summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
-rw-r--r--source3/rpc_server/srv_lsa_nt.c106
1 files changed, 63 insertions, 43 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 304e1d363c..e5154dbb53 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -765,6 +765,7 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
uint32 enum_context = q_u->enum_context;
int num_privs = count_all_privileges();
LSA_PRIV_ENTRY *entries = NULL;
+ LUID_ATTR luid;
/* remember that the enum_context starts at 0 and not 1 */
@@ -794,13 +795,17 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
if( i < enum_context) {
init_unistr2(&entries[i].name, NULL, UNI_FLAGS_NONE);
init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
+
entries[i].luid_low = 0;
entries[i].luid_high = 0;
} else {
init_unistr2(&entries[i].name, privs[i].name, UNI_FLAGS_NONE);
init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
- entries[i].luid_low = privs[i].se_priv;
- entries[i].luid_high = 0;
+
+ luid = get_privilege_luid( &privs[i].se_priv );
+
+ entries[i].luid_low = luid.luid.low;
+ entries[i].luid_high = luid.luid.high;
}
}
@@ -819,7 +824,7 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
{
struct lsa_info *handle;
fstring name_asc;
- int i = 0;
+ const char *description;
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
return NT_STATUS_INVALID_HANDLE;
@@ -834,22 +839,25 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
unistr2_to_ascii(name_asc, &q_u->name, sizeof(name_asc));
- DEBUG(10,("_lsa_priv_get_dispname: %s\n", name_asc));
+ DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name_asc));
- while (privs[i].se_priv != SE_END && !strequal(name_asc, privs[i].name))
- i++;
+ description = get_privilege_dispname( name_asc );
- if (privs[i].se_priv != SE_END) {
- DEBUG(10,(": %s\n", privs[i].description));
- init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE);
+ if ( description ) {
+ DEBUG(10,("_lsa_priv_get_dispname: display name = %s\n", description));
+
+ init_unistr2(&r_u->desc, description, UNI_FLAGS_NONE);
init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
r_u->ptr_info = 0xdeadbeef;
r_u->lang_id = q_u->lang_id;
+
return NT_STATUS_OK;
} else {
DEBUG(10,("_lsa_priv_get_dispname: doesn't exist\n"));
+
r_u->ptr_info = 0;
+
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
@@ -1026,24 +1034,31 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
{
struct lsa_info *info=NULL;
- PRIVILEGE_SET priv;
+ SE_PRIV mask;
+ PRIVILEGE_SET privileges;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- privilege_set_init( &priv );
+ if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- get_privileges_for_sids( &priv, &info->sid, 1 );
+ privilege_set_init( &privileges );
- DEBUG(10,("_lsa_enum_privsaccount: %s has %d privileges\n",
- sid_string_static(&info->sid), priv.count));
+ if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
- init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, priv.set, priv.count, 0);
+ DEBUG(10,("_lsa_enum_privsaccount: %s has %d privileges\n",
+ sid_string_static(&info->sid), privileges.count));
- privilege_set_free( &priv );
+ r_u->status = init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, privileges.set, privileges.count, 0);
+ }
+ else
+ r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
- return NT_STATUS_OK;
+ privilege_set_free( &privileges );
+
+ return r_u->status;
}
/***************************************************************************
@@ -1114,8 +1129,7 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
{
struct lsa_info *info = NULL;
- int i = 0;
- uint32 mask;
+ SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
/* find the connection policy handle. */
@@ -1130,17 +1144,15 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
set = &q_u->set;
- for (i = 0; i < set->count; i++) {
-
- mask = luid_to_privilege_mask( &(set->set[i].luid) );
+ if ( !privilege_set_to_se_priv( &mask, set ) )
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
- if ( mask != SE_END ) {
- if ( !grant_privilege( &info->sid, mask ) ) {
- DEBUG(3,("_lsa_addprivs: grant_privilege( %s, 0x%x) failed!\n",
- sid_string_static(&info->sid), mask ));
- return NT_STATUS_NO_SUCH_PRIVILEGE;
- }
- }
+ if ( !grant_privilege( &info->sid, &mask ) ) {
+ DEBUG(3,("_lsa_addprivs: grant_privilege(%s) failed!\n",
+ sid_string_static(&info->sid) ));
+ DEBUG(3,("Privilege mask:\n"));
+ dump_se_priv( DBGC_ALL, 3, &mask );
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
}
return NT_STATUS_OK;
@@ -1153,8 +1165,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
{
struct lsa_info *info = NULL;
- int i = 0;
- uint32 mask;
+ SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
/* find the connection policy handle. */
@@ -1169,16 +1180,15 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
set = &q_u->set;
- for (i = 0; i < set->count; i++) {
- mask = luid_to_privilege_mask( &(set->set[i].luid) );
+ if ( !privilege_set_to_se_priv( &mask, set ) )
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
- if ( mask != SE_END ) {
- if ( !revoke_privilege( &info->sid, mask ) ) {
- DEBUG(3,("_lsa_removeprivs: revoke_privilege( %s, 0x%x) failed!\n",
- sid_string_static(&info->sid), mask ));
- return NT_STATUS_NO_SUCH_PRIVILEGE;
- }
- }
+ if ( !revoke_privilege( &info->sid, &mask ) ) {
+ DEBUG(3,("_lsa_removeprivs: revoke_privilege(%s) failed!\n",
+ sid_string_static(&info->sid) ));
+ DEBUG(3,("Privilege mask:\n"));
+ dump_se_priv( DBGC_ALL, 3, &mask );
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
}
return NT_STATUS_OK;
@@ -1373,7 +1383,7 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
sid_copy( &sid, &q_u->sid.sid );
if ( q_u->removeall ) {
- if ( !revoke_privilege( &sid, SE_ALL_PRIVS ) )
+ if ( !revoke_all_privileges( &sid ) )
return NT_STATUS_ACCESS_DENIED;
return NT_STATUS_OK;
@@ -1406,6 +1416,7 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
struct lsa_info *info = NULL;
DOM_SID sid;
PRIVILEGE_SET privileges;
+ SE_PRIV mask;
/* find the connection policy handle. */
@@ -1418,11 +1429,20 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
sid_copy( &sid, &q_u->sid.sid );
+ if ( !get_privileges_for_sids( &mask, &sid, 1 ) )
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
privilege_set_init( &privileges );
- get_privileges_for_sids( &privileges, &sid, 1 );
+ if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
+
+ DEBUG(10,("_lsa_enum_acct_rights: %s has %d privileges\n",
+ sid_string_static(&sid), privileges.count));
- r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+ r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+ }
+ else
+ r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
privilege_set_free( &privileges );
generated by cgit (git 2.34.1) at 2024-07-11 02:50:39 +0000