From 1bdbb4e6012307b366c064554361c59f27b1ae7e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 8 Jun 2000 08:41:28 +0000 Subject: added se_access_check. (This used to be commit 6de329f6bf9c26e132869cf43d4976d4881e285c) --- source3/lib/util_seaccess.c | 279 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 279 insertions(+) create mode 100644 source3/lib/util_seaccess.c (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c new file mode 100644 index 0000000000..028b876fa7 --- /dev/null +++ b/source3/lib/util_seaccess.c @@ -0,0 +1,279 @@ +/* + Unix SMB/Netbios implementation. + Version 2.0 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "nterr.h" +#include "sids.h" + +extern int DEBUGLEVEL; + +static uint32 acegrant(uint32 mask, uint32 *acc_req, uint32 *acc_grant, uint32 *acc_deny) +{ + /* maximum allowed: grant what's in the ace */ + if ((*acc_req) == SEC_RIGHTS_MAXIMUM_ALLOWED) + { + (*acc_grant) |= mask & ~(*acc_deny); + } + else + { + (*acc_grant) |= (*acc_req) & mask; + (*acc_req) &= ~(*acc_grant); + } + if ((*acc_req) == 0x0) + { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_NOPROBLEMO; +} + +static uint32 acedeny(uint32 mask, uint32 *acc_req, uint32 *acc_grant, uint32 *acc_deny) +{ + /* maximum allowed: grant what's in the ace */ + if ((*acc_req) == SEC_RIGHTS_MAXIMUM_ALLOWED) + { + (*acc_deny) |= mask & ~(*acc_grant); + } + else + { + if ((*acc_req) & mask) + { + return NT_STATUS_ACCESS_DENIED; + } +#if 0 + (*acc_deny) |= (*acc_req) & mask; + (*acc_req) &= ~(*acc_deny); +#endif + } + if ((*acc_req) == 0x0) + { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_NOPROBLEMO; +} + +static BOOL check_ace(const SEC_ACE *ace, BOOL is_owner, + const DOM_SID *sid, + uint32 *acc_req, + uint32 *acc_grant, + uint32 *acc_deny, + uint32 *status) +{ + uint32 mask = ace->info.mask; + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) + { + /* inherit only is ignored */ + return False; + } + + /* only owner allowed write-owner rights */ + if (!is_owner) + { + mask &= (~SEC_RIGHTS_WRITE_OWNER); + } + + switch (ace->type) + { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + { + /* everyone - or us */ + if (sid_equal(&ace->sid, global_sid_everyone) || + sid_equal(&ace->sid, sid)) + { + (*status) = acegrant(mask, acc_req, acc_grant, acc_deny); + if ((*status) != NT_STATUS_NOPROBLEMO) + { + return True; + } + + } + break; + } + case SEC_ACE_TYPE_ACCESS_DENIED: + { + /* everyone - or us */ + if (sid_equal(&ace->sid, global_sid_everyone) || + sid_equal(&ace->sid, sid)) + { + (*status) = acedeny(mask, acc_req, acc_grant, acc_deny); + if ((*status) != NT_STATUS_NOPROBLEMO) + { + return True; + } + } + break; + } + case SEC_ACE_TYPE_SYSTEM_AUDIT: + { + (*status) = NT_STATUS_NOT_IMPLEMENTED; + return True; + } + case SEC_ACE_TYPE_SYSTEM_ALARM: + { + (*status) = NT_STATUS_NOT_IMPLEMENTED; + return True; + } + default: + { + (*status) = NT_STATUS_INVALID_PARAMETER; + return True; + } + } + return False; +} + +/*********************************************************************** + checks access_requested rights of user against sd. returns access granted + and a status code if the grant succeeded, error message if it failed. + + the previously_granted access rights requires some explanation: if you + open a policy handle with a set of permissions, you cannot then perform + operations that require more privileges than those requested. pass in + the [previously granted] permissions from the open_policy_hnd call as + prev_grant_acc, and this function will do the checking for you. + ***********************************************************************/ +BOOL se_access_check(const SEC_DESC * sd, const NET_USER_INFO_3 * user, + uint32 acc_req, uint32 prev_grant_acc, + uint32 * acc_grant, + uint32 * status) +{ + int num_aces; + int num_groups; + DOM_SID usr_sid; + DOM_SID grp_sid; + DOM_SID **grp_sids = NULL; + uint32 ngrp_sids = 0; + BOOL is_owner; + BOOL is_system; + const SEC_ACL *acl = NULL; + uint32 grnt; + uint32 deny; + + if (status == NULL) + { + return False; + } + + (*status) = NT_STATUS_ACCESS_DENIED; + + if (prev_grant_acc == SEC_RIGHTS_MAXIMUM_ALLOWED) + { + prev_grant_acc = 0xffffffff; + } + + /* cannot request any more than previously requested access */ + acc_req &= prev_grant_acc; + + if (acc_req == 0x0) + { + goto end; + } + + /* we must know the owner sid */ + if (sd->owner_sid == NULL) + { + goto end; + } + + (*status) = NT_STATUS_NOPROBLEMO; + + /* create group sid */ + sid_copy(&grp_sid, &user->dom_sid.sid); + sid_append_rid(&grp_sid, user->group_id); + + /* create user sid */ + sid_copy(&usr_sid, &user->dom_sid.sid); + sid_append_rid(&usr_sid, user->user_id); + + /* preparation: check owner sid, create array of group sids */ + is_owner = sid_equal(&usr_sid, sd->owner_sid); + add_sid_to_array(&ngrp_sids, &grp_sids, &grp_sid); + + for (num_groups = 0; num_groups < user->num_groups; num_groups++) + { + sid_copy(&grp_sid, &user->dom_sid.sid); + sid_append_rid(&grp_sid, user->gids[num_groups].g_rid); + add_sid_to_array(&ngrp_sids, &grp_sids, &grp_sid); + } + +#ifdef SAMBA_MAIN_DOES_NOT_HAVE_GLOBAL_SID_SYSTEM + /* check for system acl or user (discretionary) acl */ + is_system = sid_equal(&usr_sid, global_sid_system); + if (is_system) + { + acl = sd->sacl; + } + else +#endif + { + acl = sd->dacl; + } + + /* acl must have something in it */ + if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) + { + goto end; + } + + /* + * OK! we have an ACE, it has at least one thing in it, + * we have a user sid, we have an array of group sids. + * let's go! + */ + + deny = 0; + grnt = 0; + + /* check each ace */ + for (num_aces = 0; num_aces < acl->num_aces; num_aces++) + { + const SEC_ACE *ace = &acl->ace[num_aces]; + + /* first check the user sid */ + if (check_ace(ace, is_owner, &usr_sid, &acc_req, + &grnt, &deny, status)) + { + goto end; + } + /* now check the group sids */ + for (num_groups = 0; num_groups < ngrp_sids; num_groups++) + { + if (check_ace(ace, False, grp_sids[num_groups], + &acc_req, &grnt, &deny, status)) + { + goto end; + } + } + } + + if (grnt == 0x0 && (*status) == NT_STATUS_NOPROBLEMO) + { + (*status) = NT_STATUS_ACCESS_DENIED; + } + else if (acc_grant != NULL) + { + (*acc_grant) = grnt; + } + +end: + free_sid_array(ngrp_sids, grp_sids); + return (*status) != NT_STATUS_NOPROBLEMO; +} + -- cgit From cfc7266a7b5e3cb0170b48d121677434c7443c3d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 6 Jul 2000 06:57:22 +0000 Subject: Rewrite of se_access_check() function. Added comments and fixed a bunch of bugs. I think there is a problem though with the permissions granted when SEC_RIGHTS_MAXIMUM_ALLOWED is passed as the permissions requested. (This used to be commit 27d821913c87dddd44a0690f4b191c9d2445817e) --- source3/lib/util_seaccess.c | 476 ++++++++++++++++++++++++++------------------ 1 file changed, 287 insertions(+), 189 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 028b876fa7..f9cfcb835b 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -2,6 +2,7 @@ Unix SMB/Netbios implementation. Version 2.0 Copyright (C) Luke Kenneth Casson Leighton 1996-2000. + Copyright (C) Tim Potter 2000. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,256 +25,353 @@ extern int DEBUGLEVEL; -static uint32 acegrant(uint32 mask, uint32 *acc_req, uint32 *acc_grant, uint32 *acc_deny) +/* Call winbindd to convert uid to sid */ + +BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid) { - /* maximum allowed: grant what's in the ace */ - if ((*acc_req) == SEC_RIGHTS_MAXIMUM_ALLOWED) - { - (*acc_grant) |= mask & ~(*acc_deny); - } - else - { - (*acc_grant) |= (*acc_req) & mask; - (*acc_req) &= ~(*acc_grant); + struct winbindd_request request; + struct winbindd_response response; + int result; + + if (!sid) return False; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.uid = uid; + + /* Make request */ + + result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response); + + /* Copy out result */ + + if (result == NSS_STATUS_SUCCESS) { + string_to_sid(sid, response.data.sid.sid); + } else { + sid_copy(sid, &global_sid_NULL); } - if ((*acc_req) == 0x0) - { - return NT_STATUS_ACCESS_DENIED; + + return (result == NSS_STATUS_SUCCESS); +} + +/* Call winbindd to convert uid to sid */ + +BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + int result; + + if (!sid) return False; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.gid = gid; + + /* Make request */ + + result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response); + + /* Copy out result */ + + if (result == NSS_STATUS_SUCCESS) { + string_to_sid(sid, response.data.sid.sid); + } else { + sid_copy(sid, &global_sid_NULL); } - return NT_STATUS_NOPROBLEMO; + + return (result == NSS_STATUS_SUCCESS); } -static uint32 acedeny(uint32 mask, uint32 *acc_req, uint32 *acc_grant, uint32 *acc_deny) +/* Process an access allowed ACE */ + +static BOOL ace_grant(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) { - /* maximum allowed: grant what's in the ace */ - if ((*acc_req) == SEC_RIGHTS_MAXIMUM_ALLOWED) - { - (*acc_deny) |= mask & ~(*acc_grant); + uint32 matches; + + /* If there are any matches in the ACE mask and desired access, + turn them off in the desired access and on in the granted + mask. */ + + if (*acc_desired == SEC_RIGHTS_MAXIMUM_ALLOWED) { + matches = mask; + *acc_desired = mask; + } else { + matches = mask & *acc_desired; } - else - { - if ((*acc_req) & mask) - { - return NT_STATUS_ACCESS_DENIED; - } -#if 0 - (*acc_deny) |= (*acc_req) & mask; - (*acc_req) &= ~(*acc_deny); -#endif + + if (matches) { + *acc_desired = *acc_desired & ~matches; + *acc_granted = *acc_granted | matches; } - if ((*acc_req) == 0x0) - { - return NT_STATUS_ACCESS_DENIED; + + return *acc_desired == 0; +} + +/* Process an access denied ACE */ + +static BOOL ace_deny(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) +{ + uint32 matches; + + /* If there are any matches in the ACE mask and the desired access, + all bits are turned off in the desired and granted mask. */ + + if (*acc_desired == SEC_RIGHTS_MAXIMUM_ALLOWED) { + matches = mask; + } else { + matches = mask & *acc_desired; + } + + if (matches) { + *acc_desired = *acc_granted = 0; } - return NT_STATUS_NOPROBLEMO; + + return *acc_desired == 0; } -static BOOL check_ace(const SEC_ACE *ace, BOOL is_owner, - const DOM_SID *sid, - uint32 *acc_req, - uint32 *acc_grant, - uint32 *acc_deny, - uint32 *status) +/* Check an ACE against a SID. We return true if the ACE clears all the + permission bits in the access desired mask. This indicates that we have + make a decision to deny or allow access and the status is updated + accordingly. */ + +static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, + uint32 *acc_desired, uint32 *acc_granted, + uint32 *status) { uint32 mask = ace->info.mask; - if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) - { - /* inherit only is ignored */ + /* Inherit only is ignored */ + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { return False; } - /* only owner allowed write-owner rights */ - if (!is_owner) - { + /* Only owner allowed write-owner rights */ + + if (!is_owner) { mask &= (~SEC_RIGHTS_WRITE_OWNER); } - switch (ace->type) - { - case SEC_ACE_TYPE_ACCESS_ALLOWED: - { - /* everyone - or us */ + /* Check the ACE value. This updates the access_desired and + access_granted values appropriately. */ + + switch (ace->type) { + + /* Access allowed ACE */ + + case SEC_ACE_TYPE_ACCESS_ALLOWED: { + + /* Everyone - or us */ + if (sid_equal(&ace->sid, global_sid_everyone) || - sid_equal(&ace->sid, sid)) - { - (*status) = acegrant(mask, acc_req, acc_grant, acc_deny); - if ((*status) != NT_STATUS_NOPROBLEMO) - { + sid_equal(&ace->sid, sid)) { + + /* Return true if access has been allowed */ + + if (ace_grant(mask, acc_desired, + acc_granted)) { + *status = NT_STATUS_NO_PROBLEMO; return True; } - } + break; } - case SEC_ACE_TYPE_ACCESS_DENIED: - { - /* everyone - or us */ + + /* Access denied ACE */ + + case SEC_ACE_TYPE_ACCESS_DENIED: { + + /* Everyone - or us */ + if (sid_equal(&ace->sid, global_sid_everyone) || - sid_equal(&ace->sid, sid)) - { - (*status) = acedeny(mask, acc_req, acc_grant, acc_deny); - if ((*status) != NT_STATUS_NOPROBLEMO) - { + sid_equal(&ace->sid, sid)) { + + /* Return false if access has been denied */ + + if (ace_deny(mask, acc_desired, + acc_granted)) { + *status = NT_STATUS_ACCESS_DENIED; return True; } } + break; } - case SEC_ACE_TYPE_SYSTEM_AUDIT: - { - (*status) = NT_STATUS_NOT_IMPLEMENTED; - return True; - } + + /* Unimplemented ACE types. These are ignored. */ + case SEC_ACE_TYPE_SYSTEM_ALARM: - { - (*status) = NT_STATUS_NOT_IMPLEMENTED; - return True; + case SEC_ACE_TYPE_SYSTEM_AUDIT: { + *status = NT_STATUS_NOT_IMPLEMENTED; + return False; } - default: - { - (*status) = NT_STATUS_INVALID_PARAMETER; - return True; + + /* Unknown ACE type */ + + default: { + *status = NT_STATUS_INVALID_PARAMETER; + return False; } } + + /* There are still some bits set in the access desired mask that + haven't been cleared by an ACE. More checking is required. */ + return False; } -/*********************************************************************** - checks access_requested rights of user against sd. returns access granted - and a status code if the grant succeeded, error message if it failed. - - the previously_granted access rights requires some explanation: if you - open a policy handle with a set of permissions, you cannot then perform - operations that require more privileges than those requested. pass in - the [previously granted] permissions from the open_policy_hnd call as - prev_grant_acc, and this function will do the checking for you. - ***********************************************************************/ -BOOL se_access_check(const SEC_DESC * sd, const NET_USER_INFO_3 * user, - uint32 acc_req, uint32 prev_grant_acc, - uint32 * acc_grant, - uint32 * status) +/* Check access rights of a user against a security descriptor. Look at + each ACE in the security descriptor until an access denied ACE denies + any of the desired rights to the user or any of the users groups, or one + or more ACEs explicitly grant all requested access rights. See + "Access-Checking" document in MSDN. */ + +BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, + gid_t *groups, uint32 acc_desired, + uint32 *acc_granted, uint32 *status) { - int num_aces; - int num_groups; - DOM_SID usr_sid; - DOM_SID grp_sid; - DOM_SID **grp_sids = NULL; - uint32 ngrp_sids = 0; + DOM_SID user_sid, group_sid; + DOM_SID **group_sids = NULL; BOOL is_owner; - BOOL is_system; - const SEC_ACL *acl = NULL; - uint32 grnt; - uint32 deny; + int i, j, ngroup_sids = 0; + SEC_ACL *acl; + uint8 check_ace_type; - if (status == NULL) - { - return False; - } + if (!status || !acc_granted) return False; - (*status) = NT_STATUS_ACCESS_DENIED; + *status = NT_STATUS_ACCESS_DENIED; + *acc_granted = 0; - if (prev_grant_acc == SEC_RIGHTS_MAXIMUM_ALLOWED) - { - prev_grant_acc = 0xffffffff; - } - - /* cannot request any more than previously requested access */ - acc_req &= prev_grant_acc; + /* No security descriptor allows all access */ - if (acc_req == 0x0) - { - goto end; - } + if (!sd) { + *status = NT_STATUS_NOPROBLEMO; + *acc_granted = acc_desired; + acc_desired = 0; - /* we must know the owner sid */ - if (sd->owner_sid == NULL) - { - goto end; + goto done; } - (*status) = NT_STATUS_NOPROBLEMO; - - /* create group sid */ - sid_copy(&grp_sid, &user->dom_sid.sid); - sid_append_rid(&grp_sid, user->group_id); + /* If desired access mask is empty then no access is allowed */ - /* create user sid */ - sid_copy(&usr_sid, &user->dom_sid.sid); - sid_append_rid(&usr_sid, user->user_id); + if (acc_desired == 0) { + goto done; + } - /* preparation: check owner sid, create array of group sids */ - is_owner = sid_equal(&usr_sid, sd->owner_sid); - add_sid_to_array(&ngrp_sids, &grp_sids, &grp_sid); + /* We must know the owner sid */ - for (num_groups = 0; num_groups < user->num_groups; num_groups++) - { - sid_copy(&grp_sid, &user->dom_sid.sid); - sid_append_rid(&grp_sid, user->gids[num_groups].g_rid); - add_sid_to_array(&ngrp_sids, &grp_sids, &grp_sid); + if (sd->owner_sid == NULL) { + DEBUG(1, ("no owner for security descriptor\n")); + goto done; } -#ifdef SAMBA_MAIN_DOES_NOT_HAVE_GLOBAL_SID_SYSTEM - /* check for system acl or user (discretionary) acl */ - is_system = sid_equal(&usr_sid, global_sid_system); - if (is_system) - { - acl = sd->sacl; - } - else -#endif - { - acl = sd->dacl; + /* Create user sid */ + + if (!winbind_uid_to_sid(uid, &user_sid)) { + DEBUG(3, ("could not lookup sid for uid %d\n", uid)); } - /* acl must have something in it */ - if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) - { - goto end; + /* Create group sid */ + + if (!winbind_gid_to_sid(gid, &group_sid)) { + DEBUG(3, ("could not lookup sid for gid %d\n", gid)); } - /* - * OK! we have an ACE, it has at least one thing in it, - * we have a user sid, we have an array of group sids. - * let's go! - */ - - deny = 0; - grnt = 0; - - /* check each ace */ - for (num_aces = 0; num_aces < acl->num_aces; num_aces++) - { - const SEC_ACE *ace = &acl->ace[num_aces]; - - /* first check the user sid */ - if (check_ace(ace, is_owner, &usr_sid, &acc_req, - &grnt, &deny, status)) - { - goto end; - } - /* now check the group sids */ - for (num_groups = 0; num_groups < ngrp_sids; num_groups++) - { - if (check_ace(ace, False, grp_sids[num_groups], - &acc_req, &grnt, &deny, status)) - { - goto end; - } + /* Preparation: check owner sid, create array of group sids */ + + is_owner = sid_equal(&user_sid, sd->owner_sid); + add_sid_to_array(&ngroup_sids, &group_sids, &group_sid); + + for (i = 0; i < ngroups; i++) { + if (groups[i] != gid && + winbind_gid_to_sid(groups[i], &group_sid)) { + add_sid_to_array(&ngroup_sids, &group_sids, + &group_sid); + } else { + DEBUG(3, ("could not lookup sid for gid %d\n", gid)); } } - if (grnt == 0x0 && (*status) == NT_STATUS_NOPROBLEMO) - { - (*status) = NT_STATUS_ACCESS_DENIED; + /* ACL must have something in it */ + + acl = sd->dacl; + + if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { + + /* Checks against a NULL ACL succeed and return access + granted = access requested. */ + + *status = NT_STATUS_NOPROBLEMO; + *acc_granted = acc_desired; + acc_desired = 0; + + goto done; + } + + /* Check each ACE in ACL. We break out of the loop if an ACE is + either explicitly denied or explicitly allowed by the + check_ace2() function. We also check the Access Denied ACEs + before Access allowed ones as the Platform SDK documentation is + unclear whether ACEs in a ACL are necessarily always in this + order. See the discussion on "Order of ACEs in a DACL" in + MSDN. */ + + check_ace_type = SEC_ACE_TYPE_ACCESS_DENIED; + + check_aces: + + for (i = 0; i < acl->num_aces; i++) { + SEC_ACE *ace = &acl->ace[i]; + BOOL is_group_owner; + + /* Check user sid */ + + if (ace->type == check_ace_type && + check_ace(ace, is_owner, &user_sid, &acc_desired, + acc_granted, status)) { + goto done; + } + + /* Check group sids */ + + for (j = 0; j < ngroup_sids; j++) { + + is_group_owner = sd->grp_sid ? + sid_equal(group_sids[j], sd->grp_sid) : False; + + if (ace->type == check_ace_type && + check_ace(ace, is_group_owner, group_sids[j], + &acc_desired, acc_granted, status)) { + goto done; + } + } + } + + /* Check access allowed ACEs */ + + if (check_ace_type == SEC_ACE_TYPE_ACCESS_DENIED) { + check_ace_type = SEC_ACE_TYPE_ACCESS_ALLOWED; + goto check_aces; } - else if (acc_grant != NULL) - { - (*acc_grant) = grnt; + + done: + free_sid_array(ngroup_sids, group_sids); + + /* If any access desired bits are still on, return access denied + and turn off any bits already granted. */ + + if (acc_desired) { + *acc_granted = 0; + *status = NT_STATUS_ACCESS_DENIED; } -end: - free_sid_array(ngrp_sids, grp_sids); - return (*status) != NT_STATUS_NOPROBLEMO; + return *status == NT_STATUS_NOPROBLEMO; } - -- cgit From 8c0bb0c2411c53124f0f175b782ec5b0dbcc84ca Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 10 Jul 2000 04:54:09 +0000 Subject: Added some useful debugging stuff. Fixes for se_access_check() when you are the owner of the object. (This used to be commit 1478198b709b26d0007a8ff0586c34fc6f37a9d2) --- source3/lib/util_seaccess.c | 76 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 66 insertions(+), 10 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f9cfcb835b..6c38300bb3 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -153,6 +153,38 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, return False; } + /* Some debugging stuff */ + + if (DEBUGLEVEL >= 3) { + fstring ace_sid_str, sid_str; + fstring ace_name, ace_name_dom, name, name_dom; + uint8 name_type; + + sid_to_string(sid_str, sid); + sid_to_string(ace_sid_str, &ace->sid); + + if (!winbind_lookup_sid(sid, name_dom, name, &name_type)) { + fstrcpy(name_dom, "UNKNOWN"); + fstrcpy(name, "UNKNOWN"); + } + + if (!winbind_lookup_sid(&ace->sid, ace_name_dom, ace_name, + &name_type)) { + fstrcpy(ace_name_dom, "UNKNOWN"); + fstrcpy(ace_name, "UNKNOWN"); + } + + DEBUG(3, ("checking %s ACE sid %s (%s%s%s) mask 0x%08x " + "against sid %s (%s%s%s)\n", + (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? + "allowed" : ((ace->type == + SEC_ACE_TYPE_ACCESS_DENIED) ? + "denied" : "unknown"), + ace_sid_str, ace_name_dom, lp_winbind_separator(), + ace_name, mask, sid_str, name_dom, + lp_winbind_separator(), name)); + } + /* Only owner allowed write-owner rights */ if (!is_owner) { @@ -178,6 +210,7 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, if (ace_grant(mask, acc_desired, acc_granted)) { *status = NT_STATUS_NO_PROBLEMO; + DEBUG(3, ("access granted\n")); return True; } } @@ -199,6 +232,7 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, if (ace_deny(mask, acc_desired, acc_granted)) { *status = NT_STATUS_ACCESS_DENIED; + DEBUG(3, ("access denied\n")); return True; } } @@ -240,7 +274,6 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, { DOM_SID user_sid, group_sid; DOM_SID **group_sids = NULL; - BOOL is_owner; int i, j, ngroup_sids = 0; SEC_ACL *acl; uint8 check_ace_type; @@ -279,24 +312,47 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, DEBUG(3, ("could not lookup sid for uid %d\n", uid)); } + /* If we're the owner, then we can do anything */ + + if (sid_equal(&user_sid, sd->owner_sid)) { + *status = NT_STATUS_NOPROBLEMO; + *acc_granted = acc_desired; + acc_desired = 0; + + goto done; + } + /* Create group sid */ if (!winbind_gid_to_sid(gid, &group_sid)) { DEBUG(3, ("could not lookup sid for gid %d\n", gid)); } - /* Preparation: check owner sid, create array of group sids */ + /* Create array of group sids */ - is_owner = sid_equal(&user_sid, sd->owner_sid); add_sid_to_array(&ngroup_sids, &group_sids, &group_sid); for (i = 0; i < ngroups; i++) { - if (groups[i] != gid && - winbind_gid_to_sid(groups[i], &group_sid)) { - add_sid_to_array(&ngroup_sids, &group_sids, - &group_sid); - } else { - DEBUG(3, ("could not lookup sid for gid %d\n", gid)); + if (groups[i] != gid) { + if (winbind_gid_to_sid(groups[i], &group_sid)) { + + /* If we're a group member then we can also + do anything */ + + if (sid_equal(&group_sid, sd->grp_sid)) { + *status = NT_STATUS_NOPROBLEMO; + *acc_granted = acc_desired; + acc_desired = 0; + + goto done; + } + + add_sid_to_array(&ngroup_sids, &group_sids, + &group_sid); + } else { + DEBUG(3, ("could not lookup sid for gid %d\n", + gid)); + } } } @@ -335,7 +391,7 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, /* Check user sid */ if (ace->type == check_ace_type && - check_ace(ace, is_owner, &user_sid, &acc_desired, + check_ace(ace, False, &user_sid, &acc_desired, acc_granted, status)) { goto done; } -- cgit From 64299375b544de91dab75d62610d7dc7f1f8328d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 10 Jul 2000 05:40:43 +0000 Subject: Moved winbind client functions from various odd locations to nsswitch/wb_client.c Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG. (This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c) --- source3/lib/util_seaccess.c | 64 --------------------------------------------- 1 file changed, 64 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 6c38300bb3..128cbffc0c 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -25,70 +25,6 @@ extern int DEBUGLEVEL; -/* Call winbindd to convert uid to sid */ - -BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - - if (!sid) return False; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - request.data.uid = uid; - - /* Make request */ - - result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response); - - /* Copy out result */ - - if (result == NSS_STATUS_SUCCESS) { - string_to_sid(sid, response.data.sid.sid); - } else { - sid_copy(sid, &global_sid_NULL); - } - - return (result == NSS_STATUS_SUCCESS); -} - -/* Call winbindd to convert uid to sid */ - -BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - - if (!sid) return False; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - request.data.gid = gid; - - /* Make request */ - - result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response); - - /* Copy out result */ - - if (result == NSS_STATUS_SUCCESS) { - string_to_sid(sid, response.data.sid.sid); - } else { - sid_copy(sid, &global_sid_NULL); - } - - return (result == NSS_STATUS_SUCCESS); -} - /* Process an access allowed ACE */ static BOOL ace_grant(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) -- cgit From b561c185972921861946a69b8846681bc7ed3f87 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 10 Jul 2000 06:41:04 +0000 Subject: Fixes for various compile warnings on Solaris 8. (This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd) --- source3/lib/util_seaccess.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 128cbffc0c..4dbeb36ae6 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -210,7 +210,8 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, { DOM_SID user_sid, group_sid; DOM_SID **group_sids = NULL; - int i, j, ngroup_sids = 0; + int i, j; + uint ngroup_sids = 0; SEC_ACL *acl; uint8 check_ace_type; -- cgit From c9dc68746b2d31d7c28a655fcd252f015c68de87 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 17 Jul 2000 02:36:19 +0000 Subject: Added some debugs. Changed interface to se_access_check to take a user struct instead of each bit as a separate parameter. (This used to be commit ff7938310d0636b165b03a2b0a15e51494b2459f) --- source3/lib/util_seaccess.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 4dbeb36ae6..05a7a30635 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -146,7 +146,7 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, if (ace_grant(mask, acc_desired, acc_granted)) { *status = NT_STATUS_NO_PROBLEMO; - DEBUG(3, ("access granted\n")); + DEBUG(3, ("access granted by ace\n")); return True; } } @@ -168,7 +168,7 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, if (ace_deny(mask, acc_desired, acc_granted)) { *status = NT_STATUS_ACCESS_DENIED; - DEBUG(3, ("access denied\n")); + DEBUG(3, ("access denied by ace\n")); return True; } } @@ -204,9 +204,8 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, or more ACEs explicitly grant all requested access rights. See "Access-Checking" document in MSDN. */ -BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, - gid_t *groups, uint32 acc_desired, - uint32 *acc_granted, uint32 *status) +BOOL se_access_check(SEC_DESC *sd, struct current_user *user, + uint32 acc_desired, uint32 *acc_granted, uint32 *status) { DOM_SID user_sid, group_sid; DOM_SID **group_sids = NULL; @@ -214,6 +213,7 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, uint ngroup_sids = 0; SEC_ACL *acl; uint8 check_ace_type; + fstring sid_str; if (!status || !acc_granted) return False; @@ -226,6 +226,7 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; + DEBUG(3, ("no sd, access allowed\n")); goto done; } @@ -245,33 +246,40 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, /* Create user sid */ - if (!winbind_uid_to_sid(uid, &user_sid)) { - DEBUG(3, ("could not lookup sid for uid %d\n", uid)); + if (!winbind_uid_to_sid(user->uid, &user_sid)) { + DEBUG(3, ("could not lookup sid for uid %d\n", user->uid)); } + sid_to_string(sid_str, &user_sid); + DEBUG(3, ("user sid is %s\n", sid_str)); + /* If we're the owner, then we can do anything */ if (sid_equal(&user_sid, sd->owner_sid)) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; + DEBUG(3, ("is owner, access allowed\n")); goto done; } /* Create group sid */ - if (!winbind_gid_to_sid(gid, &group_sid)) { - DEBUG(3, ("could not lookup sid for gid %d\n", gid)); + if (!winbind_gid_to_sid(user->gid, &group_sid)) { + DEBUG(3, ("could not lookup sid for gid %d\n", user->gid)); } + sid_to_string(sid_str, &group_sid); + DEBUG(3, ("group sid is %s\n", sid_str)); + /* Create array of group sids */ add_sid_to_array(&ngroup_sids, &group_sids, &group_sid); - for (i = 0; i < ngroups; i++) { - if (groups[i] != gid) { - if (winbind_gid_to_sid(groups[i], &group_sid)) { + for (i = 0; i < user->ngroups; i++) { + if (user->groups[i] != user->gid) { + if (winbind_gid_to_sid(user->groups[i], &group_sid)) { /* If we're a group member then we can also do anything */ @@ -280,6 +288,8 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; + DEBUG(3, ("is group member " + "access allowed\n")); goto done; } @@ -288,8 +298,11 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, &group_sid); } else { DEBUG(3, ("could not lookup sid for gid %d\n", - gid)); + user->gid)); } + + sid_to_string(sid_str, &group_sid); + DEBUG(3, ("supplementary group %s\n", sid_str)); } } @@ -305,6 +318,7 @@ BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups, *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; + DEBUG(3, ("null ace, access allowed\n")); goto done; } -- cgit From 17dcd9a834fc915fb1ff2d8042a23000eeb7acfa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 2 Aug 2000 02:11:55 +0000 Subject: Started to canonicalize our handling of uid -> sid code in order to get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8) --- source3/lib/util_seaccess.c | 46 ++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 05a7a30635..52696d2d30 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -99,12 +99,12 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, sid_to_string(sid_str, sid); sid_to_string(ace_sid_str, &ace->sid); - if (!winbind_lookup_sid(sid, name_dom, name, &name_type)) { + if (!lookup_sid(sid, name_dom, name, &name_type)) { fstrcpy(name_dom, "UNKNOWN"); fstrcpy(name, "UNKNOWN"); } - if (!winbind_lookup_sid(&ace->sid, ace_name_dom, ace_name, + if (!lookup_sid(&ace->sid, ace_name_dom, ace_name, &name_type)) { fstrcpy(ace_name_dom, "UNKNOWN"); fstrcpy(ace_name, "UNKNOWN"); @@ -208,6 +208,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) { DOM_SID user_sid, group_sid; + DOM_SID owner_sid; DOM_SID **group_sids = NULL; int i, j; uint ngroup_sids = 0; @@ -215,25 +216,30 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint8 check_ace_type; fstring sid_str; - if (!status || !acc_granted) return False; + if (!status || !acc_granted) + return False; *status = NT_STATUS_ACCESS_DENIED; *acc_granted = 0; - /* No security descriptor allows all access */ + /* + * No security descriptor or security descriptor with no DACL + * present allows all access. + */ - if (!sd) { + if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; - DEBUG(3, ("no sd, access allowed\n")); - - goto done; + DEBUG(3, ("se_access_check: no sd or blank DACL, access allowed\n")); + goto done; } /* If desired access mask is empty then no access is allowed */ if (acc_desired == 0) { + *status = NT_STATUS_ACCESS_DENIED; + *acc_granted = 0; goto done; } @@ -246,12 +252,12 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* Create user sid */ - if (!winbind_uid_to_sid(user->uid, &user_sid)) { + if (!uid_to_sid(&user_sid, user->uid)) { DEBUG(3, ("could not lookup sid for uid %d\n", user->uid)); + goto done; } - sid_to_string(sid_str, &user_sid); - DEBUG(3, ("user sid is %s\n", sid_str)); + DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &user_sid) )); /* If we're the owner, then we can do anything */ @@ -266,8 +272,9 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* Create group sid */ - if (!winbind_gid_to_sid(user->gid, &group_sid)) { + if (!gid_to_sid(&group_sid, user->gid)) { DEBUG(3, ("could not lookup sid for gid %d\n", user->gid)); + goto done; } sid_to_string(sid_str, &group_sid); @@ -279,7 +286,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, for (i = 0; i < user->ngroups; i++) { if (user->groups[i] != user->gid) { - if (winbind_gid_to_sid(user->groups[i], &group_sid)) { + if (gid_to_sid(&group_sid, user->groups[i])) { /* If we're a group member then we can also do anything */ @@ -310,18 +317,18 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, acl = sd->dacl; - if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { + if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { /* Checks against a NULL ACL succeed and return access - granted = access requested. */ + granted = access requested. */ *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; DEBUG(3, ("null ace, access allowed\n")); - goto done; - } + goto done; + } /* Check each ACE in ACL. We break out of the loop if an ACE is either explicitly denied or explicitly allowed by the @@ -370,7 +377,8 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, } done: - free_sid_array(ngroup_sids, group_sids); + + free_sid_array(ngroup_sids, group_sids); /* If any access desired bits are still on, return access denied and turn off any bits already granted. */ @@ -380,5 +388,5 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, *status = NT_STATUS_ACCESS_DENIED; } - return *status == NT_STATUS_NOPROBLEMO; + return *status == NT_STATUS_NOPROBLEMO; } -- cgit From b3b512264d90f58a9a9c50cef33d9b860f54c51a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Aug 2000 19:56:58 +0000 Subject: Fixed up se_access_check() to use the token list from the user struct as the SID list. Now to go through and tidy up the algorithm. Jeremy. (This used to be commit 1f7300df6713a6728feb1600ca7e62fc213232fc) --- source3/lib/util_seaccess.c | 114 +++++++++++++------------------------------- 1 file changed, 32 insertions(+), 82 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 52696d2d30..28e8a43c4e 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -3,6 +3,7 @@ Version 2.0 Copyright (C) Luke Kenneth Casson Leighton 1996-2000. Copyright (C) Tim Potter 2000. + Copyright (C) Jeremy Allison 2000. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,6 +26,22 @@ extern int DEBUGLEVEL; +/* + * Guest token used when there is no NT_USER_TOKEN available. + */ + +static DOM_SID builtin_guest = { + 1, /* sid_rev_num */ + 2, /* num_auths */ + { 0, 0, 0, 0, 0, 5}, /* id_auth[6] */ + { 32, 546, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ +}; + +static NT_USER_TOKEN guest_token = { + 1, + &builtin_guest +}; + /* Process an access allowed ACE */ static BOOL ace_grant(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) @@ -207,14 +224,11 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) { - DOM_SID user_sid, group_sid; - DOM_SID owner_sid; - DOM_SID **group_sids = NULL; int i, j; - uint ngroup_sids = 0; SEC_ACL *acl; uint8 check_ace_type; fstring sid_str; + NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &guest_token; if (!status || !acc_granted) return False; @@ -250,70 +264,21 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, goto done; } - /* Create user sid */ + /* The user sid is the first in the token */ - if (!uid_to_sid(&user_sid, user->uid)) { - DEBUG(3, ("could not lookup sid for uid %d\n", user->uid)); - goto done; - } - - DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &user_sid) )); + DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); /* If we're the owner, then we can do anything */ - if (sid_equal(&user_sid, sd->owner_sid)) { + if (sid_equal(&token->user_sids[0], sd->owner_sid)) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; DEBUG(3, ("is owner, access allowed\n")); - - goto done; - } - - /* Create group sid */ - - if (!gid_to_sid(&group_sid, user->gid)) { - DEBUG(3, ("could not lookup sid for gid %d\n", user->gid)); goto done; } - sid_to_string(sid_str, &group_sid); - DEBUG(3, ("group sid is %s\n", sid_str)); - - /* Create array of group sids */ - - add_sid_to_array(&ngroup_sids, &group_sids, &group_sid); - - for (i = 0; i < user->ngroups; i++) { - if (user->groups[i] != user->gid) { - if (gid_to_sid(&group_sid, user->groups[i])) { - - /* If we're a group member then we can also - do anything */ - - if (sid_equal(&group_sid, sd->grp_sid)) { - *status = NT_STATUS_NOPROBLEMO; - *acc_granted = acc_desired; - acc_desired = 0; - DEBUG(3, ("is group member " - "access allowed\n")); - - goto done; - } - - add_sid_to_array(&ngroup_sids, &group_sids, - &group_sid); - } else { - DEBUG(3, ("could not lookup sid for gid %d\n", - user->gid)); - } - - sid_to_string(sid_str, &group_sid); - DEBUG(3, ("supplementary group %s\n", sid_str)); - } - } - - /* ACL must have something in it */ + /* ACL must have something in it */ acl = sd->dacl; @@ -340,34 +305,21 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, check_ace_type = SEC_ACE_TYPE_ACCESS_DENIED; - check_aces: - - for (i = 0; i < acl->num_aces; i++) { - SEC_ACE *ace = &acl->ace[i]; - BOOL is_group_owner; - - /* Check user sid */ - - if (ace->type == check_ace_type && - check_ace(ace, False, &user_sid, &acc_desired, - acc_granted, status)) { - goto done; - } + check_aces: - /* Check group sids */ + for (i = 0; i < acl->num_aces; i++) { + SEC_ACE *ace = &acl->ace[i]; - for (j = 0; j < ngroup_sids; j++) { + /* Check sids */ - is_group_owner = sd->grp_sid ? - sid_equal(group_sids[j], sd->grp_sid) : False; + for (j = 0; j < token->num_sids; j++) { + BOOL is_owner = sid_equal(&token->user_sids[j], sd->owner_sid); - if (ace->type == check_ace_type && - check_ace(ace, is_group_owner, group_sids[j], - &acc_desired, acc_granted, status)) { + if (ace->type == check_ace_type && check_ace(ace, is_owner, &token->user_sids[j], &acc_desired, acc_granted, status)) { goto done; - } - } - } + } + } + } /* Check access allowed ACEs */ @@ -378,8 +330,6 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, done: - free_sid_array(ngroup_sids, group_sids); - /* If any access desired bits are still on, return access denied and turn off any bits already granted. */ -- cgit From 0cabe327ef1f3e5439384b5e73e328404e869a92 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 8 Aug 2000 19:34:34 +0000 Subject: Changed the sec desc access checks to match the spec. Needs testing. Jeremy. (This used to be commit 5a4a7cd4727df5d1b5e71d343e776c7df52dc515) --- source3/lib/util_seaccess.c | 369 ++++++++++++++++++-------------------------- 1 file changed, 149 insertions(+), 220 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 28e8a43c4e..e9de51632d 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -3,7 +3,7 @@ Version 2.0 Copyright (C) Luke Kenneth Casson Leighton 1996-2000. Copyright (C) Tim Potter 2000. - Copyright (C) Jeremy Allison 2000. + Copyright (C) Re-written by Jeremy Allison 2000. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -42,198 +42,161 @@ static NT_USER_TOKEN guest_token = { &builtin_guest }; -/* Process an access allowed ACE */ +/********************************************************************************** + Check if this ACE has a SID in common with the token. +**********************************************************************************/ -static BOOL ace_grant(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) +static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) { - uint32 matches; + size_t i; - /* If there are any matches in the ACE mask and desired access, - turn them off in the desired access and on in the granted - mask. */ - - if (*acc_desired == SEC_RIGHTS_MAXIMUM_ALLOWED) { - matches = mask; - *acc_desired = mask; - } else { - matches = mask & *acc_desired; - } - - if (matches) { - *acc_desired = *acc_desired & ~matches; - *acc_granted = *acc_granted | matches; - } - - return *acc_desired == 0; -} - -/* Process an access denied ACE */ - -static BOOL ace_deny(uint32 mask, uint32 *acc_desired, uint32 *acc_granted) -{ - uint32 matches; - - /* If there are any matches in the ACE mask and the desired access, - all bits are turned off in the desired and granted mask. */ - - if (*acc_desired == SEC_RIGHTS_MAXIMUM_ALLOWED) { - matches = mask; - } else { - matches = mask & *acc_desired; - } - - if (matches) { - *acc_desired = *acc_granted = 0; + for (i = 0; i < token->num_sids; i++) { + if (sid_equal(&ace->sid, &token->user_sids[i])) { + return True; + } } - return *acc_desired == 0; + return False; } -/* Check an ACE against a SID. We return true if the ACE clears all the - permission bits in the access desired mask. This indicates that we have - make a decision to deny or allow access and the status is updated - accordingly. */ +/********************************************************************************* + Check an ACE against a SID. We return the remaining needed permission + bits not yet granted. Zero means permission allowed (no more needed bits). +**********************************************************************************/ -static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, - uint32 *acc_desired, uint32 *acc_granted, - uint32 *status) +static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *status) { uint32 mask = ace->info.mask; - /* Inherit only is ignored */ + /* + * Inherit only is ignored. + */ if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { - return False; - } - - /* Some debugging stuff */ - - if (DEBUGLEVEL >= 3) { - fstring ace_sid_str, sid_str; - fstring ace_name, ace_name_dom, name, name_dom; - uint8 name_type; - - sid_to_string(sid_str, sid); - sid_to_string(ace_sid_str, &ace->sid); - - if (!lookup_sid(sid, name_dom, name, &name_type)) { - fstrcpy(name_dom, "UNKNOWN"); - fstrcpy(name, "UNKNOWN"); - } - - if (!lookup_sid(&ace->sid, ace_name_dom, ace_name, - &name_type)) { - fstrcpy(ace_name_dom, "UNKNOWN"); - fstrcpy(ace_name, "UNKNOWN"); - } - - DEBUG(3, ("checking %s ACE sid %s (%s%s%s) mask 0x%08x " - "against sid %s (%s%s%s)\n", - (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? - "allowed" : ((ace->type == - SEC_ACE_TYPE_ACCESS_DENIED) ? - "denied" : "unknown"), - ace_sid_str, ace_name_dom, lp_winbind_separator(), - ace_name, mask, sid_str, name_dom, - lp_winbind_separator(), name)); + return acc_desired; } - /* Only owner allowed write-owner rights */ - if (!is_owner) { - mask &= (~SEC_RIGHTS_WRITE_OWNER); - } + /* + * If this ACE has no SID in common with the token, + * ignore it as it cannot be used to make an access + * determination. + */ - /* Check the ACE value. This updates the access_desired and - access_granted values appropriately. */ + if (!token_sid_in_ace( token, ace)) + return acc_desired; switch (ace->type) { - - /* Access allowed ACE */ - - case SEC_ACE_TYPE_ACCESS_ALLOWED: { - - /* Everyone - or us */ - - if (sid_equal(&ace->sid, global_sid_everyone) || - sid_equal(&ace->sid, sid)) { - - /* Return true if access has been allowed */ - - if (ace_grant(mask, acc_desired, - acc_granted)) { - *status = NT_STATUS_NO_PROBLEMO; - DEBUG(3, ("access granted by ace\n")); - return True; - } - } - + case SEC_ACE_TYPE_ACCESS_ALLOWED: + /* + * This is explicitly allowed. + * Remove the bits from the remaining + * access required. Return the remaining + * bits needed. + */ + acc_desired &= ~mask; break; - } - - /* Access denied ACE */ - - case SEC_ACE_TYPE_ACCESS_DENIED: { - - /* Everyone - or us */ - - if (sid_equal(&ace->sid, global_sid_everyone) || - sid_equal(&ace->sid, sid)) { - - /* Return false if access has been denied */ - - if (ace_deny(mask, acc_desired, - acc_granted)) { - *status = NT_STATUS_ACCESS_DENIED; - DEBUG(3, ("access denied by ace\n")); - return True; - } + case SEC_ACE_TYPE_ACCESS_DENIED: + /* + * This is explicitly denied. + * If any bits match terminate here, + * we are denied. + */ + if (acc_desired & mask) { + *status = NT_STATUS_ACCESS_DENIED; + return 0xFFFFFFFF; } - break; - } - - /* Unimplemented ACE types. These are ignored. */ - case SEC_ACE_TYPE_SYSTEM_ALARM: - case SEC_ACE_TYPE_SYSTEM_AUDIT: { + case SEC_ACE_TYPE_SYSTEM_AUDIT: *status = NT_STATUS_NOT_IMPLEMENTED; - return False; - } + return 0xFFFFFFFF; + default: + *status = NT_STATUS_INVALID_PARAMETER; + return 0xFFFFFFFF; + } - /* Unknown ACE type */ + return acc_desired; +} - default: { - *status = NT_STATUS_INVALID_PARAMETER; - return False; - } +/********************************************************************************* + Maximum access was requested. Calculate the max possible. Fail if it doesn't + include other bits requested. +**********************************************************************************/ + +static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status) +{ + uint32 acc_denied = 0; + uint32 acc_granted = 0; + size_t i; + + for ( i = 0 ; i < acl->num_aces; i++) { + SEC_ACE *ace = &acl->ace[i]; + uint32 mask = ace->info.mask; + + if (!token_sid_in_ace( token, ace)) + continue; + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + acc_granted |= (mask & ~acc_denied); + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + acc_denied |= (mask & ~acc_granted); + break; + case SEC_ACE_TYPE_SYSTEM_ALARM: + case SEC_ACE_TYPE_SYSTEM_AUDIT: + *status = NT_STATUS_NOT_IMPLEMENTED; + *granted = 0; + return False; + default: + *status = NT_STATUS_INVALID_PARAMETER; + *granted = 0; + return False; + } } - /* There are still some bits set in the access desired mask that - haven't been cleared by an ACE. More checking is required. */ + /* + * If we were granted no access, or we desired bits that we + * didn't get, then deny. + */ - return False; + if ((acc_granted == 0) || ((acc_granted & desired) != desired)) { + *status = NT_STATUS_ACCESS_DENIED; + *granted = 0; + return False; + } + + /* + * Return the access we did get. + */ + + *granted = acc_granted; + *status = NT_STATUS_NOPROBLEMO; + return True; } -/* Check access rights of a user against a security descriptor. Look at - each ACE in the security descriptor until an access denied ACE denies - any of the desired rights to the user or any of the users groups, or one - or more ACEs explicitly grant all requested access rights. See - "Access-Checking" document in MSDN. */ +/********************************************************************************* + Check access rights of a user against a security descriptor. Look at + each ACE in the security descriptor until an access denied ACE denies + any of the desired rights to the user or any of the users groups, or one + or more ACEs explicitly grant all requested access rights. See + "Access-Checking" document in MSDN. +**********************************************************************************/ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) { - int i, j; + size_t i; SEC_ACL *acl; - uint8 check_ace_type; fstring sid_str; NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &guest_token; + uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) return False; - *status = NT_STATUS_ACCESS_DENIED; + *status = NT_STATUS_NOPROBLEMO; *acc_granted = 0; /* @@ -241,102 +204,68 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, * present allows all access. */ + /* ACL must have something in it */ + if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; - acc_desired = 0; DEBUG(3, ("se_access_check: no sd or blank DACL, access allowed\n")); - goto done; + return True; } - /* If desired access mask is empty then no access is allowed */ - - if (acc_desired == 0) { - *status = NT_STATUS_ACCESS_DENIED; - *acc_granted = 0; - goto done; - } /* We must know the owner sid */ if (sd->owner_sid == NULL) { DEBUG(1, ("no owner for security descriptor\n")); - goto done; + *acc_granted = 0; + *status = NT_STATUS_ACCESS_DENIED; + return False; } /* The user sid is the first in the token */ DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); - /* If we're the owner, then we can do anything */ + /* Is the token the owner of the SID ? */ - if (sid_equal(&token->user_sids[0], sd->owner_sid)) { - *status = NT_STATUS_NOPROBLEMO; - *acc_granted = acc_desired; - acc_desired = 0; - DEBUG(3, ("is owner, access allowed\n")); - goto done; + for (i = 0; i < token->num_sids; i++) { + if (sid_equal(&token->user_sids[i], sd->owner_sid)) { + /* + * The owner always has SEC_RIGHTS_WRITE_DAC. + */ + if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) + tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + } } - /* ACL must have something in it */ - acl = sd->dacl; - if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { - - /* Checks against a NULL ACL succeed and return access - granted = access requested. */ - - *status = NT_STATUS_NOPROBLEMO; - *acc_granted = acc_desired; - acc_desired = 0; - DEBUG(3, ("null ace, access allowed\n")); - - goto done; + if (tmp_acc_desired & SEC_RIGHTS_MAXIMUM_ALLOWED) { + tmp_acc_desired &= ~SEC_RIGHTS_MAXIMUM_ALLOWED; + return get_max_access( acl, token, acc_granted, tmp_acc_desired, status); } - /* Check each ACE in ACL. We break out of the loop if an ACE is - either explicitly denied or explicitly allowed by the - check_ace2() function. We also check the Access Denied ACEs - before Access allowed ones as the Platform SDK documentation is - unclear whether ACEs in a ACL are necessarily always in this - order. See the discussion on "Order of ACEs in a DACL" in - MSDN. */ - - check_ace_type = SEC_ACE_TYPE_ACCESS_DENIED; - - check_aces: - - for (i = 0; i < acl->num_aces; i++) { - SEC_ACE *ace = &acl->ace[i]; - - /* Check sids */ - - for (j = 0; j < token->num_sids; j++) { - BOOL is_owner = sid_equal(&token->user_sids[j], sd->owner_sid); - - if (ace->type == check_ace_type && check_ace(ace, is_owner, &token->user_sids[j], &acc_desired, acc_granted, status)) { - goto done; - } + for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) { + tmp_acc_desired = check_ace( &acl->ace[i], token, tmp_acc_desired, status); + if (*status != NT_STATUS_NOPROBLEMO) { + *acc_granted = 0; + return False; } } - /* Check access allowed ACEs */ - - if (check_ace_type == SEC_ACE_TYPE_ACCESS_DENIED) { - check_ace_type = SEC_ACE_TYPE_ACCESS_ALLOWED; - goto check_aces; - } - - done: - - /* If any access desired bits are still on, return access denied - and turn off any bits already granted. */ + /* + * If there are no more desired permissions left then + * access was allowed. + */ - if (acc_desired) { - *acc_granted = 0; - *status = NT_STATUS_ACCESS_DENIED; + if (tmp_acc_desired == 0) { + *acc_granted = acc_desired; + *status = NT_STATUS_NOPROBLEMO; + return True; } - - return *status == NT_STATUS_NOPROBLEMO; + + *acc_granted = 0; + *status = NT_STATUS_ACCESS_DENIED; + return False; } -- cgit From b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 8 Aug 2000 21:51:22 +0000 Subject: Added SID "Everyone" S-1-1-0 as always matching if present in an ACE. Jeremy. (This used to be commit b3a1038ac1bfb0c32e64f6cb26e5e46fbda794a2) --- source3/lib/util_seaccess.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index e9de51632d..351e93dc7a 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -26,11 +26,22 @@ extern int DEBUGLEVEL; +/* Everyone = S-1-1-0 */ + +static DOM_SID everyone_sid = { + 1, /* sid_rev_num */ + 1, /* num_auths */ + { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */ + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ +}; + /* * Guest token used when there is no NT_USER_TOKEN available. */ -static DOM_SID builtin_guest = { +/* Guest = S-1-5-32-546 */ + +static DOM_SID guest_sid = { 1, /* sid_rev_num */ 2, /* num_auths */ { 0, 0, 0, 0, 0, 5}, /* id_auth[6] */ @@ -39,11 +50,12 @@ static DOM_SID builtin_guest = { static NT_USER_TOKEN guest_token = { 1, - &builtin_guest + &guest_sid }; /********************************************************************************** Check if this ACE has a SID in common with the token. + The SID "Everyone" always matches. **********************************************************************************/ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) @@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &token->user_sids[i])) { + if (sid_equal(&ace->sid, &everyone_sid)) + return True; + if (sid_equal(&ace->sid, &token->user_sids[i])) return True; - } } return False; -- cgit From e3048cfc0b324ec5ab825efe87eaa97cc9504c09 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Aug 2000 18:40:48 +0000 Subject: Fixed memory leak with NT tokens. Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b) --- source3/lib/util_seaccess.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 351e93dc7a..354f7f2fae 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -212,6 +212,9 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, *status = NT_STATUS_NOPROBLEMO; *acc_granted = 0; + DEBUG(10,("se_access_check: requested access %x, for uid %u\n", + (unsigned int)acc_desired, (unsigned int)user->uid )); + /* * No security descriptor or security descriptor with no DACL * present allows all access. @@ -222,7 +225,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; - DEBUG(3, ("se_access_check: no sd or blank DACL, access allowed\n")); + DEBUG(5, ("se_access_check: no sd or blank DACL, access allowed\n")); return True; } @@ -233,6 +236,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, DEBUG(1, ("no owner for security descriptor\n")); *acc_granted = 0; *status = NT_STATUS_ACCESS_DENIED; + DEBUG(5, ("se_access_check: no owner sid, access denied\n")); return False; } @@ -260,9 +264,16 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, } for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) { - tmp_acc_desired = check_ace( &acl->ace[i], token, tmp_acc_desired, status); + SEC_ACE *ace = &acl->ace[i]; + + DEBUG(10,("se_access_check: ACE %u: SID = %s mask = %x, current desired = %x\n", + (unsigned int)i, sid_to_string(sid_str, &ace->sid), + (unsigned int) ace->info.mask, (unsigned int)tmp_acc_desired )); + + tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); if (*status != NT_STATUS_NOPROBLEMO) { *acc_granted = 0; + DEBUG(5,("se_access_check: ACE %u denied with status %x.\n", (unsigned int)i, (unsigned int)*status )); return False; } } @@ -275,10 +286,12 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (tmp_acc_desired == 0) { *acc_granted = acc_desired; *status = NT_STATUS_NOPROBLEMO; + DEBUG(5,("se_access_check: access (%x) granted.\n", (unsigned int)acc_desired )); return True; } *acc_granted = 0; *status = NT_STATUS_ACCESS_DENIED; + DEBUG(5,("se_access_check: access (%x) denied.\n", (unsigned int)acc_desired )); return False; } -- cgit From 1e46bde597eb77ed708649585d6125f8e82dde31 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 10 Aug 2000 17:48:15 +0000 Subject: Removed requirement that sid have an owner before being interpreted. Thanks to Elrond for pointing this out. Jeremy. (This used to be commit 1d9a5494f8214b8d6171073f4090687a8535d78c) --- source3/lib/util_seaccess.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 354f7f2fae..486db7c8c8 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -229,30 +229,21 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, return True; } - - /* We must know the owner sid */ - - if (sd->owner_sid == NULL) { - DEBUG(1, ("no owner for security descriptor\n")); - *acc_granted = 0; - *status = NT_STATUS_ACCESS_DENIED; - DEBUG(5, ("se_access_check: no owner sid, access denied\n")); - return False; - } - /* The user sid is the first in the token */ DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); /* Is the token the owner of the SID ? */ - for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&token->user_sids[i], sd->owner_sid)) { - /* - * The owner always has SEC_RIGHTS_WRITE_DAC. - */ - if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) - tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + if (sd->owner_sid) { + for (i = 0; i < token->num_sids; i++) { + if (sid_equal(&token->user_sids[i], sd->owner_sid)) { + /* + * The owner always has SEC_RIGHTS_WRITE_DAC. + */ + if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) + tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + } } } -- cgit From 1e823bc781fdb0738a58f478432c017732b69068 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 10 Aug 2000 19:51:45 +0000 Subject: Tidied up security rights definitions. Jeremy. (This used to be commit e466c863f5540e13776f4477b6d58e3fbfe7276d) --- source3/lib/util_seaccess.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 486db7c8c8..cacdad16fd 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -241,16 +241,16 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* * The owner always has SEC_RIGHTS_WRITE_DAC. */ - if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) - tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + if (tmp_acc_desired & WRITE_DAC_ACCESS) + tmp_acc_desired &= ~WRITE_DAC_ACCESS; } } } acl = sd->dacl; - if (tmp_acc_desired & SEC_RIGHTS_MAXIMUM_ALLOWED) { - tmp_acc_desired &= ~SEC_RIGHTS_MAXIMUM_ALLOWED; + if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) { + tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS; return get_max_access( acl, token, acc_granted, tmp_acc_desired, status); } -- cgit From 57fcae402b8a9971c938ce069862285151728987 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Dec 2000 00:42:55 +0000 Subject: Owner always has READ_CONTROL and WRITE_DAC access. Jeremy. (This used to be commit 05fcb124dfbb1a257828e9dc6a7793fc3dc73c4b) --- source3/lib/util_seaccess.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index cacdad16fd..9aa2be4d2d 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -239,10 +239,12 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, for (i = 0; i < token->num_sids; i++) { if (sid_equal(&token->user_sids[i], sd->owner_sid)) { /* - * The owner always has SEC_RIGHTS_WRITE_DAC. + * The owner always has SEC_RIGHTS_WRITE_DAC & READ_CONTROL. */ if (tmp_acc_desired & WRITE_DAC_ACCESS) tmp_acc_desired &= ~WRITE_DAC_ACCESS; + if (tmp_acc_desired & READ_CONTROL_ACCESS) + tmp_acc_desired &= ~READ_CONTROL_ACCESS; } } } -- cgit From 276364e2a4cee00f4521845347a0b0a371f6b0e6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Dec 2000 02:36:14 +0000 Subject: Removed the special casing of SIDs in se_access_check. This is now done (correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4) --- source3/lib/util_seaccess.c | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 9aa2be4d2d..87d0f3bb68 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -26,36 +26,8 @@ extern int DEBUGLEVEL; -/* Everyone = S-1-1-0 */ - -static DOM_SID everyone_sid = { - 1, /* sid_rev_num */ - 1, /* num_auths */ - { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */ - { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ -}; - -/* - * Guest token used when there is no NT_USER_TOKEN available. - */ - -/* Guest = S-1-5-32-546 */ - -static DOM_SID guest_sid = { - 1, /* sid_rev_num */ - 2, /* num_auths */ - { 0, 0, 0, 0, 0, 5}, /* id_auth[6] */ - { 32, 546, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ -}; - -static NT_USER_TOKEN guest_token = { - 1, - &guest_sid -}; - /********************************************************************************** Check if this ACE has a SID in common with the token. - The SID "Everyone" always matches. **********************************************************************************/ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) @@ -63,8 +35,6 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &everyone_sid)) - return True; if (sid_equal(&ace->sid, &token->user_sids[i])) return True; } @@ -200,10 +170,11 @@ static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) { + extern NT_USER_TOKEN anonymous_token; size_t i; SEC_ACL *acl; fstring sid_str; - NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &guest_token; + NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) -- cgit From 23807f2b308e80a1e325c8fd2bddeec3e2e15bc5 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Thu, 4 Jan 2001 19:27:08 +0000 Subject: Changes from APPLIANCE_HEAD: source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0) --- source3/lib/util_seaccess.c | 79 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 5 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 87d0f3bb68..68f900b34d 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -51,6 +51,32 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, { uint32 mask = ace->info.mask; +#if 0 + + /* I think there is some aspect of inheritable ACEs that we don't + understand. A 'Manage Documents' permission has the following + ACE entries (after generic mapping has been applied): + + S-1-5-21-1067277791-1719175008-3000797951-1033 0 9 0x000f000c + S-1-5-21-1067277791-1719175008-3000797951-1033 0 2 0x00020000 + + Now a user wanting to print calls se_access_check() with desired + access PRINTER_ACCESS_USE (0x00000008). This is only allowed if + the inherit only ACE, flags & SEC_ACE_FLAG_INHERIT_ONLY (0x8) is + checked. A similar argument is used to explain how a user with + 'Full Control' permission can print. + + Having both the flags SEC_ACE_FLAG_INHERIT_ONLY and + SEC_ACE_FLAG_OBJECT_INHERIT set in an ACE doesn't seem to make + sense. According to the MSDN, an inherit only ACE "indicates an + [...] ACE which does not control access to the object to which + it is attached" and an object inherit ACE for "non-container + child objects [they] inherit the ACE as an effective ACE". + These two flags don't seem to make sense when combined. Does + the object inherit override the inherit only flag? We are also + talking about access to a printer object, not a printer job so + inheritance shouldn't even be involved. -tpot */ + /* * Inherit only is ignored. */ @@ -59,6 +85,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, return acc_desired; } +#endif /* * If this ACE has no SID in common with the token, @@ -159,13 +186,48 @@ static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, return True; } -/********************************************************************************* +/* Map generic access rights to object specific rights. This technique is + used to give meaning to assigning read, write, execute and all access to + objects. Each type of object has its own mapping of generic to object + specific access rights. */ + +void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) +{ + uint32 old_mask = *access_mask; + + if (*access_mask & GENERIC_READ_ACCESS) { + *access_mask &= ~GENERIC_READ_ACCESS; + *access_mask |= mapping->generic_read; + } + + if (*access_mask & GENERIC_WRITE_ACCESS) { + *access_mask &= ~GENERIC_WRITE_ACCESS; + *access_mask |= mapping->generic_write; + } + + if (*access_mask & GENERIC_EXECUTE_ACCESS) { + *access_mask &= ~GENERIC_EXECUTE_ACCESS; + *access_mask |= mapping->generic_execute; + } + + if (*access_mask & GENERIC_ALL_ACCESS) { + *access_mask &= ~GENERIC_ALL_ACCESS; + *access_mask |= mapping->generic_all; + } + + if (old_mask != *access_mask) { + DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n", + old_mask, *access_mask)); + } +} + +/***************************************************************************** Check access rights of a user against a security descriptor. Look at each ACE in the security descriptor until an access denied ACE denies any of the desired rights to the user or any of the users groups, or one or more ACEs explicitly grant all requested access rights. See "Access-Checking" document in MSDN. -**********************************************************************************/ +*****************************************************************************/ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) @@ -204,6 +266,11 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); + for (i = 1; i < token->num_sids; i++) { + DEBUG(3, ("se_access_check: also %s\n", + sid_to_string(sid_str, &token->user_sids[i]))); + } + /* Is the token the owner of the SID ? */ if (sd->owner_sid) { @@ -230,9 +297,11 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) { SEC_ACE *ace = &acl->ace[i]; - DEBUG(10,("se_access_check: ACE %u: SID = %s mask = %x, current desired = %x\n", - (unsigned int)i, sid_to_string(sid_str, &ace->sid), - (unsigned int) ace->info.mask, (unsigned int)tmp_acc_desired )); + DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", + (unsigned int)i, ace->type, ace->flags, + sid_to_string(sid_str, &ace->sid), + (unsigned int) ace->info.mask, + (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); if (*status != NT_STATUS_NOPROBLEMO) { -- cgit From a4c22506eff954ceacfb8d2405dae358b5b4c964 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Fri, 19 Jan 2001 16:56:58 +0000 Subject: Changes from APPLIANCE_HEAD: source/lib/util_seaccess.c - added se_create_child_secdesc() function which takes a parent (container) security descriptor and creates a security descriptor which has the inheritance flags for each ACE applied. In NT a print job is a child object of a printer so deleting and pausing/resuming jobs requires a check against the child security descriptor, not the parent. The values seen in NT printer security descriptors now all fit together in a natural and elegant way which is always nice. - Removed #ifdef'ed out portion of check_ace() when the INHERIT_ONLY flag is set as the se_create_child_secdesc() function now creates a security descriptor which can be used without this hack. (This used to be commit f125b9a94413fd481ae9f05ec5096ef79f0d49e4) --- source3/lib/util_seaccess.c | 147 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 119 insertions(+), 28 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 68f900b34d..6cfcd065aa 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -51,32 +51,6 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, { uint32 mask = ace->info.mask; -#if 0 - - /* I think there is some aspect of inheritable ACEs that we don't - understand. A 'Manage Documents' permission has the following - ACE entries (after generic mapping has been applied): - - S-1-5-21-1067277791-1719175008-3000797951-1033 0 9 0x000f000c - S-1-5-21-1067277791-1719175008-3000797951-1033 0 2 0x00020000 - - Now a user wanting to print calls se_access_check() with desired - access PRINTER_ACCESS_USE (0x00000008). This is only allowed if - the inherit only ACE, flags & SEC_ACE_FLAG_INHERIT_ONLY (0x8) is - checked. A similar argument is used to explain how a user with - 'Full Control' permission can print. - - Having both the flags SEC_ACE_FLAG_INHERIT_ONLY and - SEC_ACE_FLAG_OBJECT_INHERIT set in an ACE doesn't seem to make - sense. According to the MSDN, an inherit only ACE "indicates an - [...] ACE which does not control access to the object to which - it is attached" and an object inherit ACE for "non-container - child objects [they] inherit the ACE as an effective ACE". - These two flags don't seem to make sense when combined. Does - the object inherit override the inherit only flag? We are also - talking about access to a printer object, not a printer job so - inheritance shouldn't even be involved. -tpot */ - /* * Inherit only is ignored. */ @@ -85,8 +59,6 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, return acc_desired; } -#endif - /* * If this ACE has no SID in common with the token, * ignore it as it cannot be used to make an access @@ -328,3 +300,122 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, DEBUG(5,("se_access_check: access (%x) denied.\n", (unsigned int)acc_desired )); return False; } + +/* Create a child security descriptor using another security descriptor as + the parent container. This child object can either be a container or + non-container object. */ + +SEC_DESC_BUF *se_create_child_secdesc(SEC_DESC *parent_ctr, + BOOL child_container) +{ + SEC_DESC_BUF *sdb; + SEC_DESC *sd; + SEC_ACL *new_dacl, *acl; + SEC_ACE *new_ace_list = NULL; + int new_ace_list_ndx = 0, i; + size_t size; + + /* Currently we only process the dacl when creating the child. The + sacl should also be processed but this is left out as sacls are + not implemented in Samba at the moment.*/ + + acl = parent_ctr->dacl; + + if (!(new_ace_list = malloc(sizeof(SEC_ACE) * acl->num_aces))) + return NULL; + + for (i = 0; acl && i < acl->num_aces; i++) { + SEC_ACE *ace = &acl->ace[i]; + SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx]; + uint8 new_flags = 0; + BOOL inherit = False; + fstring sid_str; + + /* The OBJECT_INHERIT_ACE flag causes the ACE to be + inherited by non-container children objects. Container + children objects will inherit it as an INHERIT_ONLY + ACE. */ + + if (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) { + + if (!child_container) { + new_flags |= SEC_ACE_FLAG_OBJECT_INHERIT; + } else { + new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } + + inherit = True; + } + + /* The CONAINER_INHERIT_ACE flag means all child container + objects will inherit and use the ACE. */ + + if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { + if (!child_container) { + inherit = False; + } else { + new_flags |= SEC_ACE_FLAG_CONTAINER_INHERIT; + } + } + + /* The INHERIT_ONLY_ACE is not used by the se_access_check() + function for the parent container, but is inherited by + all child objects as a normal ACE. */ + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + /* Move along, nothing to see here */ + } + + /* The SEC_ACE_FLAG_NO_PROPAGATE_INHERIT flag means the ACE + is inherited by child objects but not grandchildren + objects. We clear the object inherit and container + inherit flags in the inherited ACE. */ + + if (ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { + new_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_CONTAINER_INHERIT); + } + + /* Add ACE to ACE list */ + + if (!inherit) + continue; + + init_sec_access(&new_ace->info, ace->info.mask); + init_sec_ace(new_ace, &ace->sid, ace->type, + new_ace->info, new_flags); + + sid_to_string(sid_str, &ace->sid); + + DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " + " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, + ace->type, ace->flags, ace->info.mask, + sid_str, new_ace->type, new_ace->flags, + new_ace->info.mask)); + + new_ace_list_ndx++; + } + + /* Create child security descriptor to return */ + + new_dacl = make_sec_acl(ACL_REVISION, new_ace_list_ndx, new_ace_list); + safe_free(new_ace_list); + + /* Use the existing user and group sids. I don't think this is + correct. Perhaps the user and group should be passed in as + parameters by the caller? */ + + sd = make_sec_desc(SEC_DESC_REVISION, + parent_ctr->owner_sid, + parent_ctr->grp_sid, + parent_ctr->sacl, + new_dacl, &size); + + free_sec_acl(&new_dacl); + + sdb = make_sec_desc_buf(size, sd); + + free_sec_desc(&sd); + + return sdb; +} -- cgit From 0f2799aaf1e33aa474a12b9389728d57af926cb3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Feb 2001 00:51:02 +0000 Subject: Move to talloc control of SPOOL_XXX structs. Move to talloc control of security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d) --- source3/lib/util_seaccess.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 6cfcd065aa..e1b18460e2 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -305,7 +305,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, the parent container. This child object can either be a container or non-container object. */ -SEC_DESC_BUF *se_create_child_secdesc(SEC_DESC *parent_ctr, +SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, BOOL child_container) { SEC_DESC_BUF *sdb; @@ -321,7 +321,7 @@ SEC_DESC_BUF *se_create_child_secdesc(SEC_DESC *parent_ctr, acl = parent_ctr->dacl; - if (!(new_ace_list = malloc(sizeof(SEC_ACE) * acl->num_aces))) + if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * acl->num_aces))) return NULL; for (i = 0; acl && i < acl->num_aces; i++) { @@ -398,24 +398,19 @@ SEC_DESC_BUF *se_create_child_secdesc(SEC_DESC *parent_ctr, /* Create child security descriptor to return */ - new_dacl = make_sec_acl(ACL_REVISION, new_ace_list_ndx, new_ace_list); - safe_free(new_ace_list); + new_dacl = make_sec_acl(ctx, ACL_REVISION, new_ace_list_ndx, new_ace_list); /* Use the existing user and group sids. I don't think this is correct. Perhaps the user and group should be passed in as parameters by the caller? */ - sd = make_sec_desc(SEC_DESC_REVISION, + sd = make_sec_desc(ctx, SEC_DESC_REVISION, parent_ctr->owner_sid, parent_ctr->grp_sid, parent_ctr->sacl, new_dacl, &size); - free_sec_acl(&new_dacl); - - sdb = make_sec_desc_buf(size, sd); - - free_sec_desc(&sd); + sdb = make_sec_desc_buf(ctx, size, sd); return sdb; } -- cgit From c08fc869ce12c61241bc47f808821727c7c5dcf4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 27 Apr 2001 21:20:20 +0000 Subject: Don't use variables called "acl" as it's the name of a function in Solaris. Jeremy. (This used to be commit 277eb517e25eb3910057336b2bee18875dffe6cc) --- source3/lib/util_seaccess.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index e1b18460e2..8b75a5f487 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -106,14 +106,14 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, include other bits requested. **********************************************************************************/ -static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status) +static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status) { uint32 acc_denied = 0; uint32 acc_granted = 0; size_t i; - for ( i = 0 ; i < acl->num_aces; i++) { - SEC_ACE *ace = &acl->ace[i]; + for ( i = 0 ; i < the_acl->num_aces; i++) { + SEC_ACE *ace = &the_acl->ace[i]; uint32 mask = ace->info.mask; if (!token_sid_in_ace( token, ace)) @@ -206,7 +206,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, { extern NT_USER_TOKEN anonymous_token; size_t i; - SEC_ACL *acl; + SEC_ACL *the_acl; fstring sid_str; NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; @@ -259,15 +259,15 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, } } - acl = sd->dacl; + the_acl = sd->dacl; if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) { tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS; - return get_max_access( acl, token, acc_granted, tmp_acc_desired, status); + return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, status); } - for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) { - SEC_ACE *ace = &acl->ace[i]; + for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { + SEC_ACE *ace = &the_acl->ace[i]; DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, @@ -310,7 +310,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, { SEC_DESC_BUF *sdb; SEC_DESC *sd; - SEC_ACL *new_dacl, *acl; + SEC_ACL *new_dacl, *the_acl; SEC_ACE *new_ace_list = NULL; int new_ace_list_ndx = 0, i; size_t size; @@ -319,13 +319,13 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, sacl should also be processed but this is left out as sacls are not implemented in Samba at the moment.*/ - acl = parent_ctr->dacl; + the_acl = parent_ctr->dacl; - if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * acl->num_aces))) + if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces))) return NULL; - for (i = 0; acl && i < acl->num_aces; i++) { - SEC_ACE *ace = &acl->ace[i]; + for (i = 0; the_acl && i < the_acl->num_aces; i++) { + SEC_ACE *ace = &the_acl->ace[i]; SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx]; uint8 new_flags = 0; BOOL inherit = False; -- cgit From ee5f7237decfe446f4fdb08422beb2e6cb43af7f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 17:52:23 +0000 Subject: started converting NTSTATUS to be a structure on systems with gcc in order to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs (This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f) --- source3/lib/util_seaccess.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 8b75a5f487..1716226272 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -47,7 +47,8 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) bits not yet granted. Zero means permission allowed (no more needed bits). **********************************************************************************/ -static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *status) +static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, + NTSTATUS *status) { uint32 mask = ace->info.mask; @@ -106,7 +107,9 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, include other bits requested. **********************************************************************************/ -static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status) +static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, + uint32 desired, + NTSTATUS *status) { uint32 acc_denied = 0; uint32 acc_granted = 0; @@ -202,7 +205,8 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) *****************************************************************************/ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, - uint32 acc_desired, uint32 *acc_granted, uint32 *status) + uint32 acc_desired, uint32 *acc_granted, + NTSTATUS *status) { extern NT_USER_TOKEN anonymous_token; size_t i; @@ -263,7 +267,8 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) { tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS; - return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, status); + return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, + status); } for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { @@ -276,9 +281,9 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); - if (*status != NT_STATUS_NOPROBLEMO) { + if (NT_STATUS_V(*status)) { *acc_granted = 0; - DEBUG(5,("se_access_check: ACE %u denied with status %x.\n", (unsigned int)i, (unsigned int)*status )); + DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, get_nt_error_msg(*status))); return False; } } -- cgit From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 19:46:22 +0000 Subject: converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) --- source3/lib/util_seaccess.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 1716226272..f10c84c276 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -157,7 +157,7 @@ static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *gran */ *granted = acc_granted; - *status = NT_STATUS_NOPROBLEMO; + *status = NT_STATUS_OK; return True; } @@ -218,7 +218,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (!status || !acc_granted) return False; - *status = NT_STATUS_NOPROBLEMO; + *status = NT_STATUS_OK; *acc_granted = 0; DEBUG(10,("se_access_check: requested access %x, for uid %u\n", @@ -232,7 +232,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* ACL must have something in it */ if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { - *status = NT_STATUS_NOPROBLEMO; + *status = NT_STATUS_OK; *acc_granted = acc_desired; DEBUG(5, ("se_access_check: no sd or blank DACL, access allowed\n")); return True; @@ -295,7 +295,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (tmp_acc_desired == 0) { *acc_granted = acc_desired; - *status = NT_STATUS_NOPROBLEMO; + *status = NT_STATUS_OK; DEBUG(5,("se_access_check: access (%x) granted.\n", (unsigned int)acc_desired )); return True; } -- cgit From 0f4281b9b4a4056e9e087deb15e60ea482af7a74 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 26 Sep 2001 00:05:03 +0000 Subject: Added Elrond patch to make se_access_check use NT datastructures, not Samba. Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84) --- source3/lib/util_seaccess.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f10c84c276..ec1b56ae86 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern int DEBUGLEVEL; Check if this ACE has a SID in common with the token. **********************************************************************************/ -static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) +static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) { size_t i; @@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, struct current_user *user, +BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { @@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, size_t i; SEC_ACL *the_acl; fstring sid_str; - NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) return False; + if (!token) + token = &anonymous_token; + *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access %x, for uid %u\n", - (unsigned int)acc_desired, (unsigned int)user->uid )); + DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n", + (unsigned int)acc_desired, (unsigned int)token->num_sids, + sid_to_string(sid_str, &token->user_sids[0]))); /* * No security descriptor or security descriptor with no DACL -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/lib/util_seaccess.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index ec1b56ae86..82fb1e8527 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -24,8 +24,6 @@ #include "nterr.h" #include "sids.h" -extern int DEBUGLEVEL; - /********************************************************************************** Check if this ACE has a SID in common with the token. **********************************************************************************/ -- cgit From e74c51dfeb8c19f01451d2085f2e510bb431fbf0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Nov 2001 18:32:32 +0000 Subject: I *love* removing code :-). Removed 4 files that weren't being used. All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 82fb1e8527..852ded5627 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -241,7 +241,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, /* The user sid is the first in the token */ - DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); + DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) )); for (i = 1; i < token->num_sids; i++) { DEBUG(3, ("se_access_check: also %s\n", -- cgit From 6d9adfe73c04132ff162d05b0c309395c4a54485 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 30 Nov 2001 01:04:15 +0000 Subject: Renamed sid field in SEC_ACE to trustee to be more in line with MS's definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301) --- source3/lib/util_seaccess.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 852ded5627..b8dc43dede 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -33,7 +33,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &token->user_sids[i])) + if (sid_equal(&ace->trustee, &token->user_sids[i])) return True; } @@ -277,7 +277,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, - sid_to_string(sid_str, &ace->sid), + sid_to_string(sid_str, &ace->trustee), (unsigned int) ace->info.mask, (unsigned int)tmp_acc_desired )); @@ -388,10 +388,10 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, continue; init_sec_access(&new_ace->info, ace->info.mask); - init_sec_ace(new_ace, &ace->sid, ace->type, + init_sec_ace(new_ace, &ace->trustee, ace->type, new_ace->info, new_flags); - sid_to_string(sid_str, &ace->sid); + sid_to_string(sid_str, &ace->trustee); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, -- cgit From a081ad3daed709859eacf607cf120f065bbcf0a0 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 17 Dec 2001 22:57:06 +0000 Subject: tidy up debug J.F. (This used to be commit c44f4e9e3368320b7559059dc214fa6c003d1187) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index b8dc43dede..1ff7c32957 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -221,7 +221,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n", + DEBUG(10,("se_access_check: requested access 0x%08x, for NT token with %u entries and first sid %s.\n", (unsigned int)acc_desired, (unsigned int)token->num_sids, sid_to_string(sid_str, &token->user_sids[0]))); -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/lib/util_seaccess.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 1ff7c32957..5a934789e4 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 2.0 + Unix SMB/CIFS implementation. Copyright (C) Luke Kenneth Casson Leighton 1996-2000. Copyright (C) Tim Potter 2000. Copyright (C) Re-written by Jeremy Allison 2000. -- cgit From 65c007b583e2107f5ad1ba6733d3e578a143863e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 15 Mar 2002 08:14:10 +0000 Subject: syncing up printing code with SAMBA_2_2 (already done some merges in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions (This used to be commit 5760315c1de4033fdc22684c940f18010010924f) --- source3/lib/util_seaccess.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 5a934789e4..299b339ddf 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -193,6 +193,31 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) } } +/* Map standard access rights to object specific rights. This technique is + used to give meaning to assigning read, write, execute and all access to + objects. Each type of object has its own mapping of standard to object + specific access rights. */ + +void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) +{ + uint32 old_mask = *access_mask; + + if (*access_mask & READ_CONTROL_ACCESS) { + *access_mask &= ~READ_CONTROL_ACCESS; + *access_mask |= mapping->std_read; + } + + if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)) { + *access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS); + *access_mask |= mapping->std_all; + } + + if (old_mask != *access_mask) { + DEBUG(10, ("se_map_standard(): mapped mask 0x%08x to 0x%08x\n", + old_mask, *access_mask)); + } +} + /***************************************************************************** Check access rights of a user against a security descriptor. Look at each ACE in the security descriptor until an access denied ACE denies -- cgit From ab13654dc9ac23872e4d1384e1c54e336f113009 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 17 Mar 2002 04:36:35 +0000 Subject: Renamed get_nt_error_msg() to nt_errstr(). (This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 299b339ddf..8ed266aced 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -308,7 +308,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); if (NT_STATUS_V(*status)) { *acc_granted = 0; - DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, get_nt_error_msg(*status))); + DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, nt_errstr(*status))); return False; } } -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/lib/util_seaccess.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 8ed266aced..9fdf03adfc 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -20,8 +20,6 @@ */ #include "includes.h" -#include "nterr.h" -#include "sids.h" /********************************************************************************** Check if this ACE has a SID in common with the token. -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/lib/util_seaccess.c | 62 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 52 insertions(+), 10 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 9fdf03adfc..b137023e55 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -21,6 +21,8 @@ #include "includes.h" +extern DOM_SID global_sid_Builtin; + /********************************************************************************** Check if this ACE has a SID in common with the token. **********************************************************************************/ @@ -42,7 +44,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) bits not yet granted. Zero means permission allowed (no more needed bits). **********************************************************************************/ -static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, +static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { uint32 mask = ace->info.mask; @@ -102,7 +104,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, include other bits requested. **********************************************************************************/ -static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, +static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted, uint32 desired, NTSTATUS *status) { @@ -224,7 +226,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, +BOOL se_access_check(SEC_DESC *sd, const NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { @@ -262,12 +264,13 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, } /* The user sid is the first in the token */ - - DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) )); - - for (i = 1; i < token->num_sids; i++) { - DEBUG(3, ("se_access_check: also %s\n", - sid_to_string(sid_str, &token->user_sids[i]))); + if (DEBUGLVL(3)) { + DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) )); + + for (i = 1; i < token->num_sids; i++) { + DEBUGADD(3, ("se_access_check: also %s\n", + sid_to_string(sid_str, &token->user_sids[i]))); + } } /* Is the token the owner of the SID ? */ @@ -297,7 +300,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { SEC_ACE *ace = &the_acl->ace[i]; - DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", + DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, sid_to_string(sid_str, &ace->trustee), (unsigned int) ace->info.mask, @@ -442,3 +445,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return sdb; } + +/******************************************************************* + samr_make_sam_obj_sd + ********************************************************************/ + +NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, SAMR_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} -- cgit From f2d1f19a66ebaf9b88d23c0faa2412536cc74cda Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 18:26:00 +0000 Subject: syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index b137023e55..456d7ba9e2 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -226,7 +226,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, const NT_USER_TOKEN *token, +BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { -- cgit From d12baf7bf7a81cc579dc717d9592c36ad10fda38 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 2 Nov 2002 12:53:13 +0000 Subject: port sec_desc headers reordering from HEAD. Thanks to Andrew Brtlet for the diff :-) (This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c) --- source3/lib/util_seaccess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 456d7ba9e2..21d7fe8599 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -468,11 +468,11 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); /*basic access for every one*/ - init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ); + init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ); init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); /*full access for builtin aliases Administrators and Account Operators*/ - init_sec_access(&mask, SAMR_ALL_ACCESS); + init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS); init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); -- cgit From 266ec4aac04cb8666234f18baa38ff6387f40cb3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Feb 2003 03:09:08 +0000 Subject: Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0. Andrew Bartlett (This used to be commit 9ef0d40c3f8aef52ab321dc065264c42065bc876) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 21d7fe8599..eba8cab7fb 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -343,7 +343,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, SEC_DESC *sd; SEC_ACL *new_dacl, *the_acl; SEC_ACE *new_ace_list = NULL; - int new_ace_list_ndx = 0, i; + unsigned int new_ace_list_ndx = 0, i; size_t size; /* Currently we only process the dacl when creating the child. The -- cgit From 0551426657167c676f1b88443602f9268d21784e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 19 Sep 2003 21:57:43 +0000 Subject: Ensure that dup_sec_desc copies the 'type' field correctly. This caused me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d) --- source3/lib/util_seaccess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index eba8cab7fb..2482d582d2 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -435,7 +435,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, correct. Perhaps the user and group should be passed in as parameters by the caller? */ - sd = make_sec_desc(ctx, SEC_DESC_REVISION, + sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, parent_ctr->owner_sid, parent_ctr->grp_sid, parent_ctr->sacl, @@ -479,7 +479,7 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; -- cgit From b1f610ebb1ba1e6ae0f0e9fbbc703f6a4af68b67 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Oct 2003 01:38:46 +0000 Subject: split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1) --- source3/lib/util_seaccess.c | 129 -------------------------------------------- 1 file changed, 129 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 2482d582d2..cb0f46e2f9 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -23,22 +23,6 @@ extern DOM_SID global_sid_Builtin; -/********************************************************************************** - Check if this ACE has a SID in common with the token. -**********************************************************************************/ - -static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) -{ - size_t i; - - for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->trustee, &token->user_sids[i])) - return True; - } - - return False; -} - /********************************************************************************* Check an ACE against a SID. We return the remaining needed permission bits not yet granted. Zero means permission allowed (no more needed bits). @@ -332,119 +316,6 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, return False; } -/* Create a child security descriptor using another security descriptor as - the parent container. This child object can either be a container or - non-container object. */ - -SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, - BOOL child_container) -{ - SEC_DESC_BUF *sdb; - SEC_DESC *sd; - SEC_ACL *new_dacl, *the_acl; - SEC_ACE *new_ace_list = NULL; - unsigned int new_ace_list_ndx = 0, i; - size_t size; - - /* Currently we only process the dacl when creating the child. The - sacl should also be processed but this is left out as sacls are - not implemented in Samba at the moment.*/ - - the_acl = parent_ctr->dacl; - - if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces))) - return NULL; - - for (i = 0; the_acl && i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; - SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx]; - uint8 new_flags = 0; - BOOL inherit = False; - fstring sid_str; - - /* The OBJECT_INHERIT_ACE flag causes the ACE to be - inherited by non-container children objects. Container - children objects will inherit it as an INHERIT_ONLY - ACE. */ - - if (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) { - - if (!child_container) { - new_flags |= SEC_ACE_FLAG_OBJECT_INHERIT; - } else { - new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; - } - - inherit = True; - } - - /* The CONAINER_INHERIT_ACE flag means all child container - objects will inherit and use the ACE. */ - - if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { - if (!child_container) { - inherit = False; - } else { - new_flags |= SEC_ACE_FLAG_CONTAINER_INHERIT; - } - } - - /* The INHERIT_ONLY_ACE is not used by the se_access_check() - function for the parent container, but is inherited by - all child objects as a normal ACE. */ - - if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { - /* Move along, nothing to see here */ - } - - /* The SEC_ACE_FLAG_NO_PROPAGATE_INHERIT flag means the ACE - is inherited by child objects but not grandchildren - objects. We clear the object inherit and container - inherit flags in the inherited ACE. */ - - if (ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { - new_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT | - SEC_ACE_FLAG_CONTAINER_INHERIT); - } - - /* Add ACE to ACE list */ - - if (!inherit) - continue; - - init_sec_access(&new_ace->info, ace->info.mask); - init_sec_ace(new_ace, &ace->trustee, ace->type, - new_ace->info, new_flags); - - sid_to_string(sid_str, &ace->trustee); - - DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " - " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, - ace->type, ace->flags, ace->info.mask, - sid_str, new_ace->type, new_ace->flags, - new_ace->info.mask)); - - new_ace_list_ndx++; - } - - /* Create child security descriptor to return */ - - new_dacl = make_sec_acl(ctx, ACL_REVISION, new_ace_list_ndx, new_ace_list); - - /* Use the existing user and group sids. I don't think this is - correct. Perhaps the user and group should be passed in as - parameters by the caller? */ - - sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - parent_ctr->owner_sid, - parent_ctr->grp_sid, - parent_ctr->sacl, - new_dacl, &size); - - sdb = make_sec_desc_buf(ctx, size, sd); - - return sdb; -} /******************************************************************* samr_make_sam_obj_sd -- cgit From f35a9c5af6226b2292dbb49b9c20bf6b4d5f3bdc Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 31 Jan 2005 22:42:30 +0000 Subject: r5150: consolidate the samr_make.*obj_sd() functions to share code (This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a) --- source3/lib/util_seaccess.c | 39 --------------------------------------- 1 file changed, 39 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index cb0f46e2f9..b5a9010b5c 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -316,42 +316,3 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, return False; } - -/******************************************************************* - samr_make_sam_obj_sd - ********************************************************************/ - -NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) -{ - extern DOM_SID global_sid_World; - DOM_SID adm_sid; - DOM_SID act_sid; - - SEC_ACE ace[3]; - SEC_ACCESS mask; - - SEC_ACL *psa = NULL; - - sid_copy(&adm_sid, &global_sid_Builtin); - sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); - - sid_copy(&act_sid, &global_sid_Builtin); - sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); - - /*basic access for every one*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - - /*full access for builtin aliases Administrators and Account Operators*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - - if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) - return NT_STATUS_NO_MEMORY; - - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) - return NT_STATUS_NO_MEMORY; - - return NT_STATUS_OK; -} -- cgit From 5d1cb8e79edea9e8581d3c2c9dd297310cd9a98c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 23 Mar 2005 23:26:33 +0000 Subject: r6014: rather large change set.... pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221) --- source3/lib/util_seaccess.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index b5a9010b5c..cb0f46e2f9 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -316,3 +316,42 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, return False; } + +/******************************************************************* + samr_make_sam_obj_sd + ********************************************************************/ + +NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} -- cgit From 978ca8486031e43754a3c23757f361bf3a85f335 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 6 Apr 2005 16:28:04 +0000 Subject: r6225: get rid of warnings from my compiler about nested externs (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da) --- source3/lib/util_seaccess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index cb0f46e2f9..362504e46b 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -22,6 +22,8 @@ #include "includes.h" extern DOM_SID global_sid_Builtin; +extern DOM_SID global_sid_World; +extern NT_USER_TOKEN anonymous_token; /********************************************************************************* Check an ACE against a SID. We return the remaining needed permission @@ -214,7 +216,6 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { - extern NT_USER_TOKEN anonymous_token; size_t i; SEC_ACL *the_acl; fstring sid_str; @@ -323,7 +324,6 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) { - extern DOM_SID global_sid_World; DOM_SID adm_sid; DOM_SID act_sid; -- cgit From 83e11ba86c2401ece3c845fd10c22b84e6be7811 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 9 Apr 2005 11:46:40 +0000 Subject: r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9) --- source3/lib/util_seaccess.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 362504e46b..73fc45c844 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -21,8 +21,6 @@ #include "includes.h" -extern DOM_SID global_sid_Builtin; -extern DOM_SID global_sid_World; extern NT_USER_TOKEN anonymous_token; /********************************************************************************* -- cgit From 4db7642caa99c1b054322a8971c4b673556487ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Sep 2006 22:23:12 +0000 Subject: r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366) --- source3/lib/util_seaccess.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 73fc45c844..7d14ed896f 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -31,7 +31,7 @@ extern NT_USER_TOKEN anonymous_token; static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { - uint32 mask = ace->info.mask; + uint32 mask = ace->access_mask; /* * Inherit only is ignored. @@ -97,8 +97,8 @@ static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 size_t i; for ( i = 0 ; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; - uint32 mask = ace->info.mask; + SEC_ACE *ace = &the_acl->aces[i]; + uint32 mask = ace->access_mask; if (!token_sid_in_ace( token, ace)) continue; @@ -281,12 +281,12 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, } for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { - SEC_ACE *ace = &the_acl->ace[i]; + SEC_ACE *ace = &the_acl->aces[i]; DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, sid_to_string(sid_str, &ace->trustee), - (unsigned int) ace->info.mask, + (unsigned int) ace->access_mask, (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 7d14ed896f..4286c80897 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/util_seaccess.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 4286c80897..f725656085 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 0ebab65706e7e2ef82d8af81225db05a5f78b5c4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Oct 2007 21:41:17 +0000 Subject: r25534: Apply some const Why? It moves these structs from the data into the text segment, so they will never been copy-on-write copied. Not much, but as in German you say "Kleinvieh macht auch Mist...." (This used to be commit 0141e64ad4972232de867137064d0dae62da22ee) --- source3/lib/util_seaccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f725656085..8d49ea2c8b 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -146,7 +146,7 @@ static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 objects. Each type of object has its own mapping of generic to object specific access rights. */ -void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) +void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping) { uint32 old_mask = *access_mask; -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/util_seaccess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 8d49ea2c8b..ad05300079 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -87,7 +87,7 @@ static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_des include other bits requested. **********************************************************************************/ -static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted, +static bool get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted, uint32 desired, NTSTATUS *status) { @@ -209,7 +209,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, +bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { -- cgit From 900288a2b86abd247f9eb4cd15dc5617a17cfef1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:11:36 +0100 Subject: Replace sid_string_static by sid_string_dbg in DEBUGs (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09) --- source3/lib/util_seaccess.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index ad05300079..0481eea5f0 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -215,7 +215,6 @@ bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, { size_t i; SEC_ACL *the_acl; - fstring sid_str; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) @@ -227,9 +226,10 @@ bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access 0x%08x, for NT token with %u entries and first sid %s.\n", - (unsigned int)acc_desired, (unsigned int)token->num_sids, - sid_to_string(sid_str, &token->user_sids[0]))); + DEBUG(10,("se_access_check: requested access 0x%08x, for NT token " + "with %u entries and first sid %s.\n", + (unsigned int)acc_desired, (unsigned int)token->num_sids, + sid_string_dbg(&token->user_sids[0]))); /* * No security descriptor or security descriptor with no DACL @@ -247,11 +247,13 @@ bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, /* The user sid is the first in the token */ if (DEBUGLVL(3)) { - DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) )); + DEBUG(3, ("se_access_check: user sid is %s\n", + sid_string_dbg( + &token->user_sids[PRIMARY_USER_SID_INDEX]))); for (i = 1; i < token->num_sids; i++) { DEBUGADD(3, ("se_access_check: also %s\n", - sid_to_string(sid_str, &token->user_sids[i]))); + sid_string_dbg(&token->user_sids[i]))); } } @@ -282,11 +284,12 @@ bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { SEC_ACE *ace = &the_acl->aces[i]; - DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", - (unsigned int)i, ace->type, ace->flags, - sid_to_string(sid_str, &ace->trustee), - (unsigned int) ace->access_mask, - (unsigned int)tmp_acc_desired )); + DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = " + "0x%02x, SID = %s mask = %x, current desired " + "= %x\n", (unsigned int)i, ace->type, ace->flags, + sid_string_dbg(&ace->trustee), + (unsigned int) ace->access_mask, + (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); if (NT_STATUS_V(*status)) { -- cgit From 99b86e4a266b99634f6a65015f6df115c421d3e5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 20 Dec 2007 22:27:01 +0100 Subject: Some C++ fixes (This used to be commit 5c392c4c6e277a24d0d477902dc7856b2b46ee53) --- source3/lib/util_seaccess.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 0481eea5f0..87e70bb95b 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -350,7 +350,9 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, + psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; -- cgit