgradeprovision.py
+++ b/python/samba/tests/upgradeprovision.py
@@ -64,21 +64,21 @@ class UpgradeProvisionTestCase(TestCaseInTempDir):
     def test_get_diff_sds(self):
         domsid = security.dom_sid('S-1-5-21')
 
-        sddl = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
-        sddl1 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl1 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
-        sddl2 = "O:BAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl2 = "O:BAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
-        sddl3 = "O:SAG:BAD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl3 = "O:SAG:BAD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
-        sddl4 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA)\
+        sddl4 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
-        sddl5 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl5 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
-        sddl6 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\
+        sddl6 = "O:SAG:DUD:AI(A;CIID;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)\
-(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\
+(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
 (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)(AU;CIIDSA;WP;;;WD)"
 
         self.assertEqual(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
@@ -96,8 +96,8 @@ class UpgradeProvisionTestCase(TestCaseInTempDir):
                            security.descriptor.from_sddl(sddl4, domsid),
                            domsid)
         txtmsg = "\tPart dacl is different between reference and current here\
- is the detail:\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA) ACE is not present in\
- the reference\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA) ACE is not present in\
+ is the detail:\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA) ACE is not present in\
+ the reference\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA) ACE is not present in\
  the current\n"
         self.assertEqual(txt, txtmsg)
 
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index 8bdd9459bc5..bc432bdaa74 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -1641,22 +1641,22 @@ class DaclDescriptorTests(DescriptorTests):
         self.ldb_admin.create_ou(ou_dn6)
 
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn1)
-        self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl)
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn2)
-        self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl)
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn3)
-        self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl)
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn4)
-        self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl)
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
-        self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl)
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn6)
-        self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
+        self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
         self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl)
 
     def test_215(self):
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index bd0ae3a382a..74b3440cdbc 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -375,9 +375,9 @@ static const char dda1d01d_ldif[] = ""
 "uSNChanged: 3467\n"
 "showInAdvancedViewOnly: TRUE\n"
 "nTSecurityDescriptor: O:S-1-5-21-2106703258-1007804629-1260019310-512G:S-1-5-2\n"
-" 1-2106703258-1007804629-1260019310-512D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S-\n"
-" 1-5-21-2106703258-1007804629-1260019310-512)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;\n"
-" SY)(A;;RPLCLORC;;;AU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c\n"
+" 1-2106703258-1007804629-1260019310-512D:AI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-\n"
+" 1-5-21-2106703258-1007804629-1260019310-512)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;\n"
+" SY)(A;;LCRPLORC;;;AU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c\n"
 " c14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa\n"
 " 006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;5f202010-79a5-\n"
 " 11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;\n"
@@ -392,12 +392,12 @@ static const char dda1d01d_ldif[] = ""
 " 9e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-\n"
 " a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967\n"
 " a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0\n"
-" c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RPLCLORC;;4828cc1\n"
-" 4-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RPLCLORC;;bf967a9c-0de6-11d0-a285\n"
-" -00aa003049e2;RU)(OA;CIIOID;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU\n"
-" )(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCL\n"
-" CLORCWOWDSDDTSW;;;S-1-5-21-2106703258-1007804629-1260019310-519)(A;CIID;LC;;;\n"
-" RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1\n"
+" c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;LCRPLORC;;4828cc1\n"
+" 4-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;LCRPLORC;;bf967a9c-0de6-11d0-a285\n"
+" -00aa003049e2;RU)(OA;CIIOID;LCRPLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU\n"
+" )(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;CCDCLCSWRPW\n"
+" PDTLOCRSDRCWDWO;;;S-1-5-21-2106703258-1007804629-1260019310-519)(A;CIID;LC;;;\n"
+" RU)(A;CIID;CCLCSWRPWPLOCRSDRCWDWO;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1\n"
 " -b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f3\n"
 " 0e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)\n"
 "name: dda1d01d-4bd7-4c49-a184-46f9241b560e\n"


-- 
Samba Shared Repository

More information about the samba-cvs mailing list