From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 20 Oct 2023 23:47:33 +0000 (+1300)
Subject: libcli/security: SDDL accepts lowercase "s-" in SIDs
X-Git-Tag: talloc-2.4.2~908
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5319c5bdac8ad299ad6538fa4d48293ab36d09e1;p=thirdparty%2Fsamba.git

libcli/security: SDDL accepts lowercase "s-" in SIDs

This is what Windows does, and it removes a couple of knownfails.

We can change it here cheaply without affecting the core dom_sid code,
which is good because there seem to be other places where we need the
uppercase S (for example in ldap search <SID=> queries).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 5f8a01fbef8..e973a091005 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -208,7 +208,7 @@ static struct dom_sid *sddl_transition_decode_sid(TALLOC_CTX *mem_ctx, const cha
 	size_t i;
 
 	/* see if its in the numeric format */
-	if (strncmp(sddl, "S-", 2) == 0) {
+	if (strncasecmp(sddl, "S-", 2) == 0) {
 		struct dom_sid *sid = NULL;
 		char *sid_str = NULL;
 		const char *end = NULL;
@@ -230,6 +230,13 @@ static struct dom_sid *sddl_transition_decode_sid(TALLOC_CTX *mem_ctx, const cha
 		if (sid_str == NULL) {
 			return NULL;
 		}
+		if (sid_str[0] == 's') {
+			/*
+			 * In SDDL, but not in the dom_sid parsers, a
+			 * lowercase "s-1-1-0" is accepted.
+			 */
+			sid_str[0] = 'S';
+		}
 		sid = talloc(mem_ctx, struct dom_sid);
 		if (sid == NULL) {
 			TALLOC_FREE(sid_str);
diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings
index 9acc2b51a5a..c64510e330b 100644
--- a/selftest/knownfail.d/sid-strings
+++ b/selftest/knownfail.d/sid-strings
@@ -79,5 +79,3 @@
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-000000001-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-22.ad_dc
-^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_s-1-5-32-579.ad_dc
-^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_s-1-5-32-579.ad_dc