svn commit: samba r4283 - in branches/SAMBA_4_0/source/rpc_server/lsa: .

tridge at samba.org tridge at samba.org
Sun Dec 19 11:34:20 GMT 2004 

Author: tridge
Date: 2004-12-19 11:34:19 +0000 (Sun, 19 Dec 2004)
New Revision: 4283

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4283

Log:
adding a privilege that an account already has is not an error


Modified:
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-12-19 10:58:36 UTC (rev 4282)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-12-19 11:34:19 UTC (rev 4283)
@@ -878,7 +878,57 @@
 	return NT_STATUS_OK;
 }
 
+/* 
+  lsa_EnumAccountRights 
+*/
+static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, 
+				      TALLOC_CTX *mem_ctx,
+				      struct lsa_EnumAccountRights *r)
+{
+	struct dcesrv_handle *h;
+	struct lsa_policy_state *state;
+	int ret, i;
+	struct ldb_message **res;
+	const char * const attrs[] = { "privilege", NULL};
+	const char *sidstr;
+	struct ldb_message_element *el;
 
+	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+	state = h->data;
+
+	sidstr = dom_sid_string(mem_ctx, r->in.sid);
+	if (sidstr == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+			   "objectSid=%s", sidstr);
+	if (ret != 1) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	el = ldb_msg_find_element(res[0], "privilege");
+	if (el == NULL || el->num_values == 0) {
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	r->out.rights->count = el->num_values;
+	r->out.rights->names = talloc_array_p(r->out.rights, 
+					      struct lsa_String, r->out.rights->count);
+	if (r->out.rights->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0;i<el->num_values;i++) {
+		r->out.rights->names[i].string = el->values[i].data;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+
 /* 
   helper for lsa_AddAccountRights and lsa_RemoveAccountRights
 */
@@ -886,7 +936,7 @@
 					   TALLOC_CTX *mem_ctx,
 					   struct lsa_policy_state *state,
 					   int ldb_flag,
-					   const struct dom_sid *sid,
+					   struct dom_sid *sid,
 					   const struct lsa_RightSet *rights)
 {
 	const char *sidstr;
@@ -894,6 +944,7 @@
 	struct ldb_message_element el;
 	int i, ret;
 	const char *dn;
+	struct lsa_EnumAccountRights r2;
 
 	sidstr = dom_sid_string(mem_ctx, sid);
 	if (sidstr == NULL) {
@@ -917,22 +968,54 @@
 	if (el.name == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	el.num_values = rights->count;
-	el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values);
+
+	if (ldb_flag == LDB_FLAG_MOD_ADD) {
+		NTSTATUS status;
+
+		r2.in.handle = &state->handle->wire_handle;
+		r2.in.sid = sid;
+		r2.out.rights = talloc_p(mem_ctx, struct lsa_RightSet);
+
+		status = lsa_EnumAccountRights(dce_call, mem_ctx, &r2);
+		if (!NT_STATUS_IS_OK(status)) {
+			ZERO_STRUCTP(r2.out.rights);
+		}
+	}
+
+	el.num_values = 0;
+	el.values = talloc_array_p(mem_ctx, struct ldb_val, rights->count);
 	if (el.values == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	for (i=0;i<el.num_values;i++) {
+	for (i=0;i<rights->count;i++) {
 		if (sec_privilege_id(rights->names[i].string) == -1) {
 			return NT_STATUS_NO_SUCH_PRIVILEGE;
 		}
-		el.values[i].length = strlen(rights->names[i].string);
-		el.values[i].data = talloc_strdup(mem_ctx, rights->names[i].string);
-		if (el.values[i].data == NULL) {
+
+		if (ldb_flag == LDB_FLAG_MOD_ADD) {
+			int j;
+			for (j=0;j<r2.out.rights->count;j++) {
+				if (StrCaseCmp(r2.out.rights->names[j].string, 
+					       rights->names[i].string) == 0) {
+					break;
+				}
+			}
+			if (j != r2.out.rights->count) continue;
+		}
+
+
+		el.values[el.num_values].length = strlen(rights->names[i].string);
+		el.values[el.num_values].data = talloc_strdup(mem_ctx, rights->names[i].string);
+		if (el.values[el.num_values].data == NULL) {
 			return NT_STATUS_NO_MEMORY;
 		}
+		el.num_values++;
 	}
 
+	if (el.num_values == 0) {
+		return NT_STATUS_OK;
+	}
+
 	ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
 	if (ret != 0) {
 		if (ldb_flag == LDB_FLAG_MOD_DELETE) {
@@ -944,60 +1027,7 @@
 	return NT_STATUS_OK;
 }
 
-
 /* 
-  lsa_EnumAccountRights 
-*/
-static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, 
-				      TALLOC_CTX *mem_ctx,
-				      struct lsa_EnumAccountRights *r)
-{
-	struct dcesrv_handle *h;
-	struct lsa_policy_state *state;
-	int ret, i;
-	struct ldb_message **res;
-	const char * const attrs[] = { "privilege", NULL};
-	const char *sidstr;
-	struct ldb_message_element *el;
-
-	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
-
-	state = h->data;
-
-	sidstr = dom_sid_string(mem_ctx, r->in.sid);
-	if (sidstr == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
-			   "objectSid=%s", sidstr);
-	if (ret != 1) {
-		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
-	}
-
-	el = ldb_msg_find_element(res[0], "privilege");
-	if (el == NULL || el->num_values == 0) {
-		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
-	}
-
-	r->out.rights->count = el->num_values;
-	r->out.rights->names = talloc_array_p(r->out.rights, 
-					      struct lsa_String, r->out.rights->count);
-	if (r->out.rights->names == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for (i=0;i<el->num_values;i++) {
-		r->out.rights->names[i].string = el->values[i].data;
-	}
-
-	return NT_STATUS_OK;
-}
-
-
-
-
-/* 
   lsa_AddPrivilegesToAccount
 */
 static NTSTATUS lsa_AddPrivilegesToAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,

More information about the samba-cvs mailing list