From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 22 Sep 2023 04:30:41 +0000 (+1200)
Subject: libcli/security: conditional ace sddl: do not write nested composites
X-Git-Tag: tevent-0.16.0~400
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96dbc71e137ea65df11d1a8cec089fde2d070ba6;p=thirdparty%2Fsamba.git

libcli/security: conditional ace sddl: do not write nested composites

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 4404c0d144c..2e64949e9cc 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -944,8 +944,7 @@ static bool sddl_write_composite(struct sddl_write_context *ctx,
 			ok = sddl_write_sid(ctx, t);
 			break;
 		case CONDITIONAL_ACE_TOKEN_COMPOSITE:
-			ok = sddl_write_composite(ctx, t);
-			break;
+			return false;
 		default:
 			return false;
 		}
diff --git a/libcli/security/tests/test_sddl_conditional_ace.c b/libcli/security/tests/test_sddl_conditional_ace.c
index df93bcda3be..de47f5442e7 100644
--- a/libcli/security/tests/test_sddl_conditional_ace.c
+++ b/libcli/security/tests/test_sddl_conditional_ace.c
@@ -586,8 +586,8 @@ static void test_round_trips(void **state)
 		("(@Device.%025cɜ == 3)"),
 		("(17pq == 3||2a==@USER.7)"),
 		("(x==1 && x >= 2 && @User.Title == @User.shoes || "
-		 "Member_of{SID(CD)} && !(Member_of_Any{{ 3 }}) || "
-		 "Device_Member_of{SID(BA), {{7, 1}, 3}} "
+		 "Member_of{SID(CD)} && !(Member_of_Any{ 3 }) || "
+		 "Device_Member_of{SID(BA), 7, 1, 3} "
 		 "|| Exists hooly)"),
 		("(!(!(!(!(!((!(x==1))))))))"),
 		("(Member_of {SID(S-1-33-5), "