[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2239-g34c0e64
Günther Deschner
gd at samba.org
Thu Feb 14 14:12:46 GMT 2008
The branch, v3-2-test has been updated
via 34c0e64026b7f5f223c7d7f1d7e162b5659f3bd3 (commit)
via 6e9195329d9f2b26c959f64485902c032f140ec8 (commit)
via ef9b65dd115591d8976f0248cf1c639fd05c03d7 (commit)
via cb6a84712cf91d104206356f0ac256a071868d66 (commit)
from 15b97d1aafd6c8ad936944b611188154b191167f (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 34c0e64026b7f5f223c7d7f1d7e162b5659f3bd3
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 14 15:11:35 2008 +0100
Remove unused marshalling for LSA_ENUM_ACCT_RIGHTS.
Guenther
commit 6e9195329d9f2b26c959f64485902c032f140ec8
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 14 15:09:21 2008 +0100
Use rpccli_lsa_EnumAccountRights in net and rpcclient.
Guenther
commit ef9b65dd115591d8976f0248cf1c639fd05c03d7
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 14 15:02:59 2008 +0100
Fix IDL for lsa_EnumAccountRights.
Guenther
commit cb6a84712cf91d104206356f0ac256a071868d66
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 14 15:02:31 2008 +0100
Use pidl for _lsa_EnumAccountRights().
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_lsa.h | 16 -------
source/librpc/idl/lsa.idl | 4 +-
source/rpc_client/cli_lsarpc.c | 70 ------------------------------
source/rpc_parse/parse_lsa.c | 92 ----------------------------------------
source/rpc_server/srv_lsa.c | 24 +----------
source/rpc_server/srv_lsa_nt.c | 67 ++++++++++++++++++++++-------
source/rpcclient/cmd_lsarpc.c | 15 ++++---
source/utils/net_rpc_rights.c | 33 ++++++++------
8 files changed, 81 insertions(+), 240 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index 1b82342..0cfee2d 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -446,22 +446,6 @@ typedef struct lsa_r_lookup_names4
NTSTATUS status; /* return code */
} LSA_R_LOOKUP_NAMES4;
-/* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
-typedef struct
-{
- POLICY_HND pol; /* policy handle */
- DOM_SID2 sid;
-} LSA_Q_ENUM_ACCT_RIGHTS;
-
-/* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
-typedef struct
-{
- uint32 count;
- UNISTR4_ARRAY *rights;
- NTSTATUS status;
-} LSA_R_ENUM_ACCT_RIGHTS;
-
-
/* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
typedef struct
{
diff --git a/source/librpc/idl/lsa.idl b/source/librpc/idl/lsa.idl
index df948bc..aad9c3b 100644
--- a/source/librpc/idl/lsa.idl
+++ b/source/librpc/idl/lsa.idl
@@ -688,8 +688,8 @@ import "security.idl";
NTSTATUS lsa_EnumAccountRights (
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
- [out] lsa_RightSet *rights
+ [in,ref] dom_sid2 *sid,
+ [out,ref] lsa_RightSet *rights
);
diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c
index 1395aa6..1de9592 100644
--- a/source/rpc_client/cli_lsarpc.c
+++ b/source/rpc_client/cli_lsarpc.c
@@ -452,76 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
return result;
}
-/* Enumerate account rights This is similar to enum_privileges but
- takes a SID directly, avoiding the open_account call.
-*/
-
-NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, DOM_SID *sid,
- uint32 *count, char ***priv_names)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_ACCT_RIGHTS q;
- LSA_R_ENUM_ACCT_RIGHTS r;
- NTSTATUS result;
- int i;
- fstring *privileges;
- char **names;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
- init_q_enum_acct_rights(&q, pol, 2, sid);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_enum_acct_rights,
- lsa_io_r_enum_acct_rights,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- *count = r.count;
- if (! *count) {
- goto done;
- }
-
-
- privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
- names = TALLOC_ARRAY( mem_ctx, char *, *count );
-
- if ((privileges == NULL) || (names == NULL)) {
- TALLOC_FREE(privileges);
- TALLOC_FREE(names);
- return NT_STATUS_NO_MEMORY;
- }
-
- for ( i=0; i<*count; i++ ) {
- UNISTR4 *uni_string = &r.rights->strings[i];
-
- if ( !uni_string->string )
- continue;
-
- rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
-
- /* now copy to the return array */
- names[i] = talloc_strdup( mem_ctx, privileges[i] );
- }
-
- *priv_names = names;
-
-done:
-
- return result;
-}
-
-
/* remove account rights for an account. */
NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c
index 05841e5..1a5c5e8 100644
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -1220,98 +1220,6 @@ bool policy_handle_is_valid(const POLICY_HND *hnd)
}
/*******************************************************************
- Inits an LSA_Q_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-void init_q_enum_acct_rights(LSA_Q_ENUM_ACCT_RIGHTS *in,
- POLICY_HND *hnd,
- uint32 count,
- DOM_SID *sid)
-{
- DEBUG(5, ("init_q_enum_acct_rights\n"));
-
- in->pol = *hnd;
- init_dom_sid2(&in->sid, sid);
-}
-
-/*******************************************************************
-********************************************************************/
-NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *out, PRIVILEGE_SET *privileges )
-{
- uint32 i;
- const char *privname;
- const char **privname_array = NULL;
- int num_priv = 0;
-
- for ( i=0; i<privileges->count; i++ ) {
- privname = luid_to_privilege_name( &privileges->set[i].luid );
- if ( privname ) {
- if ( !add_string_to_array( talloc_tos(), privname, &privname_array, &num_priv ) )
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- if ( num_priv ) {
- out->rights = TALLOC_P( talloc_tos(), UNISTR4_ARRAY );
- if (!out->rights) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !init_unistr4_array( out->rights, num_priv, privname_array ) )
- return NT_STATUS_NO_MEMORY;
-
- out->count = num_priv;
- }
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *in, prs_struct *ps, int depth)
-{
-
- if (in == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "lsa_io_q_enum_acct_rights");
- depth++;
-
- if (!smb_io_pol_hnd("", &in->pol, ps, depth))
- return False;
-
- if(!smb_io_dom_sid2("sid", &in->sid, ps, depth))
- return False;
-
- return True;
-}
-
-
-/*******************************************************************
-reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *out, prs_struct *ps, int depth)
-{
- prs_debug(ps, depth, desc, "lsa_io_r_enum_acct_rights");
- depth++;
-
- if(!prs_uint32("count ", ps, depth, &out->count))
- return False;
-
- if ( !prs_pointer("rights", ps, depth, (void*)&out->rights, sizeof(UNISTR4_ARRAY), (PRS_POINTER_CAST)prs_unistr4_array) )
- return False;
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_ntstatus("status", ps, depth, &out->status))
- return False;
-
- return True;
-}
-
-
-/*******************************************************************
Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure.
********************************************************************/
diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c
index 33686e5..14cf0b3 100644
--- a/source/rpc_server/srv_lsa.c
+++ b/source/rpc_server/srv_lsa.c
@@ -316,29 +316,7 @@ static bool api_lsa_remove_acct_rights(pipes_struct *p)
static bool api_lsa_enum_acct_rights(pipes_struct *p)
{
- LSA_Q_ENUM_ACCT_RIGHTS q_u;
- LSA_R_ENUM_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_ENUMACCOUNTRIGHTS);
}
/***************************************************************************
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 0be72c5..a709877 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -2149,27 +2149,69 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
return NT_STATUS_OK;
}
+/*******************************************************************
+********************************************************************/
+
+static NTSTATUS init_lsa_right_set(TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *r,
+ PRIVILEGE_SET *privileges)
+{
+ uint32 i;
+ const char *privname;
+ const char **privname_array = NULL;
+ int num_priv = 0;
+
+ for (i=0; i<privileges->count; i++) {
+
+ privname = luid_to_privilege_name(&privileges->set[i].luid);
+ if (privname) {
+ if (!add_string_to_array(mem_ctx, privname,
+ &privname_array, &num_priv)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ }
+
+ if (num_priv) {
+
+ r->names = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_StringLarge,
+ num_priv);
+ if (!r->names) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_priv; i++) {
+ init_lsa_StringLarge(&r->names[i], privname_array[i]);
+ }
+
+ r->count = num_priv;
+ }
+
+ return NT_STATUS_OK;
+}
/***************************************************************************
+ _lsa_EnumAccountRights
***************************************************************************/
-NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
+ struct lsa_EnumAccountRights *r)
{
+ NTSTATUS status;
struct lsa_info *info = NULL;
DOM_SID sid;
PRIVILEGE_SET privileges;
SE_PRIV mask;
-
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
- sid_copy( &sid, &q_u->sid.sid );
+ sid_copy( &sid, r->in.sid );
if ( !get_privileges_for_sids( &mask, &sid, 1 ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -2178,20 +2220,19 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
- DEBUG(10,("_lsa_enum_acct_rights: %s has %d privileges\n",
+ DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
sid_string_dbg(&sid), privileges.count));
- r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+ status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges);
+ } else {
+ status = NT_STATUS_NO_SUCH_PRIVILEGE;
}
- else
- r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
privilege_set_free( &privileges );
- return r_u->status;
+ return status;
}
-
/***************************************************************************
_lsa_LookupPrivValue
***************************************************************************/
@@ -2314,12 +2355,6 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccounts
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, struct lsa_EnumAccountRights *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, struct lsa_RemoveAccountRights *r)
{
p->rng_fault_state = True;
diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c
index 079a914..d7f5e55 100644
--- a/source/rpcclient/cmd_lsarpc.c
+++ b/source/rpcclient/cmd_lsarpc.c
@@ -713,10 +713,8 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
{
POLICY_HND dom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
DOM_SID sid;
- uint32 count;
- char **rights;
+ struct lsa_RightSet rights;
int i;
@@ -736,16 +734,19 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
+ result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
+ &dom_pol,
+ &sid,
+ &rights);
if (!NT_STATUS_IS_OK(result))
goto done;
- printf("found %d privileges for SID %s\n", count,
+ printf("found %d privileges for SID %s\n", rights.count,
sid_string_tos(&sid));
- for (i = 0; i < count; i++) {
- printf("\t%s\n", rights[i]);
+ for (i = 0; i < rights.count; i++) {
+ printf("\t%s\n", rights.names[i].string);
}
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
diff --git a/source/utils/net_rpc_rights.c b/source/utils/net_rpc_rights.c
index 9ba0eaa..a0df5d8 100644
--- a/source/utils/net_rpc_rights.c
+++ b/source/utils/net_rpc_rights.c
@@ -152,22 +152,24 @@ static NTSTATUS check_privilege_for_user(struct rpc_pipe_client *pipe_hnd,
const char *right)
{
NTSTATUS result;
- uint32 count;
- char **rights;
+ struct lsa_RightSet rights;
int i;
- result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights);
+ result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
+ pol,
+ sid,
+ &rights);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- if (count == 0) {
+ if (rights.count == 0) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
-
- for (i = 0; i < count; i++) {
- if (StrCaseCmp(rights[i], right) == 0) {
+
+ for (i = 0; i < rights.count; i++) {
+ if (StrCaseCmp(rights.names[i].string, right) == 0) {
return NT_STATUS_OK;
}
}
@@ -184,20 +186,23 @@ static NTSTATUS enum_privileges_for_user(struct rpc_pipe_client *pipe_hnd,
DOM_SID *sid )
{
NTSTATUS result;
- uint32 count;
- char **rights;
+ struct lsa_RightSet rights;
int i;
- result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights);
+ result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
+ pol,
+ sid,
+ &rights);
if (!NT_STATUS_IS_OK(result))
return result;
- if ( count == 0 )
+ if (rights.count == 0) {
d_printf("No privileges assigned\n");
-
- for (i = 0; i < count; i++) {
- printf("%s\n", rights[i]);
+ }
+
+ for (i = 0; i < rights.count; i++) {
+ printf("%s\n", rights.names[i].string);
}
return NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list