From: Volker Lendecke <vl@samba.org>
Date: Mon, 22 Mar 2021 13:43:54 +0000 (+0100)
Subject: libcli: Add file specific access flags to sddl
X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=249b0e32022ec925c3ebbe5efc7be9b53a0e134e;p=bbaumbach%2Fsamba-autobuild%2F.git

libcli: Add file specific access flags to sddl

See

https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings

for reference.

We can only use them for decoding, many of our tests depend on our
string representation of the flags.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index ec8cc98e10a..47223515a62 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -203,6 +203,14 @@ static const struct flag_map ace_access_mask[] = {
 	{ NULL, 0 }
 };
 
+static const struct flag_map decode_ace_access_mask[] = {
+	{ "FA", FILE_ALL_ACCESS },
+	{ "FR", FILE_GENERIC_READ },
+	{ "FW", FILE_GENERIC_WRITE },
+	{ "FX", FILE_GENERIC_EXECUTE },
+	{ NULL, 0 },
+};
+
 /*
   decode an ACE
   return true on success, false on failure
@@ -245,7 +253,9 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
 	if (strncmp(tok[2], "0x", 2) == 0) {
 		ace->access_mask = strtol(tok[2], NULL, 16);
 	} else {
-		if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL)) {
+		if (!sddl_map_flags(ace_access_mask, tok[2], &v, NULL) &&
+		    !sddl_map_flags(
+			    decode_ace_access_mask, tok[2], &v, NULL)) {
 			return false;
 		}
 		ace->access_mask = v;