1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

394 Commits

Author SHA1 Message Date
Volker Lendecke
ac738e303e lib: Move few bytes of R/W data to R/O text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-08-14 19:53:37 +00:00
Joseph Sutton
38b93532a7 libcli/security: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
aa0cddad52 libcli/security: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
dbf53bf3d5 libcli/security: Fix integer overflow
On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
5cf61ed2e3 libcli/security: Remove unused function sid_compare_domain()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
3870e00fc5 libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain()
The two functions are identical in behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
748cbac2fa libcli/security: Cast isupper() argument to ‘unsigned char’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
60f4d873b7 libcli/security: Remove unnecessary code
The revision has already been set at the start of this function.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Volker Lendecke
12cbb043d1 libcli: Simplify security_token_is_sid()
Avoid an explicit if-statement.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Volker Lendecke
9e2723988e libcli: Simplify dom_sid_dup()
We have sid_copy() for this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Volker Lendecke
59694ad0a4 rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-05-16 11:54:32 +00:00
Volker Lendecke
ebbb93cc7a rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
5e8c7192ba libcli: Add security_token_count_flag_sids()
To be used in a few places when checking special-case Samba SIDs.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Douglas Bagnall
848bce061a libcli/security/tests: test strings for windows and samba SDDL tests
These are produced by editing `python/samba/test/sddl.py to enable
`test_write_test_strings`, the running `make test TESTS='sddl\\b'`.

The windows executable from the C file added in a recent commit can
run these tests using the `-i` flag.

The Samba sddl.py tests can be induced to use them too, but that is
only useful for showing they are still in sync.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Noel Power
d36bab52d0 s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.

While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)

Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.

adjust
  samba4.blackbox.samba-tool_ntacl
  samba3.blackbox.large_acl
  samba.tests.samba_tool.ntacl
  samba.tests.ntacls
  samba.tests.posixacl

so various string comparisons of the sddl format now pass

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
 numbers, eg 0x001]
2023-04-28 02:15:36 +00:00
Noel Power
0a153c1d58 s3/utils: value for ace_flags value "FA" is incorrect
value for FA should be 0x001f01ff  (instead of 0x00001ff)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c0d477738e libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
Before we would take strings in a variety of lengths and formats,
which is not what Windows does or [MS-DTYP] says.

This was found by looking at evolved fuzz seeds. Note the 16 and 32
byte sequences in GUID position below:

$ hd $(ls -t seeds/fuzz_sddl_parse/* | head -1)| head
00000000  44 3a 41 52 50 50 50 50  50 28 4f 4c 3b 3b 46 57  |D:ARPPPPP(OL;;FW|
00000010  3b 30 7e ff ff ff ff ff  ff ff 2d 31 38 f5 ff ff  |;0~.......-18...|
00000020  fb 3b 3b 52 43 29 28 4f  44 3b 3b 46 57 3b 3b 3b  |.;;RC)(OD;;FW;;;|
00000030  52 43 29 28 4f 44 3b 3b  46 57 3b 30 30 ff ff ff  |RC)(OD;;FW;00...|
00000040  fb 30 e9 9b 3c cf e6 f5  ff ff fb 3b 3b 52 43 29  |.0..<......;;RC)|
00000050  28 4f 44 3b 3b 46 57 43  52 3b 3b 3b 52 43 29 28  |(OD;;FWCR;;;RC)(|
00000060  4f 44 3b 3b 46 58 47 52  3b 3b 33 43 43 35 38 37  |OD;;FXGR;;3CC587|
00000070  32 35 44 44 44 44 44 44  44 44 44 44 44 44 44 44  |25DDDDDDDDDDDDDD|
00000080  44 44 44 44 44 44 44 44  44 44 3b 52 43 29 28 4f  |DDDDDDDDDD;RC)(O|
00000090  44 3b 3b 46 58 3b 3b 3b  52 43 29 28 4f 44 3b 3b  |D;;FX;;;RC)(OD;;|

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
46793d384e libcli:security:sddl_decode_access allows spaces between flags
because Windows does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
e7445aa677 libcli:security: sddl_decode_ace: don't allow junk after SID
sddl_decode_sid() will stop at the first non-SID character. Windows
doesn't allow white space here, and nor do we.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c67f2292cb libcli/security: sddl_decode_access rejects trailing rubbish
Before we just ignored things like negative numbers, because they'd
end up being seen as not-numbers, so treated as flags, then as
not-flags.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
faf1b80a90 libcli:security: sddl_map_flags rejects trailing nonsense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
d9e1fa3456 libcli/security: SDDL parse tests to run on Windows
The C version tests the public SDDL API on Windows which seems to follow
Active Directory closely, though case in hex numbers is reversed vis-a-vis
defaultSecurityDescriptor.

The python version is less refined and tests powershell functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
16d2687cc7 libcli/security: do not pad sddl flags with zeros
We don't see this happening on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
251da186bf libcli/security: ace type is not enum not flags
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
56da318cee libcli/security: disallow sddl access masks greater than 32 bits
Our previous behaviour (at least with glibc) was to clip off the extra
bits, so that 0x123456789 would become 0x23456789. That's kind of the
obvious thing, but is not what Windows does, which is to saturate the
value, rounding to 0xffffffff. The effect of this is to turn on all
the flags, which quite possibly not what you meant.

Now we just return an error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
11add4d631 libcli/security: allow decimal/octal numbers in SDDL access mask
This follows Windows and [MS-DTYP].

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
5abd687fce lib/sec/sddl: allow empty non-trailing ACL with flags
The string "S:D:P" is parsed by us and Windows into a valid struct,
which has an empty DACL with the PROTECTED flag, and an empty SACL.
This is reconstructed in canonical order as "D:PS:", which Windows
will correctly parse, but Samba has assumed the "S" is a bad DACL
flag. Now we don't make that assumption.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
b621c59f64 libcli/sec/sddl decode: allow hex numbers in SIDs
These occur canonically when the indentifier authority is > 2^32, but
also are accepted by Windows for any number.

There is a tricky case with an "O:" or "G:" SID that is immediately
followed by a "D:" dacl, because the "D" looks like a hex digit. When
we detect this we need to subtract one from the length.

We also need to do look out for trailing garbage. This was not an
issue before because any string caught by the strspn(...,
"-0123456789") would be either rejected or fully comsumed by
dom_sid_parse_talloc(), but with hex digits, a string like
"S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and
the "x0xabcxxx-X" would be skipped over. That's why we switch to using
dom_sid_parse_endp(), so we can compare the consumed length to the
expected length.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
22fe657c8a libcli/sec/sddl decode: don't ignore random junk.
previously a string could have anything in it, so long as every second
character was ':'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4f5737cbf2 libcli/security/dom_sid: use (unsigned char) in isdigit()
The man page notes:

       The standards require that the argument c for these functions
       is either EOF or a value that is representable in the type
       unsigned char.  If the argument c is of type char, it must be
       cast to unsigned char, as in the following example:

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1149d39159 libcli/security/dom_sid: hex but not octal is OK for sub-auth
Following Windows, the numbers that would be octal (e.g. "0123") are
converted to decimal by skipping over the zeros.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
67ff4ca200 libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
b3cff5636b libcli/security: stricter identauth parsing
We don't want octal numbers or overflows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
6f37f8324c libcli/security: avoid overflow in revision number
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
2398faef23 libcli/security/dom_sid: remove a couple of lost comments
The second one came with code obsoleting the "BIG NOTE" about 10 years
ago, but that code later wandered off somewhere else.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Andreas Schneider
e38f7cf4f1 libcli:security: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-04-27 14:25:38 +00:00
Joseph Sutton
6d2d1e7df4 CVE-2023-0614 libcli/security: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:34 +00:00
Joseph Sutton
a205568e98 libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-31 08:29:32 +00:00
Stefan Metzmacher
bb09c06d6d libcli/security: rewrite calculate_inherited_from_parent()
This allows us to pass the new tests we just added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Joseph Sutton
1a625702e8 libcli/security: Correctly handle ACL deletion
If there were two consecutive occurrences of an ACL to be deleted, we
would miss the second one.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 18:40:31 +00:00
Stefan Metzmacher
2c02378029 libcli/security: add security_descriptor_[s|d]acl_insert() helpers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Stefan Metzmacher
c3cb915a67 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
Often it is important to insert an ace at a specific position in the
ACL. As a default we still append by default by using -1, which is the
generic version of passing the number of existing aces.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Joseph Sutton
be1aae77b7 libcli/security: Reorder SDDL access flags table to match Windows
This means that encoding an ACE in string form will now match Windows.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 21 01:19:16 UTC 2023 on atb-devel-224
2023-03-21 01:19:16 +00:00
Stefan Metzmacher
f3fad5a189 libcli/security: prepare sddl machine/forest_sid handling
In future we need to pass in 3 sids to sddl_encode()

Once we pass in a machine_sid from the caller we need to
have a test on a Windows member if the .machine_rid values
really belong to the local machine sid.
At least [MS-DTYP] 2.4.2.4 Well-Known SID Structures
pretents "LA" and "LG" are relative to the local machine sid.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 20 10:53:41 UTC 2023 on atb-devel-224
2023-03-20 10:53:41 +00:00
Stefan Metzmacher
bd327f7d7a libcli/security: simplify sddl_encode_sid()
We should walk the sid_codes array just once.
This makes further changes easier...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-20 09:54:29 +00:00
Stefan Metzmacher
8f4aced365 libcli/security: simplify rid-based SDDL sid strings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-20 09:54:29 +00:00
Stefan Metzmacher
7d466a913f libcli/security: introduce struct sddl_transition_state
In future we'll need more than 'domain_sid' in order
to do the correct transition of SDDL to/from security_descriptor.

In the end we most likely add an
sddl_transition_{create,encode,decode}() api in order
to allow the caller to create an sddl_transition_state
once and then pass it to multiple calls to encode/decode.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-20 09:54:29 +00:00
Volker Lendecke
0195f8bc9a lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
8faccb6e19 lib: Remove a talloc_stackframe()
This made sense before we used dom_sid_str_buf() in the DEBUG
statements.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
d76ec8519e libcli/security: Avoid includes.h
Don't rebuild libcli/security when not necessary

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
04379c0bcf lib: librpc/gen_ndr/security.h needs DATA_BLOB
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
2ac2c05561 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Joseph Sutton
e20067c52d auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
8ef6e7dba7 libcli/security: Add auth_SidAttr utility functions
These functions are modelled on add_sid_to_array() and
add_sid_to_array_unique(). They differ in that they operate not on an
array of dom_sid, but of auth_SidAttr, and take an additional 'attrs'
parameter of type uint32_t.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
16746593db libcli/security: Make null_sid static const, not just const
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
7ec569b3a6 libcli/security: Fix function header comments in SID handling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Christian Merten
6501e4f00e libcli security/sddl: Make sddl_encode_ace visible
Removed static flag from sddl_encode_ace and added to headers.

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Merten <christian@merten.dev>
2022-09-27 16:46:35 +00:00
Christian Merten
1a9aac53e8 libcli security_descriptor: Compare object type and inherited object type when comparing ACEs
Fixed security_ace_equal returning true, despite differing object type, by checking (inherited) object type
of both ACEs is equal.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27 16:46:35 +00:00
Christian Merten
7efe673fbd libcli security_descriptor: Add function to delete a given ace from a security descriptor
Two functions have been added to delete a given ace from the SACL or the DACL of a security descriptor.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27 16:46:35 +00:00
Nadezhda Ivanova
5073d5997c CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
The implicit right of an object's owner to modify its security
descriptor no longer exists, according to the new access rules. However,
we continue to grant this implicit right for fileserver access checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 02:32:36 +00:00
Joseph Sutton
45f2e3631e libcli/security: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-14 07:21:29 +00:00
Joseph Sutton
1137ebc654 sddl: Remove SDDL SID strings unsupported by Windows
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Joseph Sutton
732d17a129 sddl: Add new SDDL SID strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Joseph Sutton
e61fa573fe sddl: Fix incorrect SDDL SID strings
Change the values to match those used by Windows.

Verified with PowerShell commands of the form:
New-Object Security.Principal.SecurityIdentifier ER

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Volker Lendecke
e5b446fe11 libcli: Simplify get_sec_mask_str()
Use talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
34c08da059 libcli: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
423e5726d2 libcli: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
f24b2163be libcli: Simplify security_session_user_level()
Use sid_compose(), use struct dom_sid on the stack.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
70b1260020 libcli: Introduce a helper variable in security_session_user_level()
Makes it easier to read for me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
82281ca34f libcli: Remove unused security_token_has_sid_string()
This should have been removed in ef990008f2, I just was not aware
it's there...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
e2256c99a6 smbd: Make SID_SAMBA_SMB3 a static SID
No need to parse it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
ef990008f2 libcli: Remove unused security_token_is_sid_string()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-24 23:55:32 +00:00
Volker Lendecke
df4c03d524 lib: Add required #includes
dom_sid.h itself references talloc, and security.h references
DATA_BLOB.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-21 00:13:32 +00:00
Volker Lendecke
58c6c031f5 libcli: Fix parsing access flags from multiple tables
We have to look at all available mappings for parsing sddl for each
special flag set. "GW" and "FX" come from two different tables, but
the previous code settled on one table and then expected both "GW" and
"FX" to come from that same table. Change the code to look at all
tables per special flag set.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 21 00:04:36 UTC 2021 on sn-devel-184
2021-04-21 00:04:36 +00:00
Volker Lendecke
e030355643 libcli: Factor out sddl_map_flag()
We have to look at more than one map, "FRSD" is not correctly handled
right now for example. This factors out walking a map to make walking
multiple maps easier.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-20 23:19:28 +00:00
Volker Lendecke
dab8e9eb4a libcli: Simplify sddl_encode_ace()
Use GUID_buf_string() instead of GUID_string() for encoding objects,
no need to check for NULL anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-19 18:18:32 +00:00
Volker Lendecke
249b0e3202 libcli: Add file specific access flags to sddl
See

https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings

for reference.

We can only use them for decoding, many of our tests depend on our
string representation of the flags.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-24 20:31:30 +00:00
Volker Lendecke
90ea83b754 libcli: make_sec_acl() copies the ace_list, make that const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:38 +00:00
Volker Lendecke
7aaefd6f46 lib: Remove unused security_descriptor_append()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-19 22:56:40 +00:00
Volker Lendecke
a61ed4df0e libcli: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:33 +00:00
Volker Lendecke
bb8d333070 libcli: Don't leave a pointer uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:32 +00:00
Volker Lendecke
9b453f475f libcli: Remove a pointless if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:32 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Ralph Boehme
2327471756 lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
2020-08-03 22:21:02 +00:00
Ralph Boehme
0b9ddce90c libcli: simplify an if condition
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-30 01:17:36 +00:00
Gary Lockyer
13a2f70a4d Fix clang 9 missing-field-initializer warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Volker Lendecke
3d9d984944 libcli: Use ARRAY_DEL_ELEMENT() in security_descriptor_acl_del()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:31 +00:00
Andrew Bartlett
5c1867ba45 py3: Remove #define PyInt_FromLong PyLong_FromLong
This allows us to end the use of Python 2/3 compatability macros.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power
2020-03-23 19:12:43 +00:00
Volker Lendecke
bf531c249d libcli: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-30 12:27:40 +00:00
Volker Lendecke
ba97f408d8 lib: Remove an unused variable from security_token_debug()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-01-03 00:04:43 +00:00
Douglas Bagnall
95a5140db3 pysecurity: use unsigned int, not int to approximate uint32_t
the "I" flag for unsigned int has been available since Python 2.3

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:26 +00:00
Douglas Bagnall
99c43354ef libcli/pysecurity: use pytalloc_get_name to avoid NULL deref
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:25 +00:00
Swen Schillig
39a518b671 libcli: Update all consumers of strtoul_err(), strtoull_err() to new API
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-06-30 11:32:18 +00:00
Andrew Bartlett
3e197d4370 libcli/security: Remove unused dup_sec_desc_buf()
This has been unused since before
762e7e1dff in 2003.

Found by callcatcher

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-22 05:59:14 +00:00
Noel Power
cbdd3d0c26 squash 'cast between incompatible function types' warning
To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-05-16 17:55:17 +00:00
Swen Schillig
beb3012e3f libcli: Update error check for new string conversion wrapper
The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-04-11 22:29:27 +00:00
Andrew Bartlett
fdb6305c86 build: Remove bld.gen_python_environments()
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Volker Lendecke
d7de2f7748 lib: Remove "struct sid_parse_ret" again
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Volker Lendecke
e18610a197 lib: Make sid_parse return the parsed length
Use a temporary struct as a return value to make the compiler catch all
callers. If we just changed bool->ssize_t, this would just generate a
warning. struct sid_parse_ret will go away in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Ralph Boehme
8d355dd976 libcli/security: fix handling of deny type ACEs in access_check_max_allowed()
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-04 18:11:16 +00:00