[SCM] Samba Shared Repository - branch master updated

Douglas Bagnall Wed, 24 Jul 2024 23:28:21 -0700

The branch, master has been updated
       via  8903876f65d libcli:security: allow spaces after BAD:
      from  97677b15884 selftest: Move MIT Kerberos knownfails to separate 
files in their own directory


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8903876f65d5721d30186875d391889d1ddcd52c
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date:   Wed Jul 24 17:24:59 2024 +1200

    libcli:security: allow spaces after BAD:
    
    In AD_DS_Classes_Windows_Server_v1903.ldf from
    https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see
    
      defaultSecurityDescriptor: O:BAG:BAD: 
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685
    
    Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
    Reviewed-by: Jo Sutton <josut...@catalyst.net.nz>
    
    Autobuild-User(master): Douglas Bagnall <dbagn...@samba.org>
    Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/sddl.c     |  5 +++++
 python/samba/tests/sddl.py | 10 +++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index d1f77075238..c0fddb72e5f 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -814,6 +814,11 @@ static struct security_acl *sddl_decode_acl(struct 
security_descriptor *sd,
                return acl;
        }
 
+       /* Windows AD allows spaces here */
+       while (*sddl == ' ') {
+               sddl++;
+       }
+
        /* work out the ACL flags */
        if (!sddl_map_flags(acl_flags, sddl, flags, &len, true)) {
                *msg = talloc_strdup(sd, "bad ACL flags");
diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py
index b594021013a..6d4448233e3 100644
--- a/python/samba/tests/sddl.py
+++ b/python/samba/tests/sddl.py
@@ -670,6 +670,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
           ("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))),
 
         ("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"),
+        # whitespace before ACL string flags is ignored.
+        ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
+        ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
+        ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
+        ("D: S:","D:S:"),
     ]
 
 
@@ -818,17 +823,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
     strings = [
         # whitespace is ignored, repaired on return
         ("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"),
-        ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
-        # whitespace before ACL string flags is ignored.
-        ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
         # wrong case on type is ignored, fixed
         ("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"),
         ("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"),
         ("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"),
-        ("D: S:","D:S:"),
 
         # whitespace around ACL flags
-        ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
         ("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
 
         # whitespace between ACES


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to