| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Ugh, experiments show that MS will parse arbitrarily short hex encoded
IAs which in turn revealed miscalculation in our sloppy parsing mode.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a conformance handler “Con_MS” to achieve a behavior that
mimicks that of MS’s implementation bug-for-bug.
Aspects of reading and formatting governd by the conformance:
- Validation of ident auths,
- validation of subauths,
- validation of leading zeros in decimal numbers,
- zero-padding of hex numbers.
|
|
|
|
|
|
| |
Offload the test for member count and size constraints of sas and ia,
respectively, into a separate validation module. This is a preparatory
step toward adding less rigid parsing modes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both the constructor “Sid.create” and the string format parser must
reject inputs lacking a subauthorities array of at least size one. Since
the array is no longer optional, reorder the the constructor arguments
to match the data representation.
It is still possible to create SIDs without subauthorities via the
“Sid.create_unsafe” constructor. Also, the packet representation will
happily accept them because their definition (as well as that that of
the identical RPC version) does not specify a minimum count.
This is all rather ambiguous and exacerbated by the fact that [MS-DTYP]
happily specifies an invalid SID “S-1-5” as the “NT_AUTHORITY”. However,
both the grammar and the Win API “ConvertStringSidToSidA()” function
reject SA-less inputs as invalid, so we should too.
|
|
|
|
|
| |
In string format, the “identifier authority” is quirky: from 1 << 32 on
the spec requires that exactly 12 hex digits be printed.
|
|
|
|
| |
Reject ia’s greater than six bytes can encompass.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
In the string representation, hyphen is always succeeded by a number
so we need to terminate at input length minus one.
|
|
|
|
|
|
| |
Get rid of all “StringFmt” APIs involving exceptions.
There is now only the “decode” function which returns
a result type.
|
| |
|
|
|
|
|
| |
Oddly enough this only has an effect on the sub_auths since the 48 bits
of “identifier authority” are always handled in big endian.
|
| |
|
| |
|
|
|