1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

394 Commits

Author SHA1 Message Date
Volker Lendecke
04379c0bcf lib: librpc/gen_ndr/security.h needs DATA_BLOB
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
2ac2c05561 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Joseph Sutton
e20067c52d auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
8ef6e7dba7 libcli/security: Add auth_SidAttr utility functions
These functions are modelled on add_sid_to_array() and
add_sid_to_array_unique(). They differ in that they operate not on an
array of dom_sid, but of auth_SidAttr, and take an additional 'attrs'
parameter of type uint32_t.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
16746593db libcli/security: Make null_sid static const, not just const
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
7ec569b3a6 libcli/security: Fix function header comments in SID handling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Christian Merten
6501e4f00e libcli security/sddl: Make sddl_encode_ace visible
Removed static flag from sddl_encode_ace and added to headers.

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Merten <christian@merten.dev>
2022-09-27 16:46:35 +00:00
Christian Merten
1a9aac53e8 libcli security_descriptor: Compare object type and inherited object type when comparing ACEs
Fixed security_ace_equal returning true, despite differing object type, by checking (inherited) object type
of both ACEs is equal.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27 16:46:35 +00:00
Christian Merten
7efe673fbd libcli security_descriptor: Add function to delete a given ace from a security descriptor
Two functions have been added to delete a given ace from the SACL or the DACL of a security descriptor.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27 16:46:35 +00:00
Nadezhda Ivanova
5073d5997c CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
The implicit right of an object's owner to modify its security
descriptor no longer exists, according to the new access rules. However,
we continue to grant this implicit right for fileserver access checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 02:32:36 +00:00
Joseph Sutton
45f2e3631e libcli/security: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-14 07:21:29 +00:00
Joseph Sutton
1137ebc654 sddl: Remove SDDL SID strings unsupported by Windows
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Joseph Sutton
732d17a129 sddl: Add new SDDL SID strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Joseph Sutton
e61fa573fe sddl: Fix incorrect SDDL SID strings
Change the values to match those used by Windows.

Verified with PowerShell commands of the form:
New-Object Security.Principal.SecurityIdentifier ER

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 23:11:37 +00:00
Volker Lendecke
e5b446fe11 libcli: Simplify get_sec_mask_str()
Use talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
34c08da059 libcli: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
423e5726d2 libcli: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
f24b2163be libcli: Simplify security_session_user_level()
Use sid_compose(), use struct dom_sid on the stack.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
70b1260020 libcli: Introduce a helper variable in security_session_user_level()
Makes it easier to read for me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
82281ca34f libcli: Remove unused security_token_has_sid_string()
This should have been removed in ef990008f2, I just was not aware
it's there...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
e2256c99a6 smbd: Make SID_SAMBA_SMB3 a static SID
No need to parse it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
ef990008f2 libcli: Remove unused security_token_is_sid_string()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-24 23:55:32 +00:00
Volker Lendecke
df4c03d524 lib: Add required #includes
dom_sid.h itself references talloc, and security.h references
DATA_BLOB.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-21 00:13:32 +00:00
Volker Lendecke
58c6c031f5 libcli: Fix parsing access flags from multiple tables
We have to look at all available mappings for parsing sddl for each
special flag set. "GW" and "FX" come from two different tables, but
the previous code settled on one table and then expected both "GW" and
"FX" to come from that same table. Change the code to look at all
tables per special flag set.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 21 00:04:36 UTC 2021 on sn-devel-184
2021-04-21 00:04:36 +00:00
Volker Lendecke
e030355643 libcli: Factor out sddl_map_flag()
We have to look at more than one map, "FRSD" is not correctly handled
right now for example. This factors out walking a map to make walking
multiple maps easier.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-20 23:19:28 +00:00
Volker Lendecke
dab8e9eb4a libcli: Simplify sddl_encode_ace()
Use GUID_buf_string() instead of GUID_string() for encoding objects,
no need to check for NULL anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-04-19 18:18:32 +00:00
Volker Lendecke
249b0e3202 libcli: Add file specific access flags to sddl
See

https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings

for reference.

We can only use them for decoding, many of our tests depend on our
string representation of the flags.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-24 20:31:30 +00:00
Volker Lendecke
90ea83b754 libcli: make_sec_acl() copies the ace_list, make that const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-22 19:54:38 +00:00
Volker Lendecke
7aaefd6f46 lib: Remove unused security_descriptor_append()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-19 22:56:40 +00:00
Volker Lendecke
a61ed4df0e libcli: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:33 +00:00
Volker Lendecke
bb8d333070 libcli: Don't leave a pointer uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:32 +00:00
Volker Lendecke
9b453f475f libcli: Remove a pointless if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02 21:30:32 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Ralph Boehme
2327471756 lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
2020-08-03 22:21:02 +00:00
Ralph Boehme
0b9ddce90c libcli: simplify an if condition
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-30 01:17:36 +00:00
Gary Lockyer
13a2f70a4d Fix clang 9 missing-field-initializer warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Volker Lendecke
3d9d984944 libcli: Use ARRAY_DEL_ELEMENT() in security_descriptor_acl_del()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:31 +00:00
Andrew Bartlett
5c1867ba45 py3: Remove #define PyInt_FromLong PyLong_FromLong
This allows us to end the use of Python 2/3 compatability macros.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power
2020-03-23 19:12:43 +00:00
Volker Lendecke
bf531c249d libcli: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-30 12:27:40 +00:00
Volker Lendecke
ba97f408d8 lib: Remove an unused variable from security_token_debug()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-01-03 00:04:43 +00:00
Douglas Bagnall
95a5140db3 pysecurity: use unsigned int, not int to approximate uint32_t
the "I" flag for unsigned int has been available since Python 2.3

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:26 +00:00
Douglas Bagnall
99c43354ef libcli/pysecurity: use pytalloc_get_name to avoid NULL deref
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-22 22:20:25 +00:00
Swen Schillig
39a518b671 libcli: Update all consumers of strtoul_err(), strtoull_err() to new API
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-06-30 11:32:18 +00:00
Andrew Bartlett
3e197d4370 libcli/security: Remove unused dup_sec_desc_buf()
This has been unused since before
762e7e1dff in 2003.

Found by callcatcher

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-22 05:59:14 +00:00
Noel Power
cbdd3d0c26 squash 'cast between incompatible function types' warning
To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-05-16 17:55:17 +00:00
Swen Schillig
beb3012e3f libcli: Update error check for new string conversion wrapper
The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-04-11 22:29:27 +00:00
Andrew Bartlett
fdb6305c86 build: Remove bld.gen_python_environments()
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Volker Lendecke
d7de2f7748 lib: Remove "struct sid_parse_ret" again
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Volker Lendecke
e18610a197 lib: Make sid_parse return the parsed length
Use a temporary struct as a return value to make the compiler catch all
callers. If we just changed bool->ssize_t, this would just generate a
warning. struct sid_parse_ret will go away in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Ralph Boehme
8d355dd976 libcli/security: fix handling of deny type ACEs in access_check_max_allowed()
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-04 18:11:16 +00:00
Ralph Boehme
9722f75757 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs
We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.

We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:

-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
   IF DACL does not contain ACEs from object owner THEN
       Remove READ_CONTROL and WRITE_DAC from RemainingAccess
       Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
   END IF
END IF

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-04 18:11:16 +00:00
Swen Schillig
58e2c15344 libcli: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-01 00:32:11 +00:00
Ralph Boehme
5cf0764bc4 libcli/security: add "Owner Rights" calculation to access_check_max_allowed()
This was missing in 44590c1b70.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144
2019-02-28 19:18:16 +00:00
Andreas Schneider
99c2a24eb8 sddl: Use C99 initializer for sid_codes
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-28 10:29:23 +01:00
Andreas Schneider
9c507e98f0 libcli:security: Return early if there are no aces to duplicate
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 12 22:18:52 CET 2018 on sn-devel-144
2018-12-12 22:18:52 +01:00
Andreas Schneider
e7a8e4e643 libcli:security: Do not duplicate invalid aces
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-12-12 18:34:11 +01:00
Ralph Boehme
2de5f06d39 libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-12-05 08:12:16 +01:00
Volker Lendecke
0d5287fb96 libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
b289d15b85 libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
1ff8598d46 libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:28 +01:00
Volker Lendecke
c2b9b574b2 lib: Make dom_sid_string_buf static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov  3 00:23:31 CET 2018 on sn-devel-144
2018-11-03 00:23:31 +01:00
Volker Lendecke
8b9d362219 lib: Add dom_sid_str_buf
This is modeled after server_id_str_buf, which as an API to me is easier to
use: I can rely on the compiler to get the buffer size right.

It is designed to violate README.Coding's "Make use of helper variables", but
as this API is simple enough and the output should never be a surprise at all,
I think that's worth it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  2 20:11:11 CET 2018 on sn-devel-144
2018-11-02 20:11:11 +01:00
Volker Lendecke
831ee63f54 lib: Add error checks in dom_sid_string_buf
Also, avoid casts by using PRIxxx macros

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-02 17:03:26 +01:00
Volker Lendecke
74de5a5d25 lib: Avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-10-25 17:58:24 +02:00
Tim Beale
ba46578f97 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights
An 'Object Access Allowed' ACE that assigned 'Control Access' (CR)
rights to a specific attribute would not actually grant access.

What was happening was the remaining_access mask for the object_tree
nodes would be Read Property (RP) + Control Access (CR). The ACE mapped
to the schemaIDGUID for a given attribute, which would end up being a
child node in the tree. So the CR bit was cleared for a child node, but
not the rest of the tree. We would then check the user had the RP access
right, which it did. However, the RP right was cleared for another node
in the tree, which still had the CR bit set in its remaining_access
bitmap, so Samba would not grant access.

Generally, the remaining_access only ever has one bit set, which means
this isn't a problem normally. However, in the Control Access case there
are 2 separate bits being checked, i.e. RP + CR.

One option to fix this problem would be to clear the remaining_access
for the tree instead of just the node. However, the Windows spec is
actually pretty clear on this: if the ACE has a CR right present, then
you can stop any further access checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-14 13:57:16 +02:00
Tim Beale
c107e2d675 CVE-2018-10919 security: Add more comments to the object-specific access checks
Reading the spec and then reading the code makes sense, but we could
comment the code more so it makes sense on its own.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-14 13:57:15 +02:00
Tim Beale
21d628e045 CVE-2018-10919 security: Move object-specific access checks into separate function
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.

This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-14 13:57:15 +02:00
Ralph Boehme
bc2beedfa2 libcli: remove unused se_create_child_secdesc_buf()
Commit e2c9ad93cb removed the last caller
of this.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  9 19:18:44 CEST 2018 on sn-devel-144
2018-05-09 19:18:43 +02:00
Stefan Metzmacher
8a1c930e1b libcli/security: add dom_sid_is_valid_account_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:52 +01:00
Stefan Metzmacher
da39e74c39 libcli/security: fix some SID values in comments
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 16 19:47:15 CET 2018 on sn-devel-144
2018-03-16 19:47:15 +01:00
Ralph Boehme
f564847c8e libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-15 21:54:16 +01:00
Stefan Metzmacher
d7780c6686 libcli/security: add dom_sid_lookup_predefined_{sid,name}()
This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database
and Corresponding View.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-21 14:19:19 +01:00
Volker Lendecke
01a54627a0 lib: Save a few bytes of .text
Looks surprising, but this does save bytes if you look at the object with
"size".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-13 23:54:47 +01:00
Volker Lendecke
b0e2c669e1 libcli: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-13 23:54:46 +01:00
Andrew Bartlett
544084d4a2 libcli/security: Move debug message to DBG_DEBUG()
This message shows up a lot at level 6 for no particularly good reason

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-07 06:56:27 +02:00
Lumir Balhar
022aa5ea34 python: Port samba.security to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-09-06 11:35:18 +02:00
Ralph Boehme
a58b54a334 libcli/security: fix dom_sid_in_domain()
Ensure the SID has exactly one component more then the domain SID, eg

Domain SID: S-1-5-21-1-2-3
SID:        S-1-5-21-1-2-3-4

This will return true. If the SID has more components, eg

SID: S-1-5-21-1-2-3-4-5, or
SID: S-1-5-21-1-2-3-4-5-6-7-8

dom_sid_in_domain() must return false.

This was verified against Windows:

     lsa_LookupSids: struct lsa_LookupSids
        out: struct lsa_LookupSids
            domains                  : *
                domains                  : *
                    domains: struct lsa_RefDomainList
                        count                    : 0x00000002 (2)
                        domains                  : *
                            domains: ARRAY(2)
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x000e (14)
                                        size                     : 0x0010 (16)
                                        string                   : *
                                            string                   : 'BUILTIN'
                                    sid                      : *
                                        sid                      : S-1-5-32
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x0012 (18)
                                        size                     : 0x0014 (20)
                                        string                   : *
                                            string                   : 'W4EDOM-L4'
                                    sid                      : *
                                        sid                      : S-1-5-21-278041429-3399921908-1452754838
                        max_size                 : 0x00000020 (32)
            names                    : *
                names: struct lsa_TransNameArray
                    count                    : 0x00000004 (4)
                    names                    : *
                        names: ARRAY(4)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_USER (1)
                                name: struct lsa_String
                                    length                   : 0x001a (26)
                                    size                     : 0x001a (26)
                                    string                   : *
                                        string                   : 'Administrator'
                                sid_index                : 0x00000001 (1)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x005c (92)
                                    size                     : 0x005e (94)
                                    string                   : *
                                        string                   : 'S-1-5-21-278041429-3399921908-1452754838-500-1'
                                sid_index                : 0xffffffff (4294967295)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_ALIAS (4)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001c (28)
                                    string                   : *
                                        string                   : 'Administrators'
                                sid_index                : 0x00000000 (0)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001e (30)
                                    string                   : *
                                        string                   : 'S-1-5-32-544-9'
                                sid_index                : 0xffffffff (4294967295)
            count                    : *
                count                    : 0x00000002 (2)
            result                   : STATUS_SOME_UNMAPPED

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-12 01:41:14 +02:00
Stefan Metzmacher
ac2622ee86 libcli/security: add SID_NAME_LABEL to sid_type_lookup()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Volker Lendecke
a4733c7fde libcli: Add an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Volker Lendecke
a3737ef6bc libcli: Do not overwrite pointer on realloc failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Volker Lendecke
c66f57d1de lib: Add required prerequisites for librpc/gen_ndr/security.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Jeremy Allison
29b02cf22f lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.

When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.

E.g. The current logic has:

An ACL containining:

[0] SID: S-1-3-4
    TYPE: DENY
    MASK: WRITE_DATA
[1] SID: S-1-3-4
    TYPE: ALLOW
    MASK: ALLOW_ALL

prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.

Furthermore a non-canonical ACL containing:

[0] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: READ_DATA

[1] SID: S-1-3-4
    TYPE: DENY
    MASK: READ_DATA

[2] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: WRITE_DATA

prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-12-10 06:24:11 +01:00
Volker Lendecke
a5902383e3 lib: Make dom_sid_parse_endp init "endp" on all "ok" paths
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-06 20:24:22 +01:00
Moritz Beller
caff67082a libcli: Remove code clone
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373
Signed-off-by: Moritz Beller <moritzbeller@gmx.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
2016-10-13 18:13:45 +02:00
Steve French
cad43f2cd4 lib: Annotate well known SID names
Add Samba specific well known SIDs for
Unix UID and GID owner.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-09-29 08:02:18 +02:00
Stefan Metzmacher
837e617632 libcli/security: implement SECURITY_GUEST
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Noel Power
c4cd56c484 libcli: Fix debug message, print sid string for new_ace trustee.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-16 00:55:23 +01:00
Günther Deschner
cf163ac359 security: Add Asserted Identity sids (S-1-18)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677

definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-15 22:19:07 +01:00
Volker Lendecke
de421d8826 lib: Remove unused sid_blob_parse
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-26 21:41:12 +02:00
Volker Lendecke
4a442e2eb7 lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-26 21:41:12 +02:00
Volker Lendecke
796c77d43d lib: Use dom_sid_equal where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-08-20 12:49:22 +02:00
Volker Lendecke
5d141a32f3 lib: Remove some unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-08-14 07:46:12 +02:00
Volker Lendecke
f0f23d6a92 lib: Remove some unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-08-14 07:46:12 +02:00
Jeremy Allison
688aae8bac s4: Fix bad review I did in dom_sid_parse_length() code.
Volker, apologies for the mistake.

Spotted by Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
2015-04-29 08:20:23 +02:00
Volker Lendecke
b2c34d45c0 lib: Simplify dom_sid_parse_length
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-28 18:11:13 +02:00
Stefan Metzmacher
2dcef48f24 libcli/security: add security_descriptor_for_client() helper function
This prepares a possibly stripped security descriptor for a client.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
77f0763c84 libcli/security: support "IS" in SDDL for SID_NT_IUSR
TODO: we should import the whole lists from [MS-DTYP].

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Volker Lendecke
bd6bc30693 Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-02-26 15:58:05 +01:00
Ralph Boehme
2ab6b43da6 libcli/security: add a function that checks for MS NFS ACEs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04 22:11:08 +01:00
Ralph Boehme
549ee51674 libcli/security: add NFS SID mappings
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-12-04 22:11:08 +01:00
Stefan Metzmacher
5cbda7e248 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
2014-08-22 02:52:50 +02:00
Volker Lendecke
f4e358bc8b libcli: Add a NULL check in dom_sid_string
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
2014-06-10 21:46:15 +02:00
David Disseldorp
96c7e9b08d libcli/security: remove sec_ace_equal
This function is a duplicate of security_ace_equal(), and is no longer
used.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
2014-05-29 03:34:38 +02:00
David Disseldorp
7226a8920d secdesc: use security_ace_equal instead of sec_ace_equal
Both offer the same functionality, sec_ace_equal() will be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
4de94ad8fd libcli/security: cleanup security_ace_equal()
This change cleans up the white-space damage, and converts the single
line if-then statements to match Samba's coding conventions.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
f1a96f8582 libcli/security: remove unused sec_ace_del_sid()
With sec_desc_del_sid() now gone, this can also be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
8a2599a349 libcli/security: remove unused sec_desc_del_sid()
The function is unused, and shares mostly the same behaviour as
security_descriptor_acl_del().

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
f0bc0ac893 libcli/security: remove dup_sec_acl()
With make_sec_desc() converted to use security_acl_dup(), which offers
the same behaviour, this function is no longer needed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
256aa9b20b libcli/security: clean up and fix make_sec_desc
It currently leaks memory onto the provided talloc context on error, fix
this.

Use X_acl_dup() functions provided by secuity_descriptor.c, rather than
the redundant secdesc.c calls. Also, use the IDL generated functions to
calculate the security descriptor structure size.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
58b8c87d0f libcli/secdesc: remove dup_sec_desc()
With all callers converted to use security_descriptor_copy(), this
function can be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
23a95931d3 libcli/secdesc: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
e3e01de345 libcli/sd: remove redundant sec_ace_add_sid()
This function adds a new allow-type ACE to an existing ACE list. With
the removal of sec_desc_add_sid(), this is no longer used internally.

The same behaviour can be achieved via the much cleaner
security_ace_create() function.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
d735a4a9be libcli/sd: remove redundant sec_desc_add_sid()
This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
Volker Lendecke
e72d8b7acc libcli: Simplify desc_ace_has_generic()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27 17:32:12 +02:00
Volker Lendecke
6218e5cbfe libcli: Simplify desc_expand_generic()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27 17:32:12 +02:00
Volker Lendecke
8bb5107d41 libcli: Avoid an explicit memset call
On x86 with -O3, this saves surprising 160 bytes .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27 17:32:12 +02:00
Volker Lendecke
af83a15887 libcli: Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27 17:32:12 +02:00
Volker Lendecke
80ef004721 libcli: Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-05-27 17:32:12 +02:00
Volker Lendecke
f52690dc68 libcli: Fix a memleak
struct security_ace has a struct dom_sid, not a pointer to it. So we don't have
to talloc it first and then not free it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 27 12:54:55 CEST 2014 on sn-devel-104
2014-05-27 12:54:55 +02:00
Stefan Metzmacher
d99c0bb1fb libcli/security: s/remove/remove_ace/
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 09:03:42 +02:00
Volker Lendecke
eaf807c361 secacl: Slightly simplify make_sec_acl
This avoids a complex if-expression

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 14 00:10:21 CET 2013 on sn-devel-104
2013-12-14 00:10:21 +01:00
Volker Lendecke
4ec65713fe secacl: Fix a memleak in an error path
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-13 12:45:57 -08:00
Volker Lendecke
b6e323bcf6 secacl: Don't use talloc_zero
We initialize all but one field anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-13 12:45:57 -08:00
Volker Lendecke
2b113599f8 secacl: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-13 12:45:57 -08:00
Nadezhda Ivanova
daefca2a1a s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds
Restore and backup privileges are not relevant to ldap
access checks, and the TakeOwnership privilege should
grant write_owner right

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-25 09:45:57 +13:00
Andreas Schneider
0ede70c51a libcli: Add security_token_system_privilege().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-08-06 14:41:58 +02:00
Jeff Layton
edd3302ad4 libcli: fix conversion logic in dom_sid_string_buf
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31 15:16:11 -07:00
Jeff Layton
34d3639305 libcli: fix conversion logic in dom_sid_parse_endp
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31 15:16:08 -07:00
Richard Sharpe
50e0060091 Add a comment about why we are removing the INHERITED bit so people understand.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  2 20:05:13 CEST 2013 on sn-devel-104
2013-04-02 20:05:13 +02:00
Richard Sharpe
7fd926fcdc Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 28 19:43:41 CET 2013 on sn-devel-104
2013-03-28 19:43:41 +01:00
Richard Sharpe
3e5acc155b Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while W2K08 does not.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
2013-02-23 19:28:15 +01:00
Stefan Metzmacher
2413962d53 libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27 20:14:20 +11:00
Matthieu Patou
b1e231384a libcli-acl: add documentation
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22 21:14:05 +11:00
Matthieu Patou
7822952a11 security: Add documentation
Names seems to be a bit cryptic and misleading (at least for me).
So documenting them should remove at least partially this problem.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 22:31:20 +01:00
Matthieu Patou
c0638dae6c libcli-security: Add documentation for object_tree_modify_access
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 22:31:20 +01:00
Andrew Bartlett
d36c03056f libcli/security: remove useless if (root->num_of_children > 0) statements
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++)

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
853ecd418a libcli/security: add init_mask to existing children in insert_in_object_tree
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Andrew Bartlett
5b4e3de2bb libcli/security: handle node initialisation in one spot in insert_in_object_tree()
This removes special-case for initalising the children array in
insert_in_object_tree().  talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.

This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.

To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
a359aef083 libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
a3fffde368 libcli/security: simplify get_ace_object_type()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
b0f731fc3b libcli/security: fix formating in access_check.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
10a90ce842 libcli/security: fix whitespaces in access_check.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
629ce2a1ba libcli/security: don't look at the inherited type in get_ace_object_type()
The inherited_type is only used to decide if aces should be inherited
effectively or not (INHERIT_ONLY) for the specified object.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17 00:22:32 -08:00
Andrew Bartlett
b26668c606 libcli/security: Ensure to fill in remaining_access for the initial case (bug #9554 - CVE-2013-0172)
It is critically important that we initialise this element as otherwise
all access is permitted.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a75805490d)
2013-01-15 12:14:25 +01:00
Stefan Metzmacher
d20c46a520 libcli/security: calculate the correct inherited_object GUID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:49:48 +01:00
Stefan Metzmacher
75729e6703 libcli/security: implement object_in_list()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:45:54 +01:00
Stefan Metzmacher
cf60338ada libcli/security: remove duplicate aces in se_create_child_secdesc()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02 22:42:20 +01:00
Jeremy Allison
2b89e1a20a Factor out privilege checking code into se_file_access_check() which takes a bool priv_open_requested parameter. 2012-08-31 20:29:13 -07:00
Jeremy Allison
cf29863c69 Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
2012-08-30 10:08:50 -07:00
Björn Jacke
13f8674a15 build: rename security → samba-security
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-08-10 14:22:20 +02:00