diff options
| author | Noel Power <noel.power@suse.com> | 2022-08-25 14:29:09 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-04-28 02:15:36 +0000 |
| commit | d36bab52d0fd68a8d28238dbba7e7ea35b936e6c (patch) | |
| tree | 3eabb66e06963aefc2a8c6c8cae5d01bbbff9115 /libcli | |
| parent | 0a153c1d58d8ae22432e990779afa0bb8fc9f9c9 (diff) | |
| download | samba-d36bab52d0fd68a8d28238dbba7e7ea35b936e6c.tar.gz | |
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.
While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)
Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.
adjust
samba4.blackbox.samba-tool_ntacl
samba3.blackbox.large_acl
samba.tests.samba_tool.ntacl
samba.tests.ntacls
samba.tests.posixacl
so various string comparisons of the sddl format now pass
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
numbers, eg 0x001]
Diffstat (limited to 'libcli')
| -rw-r--r-- | libcli/security/sddl.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c index ee024b2b0d7..e14b2748384 100644 --- a/libcli/security/sddl.c +++ b/libcli/security/sddl.c @@ -333,6 +333,22 @@ static const struct flag_map decode_ace_access_mask[] = { { NULL, 0 }, }; + +static char *sddl_match_file_rights(TALLOC_CTX *mem_ctx, + uint32_t flags) +{ + int i; + + /* try to find an exact match */ + for (i=0;decode_ace_access_mask[i].name;i++) { + if (decode_ace_access_mask[i].flag == flags) { + return talloc_strdup(mem_ctx, + decode_ace_access_mask[i].name); + } + } + return NULL; +} + static bool sddl_decode_access(const char *str, uint32_t *pmask) { const char *str0 = str; @@ -776,8 +792,12 @@ static char *sddl_transition_encode_ace(TALLOC_CTX *mem_ctx, const struct securi sddl_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, true); if (sddl_mask == NULL) { - sddl_mask = talloc_asprintf(tmp_ctx, "0x%x", - ace->access_mask); + sddl_mask = sddl_match_file_rights(tmp_ctx, + ace->access_mask); + if (sddl_mask == NULL) { + sddl_mask = talloc_asprintf(tmp_ctx, "0x%x", + ace->access_mask); + } if (sddl_mask == NULL) { goto failed; } |