summaryrefslogtreecommitdiff
path: root/libcli/security
Commit message (Collapse)AuthorAgeFilesLines
* libcli: Use dom_sid_str_bufVolker Lendecke2018-11-091-11/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Make dom_sid_string_buf staticVolker Lendecke2018-11-032-2/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Nov 3 00:23:31 CET 2018 on sn-devel-144
* lib: Add dom_sid_str_bufVolker Lendecke2018-11-022-0/+12
| | | | | | | | | | | | | | | This is modeled after server_id_str_buf, which as an API to me is easier to use: I can rely on the compiler to get the buffer size right. It is designed to violate README.Coding's "Make use of helper variables", but as this API is simple enough and the output should never be a surprise at all, I think that's worth it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144
* lib: Add error checks in dom_sid_string_bufVolker Lendecke2018-11-021-9/+23
| | | | | | | Also, avoid casts by using PRIxxx macros Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Avoid an "includes.h"Volker Lendecke2018-10-251-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rightsTim Beale2018-08-141-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | An 'Object Access Allowed' ACE that assigned 'Control Access' (CR) rights to a specific attribute would not actually grant access. What was happening was the remaining_access mask for the object_tree nodes would be Read Property (RP) + Control Access (CR). The ACE mapped to the schemaIDGUID for a given attribute, which would end up being a child node in the tree. So the CR bit was cleared for a child node, but not the rest of the tree. We would then check the user had the RP access right, which it did. However, the RP right was cleared for another node in the tree, which still had the CR bit set in its remaining_access bitmap, so Samba would not grant access. Generally, the remaining_access only ever has one bit set, which means this isn't a problem normally. However, in the Control Access case there are 2 separate bits being checked, i.e. RP + CR. One option to fix this problem would be to clear the remaining_access for the tree instead of just the node. However, the Windows spec is actually pretty clear on this: if the ACE has a CR right present, then you can stop any further access checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-10919 security: Add more comments to the object-specific access checksTim Beale2018-08-141-8/+22
| | | | | | | | | | | Reading the spec and then reading the code makes sense, but we could comment the code more so it makes sense on its own. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-10919 security: Move object-specific access checks into separate ↵Tim Beale2018-08-141-27/+59
| | | | | | | | | | | | | | | | | | function Object-specific access checks refer to a specific section of the MS-ADTS, and the code closely matches the spec. We need to extend this logic to properly handle the Control-Access Right (CR), so it makes sense to split the logic out into its own function. This patch just moves the code, and should not alter the logic (apart from ading in the boolean grant_access return variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli: remove unused se_create_child_secdesc_buf()Ralph Boehme2018-05-092-32/+0
| | | | | | | | | | | Commit e2c9ad93cb914186b89e2055f1bed3cceee1f768 removed the last caller of this. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed May 9 19:18:44 CEST 2018 on sn-devel-144
* libcli/security: add dom_sid_is_valid_account_domain()Stefan Metzmacher2018-03-192-0/+64
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/security: fix some SID values in commentsStefan Metzmacher2018-03-161-3/+3
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 16 19:47:15 CET 2018 on sn-devel-144
* libcli/security: only announce a session as GUEST if 'Builtin\Guests' is ↵Ralph Boehme2018-03-151-7/+11
| | | | | | | | | there without 'Authenticated User' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libcli/security: add dom_sid_lookup_predefined_{sid,name}()Stefan Metzmacher2018-02-212-0/+512
| | | | | | | | | | This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: Save a few bytes of .textVolker Lendecke2017-11-131-1/+1
| | | | | | | | Looks surprising, but this does save bytes if you look at the object with "size". Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Fix a signed/unsigned hickupVolker Lendecke2017-11-131-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: Move debug message to DBG_DEBUG()Andrew Bartlett2017-09-071-1/+1
| | | | | | | This message shows up a lot at level 6 for no particularly good reason Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python: Port samba.security to Python 3 compatible form.Lumir Balhar2017-09-062-12/+22
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/security: fix dom_sid_in_domain()Ralph Boehme2017-04-121-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure the SID has exactly one component more then the domain SID, eg Domain SID: S-1-5-21-1-2-3 SID: S-1-5-21-1-2-3-4 This will return true. If the SID has more components, eg SID: S-1-5-21-1-2-3-4-5, or SID: S-1-5-21-1-2-3-4-5-6-7-8 dom_sid_in_domain() must return false. This was verified against Windows: lsa_LookupSids: struct lsa_LookupSids out: struct lsa_LookupSids domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000002 (2) domains : * domains: ARRAY(2) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'BUILTIN' sid : * sid : S-1-5-32 domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'W4EDOM-L4' sid : * sid : S-1-5-21-278041429-3399921908-1452754838 max_size : 0x00000020 (32) names : * names: struct lsa_TransNameArray count : 0x00000004 (4) names : * names: ARRAY(4) names: struct lsa_TranslatedName sid_type : SID_NAME_USER (1) name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' sid_index : 0x00000001 (1) names: struct lsa_TranslatedName sid_type : SID_NAME_UNKNOWN (8) name: struct lsa_String length : 0x005c (92) size : 0x005e (94) string : * string : 'S-1-5-21-278041429-3399921908-1452754838-500-1' sid_index : 0xffffffff (4294967295) names: struct lsa_TranslatedName sid_type : SID_NAME_ALIAS (4) name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'Administrators' sid_index : 0x00000000 (0) names: struct lsa_TranslatedName sid_type : SID_NAME_UNKNOWN (8) name: struct lsa_String length : 0x001c (28) size : 0x001e (30) string : * string : 'S-1-5-32-544-9' sid_index : 0xffffffff (4294967295) count : * count : 0x00000002 (2) result : STATUS_SOME_UNMAPPED Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: add SID_NAME_LABEL to sid_type_lookup()Stefan Metzmacher2017-03-231-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Add an overflow checkVolker Lendecke2017-01-231-0/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Do not overwrite pointer on realloc failureVolker Lendecke2017-01-231-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Add required prerequisites for librpc/gen_ndr/security.hVolker Lendecke2016-12-281-0/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* lib: security: se_access_check() incorrectly processes owner rights ↵Jeremy Allison2016-12-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (S-1-3-4) DENY ace entries Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>. When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the code OR's in the deny access mask bits without taking into account if they were being requested in the requested access mask. E.g. The current logic has: An ACL containining: [0] SID: S-1-3-4 TYPE: DENY MASK: WRITE_DATA [1] SID: S-1-3-4 TYPE: ALLOW MASK: ALLOW_ALL prohibits an open request by the owner for READ_DATA - even though this is explicitly allowed. Furthermore a non-canonical ACL containing: [0] SID: User SID 1-5-21-something TYPE: ALLOW MASK: READ_DATA [1] SID: S-1-3-4 TYPE: DENY MASK: READ_DATA [2] SID: User SID 1-5-21-something TYPE: ALLOW MASK: WRITE_DATA prohibits an open request by the owner for READ_DATA|WRITE_DATA - even though READ_DATA is explicitly allowed in ACE no 0 and is thus already filtered out of the "access-still-needed" mask when the deny ACE no 1 is evaluated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: Make dom_sid_parse_endp init "endp" on all "ok" pathsVolker Lendecke2016-12-061-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Remove code cloneMoritz Beller2016-10-131-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373 Signed-off-by: Moritz Beller <moritzbeller@gmx.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo <simo@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
* lib: Annotate well known SID namesSteve French2016-09-291-1/+35
| | | | | | | | Add Samba specific well known SIDs for Unix UID and GID owner. Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli/security: implement SECURITY_GUESTStefan Metzmacher2016-04-284-0/+12
| | | | | | | | | | SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli: Fix debug message, print sid string for new_ace trustee.Noel Power2016-02-161-1/+1
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* security: Add Asserted Identity sids (S-1-18)Günther Deschner2016-01-152-0/+11
| | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 definitions taken from [MS-DTYP]: Windows Data Types, 2.4.2.4 Well-Known SID Structures. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Remove unused sid_blob_parseVolker Lendecke2015-08-262-15/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Make sid_parse take a uint8_tVolker Lendecke2015-08-262-2/+2
| | | | | | | | sid_parse takes a binary blob, uint8_t reflects this a bit better than char * does Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use dom_sid_equal where appropriateVolker Lendecke2015-08-201-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* lib: Remove some unused codeVolker Lendecke2015-08-142-20/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* lib: Remove some unused codeVolker Lendecke2015-08-142-24/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* s4: Fix bad review I did in dom_sid_parse_length() code.Jeremy Allison2015-04-291-1/+2
| | | | | | | | | | | | Volker, apologies for the mistake. Spotted by Andrew Bartlett <abartlet@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
* lib: Simplify dom_sid_parse_lengthVolker Lendecke2015-04-281-8/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: add security_descriptor_for_client() helper functionStefan Metzmacher2015-03-302-0/+75
| | | | | | | This prepares a possibly stripped security descriptor for a client. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli/security: support "IS" in SDDL for SID_NT_IUSRStefan Metzmacher2015-03-301-0/+1
| | | | | | | TODO: we should import the whole lists from [MS-DTYP]. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* Fix whitespaceVolker Lendecke2015-02-261-7/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: add a function that checks for MS NFS ACEsRalph Boehme2014-12-042-0/+24
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: add NFS SID mappingsRalph Boehme2014-12-042-0/+22
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in ↵Stefan Metzmacher2014-08-221-16/+20
| | | | | | | | | | | | get_sec_info() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
* libcli: Add a NULL check in dom_sid_stringVolker Lendecke2014-06-101-0/+3
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
* libcli/security: remove sec_ace_equalDavid Disseldorp2014-05-292-33/+0
| | | | | | | | | | | This function is a duplicate of security_ace_equal(), and is no longer used. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
* secdesc: use security_ace_equal instead of sec_ace_equalDavid Disseldorp2014-05-291-1/+1
| | | | | | | Both offer the same functionality, sec_ace_equal() will be removed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: cleanup security_ace_equal()David Disseldorp2014-05-291-8/+20
| | | | | | | | This change cleans up the white-space damage, and converts the single line if-then statements to match Samba's coding conventions. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: remove unused sec_ace_del_sid()David Disseldorp2014-05-292-33/+0
| | | | | | | With sec_desc_del_sid() now gone, this can also be removed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: remove unused sec_desc_del_sid()David Disseldorp2014-05-292-37/+0
| | | | | | | | The function is unused, and shares mostly the same behaviour as security_descriptor_acl_del(). Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: remove dup_sec_acl()David Disseldorp2014-05-292-13/+0
| | | | | | | | With make_sec_desc() converted to use security_acl_dup(), which offers the same behaviour, this function is no longer needed. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: clean up and fix make_sec_descDavid Disseldorp2014-05-291-48/+29
| | | | | | | | | | | | It currently leaks memory onto the provided talloc context on error, fix this. Use X_acl_dup() functions provided by secuity_descriptor.c, rather than the redundant secdesc.c calls. Also, use the IDL generated functions to calculate the security descriptor structure size. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status