samba.git/libcli/security, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h 2024-01-09T10:21:34+00:00 Stefan Metzmacher metze@samba.org 2023-12-28T09:18:51+00:00 f94d2ed13e6aa54e7e4e4cc292c565de1711a2a9 These and more are also defined in security_token.h, which is later included from security.h anyway. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
These and more are also defined in security_token.h, which is later included
from security.h anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
libcli/security: sddl conditional ACE: write -0 when asked 2023-12-21T23:48:46+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-20T00:40:15+00:00 21853b01e65f8b79bdf478d4fe470dcb1639cc48 Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: rearrange conditional ACE sddl_write_int 2023-12-21T23:48:46+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-20T00:38:53+00:00 8f0c91f3a833b24c27e63721ca15838c92a1cea4 REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: tests for signed zeros in sddl condtional ACEs 2023-12-21T23:48:46+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-20T00:37:29+00:00 46f61570714fffe43f5328cd46e1d1848a4d5daa REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T23:50:31+00:00 25f8e5079315b97279dd7d174aeb98241c3d8b5a Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: allow round-trip for conditional ACE hex integers 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T04:24:50+00:00 66f341e5c3975c549b51a6ce4b82fbe02fb0a71d As with the previous commit, though not addressing the particular fuzz case, zero hex numbers need to be explicitly written as "0x0", or the round-trip will fail. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: allow round-trip for conditional ACE octal integers 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T04:20:38+00:00 d33ed63147930377697535066fa96b9b4965ea41 The string "00" will decode into an integer tagged as octal, but `snprintf("%#oll")` will write the string "0", which would decode as decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would not be the same as SD2. The effect is really only relevant to SDDL, which wants to remember what base the numbers were presented in, though the fuzzers and tests don't directly compare SDDL, which can have extra spaces and so forth. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The string "00" will decode into an integer tagged as octal, but
`snprintf("%#oll")` will write the string "0", which would decode as
decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would
not be the same as SD2.

The effect is really only relevant to SDDL, which wants to remember
what base the numbers were presented in, though the fuzzers and tests
don't directly compare SDDL, which can have extra spaces and so forth.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: tests for conditional ACE integer base persistence 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T22:56:19+00:00 bbe217604bd304454ae07fa817a50ef6d220e200 Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: fix tests for SDDL conditional ACE round-trip 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T23:27:08+00:00 b247a11e62edce02622ad5996a9791987c362127 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security: clarify tests for SDDL round trips 2023-12-14T03:31:37+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2023-12-13T22:56:19+00:00 db6b06578b6784b4d09c1d8e70015f0ab72303a6 The `failed = failed || ok` did the same thing, obscurely. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The `failed = failed || ok` did the same thing, obscurely.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>