r4746: add server support for lsa_enum_acct_rights(); last checkin for the night

(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
author: Gerald Carter <jerry@samba.org> 2005-01-15 03:54:03 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 10:53:54 -0500
commit: ff909274787a92fcdb0ed36bab097f7d2ae07036 (patch)
tree: b41eadef6832bed2cba4d9be555d258ed2975b67 /source3
parent: c727866172b5abb1cab0913eb78f3f1d58fcb9aa (diff)
download: samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.gz
samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.bz2
samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.zip
5 files changed, 105 insertions, 19 deletions
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 6ebada94d7..6b6581b4a7 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -2092,3 +2092,19 @@ void string_append(char **left, const char *right)
 
 	safe_strcat(*left, right, new_len-1);
 }
+
+BOOL add_string_to_array(TALLOC_CTX *mem_ctx,
+			 const char *str, const char ***strings,
+			 int *num)
+{
+	char *dup_str = talloc_strdup(mem_ctx, str);
+
+	*strings = TALLOC_REALLOC_ARRAY(mem_ctx, *strings, const char *, (*num)+1);
+
+	if ((*strings == NULL) || (dup_str == NULL))
+		return False;
+
+	(*strings)[*num] = dup_str;
+	*num += 1;
+	return True;
+}
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 3b7459ab1d..9822d8d10e 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -446,21 +446,6 @@ static BOOL add_one_dc_unique(TALLOC_CTX *mem_ctx, const char *domain_name,
 	return True;
 }
 
-static BOOL add_string_to_array(TALLOC_CTX *mem_ctx,
-				const char *str, char ***array, int *num)
-{
-	char *dup_str = talloc_strdup(mem_ctx, str);
-
-	*array = TALLOC_REALLOC_ARRAY(mem_ctx, *array, char *, (*num)+1);
-
-	if ((*array == NULL) || (dup_str == NULL))
-		return False;
-
-	(*array)[*num] = dup_str;
-	*num += 1;
-	return True;
-}
-
 static BOOL add_sockaddr_to_array(TALLOC_CTX *mem_ctx,
 				  struct in_addr ip, uint16 port,
 				  struct sockaddr_in **addrs, int *num)
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index a4a3917d2e..c4ff240cef 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -2300,6 +2300,33 @@ void init_q_enum_acct_rights(LSA_Q_ENUM_ACCT_RIGHTS *q_q,
 }
 
 /*******************************************************************
+********************************************************************/
+NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *r_u, PRIVILEGE_SET *privileges )
+{
+	uint32 i;
+	char *privname;
+	const char **privname_array = NULL;
+	int num_priv = 0;
+
+	for ( i=0; i<privileges->count; i++ ) {
+		privname = luid_to_privilege_name( &privileges->set[i].luid );
+		if ( privname ) {
+			if ( !add_string_to_array( get_talloc_ctx(), privname, &privname_array, &num_priv ) ) 
+				return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if ( num_priv ) {
+		if ( !init_unistr2_array( &r_u->rights, num_priv, privname_array ) ) 
+			return NT_STATUS_NO_MEMORY;
+
+		r_u->count = num_priv;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
 reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure.
 ********************************************************************/
 BOOL lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *q_q, prs_struct *ps, int depth)
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index e250677534..e3c7832aac 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -704,6 +704,37 @@ static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
 }
 
 /***************************************************************************
+ api_lsa_enum_acct_rights
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
+{
+	LSA_Q_ENUM_ACCT_RIGHTS q_u;
+	LSA_R_ENUM_ACCT_RIGHTS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
  api_lsa_query_info2
  ***************************************************************************/
 
@@ -761,6 +792,7 @@ static struct api_struct api_lsa_cmds[] =
 	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
 	{ "LSA_ADDACCTRIGHTS"   , LSA_ADDACCTRIGHTS   , api_lsa_add_acct_rights    },
 	{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
+	{ "LSA_ENUMACCTRIGHTS"  , LSA_ENUMACCTRIGHTS  , api_lsa_enum_acct_rights },
 	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
 	/* be careful of the adding of new RPC's.  See commentrs below about
 	   ADS DC capabilities                                               */
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index d5bddef739..304e1d363c 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1370,9 +1370,6 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
 	if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 		return NT_STATUS_ACCESS_DENIED;
 
-	/* according to an NT4 PDC, you can add privileges to SIDs even without
-	   call_lsa_create_account() first.  And you can use any arbitrary SID. */
-	   
 	sid_copy( &sid, &q_u->sid.sid );
 
 	if ( q_u->removeall ) {
@@ -1395,7 +1392,7 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
 		/* only try to add non-null strings */
 		
 		if ( *privname && !revoke_privilege_by_name( &sid, privname ) ) {
-			DEBUG(2,("_lsa_remove_acct_rights: Failed to add privilege [%s]\n", privname ));
+			DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname ));
 			return NT_STATUS_NO_SUCH_PRIVILEGE;
 		}
 	}
@@ -1404,3 +1401,32 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
 }
 
 
+NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+{
+	struct lsa_info *info = NULL;
+	DOM_SID sid;
+	PRIVILEGE_SET privileges;
+	
+
+	/* find the connection policy handle. */
+	
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+		
+	/* according to an NT4 PDC, you can add privileges to SIDs even without
+	   call_lsa_create_account() first.  And you can use any arbitrary SID. */
+	   
+	sid_copy( &sid, &q_u->sid.sid );
+	
+	privilege_set_init( &privileges );
+
+	get_privileges_for_sids( &privileges, &sid, 1 );
+
+	r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+
+	privilege_set_free( &privileges );
+
+	return r_u->status;
+}
+
+
author	Gerald Carter <jerry@samba.org>	2005-01-15 03:54:03 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 10:53:54 -0500
commit	ff909274787a92fcdb0ed36bab097f7d2ae07036 (patch)
tree	b41eadef6832bed2cba4d9be555d258ed2975b67 /source3
parent	c727866172b5abb1cab0913eb78f3f1d58fcb9aa (diff)
download	samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.gz samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.tar.bz2 samba-ff909274787a92fcdb0ed36bab097f7d2ae07036.zip