diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-15 03:54:03 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:54 -0500 |
| commit | ff909274787a92fcdb0ed36bab097f7d2ae07036 (patch) | |
| tree | b41eadef6832bed2cba4d9be555d258ed2975b67 /source3/rpc_server/srv_lsa_nt.c | |
| parent | c727866172b5abb1cab0913eb78f3f1d58fcb9aa (diff) | |
| download | samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.gz samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.bz2 samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.zip | |
r4746: add server support for lsa_enum_acct_rights(); last checkin for the night
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index d5bddef739..304e1d363c 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1370,9 +1370,6 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; - /* according to an NT4 PDC, you can add privileges to SIDs even without - call_lsa_create_account() first. And you can use any arbitrary SID. */ - sid_copy( &sid, &q_u->sid.sid ); if ( q_u->removeall ) { @@ -1395,7 +1392,7 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, /* only try to add non-null strings */ if ( *privname && !revoke_privilege_by_name( &sid, privname ) ) { - DEBUG(2,("_lsa_remove_acct_rights: Failed to add privilege [%s]\n", privname )); + DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname )); return NT_STATUS_NO_SUCH_PRIVILEGE; } } @@ -1404,3 +1401,32 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, } +NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info = NULL; + DOM_SID sid; + PRIVILEGE_SET privileges; + + + /* find the connection policy handle. */ + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + /* according to an NT4 PDC, you can add privileges to SIDs even without + call_lsa_create_account() first. And you can use any arbitrary SID. */ + + sid_copy( &sid, &q_u->sid.sid ); + + privilege_set_init( &privileges ); + + get_privileges_for_sids( &privileges, &sid, 1 ); + + r_u->status = init_r_enum_acct_rights( r_u, &privileges ); + + privilege_set_free( &privileges ); + + return r_u->status; +} + + |