svn commit: samba r4746 - in branches/SAMBA_3_0/source: lib
nsswitch rpc_parse rpc_server
jerry at samba.org
jerry at samba.org
Sat Jan 15 03:54:03 GMT 2005
Author: jerry
Date: 2005-01-15 03:54:03 +0000 (Sat, 15 Jan 2005)
New Revision: 4746
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4746
Log:
add server support for lsa_enum_acct_rights(); last checkin for the night
Modified:
branches/SAMBA_3_0/source/lib/util_str.c
branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c
branches/SAMBA_3_0/source/rpc_server/srv_lsa.c
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_str.c
===================================================================
--- branches/SAMBA_3_0/source/lib/util_str.c 2005-01-15 03:48:15 UTC (rev 4745)
+++ branches/SAMBA_3_0/source/lib/util_str.c 2005-01-15 03:54:03 UTC (rev 4746)
@@ -2092,3 +2092,19 @@
safe_strcat(*left, right, new_len-1);
}
+
+BOOL add_string_to_array(TALLOC_CTX *mem_ctx,
+ const char *str, const char ***strings,
+ int *num)
+{
+ char *dup_str = talloc_strdup(mem_ctx, str);
+
+ *strings = TALLOC_REALLOC_ARRAY(mem_ctx, *strings, const char *, (*num)+1);
+
+ if ((*strings == NULL) || (dup_str == NULL))
+ return False;
+
+ (*strings)[*num] = dup_str;
+ *num += 1;
+ return True;
+}
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-01-15 03:48:15 UTC (rev 4745)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-01-15 03:54:03 UTC (rev 4746)
@@ -446,21 +446,6 @@
return True;
}
-static BOOL add_string_to_array(TALLOC_CTX *mem_ctx,
- const char *str, char ***array, int *num)
-{
- char *dup_str = talloc_strdup(mem_ctx, str);
-
- *array = TALLOC_REALLOC_ARRAY(mem_ctx, *array, char *, (*num)+1);
-
- if ((*array == NULL) || (dup_str == NULL))
- return False;
-
- (*array)[*num] = dup_str;
- *num += 1;
- return True;
-}
-
static BOOL add_sockaddr_to_array(TALLOC_CTX *mem_ctx,
struct in_addr ip, uint16 port,
struct sockaddr_in **addrs, int *num)
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-01-15 03:48:15 UTC (rev 4745)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-01-15 03:54:03 UTC (rev 4746)
@@ -2300,6 +2300,33 @@
}
/*******************************************************************
+********************************************************************/
+NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *r_u, PRIVILEGE_SET *privileges )
+{
+ uint32 i;
+ char *privname;
+ const char **privname_array = NULL;
+ int num_priv = 0;
+
+ for ( i=0; i<privileges->count; i++ ) {
+ privname = luid_to_privilege_name( &privileges->set[i].luid );
+ if ( privname ) {
+ if ( !add_string_to_array( get_talloc_ctx(), privname, &privname_array, &num_priv ) )
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if ( num_priv ) {
+ if ( !init_unistr2_array( &r_u->rights, num_priv, privname_array ) )
+ return NT_STATUS_NO_MEMORY;
+
+ r_u->count = num_priv;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure.
********************************************************************/
BOOL lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *q_q, prs_struct *ps, int depth)
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2005-01-15 03:48:15 UTC (rev 4745)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2005-01-15 03:54:03 UTC (rev 4746)
@@ -704,6 +704,37 @@
}
/***************************************************************************
+ api_lsa_enum_acct_rights
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
+{
+ LSA_Q_ENUM_ACCT_RIGHTS q_u;
+ LSA_R_ENUM_ACCT_RIGHTS r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+/***************************************************************************
api_lsa_query_info2
***************************************************************************/
@@ -761,6 +792,7 @@
{ "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
{ "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
+ { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
{ "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
/* be careful of the adding of new RPC's. See commentrs below about
ADS DC capabilities */
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-15 03:48:15 UTC (rev 4745)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-15 03:54:03 UTC (rev 4746)
@@ -1370,9 +1370,6 @@
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
- /* according to an NT4 PDC, you can add privileges to SIDs even without
- call_lsa_create_account() first. And you can use any arbitrary SID. */
-
sid_copy( &sid, &q_u->sid.sid );
if ( q_u->removeall ) {
@@ -1395,7 +1392,7 @@
/* only try to add non-null strings */
if ( *privname && !revoke_privilege_by_name( &sid, privname ) ) {
- DEBUG(2,("_lsa_remove_acct_rights: Failed to add privilege [%s]\n", privname ));
+ DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname ));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
@@ -1404,3 +1401,32 @@
}
+NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+{
+ struct lsa_info *info = NULL;
+ DOM_SID sid;
+ PRIVILEGE_SET privileges;
+
+
+ /* find the connection policy handle. */
+
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
+
+ /* according to an NT4 PDC, you can add privileges to SIDs even without
+ call_lsa_create_account() first. And you can use any arbitrary SID. */
+
+ sid_copy( &sid, &q_u->sid.sid );
+
+ privilege_set_init( &privileges );
+
+ get_privileges_for_sids( &privileges, &sid, 1 );
+
+ r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+
+ privilege_set_free( &privileges );
+
+ return r_u->status;
+}
+
+
More information about the samba-cvs
mailing list