diff options
author | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
---|---|---|
committer | Jean-François Micouleau <jfm@samba.org> | 2001-11-23 15:11:22 +0000 |
commit | 2527f5ef52400294c98b4f4345a4f18b981ff22f (patch) | |
tree | a0e8a08df31ecdc845582a809b5a54fde3cd73dc /source3/rpc_server | |
parent | d05bbf042209b737e42a5daa8d59236d351ec8d0 (diff) | |
download | samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.gz samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.tar.bz2 samba-2527f5ef52400294c98b4f4345a4f18b981ff22f.zip |
Changed how the privileges are stored in the group mapping code. It's now
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 2 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f221582d86..03d48aa5e7 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -543,7 +543,7 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV return NT_STATUS_INVALID_HANDLE; if (enum_context >= PRIV_ALL_INDEX) - return NT_STATUS_UNABLE_TO_FREE_VM; + return NT_STATUS_NO_MORE_ENTRIES; entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX)); if (entries==NULL) @@ -625,6 +625,9 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED)) return NT_STATUS_OK; + if (q_u->enum_context >= num_entries) + return NT_STATUS_NO_MORE_ENTRIES; + sids->ptr_sid = (uint32 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(uint32)); sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2)); @@ -707,7 +710,7 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC } /*************************************************************************** - + For a given SID, enumerate all the privilege this account has. ***************************************************************************/ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u) @@ -729,7 +732,7 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS return NT_STATUS_NO_SUCH_GROUP; for (i=1; privs[i].se_priv!=SE_PRIV_ALL; i++) { - if ( (map.privilege & privs[i].se_priv) == privs[i].se_priv) { + if ( check_priv_in_privilege(map.privileges, privs[i].se_priv)) { set=(LUID_ATTR *)talloc_realloc(p->mem_ctx, set, (count+1)*sizeof(LUID_ATTR)); if (set == NULL) return NT_STATUS_NO_MEMORY; @@ -738,8 +741,7 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS set[count].luid.high=1; set[count].attr=0; - count++; - + count++; } } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c872c9f99f..f1f3040ba4 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -810,7 +810,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM /* well-known aliases */ if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) { - enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ALL_MAPPED); + enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED); if (num_entries != 0) { *d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP)); |