sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
135,068 Commits 60 Branches 1,144 Tags 452 MiB
3358b04a58
Commit Graph

135068 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joseph Sutton
0bd7863ec0 lib/krb5_wrap: Make use of smb_krb5_make_data() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
4896930559 libcli/security: Test hex‐escapes that should be literals 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
c755bbd6bc libcli/security: Fix code formatting 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
ac34f48ab1 libcli/security: Use ACL revision constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
37ed208701 libcli/security: Refer to UTF‐16 code units rather than to codepoints 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
a064e2f258 libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
8d4f60c844 libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
55e198fc6d libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
e1a45ec341 libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
21f765c1b9 libcli/security: Remove unused macro 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
37a32d3b40 python:tests: Remove unused import 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
c94db7d2e8 s4:auth: Correct error message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
dc73160381 s4:torture: Use SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
8b496331b9 s4:rpc_server: Use Builtin SID constant 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
4bef3fd7e9 s4:ntvfs: Use World and System SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
4405e709c0 s4:dsdb: Use Builtin SID constant 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
e6bb3a347f s4:auth: Use Anonymous and System SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
b1b7d33bd5 s4:kdc: Use Compounded Authentication and Claims Valid SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
56def24b4c libcli:security: Add Compounded Authentication and Claims Valid SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
89985f6fec s4:kdc: Use Asserted Identity SID constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
dcca6bba2a s4:dsdb: Use NULL SID constant 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
214f6c6462 libcli:security: Correct Asserted Identity SID definitions 
These definitions were the wrong way round.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
2782df62ad libcli:security: Use SELF SID constant 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
cdbb5ab7d0 libcli:security: Add SELF SID constant 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
26ff87dcfe python:tests: Fix invalid escape sequences 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
c0795c807a tests/krb5: Match filter after transforming test name 
If you just want to rerun a single test that failed, this removes the
need to successfully guess its untransformed name.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
9cb3beee75 libcli/security: Emit error message if program is too large 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
f035985dbd libcli/security: Add function to convert token claims to security attribute claims 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
a4010c9b65 libcli/security: Add some missing declarations 
so that users of this header file don’t have to declare them.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
48606c8aed libcli/security: Const‐qualify function parameters 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
f5568a0a5e libcli/security: Remove bool_value member 
‘bool_value’ has the same type as ‘uint_value’. Removing the former
avoids our having more duplicate code than is strictly necessary.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
40c5ed60ba libcli/security: Use correct union member 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Joseph Sutton
c9aab312b7 libcli/security: Add header guard 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-27 02:43:28 +00:00
Douglas Bagnall
3b6c1f1a9c libcli/security: condtional ACE recursive composites are not supported 
We can't add them via SDDL on Windows, and they aren't useful for
claims.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 27 00:41:26 UTC 2023 on atb-devel-224
 2023-09-27 00:41:26 +00:00
Douglas Bagnall
38247d39e1 libcli/security: conditional ace sddl: do not read nested composites 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
96dbc71e13 libcli/security: conditional ace sddl: do not write nested composites 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
3be69fc3dc fuzzing: fuzz_sddl_parse forgives bad utf-8 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
e4da279b1c util/str: helper to check for utf-8 validity 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
65674cde60 libcli/security: conditional ACE sddl doesn't have string escapes 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
310c25404b libcl/security: conditional ACE sddl >= ops take literal parens only 
You can't do things like '(a == b) == (c < d)'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
5650b511c1 libcli/security/sddl_conditional_ace: ban empty expressions in SDDL 
The trouble is with expressions like "(!(()))", which boil down to a
single NOT operation with no argument, which is invalid and can't be
run or expressed as SDDL.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Douglas Bagnall
b3f92b475c lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings 
There is a borderline case where a conditional ACE unicode string
becomes longer than the SDDL parser wants to handle when control
characters are given canonical escaping. This can make the round trip
fail, but it isn't really a problem.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
a2e6df0311 add comment that ace_condition_composite is not representative of the wire format 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
0ac979b2cc conditional_aces: Avoid manual parsing for ace_condition_unicode 
A consequence of this is that we remove the confusing "length"
from the IDL, as it was the internal UTF8 length, not a wire
value.  We use null terminated strings internally now.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
5f4197bfab libndr: Add support for pulling strings with LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
b9e90bae69 conditional_aces: Avoid manual parsing for ace_condition_int 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
ab531abc52 libcli/security: Check for sddl_from_conditional_ace() failure in test_sddl_conditional_ace 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
03d63fb09b libcli/security: Make failure parsing where consumed == -1 clear 
This was caught by the next condition, but this is clearer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
fe835fc348 Make blob->data pointer in ace_sid_to_claim_v1_sid() a child of the DATA_BLOB 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00
Andrew Bartlett
793b86f4cb conditional_aces: Avoid manual parsing for ace_condition_bytes, use DATA_BLOB 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2023-09-26 23:45:36 +00:00