libcli: Add file specific access flags to sddl

See

https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings

for reference.

We can only use them for decoding, many of our tests depend on our
string representation of the flags.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index ec8cc98e10a480939f1de9cf98b3c28f602dea9c..47223515a626dc6d3968e671b5d1ef67710cf9c1 100644 (file)
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -203,6 +203,14 @@ static const struct flag_map ace_access_mask[] = {
        { NULL, 0 }
 };
 
+static const struct flag_map decode_ace_access_mask[] = {
+       { "FA", FILE_ALL_ACCESS },
+       { "FR", FILE_GENERIC_READ },
+       { "FW", FILE_GENERIC_WRITE },
+       { "FX", FILE_GENERIC_EXECUTE },
+       { NULL, 0 },
+};
+
 /*
   decode an ACE
   return true on success, false on failure
@@ -245,7 +253,9 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
        if (strncmp(tok[2], "0x", 2) == 0) {
                ace->access_mask = strtol(tok[2], NULL, 16);
        } else {
-               if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL)) {
+               if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL) &&
+                   !sddl_map_flags(
+                           decode_ace_access_mask, tok[2], &v, NULL)) {
                        return false;
                }
                ace->access_mask = v;