sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

libcli: Add file specific access flags to sddl

Browse Source 
See

https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings

for reference.

We can only use them for decoding, many of our tests depend on our
string representation of the flags.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Volker Lendecke 2021-03-22 14:43:54 +01:00 committed by Jeremy Allison
parent 2e60846859
commit 249b0e3202
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libcli/security/sddl.c
View File

@ -203,6 +203,14 @@ static const struct flag_map ace_access_mask[] = {
{ NULL, 0 } { NULL, 0 }
}; };
static const struct flag_map decode_ace_access_mask[] = {
{ "FA", FILE_ALL_ACCESS },
{ "FR", FILE_GENERIC_READ },
{ "FW", FILE_GENERIC_WRITE },
{ "FX", FILE_GENERIC_EXECUTE },
{ NULL, 0 },
};
/* /*
decode an ACE decode an ACE
return true on success, false on failure return true on success, false on failure
@ -245,7 +253,9 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
if (strncmp(tok[2], "0x", 2) == 0) { if (strncmp(tok[2], "0x", 2) == 0) {
ace->access_mask = strtol(tok[2], NULL, 16); ace->access_mask = strtol(tok[2], NULL, 16);
} else { } else {
if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL)) { if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL) &&
!sddl_map_flags(
decode_ace_access_mask, tok[2], &v, NULL)) {
return false; return false;
} }
ace->access_mask = v; ace->access_mask = v;