summaryrefslogtreecommitdiffstats
path: root/libcli/security/tests/data
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/security/tests/data')
-rw-r--r--libcli/security/tests/data/conditional_aces.txt83
-rw-r--r--libcli/security/tests/data/conditional_aces.txt.json1
-rw-r--r--libcli/security/tests/data/conditional_aces_case_insensitive.txt1
-rw-r--r--libcli/security/tests/data/conditional_aces_should_fail.txt14
-rw-r--r--libcli/security/tests/data/conditional_aces_windows_only.txt14
-rwxr-xr-xlibcli/security/tests/data/export-sddl-fuzz-seeds-as-json49
-rwxr-xr-xlibcli/security/tests/data/extract-sddl-seeds72
-rw-r--r--libcli/security/tests/data/ndr_dumps/fileb5iJt4bin0 -> 118 bytes
-rw-r--r--libcli/security/tests/data/ndr_dumps/fileb8cNVSbin0 -> 360 bytes
-rw-r--r--libcli/security/tests/data/ndr_dumps/filebI7h5Hbin0 -> 112 bytes
-rw-r--r--libcli/security/tests/data/ndr_dumps/filebNdBgtbin0 -> 344 bytes
-rw-r--r--libcli/security/tests/data/ndr_dumps/filebOjK4Hbin0 -> 124 bytes
-rw-r--r--libcli/security/tests/data/ndr_dumps/filebzCPTHbin0 -> 480 bytes
-rw-r--r--libcli/security/tests/data/oversize-acls.json20
-rw-r--r--libcli/security/tests/data/registry-object-rights.json1
-rw-r--r--libcli/security/tests/data/short-conditional-and-resource-aces-successes.json.gzbin0 -> 17815 bytes
-rw-r--r--libcli/security/tests/data/short-conditional-and-resource-aces-tx-int.json.gzbin0 -> 2183 bytes
-rw-r--r--libcli/security/tests/data/short-ordinary-acls-v2.json.gzbin0 -> 7223 bytes
-rw-r--r--libcli/security/tests/data/short-ordinary-acls.json.gzbin0 -> 220742 bytes
19 files changed, 255 insertions, 0 deletions
diff --git a/libcli/security/tests/data/conditional_aces.txt b/libcli/security/tests/data/conditional_aces.txt
new file mode 100644
index 0000000..cf7d7a9
--- /dev/null
+++ b/libcli/security/tests/data/conditional_aces.txt
@@ -0,0 +1,83 @@
+D:(XD;;CC;;;S-1-2-3;(@User.Title == @User.Title)) -> D:(XD;;CC;;;S-1-2-3;(@USER.Title == @USER.Title))
+D:(XA;;FX;;;S-1-1-0;(@User.Title == "PM")) -> D:(XA;;FX;;;WD;(@USER.Title == "PM"))
+D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.title == "perambuator"))(A;OICI;GA;;;BA) -> D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GXGWGR;;;AU)(XA;;FX;;;WD;(@USER.title == "perambuator"))(A;OICI;GA;;;BA)
+O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "siloname")) -> O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "siloname"))
+D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.Title == ""))(A;OICI;GA;;;BA) -> D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GXGWGR;;;AU)(XA;;FX;;;WD;(@USER.Title == ""))(A;OICI;GA;;;BA)
+D:(XA;;CC;;;S-1-2-3;(@User.Title != @User.Title)) -> D:(XA;;CC;;;S-1-2-3;(@USER.Title != @USER.Title))
+D:(XD;;FX;;;S-1-1-0;(@User.Title != "PM")) -> D:(XD;;FX;;;WD;(@USER.Title != "PM"))
+D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project)) -> D:(XD;;FX;;;WD;(@USER.Project Any_of @RESOURCE.Project))
+D:AI(XA;OICI;FA;;;WD;(OctetStringType==##1#2#3##)) -> D:AI(XA;OICI;FA;;;WD;(OctetStringType == #01020300))
+D:AI(XA;OICI;FA;;;WD;(OctetStringType==#01020300)) -> D:AI(XA;OICI;FA;;;WD;(OctetStringType == #01020300))
+D:(XA;;FR;;;S-1-1-0;(Member_of {SID(S-1-999-777-7-7), SID(BO)} && @Device.Bitlocker)) -> D:(XA;;FR;;;WD;((Member_of {SID(S-1-999-777-7-7), SID(BO)}) && (@DEVICE.Bitlocker)))
+D:(XA;;FX;;;S-1-1-0;(@User.Title=="PM" && (@User.Division=="Finance" || @User.Division =="Sales"))) -> D:(XA;;FX;;;WD;((@USER.Title == "PM") && ((@USER.Division == "Finance") || (@USER.Division == "Sales"))))
+D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.Title == ""))(A;OICI;GA;;;BA) -> D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GXGWGR;;;AU)(XA;;FX;;;WD;(@USER.Title == ""))(A;OICI;GA;;;BA)
+D:(XA;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project)) -> D:(XA;;FX;;;WD;(@USER.Project Any_of @RESOURCE.Project))
+D:(XA;;0x1f;;;AA;(@Device.colour == {"orange", "blue"})) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour == {"orange", "blue"}))
+D:(XA;;0x1f;;;AA;(@Device.legs >= 1)) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.legs >= 1))
+D:(XA;;0x1f;;;AA;(@Device.legs == 1)) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.legs == 1))
+D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BA)} && Member_of{SID(WD)})) -> D:(XA;;CCDCLCSWRP;;;AA;((Device_Member_of {SID(BA)}) && (Member_of {SID(WD)})))
+D:(XA;;0x1f;;;AA;(Device_Member_of{SID(AA)} || Member_of{SID(WD)})) -> D:(XA;;CCDCLCSWRP;;;AA;((Device_Member_of {SID(AA)}) || (Member_of {SID(WD)})))
+D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BG)} || Member_of{SID(WR)})) -> D:(XA;;CCDCLCSWRP;;;AA;((Device_Member_of {SID(BG)}) || (Member_of {SID(WR)})))
+D:(XA;;0x1ff;;;S-1-222-333;(Member_of_Any{SID(S-1-222-333)})) -> D:(XA;;CCDCLCSWRPWPDTLOCR;;;S-1-222-333;(Member_of_any {SID(S-1-222-333)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of{SID(S-1-1-0)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of {SID(WD)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of SID(S-1-1-0))) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of SID(WD)))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of(SID(S-1-1-0)))) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of SID(WD)))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any SID(S-1-1-0))) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of_any SID(WD)))
+O:S-1-1-0D:(XA;;0x1;;;WD;(Member_of_Any{SID(AS),SID(WD)})) -> O:WDD:(XA;;CC;;;WD;(Member_of_any {SID(AS), SID(WD)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-1-0), SID(S-1-222-333)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of_any {SID(WD), SID(S-1-222-333)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-1-334), SID(S-1-222-333)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of_any {SID(S-1-1-334), SID(S-1-222-333)}))
+D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-222-333)})) -> D:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of_any {SID(S-1-222-333)}))
+D:(XA;;0x1f;;;AA;(Member_of{SID(S-1-77-88-99)})) -> D:(XA;;CCDCLCSWRP;;;AA;(Member_of {SID(S-1-77-88-99)}))
+D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BA)})) -> D:(XA;;CCDCLCSWRP;;;AA;(Device_Member_of {SID(BA)}))
+D:(XA;;0x1f;;;AA;(!(! (Member_of{SID(AA)})))) -> D:(XA;;CCDCLCSWRP;;;AA;(!(!(Member_of {SID(AA)}))))
+D:(XA;;0x1f;;;AA;(!(!(!(!(!(! (Member_of{SID(AA)})))))))) -> D:(XA;;CCDCLCSWRP;;;AA;(!(!(!(!(!(!(Member_of {SID(AA)}))))))))
+D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))S:(RA;;;;;WD;("colour",TS,0,"blue")) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour Contains @RESOURCE.colour))S:(RA;;;;;WD;("colour",TS,0x0,"blue"))
+D:(XA;;0x1f;;;AA;(@Device.colour == @Resource.colour))S:(RA;;;;;WD;("colour",TS,0,"blue")) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour == @RESOURCE.colour))S:(RA;;;;;WD;("colour",TS,0x0,"blue"))
+D:(XA;;0x1f;;;AA;(@Device.colour == "blue")) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour == "blue"))
+D:(XA;;0x1f;;;AA;(@User.colour == @Device.colour)) -> D:(XA;;CCDCLCSWRP;;;AA;(@USER.colour == @DEVICE.colour))
+D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))S:(RA;;;;;WD;("colour",TS,0,"blue", "red")) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour Contains @RESOURCE.colour))S:(RA;;;;;WD;("colour",TS,0x0,"blue","red"))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(member_of{SID(S-1-1-0)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of {SID(WD)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(mEMBER_of{SID(S-1-1-0)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of {SID(WD)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_Of{SID(S-1-1-0)})) -> O:WDD:(XA;;CCDCLCSWRPWPDTLOCR;;;WD;(Member_of {SID(WD)}))
+O:S-1-1-0D:(XA;;0x0;;;WD;(Member_Of SID(S-1-1-0))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+O:S-1-1-0D:(XA;;0;;;WD;(Member_Of SID(S-1-1-0))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+O:S-1-1-0D:(XA;;;;;WD;(Member_Of SID(S-1-1-0))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+D:(XD;;FX;;;WD;(@USER.Project Any_of "pink"))
+D:(XD;;FX;;;WD;(@USER.Project Any_of 1))
+D:(XD;;FX;;;WD;(!(@USER.Project Not_Any_of 1)))
+D:(XA;;0x1f;;;AA;(a == 1)) -> D:(XA;;CCDCLCSWRP;;;AA;(a == 1))
+D:(XA;;CC;;;AA;(@User.a == @User.b)) -> D:(XA;;CC;;;AA;(@USER.a == @USER.b))
+D:(XA;;CC;;;AA;(a == @User.a)) -> D:(XA;;CC;;;AA;(a == @USER.a))
+
+D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B && @USER.C)) -> D:(XA;;FR;;;WD;(((@USER.A) && (@DEVICE.B)) && (@USER.C)))
+D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B || @USER.C)) -> D:(XA;;FR;;;WD;(((@USER.A) && (@DEVICE.B)) || (@USER.C)))
+D:(XA;;FR;;;S-1-1-0;(@USER.A || @Device.B && @USER.C)) -> D:(XA;;FR;;;WD;((@USER.A) || ((@DEVICE.B) && (@USER.C))))
+D:(XA;;FR;;;S-1-1-0;(@USER.A || @Device.B || @USER.C)) -> D:(XA;;FR;;;WD;(((@USER.A) || (@DEVICE.B)) || (@USER.C)))
+
+D:(XA;;FR;;;S-1-1-0;(@Device.Bitlocker && @Device.Bitlocker)) -> D:(XA;;FR;;;WD;((@DEVICE.Bitlocker) && (@DEVICE.Bitlocker)))
+D:(XA;;FR;;;S-1-1-0;(@Device.Bitlocker || @Device.Bitlocker)) -> D:(XA;;FR;;;WD;((@DEVICE.Bitlocker) || (@DEVICE.Bitlocker)))
+D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B)) -> D:(XA;;FR;;;WD;((@USER.A) && (@DEVICE.B)))
+D:(XA;;FR;;;S-1-1-0;(@USER.Bitlocker || @Device.Bitlocker)) -> D:(XA;;FR;;;WD;((@USER.Bitlocker) || (@DEVICE.Bitlocker)))
+D:(XA;;;;;WD;(@Device.bb == 0x7fffffffffffffff)) -> D:(XA;;;;;WD;(@DEVICE.bb == 0x7fffffffffffffff))
+D:(XA;;;;;WD;(@Device.bb == 0xffffffff)) -> D:(XA;;;;;WD;(@DEVICE.bb == 0xffffffff))
+D:(XA;;;;;WD;(@Device.bb == 0xfffffffff)) -> D:(XA;;;;;WD;(@DEVICE.bb == 0xfffffffff))
+
+
+# Member_of is supposed to be SID only
+D:(XD;;FX;;;WD;(Member_of {1, 2, 3}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(Member_of 3))(A;;CR;;;WD)
+
+# repeated composite values
+D:(XD;;FX;;;WD;(@USER.Project Any_of 1))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {1, 1}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {"foo", "FOO"}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {"foo", "foo", "FOO"}))(A;;CR;;;WD)
+
+# composite order
+D:(XD;;FX;;;WD;(@USER.Project Any_of {1, 2, 3}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {3, 2, 1}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {1, 1, 1}))(A;;CR;;;WD)
+D:(XD;;FX;;;WD;(@USER.Project Any_of {1, 2, 3, 2, 1}))(A;;CR;;;WD)
+
+D:(XA;;0x1f;;;AA;(@Device.colour == @Resource.colour))S:(RA;;;;;WD;("colour",TS,0,"red", "blue")) -> D:(XA;;CCDCLCSWRP;;;AA;(@DEVICE.colour == @RESOURCE.colour))S:(RA;;;;;WD;("colour",TS,0x0,"red","blue"))
+D:(XA;;CCDCLCSWRP;;;AA;(@RESOURCE.a == @RESOURCE.b))S:(RA;;;;;WD;("a",TS,0x0,"1","2"))(RA;;;;;WD;("b",TS,0x0,"2","1"))
diff --git a/libcli/security/tests/data/conditional_aces.txt.json b/libcli/security/tests/data/conditional_aces.txt.json
new file mode 100644
index 0000000..4c8211c
--- /dev/null
+++ b/libcli/security/tests/data/conditional_aces.txt.json
@@ -0,0 +1 @@
+{"D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.Title == \"\"))(A;OICI;GA;;;BA)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 144, 0, 5, 0, 0, 0, 1, 3, 24, 0, 0, 0, 0, 16, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 1, 3, 20, 0, 0, 0, 0, 16, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 224, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 9, 0, 48, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 16, 0, 0, 0, 0, 128, 0, 0, 0, 0, 3, 24, 0, 0, 0, 0, 16, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0], "D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.title == \"perambuator\"))(A;OICI;GA;;;BA)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 164, 0, 5, 0, 0, 0, 1, 3, 24, 0, 0, 0, 0, 16, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 1, 3, 20, 0, 0, 0, 0, 16, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 224, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 9, 0, 68, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 116, 0, 105, 0, 116, 0, 108, 0, 101, 0, 16, 22, 0, 0, 0, 112, 0, 101, 0, 114, 0, 97, 0, 109, 0, 98, 0, 117, 0, 97, 0, 116, 0, 111, 0, 114, 0, 128, 0, 0, 3, 24, 0, 0, 0, 0, 16, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0], "D:(XA;;0x1f;;;AA;(!(! (Member_of{SID(AA)}))))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 68, 0, 1, 0, 0, 0, 9, 0, 60, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 137, 162, 162, 0, 0, 0], "D:(XA;;0x1f;;;AA;(!(!(!(!(!(! (Member_of{SID(AA)}))))))))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 137, 162, 162, 162, 162, 162, 162, 0, 0, 0], "D:(XA;;0x1f;;;AA;(@Device.colour == \"blue\"))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 68, 0, 1, 0, 0, 0, 9, 0, 60, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 16, 8, 0, 0, 0, 98, 0, 108, 0, 117, 0, 101, 0, 128, 0], "D:(XA;;0x1f;;;AA;(@Device.colour == @Resource.colour))S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))": [1, 0, 20, 128, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 92, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 18, 0, 64, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 20, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 34, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 0, 0, 98, 0, 108, 0, 117, 0, 101, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 250, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 128, 0], "D:(XA;;0x1f;;;AA;(@Device.colour == {\"orange\", \"blue\"}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 92, 0, 1, 0, 0, 0, 9, 0, 84, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 80, 30, 0, 0, 0, 16, 12, 0, 0, 0, 111, 0, 114, 0, 97, 0, 110, 0, 103, 0, 101, 0, 16, 8, 0, 0, 0, 98, 0, 108, 0, 117, 0, 101, 0, 128, 0, 0, 0], "D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))": [1, 0, 20, 128, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 92, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 18, 0, 64, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 20, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 34, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 0, 0, 98, 0, 108, 0, 117, 0, 101, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 250, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 134, 0], "D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\", \"red\"))": [1, 0, 20, 128, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 104, 0, 0, 0, 2, 0, 84, 0, 1, 0, 0, 0, 18, 0, 76, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 24, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 38, 0, 0, 0, 48, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 0, 0, 98, 0, 108, 0, 117, 0, 101, 0, 0, 0, 114, 0, 101, 0, 100, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 250, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 134, 0], "D:(XA;;0x1f;;;AA;(@Device.legs == 1))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 9, 0, 56, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 8, 0, 0, 0, 108, 0, 101, 0, 103, 0, 115, 0, 4, 1, 0, 0, 0, 0, 0, 0, 0, 3, 2, 128, 0, 0, 0], "D:(XA;;0x1f;;;AA;(@Device.legs >= 1))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 9, 0, 56, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 251, 8, 0, 0, 0, 108, 0, 101, 0, 103, 0, 115, 0, 4, 1, 0, 0, 0, 0, 0, 0, 0, 3, 2, 133, 0, 0, 0], "D:(XA;;0x1f;;;AA;(@User.colour == @Device.colour))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 249, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 251, 12, 0, 0, 0, 99, 0, 111, 0, 108, 0, 111, 0, 117, 0, 114, 0, 128, 0], "D:(XA;;0x1f;;;AA;(Device_Member_of{SID(AA)} || Member_of{SID(WD)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 1, 0, 0, 0, 9, 0, 80, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 138, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 161, 0], "D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BA)} && Member_of{SID(WD)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 1, 0, 0, 0, 9, 0, 80, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 138, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 160, 0], "D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BA)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 9, 0, 56, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 138, 0], "D:(XA;;0x1f;;;AA;(Device_Member_of{SID(BG)} || Member_of{SID(WR)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 1, 0, 0, 0, 9, 0, 80, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 138, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 33, 0, 0, 0, 137, 161, 0], "D:(XA;;0x1f;;;AA;(Member_of{SID(S-1-77-88-99)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 9, 0, 56, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 80, 21, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 77, 88, 0, 0, 0, 99, 0, 0, 0, 137, 0], "D:(XA;;0x1f;;;AA;(a == 1))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 31, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 248, 2, 0, 0, 0, 97, 0, 4, 1, 0, 0, 0, 0, 0, 0, 0, 3, 2, 128, 0], "D:(XA;;0x1ff;;;S-1-222-333;(Member_of_Any{SID(S-1-222-333)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 222, 77, 1, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 222, 77, 1, 0, 0, 139, 0], "D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-222-333)}))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 222, 77, 1, 0, 0, 139, 0], "D:(XA;;;;;WD;(@Device.bb == 0x7fffffffffffffff))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 251, 4, 0, 0, 0, 98, 0, 98, 0, 4, 255, 255, 255, 255, 255, 255, 255, 127, 3, 3, 128, 0, 0, 0], "D:(XA;;;;;WD;(@Device.bb == 0xffffffff))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 251, 4, 0, 0, 0, 98, 0, 98, 0, 4, 255, 255, 255, 255, 0, 0, 0, 0, 3, 3, 128, 0, 0, 0], "D:(XA;;;;;WD;(@Device.bb == 0xfffffffff))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 251, 4, 0, 0, 0, 98, 0, 98, 0, 4, 255, 255, 255, 255, 15, 0, 0, 0, 3, 3, 128, 0, 0, 0], "D:(XA;;CC;;;AA;(@User.a == @User.b))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 1, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 97, 0, 249, 2, 0, 0, 0, 98, 0, 128, 0], "D:(XA;;CC;;;AA;(a == @User.a))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 1, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 67, 2, 0, 0, 97, 114, 116, 120, 248, 2, 0, 0, 0, 97, 0, 249, 2, 0, 0, 0, 97, 0, 128, 0], "D:(XA;;CC;;;S-1-2-3;(@User.Title != @User.Title))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 9, 0, 56, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 2, 3, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 129, 0], "D:(XA;;FR;;;S-1-1-0;(@Device.Bitlocker && @Device.Bitlocker))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 80, 0, 1, 0, 0, 0, 9, 0, 72, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 160, 0], "D:(XA;;FR;;;S-1-1-0;(@Device.Bitlocker || @Device.Bitlocker))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 80, 0, 1, 0, 0, 0, 9, 0, 72, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 161, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B && @USER.C))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 65, 0, 251, 2, 0, 0, 0, 66, 0, 160, 249, 2, 0, 0, 0, 67, 0, 160, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B || @USER.C))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 65, 0, 251, 2, 0, 0, 0, 66, 0, 160, 249, 2, 0, 0, 0, 67, 0, 161, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.A && @Device.B))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 48, 0, 1, 0, 0, 0, 9, 0, 40, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 65, 0, 251, 2, 0, 0, 0, 66, 0, 160, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.A || @Device.B && @USER.C))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 65, 0, 251, 2, 0, 0, 0, 66, 0, 249, 2, 0, 0, 0, 67, 0, 160, 161, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.A || @Device.B || @USER.C))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 2, 0, 0, 0, 65, 0, 251, 2, 0, 0, 0, 66, 0, 161, 249, 2, 0, 0, 0, 67, 0, 161, 0], "D:(XA;;FR;;;S-1-1-0;(@USER.Bitlocker || @Device.Bitlocker))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 80, 0, 1, 0, 0, 0, 9, 0, 72, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 161, 0], "D:(XA;;FR;;;S-1-1-0;(Member_of {SID(S-1-999-777-7-7), SID(BO)} && @Device.Bitlocker))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 108, 0, 1, 0, 0, 0, 9, 0, 100, 0, 137, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 46, 0, 0, 0, 81, 20, 0, 0, 0, 1, 3, 0, 0, 0, 0, 3, 231, 9, 3, 0, 0, 7, 0, 0, 0, 7, 0, 0, 0, 81, 16, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 137, 251, 18, 0, 0, 0, 66, 0, 105, 0, 116, 0, 108, 0, 111, 0, 99, 0, 107, 0, 101, 0, 114, 0, 160], "D:(XA;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 250, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 136, 0], "D:(XA;;FX;;;S-1-1-0;(@User.Title == \"PM\"))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 60, 0, 1, 0, 0, 0, 9, 0, 52, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 16, 4, 0, 0, 0, 80, 0, 77, 0, 128, 0, 0, 0], "D:(XA;;FX;;;S-1-1-0;(@User.Title==\"PM\" && (@User.Division==\"Finance\" || @User.Division ==\"Sales\")))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 140, 0, 1, 0, 0, 0, 9, 0, 132, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 16, 4, 0, 0, 0, 80, 0, 77, 0, 128, 249, 16, 0, 0, 0, 68, 0, 105, 0, 118, 0, 105, 0, 115, 0, 105, 0, 111, 0, 110, 0, 16, 14, 0, 0, 0, 70, 0, 105, 0, 110, 0, 97, 0, 110, 0, 99, 0, 101, 0, 128, 249, 16, 0, 0, 0, 68, 0, 105, 0, 118, 0, 105, 0, 115, 0, 105, 0, 111, 0, 110, 0, 16, 10, 0, 0, 0, 83, 0, 97, 0, 108, 0, 101, 0, 115, 0, 128, 161, 160, 0, 0, 0], "D:(XD;;CC;;;S-1-2-3;(@User.Title == @User.Title))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 10, 0, 56, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 2, 3, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 128, 0], "D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 10, 0, 64, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 250, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 136, 0], "D:(XD;;FX;;;S-1-1-0;(@User.Title != \"PM\"))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 60, 0, 1, 0, 0, 0, 10, 0, 52, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 10, 0, 0, 0, 84, 0, 105, 0, 116, 0, 108, 0, 101, 0, 16, 4, 0, 0, 0, 80, 0, 77, 0, 129, 0, 0, 0], "D:(XD;;FX;;;WD;(!(@USER.Project Not_Any_of 1)))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 10, 0, 56, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 4, 1, 0, 0, 0, 0, 0, 0, 0, 3, 2, 143, 162], "D:(XD;;FX;;;WD;(@USER.Project Any_of \"pink\"))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 68, 0, 1, 0, 0, 0, 10, 0, 60, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 16, 8, 0, 0, 0, 112, 0, 105, 0, 110, 0, 107, 0, 136, 0, 0, 0], "D:(XD;;FX;;;WD;(@USER.Project Any_of 1))": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 0, 1, 0, 0, 0, 10, 0, 56, 0, 160, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 14, 0, 0, 0, 80, 0, 114, 0, 111, 0, 106, 0, 101, 0, 99, 0, 116, 0, 4, 1, 0, 0, 0, 0, 0, 0, 0, 3, 2, 136, 0], "D:AI(XA;OICI;FA;;;WD;(OctetStringType==##1#2#3##))": [1, 0, 4, 132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 80, 0, 1, 0, 0, 0, 9, 3, 72, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 248, 30, 0, 0, 0, 79, 0, 99, 0, 116, 0, 101, 0, 116, 0, 83, 0, 116, 0, 114, 0, 105, 0, 110, 0, 103, 0, 84, 0, 121, 0, 112, 0, 101, 0, 24, 4, 0, 0, 0, 1, 2, 3, 0, 128, 0, 0, 0], "D:AI(XA;OICI;FA;;;WD;(OctetStringType==#01020300))": [1, 0, 4, 132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 80, 0, 1, 0, 0, 0, 9, 3, 72, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 248, 30, 0, 0, 0, 79, 0, 99, 0, 116, 0, 101, 0, 116, 0, 83, 0, 116, 0, 114, 0, 105, 0, 110, 0, 103, 0, 84, 0, 121, 0, 112, 0, 101, 0, 24, 4, 0, 0, 0, 1, 2, 3, 0, 128, 0, 0, 0], "O:S-1-1-0D:(XA;;0;;;WD;(Member_Of SID(S-1-1-0)))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x0;;;WD;(Member_Of SID(S-1-1-0)))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1;;;WD;(Member_of_Any{SID(AS),SID(WD)}))": [1, 0, 4, 128, 92, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 34, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 18, 1, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 139, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_Of{SID(S-1-1-0)}))": [1, 0, 4, 128, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of SID(S-1-1-0)))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of(SID(S-1-1-0))))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any SID(S-1-1-0)))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 139, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-1-0), SID(S-1-222-333)}))": [1, 0, 4, 128, 92, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 34, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 222, 77, 1, 0, 0, 139, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_Any{SID(S-1-1-334), SID(S-1-222-333)}))": [1, 0, 4, 128, 92, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 1, 0, 0, 0, 9, 0, 64, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 34, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 78, 1, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 222, 77, 1, 0, 0, 139, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of{SID(S-1-1-0)}))": [1, 0, 4, 128, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(mEMBER_of{SID(S-1-1-0)}))": [1, 0, 4, 128, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;0x1ff;;;WD;(member_of{SID(S-1-1-0)}))": [1, 0, 4, 128, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 56, 0, 1, 0, 0, 0, 9, 0, 48, 0, 255, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 80, 17, 0, 0, 0, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:S-1-1-0D:(XA;;;;;WD;(Member_Of SID(S-1-1-0)))": [1, 0, 4, 128, 72, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 1, 0, 0, 0, 9, 0, 44, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 81, 12, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 137, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0], "O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == \"siloname\"))": [1, 0, 4, 128, 136, 0, 0, 0, 148, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 116, 0, 1, 0, 0, 0, 9, 3, 108, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 97, 114, 116, 120, 249, 54, 0, 0, 0, 97, 0, 100, 0, 58, 0, 47, 0, 47, 0, 101, 0, 120, 0, 116, 0, 47, 0, 65, 0, 117, 0, 116, 0, 104, 0, 101, 0, 110, 0, 116, 0, 105, 0, 99, 0, 97, 0, 116, 0, 105, 0, 111, 0, 110, 0, 83, 0, 105, 0, 108, 0, 111, 0, 16, 16, 0, 0, 0, 115, 0, 105, 0, 108, 0, 111, 0, 110, 0, 97, 0, 109, 0, 101, 0, 128, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0]} \ No newline at end of file
diff --git a/libcli/security/tests/data/conditional_aces_case_insensitive.txt b/libcli/security/tests/data/conditional_aces_case_insensitive.txt
new file mode 100644
index 0000000..ee2500d
--- /dev/null
+++ b/libcli/security/tests/data/conditional_aces_case_insensitive.txt
@@ -0,0 +1 @@
+D:AI(XA;OICI;FA;;;WD;(OctetStringType==#abcdef)) -> D:AI(XA;OICI;FA;;;WD;(OctetStringType == #abcdef))
diff --git a/libcli/security/tests/data/conditional_aces_should_fail.txt b/libcli/security/tests/data/conditional_aces_should_fail.txt
new file mode 100644
index 0000000..23eadcf
--- /dev/null
+++ b/libcli/security/tests/data/conditional_aces_should_fail.txt
@@ -0,0 +1,14 @@
+# Lines starting with # are ignored.
+# These SDDL strings are expected to fail.
+D:(XA;;FR;;;S-1-1-0; (Member_of {SID(ernie), SID(BO)} && @Device.Bitlocker)) -> D:(XA;;FR;;;S-1-1-0; (Member_of {SID(ernie), SID(BO)} && @Device.Bitlocker))
+D:(XA;;0x1f;;;AA;(!!! !!! !!! Member_of{SID(BA)})) -> D:(XA;;0x1f;;;AA;(!!! !!! !!! Member_of{SID(BA)}))
+D:(XA;;0x1f;;;AA;(!!! !!! !!! Not_Member_of{SID(AA)})) -> D:(XA;;0x1f;;;AA;(!!! !!! !!! Not_Member_of{SID(AA)}))
+O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_AnySID(S-1-1-0))) -> O:S-1-1-0D:(XA;;0x1ff;;;WD;(Member_of_AnySID(S-1-1-0)))
+D:(XA;;CC;;;S-1-2-3;(@User.Title == !(@User.Title))) -> x
+D:(XA;;0x1f;;;AA;(! Member_of{SID(BA)})) -> x
+# local attributes on the RHS fail (ok on the LHS)
+D:(XA;;0x1f;;;AA;(a == a))
+D:(XA;;;;;WD;(@Device.bb == 055555624677746777766777767))
+D:(XA;;;;;WD;(@Device.bb == 0x624677746777766777767))
+D:(XA;;;;;WD;(@Device.bb == 624677746777766777767))
+D:(XA;;;;;WD;(@Device.bb == 0x10000000000000000))
diff --git a/libcli/security/tests/data/conditional_aces_windows_only.txt b/libcli/security/tests/data/conditional_aces_windows_only.txt
new file mode 100644
index 0000000..182d412
--- /dev/null
+++ b/libcli/security/tests/data/conditional_aces_windows_only.txt
@@ -0,0 +1,14 @@
+# Windows is far less fussy about case in general SDDL
+O:S-1-1-0D:(xd;;;;;WD;(Member_Of SID(S-1-1-0))) -> O:WDD:(XD;;;;;WD;(Member_of SID(WD)))
+O:s-1-1-0D:(xa;;;;;wd;(Member_Of SID(S-1-1-0))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+O:s-1-1-0D:(xa;;;;;wd;(member_of sid(s-1-1-0))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+O:s-1-1-0D:(xa;;;;;wd;(member_of(sid(s-1-1-0)))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+O:s-1-1-0D:(xa;;;;;wd;(member_of((sid(s-1-1-0))))) -> O:WDD:(XA;;;;;WD;(Member_of SID(WD)))
+# spaces in general SDDL
+D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.TEETH == "5"))(A;OICI;GA;;;BA) -> D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GXGWGR;;;AU)(XA;;FX;;;WD;(@USER.TEETH == "5"))(A;OICI;GA;;;BA)
+D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)(XA;;FX;;;S-1-1-0;(@User.title == "perambuator"))(A;OICI;GA;;;BA) -> D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GXGWGR;;;AU)(XA;;FX;;;WD;(@USER.title == "perambuator"))(A;OICI;GA;;;BA)
+D:(XA;;FR;;;S-1-1-0; (Member_of {SID(S-1-1-0), SID(BO)} && @Device.Bitlocker)) -> D:(XA;;FR;;;WD;((Member_of {SID(WD), SID(BO)}) && (@DEVICE.Bitlocker)))
+D:(XD;;FX;;;S-1-1-0; (@User.Project Any_of @Resource.Project)) -> D:(XD;;FX;;;WD;(@USER.Project Any_of @RESOURCE.Project))
+# note the odd number of characters in this octet string; implies a leading '0'
+D:AI(XA;OICI;FA;;;WD;(OctetStringType==#1#2#3##)) -> D:AI(XA;OICI;FA;;;WD;(OctetStringType == #01020300))
+D:(XA;;;;;WD;(@Device.bb == 0xffffffffffffffff)) -> D:(XA;;;;;WD;(@DEVICE.bb == 0xffffffffffffffff))
diff --git a/libcli/security/tests/data/export-sddl-fuzz-seeds-as-json b/libcli/security/tests/data/export-sddl-fuzz-seeds-as-json
new file mode 100755
index 0000000..cbff661
--- /dev/null
+++ b/libcli/security/tests/data/export-sddl-fuzz-seeds-as-json
@@ -0,0 +1,49 @@
+#!/usr/bin/python3
+"""USAGE: $ ./export-sddl-fuzz-seeds-as-json DIR [DIR[...]] > x.json
+
+Some of our fuzzers generate SDDL strings with trailing garbage.
+
+This script converts them into the JSON format used by
+windows-sddl-tests.py, though it doesn't parse the SDDL, mapping all
+strings to an empty list. The idea is you can feed this through
+windows-sddl-tests.py or something else to get the correct bytes.
+
+Valid and invalid strings are treated alike, so long as they are
+utf-8. The JSON is un-indented, but structurally equivalent to this:
+
+{
+ "D:P" : [],
+ "yertle" : [],
+ "ł\n¼" : [],
+}
+"""
+from pathlib import Path
+import sys
+import json
+
+
+def main():
+ if {'-h', '--help'}.intersection(sys.argv) or len(sys.argv) < 2:
+ print(__doc__)
+ sys.exit(len(sys.argv) < 2)
+
+ bytes_json = {}
+ for arg in sys.argv[1:]:
+ d = Path(arg)
+ for fn in d.iterdir():
+ with fn.open("rb") as f:
+ b = f.read()
+ # the SDDL string is the nul-terminated portion.
+ if 0 in b:
+ b = b[:b.index(0)]
+ try:
+ s = b.decode()
+ except UnicodeDecodeError:
+ continue
+ bytes_json[s] = []
+
+ out = json.dumps(bytes_json)
+ print(out)
+
+
+main()
diff --git a/libcli/security/tests/data/extract-sddl-seeds b/libcli/security/tests/data/extract-sddl-seeds
new file mode 100755
index 0000000..27ca407
--- /dev/null
+++ b/libcli/security/tests/data/extract-sddl-seeds
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) Catalyst IT Ltd. 2023
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+"""USAGE: extract-sddl-seeds SRCDIR SDDLDIR
+
+SRCDIR should have fuzz_security_token_vs_descriptor seeds.
+
+SDDLDIR will end up with SDDL strings representing the security
+descriptors in the seeds, along with 4 trailing bytes representing an
+access mask. This is the format used by the SDDL fuzzers.
+"""
+
+
+import sys
+sys.path.insert(0, "bin/python")
+
+from pathlib import Path
+from hashlib import md5
+from samba.ndr import ndr_unpack, ndr_pack
+from samba.dcerpc.security import token_descriptor_fuzzing_pair
+
+
+def usage(ret):
+ print(__doc__)
+ exit(ret)
+
+
+def main():
+ if {'-h', '--help'}.intersection(sys.argv):
+ usage(0)
+ if len(sys.argv) != 3:
+ usage(1)
+
+ src, dest = sys.argv[1:]
+ sp = Path(src)
+ dp = Path(dest)
+
+ raw_strings = set()
+ sddl_strings = set()
+
+ for filename in sp.iterdir():
+ with open(filename, 'rb') as f:
+ raw_strings.add(f.read())
+
+ for s in raw_strings:
+ pair = ndr_unpack(s)
+ sd = pair.sd.as_sddl()
+ mask = pair.access_desired
+ b = sd.encode() + mask.to_bytes(4, 'little')
+ sddl_strings.add(b)
+
+ for s in sddl_strings:
+ name = md5(s).hexdigest()
+ with open(dp / name, "wb") as f:
+ f.write(s)
+
+
+main()
diff --git a/libcli/security/tests/data/ndr_dumps/fileb5iJt4 b/libcli/security/tests/data/ndr_dumps/fileb5iJt4
new file mode 100644
index 0000000..c0de4da
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/fileb5iJt4
Binary files differ
diff --git a/libcli/security/tests/data/ndr_dumps/fileb8cNVS b/libcli/security/tests/data/ndr_dumps/fileb8cNVS
new file mode 100644
index 0000000..bee598e
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/fileb8cNVS
Binary files differ
diff --git a/libcli/security/tests/data/ndr_dumps/filebI7h5H b/libcli/security/tests/data/ndr_dumps/filebI7h5H
new file mode 100644
index 0000000..c98fe38
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/filebI7h5H
Binary files differ
diff --git a/libcli/security/tests/data/ndr_dumps/filebNdBgt b/libcli/security/tests/data/ndr_dumps/filebNdBgt
new file mode 100644
index 0000000..62e37ae
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/filebNdBgt
Binary files differ
diff --git a/libcli/security/tests/data/ndr_dumps/filebOjK4H b/libcli/security/tests/data/ndr_dumps/filebOjK4H
new file mode 100644
index 0000000..9a040c1
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/filebOjK4H
Binary files differ
diff --git a/libcli/security/tests/data/ndr_dumps/filebzCPTH b/libcli/security/tests/data/ndr_dumps/filebzCPTH
new file mode 100644
index 0000000..ba52884
--- /dev/null
+++ b/libcli/security/tests/data/ndr_dumps/filebzCPTH
Binary files differ
diff --git a/libcli/security/tests/data/oversize-acls.json b/libcli/security/tests/data/oversize-acls.json
new file mode 100644
index 0000000..a4559f3
--- /dev/null
+++ b/libcli/security/tests/data/oversize-acls.json
@@ -0,0 +1,20 @@
+{
+ "D:(A;OICI;FA;;;S-1-5-21-1927343755-967950539-965328874-512)(A;OICI;FA;;;S-1-5-21-1927343755-967950539-965328874-519)(A;;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;;;;AU)(A;OICI;0x1200a9;;;ED)":
+ [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 208, 0, 8, 0, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 139, 238, 224, 114, 203, 192, 177, 57, 234, 191, 137, 57, 0, 2, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 139, 238, 224, 114, 203, 192, 177, 57, 234, 191, 137, 57, 7, 2, 0, 0, 0, 0, 24, 0, 255, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 11, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 3, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 9, 0, 0, 0, 0, 0, 0, 0],
+ "D:(A;OICI;FA;;;S-1-5-21-3372605546-132586199-2553092274-512)(A;OICI;FA;;;S-1-5-21-3372605546-132586199-2553092274-519)(A;;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;;;;AU)(A;OICI;0x1200a9;;;ED)":
+ [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 208, 0, 8, 0, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 106, 224, 5, 201, 215, 26, 231, 7, 178, 24, 45, 152, 0, 2, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 106, 224, 5, 201, 215, 26, 231, 7, 178, 24, 45, 152, 7, 2, 0, 0, 0, 0, 24, 0, 255, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 11, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 3, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 9, 0, 0, 0, 0, 0, 0, 0],
+ "D:(A;OICI;FA;;;S-1-5-21-446349270-2432516025-2131592620-512)(A;OICI;FA;;;S-1-5-21-446349270-2432516025-2131592620-519)(A;;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;;;;AU)(A;OICI;0x1200a9;;;ED)":
+ [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 208, 0, 8, 0, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 214, 191, 154, 26, 185, 63, 253, 144, 172, 133, 13, 127, 0, 2, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 214, 191, 154, 26, 185, 63, 253, 144, 172, 133, 13, 127, 7, 2, 0, 0, 0, 0, 24, 0, 255, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 11, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 3, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 9, 0, 0, 0, 0, 0, 0, 0],
+ "D:(A;OICI;FA;;;S-1-5-21-926620776-2075325327-1127912823-512)(A;OICI;FA;;;S-1-5-21-926620776-2075325327-1127912823-519)(A;;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(A;OICI;;;;AU)(A;OICI;0x1200a9;;;ED)":
+ [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 208, 0, 8, 0, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 104, 28, 59, 55, 143, 243, 178, 123, 119, 149, 58, 67, 0, 2, 0, 0, 0, 3, 36, 0, 255, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 104, 28, 59, 55, 143, 243, 178, 123, 119, 149, 58, 67, 7, 2, 0, 0, 0, 0, 24, 0, 255, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 11, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 3, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 11, 0, 0, 0, 0, 3, 20, 0, 169, 0, 18, 0, 1, 1, 0, 0, 0, 0, 0, 5, 9, 0, 0, 0, 0, 0, 0, 0],
+ "D:P(D;;;;;MP)(D;;;;;MP)":
+ [1, 0, 4, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 56, 0, 2, 0, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+ "D:P(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)":
+ [1, 0, 4, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 80, 0, 3, 0, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+ "D:P(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)":
+ [1, 0, 4, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 104, 0, 4, 0, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+ "D:P(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)":
+ [1, 0, 4, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 176, 0, 7, 0, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+ "D:P(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)(D;;;;;MP)":
+ [1, 0, 4, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 4, 0, 16, 1, 11, 0, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 1, 0, 20, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 16, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+}
diff --git a/libcli/security/tests/data/registry-object-rights.json b/libcli/security/tests/data/registry-object-rights.json
new file mode 100644
index 0000000..97a64ea
--- /dev/null
+++ b/libcli/security/tests/data/registry-object-rights.json
@@ -0,0 +1 @@
+{"D:(A;;CCLCRPRC;;;WD)(A;;KA;;;BA)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 52, 0, 2, 0, 0, 0, 0, 0, 20, 0, 21, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 76, 0, 3, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-1069531106-184984463-4116541046-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 226, 191, 191, 63, 143, 163, 6, 11, 118, 110, 93, 245, 0, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-1378461354-3939386343-493233828-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 170, 166, 41, 82, 231, 67, 206, 234, 164, 38, 102, 29, 0, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-3587273675-3237974979-2131186439-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 203, 115, 209, 213, 195, 147, 255, 192, 7, 83, 7, 127, 0, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-3984653172-1380167674-707033525-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 116, 251, 128, 237, 250, 175, 67, 82, 181, 121, 36, 42, 0, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-4154349010-984067676-209295477-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 210, 85, 158, 247, 92, 174, 167, 58, 117, 152, 121, 12, 0, 2, 0, 0], "D:(A;;CCRPWPRC;;;WD)(A;;KA;;;BA)(A;;KA;;;AO)(A;;KA;;;S-1-5-21-536441700-3718478525-2547843259-512)": [1, 0, 4, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 112, 0, 4, 0, 0, 0, 0, 0, 20, 0, 49, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 36, 2, 0, 0, 0, 0, 36, 0, 63, 0, 15, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 100, 115, 249, 31, 189, 122, 163, 221, 187, 0, 221, 151, 0, 2, 0, 0], "O:BAG:SYD:(A;;KR;;;WD)(A;;KA;;;BA)(A;;KA;;;SY)": [1, 0, 4, 128, 92, 0, 0, 0, 108, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 72, 0, 3, 0, 0, 0, 0, 0, 20, 0, 25, 0, 2, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 24, 0, 63, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 20, 0, 63, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0], "O:S-1-5-21-3984653172-1380167674-707033525-1000G:S-1-22-2-50133D:(A;;0x1f019f;;;S-1-5-21-3984653172-1380167674-707033525-1000)(A;;0x1f019f;;;S-1-22-2-50133)(A;;0x1f019f;;;WD)(A;;KA;;;SY)": [1, 0, 4, 128, 128, 0, 0, 0, 156, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 108, 0, 4, 0, 0, 0, 0, 0, 36, 0, 159, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 116, 251, 128, 237, 250, 175, 67, 82, 181, 121, 36, 42, 232, 3, 0, 0, 0, 0, 24, 0, 159, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 22, 2, 0, 0, 0, 213, 195, 0, 0, 0, 0, 20, 0, 159, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 20, 0, 63, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 116, 251, 128, 237, 250, 175, 67, 82, 181, 121, 36, 42, 232, 3, 0, 0, 1, 2, 0, 0, 0, 0, 0, 22, 2, 0, 0, 0, 213, 195, 0, 0], "O:S-1-5-21-536441700-3718478525-2547843259-1000G:S-1-22-2-50133D:(A;;0x1f019f;;;S-1-5-21-536441700-3718478525-2547843259-1000)(A;;0x1f019f;;;S-1-22-2-50133)(A;;0x1f019f;;;WD)(A;;KA;;;SY)": [1, 0, 4, 128, 128, 0, 0, 0, 156, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 108, 0, 4, 0, 0, 0, 0, 0, 36, 0, 159, 1, 31, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 100, 115, 249, 31, 189, 122, 163, 221, 187, 0, 221, 151, 232, 3, 0, 0, 0, 0, 24, 0, 159, 1, 31, 0, 1, 2, 0, 0, 0, 0, 0, 22, 2, 0, 0, 0, 213, 195, 0, 0, 0, 0, 20, 0, 159, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 20, 0, 63, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 100, 115, 249, 31, 189, 122, 163, 221, 187, 0, 221, 151, 232, 3, 0, 0, 1, 2, 0, 0, 0, 0, 0, 22, 2, 0, 0, 0, 213, 195, 0, 0]} \ No newline at end of file
diff --git a/libcli/security/tests/data/short-conditional-and-resource-aces-successes.json.gz b/libcli/security/tests/data/short-conditional-and-resource-aces-successes.json.gz
new file mode 100644
index 0000000..e7f8024
--- /dev/null
+++ b/libcli/security/tests/data/short-conditional-and-resource-aces-successes.json.gz
Binary files differ
diff --git a/libcli/security/tests/data/short-conditional-and-resource-aces-tx-int.json.gz b/libcli/security/tests/data/short-conditional-and-resource-aces-tx-int.json.gz
new file mode 100644
index 0000000..e1b6157
--- /dev/null
+++ b/libcli/security/tests/data/short-conditional-and-resource-aces-tx-int.json.gz
Binary files differ
diff --git a/libcli/security/tests/data/short-ordinary-acls-v2.json.gz b/libcli/security/tests/data/short-ordinary-acls-v2.json.gz
new file mode 100644
index 0000000..1f4ef20
--- /dev/null
+++ b/libcli/security/tests/data/short-ordinary-acls-v2.json.gz
Binary files differ
diff --git a/libcli/security/tests/data/short-ordinary-acls.json.gz b/libcli/security/tests/data/short-ordinary-acls.json.gz
new file mode 100644
index 0000000..8554b7c
--- /dev/null
+++ b/libcli/security/tests/data/short-ordinary-acls.json.gz
Binary files differ
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 13:09:16 +0000