summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-14 06:17:33 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:25 -0500
commit916170d9dcf13f05bcbc3979f1bc74764bca4444 (patch)
tree55229aa55e40429049a034b57cea18ca813ab1bc /source4/rpc_server/lsa
parent463ba76d4440c7f229a51ef8e565a31107a55b2c (diff)
downloadsamba-916170d9dcf13f05bcbc3979f1bc74764bca4444.tar.gz
samba-916170d9dcf13f05bcbc3979f1bc74764bca4444.tar.bz2
samba-916170d9dcf13f05bcbc3979f1bc74764bca4444.zip
r4199: - added server side code for lsa_RemoveAccountRights (sharing code
with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c60
1 files changed, 42 insertions, 18 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 9f205d6ef0..af96b46102 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1029,25 +1029,22 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
/*
- lsa_AddAccountRights
+ helper for lsa_AddAccountRights and lsa_RemoveAccountRights
*/
-static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
- TALLOC_CTX *mem_ctx,
- struct lsa_AddAccountRights *r)
+static NTSTATUS lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_policy_state *state,
+ int ldb_flag,
+ const struct dom_sid *sid,
+ const struct lsa_RightSet *rights)
{
- struct dcesrv_handle *h;
- struct lsa_policy_state *state;
const char *sidstr;
struct ldb_message msg;
struct ldb_message_element el;
int i, ret;
const char *dn;
- DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
-
- state = h->data;
-
- sidstr = dom_sid_string(mem_ctx, r->in.sid);
+ sidstr = dom_sid_string(mem_ctx, sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1064,23 +1061,22 @@ static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
}
msg.num_elements = 1;
msg.elements = &el;
- el.flags = LDB_FLAG_MOD_ADD;
+ el.flags = ldb_flag;
el.name = talloc_strdup(mem_ctx, "privilege");
if (el.name == NULL) {
return NT_STATUS_NO_MEMORY;
}
- el.num_values = r->in.rights->count;
+ el.num_values = rights->count;
el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values);
if (el.values == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<el.num_values;i++) {
- if (sec_privilege_id(r->in.rights->names[i].string) == -1) {
+ if (sec_privilege_id(rights->names[i].string) == -1) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- el.values[i].length = strlen(r->in.rights->names[i].string);
- el.values[i].data = talloc_strdup(mem_ctx,
- r->in.rights->names[i].string);
+ el.values[i].length = strlen(rights->names[i].string);
+ el.values[i].data = talloc_strdup(mem_ctx, rights->names[i].string);
if (el.values[i].data == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1094,6 +1090,25 @@ static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
}
+/*
+ lsa_AddAccountRights
+*/
+static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_AddAccountRights *r)
+{
+ struct dcesrv_handle *h;
+ struct lsa_policy_state *state;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+ state = h->data;
+
+ return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
+ LDB_FLAG_MOD_ADD,
+ r->in.sid, r->in.rights);
+}
+
/*
lsa_RemoveAccountRights
@@ -1102,7 +1117,16 @@ static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_RemoveAccountRights *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct lsa_policy_state *state;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+ state = h->data;
+
+ return lsa_AddRemoveAccountRights(dce_call, mem_ctx, state,
+ LDB_FLAG_MOD_DELETE,
+ r->in.sid, r->in.rights);
}