diff options
-rw-r--r-- | source3/include/rpc_lsa.h | 2 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 31 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 99 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 81 |
4 files changed, 209 insertions, 4 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 33dde6e3cb..fc6cbeb6cd 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -537,7 +537,6 @@ typedef struct POLICY_HND pol; /* policy handle */ DOM_SID2 sid; UNISTR2_ARRAY rights; - uint32 count; } LSA_Q_ADD_ACCT_RIGHTS; /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ @@ -563,7 +562,6 @@ typedef struct NTSTATUS status; } LSA_R_REMOVE_ACCT_RIGHTS; - /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ typedef struct lsa_q_priv_get_dispname { diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 3c9c02a23a..a3ffe86af3 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -2301,6 +2301,19 @@ BOOL lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *r_c, pr return True; } +/******************************************************************* + Inits an LSA_R_ENUM_ACCT_RIGHTS structure. +********************************************************************/ +void init_r_enum_acct_rights(LSA_R_ENUM_ACCT_RIGHTS *q_r, + uint32 count, + const char **rights) +{ + DEBUG(5, ("init_r_enum_acct_rights\n")); + + q_r->count = count; + init_unistr2_array(&q_r->rights, count, rights); +} + /******************************************************************* Inits an LSA_Q_ADD_ACCT_RIGHTS structure. @@ -2316,7 +2329,6 @@ void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q, q_q->pol = *hnd; init_dom_sid2(&q_q->sid, sid); init_unistr2_array(&q_q->rights, count, rights); - q_q->count = 5; } @@ -2357,6 +2369,15 @@ BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_ return True; } +/******************************************************************* + Inits an LSA_R_ADD_ACCT_RIGHTS structure. +********************************************************************/ +void init_r_add_acct_rights(LSA_R_ADD_ACCT_RIGHTS *q_r) +{ + DEBUG(5, ("init_r_add_acct_rights\n")); + /* oh what a silly function! */ +} + /******************************************************************* Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure. @@ -2417,3 +2438,11 @@ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c return True; } + +/******************************************************************* + Inits an LSA_R_REMOVE_ACCT_RIGHTS structure. +********************************************************************/ +void init_r_remove_acct_rights(LSA_R_REMOVE_ACCT_RIGHTS *q_r) +{ + DEBUG(5, ("init_r_remove_acct_rights\n")); +} diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 815de390ec..ace95e7308 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -642,6 +642,100 @@ static BOOL api_lsa_query_info2(pipes_struct *p) } + +/*************************************************************************** + api_lsa_enum_acctrights + ***************************************************************************/ +static BOOL api_lsa_enum_acct_rights(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_RIGHTS q_u; + LSA_R_ENUM_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_add_acctrights + ***************************************************************************/ +static BOOL api_lsa_add_acct_rights(pipes_struct *p) +{ + LSA_Q_ADD_ACCT_RIGHTS q_u; + LSA_R_ADD_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_remove_acctrights + ***************************************************************************/ +static BOOL api_lsa_remove_acct_rights(pipes_struct *p) +{ + LSA_Q_REMOVE_ACCT_RIGHTS q_u; + LSA_R_REMOVE_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + /*************************************************************************** \PIPE\ntlsa commands ***************************************************************************/ @@ -673,7 +767,10 @@ int rpc_lsa_init(void) { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, - { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 } + { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }, + { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, + { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights }, + { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights}, }; return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds, diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index fc51d7ef2f..7a2f5ae443 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1260,3 +1260,84 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I return r_u->status; } + + +/*************************************************************************** + For a given SID, enumerate all the privilege this account has. + ***************************************************************************/ +NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + char **rights = NULL; + int num_rights = 0; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + init_r_enum_acct_rights(r_u, num_rights, rights); + + return r_u->status; +} + +/*************************************************************************** + add privileges to a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + /* no backend yet - just print them */ + + DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", + sid_string_static(&q_u->sid.sid), q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + init_r_add_acct_rights(r_u); + + return r_u->status; +} + + +/*************************************************************************** + remove privileges from a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + + /* no backend yet - just print them */ + + DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", + sid_string_static(&q_u->sid.sid), + q_u->removeall, + q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + init_r_remove_acct_rights(r_u); + + return r_u->status; +} |