GitLab

Converts a parameter given sddl from "samba-tool dsacl set --sddl=" to a security descriptor object and back into a sddl string, previously to adding it to the ace of an object. This ensures that a given well known SIDs within the SDDL is translated to their SDDL SIDString and that the given SDDL is written in the "common" upper & lower case writing. Furthermore this makes sure that you add always just ONE ace using sddl. All these transformations (SID -> SIDString; lower & upper case; multiple ace sddl to single ace sddl) are required to be able to detect an already existing ace and not adding it as many times as you want (which will cause errors after 1600-1800 entries).

Some examples of sddl parameters that could be added in the past not being detected as already existing: Following ACE already exists: OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS --sddl= param that could be added (with uppercase 'E'): (A;CIIO;RPWP;3E978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS) --sddl= param that could be added (with "PS" as SID): (OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-10) --sddl= param that could be added (using the same ace twice - adding it twice at the same time!!): (OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-10)(OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-10)

All these "wrong addings" are not further possible with given patch.

signed-off-by: Martin Krämer mk.maddin@gmail.com