libcli/security/tests: remove duplicate TX-integer tests from oversized-ACLs

We had two sets of test vectors (Windows ground-truth for SDDL
compilation) that got mixed up.

The "oversized ACLs" set is ACLs that contain repeated ACEs, like
"D:P(D;;;;;MP)(D;;;;;MP)" -- Windows will assign a size to the ACL
that is greater than the sum of the ACEs, while Samba will not (in
part because we don't actually store a size for the ACL, instead
calculating it on the fly from the size of the ACEs).

The "TX integers" set is for resource attribute ACEs with octet-string
data that contains pure integers (lacking '#' characters) in their
SDDL, like «(RA;;;;;WD;("bar",TX,0x0,0077,00,0077,00))». We used to
think that was weird, and that RA-TX ACEs should contain octet-strings
in the conditional ACE style. But now we have realised it's not weird,
it's normal, and we have fixed our handling of these ACEs.

As a result of this mix-up, some of the tests labelled as "oversized
ACLs" started passing when we fixed the TX integer problem, and that
was confusing. All of the removed tests are already on the TX integer
set -- the removed ones were duplicates.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/tests/data/oversize-acls.json.gz b/libcli/security/tests/data/oversize-acls.json.gz
index a45348b405d124ef05e9bb6551920ecfb9be898c..46394bcea1e2d0fc507f94fc522eafaaa18d8937 100644 (file)
Binary files a/libcli/security/tests/data/oversize-acls.json.gz and b/libcli/security/tests/data/oversize-acls.json.gz differ

diff --git a/selftest/knownfail.d/security-descriptors b/selftest/knownfail.d/security-descriptors
index 32b1fd1136031d4f39ac2109dd526ba06b98b5aa..3a73e2031e9fb352fa19b6607da2c27b404ca039 100644 (file)
--- a/selftest/knownfail.d/security-descriptors
+++ b/selftest/knownfail.d/security-descriptors
@@ -1,13 +1,4 @@
 ^samba.tests.security_descriptors.+SDDLvsDescriptorRegistryObjectRights.+
 ^samba.tests.security_descriptors.+SDDLvsDescriptorShortOrdinaryAclsNoMungeV4.+
 
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_001
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_002
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_003
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_004
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_016
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_017
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_018
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_019
-samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.test_sddl_vs_sd_020
-
+samba.tests.security_descriptors.+SDDLvsDescriptorOverSizeAcls.+