diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-18 18:28:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:56 -0500 |
| commit | cf8571531924d723ccf0bbc9747c35d962b5cfa7 (patch) | |
| tree | 0a55112e4247c8b65c2510d92ac7fe317f882a11 | |
| parent | 862e610e4af0eb8b660c5526401cbe6f751444be (diff) | |
| download | samba-cf8571531924d723ccf0bbc9747c35d962b5cfa7.tar.gz samba-cf8571531924d723ccf0bbc9747c35d962b5cfa7.tar.bz2 samba-cf8571531924d723ccf0bbc9747c35d962b5cfa7.zip | |
r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)
| -rw-r--r-- | source3/Makefile.in | 72 | ||||
| -rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 16 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 2 | ||||
| -rw-r--r-- | source3/utils/net_rpc_rights.c | 226 |
4 files changed, 271 insertions, 45 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index fa918e556b..466958b5ab 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -434,41 +434,41 @@ SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(LIBSMB_OBJ) \ $(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ + $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) \ $(PASSCHANGE_OBJ) $(DUMMYROOT_OBJ) SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \ - $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ + $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(SECRETS_OBJ) $(LIBSAMBA_OBJ) $(DUMMYROOT_OBJ) $(ERRORMAP_OBJ) SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ + $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(SECRETS_OBJ) $(LIBSAMBA_OBJ) \ $(PRINTBASE_OBJ) $(DUMMYROOT_OBJ) $(ERRORMAP_OBJ) SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ + $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) TESTPARM_OBJ = utils/testparm.o \ - $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(SECRETS_OBJ) $(LIBSAMBA_OBJ) -TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ +TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) \ $(LIB_NONSMBD_OBJ) libsmb/nterr.o SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSCHANGE_OBJ) $(PARAM_OBJ) $(SECRETS_OBJ) \ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) $(DUMMYROOT_OBJ) PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ + $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(DUMMYROOT_OBJ) SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) @@ -481,7 +481,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ $(READLINE_OBJ) $(GROUPDB_OBJ) $(KRBCLIENT_OBJ) \ $(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) \ @@ -497,7 +497,7 @@ SMBW_OBJ1 = smbwrapper/smbw.o \ smbwrapper/smbw_cache.o SMBW_OBJ = $(SMBW_OBJ1) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) + $(LIB_NONSMBD_OBJ) SMBWRAPPER_OBJ1 = smbwrapper/wrapped.o @@ -506,7 +506,7 @@ SMBWRAPPER_OBJ = $(SMBW_OBJ) $(SMBWRAPPER_OBJ1) LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o libsmb/libsmb_compat.o \ libsmb/libsmb_cache.o \ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(UBIQX_OBJ) \ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ $(SECRETS_OBJ) @@ -524,7 +524,7 @@ LIBBIGBALLOFMUD_PICOBJS = $(LIBBIGBALLOFMUD_OBJ:.o=.@PICSUFFIX@) CLIENT_OBJ1 = client/client.o client/clitar.o -CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ +CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(READLINE_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) @@ -536,63 +536,63 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ + $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ $(LIBMSRPC_OBJ) $(IDMAP_OBJ) \ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(DUMMYROOT_OBJ) $(SERVER_MUTEX_OBJ) \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) -CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ +CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ) MOUNT_OBJ = client/smbmount.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) + $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) MNT_OBJ = client/smbmnt.o $(VERSION_OBJ) $(SNPRINTF_OBJ) UMOUNT_OBJ = client/smbumount.o -NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBNMB_OBJ) \ +NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ torture/denytest.o torture/mangle_test.o SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) \ - $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) + $(LIB_NONSMBD_OBJ) MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) + $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(DUMMYROOT_OBJ) $(SECRETS_OBJ) + $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(DUMMYROOT_OBJ) $(SECRETS_OBJ) NSSTEST_OBJ = torture/nsstest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) + $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) -SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(UBIQX_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) +SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) LOG2PCAP_OBJ = utils/log2pcaphex.o LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \ - $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(DUMMYROOT_OBJ) $(SECRETS_OBJ) + $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(DUMMYROOT_OBJ) $(SECRETS_OBJ) SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ - $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \ + $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \ $(PASSDB_GET_SET_OBJ) $(LIBMSRPC_OBJ) $(SECRETS_OBJ) \ $(POPT_LIB_OBJ) $(DCUTIL_OBJ) $(LIBADS_OBJ) SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ + $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ $(LIBMSRPC_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) -TALLOCTORT_OBJ = lib/talloctort.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(UBIQX_OBJ) libsmb/nterr.o +TALLOCTORT_OBJ = lib/talloctort.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) libsmb/nterr.o RPCTORTURE_OBJ = torture/rpctorture.o \ rpcclient/display.o \ @@ -601,13 +601,13 @@ RPCTORTURE_OBJ = torture/rpctorture.o \ rpcclient/cmd_samr.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ - $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(SECRETS_OBJ) \ - $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) + $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(SMBD_OBJ_SRV) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \ @@ -623,7 +623,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o $(PASSCHANGE_OBJ) -WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \ +WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) WINBIND_WINS_NSS_PICOBJS = $(WINBIND_WINS_NSS_OBJ:.o=.@PICSUFFIX@) @@ -634,7 +634,7 @@ LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.@PICSUFFIX@) PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \ $(DUMMYROOT_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SECRETS_OBJ) $(UBIQX_OBJ) $(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) + $(SECRETS_OBJ) $(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.@PICSUFFIX@) @@ -659,7 +659,7 @@ WINBINDD_OBJ1 = \ WINBINDD_OBJ = \ $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ $(PROFILE_OBJ) $(SLCACHE_OBJ) $(SMBLDAP_OBJ) \ $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ @@ -667,7 +667,7 @@ WINBINDD_OBJ = \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) WBINFO_OBJ = nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ - $(UBIQX_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) + $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) WINBIND_NSS_OBJ = $(WBCOMMON_OBJ) lib/replace1.o @WINBIND_NSS_EXTRA_OBJS@ @@ -1235,10 +1235,10 @@ bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(WBINFO_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ bin/ntlm_auth@EXEEXT@: $(NTLM_AUTH_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ - $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy + @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \ - $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(UBIQX_OBJ) $(LIBS) \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \ @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) @@ -1336,7 +1336,7 @@ installclientlib: installdirs libsmbclient # Python extensions PYTHON_OBJS = $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) $(RPC_PARSE_OBJ) \ - $(UBIQX_OBJ) $(LIBMSRPC_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(LIBMSRPC_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(SECRETS_OBJ) $(KRBCLIENT_OBJ) $(SMBLDAP_OBJ) $(DUMMYROOT_OBJ) PYTHON_PICOBJS = $(PYTHON_OBJS:.o=.@PICSUFFIX@) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b360d8e622..bf2c0353c0 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1217,7 +1217,7 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, */ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, + POLICY_HND *pol, DOM_SID *sid, uint32 *count, char ***privs_name) { prs_struct qbuf, rbuf; @@ -1225,6 +1225,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, LSA_R_ENUM_ACCT_RIGHTS r; NTSTATUS result; int i; + fstring *privileges; ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -1235,7 +1236,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); /* Marshall data and send request */ - init_q_enum_acct_rights(&q, pol, 2, &sid); + init_q_enum_acct_rights(&q, pol, 2, sid); if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { @@ -1257,9 +1258,16 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } + + privileges = TALLOC_ARRAY(mem_ctx, fstring, *count); *privs_name = TALLOC_ARRAY(mem_ctx, char *, *count); - for (i=0;i<*count;i++) { - pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); + for ( i=0; i<*count; i++ ) { + /* ensure NULL termination ... what a hack */ + pull_ucs2(NULL, privileges[i], r.rights.strings[i].string.buffer, + sizeof(fstring), r.rights.strings[i].string.uni_str_len*2 , 0); + + /* now copy to the return array */ + *privs_name[i] = talloc_strdup( mem_ctx, privileges[i] ); } done: diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 419ddb4734..7d60749ae2 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -573,7 +573,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, sid, &count, &rights); + result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c index f1e61ae9ba..5547925bc0 100644 --- a/source3/utils/net_rpc_rights.c +++ b/source3/utils/net_rpc_rights.c @@ -23,11 +23,154 @@ /******************************************************************** ********************************************************************/ +static NTSTATUS name_to_sid(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + DOM_SID *sid, const char *name) +{ + POLICY_HND pol; + uint32 *sid_types; + NTSTATUS result; + DOM_SID *sids; + + /* maybe its a raw SID */ + if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) + { + return NT_STATUS_OK; + } + + result = cli_lsa_open_policy(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + result = cli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + sid_copy( sid, &sids[0] ); + +done: + cli_lsa_close(cli, mem_ctx, &pol); + return result; +} + +/******************************************************************** +********************************************************************/ + +static NTSTATUS enum_privileges( TALLOC_CTX *ctx, struct cli_state *cli, + POLICY_HND *pol ) +{ + NTSTATUS result; + uint32 enum_context = 0; + uint32 pref_max_length=0x1000; + uint32 count=0; + char **privs_name; + uint32 *privs_high; + uint32 *privs_low; + int i; + uint16 lang_id=0; + uint16 lang_id_sys=0; + uint16 lang_id_desc; + fstring description; + + result = cli_lsa_enum_privilege(cli, ctx, pol, &enum_context, + pref_max_length, &count, &privs_name, &privs_high, &privs_low); + + if ( !NT_STATUS_IS_OK(result) ) + return result; + + /* Print results */ + + for (i = 0; i < count; i++) { + d_printf("%30s ", privs_name[i] ? privs_name[i] : "*unknown*" ); + + /* try to get the description */ + + if ( !NT_STATUS_IS_OK(cli_lsa_get_dispname(cli, ctx, pol, + privs_name[i], lang_id, lang_id_sys, description, &lang_id_desc)) ) + { + d_printf("??????\n"); + continue; + } + + d_printf("%s\n", description ); + } + + return NT_STATUS_OK; + +} + +/******************************************************************** +********************************************************************/ + +static NTSTATUS enum_privileges_for_user( TALLOC_CTX *ctx, struct cli_state *cli, + POLICY_HND *pol, DOM_SID *sid ) +{ + NTSTATUS result; + uint32 count; + char **rights; + int i; + + result = cli_lsa_enum_account_rights(cli, ctx, pol, sid, &count, &rights); + + if (!NT_STATUS_IS_OK(result)) + return result; + + for (i = 0; i < count; i++) { + printf("%30s\n", rights[i]); + } + + return NT_STATUS_OK; +} + +/******************************************************************** +********************************************************************/ + static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { - return NT_STATUS_OK; + POLICY_HND pol; + NTSTATUS result; + DOM_SID sid; + + result = cli_lsa_open_policy(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); + + if ( !NT_STATUS_IS_OK(result) ) + return result; + + switch (argc) { + case 0: + result = enum_privileges( mem_ctx, cli, &pol ); + break; + + case 1: + /* TODO: add special name 'accounts' which lists all privileged + SIDs and their associated rights */ + + result = name_to_sid(cli, mem_ctx, &sid, argv[0]); + if (!NT_STATUS_IS_OK(result)) + goto done; + result = enum_privileges_for_user( mem_ctx, cli, &pol, &sid ); + break; + + default: + if ( argc > 1 ) { + d_printf("Usage: net rpc rights list [name|SID]\n"); + result = NT_STATUS_OK; + } + } + + + + +done: + cli_lsa_close(cli, mem_ctx, &pol); + + return result; } /******************************************************************** @@ -37,7 +180,44 @@ static NTSTATUS rpc_rights_grant_internal( const DOM_SID *domain_sid, const char struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { - return NT_STATUS_OK; + POLICY_HND dom_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DOM_SID sid; + + if (argc < 2 ) { + d_printf("Usage: net rpc rights grant <name|SID> <rights...>\n"); + return NT_STATUS_OK; + } + + result = name_to_sid(cli, mem_ctx, &sid, argv[0]); + if (!NT_STATUS_IS_OK(result)) + return result; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + result = cli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid, + argc-1, argv+1); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + d_printf("Successfully granted rights.\n"); + + done: + if ( !NT_STATUS_IS_OK(result) ) { + d_printf("Failed to grant privileges for %s (%s)\n", + argv[0], nt_errstr(result)); + } + + cli_lsa_close(cli, mem_ctx, &dom_pol); + + return result; } /******************************************************************** @@ -47,8 +227,46 @@ static NTSTATUS rpc_rights_revoke_internal( const DOM_SID *domain_sid, const cha struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { - return NT_STATUS_OK; -} + POLICY_HND dom_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DOM_SID sid; + + if (argc < 2 ) { + d_printf("Usage: net rpc rights revoke <name|SID> <rights...>\n"); + return NT_STATUS_OK; + } + + result = name_to_sid(cli, mem_ctx, &sid, argv[0]); + if (!NT_STATUS_IS_OK(result)) + return result; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + result = cli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid, + False, argc-1, argv+1); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + d_printf("Successfully revoked rights.\n"); + +done: + if ( !NT_STATUS_IS_OK(result) ) { + d_printf("Failed to revoke privileges for %s (%s)", + argv[0], nt_errstr(result)); + } + + cli_lsa_close(cli, mem_ctx, &dom_pol); + + return result; +} + /******************************************************************** ********************************************************************/ |