From 010d9d9d7f82e6d880da646c810492618476ee32 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Wed, 7 Nov 2018 23:40:26 +0100 Subject: sid: sid_test: make subauthorities mandatory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both the constructor “Sid.create” and the string format parser must reject inputs lacking a subauthorities array of at least size one. Since the array is no longer optional, reorder the the constructor arguments to match the data representation. It is still possible to create SIDs without subauthorities via the “Sid.create_unsafe” constructor. Also, the packet representation will happily accept them because their definition (as well as that that of the identical RPC version) does not specify a minimum count. This is all rather ambiguous and exacerbated by the fact that [MS-DTYP] happily specifies an invalid SID “S-1-5” as the “NT_AUTHORITY”. However, both the grammar and the Win API “ConvertStringSidToSidA()” function reject SA-less inputs as invalid, so we should too. --- util/sidparse_test.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'util') diff --git a/util/sidparse_test.sh b/util/sidparse_test.sh index 374810d..5d16e1e 100755 --- a/util/sidparse_test.sh +++ b/util/sidparse_test.sh @@ -148,7 +148,7 @@ register_test () { test_parse_simple () { local name="$1" local ret - local cmd=( "./${testme}" S-1-0 ) + local cmd=( "./${testme}" S-1-1-0 ) timeout ${default_timeout} ${cmd[@]} &>/dev/null ret=$? @@ -168,8 +168,8 @@ test_parse_stdin () { local cmd=( "./${testme}" ) timeout ${default_timeout} ${cmd[@]} &>/dev/null <<-STOPTHAT - S-1-0 - S-1-1 + S-1-0-0 + S-1-1-0 S-1-42-2187-1337 STOPTHAT -- cgit v1.2.3