diff options
| author | Andrew Tridgell <tridge@samba.org> | 2003-02-12 09:14:35 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2003-02-12 09:14:35 +0000 |
| commit | faf30e69ae0a54a770ef230c0ebae802c0a86be4 (patch) | |
| tree | 2b95db3b72331eb12f4177e333355ffb3b74b41a /source3/rpc_server | |
| parent | ce7db9bdcc8ed1333812b95a672e946aeb986bdc (diff) | |
| download | samba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.tar.gz samba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.tar.bz2 samba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.zip | |
initial server side privileges implementation, using a tdb. This needs to be hooked into pdb, and we need some access control on changing privileges. That's next
(This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 57e8177bc6..b230381d62 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1270,6 +1270,7 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA struct lsa_info *info=NULL; char **rights = NULL; int num_rights = 0; + int i; r_u->status = NT_STATUS_OK; @@ -1277,8 +1278,15 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights); + init_r_enum_acct_rights(r_u, num_rights, rights); + for (i=0;i<num_rights;i++) { + free(rights[i]); + } + safe_free(rights); + return r_u->status; } @@ -1304,10 +1312,12 @@ NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p, DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right)); - /* no backend db yet .... */ + r_u->status = privilege_enum_account_with_right(right, &count, &sids); init_r_enum_acct_with_right(r_u, count, sids); + safe_free(sids); + return r_u->status; } @@ -1325,8 +1335,6 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - /* no backend yet - just print them */ - DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", sid_string_static(&q_u->sid.sid), q_u->rights.count)); @@ -1334,6 +1342,17 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); } + + for (i=0;i<q_u->rights.count;i++) { + r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string), + &q_u->sid.sid); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(2,("Failed to add right '%s'\n", + unistr2_static(&q_u->rights.strings[i].string))); + break; + } + } + init_r_add_acct_rights(r_u); return r_u->status; @@ -1355,8 +1374,6 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, return NT_STATUS_INVALID_HANDLE; - /* no backend yet - just print them */ - DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", sid_string_static(&q_u->sid.sid), q_u->removeall, @@ -1366,6 +1383,16 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); } + for (i=0;i<q_u->rights.count;i++) { + r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string), + &q_u->sid.sid); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(2,("Failed to remove right '%s'\n", + unistr2_static(&q_u->rights.strings[i].string))); + break; + } + } + init_r_remove_acct_rights(r_u); return r_u->status; |