| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
An 'Object Access Allowed' ACE that assigned 'Control Access' (CR)
rights to a specific attribute would not actually grant access.
What was happening was the remaining_access mask for the object_tree
nodes would be Read Property (RP) + Control Access (CR). The ACE mapped
to the schemaIDGUID for a given attribute, which would end up being a
child node in the tree. So the CR bit was cleared for a child node, but
not the rest of the tree. We would then check the user had the RP access
right, which it did. However, the RP right was cleared for another node
in the tree, which still had the CR bit set in its remaining_access
bitmap, so Samba would not grant access.
Generally, the remaining_access only ever has one bit set, which means
this isn't a problem normally. However, in the Control Access case there
are 2 separate bits being checked, i.e. RP + CR.
One option to fix this problem would be to clear the remaining_access
for the tree instead of just the node. However, the Windows spec is
actually pretty clear on this: if the ACE has a CR right present, then
you can stop any further access checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
|
|
Reading the spec and then reading the code makes sense, but we could
comment the code more so it makes sense on its own.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
|
|
function
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.
This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
|
|
there without 'Authenticated User'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f564847c8e9d31fe07dd3cbf435986b36f097fa3)
|
|
This message shows up a lot at level 6 for no particularly good reason
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 544084d4a2e19958982e6003b1b1290315099b34)
|
|
Ensure the SID has exactly one component more then the domain SID, eg
Domain SID: S-1-5-21-1-2-3
SID: S-1-5-21-1-2-3-4
This will return true. If the SID has more components, eg
SID: S-1-5-21-1-2-3-4-5, or
SID: S-1-5-21-1-2-3-4-5-6-7-8
dom_sid_in_domain() must return false.
This was verified against Windows:
lsa_LookupSids: struct lsa_LookupSids
out: struct lsa_LookupSids
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000002 (2)
domains : *
domains: ARRAY(2)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'BUILTIN'
sid : *
sid : S-1-5-32
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'W4EDOM-L4'
sid : *
sid : S-1-5-21-278041429-3399921908-1452754838
max_size : 0x00000020 (32)
names : *
names: struct lsa_TransNameArray
count : 0x00000004 (4)
names : *
names: ARRAY(4)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x001a (26)
size : 0x001a (26)
string : *
string : 'Administrator'
sid_index : 0x00000001 (1)
names: struct lsa_TranslatedName
sid_type : SID_NAME_UNKNOWN (8)
name: struct lsa_String
length : 0x005c (92)
size : 0x005e (94)
string : *
string : 'S-1-5-21-278041429-3399921908-1452754838-500-1'
sid_index : 0xffffffff (4294967295)
names: struct lsa_TranslatedName
sid_type : SID_NAME_ALIAS (4)
name: struct lsa_String
length : 0x001c (28)
size : 0x001c (28)
string : *
string : 'Administrators'
sid_index : 0x00000000 (0)
names: struct lsa_TranslatedName
sid_type : SID_NAME_UNKNOWN (8)
name: struct lsa_String
length : 0x001c (28)
size : 0x001e (30)
string : *
string : 'S-1-5-32-544-9'
sid_index : 0xffffffff (4294967295)
count : *
count : 0x00000002 (2)
result : STATUS_SOME_UNMAPPED
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
|
|
(S-1-3-4) DENY ace entries
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.
When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.
E.g. The current logic has:
An ACL containining:
[0] SID: S-1-3-4
TYPE: DENY
MASK: WRITE_DATA
[1] SID: S-1-3-4
TYPE: ALLOW
MASK: ALLOW_ALL
prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.
Furthermore a non-canonical ACL containing:
[0] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: READ_DATA
[1] SID: S-1-3-4
TYPE: DENY
MASK: READ_DATA
[2] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: WRITE_DATA
prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373
Signed-off-by: Moritz Beller <moritzbeller@gmx.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
|
|
Add Samba specific well known SIDs for
Unix UID and GID owner.
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Volker, apologies for the mistake.
Spotted by Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This prepares a possibly stripped security descriptor for a client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
TODO: we should import the whole lists from [MS-DTYP].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
get_sec_info()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
|
|
This function is a duplicate of security_ace_equal(), and is no longer
used.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
|
|
Both offer the same functionality, sec_ace_equal() will be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This change cleans up the white-space damage, and converts the single
line if-then statements to match Samba's coding conventions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
With sec_desc_del_sid() now gone, this can also be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The function is unused, and shares mostly the same behaviour as
security_descriptor_acl_del().
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
With make_sec_desc() converted to use security_acl_dup(), which offers
the same behaviour, this function is no longer needed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
It currently leaks memory onto the provided talloc context on error, fix
this.
Use X_acl_dup() functions provided by secuity_descriptor.c, rather than
the redundant secdesc.c calls. Also, use the IDL generated functions to
calculate the security descriptor structure size.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
With all callers converted to use security_descriptor_copy(), this
function can be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This function adds a new allow-type ACE to an existing ACE list. With
the removal of sec_desc_add_sid(), this is no longer used internally.
The same behaviour can be achieved via the much cleaner
security_ace_create() function.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
On x86 with -O3, this saves surprising 160 bytes .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
struct security_ace has a struct dom_sid, not a pointer to it. So we don't have
to talloc it first and then not free it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 27 12:54:55 CEST 2014 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This avoids a complex if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 14 00:10:21 CET 2013 on sn-devel-104
|
