mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r12010: - added support for domain specific SID codes in SDDL strings
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
(This used to be commit c30e7698e8
)
This commit is contained in:
parent
86a6ce529f
commit
f5ed8cc829
@ -35,6 +35,7 @@ struct flag_map {
|
||||
static BOOL sddl_map_flags(const struct flag_map *map, const char *str,
|
||||
uint32_t *flags, size_t *len)
|
||||
{
|
||||
const char *str0 = str;
|
||||
if (len) *len = 0;
|
||||
*flags = 0;
|
||||
while (str[0] && isupper(str[0])) {
|
||||
@ -49,7 +50,7 @@ static BOOL sddl_map_flags(const struct flag_map *map, const char *str,
|
||||
}
|
||||
}
|
||||
if (map[i].name == NULL) {
|
||||
DEBUG(2, ("Unknown flag - %s\n", str));
|
||||
DEBUG(1, ("Unknown flag - %s in %s\n", str, str0));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
@ -62,15 +63,36 @@ static BOOL sddl_map_flags(const struct flag_map *map, const char *str,
|
||||
static const struct {
|
||||
const char *code;
|
||||
const char *sid;
|
||||
uint32_t rid;
|
||||
} sid_codes[] = {
|
||||
{ "AO", SID_BUILTIN_ACCOUNT_OPERATORS },
|
||||
{ "BA", SID_BUILTIN_ADMINISTRATORS },
|
||||
{ "RU", SID_BUILTIN_PREW2K },
|
||||
{ "PO", SID_BUILTIN_PRINT_OPERATORS },
|
||||
{ "RS", SID_BUILTIN_RAS_SERVERS },
|
||||
|
||||
{ "AU", SID_NT_AUTHENTICATED_USERS },
|
||||
{ "SY", SID_NT_SYSTEM },
|
||||
{ "PS", SID_NT_SELF },
|
||||
{ "WD", SID_WORLD },
|
||||
{ "ED", SID_NT_ENTERPRISE_DCS },
|
||||
|
||||
{ "CO", SID_CREATOR_OWNER },
|
||||
{ "CG", SID_CREATOR_GROUP },
|
||||
|
||||
{ "DA", NULL, DOMAIN_RID_ADMINS },
|
||||
{ "EA", NULL, DOMAIN_RID_ENTERPRISE_ADMINS },
|
||||
{ "DD", NULL, DOMAIN_RID_DCS },
|
||||
{ "DU", NULL, DOMAIN_RID_USERS },
|
||||
{ "CA", NULL, DOMAIN_RID_CERT_ADMINS },
|
||||
};
|
||||
|
||||
/*
|
||||
decode a SID
|
||||
It can either be a special 2 letter code, or in S-* format
|
||||
*/
|
||||
static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp)
|
||||
static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp,
|
||||
struct dom_sid *domain_sid)
|
||||
{
|
||||
const char *sddl = (*sddlp);
|
||||
int i;
|
||||
@ -84,26 +106,31 @@ static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp)
|
||||
|
||||
/* now check for one of the special codes */
|
||||
for (i=0;i<ARRAY_SIZE(sid_codes);i++) {
|
||||
if (strncmp(sid_codes[i].code, sddl, 2)) break;
|
||||
if (strncmp(sid_codes[i].code, sddl, 2) == 0) break;
|
||||
}
|
||||
if (i == ARRAY_SIZE(sid_codes)) {
|
||||
DEBUG(2,("Unknown sddl sid code '%2.2s'\n", sddl));
|
||||
DEBUG(1,("Unknown sddl sid code '%2.2s'\n", sddl));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
(*sddlp) += 2;
|
||||
|
||||
if (sid_codes[i].sid == NULL) {
|
||||
return dom_sid_add_rid(mem_ctx, domain_sid, sid_codes[i].rid);
|
||||
}
|
||||
|
||||
return dom_sid_parse_talloc(mem_ctx, sid_codes[i].sid);
|
||||
}
|
||||
|
||||
static const struct flag_map ace_types[] = {
|
||||
{ "A", SEC_ACE_TYPE_ACCESS_ALLOWED },
|
||||
{ "D", SEC_ACE_TYPE_ACCESS_DENIED },
|
||||
{ "AU", SEC_ACE_TYPE_SYSTEM_AUDIT },
|
||||
{ "AL", SEC_ACE_TYPE_SYSTEM_ALARM },
|
||||
{ "OA", SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT },
|
||||
{ "OD", SEC_ACE_TYPE_ACCESS_DENIED_OBJECT },
|
||||
{ "OU", SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT },
|
||||
{ "OL", SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT },
|
||||
{ "A", SEC_ACE_TYPE_ACCESS_ALLOWED },
|
||||
{ "D", SEC_ACE_TYPE_ACCESS_DENIED },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
@ -132,6 +159,10 @@ static const struct flag_map ace_access_mask[] = {
|
||||
{ "SD", SEC_STD_DELETE },
|
||||
{ "DT", SEC_ADS_DELETE_TREE },
|
||||
{ "SW", SEC_ADS_SELF_WRITE },
|
||||
{ "GA", SEC_GENERIC_ALL },
|
||||
{ "GR", SEC_GENERIC_READ },
|
||||
{ "GW", SEC_GENERIC_WRITE },
|
||||
{ "GX", SEC_GENERIC_EXECUTE },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
@ -140,15 +171,17 @@ static const struct flag_map ace_access_mask[] = {
|
||||
return True on success, False on failure
|
||||
note that this routine modifies the string
|
||||
*/
|
||||
static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char *str)
|
||||
static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char *str,
|
||||
struct dom_sid *domain_sid)
|
||||
{
|
||||
ZERO_STRUCTP(ace);
|
||||
const char *tok[6];
|
||||
const char *s;
|
||||
int i;
|
||||
uint32_t v;
|
||||
struct dom_sid *sid;
|
||||
|
||||
ZERO_STRUCTP(ace);
|
||||
|
||||
/* parse out the 6 tokens */
|
||||
tok[0] = str;
|
||||
for (i=0;i<5;i++) {
|
||||
@ -183,19 +216,25 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
|
||||
|
||||
/* object */
|
||||
if (tok[3][0] != 0) {
|
||||
/* TODO: add object parsing ... */
|
||||
return False;
|
||||
NTSTATUS status = GUID_from_string(tok[3],
|
||||
&ace->object.object.type.type);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
/* inherit object */
|
||||
if (tok[4][0] != 0) {
|
||||
/* TODO: add object parsing ... */
|
||||
return False;
|
||||
NTSTATUS status = GUID_from_string(tok[4],
|
||||
&ace->object.object.inherited_type.inherited_type);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
/* trustee */
|
||||
s = tok[5];
|
||||
sid = sddl_decode_sid(mem_ctx, &s);
|
||||
sid = sddl_decode_sid(mem_ctx, &s, domain_sid);
|
||||
if (sid == NULL) {
|
||||
return False;
|
||||
}
|
||||
@ -217,7 +256,8 @@ static const struct flag_map acl_flags[] = {
|
||||
decode an ACL
|
||||
*/
|
||||
static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
|
||||
const char **sddlp, uint32_t *flags)
|
||||
const char **sddlp, uint32_t *flags,
|
||||
struct dom_sid *domain_sid)
|
||||
{
|
||||
const char *sddl = *sddlp;
|
||||
struct security_acl *acl;
|
||||
@ -227,6 +267,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
|
||||
if (acl == NULL) return NULL;
|
||||
acl->revision = SECURITY_ACL_REVISION_NT4;
|
||||
|
||||
if (isupper(sddl[0]) && sddl[1] == ':') {
|
||||
/* its an empty ACL */
|
||||
return acl;
|
||||
}
|
||||
|
||||
/* work out the ACL flags */
|
||||
if (!sddl_map_flags(acl_flags, sddl, flags, &len)) {
|
||||
talloc_free(acl);
|
||||
@ -248,7 +293,8 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
|
||||
talloc_free(acl);
|
||||
return NULL;
|
||||
}
|
||||
if (!sddl_decode_ace(acl->aces, &acl->aces[acl->num_aces], astr)) {
|
||||
if (!sddl_decode_ace(acl->aces, &acl->aces[acl->num_aces],
|
||||
astr, domain_sid)) {
|
||||
talloc_free(acl);
|
||||
return NULL;
|
||||
}
|
||||
@ -264,7 +310,8 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
|
||||
/*
|
||||
decode a security descriptor in SDDL format
|
||||
*/
|
||||
struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl)
|
||||
struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
|
||||
struct dom_sid *domain_sid)
|
||||
{
|
||||
struct security_descriptor *sd;
|
||||
sd = talloc_zero(mem_ctx, struct security_descriptor);
|
||||
@ -281,13 +328,13 @@ struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl)
|
||||
switch (c) {
|
||||
case 'D':
|
||||
if (sd->dacl != NULL) goto failed;
|
||||
sd->dacl = sddl_decode_acl(sd, &sddl, &flags);
|
||||
sd->dacl = sddl_decode_acl(sd, &sddl, &flags, domain_sid);
|
||||
if (sd->dacl == NULL) goto failed;
|
||||
sd->type |= flags | SEC_DESC_DACL_PRESENT;
|
||||
break;
|
||||
case 'S':
|
||||
if (sd->sacl != NULL) goto failed;
|
||||
sd->sacl = sddl_decode_acl(sd, &sddl, &flags);
|
||||
sd->sacl = sddl_decode_acl(sd, &sddl, &flags, domain_sid);
|
||||
if (sd->sacl == NULL) goto failed;
|
||||
/* this relies on the SEC_DESC_SACL_* flags being
|
||||
1 bit shifted from the SEC_DESC_DACL_* flags */
|
||||
@ -295,12 +342,12 @@ struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl)
|
||||
break;
|
||||
case 'O':
|
||||
if (sd->owner_sid != NULL) goto failed;
|
||||
sd->owner_sid = sddl_decode_sid(sd, &sddl);
|
||||
sd->owner_sid = sddl_decode_sid(sd, &sddl, domain_sid);
|
||||
if (sd->owner_sid == NULL) goto failed;
|
||||
break;
|
||||
case 'G':
|
||||
if (sd->group_sid != NULL) goto failed;
|
||||
sd->group_sid = sddl_decode_sid(sd, &sddl);
|
||||
sd->group_sid = sddl_decode_sid(sd, &sddl, domain_sid);
|
||||
if (sd->group_sid == NULL) goto failed;
|
||||
break;
|
||||
}
|
||||
|
@ -159,6 +159,19 @@ interface security
|
||||
const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550";
|
||||
const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
|
||||
const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
|
||||
const string SID_BUILTIN_RAS_SERVERS = "S-1-5-32-553";
|
||||
const string SID_BUILTIN_PREW2K = "S-1-5-32-554";
|
||||
|
||||
/* well-known domain RIDs */
|
||||
const int DOMAIN_RID_LOGON = 9;
|
||||
const int DOMAIN_RID_ADMINISTRATOR = 500;
|
||||
const int DOMAIN_RID_GUEST = 501;
|
||||
const int DOMAIN_RID_ADMINS = 512;
|
||||
const int DOMAIN_RID_USERS = 513;
|
||||
const int DOMAIN_RID_DCS = 516;
|
||||
const int DOMAIN_RID_CERT_ADMINS = 517;
|
||||
const int DOMAIN_RID_SCHEMA_ADMINS = 518;
|
||||
const int DOMAIN_RID_ENTERPRISE_ADMINS = 519;
|
||||
|
||||
|
||||
/*
|
||||
|
@ -30,7 +30,9 @@
|
||||
static BOOL test_sddl(TALLOC_CTX *mem_ctx, const char *sddl)
|
||||
{
|
||||
struct security_descriptor *sd;
|
||||
sd = sddl_decode(mem_ctx, sddl);
|
||||
struct dom_sid *domain;
|
||||
domain = dom_sid_parse_talloc(mem_ctx, "S-1-2-3-4");
|
||||
sd = sddl_decode(mem_ctx, sddl, domain);
|
||||
if (sd == NULL) {
|
||||
printf("Failed to decode '%s'\n", sddl);
|
||||
return False;
|
||||
@ -39,11 +41,28 @@ static BOOL test_sddl(TALLOC_CTX *mem_ctx, const char *sddl)
|
||||
NDR_PRINT_DEBUG(security_descriptor, sd);
|
||||
}
|
||||
talloc_free(sd);
|
||||
talloc_free(domain);
|
||||
return True;
|
||||
}
|
||||
|
||||
static const char *examples[] = {
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)"
|
||||
"D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
|
||||
"D:(A;;GA;;;SY)",
|
||||
"D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)",
|
||||
"D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
|
||||
"D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
|
||||
"D:S:",
|
||||
"D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)"
|
||||
};
|
||||
|
||||
/* test a set of example SDDL strings */
|
||||
|
Loading…
Reference in New Issue
Block a user