samba.git/libcli/security/secace.c, branch master Unnamed repository; edit this file 'description' to name the repository. libcli/security: Remove unused macro 2023-09-27T02:43:28+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-19T02:28:13+00:00 21f765c1b97fdebb9342d74d2089d7bdabf3a393 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: callback object aces are object aces 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-06-03T23:43:57+00:00 498c41101732bd0dd8c15952327798bcc6e236a5 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: use tabs in sec_ace_object() 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-06-03T23:43:13+00:00 762646b5aaaa0e4b916cd5df6bd133d69772a8f5 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: helper to find ACEs with meaningful codas 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-08-23T00:47:53+00:00 e81e98c485479f4558c53cc0b7c9f2e31d6b1c67 Only Resource Attribute ACEs and Conditional ACEs are expected to have trailing data. Others sometimes might, but we don't care what it is. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Only Resource Attribute ACEs and Conditional ACEs are expected to have
trailing data. Others sometimes might, but we don't care what it is.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: helper to find resource attribute ACEs 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-08-23T00:44:26+00:00 41e1b6957ae3aee07fa3abc18237d353bafb92e5 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: helper to find callback/conditional aces 2023-09-26T23:45:35+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2022-12-08T22:42:38+00:00 617cfa0e96539d2188b69f14c38246d7ad267c30 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: rm unused sec_ace_copy() 2023-08-24T02:53:31+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-08-18T04:04:51+00:00 909a2af9548fe47305fa32c82d564e7cc3175271 Unused since 2014. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Unused since 2014.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc/security.idl: adjust size calculations for upcoming ace types 2023-08-24T02:53:31+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-07-13T09:31:50+00:00 c73034cf7c4392f5d3505319948bc84634c20fa5 Soon we will get Conditional ACEs and Resource Attribute ACES, each of which have trailing bytes at the end of the ACE. Here's a diagram: ____ The ACE size field may indicate a size bigger .type / | than the known parts, even when you take .flags / | rounding to a multiple of four into account. .size --' | This extra data is meaningful in some ACEs. .access_mask | .trustee (sid) _| <- known data ends here. : "coda" ___: <- the trailing part, Zero size unless the size field points beyond the end of the known data. Probably empty for ordinary ACE types. Until now we have thrown away these extra bytes, because they have no meaning in the ACE types we recognise. But with conditional and resource attribute ACEs we need to catch and process these bytes, so we add an extra field for that. Thus we can drop the manually written ndr_pull_security_ace() that discarded the trailing bytes, because we just allow it to be pulled into an unused blob. In the very common case, the blob will be empty. Microsoft does not use a common name across different ACE types to describe this end-data -- "coda" is a Samba term. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Soon we will get Conditional ACEs and Resource Attribute ACES, each of
which have trailing bytes at the end of the ACE. Here's a diagram:

              ____      The ACE size field may indicate a size bigger
  .type      /    |     than the known parts, even when you take
  .flags    /     |     rounding to a multiple of four into account.
  .size  --'      |     This extra data is meaningful in some ACEs.
  .access_mask    |
  .trustee (sid) _|  <- known data ends here.
                  :
   "coda"      ___:  <- the trailing part, Zero size unless the size
                        field points beyond the end of the known data.
			Probably empty for ordinary ACE types.

Until now we have thrown away these extra bytes, because they have no
meaning in the ACE types we recognise. But with conditional and
resource attribute ACEs we need to catch and process these bytes, so
we add an extra field for that.

Thus we can drop the manually written ndr_pull_security_ace() that
discarded the trailing bytes, because we just allow it to be pulled
into an unused blob. In the very common case, the blob will be empty.

Microsoft does not use a common name across different ACE types to
describe this end-data -- "coda" is a Samba term.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: Avoid includes.h 2023-03-09T18:10:33+00:00 Volker Lendecke vl@samba.org 2023-03-03T17:41:33+00:00 d76ec8519e06c838ba76c3f56425e6d4bf62866f Don't rebuild libcli/security when not necessary Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Don't rebuild libcli/security when not necessary

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib: Fix whitespace 2023-03-09T18:10:33+00:00 Volker Lendecke vl@samba.org 2023-03-03T17:48:25+00:00 2ac2c055614c0aaa63b6c80a12d950d8e5d0cbf0 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>