The Samba-Bugzilla – Attachment 18386 Details for
Bug 15685
Samba doesn't parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.20
bug-15685-v4-20.patch (text/plain), 2.74 KB, created by
Douglas Bagnall
on 2024-07-26 03:01:55 UTC
(
hide
)
Description:
patch for 4.20
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2024-07-26 03:01:55 UTC
Size:
2.74 KB
patch
obsolete
>From 7f4508f61b125072a78e06643873fbab3e0b458c Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Wed, 24 Jul 2024 17:24:59 +1200 >Subject: [PATCH] libcli:security: allow spaces after BAD: > >In AD_DS_Classes_Windows_Server_v1903.ldf from >https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see > > defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685 > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> > >Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> >Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224 > >(cherry picked from commit 8903876f65d5721d30186875d391889d1ddcd52c) >--- > libcli/security/sddl.c | 5 +++++ > python/samba/tests/sddl.py | 10 +++++----- > 2 files changed, 10 insertions(+), 5 deletions(-) > >diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c >index d1f77075238..c0fddb72e5f 100644 >--- a/libcli/security/sddl.c >+++ b/libcli/security/sddl.c >@@ -814,6 +814,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, > return acl; > } > >+ /* Windows AD allows spaces here */ >+ while (*sddl == ' ') { >+ sddl++; >+ } >+ > /* work out the ACL flags */ > if (!sddl_map_flags(acl_flags, sddl, flags, &len, true)) { > *msg = talloc_strdup(sd, "bad ACL flags"); >diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py >index b594021013a..6d4448233e3 100644 >--- a/python/samba/tests/sddl.py >+++ b/python/samba/tests/sddl.py >@@ -670,6 +670,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase): > ("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))), > > ("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"), >+ # whitespace before ACL string flags is ignored. >+ ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), >+ ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), >+ ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), >+ ("D: S:","D:S:"), > ] > > >@@ -818,17 +823,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase): > strings = [ > # whitespace is ignored, repaired on return > ("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"), >- ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), >- # whitespace before ACL string flags is ignored. >- ("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), > # wrong case on type is ignored, fixed > ("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"), > ("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"), > ("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"), >- ("D: S:","D:S:"), > > # whitespace around ACL flags >- ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), > ("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), > > # whitespace between ACES >-- >2.34.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 15685
:
18385
| 18386