[SCM] Samba Shared Repository - branch master updated
Douglas Bagnall
dbagnall at samba.org
Thu Jul 25 06:28:02 UTC 2024
The branch, master has been updated
via 8903876f65d libcli:security: allow spaces after BAD:
from 97677b15884 selftest: Move MIT Kerberos knownfails to separate files in their own directory
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8903876f65d5721d30186875d391889d1ddcd52c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 24 17:24:59 2024 +1200
libcli:security: allow spaces after BAD:
In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see
defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
libcli/security/sddl.c | 5 +++++
python/samba/tests/sddl.py | 10 +++++-----
2 files changed, 10 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index d1f77075238..c0fddb72e5f 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -814,6 +814,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
return acl;
}
+ /* Windows AD allows spaces here */
+ while (*sddl == ' ') {
+ sddl++;
+ }
+
/* work out the ACL flags */
if (!sddl_map_flags(acl_flags, sddl, flags, &len, true)) {
*msg = talloc_strdup(sd, "bad ACL flags");
diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py
index b594021013a..6d4448233e3 100644
--- a/python/samba/tests/sddl.py
+++ b/python/samba/tests/sddl.py
@@ -670,6 +670,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))),
("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"),
+ # whitespace before ACL string flags is ignored.
+ ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
+ ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
+ ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
+ ("D: S:","D:S:"),
]
@@ -818,17 +823,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
strings = [
# whitespace is ignored, repaired on return
("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"),
- ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
- # whitespace before ACL string flags is ignored.
- ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
# wrong case on type is ignored, fixed
("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"),
("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"),
("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"),
- ("D: S:","D:S:"),
# whitespace around ACL flags
- ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
# whitespace between ACES
--
Samba Shared Repository
More information about the samba-cvs
mailing list