From: Douglas Bagnall Date: Thu, 2 Nov 2023 02:25:06 +0000 (+1300) Subject: libcli/security: un-invert parse_resource_attr_list, check type first X-Git-Tag: talloc-2.4.2~553 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=33caae438125f4a4a99dd6dc0f048be2f17e4863;p=thirdparty%2Fsamba.git libcli/security: un-invert parse_resource_attr_list, check type first We were reusing parse_literal() because it almost does what we need, but it is different enough that check_resource_attr_type() is large and complicated, and can't handle all the cases (in particular octet- strings and SIDs are different in resource ACEs). This way is better because we know the type in advance, so we can use that to choose the parser, which will help with octet-strings that are only digits. In this commit we're leaving the check there, but it soon won't do anything that the parse_* functions don't, and we will remove it. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c index 0623c6507ea..bfc3b41b875 100644 --- a/libcli/security/sddl_conditional_ace.c +++ b/libcli/security/sddl_conditional_ace.c @@ -2984,7 +2984,28 @@ static bool parse_resource_attr_list( *comp->target_len); goto fail; } - ok = parse_literal(comp, true); + switch(attr_type_char) { + case 'X': + ok = parse_octet_string(comp); + break; + case 'S': + ok = parse_unicode(comp); + break; + case 'U': + case 'B': + case 'I': + ok = parse_int(comp); + break; + case 'D': + ok = parse_sid(comp); + break; + default: + /* it's a mystery we got this far */ + comp_error(comp, + "unknown attribute type T%c", + attr_type_char); + goto fail; + } if (!ok) { goto fail; }