1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli:security: allow spaces after BAD:

In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see

  defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224
This commit is contained in:
Douglas Bagnall 2024-07-24 17:24:59 +12:00 committed by Douglas Bagnall
parent 97677b1588
commit 8903876f65
2 changed files with 10 additions and 5 deletions

View File

@ -814,6 +814,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
return acl;
}
/* Windows AD allows spaces here */
while (*sddl == ' ') {
sddl++;
}
/* work out the ACL flags */
if (!sddl_map_flags(acl_flags, sddl, flags, &len, true)) {
*msg = talloc_strdup(sd, "bad ACL flags");

View File

@ -670,6 +670,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))),
("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"),
# whitespace before ACL string flags is ignored.
("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
("D: S:","D:S:"),
]
@ -818,17 +823,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
strings = [
# whitespace is ignored, repaired on return
("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"),
("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
# whitespace before ACL string flags is ignored.
("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"),
# wrong case on type is ignored, fixed
("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"),
("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"),
("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"),
("D: S:","D:S:"),
# whitespace around ACL flags
("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
# whitespace between ACES