1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/libcli/security
Douglas Bagnall b621c59f64 libcli/sec/sddl decode: allow hex numbers in SIDs
These occur canonically when the indentifier authority is > 2^32, but
also are accepted by Windows for any number.

There is a tricky case with an "O:" or "G:" SID that is immediately
followed by a "D:" dacl, because the "D" looks like a hex digit. When
we detect this we need to subtract one from the length.

We also need to do look out for trailing garbage. This was not an
issue before because any string caught by the strspn(...,
"-0123456789") would be either rejected or fully comsumed by
dom_sid_parse_talloc(), but with hex digits, a string like
"S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and
the "x0xabcxxx-X" would be skipped over. That's why we switch to using
dom_sid_parse_endp(), so we can compare the consumed length to the
expected length.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
..
access_check.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
access_check.h CVE-2023-0614 libcli/security: Make some parameters const 2023-04-05 02:10:34 +00:00
create_descriptor.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
display_sec.c libcli/security: Avoid includes.h 2023-03-09 18:10:33 +00:00
display_sec.h
dom_sid.c libcli/security/dom_sid: use (unsigned char) in isdigit() 2023-04-28 02:15:36 +00:00
dom_sid.h libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix 2023-03-31 08:29:32 +00:00
object_tree.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
privileges_private.h
privileges.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
privileges.h libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
pysecurity.c Fix clang 9 missing-field-initializer warnings 2020-05-08 09:31:31 +00:00
sddl.c libcli/sec/sddl decode: allow hex numbers in SIDs 2023-04-28 02:15:36 +00:00
sddl.h libcli security/sddl: Make sddl_encode_ace visible 2022-09-27 16:46:35 +00:00
secace.c libcli/security: Avoid includes.h 2023-03-09 18:10:33 +00:00
secace.h lib: Remove some unused code 2015-08-14 07:46:12 +02:00
secacl.c libcli/security: Avoid includes.h 2023-03-09 18:10:33 +00:00
secacl.h libcli: make_sec_acl() copies the ace_list, make that const 2021-01-22 19:54:38 +00:00
secdesc.c lib: Remove a talloc_stackframe() 2023-03-09 18:10:33 +00:00
secdesc.h libcli/security: Remove unused dup_sec_desc_buf() 2019-05-22 05:59:14 +00:00
security_descriptor.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
security_descriptor.h libcli/security: add security_descriptor_[s|d]acl_insert() helpers 2023-03-22 15:01:32 +00:00
security_token.c libcli/security: Avoid includes.h 2023-03-09 18:10:33 +00:00
security_token.h lib: librpc/gen_ndr/security.h needs DATA_BLOB 2023-03-09 18:10:33 +00:00
security.h libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
session.c libcli/security: Avoid includes.h 2023-03-09 18:10:33 +00:00
session.h libcli/security: implement SECURITY_GUEST 2016-04-28 16:51:17 +02:00
util_sid.c libcli:security: Fix code spelling 2023-04-27 14:25:38 +00:00
wscript_build build: Remove bld.gen_python_environments() 2019-03-21 04:06:14 +00:00