The branch, v4-19-test has been updated
via 4419ccc5778 libcli:security: allow spaces after BAD:
from 2b35eab717b cmdline:burn: list commands to always burn; warn on
unknown
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit 4419ccc5778634d07338ae8733206b095234e453
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Jul 24 17:24:59 2024 +1200
libcli:security: allow spaces after BAD:
In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see
defaultSecurityDescriptor: O:BAG:BAD:
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Jo Sutton <josut...@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagn...@samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224
(cherry picked from commit 8903876f65d5721d30186875d391889d1ddcd52c)
Autobuild-User(v4-19-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-19-test): Mon Jul 29 13:17:42 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
libcli/security/sddl.c | 5 +++++
python/samba/tests/sddl.py | 10 +++++-----
2 files changed, 10 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index e14b2748384..899db18d651 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -560,6 +560,11 @@ static struct security_acl *sddl_decode_acl(struct
security_descriptor *sd,
return acl;
}
+ /* Windows AD allows spaces here */
+ while (*sddl == ' ') {
+ sddl++;
+ }
+
/* work out the ACL flags */
if (!sddl_map_flags(acl_flags, sddl, flags, &len, true)) {
talloc_free(acl);
diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py
index ac719eb3212..4aa9a04ec87 100644
--- a/python/samba/tests/sddl.py
+++ b/python/samba/tests/sddl.py
@@ -623,6 +623,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))),
("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"),
+ # whitespace before ACL string flags is ignored.
+ ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
+ ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
+ ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
+ ("D: S:","D:S:"),
]
@@ -761,17 +766,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
strings = [
# whitespace is ignored, repaired on return
("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"),
- ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
- # whitespace before ACL string flags is ignored.
- ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
# wrong case on type is ignored, fixed
("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"),
("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"),
("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"),
- ("D: S:","D:S:"),
# whitespace around ACL flags
- ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
# whitespace between ACES
--
Samba Shared Repository
