summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/idl/lsa.idl18
-rw-r--r--source4/librpc/ndr/ndr_lsa.c74
-rw-r--r--source4/librpc/ndr/ndr_lsa.h16
-rw-r--r--source4/librpc/rpc/rpc_lsa.c8
-rw-r--r--source4/torture/rpc/lsa.c33
5 files changed, 139 insertions, 10 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 6766775c9c..fc8fddd85d 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -288,8 +288,24 @@
NTSTATUS DELETEOBJECT ();
/* Function: 0x23 */
NTSTATUS ENUMACCTWITHRIGHT ();
+
/* Function: 0x24 */
- NTSTATUS ENUMACCTRIGHTS ();
+ typedef struct {
+ unistr *name;
+ } lsa_RightAttribute;
+
+ typedef struct {
+ uint32 count;
+ [size_is(count)] lsa_Name *names;
+ } lsa_RightSet;
+
+ NTSTATUS lsa_EnumAccountRights (
+ [in,ref] policy_handle *handle,
+ [in,ref] dom_sid2 *sid,
+ [out,ref] lsa_RightSet *rights
+ );
+
+
/* Function: 0x25 */
NTSTATUS ADDACCTRIGHTS ();
/* Function: 0x26 */
diff --git a/source4/librpc/ndr/ndr_lsa.c b/source4/librpc/ndr/ndr_lsa.c
index 59d3fc9b7b..1b73482e9c 100644
--- a/source4/librpc/ndr/ndr_lsa.c
+++ b/source4/librpc/ndr/ndr_lsa.c
@@ -1179,14 +1179,84 @@ NTSTATUS ndr_pull_ENUMACCTWITHRIGHT(struct ndr_pull *ndr, struct ENUMACCTWITHRIG
return NT_STATUS_OK;
}
-NTSTATUS ndr_push_ENUMACCTRIGHTS(struct ndr_push *ndr, struct ENUMACCTRIGHTS *r)
+static NTSTATUS ndr_push_lsa_RightAttribute(struct ndr_push *ndr, int ndr_flags, struct lsa_RightAttribute *r)
{
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_push_ptr(ndr, r->name));
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+ if (r->name) {
+ NDR_CHECK(ndr_push_unistr(ndr, r->name));
+ }
+done:
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS ndr_pull_lsa_RightAttribute(struct ndr_pull *ndr, int ndr_flags, struct lsa_RightAttribute *r)
+{
+ uint32 _ptr_name;
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_name));
+ if (_ptr_name) {
+ NDR_ALLOC(ndr, r->name);
+ } else {
+ r->name = NULL;
+ }
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+ if (r->name) {
+ NDR_CHECK(ndr_pull_unistr(ndr, &r->name));
+ }
+done:
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS ndr_push_lsa_RightSet(struct ndr_push *ndr, int ndr_flags, struct lsa_RightSet *r)
+{
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_push_uint32(ndr, r->count));
+ NDR_CHECK(ndr_push_ptr(ndr, r->names));
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+ if (r->names) {
+ NDR_CHECK(ndr_push_array(ndr, ndr_flags, r->names, sizeof(r->names[0]), r->count, (ndr_push_flags_fn_t)ndr_push_lsa_Name));
+ }
+done:
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_RightSet *r)
+{
+ uint32 _ptr_names;
+ if (!(ndr_flags & NDR_SCALARS)) goto buffers;
+ NDR_CHECK(ndr_pull_uint32(ndr, &r->count));
+ NDR_CHECK(ndr_pull_uint32(ndr, &_ptr_names));
+ if (_ptr_names) {
+ NDR_ALLOC(ndr, r->names);
+ } else {
+ r->names = NULL;
+ }
+buffers:
+ if (!(ndr_flags & NDR_BUFFERS)) goto done;
+ if (r->names) {
+ NDR_ALLOC_N_SIZE(ndr, r->names, r->count, sizeof(r->names[0]));
+ NDR_CHECK(ndr_pull_array(ndr, ndr_flags, (void **)r->names, sizeof(r->names[0]), r->count, (ndr_pull_flags_fn_t)ndr_pull_lsa_Name));
+ }
+done:
+ return NT_STATUS_OK;
+}
+
+NTSTATUS ndr_push_lsa_EnumAccountRights(struct ndr_push *ndr, struct lsa_EnumAccountRights *r)
+{
+ NDR_CHECK(ndr_push_policy_handle(ndr, r->in.handle));
+ NDR_CHECK(ndr_push_dom_sid2(ndr, r->in.sid));
return NT_STATUS_OK;
}
-NTSTATUS ndr_pull_ENUMACCTRIGHTS(struct ndr_pull *ndr, struct ENUMACCTRIGHTS *r)
+NTSTATUS ndr_pull_lsa_EnumAccountRights(struct ndr_pull *ndr, struct lsa_EnumAccountRights *r)
{
+ NDR_CHECK(ndr_pull_lsa_RightSet(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rights));
NDR_CHECK(ndr_pull_NTSTATUS(ndr, &r->out.result));
return NT_STATUS_OK;
diff --git a/source4/librpc/ndr/ndr_lsa.h b/source4/librpc/ndr/ndr_lsa.h
index f8c4ab5f6a..a3d395760c 100644
--- a/source4/librpc/ndr/ndr_lsa.h
+++ b/source4/librpc/ndr/ndr_lsa.h
@@ -504,11 +504,23 @@ struct ENUMACCTWITHRIGHT {
};
-struct ENUMACCTRIGHTS {
+struct lsa_RightAttribute {
+ const char *name;
+};
+
+struct lsa_RightSet {
+ uint32 count;
+ struct lsa_Name *names;
+};
+
+struct lsa_EnumAccountRights {
struct {
+ struct policy_handle *handle;
+ struct dom_sid2 *sid;
} in;
struct {
+ struct lsa_RightSet *rights;
NTSTATUS result;
} out;
@@ -654,7 +666,7 @@ struct QUERYINFO2 {
#define DCERPC_PRIV_GET_DISPNAME 33
#define DCERPC_DELETEOBJECT 34
#define DCERPC_ENUMACCTWITHRIGHT 35
-#define DCERPC_ENUMACCTRIGHTS 36
+#define DCERPC_LSA_ENUMACCOUNTRIGHTS 36
#define DCERPC_ADDACCTRIGHTS 37
#define DCERPC_REMOVEACCTRIGHTS 38
#define DCERPC_QUERYTRUSTDOMINFO 39
diff --git a/source4/librpc/rpc/rpc_lsa.c b/source4/librpc/rpc/rpc_lsa.c
index c514cdbb78..dce1c7037e 100644
--- a/source4/librpc/rpc/rpc_lsa.c
+++ b/source4/librpc/rpc/rpc_lsa.c
@@ -507,12 +507,12 @@ NTSTATUS dcerpc_ENUMACCTWITHRIGHT(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, st
return r->out.result;
}
-NTSTATUS dcerpc_ENUMACCTRIGHTS(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct ENUMACCTRIGHTS *r)
+NTSTATUS dcerpc_lsa_EnumAccountRights(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct lsa_EnumAccountRights *r)
{
NTSTATUS status;
- status = dcerpc_ndr_request(p, DCERPC_ENUMACCTRIGHTS, mem_ctx,
- (ndr_push_fn_t) ndr_push_ENUMACCTRIGHTS,
- (ndr_pull_fn_t) ndr_pull_ENUMACCTRIGHTS,
+ status = dcerpc_ndr_request(p, DCERPC_LSA_ENUMACCOUNTRIGHTS, mem_ctx,
+ (ndr_push_fn_t) ndr_push_lsa_EnumAccountRights,
+ (ndr_pull_fn_t) ndr_pull_lsa_EnumAccountRights,
r);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index f4c4858c8e..0e316ff395 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -305,6 +305,36 @@ static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p,
return True;
}
+static BOOL test_EnumAccountRights(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *acct_handle,
+ struct dom_sid *sid)
+{
+ NTSTATUS status;
+ struct lsa_EnumAccountRights r;
+ struct lsa_RightSet rights;
+ int i;
+
+ printf("Testing EnumAccountRights\n");
+
+ r.in.handle = acct_handle;
+ r.in.sid = sid;
+ r.out.rights = &rights;
+
+ status = dcerpc_lsa_EnumAccountRights(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("EnumAccountRights failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ printf("received %d rights\n", rights.count);
+ for (i=0;i<rights.count;i++) {
+ printf("\t'%s'\n", rights.names[i].name);
+ }
+
+ return True;
+}
+
static BOOL test_OpenAccount(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
@@ -372,9 +402,10 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
printf("testing all accounts\n");
for (i=0;i<sids1.num_sids;i++) {
test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
+ test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
}
printf("\n");
-
+
if (sids1.num_sids < 3) {
return True;
}