From 1a7283a8fa5a7d97abc5b10f3d73ce99a4a7b905 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 1 Dec 2004 05:22:24 +0000 Subject: r4025: added a sec_access_check() function for checking security descriptors against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d) --- source4/libcli/security/access_check.c | 162 +++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 source4/libcli/security/access_check.c (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c new file mode 100644 index 0000000000..d8809aebc6 --- /dev/null +++ b/source4/libcli/security/access_check.c @@ -0,0 +1,162 @@ +/* + Unix SMB/CIFS implementation. + + security access checking routines + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_security.h" + + +/* + check if a sid is in the supplied token +*/ +static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token) +{ + int i; + for (i=0;inum_sids;i++) { + if (dom_sid_equal(sid, token->user_sids[i])) { + return True; + } + } + return False; +} + + +/* + perform a SEC_FLAG_MAXIMUM_ALLOWED access check +*/ +static NTSTATUS access_check_max_allowed(struct security_descriptor *sd, + struct nt_user_token *token, + uint32_t *access_granted) +{ + uint32_t denied = 0, granted = 0; + int i; + + for (i = 0;idacl->num_aces; i++) { + struct security_ace *ace = &sd->dacl->aces[i]; + + if (!sid_active_in_token(&ace->trustee, token)) { + continue; + } + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + granted |= ace->access_mask; + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + denied |= ace->access_mask; + break; + } + } + + granted &= ~denied; + + if (granted == 0) { + return NT_STATUS_ACCESS_DENIED; + } + + *access_granted = granted; + + return NT_STATUS_OK; +} + +/* + the main entry point for access checking. +*/ +NTSTATUS sec_access_check(struct security_descriptor *sd, + struct nt_user_token *token, + uint32_t access_desired, + uint32_t *access_granted) +{ + int i; + uint32_t bits_remaining; + + bits_remaining = access_desired; + + /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */ + if (bits_remaining & (SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL)) { + if (sid_active_in_token(sd->owner_sid, token)) { + bits_remaining &= + ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + } + } + +#if 0 + /* this is where we should check for the "system security" privilege, once we + move to the full security_token and not just the nt_user_token */ + if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { + if (privilege_in_token(SE_PRIVILEGE_SYSTEM_SECURITY, token)) { + bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; + } else { + return NT_STATUS_ACCESS_DENIED; + } + } +#endif + + /* dacl not present allows access */ + if (!(sd->type & SEC_DESC_DACL_PRESENT)) { + *access_granted = access_desired; + return NT_STATUS_OK; + } + + /* empty dacl denies access */ + if (sd->dacl == NULL || sd->dacl->num_aces == 0) { + return NT_STATUS_ACCESS_DENIED; + } + + /* handle the maximum allowed case separately */ + if (access_desired == SEC_FLAG_MAXIMUM_ALLOWED) { + return access_check_max_allowed(sd, token, access_granted); + } + + /* check each ace in turn. */ + for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) { + struct security_ace *ace = &sd->dacl->aces[i]; + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + + if (!sid_active_in_token(&ace->trustee, token)) { + continue; + } + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + bits_remaining &= ~ace->access_mask; + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + if (bits_remaining & ace->access_mask) { + return NT_STATUS_ACCESS_DENIED; + } + break; + } + } + + if (bits_remaining != 0) { + return NT_STATUS_ACCESS_DENIED; + } + + *access_granted = access_desired; + + return NT_STATUS_OK; +} -- cgit From 4075e28a4f87993858e630012cffe96e49ff6717 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Dec 2004 13:04:10 +0000 Subject: r4056: modified the access check code based on results from RAW-ACLS test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc) --- source4/libcli/security/access_check.c | 45 ++++++++++++++-------------------- 1 file changed, 19 insertions(+), 26 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index d8809aebc6..7e70736d09 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -42,13 +42,16 @@ static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ -static NTSTATUS access_check_max_allowed(struct security_descriptor *sd, - struct nt_user_token *token, - uint32_t *access_granted) +static uint32_t access_check_max_allowed(struct security_descriptor *sd, + struct nt_user_token *token) { uint32_t denied = 0, granted = 0; - int i; + unsigned i; + if (sid_active_in_token(sd->owner_sid, token)) { + granted |= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + } + for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; @@ -67,15 +70,7 @@ static NTSTATUS access_check_max_allowed(struct security_descriptor *sd, } } - granted &= ~denied; - - if (granted == 0) { - return NT_STATUS_ACCESS_DENIED; - } - - *access_granted = granted; - - return NT_STATUS_OK; + return granted & ~denied; } /* @@ -89,16 +84,15 @@ NTSTATUS sec_access_check(struct security_descriptor *sd, int i; uint32_t bits_remaining; - bits_remaining = access_desired; - - /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */ - if (bits_remaining & (SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL)) { - if (sid_active_in_token(sd->owner_sid, token)) { - bits_remaining &= - ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); - } + /* handle the maximum allowed flag */ + if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { + access_desired |= access_check_max_allowed(sd, token); + access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; } + *access_granted = access_desired; + bits_remaining = access_desired; + #if 0 /* this is where we should check for the "system security" privilege, once we move to the full security_token and not just the nt_user_token */ @@ -122,9 +116,10 @@ NTSTATUS sec_access_check(struct security_descriptor *sd, return NT_STATUS_ACCESS_DENIED; } - /* handle the maximum allowed case separately */ - if (access_desired == SEC_FLAG_MAXIMUM_ALLOWED) { - return access_check_max_allowed(sd, token, access_granted); + /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && + sid_active_in_token(sd->owner_sid, token)) { + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); } /* check each ace in turn. */ @@ -156,7 +151,5 @@ NTSTATUS sec_access_check(struct security_descriptor *sd, return NT_STATUS_ACCESS_DENIED; } - *access_granted = access_desired; - return NT_STATUS_OK; } -- cgit From 4127edc1afd702ac3bcb77893ba864eb98729451 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 4 Dec 2004 12:42:40 +0000 Subject: r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160) --- source4/libcli/security/access_check.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 7e70736d09..425a5c2b6d 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -49,8 +49,9 @@ static uint32_t access_check_max_allowed(struct security_descriptor *sd, unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; } + granted |= SEC_STD_DELETE; for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; @@ -84,15 +85,17 @@ NTSTATUS sec_access_check(struct security_descriptor *sd, int i; uint32_t bits_remaining; + *access_granted = access_desired; + bits_remaining = access_desired; + /* handle the maximum allowed flag */ if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { access_desired |= access_check_max_allowed(sd, token); access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; + *access_granted = access_desired; + bits_remaining = access_desired & ~SEC_STD_DELETE; } - *access_granted = access_desired; - bits_remaining = access_desired; - #if 0 /* this is where we should check for the "system security" privilege, once we move to the full security_token and not just the nt_user_token */ -- cgit From 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 05:41:19 +0000 Subject: r4147: converted from NT_USER_TOKEN to struct security_token this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a) --- source4/libcli/security/access_check.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 425a5c2b6d..c646ee693b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -27,11 +27,12 @@ /* check if a sid is in the supplied token */ -static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token) +static BOOL sid_active_in_token(const struct dom_sid *sid, + const struct security_token *token) { int i; for (i=0;inum_sids;i++) { - if (dom_sid_equal(sid, token->user_sids[i])) { + if (dom_sid_equal(sid, token->sids[i])) { return True; } } @@ -42,16 +43,15 @@ static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ -static uint32_t access_check_max_allowed(struct security_descriptor *sd, - struct nt_user_token *token) +static uint32_t access_check_max_allowed(const struct security_descriptor *sd, + const struct security_token *token) { uint32_t denied = 0, granted = 0; unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; } - granted |= SEC_STD_DELETE; for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; @@ -77,8 +77,8 @@ static uint32_t access_check_max_allowed(struct security_descriptor *sd, /* the main entry point for access checking. */ -NTSTATUS sec_access_check(struct security_descriptor *sd, - struct nt_user_token *token, +NTSTATUS sec_access_check(const struct security_descriptor *sd, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted) { -- cgit From 02a9aa08923e348af2cda9829b64a5f98282164d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 12:01:20 +0000 Subject: r4150: - add fns for manipulating the privilege_mask in a security_token - add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4) --- source4/libcli/security/access_check.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index c646ee693b..4c8bb1bd1f 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -50,7 +50,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; + } + if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { + granted |= SEC_STD_DELETE; } for (i = 0;idacl->num_aces; i++) { @@ -96,17 +99,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, bits_remaining = access_desired & ~SEC_STD_DELETE; } -#if 0 - /* this is where we should check for the "system security" privilege, once we - move to the full security_token and not just the nt_user_token */ if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (privilege_in_token(SE_PRIVILEGE_SYSTEM_SECURITY, token)) { + if (sec_privilege_check(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_ACCESS_DENIED; } } -#endif /* dacl not present allows access */ if (!(sd->type & SEC_DESC_DACL_PRESENT)) { @@ -124,6 +123,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, sid_active_in_token(sd->owner_sid, token)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); } + if ((bits_remaining & SEC_STD_DELETE) && + sec_privilege_check(token, SEC_PRIV_RESTORE)) { + bits_remaining &= ~SEC_STD_DELETE; + } /* check each ace in turn. */ for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) { -- cgit From 8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 02:27:16 +0000 Subject: r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic (This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99) --- source4/libcli/security/access_check.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 4c8bb1bd1f..c8a546682a 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + if (!sid_active_in_token(&ace->trustee, token)) { continue; } -- cgit From b5b1c52a9850de18e756cdd073cf5f44f26882fe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 30 Dec 2004 20:34:20 +0000 Subject: r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40) --- source4/libcli/security/access_check.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index c8a546682a..55749f085e 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,7 +21,7 @@ */ #include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" /* -- cgit From a696713b43a0da1d9a224201d0803f5d4d7e2a99 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 31 Dec 2004 03:55:37 +0000 Subject: r4429: the owner of a file always gets SEC_STD_DELETE (This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd) --- source4/libcli/security/access_check.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 55749f085e..632b9bdf32 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -50,9 +50,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; - } - if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; + } else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { granted |= SEC_STD_DELETE; } @@ -122,10 +121,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, return NT_STATUS_ACCESS_DENIED; } - /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */ - if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && + /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && sid_active_in_token(sd->owner_sid, token)) { - bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } if ((bits_remaining & SEC_STD_DELETE) && sec_privilege_check(token, SEC_PRIV_RESTORE)) { -- cgit From 3be75a4c6d4b9d86f1b85c75fb2f41c6c0eeec94 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 Aug 2005 13:12:45 +0000 Subject: r9240: - move struct security_token to the idl file, with this we can the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4) --- source4/libcli/security/access_check.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 632b9bdf32..c10751abce 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,7 +21,7 @@ */ #include "includes.h" -#include "libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" /* -- cgit From f642fd96d0b196e7bb71bb73ffbefac32786d25f Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 12 Sep 2005 21:40:40 +0000 Subject: r10185: Fix another two sets of unhandled enumeration warnings, plus correct some awful indentation. (-: (This used to be commit 2f24fc7a7a195c04f88a25d52efc02ddf491126c) --- source4/libcli/security/access_check.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index c10751abce..0ffca1ade8 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -67,13 +67,15 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, } switch (ace->type) { - case SEC_ACE_TYPE_ACCESS_ALLOWED: - granted |= ace->access_mask; - break; - case SEC_ACE_TYPE_ACCESS_DENIED: - case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: - denied |= ace->access_mask; - break; + case SEC_ACE_TYPE_ACCESS_ALLOWED: + granted |= ace->access_mask; + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + denied |= ace->access_mask; + break; + default: /* Other ACE types not handled/supported */ + break; } } @@ -153,6 +155,8 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, return NT_STATUS_ACCESS_DENIED; } break; + default: /* Other ACE types not handled/supported */ + break; } } -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/libcli/security/access_check.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 0ffca1ade8..00275d8824 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,7 +21,6 @@ */ #include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" /* -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/libcli/security/access_check.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 00275d8824..9d565363e6 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "libcli/security/proto.h" /* -- cgit From 35349a58df5b69446607fbd742a05f57f3515319 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 18 Mar 2006 15:42:57 +0000 Subject: r14542: Remove librpc, libndr and libnbt from includes.h (This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f) --- source4/libcli/security/access_check.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 9d565363e6..1617963998 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/security.h" #include "libcli/security/proto.h" -- cgit From 1af925f394b1084779f5b1b5a10c2ec512d7e5be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 2 Apr 2006 12:02:01 +0000 Subject: r14860: create libcli/security/security.h metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf) --- source4/libcli/security/access_check.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 1617963998..cd877db9c5 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -21,8 +21,7 @@ */ #include "includes.h" -#include "librpc/gen_ndr/security.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" /* -- cgit From 1ac990ddcf8501ce551c87e70cb3722ae9f4f34b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 3 Apr 2006 15:18:12 +0000 Subject: r14894: - add some 'const' - remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5) --- source4/libcli/security/access_check.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index cd877db9c5..f0a46cc23d 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -24,22 +24,6 @@ #include "libcli/security/security.h" -/* - check if a sid is in the supplied token -*/ -static BOOL sid_active_in_token(const struct dom_sid *sid, - const struct security_token *token) -{ - int i; - for (i=0;inum_sids;i++) { - if (dom_sid_equal(sid, token->sids[i])) { - return True; - } - } - return False; -} - - /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ @@ -49,9 +33,9 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, uint32_t denied = 0, granted = 0; unsigned i; - if (sid_active_in_token(sd->owner_sid, token)) { + if (security_token_has_sid(token, sd->owner_sid)) { granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; - } else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { + } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { granted |= SEC_STD_DELETE; } @@ -62,7 +46,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, continue; } - if (!sid_active_in_token(&ace->trustee, token)) { + if (!security_token_has_sid(token, &ace->trustee)) { continue; } @@ -105,7 +89,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, } if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (sec_privilege_check(token, SEC_PRIV_SECURITY)) { + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_ACCESS_DENIED; @@ -125,11 +109,11 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && - sid_active_in_token(sd->owner_sid, token)) { + security_token_has_sid(token, sd->owner_sid)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } if ((bits_remaining & SEC_STD_DELETE) && - sec_privilege_check(token, SEC_PRIV_RESTORE)) { + security_token_has_privilege(token, SEC_PRIV_RESTORE)) { bits_remaining &= ~SEC_STD_DELETE; } @@ -141,7 +125,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, continue; } - if (!sid_active_in_token(&ace->trustee, token)) { + if (!security_token_has_sid(token, &ace->trustee)) { continue; } -- cgit From 3f9628ac7c613def7dcce740e88964638b4b6102 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Apr 2006 13:53:27 +0000 Subject: r15079: w2k3 returns NT_STATUS_PRIVILEGE_NOT_HELD if SEC_FLAG_SYSTEM_SECURITY is desired but SeSecurityPrivilege isn't granted metze (This used to be commit be7285bdebd58e7a86fcc64f7b22b9f533bcc4f5) --- source4/libcli/security/access_check.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index f0a46cc23d..ea63369303 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -92,7 +92,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_PRIVILEGE_NOT_HELD; } } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/libcli/security/access_check.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index ea63369303..e2ede05545 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit