sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-26 01:49:31 +03:00
Code Activity

python: dsal: Fix possibility of identical ACE's being added.

Browse Source 
Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace

"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"

already exists a sddl

"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"

can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.

Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144
This commit is contained in:
Martin Krämer
2019-01-09 13:17:02 +00:00
committed by Jeremy Allison
parent 2c113522fe
commit 4b26ccff85
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/samba/netcmd/dsacl.py
View File

@ -119,7 +119,7 @@ class cmd_dsacl_set(Command):
for ace in desc_aces:
if ("ID" in ace):
desc_sddl = desc_sddl.replace(ace, "")
if new_ace in desc_sddl:
if new_ace.lower() in desc_sddl.lower():
return
if desc_sddl.find("(") >= 0:
desc_sddl = desc_sddl[:desc_sddl.index("(")] + new_ace + desc_sddl[desc_sddl.index("("):]