diff options
-rw-r--r-- | source3/librpc/idl/lsa.idl | 2 | ||||
-rw-r--r-- | source4/librpc/idl/lsa.idl | 4 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 42 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 12 | ||||
-rw-r--r-- | source4/torture/rpc/samsync.c | 12 |
5 files changed, 46 insertions, 26 deletions
diff --git a/source3/librpc/idl/lsa.idl b/source3/librpc/idl/lsa.idl index 1b2d9ea8fb..570a7c0d04 100644 --- a/source3/librpc/idl/lsa.idl +++ b/source3/librpc/idl/lsa.idl @@ -488,7 +488,7 @@ import "misc.idl", "security.idl"; [size_is(count)] lsa_LUIDAttribute set[*]; } lsa_PrivilegeSet; - NTSTATUS lsa_EnumPrivsAccount ( + NTSTATUS lsa_EnumPrivsAccount( [in] policy_handle *handle, [out,ref] lsa_PrivilegeSet **privs ); diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index c8cbab5bcc..00e2e7753b 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -483,9 +483,9 @@ import "misc.idl", "security.idl"; [size_is(count)] lsa_LUIDAttribute set[*]; } lsa_PrivilegeSet; - NTSTATUS lsa_EnumPrivsAccount ( + NTSTATUS lsa_EnumPrivsAccount( [in] policy_handle *handle, - [out,unique] lsa_PrivilegeSet *privs + [out,ref] lsa_PrivilegeSet **privs ); diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 1285936f3c..7936369df4 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1724,15 +1724,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, const char * const attrs[] = { "privilege", NULL}; struct ldb_message_element *el; const char *sidstr; + struct lsa_PrivilegeSet *privs; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT); astate = h->data; - r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet); - r->out.privs->count = 0; - r->out.privs->unknown = 0; - r->out.privs->set = NULL; + privs = talloc(mem_ctx, struct lsa_PrivilegeSet); + if (privs == NULL) { + return NT_STATUS_NO_MEMORY; + } + privs->count = 0; + privs->unknown = 0; + privs->set = NULL; + + *r->out.privs = privs; sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid); if (sidstr == NULL) { @@ -1750,9 +1756,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; } - r->out.privs->set = talloc_array(r->out.privs, - struct lsa_LUIDAttribute, el->num_values); - if (r->out.privs->set == NULL) { + privs->set = talloc_array(privs, + struct lsa_LUIDAttribute, el->num_values); + if (privs->set == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1761,12 +1767,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call, if (id == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - r->out.privs->set[i].attribute = 0; - r->out.privs->set[i].luid.low = id; - r->out.privs->set[i].luid.high = 0; + privs->set[i].attribute = 0; + privs->set[i].luid.low = id; + privs->set[i].luid.high = 0; } - r->out.privs->count = el->num_values; + privs->count = el->num_values; return NT_STATUS_OK; } @@ -2058,8 +2064,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_ int i; NTSTATUS status; struct lsa_EnumPrivsAccount enumPrivs; + struct lsa_PrivilegeSet *privs; + + privs = talloc(mem_ctx, struct lsa_PrivilegeSet); + if (!privs) { + return NT_STATUS_NO_MEMORY; + } + privs->count = 0; + privs->unknown = 0; + privs->set = NULL; enumPrivs.in.handle = r->in.handle; + enumPrivs.out.privs = &privs; status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs); if (!NT_STATUS_IS_OK(status)) { @@ -2068,8 +2084,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_ *(r->out.access_mask) = 0x00000000; - for (i = 0; i < enumPrivs.out.privs->count; i++) { - int priv = enumPrivs.out.privs->set[i].luid.low; + for (i = 0; i < privs->count; i++) { + int priv = privs->set[i].luid.low; switch (priv) { case SEC_PRIV_INTERACTIVE_LOGON: diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 9cb209335b..62e0c22ce2 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -867,11 +867,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, { NTSTATUS status; struct lsa_EnumPrivsAccount r; + struct lsa_PrivilegeSet *privs = NULL; bool ret = true; printf("\nTesting EnumPrivsAccount\n"); r.in.handle = acct_handle; + r.out.privs = &privs; status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -879,17 +881,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, return false; } - if (r.out.privs && r.out.privs->count > 0) { + if (privs && privs->count > 0) { int i; - for (i=0;i<r.out.privs->count;i++) { + for (i=0;i<privs->count;i++) { test_LookupPrivName(p, mem_ctx, handle, - &r.out.privs->set[i].luid); + &privs->set[i].luid); } ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle, - &r.out.privs->set[0].luid); + &privs->set[0].luid); ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle, - &r.out.privs->set[0].luid); + &privs->set[0].luid); } return ret; diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 257d2c81bc..26660921a4 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -1027,6 +1027,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa struct lsa_OpenAccount a; struct policy_handle acct_handle; struct lsa_EnumPrivsAccount e; + struct lsa_PrivilegeSet *privs = NULL; struct lsa_LookupPrivName r; int i, j; @@ -1049,6 +1050,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries); e.in.handle = &acct_handle; + e.out.privs = &privs; status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e); if (!NT_STATUS_IS_OK(status)) { @@ -1056,23 +1058,23 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa return false; } - if ((account->privilege_entries && !e.out.privs)) { + if ((account->privilege_entries && !privs)) { printf("Account %s has privileges in SamSync, but not LSA\n", dom_sid_string(mem_ctx, dom_sid)); return false; } - if (!account->privilege_entries && e.out.privs && e.out.privs->count) { + if (!account->privilege_entries && privs && privs->count) { printf("Account %s has privileges in LSA, but not SamSync\n", dom_sid_string(mem_ctx, dom_sid)); return false; } - TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count); + TEST_INT_EQUAL(account->privilege_entries, privs->count); - for (i=0;i< e.out.privs->count; i++) { + for (i=0;i< privs->count; i++) { r.in.handle = samsync_state->lsa_handle; - r.in.luid = &e.out.privs->set[i].luid; + r.in.luid = &privs->set[i].luid; status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { |