| commit | 33caae438125f4a4a99dd6dc0f048be2f17e4863 | |
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | |
| Thu, 2 Nov 2023 02:25:06 +0000 (2 15:25 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Mon, 27 Nov 2023 01:12:40 +0000 (27 01:12 +0000) | ||
| tree | ef14086512bb7c2c45de0203196f3b7ac7559316 | treesnapshot (tar.gz zip) |
| parent | cda9371b59c2692a27aa1bbc848583f44bd58322 | commitdiff |
libcli/security: un-invert parse_resource_attr_list, check type first
We were reusing parse_literal() because it almost does what we need,
but it is different enough that check_resource_attr_type() is large
and complicated, and can't handle all the cases (in particular octet-
strings and SIDs are different in resource ACEs).
This way is better because we know the type in advance, so we can use
that to choose the parser, which will help with octet-strings that are
only digits.
In this commit we're leaving the check there, but it soon won't do
anything that the parse_* functions don't, and we will remove it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We were reusing parse_literal() because it almost does what we need,
but it is different enough that check_resource_attr_type() is large
and complicated, and can't handle all the cases (in particular octet-
strings and SIDs are different in resource ACEs).
This way is better because we know the type in advance, so we can use
that to choose the parser, which will help with octet-strings that are
only digits.
In this commit we're leaving the check there, but it soon won't do
anything that the parse_* functions don't, and we will remove it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| libcli/security/sddl_conditional_ace.c | diffblobblamehistory |