2021-04-16 17:32:27 +02:00
# Unix SMB/CIFS implementation.
# Copyright (C) Volker Lendecke <vl@samba.org> 2021
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
""" Tests for samba.dcerpc.security """
from samba . dcerpc import security
2023-08-11 11:08:00 +12:00
from samba . tests import TestCase , DynamicTestCase , get_env_dir
2023-04-14 01:00:18 +12:00
from samba . colour import c_RED , c_GREEN
2023-08-18 13:09:13 +12:00
import os
2023-04-14 01:00:18 +12:00
2021-04-16 17:32:27 +02:00
2023-04-13 15:59:32 +12:00
class SddlDecodeEncodeBase ( TestCase ) :
maxDiff = 10000
2023-08-18 13:10:02 +12:00
case_insensitive = False
2023-04-13 15:59:32 +12:00
@classmethod
def setUpDynamicTestCases ( cls ) :
cls . domain_sid = security . dom_sid ( " S-1-2-3-4 " )
2023-08-11 11:08:00 +12:00
2023-09-07 15:27:21 +12:00
strings_dir = getattr ( cls , ' strings_dir ' , None )
if strings_dir is not None :
cls . read_windows_strings ( strings_dir , False )
2023-08-11 11:08:00 +12:00
for ( key , fn ) in [
( " SAMBA_WRITE_WINDOWS_STRINGS_DIR " ,
cls . write_windows_strings ) ,
( " SAMBA_READ_WINDOWS_STRINGS_DIR " ,
2023-08-18 13:09:13 +12:00
cls . read_windows_strings ) ,
( " SAMBA_WRITE_FUZZ_STRINGS_DIR " ,
cls . write_sddl_strings_for_fuzz_seeds ) ] :
2023-08-11 11:08:00 +12:00
dir = get_env_dir ( key )
if dir is not None :
fn ( dir )
2023-04-13 15:59:32 +12:00
seen = set ( )
for pair in cls . strings :
if isinstance ( pair , str ) :
pair = ( pair , pair )
if pair in seen :
print ( f " seen { pair } after { len ( seen ) } " )
seen . add ( pair )
sddl , canonical = pair
2023-04-15 20:42:12 +12:00
2023-04-13 15:59:32 +12:00
name = sddl
if len ( name ) > 120 :
name = f " { name [ : 100 ] } + { len ( name ) - 100 } -more-characters "
2023-04-15 20:42:12 +12:00
if cls . should_succeed :
cls . generate_dynamic_test ( ' test_sddl ' , name , sddl , canonical )
else :
cls . generate_dynamic_test ( ' test_sddl_should_fail ' ,
name , sddl , canonical )
2023-04-13 15:59:32 +12:00
def _test_sddl_with_args ( self , s , canonical ) :
try :
sd1 = security . descriptor . from_sddl ( s , self . domain_sid )
2023-10-28 11:39:17 +13:00
except ( TypeError , ValueError , security . SDDLValueError ) as e :
2023-04-13 15:59:32 +12:00
self . fail ( f " raised { e } " )
sddl = sd1 . as_sddl ( self . domain_sid )
sd2 = security . descriptor . from_sddl ( sddl , self . domain_sid )
self . assertEqual ( sd1 , sd2 )
2023-08-18 13:10:02 +12:00
if ' 0X ' in canonical . upper ( ) or self . case_insensitive :
2023-04-16 18:43:40 +12:00
# let's chill out about case in hex numbers.
self . assertEqual ( sddl . upper ( ) , canonical . upper ( ) )
else :
self . assertEqual ( sddl , canonical )
2023-04-13 15:59:32 +12:00
2023-04-15 20:42:12 +12:00
def _test_sddl_should_fail_with_args ( self , s , canonical ) :
2023-10-26 16:31:40 +13:00
try :
2023-04-22 00:48:30 +12:00
sd = security . descriptor . from_sddl ( s , self . domain_sid )
2023-10-26 16:31:40 +13:00
except security . SDDLValueError as e :
generic_msg , specific_msg , position , sddl = e . args
self . assertEqual ( generic_msg , " Unable to parse SDDL " )
self . assertIsInstance ( specific_msg , str )
self . assertIsInstance ( position , int )
self . assertLessEqual ( position , len ( s ) )
self . assertGreaterEqual ( position , 0 )
self . assertEqual ( s , sddl )
print ( f " { s } \n { ' ' * position } ^ \n { specific_msg } " )
else :
self . fail ( f " { sd . as_sddl ( self . domain_sid ) } should fail to parse " )
2023-04-15 20:42:12 +12:00
2023-08-18 13:09:13 +12:00
@classmethod
def write_sddl_strings_for_fuzz_seeds ( cls , dir ) :
""" write all the SDDL strings we have into a directory as individual
files , using a naming convention beloved of fuzzing engines .
To run this set an environment variable ; see
cls . setUpDynamicTestCases ( ) , above .
Note this will only run in subclasses annotated with @DynamicTestCase .
"""
from hashlib import md5
for sddl in cls . strings :
if not isinstance ( sddl , str ) :
sddl = sddl [ 0 ]
name = md5 ( sddl . encode ( ) ) . hexdigest ( )
with open ( os . path . join ( dir , name ) , ' w ' ) as f :
f . write ( sddl )
2023-08-11 11:08:00 +12:00
@classmethod
def write_windows_strings ( cls , dir ) :
""" Write all test cases in the format used by
libcli / security / tests / windows / windows - sddl - tests . c which , if
2023-04-15 20:29:53 +12:00
compiled on Windows under Cygwin or MSYS64 , can run SDDL
parsing tests using the Windows API . This allows us to run the
same tests here and on Windows , to ensure we get the same
results .
That test program can read examples in a bespoke text format ,
in which each line looks like :
original sddl - > returned sddl
That is , the separator consists of the 4 bytes " -> " .
Multi - line examples are not possible .
2023-08-11 11:08:00 +12:00
To run this set an environment variable ; see
cls . setUpDynamicTestCases ( ) , above . Then if you copy the
file / s produced to Windows and run them in your POSIX - y shell
with
2023-04-15 20:29:53 +12:00
windows - sddl - tests - i path / to / * . txt
the results on Windows will be shown .
2023-08-11 11:08:00 +12:00
Note this will only run in subclasses annotated with @DynamicTestCase .
"""
name = f " { dir } / { cls . name } .txt "
2023-04-15 20:29:53 +12:00
with open ( name , ' w ' ) as f :
2023-08-11 11:08:00 +12:00
for p in cls . strings :
2023-04-15 20:29:53 +12:00
if isinstance ( p , str ) :
p = ( p , p )
print ( f " { p [ 0 ] } -> { p [ 1 ] } " , file = f )
2023-08-11 11:08:00 +12:00
@classmethod
2023-09-07 15:27:21 +12:00
def read_windows_strings ( cls , dir , verbose = True ) :
2023-08-11 11:08:00 +12:00
""" This is complementary to cls.write_windows_strings(), which writes
these tests in a format usable on Windows . In this case
examples will be read in , replacing the strings here with the
ones listed . Along the way it alerts you to the changes .
2023-04-15 20:29:53 +12:00
2023-08-11 11:08:00 +12:00
To run this set an environment variable ; see
cls . setUpDynamicTestCases ( ) , above .
2023-04-15 20:29:53 +12:00
2023-08-11 11:08:00 +12:00
Note this will only run in subclasses annotated with @DynamicTestCase .
"""
filename = f " { dir } / { cls . name } .txt "
2023-04-15 20:29:53 +12:00
2023-09-07 11:19:21 +12:00
if not hasattr ( cls , ' strings ' ) :
cls . strings = [ ]
2023-04-15 20:29:53 +12:00
old_pairs = set ( )
2023-08-11 11:08:00 +12:00
for s in cls . strings :
2023-04-15 20:29:53 +12:00
if isinstance ( s , str ) :
s = ( s , s )
old_pairs . add ( s )
new_pairs = set ( )
with open ( filename ) as f :
for line in f :
2023-08-11 11:08:00 +12:00
line = line . rstrip ( )
if line . startswith ( ' # ' ) or line == ' ' :
continue
o , _ , c = line . partition ( ' -> ' )
if c == ' ' :
c = o
2023-04-15 20:29:53 +12:00
new_pairs . add ( ( o , c ) )
if old_pairs == new_pairs :
# nothing to do
2023-09-07 15:27:21 +12:00
if verbose :
print ( f " no change in { c_GREEN ( cls . name ) } " )
2023-04-15 20:29:53 +12:00
return
2023-09-07 15:27:21 +12:00
if verbose :
print ( f " change in { c_RED ( cls . name ) } " )
print ( " added: " )
for x in sorted ( new_pairs - old_pairs ) :
print ( x )
print ( " removed: " )
for x in sorted ( old_pairs - new_pairs ) :
print ( x )
2023-04-15 20:29:53 +12:00
2023-08-11 11:08:00 +12:00
cls . strings [ : ] = sorted ( new_pairs )
2023-04-13 15:59:32 +12:00
@DynamicTestCase
class SddlNonCanonical ( SddlDecodeEncodeBase ) :
""" These ones are transformed in the round trip into a preferred
synonym . For example " S:D: " is accepted as input , but only " D:S:
will be output .
"""
name = " non_canonical "
2023-04-15 20:42:12 +12:00
should_succeed = True
2023-04-13 15:59:32 +12:00
strings = [
2023-04-13 22:18:21 +12:00
# format is (original, canonical); after passing through an SD
# object, the SDDL will look like the canonical version.
( " D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) " ,
" D:(A;;CC;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;LCRPLORC;;;AU) " ) ,
2021-04-16 17:32:27 +02:00
2023-04-13 22:18:21 +12:00
( ( " D:(A;;RP;;;WD) "
" (OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (A;;RPLCLORC;;;AU) "
" (A;;RPWPCRLCLOCCRCWDWOSW;;;BO) "
" (A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA) "
" (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) "
" (A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;ES) "
" (A;CI;LC;;;RU) "
" (OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU) "
" (OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU) "
" (A;;RPRC;;;RU) "
" (OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (A;;LCRPLORC;;;ED) "
" (OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU) "
" (OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU) "
" (OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;NO) "
" (OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;SU) "
" (OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU) "
" (OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU) "
" (OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU) "
" S:(AU;SA;WDWOWP;;;WD) " ) ,
( " D:(A;;RP;;;WD) "
" (OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED) "
" (OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (A;;LCRPLORC;;;AU) "
" (A;;CCLCSWRPWPLOCRRCWDWO;;;BO) "
" (A;CI;CCLCSWRPWPLOCRSDRCWDWO;;;BA) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;ES) "
" (A;CI;LC;;;RU) "
" (OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU) "
" (OA;CIIO;LCRPLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU) "
" (A;;RPRC;;;RU) "
" (OA;CIIO;LCRPLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU) "
" (A;;LCRPLORC;;;ED) "
" (OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;CIIO;LCRPLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU) "
" (OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU) "
" (OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED) "
" (OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;NO) "
" (OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA) "
" (OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;SU) "
" (OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU) "
" (OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU) "
" (OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU) "
" S:(AU;SA;WPWDWO;;;WD) " ) ) ,
2021-04-16 17:32:27 +02:00
2023-04-13 22:18:21 +12:00
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO) "
2023-04-22 18:11:49 +12:00
" (A;;WPRPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
2023-04-13 22:18:21 +12:00
" (A;;RPCRLCLORCSDDT;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;RPLCLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPDTLOCRSDRC;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;LCRPLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) " ) ) ,
( " D:(A;;RPLCLORC;;;BO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) " ,
" D:(A;;LCRPLORC;;;BO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;LCRPLORC;;;AU) " ) ,
2023-04-22 18:11:49 +12:00
( ( " D:(A;;WPCRCCDCLCLORCWOWDSDDTSWRP;;;BO) "
2023-04-13 22:18:21 +12:00
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO) "
2023-04-22 18:11:49 +12:00
" (A;;RPWPCRCCDCLCLORCWOWDSDSWDT;;;SY) "
2023-04-13 22:18:21 +12:00
" (A;;RPCRLCLORCSDDT;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;RPLCLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPDTLOCRSDRC;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;LCRPLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ) ,
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) " ,
" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) " ) ) ,
2023-04-22 18:11:49 +12:00
( ( " D:(A;;;;;BO) "
" (A;;;;;AO) "
" (A;;;;;SY) "
2023-04-13 22:18:21 +12:00
" (A;;RPCRLCLORCSDDT;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;RPLCLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ,
2023-04-22 18:11:49 +12:00
( " D:(A;;;;;BO) "
" (A;;;;;AO) "
" (A;;;;;SY) "
2023-04-13 22:18:21 +12:00
" (A;;LCRPDTLOCRSDRC;;;CO) "
" (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO) "
" (A;;LCRPLORC;;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (A;;CCDC;;;PS) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS) "
" (OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS) "
" (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO) "
" (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO) "
" (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ) ,
2023-04-22 18:11:49 +12:00
( " D:(A;;RPLCLORC;;;AU) " ,
" D:(A;;LCRPLORC;;;AU) " ) ,
2023-04-13 22:18:21 +12:00
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO) "
" (A;;RPLCLORC;;;PS) "
" (OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AO) "
" (A;;LCRPLORC;;;PS) "
" (OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) " ) ) ,
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;CO) " ) ) ,
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU)S:(AU;SA;WPCR;;;WD) " ) ) ,
2023-04-22 18:11:49 +12:00
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSWRP;;;BO) "
2023-04-13 22:18:21 +12:00
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO) "
" (A;;RPLCLORC;;;PS) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS) "
" (OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RD) "
" (OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RD) "
" (OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RD) "
" (A;;RC;;;AU) "
" (OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU) "
" (OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU) "
" (OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU) "
" (OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RD) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) "
" (OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;SU) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AO) "
" (A;;LCRPLORC;;;PS) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS) "
" (OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS) "
" (OA;;RPWP;e45795b2-9455-11d1-aebd-0000f80367c1;;PS) "
" (OA;;RPWP;e45795b3-9455-11d1-aebd-0000f80367c1;;PS) "
" (OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RD) "
" (OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RD) "
" (OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RD) "
" (A;;RC;;;AU) "
" (OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU) "
" (OA;;RP;77b5b886-944a-11d1-aebd-0000f80367c1;;AU) "
" (OA;;RP;e45795b3-9455-11d1-aebd-0000f80367c1;;AU) "
" (OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU) "
" (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) "
" (OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RD) "
" (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;SY) "
" (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;SU) "
" (OA;;RPWP;6db69a1c-9422-11d1-aebd-0000f80367c1;;SU) " ) ) ,
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) " ) ) ,
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) "
" (A;;LCRPLORC;;;ED) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) "
" (A;;LCRPLORC;;;ED) " ) ) ,
2023-03-21 13:02:13 +13:00
2023-04-13 22:18:21 +12:00
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (A;;RPLCLORC;;;AU) "
" (A;;LCRPLORC;;;ED) "
" (OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) " ) ,
( " D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO) "
" (OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO) "
" (A;;LCRPLORC;;;AU) "
" (A;;LCRPLORC;;;ED) "
" (OA;;CCDC;4828cc14-1437-45bc-9b07-ad6f015e5f28;;AO) " ) ) ,
2021-04-16 17:32:27 +02:00
2023-04-13 22:18:21 +12:00
( ( " D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) " ) ,
( " D:(A;;CCDCLCSWRPWPLOCRRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) " ) ) ,
( ( " D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;BO) "
" (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) "
" (A;;RPLCLORC;;;AU) " ) ,
( " D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BO) "
" (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) "
" (A;;LCRPLORC;;;AU) " ) ) ,
( " S:D:P " , " D:PS: " ) ,
( " S:D: " , " D:S: " ) ,
# decimal to hex
( " D:(A;;123456789;;;LG) " ,
" D:(A;;0x75bcd15;;;LG) " ) ,
# octal to hex
( " D:(A;;01234567;;;LG) " ,
" D:(A;;0x53977;;;LG) " ) ,
# numbers to flags
( " D:(A;;16;;;LG) " ,
" D:(A;;RP;;;LG) " ) ,
( " D:(A;;17;;;LG) " ,
" D:(A;;CCRP;;;LG) " ) ,
( " D:(A;;0xff;;;LG) " ,
" D:(A;;CCDCLCSWRPWPDTLO;;;LG) " ) ,
( " D:(A;;0xf01ff;;;LG) " ,
" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LG) " ) ,
( " D:(A;;0xe00f0000;;;LG) " ,
" D:(A;;SDRCWDWOGXGWGR;;;LG) " ) ,
2023-04-22 18:11:49 +12:00
# ACL flags
( " D:ARPAI(A;;GA;;;SY) " , " D:PARAI(A;;GA;;;SY) " ) ,
( " D:AIPAR(A;;GA;;;SY) " , " D:PARAI(A;;GA;;;SY) " ) ,
( " D:PARP(A;;GA;;;SY) " , " D:PAR(A;;GA;;;SY) " ) ,
( " D:PPPPPPPPPPPP(A;;GA;;;SY) " , " D:P(A;;GA;;;SY) " ) ,
2023-04-13 22:18:21 +12:00
# hex vs decimal
( ' D:(A;;CC;;;S-1-21474836480-32-579) ' ,
' D:(A;;CC;;;S-1-0x500000000-32-579) ' ) ,
( " D:(A;;GA;;;S-1-5000000000-30-40) " ,
" D:(A;;GA;;;S-1-0x12A05F200-30-40) " ) ,
( " D:(A;;GA;;;S-1-0x2-3-4) " ,
" D:(A;;GA;;;S-1-2-3-4) " ) ,
2023-04-22 18:11:49 +12:00
( " D:(A;;GA;;;S-1-0x20-3-4) " ,
" D:(A;;GA;;;S-1-32-3-4) " ) ,
2023-04-13 22:18:21 +12:00
( " D:(A;;GA;;;S-1-3-0x00000002-3-4) " ,
" D:(A;;GA;;;S-1-3-2-3-4) " ) ,
( " D:(A;;GA;;;S-1-3-0xffffffff-3-4) " ,
" D:(A;;GA;;;S-1-3-4294967295-3-4) " ) ,
( " D:(A;;GA;;;S-1-5-21-0x1-0x2-0x3-513) " ,
" D:(A;;GA;;;S-1-5-21-1-2-3-513) " ) ,
( " D:(A;;GA;;;S-1-5-21-2447931902-1787058256-3961074038-0x4b1) " ,
" D:(A;;GA;;;S-1-5-21-2447931902-1787058256-3961074038-1201) " ) ,
2023-04-22 18:11:49 +12:00
# ambiguous 'D', looks like part of the SID but isn't
( " O:S-1-2-0x200D: " , " O:S-1-2-512D: " ) ,
( " O:S-1-2-0x2D:(A;;GA;;;LG) " , " O:S-1-2-2D:(A;;GA;;;LG) " ) ,
2023-04-17 14:46:52 +12:00
# like the 'samba3.blackbox.large_acl.NT1' test in
# WindowsFlagsAreDifferent below, except using numeric flags
# that can't easily be turned into symbolic flags. Also it is
# longer, and uses different flags for each ACE.
( ( " D:(A;;0x00654321;;;WD) " +
' ' . join ( f " (A;;0x00abc { i : 03 } ;;;S-1-5-21-11111111-22222222-33333333- { i } ) "
for i in range ( 101 , 601 ) ) ) ,
( " D:(A;;0x654321;;;WD) " +
' ' . join ( f " (A;;0xabc { i : 03 } ;;;S-1-5-21-11111111-22222222-33333333- { i } ) "
for i in range ( 101 , 601 ) ) )
) ,
2023-04-23 08:52:42 +12:00
# Windows allows a space in the middle of access flags
( " D:AI(A;CI;RP LCLORC;;;AU) " , " D:AI(A;CI;LCRPLORC;;;AU) " ) ,
( " D:AI(A;CI;RP LCLO RC;;;AU) " , " D:AI(A;CI;LCRPLORC;;;AU) " ) ,
# space before string flags is ignored.
( " D:(A;; GA;;;LG) " , " D:(A;;GA;;;LG) " ) ,
2023-04-28 10:46:27 +12:00
( " D:(A;; 0x75bcd15;;;LG) " , " D:(A;;0x75bcd15;;;LG) " ) ,
2023-04-26 16:27:38 +12:00
# from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
( ( " D:(A;;0x001f01ff;;;WD) " +
' ' . join ( f " (A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333- { i } ) "
for i in range ( 1001 , 1201 ) ) ) ,
( " D:(A;;FA;;;WD) " +
' ' . join ( f " (A;;FA;;;S-1-5-21-11111111-22222222-33333333- { i } ) "
for i in range ( 1001 , 1201 ) ) )
) ,
# from samba4.blackbox.samba-tool_ntacl, but using 0x1f01ff in place of FA (which it will become)
( ( " O:S-1-5-21-2212615479-2695158682-2101375468-512 "
" G:S-1-5-21-2212615479-2695158682-2101375468-513 "
" D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512) "
" (A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519) "
" (A;OICIIO;0x001f01ff;;;CO) "
" (A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512) "
" (A;OICI;0x001f01ff;;;SY) "
" (A;OICI;0x001200a9;;;AU) "
" (A;OICI;0x001200a9;;;ED) "
" S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1; "
" bf967aa5-0de6-11d0-a285-00aa003049e2;WD) "
" (OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1; "
" bf967aa5-0de6-11d0-a285-00aa003049e2;WD) " ) ,
( " O:S-1-5-21-2212615479-2695158682-2101375468-512 "
" G:S-1-5-21-2212615479-2695158682-2101375468-513 "
" D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512) "
" (A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519) "
" (A;OICIIO;FA;;;CO) "
" (A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512) "
" (A;OICI;FA;;;SY) "
" (A;OICI;0x1200a9;;;AU) "
" (A;OICI;0x1200a9;;;ED) "
" S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1; "
" bf967aa5-0de6-11d0-a285-00aa003049e2;WD) "
" (OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1; "
" bf967aa5-0de6-11d0-a285-00aa003049e2;WD) " ) ) ,
2023-04-26 17:00:17 +12:00
( ( " O:LAG:BAD:P(A;OICI;0x1f01ff;;;BA) " ) ,
( " O:LAG:BAD:P(A;OICI;FA;;;BA) " ) ) ,
( ( " O:LAG:BAD:(A;;0x1ff;;;WD) " ,
( " O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD) " ) ) ) ,
( " D:(A;;FAGX;;;SY) " , " D:(A;;0x201f01ff;;;SY) " ) ,
2024-07-24 17:24:59 +12:00
# whitespace before ACL string flags is ignored.
( " D: (A;;GA;;;LG) " , " D:(A;;GA;;;LG) " ) ,
( " D: AI(A;;GA;;;LG) " , " D:AI(A;;GA;;;LG) " ) ,
( " D: P(A;;GA;;;LG) " , " D:P(A;;GA;;;LG) " ) ,
( " D: S: " , " D:S: " ) ,
2023-04-22 18:11:49 +12:00
]
2023-04-13 22:18:21 +12:00
2023-04-13 15:59:32 +12:00
@DynamicTestCase
class SddlCanonical ( SddlDecodeEncodeBase ) :
""" These ones are expected to be returned in exactly the form they
start in . Hence we only have one string for each example .
"""
name = " canonical "
2023-04-15 20:42:12 +12:00
should_succeed = True
2023-04-13 15:59:32 +12:00
strings = [
2023-04-22 18:11:49 +12:00
# derived from GPO acl in provision, "-512D" could be misinterpreted
( " O:S-1-5-21-1225132014-296224811-2507946102-512 "
" G:S-1-5-21-1225132014-296224811-2507946102-512 "
" D:P " ) ,
2023-04-13 22:18:21 +12:00
" D:(A;;GA;;;SY) " ,
" D:(A;;GA;;;RU) " ,
" D:(A;;GA;;;LG) " ,
" D:(A;;0x401200a0;;;LG) " ,
2021-04-16 17:32:27 +02:00
" D:S: " ,
2023-03-17 12:19:00 +13:00
" D:PS: " ,
2023-04-13 22:18:21 +12:00
' D:(A;;GA;;;RS) ' ,
" S:(AU;SA;CR;;;WD)(AU;SA;CR;;;WD) " ,
( " S:(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) "
" (OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) " ) ,
" D:(A;;GA;;;S-1-3-4294967295-3-4) " ,
" D:(A;;GA;;;S-1-5-21-1-2-3-513) " ,
" D:(A;;GA;;;S-1-5-21-2447931902-1787058256-3961074038-1201) " ,
2023-04-22 18:11:49 +12:00
" O:S-1-2-512D: " ,
" D:PARAI(A;;GA;;;SY) " ,
" D:P(A;;GA;;;LG)(A;;GX;;;AA) " ,
2023-04-26 17:00:17 +12:00
" D:(A;;FA;;;WD) " ,
" D:(A;;CCDCLCSWRPWPDTLOCR;;;WD) " ,
" D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA) "
2021-04-16 17:32:27 +02:00
]
2023-04-14 01:00:18 +12:00
2023-04-15 20:24:24 +12:00
@DynamicTestCase
class SddlShouldFail ( SddlDecodeEncodeBase ) :
""" These ones should be rejected.
"""
name = " should_fail "
should_succeed = False
strings = [
" Z:(A;;GA;;;SY) " ,
" D:(Antlers;;GA;;;SY) " ,
" Q:(A;;GA;;;RU) " ,
" d:(A;;GA;;;LG) " ,
" D:((A;;GA;;;LG)) " ,
" D:(A;;GA;;) " ,
" D :S: " ,
" S:(AU;SA;CROOO;;;WD)(AU;SA;CR;;;WD) " ,
" D:(A;;GA;;;S-1-0x1313131313131-513) " ,
" D:(A;;GA;a;;S-1-5-21-2447931902-1787058256-0x3961074038-1201) " ,
" D:(A;;GA;a;;S-1-5-21-2447931902-1787058256-0xec193176-1201) " ,
( " S:(OOU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) "
" (OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) " ) ,
( " S:(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-00potato7c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) "
" (OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-00chips7c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) " ) ,
" D:P:S: " ,
" D:(Ā;;GA;;;LG) " , # macron on Ā
# whitespace around flags
" D:(A;;123456789 ;;;LG) " ,
" D:(A;;0x75bcd15 \t ;;;LG) " ,
" D:(A;; 0x75bcd15;;;LG " ,
" D:(A;;0x 75bcd15;;;LG) " ,
# Windows accepts space before string flags, not after.
" D:(A;;GA ;;;LG) " ,
" D:(A;;RP ;;;LG) " ,
2023-04-28 10:46:27 +12:00
# wrong numbers of ';'
" D:(A;;GA;;;LG;) " ,
" D:(A;;GA;;;LG;;) " ,
" D:(A;;GA) " ,
f " D:(A; { ' ; ' * 10000 } ) " ,
2023-04-15 20:24:24 +12:00
# space after SID is bad
# but Windows accepts space before SID, after 2-letter SID
" D:(A;;GA;;;S-1-3-4 ) " ,
" D:(A;;GA; f30e3bbf-9ff0-11d1-b603-0000f80367c1;;WD) " ,
" D:(A;;GA;f30e3bbf-9ff0-11d1-b603-0000f80367c1 ;;WD) " ,
" D:(A;;GA;; f30e3bbf-9ff0-11d1-b603-0000f80367c1;WD) " ,
" D:(A;;GA;;f30e3bbf-9ff0-11d1-b603-0000f80367c1 ;WD) " ,
2023-04-23 08:52:42 +12:00
2023-04-26 10:33:12 +12:00
# Samba used to use GUID_from_string(), which would take
# anything GUID-ish, including {}-wrapped GUIDs, hyphen-less
# hexstrings, and 16 raw bytes. But we only want one kind.
" D:(A;;GA;; { f30e3bbf-9ff0-11d1-b603-0000f80367c1};WD) " ,
# would have been treated as raw bytes.
" D:(A;;GA;;0123456789abcdef;WD) " ,
# would have been 16 hex pairs.
" D:(A;;GA;;0123456789abcdef0123456789abcdef;WD) " ,
2023-04-23 08:52:42 +12:00
# space splits a flag in half.
" D:AI(A;CI;RP LCLOR C;;;AU) " ,
# tabs in flags
" D:AI(A;CI;RP LC \t LORC;;;AU) " ,
" D:AI(A;CI;RP LC \t LORC;;;AU) " ,
# incomplete SIDs
" O:S " ,
" O:S- " ,
" O:S-1 " ,
" O:S-10 " ,
" O:S-0 " ,
" O:S-1- " ,
" O:S-0x1 " ,
" O:S-0x1- " ,
" O: " ,
" O:XX " ,
2023-04-28 10:46:27 +12:00
" D:( "
" D:() "
" D:()) "
" D:(A;;0x75bcd15;;;LG)) " ,
2023-04-15 20:24:24 +12:00
]
2023-04-14 01:00:18 +12:00
2023-04-15 20:32:30 +12:00
@DynamicTestCase
class SddlWindowsIsFussy ( SddlDecodeEncodeBase ) :
""" Windows won ' t accept these strings, seemingly for semantic rather than
syntactic reasons .
"""
name = " windows_is_fussy "
should_succeed = True
strings = [
# Windows doesn't seem to want AU type in DACL.
( " D:(A;;RP;;;WD) "
" (AU;SA;CR;;;BA) "
" (AU;SA;CR;;;DU) " ) ,
]
@DynamicTestCase
class SddlWindowsIsLessFussy ( SddlDecodeEncodeBase ) :
""" Windows will accept these seemingly malformed strings, but Samba
won ' t.
"""
name = " windows_is_less_fussy "
should_succeed = False
strings = [
# whitespace is ignored, repaired on return
( " D:(A;;GA;;; LG) " , " D:(A;;GA;;;LG) " ) ,
# wrong case on type is ignored, fixed
( " D:(a;;GA;;;LG) " , " D:(A;;GA;;;LG) " ) ,
( " D:(A;;GA;;;lg) " , " D:(A;;GA;;;LG) " ) ,
( " D:(A;;ga;;;LG) " , " D:(A;;GA;;;LG) " ) ,
# whitespace around ACL flags
( " D:P (A;;GA;;;LG) " , " D:P(A;;GA;;;LG) " ) ,
# whitespace between ACES
( " D:P(A;;GA;;;LG) (A;;GX;;;AA) " ,
" D:P(A;;GA;;;LG)(A;;GX;;;AA) " ) ,
# whitespace in absent ace flags
( " D:(A; ;GA;;;LG) " , " D:(A;;GA;;;LG) " ) ,
2023-04-23 08:52:42 +12:00
# space after ACL flags
( " D:AI (A;;GA;;;LG) " , " D:AI(A;;GA;;;LG) " ) ,
2023-04-15 20:32:30 +12:00
# and more whitespace.
( " D:(A;;GA;;; WD) " , " D:(A;;GA;;;WD) " ) ,
( " D:(A;;GA;;;WD ) " , " D:(A;;GA;;;WD) " ) ,
( " D:(A;;GA;;; S-1-3-4) " , " D:(A;;GA;;;OW) " ) ,
( " D:(A;;GA;; ;S-1-3-4) " , " D:(A;;GA;;;OW) " ) ,
( " D:(A;;GA; ;;S-1-3-4) " , " D:(A;;GA;;;OW) " ) ,
( " D:(A;;GA;;; S-1-333-4) " , " D:(A;;GA;;;S-1-333-4) " ) ,
( " D:(A;;GA; ;;S-1-333-4) " , " D:(A;;GA;;;S-1-333-4) " ) ,
( " O:AA " , " O:AA " ) ,
( " O:AA " , " O:AA " ) ,
( " O:AA G:WD " , " O:AAG:WD " ) ,
# spaces in some parts of the SID (not subauth)
( " O:S- 1- 2-3 " , " O:S-1-2-3 " ) ,
]
2023-04-15 20:24:24 +12:00
@DynamicTestCase
class SddlWindowsIsWeird ( SddlDecodeEncodeBase ) :
""" Windows will accept some very misleading SDDL strings.
"""
name = " windows_is_weird "
should_succeed = False
strings = [
# overflow of hex turns on all flags
( " D:(A;;0x123456789;;;LG) " ,
" D:(A;;0xffffffff;;;LG) " ) ,
# S-Ox1- makes all the rest of the SID hex.
( ' D:(A;;CC;;;S-0x1-0-0-579) ' ,
' D:(A;;CC;;;S-1-0-0-1401) ' ) ,
( ' O:S-0x1-20-0-579 ' , ' O:S-1-32-0-1401 ' ) ,
( " D:(A;;GA;;;S-1-3-4294967296-3-4) " ,
" D:(A;;GA;;;S-1-3-4294967295-3-4) " ) ,
# sid overflow
( " D:(A;;GA;;;S-1-3-0x100000000-3-4) " ,
" D:(A;;GA;;;S-1-3-4294967295-3-4) " ) ,
( " D:(A;;GA;;;S-1-5-21-0x1313131313131-513) " ,
" D:(A;;GA;;;S-1-5-21-4294967295-513) " ) ,
# negative numbers for access flags
( " D:(A;;-99;;;LG) " ,
" D:(A;;0xffffff9d;;;LG) " ) ,
( " D:(A;;-0xffffff55;;;LG) " ,
" D:(A;;CCDCSWWPLO;;;LG) " ) ,
# combine overflow with negatives
# -9876543210 == -0xffffffff == -(-1) == 0x1 == CC flag
( " D:(A;;-9876543210;;;LG) " ,
" D:(A;;CC;;;LG) " ) ,
# overflow of hex turns on all flags
( " D:(A;;100000000000000000000000;;;LG) " ,
" D:(A;;0xffffffff;;;LG) " ) ,
]
