summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_lsarpc.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-01-15 07:40:40 +0000
committerAndrew Tridgell <tridge@samba.org>2003-01-15 07:40:40 +0000
commiteb6312af9fcf91b7709af50b499bc3b01eddeee5 (patch)
tree6f20a72d565c45f6a793f40d7434706564cd104e /source3/rpc_client/cli_lsarpc.c
parent0a8b4417bcb73b9146c5eb60fdede8d8cbbb437d (diff)
downloadsamba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.tar.gz
samba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.tar.bz2
samba-eb6312af9fcf91b7709af50b499bc3b01eddeee5.zip
added cli_lsa_enum_account_rights() call. Note that this is in
principal similar to the existing cli_lsa_enum_privsaccount() call, except that cli_lsa_enum_account_rights() doesn't require a call to open_account first. There is also the minor matter that cli_lsa_enum_account_rights() works whereas cli_lsa_enum_privsaccount() doesn't! this call can be used to find what privileges an account or group has. This is a first step towards proper privileges support in Samba. (This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
Diffstat (limited to 'source3/rpc_client/cli_lsarpc.c')
-rw-r--r--source3/rpc_client/cli_lsarpc.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 6d1d56ee84..2b65c67f15 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -1150,6 +1150,63 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+
+/* Enumerate account rights This is similar to enum_privileges but
+ takes a SID directly, avoiding the open_account call.
+*/
+
+NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID sid,
+ uint32 *count, char ***privs_name)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_ACCT_RIGHTS q;
+ LSA_R_ENUM_ACCT_RIGHTS r;
+ NTSTATUS result;
+ int i;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+ init_q_enum_acct_rights(&q, pol, 2, &sid);
+
+ if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ if (!lsa_io_r_enum_acct_rights("", &r, &rbuf, 0)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+
+ *count = r.count;
+ if (! *count) {
+ goto done;
+ }
+
+ *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **));
+ for (i=0;i<*count;i++) {
+ pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer);
+ }
+
+done:
+
+ return result;
+}
+
+
#if 0
/** An example of how to use the routines in this file. Fetch a DOMAIN