libcli/security: conditional ace sddl: do not write nested composites

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 4404c0d144cd2282680f4f09f5db362d4fec841b..2e64949e9ccf84bee58266c1f54affe1c6afd5af 100644 (file)
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -944,8 +944,7 @@ static bool sddl_write_composite(struct sddl_write_context *ctx,
                        ok = sddl_write_sid(ctx, t);
                        break;
                case CONDITIONAL_ACE_TOKEN_COMPOSITE:
-                       ok = sddl_write_composite(ctx, t);
-                       break;
+                       return false;
                default:
                        return false;
                }

diff --git a/libcli/security/tests/test_sddl_conditional_ace.c b/libcli/security/tests/test_sddl_conditional_ace.c
index df93bcda3be398e826f42fb40ec89f216d927934..de47f5442e728532db505212bb146ad7fa055c73 100644 (file)
--- a/libcli/security/tests/test_sddl_conditional_ace.c
+++ b/libcli/security/tests/test_sddl_conditional_ace.c
@@ -586,8 +586,8 @@ static void test_round_trips(void **state)
                ("(@Device.%025cɜ == 3)"),
                ("(17pq == 3||2a==@USER.7)"),
                ("(x==1 && x >= 2 && @User.Title == @User.shoes || "
-                "Member_of{SID(CD)} && !(Member_of_Any{{ 3 }}) || "
-                "Device_Member_of{SID(BA), {{7, 1}, 3}} "
+                "Member_of{SID(CD)} && !(Member_of_Any{ 3 }) || "
+                "Device_Member_of{SID(BA), 7, 1, 3} "
                 "|| Exists hooly)"),
                ("(!(!(!(!(!((!(x==1))))))))"),
                ("(Member_of {SID(S-1-33-5), "