r4820: add beginnings of 'net rpc rights' for managing privilege assignments

(This used to be commit 164f94e52929330bd638f19bcf3bfce50303269e)

4 files changed, 134 insertions, 8 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index aeb6c456d2..fa918e556b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -532,7 +532,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
 	   utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
 	   utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
 	   utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \
-	   utils/net_status.o utils/net_rpc_printer.o
+	   utils/net_status.o utils/net_rpc_printer.o utils/net_rpc_rights.o
 
 NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
 	  $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
diff --git a/source3/utils/net.h b/source3/utils/net.h
index 5e65ca0d4c..2d9fbd1644 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -17,8 +17,21 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
 
+/* 
+ * A function of this type is passed to the '
+ * run_rpc_command' wrapper.  Must go before the net_proto.h 
+ * include
+ */
+
+typedef NTSTATUS (*rpc_command_fn)(const DOM_SID *, const char *, 
+				   struct cli_state *, TALLOC_CTX *, int, const char **);
+				   
+/* INCLUDE FILES */
+
 #include "utils/net_proto.h"
  
+/* MACROS & DEFINES */
+
 #define NET_FLAGS_MASTER 1
 #define NET_FLAGS_DMB 2
 
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 4cbad9bde6..5374d48de6 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -37,10 +37,6 @@
  **/
 
 
-/* A function of this type is passed to the 'run_rpc_command' wrapper */
-typedef NTSTATUS (*rpc_command_fn)(const DOM_SID *, const char *, 
-				   struct cli_state *, TALLOC_CTX *, int, const char **);
-
 /**
  * Many of the RPC functions need the domain sid.  This function gets
  *  it at the start of every run 
@@ -100,7 +96,7 @@ static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem
  * @return A shell status integer (0 for success)
  */
 
-static int run_rpc_command(struct cli_state *cli_arg, const int pipe_idx, int conn_flags,
+int run_rpc_command(struct cli_state *cli_arg, const int pipe_idx, int conn_flags,
                            rpc_command_fn fn,
                            int argc, const char **argv) 
 {
@@ -5260,10 +5256,10 @@ int net_rpc_usage(int argc, const char **argv)
 	d_printf("  net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
 	d_printf("  net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
 	d_printf("  net rpc samdump \t\tdiplay an NT PDC's users, groups and other data\n");
-	d_printf("  net rpc trustdom \t\tto create trusting domain's account\n"
-		 "\t\t\t\t\tor establish trust\n");
+	d_printf("  net rpc trustdom \t\tto create trusting domain's account or establish trust\n");
 	d_printf("  net rpc abortshutdown \tto abort the shutdown of a remote server\n");
 	d_printf("  net rpc shutdown \t\tto shutdown a remote server\n");
+	d_printf("  net rpc rights\t\tto manage privileges assigned to SIDs\n");
 	d_printf("\n");
 	d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
 	d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
@@ -5332,6 +5328,7 @@ int net_rpc(int argc, const char **argv)
 		{"samdump", rpc_samdump},
 		{"vampire", rpc_vampire},
 		{"getsid", net_rpc_getsid},
+		{"rights", net_rpc_rights},
 		{"help", net_rpc_help},
 		{NULL, NULL}
 	};
diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c
new file mode 100644
index 0000000000..f1e61ae9ba
--- /dev/null
+++ b/source3/utils/net_rpc_rights.c
@@ -0,0 +1,116 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) Gerald (Jerry) Carter          2004
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+ 
+#include "includes.h"
+#include "utils/net.h"
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char *domain_name, 
+                            struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                            int argc, const char **argv )
+{
+	return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS rpc_rights_grant_internal( const DOM_SID *domain_sid, const char *domain_name, 
+                            struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                            int argc, const char **argv )
+{
+	return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS rpc_rights_revoke_internal( const DOM_SID *domain_sid, const char *domain_name, 
+                              struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                              int argc, const char **argv )
+{
+	return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+static int rpc_rights_list( int argc, const char **argv )
+{
+	return run_rpc_command( NULL, PI_LSARPC, 0, 
+		rpc_rights_list_internal, argc, argv );
+}
+
+/********************************************************************
+********************************************************************/
+
+static int rpc_rights_grant( int argc, const char **argv )
+{
+	return run_rpc_command( NULL, PI_LSARPC, 0, 
+		rpc_rights_grant_internal, argc, argv );
+}
+
+/********************************************************************
+********************************************************************/
+
+static int rpc_rights_revoke( int argc, const char **argv )
+{
+	return run_rpc_command( NULL, PI_LSARPC, 0, 
+		rpc_rights_revoke_internal, argc, argv );
+}
+
+/********************************************************************
+********************************************************************/
+
+static int net_help_rights( int argc, const char **argv )
+{
+	d_printf("net rpc rights list       View available privileges\n");
+	d_printf("net rpc rights grant      View available privileges\n");
+	d_printf("net rpc rights revoke     View available privileges\n");
+	
+	d_printf("Both 'grant' and 'revoke' require a SID and a commaa separated\n");
+	d_printf("list of privilege names.  For example\n");
+	d_printf("  net rpc grant S-1-5-32-550 SePrintOperatorsPrivilege\n");
+	d_printf("would grant the printer admin right to the 'BUILTIN\\Print Operators' group\n");
+	
+	
+	return -1;
+}
+
+/********************************************************************
+********************************************************************/
+
+int net_rpc_rights(int argc, const char **argv) 
+{
+	struct functable func[] = {
+		{"list", rpc_rights_list},
+		{"grant", rpc_rights_grant},
+		{"revoke", rpc_rights_revoke},
+		{NULL, NULL}
+	};
+	
+	if ( argc )
+		return net_run_function( argc, argv, func, net_help_rights );
+		
+	return net_help_rights( argc, argv );
+}
+
+