1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1992 Commits

Author SHA1 Message Date
Douglas Bagnall
762646b5aa libcli/security: use tabs in sec_ace_object()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:35 +00:00
Douglas Bagnall
e81e98c485 libcli/security: helper to find ACEs with meaningful codas
Only Resource Attribute ACEs and Conditional ACEs are expected to have
trailing data. Others sometimes might, but we don't care what it is.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:35 +00:00
Douglas Bagnall
41e1b6957a libcli/security: helper to find resource attribute ACEs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:35 +00:00
Douglas Bagnall
617cfa0e96 libcli/security: helper to find callback/conditional aces
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26 23:45:35 +00:00
Volker Lendecke
fab08854af libsmb: Pass neg contexts through sync smbXcli_negprot_recv()
Looks much larger than it is, there's a lot of callers too feed NULL to.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 25 19:59:17 UTC 2023 on atb-devel-224
2023-09-25 19:59:17 +00:00
Volker Lendecke
a0181938c1 libcli: Correct guard #define
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
af5756df6c libsmb: Remove reparse_symlink.c
Makes reparse_buffer_marshall static to reparse.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
e5d724ca88 libsmb: Use reparse_data_buffer_marshall() in py_reparse_put()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
41274da949 libsmb: Use reparse_data_buffer_marshall() in py_reparse_symlink_put()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
ddc1f56cf1 libsmb: Add reparse_data_buffer_marshall()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Joseph Sutton
b208c8e848 libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Douglas Bagnall
da841a80e3 s3:rpc: bump named_pipe_auth_req_info version number
This is because commit f893cf85cc
changed the security token in secuirty.idl, and bumping the version
was missed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
87749b5518 libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Volker Lendecke
ebb6eb9c2f libsmb: Fix parsing symlink reparse points
Untested code is broken code. For symlinks we need to hand over the
full reparse buffer into symlink_reparse_buffer_parse(), as this is
also used for the smb2 error response handling. For that, the
"reserved" field in [MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data
Buffer is used for the "unparsed" field.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  8 17:24:19 UTC 2023 on atb-devel-224
2023-09-08 17:24:19 +00:00
Douglas Bagnall
895893478e libcli:sec:display: use macro for more ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-07 04:53:41 +00:00
Douglas Bagnall
601d60e391 libcli:sec:display: print callback ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-07 04:53:41 +00:00
Douglas Bagnall
a84e89aa71 libcli/security: create_descriptor handles unknown ACE types
Because we're going to add more ACE types.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-07 04:53:41 +00:00
Douglas Bagnall
2bf404eb5a libcli/security: make sddl_encode_sid an external function
Mirroring the last commit for sddl_decode_sid, we want to be able to
encode SIDs from sibling source files.

The dom_sid functions are insufficient for this because they don't know
the SDDL short aliases, like "WD".

sddl_transition_encode_sid() is used internally.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-07 04:53:41 +00:00
Joseph Sutton
6d012757a0 libcli/security: make sddl_decode_sid an external function
We are going to need it in for parsing SDDL for conditional ACEs and
resource ACEs, which will go in a separate file because it's huge.

This means changing the interface for `sddl_decode_sid` to that from
before 7d466a913f which introduced
sddl_transition_state to deal ease the shift to disambiguated machine/
domain/forest SIDs. Internal callers use `sddl_transition_decode_sid()`
which is the old function; external callers use the same shim pattern as
the other externally available functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-07 04:53:41 +00:00
Douglas Bagnall
909a2af954 libcli/security: rm unused sec_ace_copy()
Unused since 2014.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
882ad16138 pytest: compare Samba vs Windows SDDL security descriptors
Can Samba understand Windows security descriptors? Does it parse SDDL
the same way?

Here we test on over 7000 SDDL/descriptor pairs and find the answer
is pleasing. In later commits we will add more tests using different
classes of ACE.

The test cases are derived from fuzz seeds, exported to Windows via
the script in the last commit, with the Windows descriptor bytes found
using libcli/security/tests/windows/windows-sddl-test.py.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
741ab485b0 libcli/security: test helper script extracts fuzz SDDL
This allows us to try the fuzz seeds as SDDL on Windows, then test
that Samba matches Windows' security descriptors in the cases where
the SDDL compiles. This will find SDDL edge cases that might otherwise
be missed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
536b9a0c92 libcli/security: move Windows test script to windows subdir
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
641981c4ad libcli/security: rewrite SDDL tests for running on Windows
This script never worked well because it had to shell out to
Powershell, which never worked well due to syntax conflicts and
Powershell's specialness. The attempted ctypes version did not work,
due to the difficulty in expressing things like "relative
PSECURITY_DESCRIPTOR" in ctypes.

It turns out that pywin32 is easy to install and use, and we can
extract the NDR bytes which is far more useful than just testing if
the SDDL parses.

On Windows:

1. install Python from python.org
2. run `pip install pywin32`
3. copy e.g. libcli/security/tests/data/conditional-aces.txt to Windows
4. run `python windows-sddl-tests.py conditional-aces.txt`
5. add `--help` to see how to export descriptor bytes.

The default output is a whole lot of multi-coloured text, indicating
what failed and what didn't.

With --export-json it writes a JSON file mapping SDDL strings to NDR
byte sequences, which can be used to compare with Samba's attempts. If
you are only interested in --export-json, you might also like --quiet.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
a24ba4ea22 libcli/security: add some test more Windows SDDL test strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
3c30079095 libcli/security: script to turn token/descriptor pairs into sddl
We fuzz security descriptors in a couple of different ways, and this
maps seeds from one form into the other. The SDDL examples can also be
used in Windows tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
55cc6b52c0 libcli/security: remove unused tmp_ctx in calculate_inherited_from_parent()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
c1621d3492 libcli/security: avoid leak in calculate_inherited_from_parent()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
26722348b9 libcli/security: used sec_ace_object() in sddl encoding
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
c73034cf7c librpc/security.idl: adjust size calculations for upcoming ace types
Soon we will get Conditional ACEs and Resource Attribute ACES, each of
which have trailing bytes at the end of the ACE. Here's a diagram:

              ____      The ACE size field may indicate a size bigger
  .type      /    |     than the known parts, even when you take
  .flags    /     |     rounding to a multiple of four into account.
  .size  --'      |     This extra data is meaningful in some ACEs.
  .access_mask    |
  .trustee (sid) _|  <- known data ends here.
                  :
   "coda"      ___:  <- the trailing part, Zero size unless the size
                        field points beyond the end of the known data.
			Probably empty for ordinary ACE types.

Until now we have thrown away these extra bytes, because they have no
meaning in the ACE types we recognise. But with conditional and
resource attribute ACEs we need to catch and process these bytes, so
we add an extra field for that.

Thus we can drop the manually written ndr_pull_security_ace() that
discarded the trailing bytes, because we just allow it to be pulled
into an unused blob. In the very common case, the blob will be empty.

Microsoft does not use a common name across different ACE types to
describe this end-data -- "coda" is a Samba term.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
47edd41bc9 libcli/security: sddl ACL decode avoids early splitting on parenthesis
Soon we will have Conditional ACEs and Resource Attribute ACEs. It is
expected --indeed mandatory-- that the SDDL representations of these
ACEs will contain parentheses, so we can't use '(' and ')' to decide
where ACEs stop and start.

This means shifting where we make a mutable copy of the SDDL string
from per-ACE to per-ACL, and allowing sddl_decode_ace() to decide when
its ACE is finished.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:31 +00:00
Douglas Bagnall
43e017d3b4 libcli/security/pysecurity: use NULL to mean NULL in C
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-24 02:53:30 +00:00
Volker Lendecke
2c6a01c892 libcli: Add required #includes to smbXcli_base.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-22 16:45:31 +00:00
Joseph Sutton
593a7fb638 libcli/auth: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-21 23:37:29 +00:00
Volker Lendecke
ac738e303e lib: Move few bytes of R/W data to R/O text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-14 19:53:37 +00:00
Volker Lendecke
8ad55c382a libsmb: Move symlink_reparse_buffer_parse() to reparse.c
The goal of this is to eventually remove reparse_symlink.c once we
have marshalling routines for symlinks in reparse.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Volker Lendecke
e99e676bd2 libsmb: Some README.Coding for symlink_reparse_buffer_parse()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Volker Lendecke
e71a6ab5dd pylibsmb: Use reparse_data_buffer_parse()
Remove the last direct caller of symlink_reparse_buffer_parse()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Volker Lendecke
e20919af5b libsmb: Use reparse_data_buffer_parse() to get symlink error resp
Gets a nicer error message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Volker Lendecke
97ba7b681f libcli: Add general reparse point data parsing
When we retrieve reparse point data, we don't know before what we
get. Right now all we do is expect a symlink, but we could get other
types as well.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Volker Lendecke
9831fbeb8f libcli: Make symlink_reparse_buffer_parse() more flexible
Allow the destination struct to be preallocated

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-10 13:40:31 +00:00
Douglas Bagnall
f404ef3c2a libcli:auth:sess_crypt_blob: ensure key has 7 bytes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:39 +00:00
Joseph Sutton
38b93532a7 libcli/security: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
aa0cddad52 libcli/security: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
dbf53bf3d5 libcli/security: Fix integer overflow
On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
5cf61ed2e3 libcli/security: Remove unused function sid_compare_domain()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
3870e00fc5 libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain()
The two functions are identical in behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
f05ed66295 libcli/auth: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
45ef3ab99c smbXcli: Remove call to utf16_len_n()
This code was probably intended to refer to ‘blob1’ rather than to
‘blob2’. As it is, it fails to achieve anything.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
d6a6dcc0c6 libcli/ldap: Don’t try to encode NULL name
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00