diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-12-14 17:31:48 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-12-14 17:31:48 +0000 |
| commit | 689144c631da01b4532ade7feb222e94bd8678ac (patch) | |
| tree | cbf49ee1288aba2871f31469305dfd18c01412a8 /source3/rpc_server/srv_lsa_nt.c | |
| parent | 968e2a2976c29b5f40d91cf81e921bc30e5f0b9f (diff) | |
| download | samba-689144c631da01b4532ade7feb222e94bd8678ac.tar.gz samba-689144c631da01b4532ade7feb222e94bd8678ac.tar.bz2 samba-689144c631da01b4532ade7feb222e94bd8678ac.zip | |
add lsa_query_secobj server code. level 4 is the ACL, level 1 is the
owner. that's basic stuff.
got the POLICY_ define from TNG but they are also in an include file in
the NT SDK.
J.F.
(This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index da5597132d..d5ea156eb6 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -913,3 +913,73 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP return r_u->status; } +/*************************************************************************** + For a given SID, remove some privileges. + ***************************************************************************/ + +NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u) +{ + struct lsa_info *info=NULL; + extern DOM_SID global_sid_World; + extern DOM_SID global_sid_Builtin; + DOM_SID adm_sid; + + SEC_ACE ace[2]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + SEC_DESC *psd = NULL; + size_t sd_size; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + + switch (q_u->sec_info) { + case 1: + /* SD contains only the owner */ + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + if((psd = make_sec_desc(p->mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, NULL, &sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; + break; + case 4: + /* SD contains only the ACL */ + + init_sec_access(&mask, POLICY_EXECUTE); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + init_sec_access(&mask, POLICY_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if((psa = make_sec_acl(p->mem_ctx, NT4_ACL_REVISION, 2, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if((psd = make_sec_desc(p->mem_ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, &sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; + break; + default: + return NT_STATUS_INVALID_LEVEL; + break; + } + + r_u->ptr=1; + + return r_u->status; +} + + |