diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-01-15 07:40:40 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-01-15 07:40:40 +0000 |
commit | eb6312af9fcf91b7709af50b499bc3b01eddeee5 (patch) | |
tree | 6f20a72d565c45f6a793f40d7434706564cd104e /source3/rpc_client/cli_lsarpc.c | |
parent | 0a8b4417bcb73b9146c5eb60fdede8d8cbbb437d (diff) | |
download | samba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.tar.gz samba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.tar.bz2 samba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.zip |
added cli_lsa_enum_account_rights() call. Note that this is in
principal similar to the existing cli_lsa_enum_privsaccount() call,
except that cli_lsa_enum_account_rights() doesn't require a call to
open_account first. There is also the minor matter that
cli_lsa_enum_account_rights() works whereas
cli_lsa_enum_privsaccount() doesn't!
this call can be used to find what privileges an account or group
has. This is a first step towards proper privileges support in Samba.
(This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
Diffstat (limited to 'source3/rpc_client/cli_lsarpc.c')
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 6d1d56ee84..2b65c67f15 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1150,6 +1150,63 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Enumerate account rights This is similar to enum_privileges but + takes a SID directly, avoiding the open_account call. +*/ + +NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID sid, + uint32 *count, char ***privs_name) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_ACCT_RIGHTS q; + LSA_R_ENUM_ACCT_RIGHTS r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + init_q_enum_acct_rights(&q, pol, 2, &sid); + + if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!lsa_io_r_enum_acct_rights("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *count = r.count; + if (! *count) { + goto done; + } + + *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **)); + for (i=0;i<*count;i++) { + pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); + } + +done: + + return result; +} + + #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN |