s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights

prior to this patch rights matching "FA", "FR", "FW", "FX" were outputted as the hex string representing the bit value. While outputting the hex string is perfectly fine, it makes it harder to compare icacls output (which always uses the special string values) Additionally adjust various tests to deal with use of shortcut access masks as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead of hex representation of the bit mask. adjust samba4.blackbox.samba-tool_ntacl samba3.blackbox.large_acl samba.tests.samba_tool.ntacl samba.tests.ntacls samba.tests.posixacl so various string comparisons of the sddl format now pass Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> [abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex numbers, eg 0x001]
author: Noel Power <noel.power@suse.com> 2022-08-25 14:29:09 +0100
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-28 02:15:36 +0000
commit: d36bab52d0fd68a8d28238dbba7e7ea35b936e6c (patch)
tree: 3eabb66e06963aefc2a8c6c8cae5d01bbbff9115
parent: 0a153c1d58d8ae22432e990779afa0bb8fc9f9c9 (diff)
download: samba-d36bab52d0fd68a8d28238dbba7e7ea35b936e6c.tar.gz
8 files changed, 42 insertions, 31 deletions
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index ee024b2b0d7..e14b2748384 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -333,6 +333,22 @@ static const struct flag_map decode_ace_access_mask[] = {
 	{ NULL, 0 },
 };
 
+
+static char *sddl_match_file_rights(TALLOC_CTX *mem_ctx,
+				uint32_t flags)
+{
+	int i;
+
+	/* try to find an exact match */
+	for (i=0;decode_ace_access_mask[i].name;i++) {
+		if (decode_ace_access_mask[i].flag == flags) {
+			return talloc_strdup(mem_ctx,
+					decode_ace_access_mask[i].name);
+		}
+	}
+	return NULL;
+}
+
 static bool sddl_decode_access(const char *str, uint32_t *pmask)
 {
 	const char *str0 = str;
@@ -776,8 +792,12 @@ static char *sddl_transition_encode_ace(TALLOC_CTX *mem_ctx, const struct securi
 	sddl_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask,
 					 ace->access_mask, true);
 	if (sddl_mask == NULL) {
-		sddl_mask = talloc_asprintf(tmp_ctx, "0x%x",
-					     ace->access_mask);
+		sddl_mask = sddl_match_file_rights(tmp_ctx,
+				ace->access_mask);
+		if (sddl_mask == NULL) {
+			sddl_mask = talloc_asprintf(tmp_ctx, "0x%x",
+						    ace->access_mask);
+		}
 		if (sddl_mask == NULL) {
 			goto failed;
 		}
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 0296d5730c3..8cb7e5554a0 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1598,8 +1598,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
     return samdb
 
 
-SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x1f01ff;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)"
-POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x1f01ff;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1301bf;;;PA)"
+SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)"
+POLICIES_ACL = "O:LAG:BAD:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;SO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1301bf;;;PA)"
 SYSVOL_SERVICE = "sysvol"
 
 
diff --git a/python/samba/tests/ntacls.py b/python/samba/tests/ntacls.py
index e4e133fc061..4d625768d91 100644
--- a/python/samba/tests/ntacls.py
+++ b/python/samba/tests/ntacls.py
@@ -26,7 +26,7 @@ from samba.dcerpc import security
 from samba.tests import TestCaseInTempDir, SkipTest
 from samba.auth_util import system_session_unix
 
-NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
 DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467"
 
 
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index 3e4d266a634..0ef689d5cf3 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -31,7 +31,7 @@ from samba.auth_util import system_session_unix
 from errno import ENODATA
 
 DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467"
-ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
+ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
 
 
 class PosixAclMappingTests(SmbdBaseTests):
@@ -128,7 +128,7 @@ class PosixAclMappingTests(SmbdBaseTests):
 
     def test_setntacl_smbd_invalidate_getntacl_smbd(self):
         acl = ACL
-        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x1200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
+        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;FA;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x1200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
         os.chmod(self.tempf, 0o750)
         setntacl(self.lp, self.tempf, acl, DOM_SID,
                  self.get_session_info(), use_ntvfs=False)
@@ -161,7 +161,7 @@ class PosixAclMappingTests(SmbdBaseTests):
 
     def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
         acl = ACL
-        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
+        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;FR;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
         setntacl(self.lp, self.tempf, acl, DOM_SID,
                  self.get_session_info(), use_ntvfs=False)
         # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
@@ -173,7 +173,7 @@ class PosixAclMappingTests(SmbdBaseTests):
     def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
         acl = ACL
         BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
-        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x120089;;;BA)(A;;0x120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
+        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x1f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;FR;;;BA)(A;;FR;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
         setntacl(self.lp, self.tempf, acl, DOM_SID,
                  self.get_session_info(), use_ntvfs=False)
         # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
@@ -187,7 +187,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         self.assertEqual(simple_acl_from_posix, facl.as_sddl(anysid))
 
     def test_setntacl_smbd_getntacl_smbd_gpo(self):
-        acl = "O:DAG:DUD:P(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;EA)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+        acl = "O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
         setntacl(self.lp, self.tempf, acl, DOM_SID,
                  self.get_session_info(), use_ntvfs=False)
         facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
@@ -217,7 +217,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
         smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
         facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
-        acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;0x120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
+        acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;FR;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
         anysid = security.dom_sid(security.SID_NT_SELF)
         self.assertEqual(acl, facl.as_sddl(anysid))
 
@@ -234,7 +234,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         smbd.chown(self.tempdir, BA_id, SO_id, self.get_session_info())
         smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
         facl = getntacl(self.lp, self.tempdir, self.get_session_info(), direct_db_access=False)
-        acl = "O:BAG:SOD:(A;;0x1f01ff;;;BA)(A;;0x1200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x1f01ff;;;CO)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD)"
+        acl = "O:BAG:SOD:(A;;FA;;;BA)(A;;0x1200a9;;;SO)(A;;;;;WD)(A;OICIIO;FA;;;CO)(A;OICIIO;0x1200a9;;;CG)(A;OICIIO;0x1200a9;;;WD)"
 
         anysid = security.dom_sid(security.SID_NT_SELF)
         self.assertEqual(acl, facl.as_sddl(anysid))
@@ -249,7 +249,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
         facl = getntacl(self.lp, self.tempf, self.get_session_info(), direct_db_access=False)
         domsid = passdb.get_global_sam_sid()
-        acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;0x120089;;;BA)(A;;0x120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
+        acl = "O:%sG:%sD:(A;;0x1f019f;;;%s)(A;;FR;;;BA)(A;;FR;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
         anysid = security.dom_sid(security.SID_NT_SELF)
         self.assertEqual(acl, facl.as_sddl(anysid))
 
diff --git a/python/samba/tests/samba_tool/ntacl.py b/python/samba/tests/samba_tool/ntacl.py
index 555d57b8f19..caf2d7288f4 100644
--- a/python/samba/tests/samba_tool/ntacl.py
+++ b/python/samba/tests/samba_tool/ntacl.py
@@ -100,7 +100,7 @@ class NtACLCmdSysvolTestCase(SambaToolCmdTest):
 class NtACLCmdGetSetTestCase(SambaToolCmdTest):
     """Tests for samba-tool ntacl get/set subcommands"""
 
-    acl = "O:DAG:DUD:P(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;EA)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;DA)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+    acl = "O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
 
     def test_ntvfs(self):
         path = os.environ['SELFTEST_PREFIX']
@@ -163,9 +163,9 @@ class NtACLCmdGetSetTestCase(SambaToolCmdTest):
 
 class NtACLCmdChangedomsidTestCase(SambaToolCmdTest):
     """Tests for samba-tool ntacl changedomsid subcommand"""
-
+    maxDiff = 10000
     acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-    new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x1f01ff;;;CO)(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x1f01ff;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+    new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;0x1200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
     domain_sid=os.environ['DOMSID']
     new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
 
diff --git a/selftest/knownfail.d/sddl b/selftest/knownfail.d/sddl
index 516c33b372d..e69de29bb2d 100644
--- a/selftest/knownfail.d/sddl
+++ b/selftest/knownfail.d/sddl
@@ -1,4 +0,0 @@
-^samba.tests.sddl.+.SddlCanonical.test_sddl_D:.A;;FA;;;WD..none
-^samba.tests.sddl.+.SddlNonCanonical.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1+11522-more-characters.none
-^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:LAG:BAD:P.A;OICI;0x1f01ff;;;BA..none
-^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;+482-more-characters.none
diff --git a/source3/script/tests/test_large_acl.sh b/source3/script/tests/test_large_acl.sh
index b80b15ec094..ac960298cc0 100755
--- a/source3/script/tests/test_large_acl.sh
+++ b/source3/script/tests/test_large_acl.sh
@@ -43,14 +43,11 @@ build_files
 test_large_acl()
 {
 	#An ACL with 200 entries, ~7K
-	new_acl=$(seq 1001 1200 | sed -r -e '1 i\D:(A;;0x001f01ff;;;WD)' -e 's/(.*)/(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-\1)/' | tr -d '\n')
-        # the ace flags will lose their 0x00 padding when reserialised from the SD.
-        new_acl_out=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
+	new_acl=$(seq 1001 1200 | sed -r -e '1 i\D:(A;;FA;;;WD)' -e 's/(.*)/(A;;FA;;;S-1-5-21-11111111-22222222-33333333-\1)/' | tr -d '\n')
 	$SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl -S $new_acl large_acl
 	actual_acl=$($SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl --numeric large_acl 2>/dev/null | sed -rn 's/.*(D:.*)/\1/p' | tr -d '\n')
-	if [ ! "$new_acl_out" = "$actual_acl" ]; then
-		echo -e "given:\n$new_acl\n"
-		echo -e "expected:\n$new_acl_out\nactual:\n$actual_acl\n"
+	if [ ! "$new_acl" = "$actual_acl" ]; then
+		echo -e "expected:\n$new_acl\nactual:\n$actual_acl\n"
 		return 1
 	fi
 }
diff --git a/testprogs/blackbox/test_samba-tool_ntacl.sh b/testprogs/blackbox/test_samba-tool_ntacl.sh
index 813edd71e4c..fadb511f70e 100755
--- a/testprogs/blackbox/test_samba-tool_ntacl.sh
+++ b/testprogs/blackbox/test_samba-tool_ntacl.sh
@@ -18,15 +18,13 @@ samba_tool="$samba4bindir/samba-tool"
 testfile="$PREFIX/ntacl_testfile"
 
 # acl from samba_tool/ntacl.py tests
-acl="O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-
-new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+acl="O:DAG:DUD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+new_acl="O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)(A;OICI;FA;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
 
 acl_without_padding=$(echo -n "$acl" | perl -p -e 's/0x00/0x/g')
 new_acl_without_padding=$(echo -n "$new_acl" | perl -p -e 's/0x00/0x/g')
 
-new_domain_sid="S-1-5-21-2212615479-2695158682-2101375468"
-
 . $(dirname $0)/subunit.sh
 
 UID_WRAPPER_ROOT=1
author	Noel Power <noel.power@suse.com>	2022-08-25 14:29:09 +0100
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-28 02:15:36 +0000
commit	d36bab52d0fd68a8d28238dbba7e7ea35b936e6c (patch)
tree	3eabb66e06963aefc2a8c6c8cae5d01bbbff9115
parent	0a153c1d58d8ae22432e990779afa0bb8fc9f9c9 (diff)
download	samba-d36bab52d0fd68a8d28238dbba7e7ea35b936e6c.tar.gz