diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2008-10-20 15:50:07 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-10-20 20:07:09 +1100 |
commit | b789ff950f054ede2ef1dfaf94f8ddff062c092b (patch) | |
tree | b9a7c1b4c520c360ba4ab513a6501665ebfdcdf3 /source4/rpc_server | |
parent | 3038bc484ebb1796e40e0eeb72155d9905ff36fa (diff) | |
download | samba-b789ff950f054ede2ef1dfaf94f8ddff062c092b.tar.gz samba-b789ff950f054ede2ef1dfaf94f8ddff062c092b.tar.bz2 samba-b789ff950f054ede2ef1dfaf94f8ddff062c092b.zip |
LSA Patch for User Manager
New (major) patch
=================
- Enhances the "lsa.idl" file in the sense that it adds more values to
"PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls.
- Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy*
calls) to enable the "Audit" option in the "User Manager for Domains" (at least
readable).
- Adds to the "lsa.idl" file the system access mode flags needed for the calls
"lsa_*SystemAccessAccount".
- Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights"
option in the "User Manager for Domains" (at least readable).
- Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in
one using "if"'s for a few separations.
- Add a torture test for "lsa_GetSystemAccessAccount".
- Some cosmetic-only changes (unifications) in output strings in the "LSA"
torture test.
The work has been done using the Microsoft WSPP docs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 4c596f1f03..84f11ef3a8 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -399,7 +399,6 @@ static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_cal return WERR_INVALID_PARAM; } - /* fill in the AccountDomain info */ @@ -462,9 +461,15 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, /* we don't need to fill in any of this */ ZERO_STRUCT(r->out.info->pd); return NT_STATUS_OK; + case LSA_POLICY_INFO_DOMAIN: + return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain); case LSA_POLICY_INFO_ACCOUNT_DOMAIN: return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN: + return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain); + + case LSA_POLICY_INFO_ROLE: r->out.info->role.role = LSA_ROLE_PRIMARY; return NT_STATUS_OK; @@ -481,9 +486,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, ZERO_STRUCT(r->out.info->quota); return NT_STATUS_OK; + case LSA_POLICY_INFO_MOD: case LSA_POLICY_INFO_AUDIT_FULL_SET: - case LSA_POLICY_INFO_DB: - case LSA_POLICY_INFO_AUDIT_FULL_QUERY: /* windows gives INVALID_PARAMETER */ r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; @@ -2050,7 +2054,36 @@ static NTSTATUS dcesrv_lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_cal static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_GetSystemAccessAccount *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + int i; + NTSTATUS status; + struct lsa_EnumPrivsAccount enumPrivs; + + enumPrivs.in.handle = r->in.handle; + + status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + *(r->out.access_mask) = 0x00000000; + + for (i = 0; i < enumPrivs.out.privs->count; i++) { + int priv = enumPrivs.out.privs->set[i].luid.low; + + switch (priv) { + case SEC_PRIV_INTERACTIVE_LOGON: + *(r->out.access_mask) |= LSA_POLICY_MODE_INTERACTIVE; + break; + case SEC_PRIV_NETWORK_LOGON: + *(r->out.access_mask) |= LSA_POLICY_MODE_NETWORK; + break; + case SEC_PRIV_REMOTE_INTERACTIVE_LOGON: + *(r->out.access_mask) |= LSA_POLICY_MODE_REMOTE_INTERACTIVE; + break; + } + } + + return NT_STATUS_OK; } |