summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_lsa.h2
-rw-r--r--source3/rpc_parse/parse_lsa.c31
-rw-r--r--source3/rpc_server/srv_lsa.c99
-rw-r--r--source3/rpc_server/srv_lsa_nt.c81
4 files changed, 209 insertions, 4 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 33dde6e3cb..fc6cbeb6cd 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -537,7 +537,6 @@ typedef struct
POLICY_HND pol; /* policy handle */
DOM_SID2 sid;
UNISTR2_ARRAY rights;
- uint32 count;
} LSA_Q_ADD_ACCT_RIGHTS;
/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
@@ -563,7 +562,6 @@ typedef struct
NTSTATUS status;
} LSA_R_REMOVE_ACCT_RIGHTS;
-
/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
typedef struct lsa_q_priv_get_dispname
{
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 3c9c02a23a..a3ffe86af3 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -2301,6 +2301,19 @@ BOOL lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *r_c, pr
return True;
}
+/*******************************************************************
+ Inits an LSA_R_ENUM_ACCT_RIGHTS structure.
+********************************************************************/
+void init_r_enum_acct_rights(LSA_R_ENUM_ACCT_RIGHTS *q_r,
+ uint32 count,
+ const char **rights)
+{
+ DEBUG(5, ("init_r_enum_acct_rights\n"));
+
+ q_r->count = count;
+ init_unistr2_array(&q_r->rights, count, rights);
+}
+
/*******************************************************************
Inits an LSA_Q_ADD_ACCT_RIGHTS structure.
@@ -2316,7 +2329,6 @@ void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q,
q_q->pol = *hnd;
init_dom_sid2(&q_q->sid, sid);
init_unistr2_array(&q_q->rights, count, rights);
- q_q->count = 5;
}
@@ -2357,6 +2369,15 @@ BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_
return True;
}
+/*******************************************************************
+ Inits an LSA_R_ADD_ACCT_RIGHTS structure.
+********************************************************************/
+void init_r_add_acct_rights(LSA_R_ADD_ACCT_RIGHTS *q_r)
+{
+ DEBUG(5, ("init_r_add_acct_rights\n"));
+ /* oh what a silly function! */
+}
+
/*******************************************************************
Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure.
@@ -2417,3 +2438,11 @@ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c
return True;
}
+
+/*******************************************************************
+ Inits an LSA_R_REMOVE_ACCT_RIGHTS structure.
+********************************************************************/
+void init_r_remove_acct_rights(LSA_R_REMOVE_ACCT_RIGHTS *q_r)
+{
+ DEBUG(5, ("init_r_remove_acct_rights\n"));
+}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 815de390ec..ace95e7308 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -642,6 +642,100 @@ static BOOL api_lsa_query_info2(pipes_struct *p)
}
+
+/***************************************************************************
+ api_lsa_enum_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
+{
+ LSA_Q_ENUM_ACCT_RIGHTS q_u;
+ LSA_R_ENUM_ACCT_RIGHTS r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+
+/***************************************************************************
+ api_lsa_add_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_add_acct_rights(pipes_struct *p)
+{
+ LSA_Q_ADD_ACCT_RIGHTS q_u;
+ LSA_R_ADD_ACCT_RIGHTS r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+
+/***************************************************************************
+ api_lsa_remove_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
+{
+ LSA_Q_REMOVE_ACCT_RIGHTS q_u;
+ LSA_R_REMOVE_ACCT_RIGHTS r_u;
+
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+
/***************************************************************************
\PIPE\ntlsa commands
***************************************************************************/
@@ -673,7 +767,10 @@ int rpc_lsa_init(void)
{ "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
{ "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
{ "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
- { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }
+ { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
+ { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
+ { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
+ { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
};
return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds,
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index fc51d7ef2f..7a2f5ae443 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1260,3 +1260,84 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
return r_u->status;
}
+
+
+/***************************************************************************
+ For a given SID, enumerate all the privilege this account has.
+ ***************************************************************************/
+NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+{
+ struct lsa_info *info=NULL;
+ char **rights = NULL;
+ int num_rights = 0;
+
+ r_u->status = NT_STATUS_OK;
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
+
+ init_r_enum_acct_rights(r_u, num_rights, rights);
+
+ return r_u->status;
+}
+
+/***************************************************************************
+ add privileges to a acct by SID
+ ***************************************************************************/
+NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
+{
+ struct lsa_info *info=NULL;
+ int i;
+
+ r_u->status = NT_STATUS_OK;
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
+
+ /* no backend yet - just print them */
+
+ DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n",
+ sid_string_static(&q_u->sid.sid), q_u->rights.count));
+
+ for (i=0;i<q_u->rights.count;i++) {
+ DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
+ }
+
+ init_r_add_acct_rights(r_u);
+
+ return r_u->status;
+}
+
+
+/***************************************************************************
+ remove privileges from a acct by SID
+ ***************************************************************************/
+NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
+{
+ struct lsa_info *info=NULL;
+ int i;
+
+ r_u->status = NT_STATUS_OK;
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
+
+
+ /* no backend yet - just print them */
+
+ DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n",
+ sid_string_static(&q_u->sid.sid),
+ q_u->removeall,
+ q_u->rights.count));
+
+ for (i=0;i<q_u->rights.count;i++) {
+ DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
+ }
+
+ init_r_remove_acct_rights(r_u);
+
+ return r_u->status;
+}