The branch, master has been updated via be1aae77b76 libcli/security: Reorder SDDL access flags table to match Windows from 35380fa6a5b gpupdate: Use winbind separator in PAM Access Policies
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit be1aae77b7610933b1121f207e0a4df523c2d278 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Mar 15 14:01:13 2022 +1300 libcli/security: Reorder SDDL access flags table to match Windows This means that encoding an ACE in string form will now match Windows. Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Mar 21 01:19:16 UTC 2023 on atb-devel-224 ----------------------------------------------------------------------- Summary of changes: libcli/security/sddl.c | 18 +++++++++--------- python/samba/tests/upgradeprovision.py | 20 ++++++++++---------- source4/dsdb/tests/python/sec_descriptor.py | 12 ++++++------ source4/torture/ldb/ldb.c | 18 +++++++++--------- 4 files changed, 34 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c index dad5ce8f413..508ac3e5666 100644 --- a/libcli/security/sddl.c +++ b/libcli/security/sddl.c @@ -258,23 +258,23 @@ static const struct flag_map ace_flags[] = { }; static const struct flag_map ace_access_mask[] = { - { "RP", SEC_ADS_READ_PROP }, - { "WP", SEC_ADS_WRITE_PROP }, - { "CR", SEC_ADS_CONTROL_ACCESS }, { "CC", SEC_ADS_CREATE_CHILD }, { "DC", SEC_ADS_DELETE_CHILD }, { "LC", SEC_ADS_LIST }, + { "SW", SEC_ADS_SELF_WRITE }, + { "RP", SEC_ADS_READ_PROP }, + { "WP", SEC_ADS_WRITE_PROP }, + { "DT", SEC_ADS_DELETE_TREE }, { "LO", SEC_ADS_LIST_OBJECT }, + { "CR", SEC_ADS_CONTROL_ACCESS }, + { "SD", SEC_STD_DELETE }, { "RC", SEC_STD_READ_CONTROL }, - { "WO", SEC_STD_WRITE_OWNER }, { "WD", SEC_STD_WRITE_DAC }, - { "SD", SEC_STD_DELETE }, - { "DT", SEC_ADS_DELETE_TREE }, - { "SW", SEC_ADS_SELF_WRITE }, + { "WO", SEC_STD_WRITE_OWNER }, { "GA", SEC_GENERIC_ALL }, - { "GR", SEC_GENERIC_READ }, - { "GW", SEC_GENERIC_WRITE }, { "GX", SEC_GENERIC_EXECUTE }, + { "GW", SEC_GENERIC_WRITE }, + { "GR", SEC_GENERIC_READ }, { NULL, 0 } }; diff --git a/python/samba/tests/upgradeprovision.py b/python/samba/tests/upgradeprovision.py index 5f77a777fc9..b281ad8722f 100644 --- a/python/samba/tests/upgradeprovision.py +++ b/python/samba/tests/upgradeprovision.py @@ -64,21 +64,21 @@ class UpgradeProvisionTestCase(TestCaseInTempDir): def test_get_diff_sds(self): domsid = security.dom_sid('S-1-5-21') - sddl = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)" - sddl1 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl1 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)" - sddl2 = "O:BAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl2 = "O:BAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)" - sddl3 = "O:SAG:BAD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl3 = "O:SAG:BAD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)" - sddl4 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA)\ + sddl4 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)" - sddl5 = "O:SAG:DUD:AI(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl5 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" - sddl6 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\ + sddl6 = "O:SAG:DUD:AI(A;CIID;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)\ -(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)\ +(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\ (A;CI;RP LCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)(AU;CIIDSA;WP;;;WD)" self.assertEqual(get_diff_sds(security.descriptor.from_sddl(sddl, domsid), @@ -96,8 +96,8 @@ class UpgradeProvisionTestCase(TestCaseInTempDir): security.descriptor.from_sddl(sddl4, domsid), domsid) txtmsg = "\tPart dacl is different between reference and current here\ - is the detail:\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;BA) ACE is not present in\ - the reference\n\t\t(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA) ACE is not present in\ + is the detail:\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA) ACE is not present in\ + the reference\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA) ACE is not present in\ the current\n" self.assertEqual(txt, txtmsg) diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index 8bdd9459bc5..bc432bdaa74 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -1641,22 +1641,22 @@ class DaclDescriptorTests(DescriptorTests): self.ldb_admin.create_ou(ou_dn6) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn1) - self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn2) - self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn3) - self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn4) - self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5) - self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl) desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn6) - self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl) self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl) def test_215(self): diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c index bd0ae3a382a..74b3440cdbc 100644 --- a/source4/torture/ldb/ldb.c +++ b/source4/torture/ldb/ldb.c @@ -375,9 +375,9 @@ static const char dda1d01d_ldif[] = "" "uSNChanged: 3467\n" "showInAdvancedViewOnly: TRUE\n" "nTSecurityDescriptor: O:S-1-5-21-2106703258-1007804629-1260019310-512G:S-1-5-2\n" -" 1-2106703258-1007804629-1260019310-512D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;S-\n" -" 1-5-21-2106703258-1007804629-1260019310-512)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;\n" -" SY)(A;;RPLCLORC;;;AU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c\n" +" 1-2106703258-1007804629-1260019310-512D:AI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-\n" +" 1-5-21-2106703258-1007804629-1260019310-512)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;\n" +" SY)(A;;LCRPLORC;;;AU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c\n" " c14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa\n" " 006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;5f202010-79a5-\n" " 11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RP;\n" @@ -392,12 +392,12 @@ static const char dda1d01d_ldif[] = "" " 9e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-\n" " a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967\n" " a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-854e-00a0\n" -" c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RPLCLORC;;4828cc1\n" -" 4-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;RPLCLORC;;bf967a9c-0de6-11d0-a285\n" -" -00aa003049e2;RU)(OA;CIIOID;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU\n" -" )(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCL\n" -" CLORCWOWDSDDTSW;;;S-1-5-21-2106703258-1007804629-1260019310-519)(A;CIID;LC;;;\n" -" RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1\n" +" c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;LCRPLORC;;4828cc1\n" +" 4-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;LCRPLORC;;bf967a9c-0de6-11d0-a285\n" +" -00aa003049e2;RU)(OA;CIIOID;LCRPLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU\n" +" )(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;CCDCLCSWRPW\n" +" PDTLOCRSDRCWDWO;;;S-1-5-21-2106703258-1007804629-1260019310-519)(A;CIID;LC;;;\n" +" RU)(A;CIID;CCLCSWRPWPLOCRSDRCWDWO;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1\n" " -b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f3\n" " 0e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)\n" "name: dda1d01d-4bd7-4c49-a184-46f9241b560e\n" -- Samba Shared Repository