svn commit: samba r4202 - in branches/SAMBA_4_0/source: client
libcli/util rpc_server/lsa
tridge at samba.org
tridge at samba.org
Tue Dec 14 06:31:22 GMT 2004
Author: tridge
Date: 2004-12-14 06:31:20 +0000 (Tue, 14 Dec 2004)
New Revision: 4202
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4202
Log:
added smbclient commands "addprivileges" and "delprivileges" for
easily adding/removing privileges from users
Modified:
branches/SAMBA_4_0/source/client/client.c
branches/SAMBA_4_0/source/libcli/util/clilsa.c
branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
Changeset:
Modified: branches/SAMBA_4_0/source/client/client.c
===================================================================
--- branches/SAMBA_4_0/source/client/client.c 2004-12-14 06:25:19 UTC (rev 4201)
+++ branches/SAMBA_4_0/source/client/client.c 2004-12-14 06:31:20 UTC (rev 4202)
@@ -1909,7 +1909,7 @@
unsigned i;
if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) {
- d_printf("lookupsid <sid>\n");
+ d_printf("privileges <sid|name>\n");
talloc_free(mem_ctx);
return 1;
}
@@ -1944,7 +1944,108 @@
/****************************************************************************
+add privileges for a user
****************************************************************************/
+static int cmd_addprivileges(const char **cmd_ptr)
+{
+ fstring buf;
+ TALLOC_CTX *mem_ctx = talloc(NULL, 0);
+ NTSTATUS status;
+ struct dom_sid *sid;
+ struct lsa_RightSet rights;
+
+ if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) {
+ d_printf("addprivileges <sid> <privilege...>\n");
+ talloc_free(mem_ctx);
+ return 1;
+ }
+
+ sid = dom_sid_parse_talloc(mem_ctx, buf);
+ if (sid == NULL) {
+ const char *sid_str;
+ status = smblsa_lookup_name(cli, buf, mem_ctx, &sid_str);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+ talloc_free(mem_ctx);
+ return 1;
+ }
+ sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+ }
+
+ ZERO_STRUCT(rights);
+ while (next_token(cmd_ptr,buf,NULL,sizeof(buf))) {
+ rights.names = talloc_realloc_p(mem_ctx, rights.names,
+ struct lsa_String, rights.count+1);
+ rights.names[rights.count].string = talloc_strdup(mem_ctx, buf);
+ rights.count++;
+ }
+
+
+ status = smblsa_sid_add_privileges(cli, sid, mem_ctx, &rights);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("lsa_AddAccountRights - %s\n", nt_errstr(status));
+ talloc_free(mem_ctx);
+ return 1;
+ }
+
+ talloc_free(mem_ctx);
+
+ return 0;
+}
+
+/****************************************************************************
+delete privileges for a user
+****************************************************************************/
+static int cmd_delprivileges(const char **cmd_ptr)
+{
+ fstring buf;
+ TALLOC_CTX *mem_ctx = talloc(NULL, 0);
+ NTSTATUS status;
+ struct dom_sid *sid;
+ struct lsa_RightSet rights;
+
+ if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) {
+ d_printf("delprivileges <sid> <privilege...>\n");
+ talloc_free(mem_ctx);
+ return 1;
+ }
+
+ sid = dom_sid_parse_talloc(mem_ctx, buf);
+ if (sid == NULL) {
+ const char *sid_str;
+ status = smblsa_lookup_name(cli, buf, mem_ctx, &sid_str);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("lsa_LookupNames - %s\n", nt_errstr(status));
+ talloc_free(mem_ctx);
+ return 1;
+ }
+ sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+ }
+
+ ZERO_STRUCT(rights);
+ while (next_token(cmd_ptr,buf,NULL,sizeof(buf))) {
+ rights.names = talloc_realloc_p(mem_ctx, rights.names,
+ struct lsa_String, rights.count+1);
+ rights.names[rights.count].string = talloc_strdup(mem_ctx, buf);
+ rights.count++;
+ }
+
+
+ status = smblsa_sid_del_privileges(cli, sid, mem_ctx, &rights);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("lsa_RemoveAccountRights - %s\n", nt_errstr(status));
+ talloc_free(mem_ctx);
+ return 1;
+ }
+
+ talloc_free(mem_ctx);
+
+ return 0;
+}
+
+
+/****************************************************************************
+****************************************************************************/
static int cmd_open(const char **cmd_ptr)
{
pstring mask;
@@ -2492,6 +2593,7 @@
} commands[] =
{
{"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+ {"addprivileges",cmd_addprivileges,"<sid|user> <privilege...> add privileges for a user",{COMPL_NONE,COMPL_NONE}},
{"altname",cmd_altname,"<file> show alt name",{COMPL_NONE,COMPL_NONE}},
{"acl",cmd_acl,"<file> show file ACL",{COMPL_NONE,COMPL_NONE}},
{"allinfo",cmd_allinfo,"<file> show all possible info about a file",{COMPL_NONE,COMPL_NONE}},
@@ -2501,6 +2603,7 @@
{"chmod",cmd_chmod,"<src> <mode> chmod a file using UNIX permission",{COMPL_REMOTE,COMPL_REMOTE}},
{"chown",cmd_chown,"<src> <uid> <gid> chown a file using UNIX uids and gids",{COMPL_REMOTE,COMPL_REMOTE}},
{"del",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
+ {"delprivileges",cmd_delprivileges,"<sid|user> <privilege...> remove privileges for a user",{COMPL_NONE,COMPL_NONE}},
{"deltree",cmd_deltree,"<dir> delete a whole directory tree",{COMPL_REMOTE,COMPL_NONE}},
{"dir",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}},
{"du",cmd_du,"<mask> computes the total size of the current directory",{COMPL_REMOTE,COMPL_NONE}},
Modified: branches/SAMBA_4_0/source/libcli/util/clilsa.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/util/clilsa.c 2004-12-14 06:25:19 UTC (rev 4201)
+++ branches/SAMBA_4_0/source/libcli/util/clilsa.c 2004-12-14 06:31:20 UTC (rev 4202)
@@ -297,3 +297,49 @@
return NT_STATUS_OK;
}
+
+
+/*
+ add a set of privileges to the given sid
+*/
+NTSTATUS smblsa_sid_add_privileges(struct smbcli_state *cli, struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *rights)
+{
+ NTSTATUS status;
+ struct lsa_AddAccountRights r;
+
+ status = smblsa_connect(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ r.in.handle = &cli->lsa->handle;
+ r.in.sid = sid;
+ r.in.rights = rights;
+
+ return dcerpc_lsa_AddAccountRights(cli->lsa->pipe, mem_ctx, &r);
+}
+
+/*
+ remove a set of privileges from the given sid
+*/
+NTSTATUS smblsa_sid_del_privileges(struct smbcli_state *cli, struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *rights)
+{
+ NTSTATUS status;
+ struct lsa_RemoveAccountRights r;
+
+ status = smblsa_connect(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ r.in.handle = &cli->lsa->handle;
+ r.in.sid = sid;
+ r.in.unknown = 0;
+ r.in.rights = rights;
+
+ return dcerpc_lsa_RemoveAccountRights(cli->lsa->pipe, mem_ctx, &r);
+}
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-12-14 06:25:19 UTC (rev 4201)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-12-14 06:31:20 UTC (rev 4202)
@@ -1084,6 +1084,9 @@
ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
if (ret != 0) {
+ if (ldb_flag == LDB_FLAG_MOD_DELETE) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
return NT_STATUS_UNEXPECTED_IO_ERROR;
}
More information about the samba-cvs
mailing list