3 files changed, 148 insertions, 16 deletions

diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index ce275d4ace..5ed321230e 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -185,6 +185,53 @@ typedef struct lsa_r_open_pol2_info
 
 } LSA_R_OPEN_POL2;
 
+
+#define POLICY_VIEW_LOCAL_INFORMATION    0x00000001
+#define POLICY_VIEW_AUDIT_INFORMATION    0x00000002
+#define POLICY_GET_PRIVATE_INFORMATION   0x00000004
+#define POLICY_TRUST_ADMIN               0x00000008
+#define POLICY_CREATE_ACCOUNT            0x00000010
+#define POLICY_CREATE_SECRET             0x00000020
+#define POLICY_CREATE_PRIVILEGE          0x00000040
+#define POLICY_SET_DEFAULT_QUOTA_LIMITS  0x00000080
+#define POLICY_SET_AUDIT_REQUIREMENTS    0x00000100
+#define POLICY_AUDIT_LOG_ADMIN           0x00000200
+#define POLICY_SERVER_ADMIN              0x00000400
+#define POLICY_LOOKUP_NAMES              0x00000800
+
+#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
+                            POLICY_VIEW_LOCAL_INFORMATION    |\
+                            POLICY_VIEW_AUDIT_INFORMATION    |\
+                            POLICY_GET_PRIVATE_INFORMATION   |\
+                            POLICY_TRUST_ADMIN               |\
+                            POLICY_CREATE_ACCOUNT            |\
+                            POLICY_CREATE_SECRET             |\
+                            POLICY_CREATE_PRIVILEGE          |\
+                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            POLICY_AUDIT_LOG_ADMIN           |\
+                            POLICY_SERVER_ADMIN              |\
+                            POLICY_LOOKUP_NAMES )
+
+
+#define POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
+                            POLICY_VIEW_AUDIT_INFORMATION    |\
+                            POLICY_GET_PRIVATE_INFORMATION)
+
+#define POLICY_WRITE      ( STANDARD_RIGHTS_WRITE_ACCESS     |\
+                            POLICY_TRUST_ADMIN               |\
+                            POLICY_CREATE_ACCOUNT            |\
+                            POLICY_CREATE_SECRET             |\
+                            POLICY_CREATE_PRIVILEGE          |\
+                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            POLICY_AUDIT_LOG_ADMIN           |\
+                            POLICY_SERVER_ADMIN)
+
+#define POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
+                            POLICY_VIEW_LOCAL_INFORMATION    |\
+                            POLICY_LOOKUP_NAMES )
+
 /* LSA_Q_QUERY_SEC_OBJ - LSA query security */
 typedef struct lsa_query_sec_obj_info
 {
@@ -624,22 +671,6 @@ typedef struct lsa_r_removeprivs
 } LSA_R_REMOVEPRIVS;
 
 
-
 #endif /* _RPC_LSA_H */
-/*
-
-opnum 11: opensid: query: handle du domaine, sid du user
-reply: handle, status
-
-opnum 12: getlistofprivs: query: handle du user
-reply: ptr, nombre, nombre, tableau de 3 uint32: flag+priv.low+priv.high
-uint32 0, status 
-
-opnum 17: ?? query: handle
-reply: uint32 + status
-
-
-*/
-
 
 
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index d2b2c60f45..b05fb972be 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -574,6 +574,36 @@ static BOOL api_lsa_removeprivs(pipes_struct *p)
 	return True;
 }
 
+/***************************************************************************
+ api_lsa_query_secobj
+ ***************************************************************************/
+
+static BOOL api_lsa_query_secobj(pipes_struct *p)
+{
+	LSA_Q_QUERY_SEC_OBJ q_u;
+	LSA_R_QUERY_SEC_OBJ r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_query_sec_obj("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_query_secobj(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_query_sec_obj("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	return True;
+}
 
 /***************************************************************************
  \PIPE\ntlsa commands
@@ -599,6 +629,7 @@ static struct api_struct api_lsa_cmds[] =
 	{ "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
 	{ "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
 	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
+	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
 	{ NULL                  , 0                   , NULL                     }
 };
 
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index da5597132d..d5ea156eb6 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -913,3 +913,73 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
 	return r_u->status;
 }
 
+/***************************************************************************
+ For a given SID, remove some privileges.
+ ***************************************************************************/
+
+NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u)
+{
+	struct lsa_info *info=NULL;
+	extern DOM_SID global_sid_World;
+	extern DOM_SID global_sid_Builtin;
+	DOM_SID adm_sid;
+
+	SEC_ACE ace[2];
+	SEC_ACCESS mask;
+
+	SEC_ACL *psa = NULL;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+
+	switch (q_u->sec_info) {
+	case 1:
+		/* SD contains only the owner */
+
+		sid_copy(&adm_sid, &global_sid_Builtin);
+		sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+		if((psd = make_sec_desc(p->mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, NULL, &sd_size)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+		break;
+	case 4:
+		/* SD contains only the ACL */
+
+		init_sec_access(&mask, POLICY_EXECUTE);
+		init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+		sid_copy(&adm_sid, &global_sid_Builtin);
+		sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+		init_sec_access(&mask, POLICY_ALL_ACCESS);
+		init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+		if((psa = make_sec_acl(p->mem_ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		if((psd = make_sec_desc(p->mem_ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, &sd_size)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+		break;
+	}
+
+	r_u->ptr=1;
+
+	return r_u->status;
+}
+
+