From b621c59f64cb85877e4fd116f31e5556f146d88e Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 16 Mar 2023 15:46:08 +1300 Subject: libcli/sec/sddl decode: allow hex numbers in SIDs These occur canonically when the indentifier authority is > 2^32, but also are accepted by Windows for any number. There is a tricky case with an "O:" or "G:" SID that is immediately followed by a "D:" dacl, because the "D" looks like a hex digit. When we detect this we need to subtract one from the length. We also need to do look out for trailing garbage. This was not an issue before because any string caught by the strspn(..., "-0123456789") would be either rejected or fully comsumed by dom_sid_parse_talloc(), but with hex digits, a string like "S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and the "x0xabcxxx-X" would be skipped over. That's why we switch to using dom_sid_parse_endp(), so we can compare the consumed length to the expected length. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- selftest/knownfail.d/sid-strings | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'selftest/knownfail.d') diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings index 4fc0e4127b9..9acc2b51a5a 100644 --- a/selftest/knownfail.d/sid-strings +++ b/selftest/knownfail.d/sid-strings @@ -68,14 +68,8 @@ ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-000000000001-5-20-243.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-000000001-5-32-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x5-0x20-0x243.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x50000000-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x500000000-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0xABcDef123-0xABCDef-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-22.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-281474976710656-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-0x20-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-3.2-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32--579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32-.579.ad_dc @@ -84,12 +78,6 @@ ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-000000000001-5-20-243.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-000000001-5-32-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x05-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x5-0x20-0x243.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x50000000-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x500000000-32-579.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0xABcDef123-0xABCDef-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-22.ad_dc -^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-5-0x20-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_s-1-5-32-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_s-1-5-32-579.ad_dc -- cgit v1.2.1