samba.git/libcli/security, branch talloc-2.2.0 Unnamed repository; edit this file 'description' to name the repository. build: Remove bld.gen_python_environments() 2019-03-21T04:06:14+00:00 Andrew Bartlett abartlet@samba.org 2019-02-15T03:37:48+00:00 fdb6305c861a088f797d29889c51c0553cc048be This was part of --extra-python support. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> 
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
lib: Remove "struct sid_parse_ret" again 2019-03-12T00:42:19+00:00 Volker Lendecke vl@samba.org 2019-03-11T16:11:06+00:00 d7de2f77485bf623f8ca0edc5c0fb823ed9bc1e2 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib: Make sid_parse return the parsed length 2019-03-12T00:42:19+00:00 Volker Lendecke vl@samba.org 2019-03-11T15:55:57+00:00 e18610a197aab80a32cae8c1e09b96496679bbad Use a temporary struct as a return value to make the compiler catch all callers. If we just changed bool->ssize_t, this would just generate a warning. struct sid_parse_ret will go away in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Use a temporary struct as a return value to make the compiler catch all
callers. If we just changed bool->ssize_t, this would just generate a
warning. struct sid_parse_ret will go away in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: fix handling of deny type ACEs in access_check_max_allowed() 2019-03-04T18:11:16+00:00 Ralph Boehme slow@samba.org 2019-03-01T17:57:23+00:00 8d355dd9769e8990ce998b4c9f28977669b43616 Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/security: correct access check and maximum access calculation for Owner Rights ACEs 2019-03-04T18:11:16+00:00 Ralph Boehme slow@samba.org 2019-03-01T17:20:35+00:00 9722f75757c0e38c7f42c7cc310d56aa6eaf6392 We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.

We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:

-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
   IF DACL does not contain ACEs from object owner THEN
       Remove READ_CONTROL and WRITE_DAC from RemainingAccess
       Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
   END IF
END IF

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli: Use wrapper for string to integer conversion 2019-03-01T00:32:11+00:00 Swen Schillig swen@linux.ibm.com 2019-01-30T07:39:15+00:00 58e2c1534429c05adb0cf5957d281dca0286fc13 In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/security: add "Owner Rights" calculation to access_check_max_allowed() 2019-02-28T19:18:16+00:00 Ralph Boehme slow@samba.org 2019-02-27T17:07:03+00:00 5cf0764bc4b65dbc59d8626760dbe946a2234833 This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144 
This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144
sddl: Use C99 initializer for sid_codes 2019-01-28T09:29:23+00:00 Andreas Schneider asn@samba.org 2018-12-12T20:18:32+00:00 99c2a24eb8bc39f4b33bfc097efd04bc11b77eb7 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
libcli:security: Return early if there are no aces to duplicate 2018-12-12T21:18:52+00:00 Andreas Schneider asn@samba.org 2018-12-12T09:21:25+00:00 9c507e98f03eabe59df774a9a5f51411fc23d4e5 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 12 22:18:52 CET 2018 on sn-devel-144 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 12 22:18:52 CET 2018 on sn-devel-144
libcli:security: Do not duplicate invalid aces 2018-12-12T17:34:11+00:00 Andreas Schneider asn@samba.org 2018-12-12T09:08:53+00:00 e7a8e4e6433bf26f6eac46e6a5f65f421a8981bb Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>