diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-08-30 15:38:18 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-11 18:46:11 +1000 |
| commit | 9883993b66826d2f692ebdd3c928f4f7a0cddc7d (patch) | |
| tree | 7b7e52da490f28770e18d3e051c189efda748957 /source3/rpc_server | |
| parent | ad5ec58a714aba1f6c0894ca4e7207f1c5072949 (diff) | |
| download | samba-9883993b66826d2f692ebdd3c928f4f7a0cddc7d.tar.gz samba-9883993b66826d2f692ebdd3c928f4f7a0cddc7d.tar.bz2 samba-9883993b66826d2f692ebdd3c928f4f7a0cddc7d.zip | |
s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
This avoids us dealing with the privilege bitmap in the LSA server, and
overhauls much of the rest of the handling to be currnet with the modern
world of talloc.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 74 |
1 files changed, 18 insertions, 56 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index d0cf4e4716..49bdca7b7f 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -11,6 +11,7 @@ * Copyright (C) Gerald (Jerry) Carter 2005. * Copyright (C) Volker Lendecke 2005. * Copyright (C) Guenther Deschner 2008. + * Copyright (C) Andrew Bartlett 2010. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1831,11 +1832,8 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p, { NTSTATUS status = NT_STATUS_OK; struct lsa_info *info=NULL; - uint64_t mask; - PRIVILEGE_SET privileges; + PRIVILEGE_SET *privileges; struct lsa_PrivilegeSet *priv_set = NULL; - struct lsa_LUIDAttribute *luid_attrs = NULL; - int i; /* find the connection policy handle. */ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) @@ -1848,48 +1846,23 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p, if (!(info->access & LSA_ACCOUNT_VIEW)) return NT_STATUS_ACCESS_DENIED; - get_privileges_for_sids(&mask, &info->sid, 1); - - privilege_set_init( &privileges ); - - priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); - if (!priv_set) { - status = NT_STATUS_NO_MEMORY; - goto done; + status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, &info->sid); + if (!NT_STATUS_IS_OK(status)) { + return status; } - if ( se_priv_to_privilege_set( &privileges, mask ) ) { - - DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n", - sid_string_dbg(&info->sid), - privileges.count)); - - luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, - struct lsa_LUIDAttribute, - privileges.count); - if (!luid_attrs) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<privileges.count; i++) { - luid_attrs[i] = privileges.set[i]; - } - - priv_set->count = privileges.count; - priv_set->unknown = 0; - priv_set->set = luid_attrs; - - } else { - priv_set->count = 0; - priv_set->unknown = 0; - priv_set->set = NULL; + *r->out.privs = priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); + if (!priv_set) { + return NT_STATUS_NO_MEMORY; } - *r->out.privs = priv_set; + DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n", + sid_string_dbg(&info->sid), + privileges->count)); - done: - privilege_set_free( &privileges ); + priv_set->count = privileges->count; + priv_set->unknown = 0; + priv_set->set = talloc_move(priv_set, &privileges->set); return status; } @@ -2339,8 +2312,7 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p, NTSTATUS status; struct lsa_info *info = NULL; struct dom_sid sid; - PRIVILEGE_SET privileges; - uint64_t mask; + PRIVILEGE_SET *privileges; /* find the connection policy handle. */ @@ -2358,29 +2330,19 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p, /* according to an NT4 PDC, you can add privileges to SIDs even without call_lsa_create_account() first. And you can use any arbitrary SID. */ - sid_copy( &sid, r->in.sid ); - /* according to MS-LSAD 3.1.4.5.10 it is required to return * NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in * the lsa database */ - if (!get_privileges_for_sids(&mask, &sid, 1)) { - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } - - status = privilege_set_init(&privileges); + status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, r->in.sid); if (!NT_STATUS_IS_OK(status)) { return status; } - se_priv_to_privilege_set(&privileges, mask); - DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n", - sid_string_dbg(&sid), privileges.count)); - - status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges); + sid_string_dbg(&sid), privileges->count)); - privilege_set_free( &privileges ); + status = init_lsa_right_set(p->mem_ctx, r->out.rights, privileges); return status; } |