python: dsal: Fix possibility of identical ACE's being added.

Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace

"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"

already exists a sddl

"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"

can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.

Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144

diff --git a/python/samba/netcmd/dsacl.py b/python/samba/netcmd/dsacl.py
index 3295db3b76aeb179f150874670f9dd410e0cd5ce..176d14d1a4d6a6fa8ae15afa9393c62a7a59ee62 100644 (file)
--- a/python/samba/netcmd/dsacl.py
+++ b/python/samba/netcmd/dsacl.py
@@ -119,7 +119,7 @@ class cmd_dsacl_set(Command):
         for ace in desc_aces:
             if ("ID" in ace):
                 desc_sddl = desc_sddl.replace(ace, "")
-        if new_ace in desc_sddl:
+        if new_ace.lower() in desc_sddl.lower():
             return
         if desc_sddl.find("(") >= 0:
             desc_sddl = desc_sddl[:desc_sddl.index("(")] + new_ace + desc_sddl[desc_sddl.index("("):]