[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Sep 27 03:38:02 UTC 2023
The branch, master has been updated
via c8b90d8d200 librpc: Fix typos in error messages
via 464d86cac56 pidl: Use INT_MAX as enum constant for portability
via acc614f28a3 librpc: Use portable format specifiers
via 267464f6c6d librpc/ndr: Use portable format specifiers
via fb39bb1953e pidl: Use portable format specifiers
via ce43dd0571d ndr: Display values for failed range checks
via 0078a330dc3 testdata: Mark compression test data as binary
via 4839adf9da1 s4:auth: Add functions to convert between different claims formats
via 58aa8d99c4f s4:auth: Include missing headers
via 5e164cc2d66 s4:kdc: Move encode_claims_set() into the auth_session subsystem
via ab227bbe8e4 s4:auth: Fix ‘user_info_dc_out’ leak
via 0a9f2486420 s4:auth: Return a talloc‐allocated resource groups structure
via 219ee05d6e6 s4:auth: Introduce helper variable ‘resource_groups_in’
via 842f845c8ac s4:auth: Make returning resource groups the last thing we do
via a2700cf685f s4:torture: Initialize ‘tm’ structure
via 9bd9b9bfd95 s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
via bdf0e1be35a s4:kdc: Initialize ‘tm’ structure
via 8ce4e3729f0 s3:smbd: Initialize ‘tm’ structure
via c278a1d3e1c s3:rpc_server: Initialize ‘tm’ structure
via 67f3fead5fe s3:passdb: Initialize ‘tm’ structure
via 955fd832534 s3:modules: Initialize ‘tm’ structure
via 31c7d7cfb32 s3:lib: Initialize ‘tm’ structure
via 2f6083f59f0 lib:audit_logging: Initialize ‘tm’ structure
via 58bd2f525b0 lib/krb5_wrap: Simplify assignments
via 0bd7863ec0f lib/krb5_wrap: Make use of smb_krb5_make_data()
via 48969305595 libcli/security: Test hex‐escapes that should be literals
via c755bbd6bc6 libcli/security: Fix code formatting
via ac34f48ab1a libcli/security: Use ACL revision constants
via 37ed208701b libcli/security: Refer to UTF‐16 code units rather than to codepoints
via a064e2f2589 libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP
via 8d4f60c8449 libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL
via 55e198fc6d1 libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR
via e1a45ec341e libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END
via 21f765c1b97 libcli/security: Remove unused macro
via 37a32d3b40a python:tests: Remove unused import
via c94db7d2e83 s4:auth: Correct error message
via dc731603811 s4:torture: Use SID constants
via 8b496331b9e s4:rpc_server: Use Builtin SID constant
via 4bef3fd7e98 s4:ntvfs: Use World and System SID constants
via 4405e709c05 s4:dsdb: Use Builtin SID constant
via e6bb3a347f0 s4:auth: Use Anonymous and System SID constants
via b1b7d33bd50 s4:kdc: Use Compounded Authentication and Claims Valid SID constants
via 56def24b4c0 libcli:security: Add Compounded Authentication and Claims Valid SID constants
via 89985f6fec2 s4:kdc: Use Asserted Identity SID constants
via dcca6bba2aa s4:dsdb: Use NULL SID constant
via 214f6c64621 libcli:security: Correct Asserted Identity SID definitions
via 2782df62ad5 libcli:security: Use SELF SID constant
via cdbb5ab7d0f libcli:security: Add SELF SID constant
via 26ff87dcfea python:tests: Fix invalid escape sequences
via c0795c807a0 tests/krb5: Match filter after transforming test name
via 9cb3beee75c libcli/security: Emit error message if program is too large
via f035985dbd2 libcli/security: Add function to convert token claims to security attribute claims
via a4010c9b65f libcli/security: Add some missing declarations
via 48606c8aedd libcli/security: Const‐qualify function parameters
via f5568a0a5e5 libcli/security: Remove bool_value member
via 40c5ed60baa libcli/security: Use correct union member
via c9aab312b7f libcli/security: Add header guard
from 3b6c1f1a9c4 libcli/security: condtional ACE recursive composites are not supported
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c8b90d8d2003f2c27431874ac76bbc7f18bb7abf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 4 15:08:53 2021 +1200
librpc: Fix typos in error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 27 03:38:00 UTC 2023 on atb-devel-224
commit 464d86cac5656c227b7cc1047f3f4b0d27340dea
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Apr 23 16:37:01 2021 +1200
pidl: Use INT_MAX as enum constant for portability
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit acc614f28a39315a3d304919187dae2372fe60f9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 11 10:29:31 2021 +1200
librpc: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 267464f6c6dcc13e9bb94339bb1b953865e3ee43
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 11 10:28:07 2021 +1200
librpc/ndr: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fb39bb1953ea2ca212baf4fa0cd5f3fc99bafb2d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 11 10:27:33 2021 +1200
pidl: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ce43dd0571d0ae5703fb82f936a41566d3972a8e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 4 14:09:44 2021 +1200
ndr: Display values for failed range checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0078a330dc3a6fce104bd7bf40d66af822f01900
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 22 12:16:06 2023 +1200
testdata: Mark compression test data as binary
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4839adf9da134d83cd6c6a6dcbe48c6c525ac619
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 15:13:20 2023 +1200
s4:auth: Add functions to convert between different claims formats
The new ‘claims_data’ structure can store claims in three different
representations — as an encoded blob, as a CLAIMS_SET structure, or as a
series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of
claims, the accompanying functions provide a way to convert them into
the desired format.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 58aa8d99c4f33b26d0bcb809d0cae1de1435219a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 15:14:55 2023 +1200
s4:auth: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5e164cc2d662c0d7c13ae2d588f79c394f671b39
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 14:48:02 2023 +1200
s4:kdc: Move encode_claims_set() into the auth_session subsystem
Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ab227bbe8e4b344bb54c5fc656d2835ef1c03c83
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 14:21:55 2023 +1200
s4:auth: Fix ‘user_info_dc_out’ leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0a9f2486420532410584a0d13f9cc605af1cd3da
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 14:20:29 2023 +1200
s4:auth: Return a talloc‐allocated resource groups structure
Future callers will rely on resource_groups_out being talloc‐allocated.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 219ee05d6e63c0c02ea4a54affbd30ce558ea033
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 14:15:06 2023 +1200
s4:auth: Introduce helper variable ‘resource_groups_in’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 842f845c8acc2252abe32b04493aa56edd8f66a9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 14:13:36 2023 +1200
s4:auth: Make returning resource groups the last thing we do
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a2700cf685f03d310de3c4d1f10611e8b8b2c107
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:34:42 2023 +1200
s4:torture: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9bd9b9bfd9548db54c02aa321b6c8328a3f3080e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 07:32:30 2023 +1200
s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
strptime() will fail to parse the LDAP ‘whenCreated’ time string,
because the format string is wrong: it will expect to get a time like
“20230920043849Z”, but the time string seems to be actually formatted
“20230920043849.0Z” — like a GeneralizedTime.
Fix this by delegating to ldb_val_to_time().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bdf0e1be35aef0f14a8e2988a5918e8d8d52da0a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 07:40:41 2023 +1200
s4:kdc: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8ce4e3729f08a0f5ed3439185bd756f4a080243f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:05:43 2023 +1200
s3:smbd: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c278a1d3e1c80d4b5b39b09d6a742601b9534f2b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:05:34 2023 +1200
s3:rpc_server: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 67f3fead5fe591887068cd63002d1a0b4dd8dcfa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:05:21 2023 +1200
s3:passdb: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 955fd832534f0137d742b8888b293edfc3d8a247
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:05:09 2023 +1200
s3:modules: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 31c7d7cfb326faae949cb94263a9c3166352bf79
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:04:58 2023 +1200
s3:lib: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2f6083f59f0045c5c982e8e047d2ef81dbb8f01b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 17:04:00 2023 +1200
lib:audit_logging: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 58bd2f525b020536573327af1f3a5adebd9f0e81
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 16:20:47 2023 +1200
lib/krb5_wrap: Simplify assignments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0bd7863ec0ff3bdec7401c303036e25d8d0fe116
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 16:02:04 2023 +1200
lib/krb5_wrap: Make use of smb_krb5_make_data()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 489693055950f083ecdac19f4e41d2f913b8746b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 15:01:26 2023 +1200
libcli/security: Test hex‐escapes that should be literals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c755bbd6bc6afe0ea97ca7f92fcd55e7a59d82a4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 15:00:38 2023 +1200
libcli/security: Fix code formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ac34f48ab1ae63e25013ed54ec574d72bf6f7d5b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 15:00:10 2023 +1200
libcli/security: Use ACL revision constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 37ed208701bb80c65fbf1acfb26292a8780e51ec
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 14:55:34 2023 +1200
libcli/security: Refer to UTF‐16 code units rather than to codepoints
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a064e2f25899b446e4d31bed8e0c7b553713f7ae
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 14:42:26 2023 +1200
libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8d4f60c844987a3da611f0e0eb161d71238ce7b2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 14:41:46 2023 +1200
libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 55e198fc6d1fb4ae2b1e706a2da0aa7353d4a38b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 14:41:17 2023 +1200
libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e1a45ec341e7d304698d04ed0bf4cb126b586945
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 20 14:40:30 2023 +1200
libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 21f765c1b97fdebb9342d74d2089d7bdabf3a393
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 19 14:28:13 2023 +1200
libcli/security: Remove unused macro
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 37a32d3b40ae375c975c85ae9c1af206b22a1ca9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 19 10:14:29 2023 +1200
python:tests: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c94db7d2e8327f8739b91c64adb4f7b884bfd467
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:52:16 2023 +1200
s4:auth: Correct error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dc73160381187cc61ee58298834f62283ba0fc5c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:28:44 2023 +1200
s4:torture: Use SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b496331b9ee5d8b16b9e1c301e2dd78f9489277
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:28:22 2023 +1200
s4:rpc_server: Use Builtin SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4bef3fd7e98697e2ba354dfb19dbf098f2570f8b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:28:00 2023 +1200
s4:ntvfs: Use World and System SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4405e709c052f699e9469b68758abef5779604bb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:27:09 2023 +1200
s4:dsdb: Use Builtin SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e6bb3a347f06720b1ad9322bf5d590ea360a1609
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 15:26:41 2023 +1200
s4:auth: Use Anonymous and System SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b1b7d33bd503a74764efc92092abb43fd00b5f20
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:27:38 2023 +1200
s4:kdc: Use Compounded Authentication and Claims Valid SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 56def24b4c0b2e594be85e81ba8d2c6a1cfe47e7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:27:14 2023 +1200
libcli:security: Add Compounded Authentication and Claims Valid SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 89985f6fec27518c035c20430b289a45c5462867
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:15:05 2023 +1200
s4:kdc: Use Asserted Identity SID constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dcca6bba2aa3474d446f3b14d18629c61d791fad
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:14:38 2023 +1200
s4:dsdb: Use NULL SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 214f6c646214420d0f5f5d4825f4cfa0caec7120
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 18 14:56:12 2023 +1200
libcli:security: Correct Asserted Identity SID definitions
These definitions were the wrong way round.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2782df62ad5259a173ace46c3dcf9cc1dbc3e8c2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:13:47 2023 +1200
libcli:security: Use SELF SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cdbb5ab7d0f8496d67c1275d1ec459230a8fa7da
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 14:13:09 2023 +1200
libcli:security: Add SELF SID constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 26ff87dcfeaf5a2aff5f28c0aa5d99437c79a68c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 11 11:59:34 2023 +1200
python:tests: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c0795c807a06c8213e4836f36e6c8d7a41b677f4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 18 11:48:03 2023 +1200
tests/krb5: Match filter after transforming test name
If you just want to rerun a single test that failed, this removes the
need to successfully guess its untransformed name.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9cb3beee75c5290022f1955d287a2353cfb7732e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 2 14:15:09 2023 +1200
libcli/security: Emit error message if program is too large
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f035985dbd203764dd32b5db3f956a702f585687
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 15:16:20 2023 +1200
libcli/security: Add function to convert token claims to security attribute claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a4010c9b65fa6e4cadf7ed256112d8ce2b652b2b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Jul 20 15:46:33 2023 +1200
libcli/security: Add some missing declarations
so that users of this header file don’t have to declare them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 48606c8aedddd61dba74e6ca67e998f1574324dc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Jul 20 15:44:49 2023 +1200
libcli/security: Const‐qualify function parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f5568a0a5e56f42b779af07a0db5033b6bbc42c3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 15:44:04 2023 +1200
libcli/security: Remove bool_value member
‘bool_value’ has the same type as ‘uint_value’. Removing the former
avoids our having more duplicate code than is strictly necessary.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40c5ed60baa034e173342a1c78b6c8252563430b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 15:46:55 2023 +1200
libcli/security: Use correct union member
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c9aab312b7ff07448a61d9615129d14e687df3e7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Jul 20 15:45:35 2023 +1200
libcli/security: Add header guard
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitattributes | 5 +
lib/audit_logging/tests/audit_logging_test.c | 2 +-
lib/krb5_wrap/krb5_samba.c | 10 +-
libcli/nbt/nbtname.c | 2 +-
libcli/security/access_check.c | 5 +-
libcli/security/claims-conversions.c | 255 ++++++++++++++++-
libcli/security/claims-conversions.h | 21 +-
libcli/security/conditional_ace.c | 4 +
libcli/security/dom_sid.h | 3 +
libcli/security/sddl_conditional_ace.c | 22 +-
libcli/security/secace.c | 2 -
libcli/security/tests/test_run_conditional_ace.c | 2 +-
libcli/security/tests/test_sddl_conditional_ace.c | 8 +-
libcli/security/util_sid.c | 13 +-
librpc/idl/security.idl | 2 +-
librpc/ndr/ndr.c | 106 +++----
librpc/ndr/ndr_basic.c | 66 ++---
librpc/ndr/ndr_cab.c | 2 +-
librpc/ndr/ndr_compression.c | 48 ++--
librpc/ndr/ndr_dns.c | 2 +-
librpc/ndr/ndr_dns_utils.c | 8 +-
librpc/ndr/ndr_dnsp.c | 2 +-
librpc/ndr/ndr_drsblobs.c | 2 +-
librpc/ndr/ndr_drsuapi.c | 6 +-
librpc/ndr/ndr_misc.c | 4 +-
librpc/ndr/ndr_nbt.c | 2 +-
librpc/ndr/ndr_sec_helper.c | 8 +-
librpc/ndr/ndr_string.c | 32 +--
librpc/ndr/ndr_xattr.c | 10 +-
librpc/ndr/uuid.c | 2 +-
librpc/rpc/binding.c | 16 +-
librpc/rpc/dcerpc_util.c | 54 ++--
librpc/rpc/dcesrv_core.c | 4 +-
librpc/tools/ndrdump.c | 38 +--
pidl/lib/Parse/Pidl/Samba4/Header.pm | 2 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 44 ++-
pidl/lib/Parse/Pidl/Typelist.pm | 22 +-
python/samba/tests/__init__.py | 1 -
python/samba/tests/dns_forwarder_helpers/server.py | 2 +-
python/samba/tests/krb5/claims_tests.py | 4 +-
python/samba/tests/krb5/device_tests.py | 2 +-
python/samba/tests/krb5/group_tests.py | 2 +-
.../samba/tests/samba_tool/user_virtualCryptSHA.py | 2 +-
.../tests/samba_tool/user_virtualCryptSHA_base.py | 2 +-
source3/lib/util_path.c | 2 +-
source3/modules/vfs_btrfs.c | 2 +-
source3/passdb/pdb_ldap.c | 2 +-
source3/rpc_server/mdssvc/es_parser.y | 2 +-
source3/rpc_server/mdssvc/sparql_parser.y | 2 +-
source3/smbd/smb2_query_directory.c | 2 +-
source4/auth/kerberos/kerberos_pac.c | 46 +--
source4/auth/session.c | 314 +++++++++++++++++++--
source4/auth/session.h | 64 +++++
source4/dsdb/common/tests/dsdb.c | 6 +-
source4/dsdb/samdb/cracknames.c | 2 +-
source4/dsdb/samdb/ldb_modules/descriptor.c | 2 +-
source4/kdc/ad_claims.c | 60 +---
source4/kdc/db-glue.c | 17 +-
source4/kdc/pac-glue.c | 29 +-
source4/ntvfs/posix/pvfs_acl.c | 4 +-
source4/rpc_server/samr/dcesrv_samr.c | 2 +-
source4/torture/basic/base.c | 2 +-
source4/torture/raw/acls.c | 8 +-
source4/torture/raw/streams.c | 2 +-
64 files changed, 1000 insertions(+), 421 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitattributes b/.gitattributes
index 75561351b8a..9530d88a70e 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,7 @@
*.dump binary
*.SAMBABACKUP binary
+testdata/compression/compressed-huffman/** binary
+testdata/compression/compressed-more-huffman/** binary
+testdata/compression/compressed-more-plain/** binary
+testdata/compression/compressed-plain/** binary
+testdata/compression/decompressed/** binary
diff --git a/lib/audit_logging/tests/audit_logging_test.c b/lib/audit_logging/tests/audit_logging_test.c
index d41f9517c47..09238823399 100644
--- a/lib/audit_logging/tests/audit_logging_test.c
+++ b/lib/audit_logging/tests/audit_logging_test.c
@@ -830,7 +830,7 @@ static void test_audit_get_timestamp(_UNUSED_ void **state)
{
const char *t = NULL;
char *c;
- struct tm tm;
+ struct tm tm = {};
time_t before;
time_t after;
time_t actual;
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index a1884853c61..1d19e477743 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -261,13 +261,10 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
errpkt.text.length = 0;
if (e_text != NULL) {
- errpkt.text.length = strlen(e_text);
- errpkt.text.data = discard_const_p(char, e_text);
+ errpkt.text = smb_krb5_make_data(discard_const_p(char, e_text), strlen(e_text));
}
- errpkt.e_data.magic = KV5M_DATA;
- errpkt.e_data.length = 0;
- errpkt.e_data.data = NULL;
+ errpkt.e_data = smb_krb5_make_data(NULL, 0);
if (e_data != NULL) {
errpkt.e_data = *e_data;
}
@@ -429,8 +426,7 @@ int smb_krb5_get_pw_salt(krb5_context context,
return ret;
}
- psalt->data = salt.saltvalue.data;
- psalt->length = salt.saltvalue.length;
+ *psalt = salt.saltvalue;
return ret;
}
diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c
index c4f2524021f..1881e463635 100644
--- a/libcli/nbt/nbtname.c
+++ b/libcli/nbt/nbtname.c
@@ -339,7 +339,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr
NDR_CHECK(ndr_pull_align(ndr, 4));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &namebuf_len));
if (namebuf_len < 1 || namebuf_len > 255) {
- return ndr_pull_error(ndr, NDR_ERR_ALLOC, "value out of range");
+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "value (%"PRIu32") out of range (1 - 255)", namebuf_len);
}
NDR_PULL_ALLOC_N(ndr, namebuf, namebuf_len);
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, namebuf, namebuf_len));
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index a974edf8137..e3dfe3df49c 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -726,9 +726,6 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
{
uint32_t i;
uint32_t bits_remaining;
- struct dom_sid self_sid;
-
- dom_sid_parse(SID_NT_SELF, &self_sid);
*access_granted = access_desired;
bits_remaining = access_desired;
@@ -789,7 +786,7 @@ NTSTATUS sec_access_check_ds_implicit_owner(const struct security_descriptor *sd
continue;
}
- if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) {
+ if (dom_sid_equal(&ace->trustee, &global_sid_Self) && replace_sid) {
trustee = replace_sid;
} else {
trustee = &ace->trustee;
diff --git a/libcli/security/claims-conversions.c b/libcli/security/claims-conversions.c
index 23f7c50524e..2239b737bc2 100644
--- a/libcli/security/claims-conversions.c
+++ b/libcli/security/claims-conversions.c
@@ -27,6 +27,7 @@
#include "lib/util/bytearray.h"
#include "librpc/gen_ndr/conditional_ace.h"
+#include "librpc/gen_ndr/claims.h"
/*
* We support three formats for claims, all slightly different.
@@ -195,7 +196,7 @@ static bool claim_v1_bool_to_ace_int(
size_t offset,
struct ace_condition_token *result)
{
- int64_t v = *claim->values[offset].int_value;
+ uint64_t v = *claim->values[offset].uint_value;
result->type = CONDITIONAL_ACE_TOKEN_INT64;
result->data.int64.base = CONDITIONAL_ACE_INT_BASE_10;
result->data.int64.sign = CONDITIONAL_ACE_INT_SIGN_NONE;
@@ -313,7 +314,7 @@ bool claim_v1_to_ace_token(TALLOC_CTX *mem_ctx,
static bool ace_int_to_claim_v1_int(TALLOC_CTX *mem_ctx,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
size_t offset)
{
@@ -328,7 +329,7 @@ static bool ace_int_to_claim_v1_int(TALLOC_CTX *mem_ctx,
static bool ace_string_to_claim_v1_string(TALLOC_CTX *mem_ctx,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
size_t offset)
{
@@ -344,7 +345,7 @@ static bool ace_string_to_claim_v1_string(TALLOC_CTX *mem_ctx,
static bool ace_sid_to_claim_v1_sid(TALLOC_CTX *mem_ctx,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
size_t offset)
{
@@ -368,7 +369,7 @@ static bool ace_sid_to_claim_v1_sid(TALLOC_CTX *mem_ctx,
static bool ace_octet_string_to_claim_v1_octet_string(
TALLOC_CTX *mem_ctx,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
size_t offset)
{
@@ -391,7 +392,7 @@ static bool ace_octet_string_to_claim_v1_octet_string(
static bool ace_token_to_claim_v1_offset(TALLOC_CTX *mem_ctx,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
size_t offset)
{
@@ -427,7 +428,7 @@ static bool ace_token_to_claim_v1_offset(TALLOC_CTX *mem_ctx,
bool ace_token_to_claim_v1(TALLOC_CTX *mem_ctx,
const char *name,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **claim,
uint32_t flags)
{
@@ -591,7 +592,7 @@ bool ace_token_to_claim_v1(TALLOC_CTX *mem_ctx,
static bool claim_v1_copy(
TALLOC_CTX *mem_ctx,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *dest,
- struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *src)
+ const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *src)
{
DATA_BLOB blob = {0};
enum ndr_err_code ndr_err;
@@ -626,7 +627,7 @@ static bool claim_v1_copy(
bool add_claim_to_token(TALLOC_CTX *mem_ctx,
struct security_token *token,
- struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
+ const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
const char *claim_type)
{
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *tmp = NULL;
@@ -665,3 +666,239 @@ bool add_claim_to_token(TALLOC_CTX *mem_ctx,
*list = tmp;
return true;
}
+
+NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
+ const struct CLAIMS_SET *claims_set,
+ struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **out_claims,
+ uint32_t *out_n_claims)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claims = NULL;
+ uint32_t n_claims = 0;
+ uint32_t i;
+
+ if (out_claims == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (out_n_claims == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ *out_claims = NULL;
+ *out_n_claims = 0;
+
+ if (claims_set == NULL) {
+ return NT_STATUS_OK;
+ }
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < claims_set->claims_array_count; ++i) {
+ const struct CLAIMS_ARRAY *claims_array = &claims_set->claims_arrays[i];
+ uint32_t j;
+
+ switch (claims_array->claims_source_type) {
+ case CLAIMS_SOURCE_TYPE_AD:
+ case CLAIMS_SOURCE_TYPE_CERTIFICATE:
+ break;
+ default:
+ /* Ignore any claims of a type we don’t recognize. */
+ continue;
+ }
+
+ for (j = 0; j < claims_array->claims_count; ++j) {
+ const struct CLAIM_ENTRY *claim_entry = &claims_array->claim_entries[j];
+ const char *name = NULL;
+ union claim_values *claim_values = NULL;
+ uint32_t n_values;
+ enum security_claim_value_type value_type;
+
+ switch (claim_entry->type) {
+ case CLAIM_TYPE_INT64:
+ {
+ const struct CLAIM_INT64 *values = &claim_entry->values.claim_int64;
+ uint32_t k;
+
+ n_values = values->value_count;
+ value_type = CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64;
+
+ claim_values = talloc_array(claims,
+ union claim_values,
+ n_values);
+ if (claim_values == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (k = 0; k < n_values; ++k) {
+ int64_t *value = NULL;
+ uint32_t m;
+
+ /*
+ * Ensure that there are no duplicate
+ * values (very inefficiently, in
+ * O(n²)).
+ */
+ for (m = 0; m < k; ++m) {
+ if (values->values[m] == values->values[k]) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ value = talloc(mem_ctx, int64_t);
+ if (value == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *value = values->values[k];
+ claim_values[k].int_value = value;
+ }
+
+ break;
+ }
+ case CLAIM_TYPE_UINT64:
+ case CLAIM_TYPE_BOOLEAN:
+ {
+ const struct CLAIM_UINT64 *values = &claim_entry->values.claim_uint64;
+ uint32_t k;
+
+ n_values = values->value_count;
+ value_type = (claim_entry->type == CLAIM_TYPE_UINT64)
+ ? CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64
+ : CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN;
+
+ claim_values = talloc_array(claims,
+ union claim_values,
+ n_values);
+ if (claim_values == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (k = 0; k < n_values; ++k) {
+ uint64_t *value = NULL;
+ uint32_t m;
+
+ /*
+ * Ensure that there are no duplicate
+ * values (very inefficiently, in
+ * O(n²)).
+ */
+ for (m = 0; m < k; ++m) {
+ if (values->values[m] == values->values[k]) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ value = talloc(mem_ctx, uint64_t);
+ if (value == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *value = values->values[k];
+ claim_values[k].uint_value = value;
+ }
+
+ break;
+ }
+ case CLAIM_TYPE_STRING:
+ {
+ const struct CLAIM_STRING *values = &claim_entry->values.claim_string;
+ uint32_t k;
+
+ n_values = values->value_count;
+ value_type = CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING;
+
+ claim_values = talloc_array(claims,
+ union claim_values,
+ n_values);
+ if (claim_values == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (k = 0; k < n_values; ++k) {
+ const char *string_value = NULL;
+ uint32_t m;
+
+ /*
+ * Ensure that there are no duplicate
+ * values (very inefficiently, in
+ * O(n²)).
+ */
+ for (m = 0; m < k; ++m) {
+ if (values->values[m] == NULL && values->values[k] == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (values->values[m] != NULL &&
+ values->values[k] != NULL &&
+ strcasecmp_m(values->values[m], values->values[k]) == 0)
+ {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ if (values->values[k] != NULL) {
+ string_value = talloc_strdup(claim_values, values->values[k]);
+ if (string_value == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ claim_values[k].string_value = string_value;
+ }
+
+ break;
+ }
+ default:
+ /*
+ * Other claim types are unsupported — just skip
+ * them.
+ */
+ continue;
+ }
+
+ claims = talloc_realloc(tmp_ctx,
+ claims,
+ struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1,
+ ++n_claims);
+ if (claims == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (claim_entry->id != NULL) {
+ name = talloc_strdup(claims, claim_entry->id);
+ if (name == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ claims[n_claims - 1] = (struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1) {
+ .name = name,
+ .value_type = value_type,
+ .flags = 0,
+ .value_count = n_values,
+ .values = claim_values,
+ };
+ }
+ }
+
+ *out_claims = talloc_move(mem_ctx, &claims);
+ *out_n_claims = n_claims;
+
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+}
diff --git a/libcli/security/claims-conversions.h b/libcli/security/claims-conversions.h
index 2915675e594..caf185f17e7 100644
--- a/libcli/security/claims-conversions.h
+++ b/libcli/security/claims-conversions.h
@@ -16,7 +16,17 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H
+#define LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H
+#include "replace.h"
+#include <talloc.h>
+#include "libcli/util/ntstatus.h"
+
+struct CLAIMS_SET;
+struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;
+struct ace_condition_token;
+struct security_token;
bool claim_v1_to_ace_token(TALLOC_CTX *mem_ctx,
const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
@@ -24,11 +34,18 @@ bool claim_v1_to_ace_token(TALLOC_CTX *mem_ctx,
bool ace_token_to_claim_v1(TALLOC_CTX *mem_ctx,
const char *name,
- struct ace_condition_token *tok,
+ const struct ace_condition_token *tok,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **claim,
uint32_t flags);
bool add_claim_to_token(TALLOC_CTX *mem_ctx,
struct security_token *token,
- struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
+ const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claim,
const char *claim_type);
+
+NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
+ const struct CLAIMS_SET *claims_set,
+ struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 **out_claims,
+ uint32_t *out_n_claims);
+
+#endif /* LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H */
diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index b970e2fe0b4..50935a20a53 100644
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -2055,6 +2055,7 @@ bool conditional_ace_encode_binary(TALLOC_CTX *mem_ctx,
data[j] = tok->type;
j++;
if (j >= alloc_size) {
+ DBG_ERR("program exceeds %zu bytes\n", alloc_size);
goto error;
}
@@ -2132,16 +2133,19 @@ bool conditional_ace_encode_binary(TALLOC_CTX *mem_ctx,
goto error;
}
if (consumed == -1) {
+ DBG_ERR("program exceeds %zu bytes\n", alloc_size);
goto error;
}
j += consumed;
if (j >= alloc_size) {
+ DBG_ERR("program exceeds %zu bytes\n", alloc_size);
goto error;
}
}
/* align to a 4 byte boundary */
required_size = (j + 3) & ~((size_t)3);
if (required_size > alloc_size) {
+ DBG_ERR("program exceeds %zu bytes\n", alloc_size);
goto error;
}
while (j < required_size) {
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
--
Samba Shared Repository
More information about the samba-cvs
mailing list