diff options
author | Jeremy Allison <jra@samba.org> | 2008-02-08 17:00:31 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-02-08 17:00:31 -0800 |
commit | c7f34889591174ae335a37ab62747afab8fc418c (patch) | |
tree | 3dacbead8b7c8425e0e69bcebaa82b810f70976d /source3/rpc_server | |
parent | 7a694af2f4581b6ca96745f7b82318cb75d26d6e (diff) | |
parent | 5da927716a857ce686f3b75476671d32f047d2c0 (diff) | |
download | samba-c7f34889591174ae335a37ab62747afab8fc418c.tar.gz samba-c7f34889591174ae335a37ab62747afab8fc418c.tar.bz2 samba-c7f34889591174ae335a37ab62747afab8fc418c.zip |
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
(This used to be commit 33a9859cbdb0dac035af36aa561b6acb24196c86)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 72 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 46 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 88 |
3 files changed, 81 insertions, 125 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 5811d8535b..24bc65c51a 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -316,29 +316,7 @@ static bool api_lsa_create_account(pipes_struct *p) static bool api_lsa_open_account(pipes_struct *p) { - LSA_Q_OPENACCOUNT q_u; - LSA_R_OPENACCOUNT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_open_account("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n")); - return False; - } - - r_u.status = _lsa_open_account(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_open_account("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_OPENACCOUNT); } /*************************************************************************** @@ -378,29 +356,7 @@ static bool api_lsa_enum_privsaccount(pipes_struct *p) static bool api_lsa_getsystemaccount(pipes_struct *p) { - LSA_Q_GETSYSTEMACCOUNT q_u; - LSA_R_GETSYSTEMACCOUNT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n")); - return False; - } - - r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_GETSYSTEMACCESSACCOUNT); } @@ -410,29 +366,7 @@ static bool api_lsa_getsystemaccount(pipes_struct *p) static bool api_lsa_setsystemaccount(pipes_struct *p) { - LSA_Q_SETSYSTEMACCOUNT q_u; - LSA_R_SETSYSTEMACCOUNT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n")); - return False; - } - - r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_SETSYSTEMACCESSACCOUNT); } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index c197f20bfe..247a52df46 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1655,16 +1655,17 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, /*************************************************************************** - Lsa Open Account + _lsa_OpenAccount ***************************************************************************/ -NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u) +NTSTATUS _lsa_OpenAccount(pipes_struct *p, + struct lsa_OpenAccount *r) { struct lsa_info *handle; struct lsa_info *info; /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) return NT_STATUS_INVALID_HANDLE; /* check if the user have enough rights */ @@ -1686,11 +1687,11 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC return NT_STATUS_NO_MEMORY; ZERO_STRUCTP(info); - info->sid = q_u->sid.sid; - info->access = q_u->access; + info->sid = *r->in.sid; + info->access = r->in.access_mask; /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) + if (!create_policy_hnd(p, *r->out.acct_handle, free_lsa_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; return NT_STATUS_OK; @@ -1732,16 +1733,17 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS } /*************************************************************************** - + _lsa_GetSystemAccessAccount ***************************************************************************/ -NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u) +NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, + struct lsa_GetSystemAccessAccount *r) { struct lsa_info *info=NULL; /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info)) + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL)) @@ -1756,7 +1758,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA they can be ORed together */ - r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK; + *r->out.access_mask = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK; return NT_STATUS_OK; } @@ -1765,14 +1767,14 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA update the systemaccount information ***************************************************************************/ -NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u) +NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, + struct lsa_SetSystemAccessAccount *r) { struct lsa_info *info=NULL; GROUP_MAP map; - r_u->status = NT_STATUS_OK; /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info)) + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; /* check to see if the pipe_user is a Domain Admin since @@ -2240,12 +2242,6 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r) return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_OpenAccount(pipes_struct *p, struct lsa_OpenAccount *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, struct lsa_EnumPrivsAccount *r) { p->rng_fault_state = True; @@ -2276,18 +2272,6 @@ NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccoun return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, struct lsa_GetSystemAccessAccount *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, struct lsa_SetSystemAccessAccount *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r) { p->rng_fault_state = True; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 9ed7014bff..4c242dc323 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -586,8 +586,9 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) ) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function( info->acc_granted, - SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_OpenDomain" ); + status = access_check_samr_function(info->acc_granted, + SA_RIGHT_SAM_OPEN_DOMAIN, + "_samr_OpenDomain" ); if ( !NT_STATUS_IS_OK(status) ) return status; @@ -728,7 +729,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_SetSecurity"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_USER_SET_ATTRIBUTES, + "_samr_SetSecurity"); if (NT_STATUS_IS_OK(status)) { become_root(); status = pdb_update_sam_account(sampass); @@ -1550,9 +1553,9 @@ NTSTATUS _samr_LookupNames(pipes_struct *p, /******************************************************************* _samr_ChangePasswordUser2 ********************************************************************/ + NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, struct samr_ChangePasswordUser2 *r) - { NTSTATUS status; fstring user_name; @@ -1577,8 +1580,12 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, * is case insensitive. */ - status = pass_oem_change(user_name, r->in.lm_password->data, r->in.lm_verifier->hash, - r->in.nt_password->data, r->in.nt_verifier->hash, NULL); + status = pass_oem_change(user_name, + r->in.lm_password->data, + r->in.lm_verifier->hash, + r->in.nt_password->data, + r->in.nt_verifier->hash, + NULL); DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__)); @@ -1825,8 +1832,9 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) ) return NT_STATUS_INVALID_HANDLE; - nt_status = access_check_samr_function( acc_granted, - SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenUser" ); + nt_status = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + "_samr_OpenUser" ); if ( !NT_STATUS_IS_OK(nt_status) ) return nt_status; @@ -2940,6 +2948,7 @@ NTSTATUS _samr_Connect5(pipes_struct *p, /********************************************************************** _samr_LookupDomain **********************************************************************/ + NTSTATUS _samr_LookupDomain(pipes_struct *p, struct samr_LookupDomain *r) { @@ -3079,7 +3088,8 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(acc_granted, - SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenAlias"); + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + "_samr_OpenAlias"); if ( !NT_STATUS_IS_OK(status) ) return status; @@ -3894,8 +3904,12 @@ NTSTATUS _samr_GetAliasMembership(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; - ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_GetAliasMembership"); - ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_GetAliasMembership"); + ntstatus1 = access_check_samr_function(info->acc_granted, + SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, + "_samr_GetAliasMembership"); + ntstatus2 = access_check_samr_function(info->acc_granted, + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + "_samr_GetAliasMembership"); if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) { if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) && @@ -3960,7 +3974,9 @@ NTSTATUS _samr_GetMembersInAlias(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, NULL)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_GetMembersInAlias"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_ALIAS_GET_MEMBERS, + "_samr_GetMembersInAlias"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4026,7 +4042,9 @@ NTSTATUS _samr_QueryGroupMember(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_QueryGroupMember"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_GROUP_GET_MEMBERS, + "_samr_QueryGroupMember"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4088,7 +4106,9 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_AddAliasMember"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_ALIAS_ADD_MEMBER, + "_samr_AddAliasMember"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4135,7 +4155,9 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_DeleteAliasMember"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_ALIAS_REMOVE_MEMBER, + "_samr_DeleteAliasMember"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4184,7 +4206,9 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_AddGroupMember"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_GROUP_ADD_MEMBER, + "_samr_AddGroupMember"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4242,7 +4266,9 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_DeleteGroupMember"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_GROUP_REMOVE_MEMBER, + "_samr_DeleteGroupMember"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4294,7 +4320,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteUser"); + status = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, + "_samr_DeleteUser"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4379,7 +4407,9 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomainGroup"); + status = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, + "_samr_DeleteDomainGroup"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4446,7 +4476,9 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle)); - status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomAlias"); + status = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, + "_samr_DeleteDomAlias"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4513,7 +4545,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_CreateDomainGroup"); + status = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_CREATE_GROUP, + "_samr_CreateDomainGroup"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4593,7 +4627,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - result = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_CreateDomAlias"); + result = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_CREATE_ALIAS, + "_samr_CreateDomAlias"); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -4982,7 +5018,8 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(acc_granted, - SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenGroup"); + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + "_samr_OpenGroup"); if ( !NT_STATUS_IS_OK(status) ) return status; @@ -5053,8 +5090,9 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p, &acc_granted, &disp_info)) return NT_STATUS_INVALID_HANDLE; - result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, - "_samr_RemoveMemberFromForeignDomain"); + result = access_check_samr_function(acc_granted, + STD_RIGHT_DELETE_ACCESS, + "_samr_RemoveMemberFromForeignDomain"); if (!NT_STATUS_IS_OK(result)) return result; |