From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 22 Nov 2023 00:24:21 +0000 (+1300)
Subject: libcli/security: sddl_conditional_ace: add parse_bool for RA aces
X-Git-Tag: talloc-2.4.2~551
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=059610a62e5290d259e43312dfacc2ab74698a15;p=thirdparty%2Fsamba.git

libcli/security: sddl_conditional_ace: add parse_bool for RA aces

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 61de1701995..34ae96d95b9 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -2110,6 +2110,28 @@ static bool parse_uint(struct ace_condition_sddl_compiler_context *comp)
 }
 
 
+static bool parse_bool(struct ace_condition_sddl_compiler_context *comp)
+{
+	struct ace_condition_token *tok = NULL;
+	bool ok = parse_int(comp);
+	if (ok == false || comp->target_len == 0) {
+		return false;
+	}
+	/*
+	 * check that the token is 0 or 1.
+	 */
+	tok = &comp->target[*comp->target_len - 1];
+	if (tok->type != CONDITIONAL_ACE_TOKEN_INT64) {
+		return false;
+	}
+	if (tok->data.int64.value != 0 && tok->data.int64.value != 1) {
+		comp_error(comp, "invalid resource ACE Boolean value");
+		return false;
+	}
+	return true;
+}
+
+
 static bool could_be_an_int(struct ace_condition_sddl_compiler_context *comp)
 {
 	const char *start = (const char*)(comp->sddl + comp->offset);
@@ -3020,6 +3042,8 @@ static bool parse_resource_attr_list(
 			ok = parse_uint(comp);
 			break;
 		case 'B':
+			ok = parse_bool(comp);
+			break;
 		case 'I':
 			ok = parse_int(comp);
 			break;