r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )

* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
  to give back better error messages.
(This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)

1 files changed, 37 insertions, 13 deletions

diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c
index ce95226951..3a986ed251 100644
--- a/source3/utils/net_rpc_rights.c
+++ b/source3/utils/net_rpc_rights.c
@@ -284,16 +284,23 @@ static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char
 	POLICY_HND pol;
 	NTSTATUS result;
 	DOM_SID sid;
+	fstring privname;
+	fstring description;
+	uint16 lang_id = 0;
+	uint16 lang_id_sys = 0;
+	uint16 lang_id_desc;
+	
 	
 	result = cli_lsa_open_policy(cli, mem_ctx, True, 
 		SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
 
 	if ( !NT_STATUS_IS_OK(result) )
 		return result;
-		
+	
+	/* backwards compatibility; just list available privileges if no arguement */
+	   
 	if (argc == 0) {
-		d_printf("Usage: net rpc rights list [accounts|privileges] [name|SID]\n");
-		result = NT_STATUS_OK;
+		result = enum_privileges( mem_ctx, cli, &pol );
 		goto done;
 	}
 
@@ -305,18 +312,35 @@ static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char
 			goto done;
 		}
 
-		while (argv[i] != NULL) {
-			result = enum_accounts_for_privilege(mem_ctx, cli, &pol, argv[i]);
+		while ( argv[i] != NULL ) 
+		{
+			fstrcpy( privname, argv[i] );
+			i++;
+		
+			/* verify that this is a valid privilege for error reporting */
+			
+			result = cli_lsa_get_dispname(cli, mem_ctx, &pol, privname, lang_id, 
+				lang_id_sys, description, &lang_id_desc);
+			
+			if ( !NT_STATUS_IS_OK(result) ) {
+				if ( NT_STATUS_EQUAL( result, NT_STATUS_NO_SUCH_PRIVILEGE ) ) 
+					d_printf("No such privilege exists: %s.\n", privname);
+				else
+					d_printf("Error resolving privilege display name [%s].\n", nt_errstr(result));
+				continue;
+			}
+			
+			result = enum_accounts_for_privilege(mem_ctx, cli, &pol, privname);
 			if (!NT_STATUS_IS_OK(result)) {
-				goto done;
+				d_printf("Error enumerating accounts for privilege %s [%s].\n", 
+					privname, nt_errstr(result));
+				continue;
 			}
-			i++;
 		}
 		goto done;
 	}
 
-	/* special case to enuemrate all privileged SIDs 
-	   with associated rights */
+	/* special case to enumerate all privileged SIDs with associated rights */
 	
 	if (strequal( argv[0], "accounts")) {
 		int i = 1;
@@ -343,7 +367,7 @@ static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char
 	/* backward comaptibility: if no keyword provided, treat the key
 	   as an account name */
 	if (argc > 1) {
-		d_printf("Usage: net rpc rights list [accounts|privileges] [name|SID]\n");
+		d_printf("Usage: net rpc rights list [[accounts|privileges] [name|SID]]\n");
 		result = NT_STATUS_OK;
 		goto done;
 	}
@@ -487,9 +511,9 @@ static int rpc_rights_revoke( int argc, const char **argv )
 
 static int net_help_rights( int argc, const char **argv )
 {
-	d_printf("net rpc rights list [accounts|username]   View available or assigned privileges\n");
-	d_printf("net rpc rights grant <name|SID> <right>   Assign privilege[s]\n");
-	d_printf("net rpc rights revoke <name|SID> <right>  Revoke privilege[s]\n");
+	d_printf("net rpc rights list [{accounts|privileges} [name|SID]]   View available or assigned privileges\n");
+	d_printf("net rpc rights grant <name|SID> <right>                  Assign privilege[s]\n");
+	d_printf("net rpc rights revoke <name|SID> <right>                 Revoke privilege[s]\n");
 	
 	d_printf("\nBoth 'grant' and 'revoke' require a SID and a list of privilege names.\n");
 	d_printf("For example\n");