diff options
| author | Andrew Tridgell <tridge@samba.org> | 2003-01-28 21:31:45 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2003-01-28 21:31:45 +0000 |
| commit | 79b26867c0ff712e9400f06fdb0a65bcb5e668b7 (patch) | |
| tree | 9a5cf66cb51cf255321d3e3d419bfe1d1552d4b1 /source3/rpcclient | |
| parent | 4571637a4bdd0d63367186f5612e49934fe568f6 (diff) | |
| download | samba-79b26867c0ff712e9400f06fdb0a65bcb5e668b7.tar.gz samba-79b26867c0ff712e9400f06fdb0a65bcb5e668b7.tar.bz2 samba-79b26867c0ff712e9400f06fdb0a65bcb5e668b7.zip | |
added LsaRemoveAccountRights
this now gives us complete remove privileges control in the client
libs, so we are in good shape for starting on the server side.
(This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)
Diffstat (limited to 'source3/rpcclient')
| -rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 991e56fece..8afeb8e83b 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -578,6 +578,44 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli, } +/* remove some privileges to a SID via LsaRemoveAccountRights */ + +static NTSTATUS cmd_lsa_remove_acct_rights(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + POLICY_HND dom_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + DOM_SID sid; + + if (argc < 3 ) { + printf("Usage: %s SID [rights...]\n", argv[0]); + return NT_STATUS_OK; + } + + result = name_to_sid(cli, mem_ctx, &sid, argv[1]); + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid, + False, argc-2, argv+2); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + done: + return result; +} + + /* Get a privilege value given its name */ static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli, @@ -665,7 +703,8 @@ struct cmd_set lsarpc_commands[] = { { "lsaenumsid", cmd_lsa_enum_sids, PI_LSARPC, "Enumerate the LSA SIDS", "" }, { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", cmd_lsa_enum_acct_rights, PI_LSARPC, "Enumerate the rights of an SID", "" }, - { "lsaaddacctrights", cmd_lsa_add_acct_rights, PI_LSARPC, "Add rights to an account", "" }, + { "lsaaddacctrights", cmd_lsa_add_acct_rights, PI_LSARPC, "Add rights to an account", "" }, + { "lsaremoveacctrights", cmd_lsa_remove_acct_rights, PI_LSARPC, "Remove rights from an account", "" }, { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PI_LSARPC, "Get a privilege value given its name", "" }, { "lsaquerysecobj", cmd_lsa_query_secobj, PI_LSARPC, "Query LSA security object", "" }, |