diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-14 06:17:33 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:25 -0500 |
commit | 916170d9dcf13f05bcbc3979f1bc74764bca4444 (patch) | |
tree | 55229aa55e40429049a034b57cea18ca813ab1bc /source4/rpc_server/lsa | |
parent | 463ba76d4440c7f229a51ef8e565a31107a55b2c (diff) | |
download | samba-916170d9dcf13f05bcbc3979f1bc74764bca4444.tar.gz samba-916170d9dcf13f05bcbc3979f1bc74764bca4444.tar.bz2 samba-916170d9dcf13f05bcbc3979f1bc74764bca4444.zip |
r4199: - added server side code for lsa_RemoveAccountRights (sharing code
with lsa_AddAccountRights)
(This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 60 |
1 files changed, 42 insertions, 18 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 9f205d6ef0..af96b46102 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1029,25 +1029,22 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, /* - lsa_AddAccountRights + helper for lsa_AddAccountRights and lsa_RemoveAccountRights */ -static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, - TALLOC_CTX *mem_ctx, - struct lsa_AddAccountRights *r) +static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_policy_state *state, + int ldb_flag, + const struct dom_sid *sid, + const struct lsa_RightSet *rights) { - struct dcesrv_handle *h; - struct lsa_policy_state *state; const char *sidstr; struct ldb_message msg; struct ldb_message_element el; int i, ret; const char *dn; - DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); - - state = h->data; - - sidstr = dom_sid_string(mem_ctx, r->in.sid); + sidstr = dom_sid_string(mem_ctx, sid); if (sidstr == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1064,23 +1061,22 @@ static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, } msg.num_elements = 1; msg.elements = ⪙ - el.flags = LDB_FLAG_MOD_ADD; + el.flags = ldb_flag; el.name = talloc_strdup(mem_ctx, "privilege"); if (el.name == NULL) { return NT_STATUS_NO_MEMORY; } - el.num_values = r->in.rights->count; + el.num_values = rights->count; el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values); if (el.values == NULL) { return NT_STATUS_NO_MEMORY; } for (i=0;i<el.num_values;i++) { - if (sec_privilege_id(r->in.rights->names[i].string) == -1) { + if (sec_privilege_id(rights->names[i].string) == -1) { return NT_STATUS_NO_SUCH_PRIVILEGE; } - el.values[i].length = strlen(r->in.rights->names[i].string); - el.values[i].data = talloc_strdup(mem_ctx, - r->in.rights->names[i].string); + el.values[i].length = strlen(rights->names[i].string); + el.values[i].data = talloc_strdup(mem_ctx, rights->names[i].string); if (el.values[i].data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1094,6 +1090,25 @@ static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; } +/* + lsa_AddAccountRights +*/ +static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_AddAccountRights *r) +{ + struct dcesrv_handle *h; + struct lsa_policy_state *state; + + DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); + + state = h->data; + + return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, + LDB_FLAG_MOD_ADD, + r->in.sid, r->in.rights); +} + /* lsa_RemoveAccountRights @@ -1102,7 +1117,16 @@ static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_RemoveAccountRights *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + struct lsa_policy_state *state; + + DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); + + state = h->data; + + return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state, + LDB_FLAG_MOD_DELETE, + r->in.sid, r->in.rights); } |