summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa_nt.c74
1 files changed, 18 insertions, 56 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index d0cf4e4716..49bdca7b7f 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -11,6 +11,7 @@
* Copyright (C) Gerald (Jerry) Carter 2005.
* Copyright (C) Volker Lendecke 2005.
* Copyright (C) Guenther Deschner 2008.
+ * Copyright (C) Andrew Bartlett 2010.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1831,11 +1832,8 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p,
{
NTSTATUS status = NT_STATUS_OK;
struct lsa_info *info=NULL;
- uint64_t mask;
- PRIVILEGE_SET privileges;
+ PRIVILEGE_SET *privileges;
struct lsa_PrivilegeSet *priv_set = NULL;
- struct lsa_LUIDAttribute *luid_attrs = NULL;
- int i;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
@@ -1848,48 +1846,23 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p,
if (!(info->access & LSA_ACCOUNT_VIEW))
return NT_STATUS_ACCESS_DENIED;
- get_privileges_for_sids(&mask, &info->sid, 1);
-
- privilege_set_init( &privileges );
-
- priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
- if (!priv_set) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
+ status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if ( se_priv_to_privilege_set( &privileges, mask ) ) {
-
- DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
- sid_string_dbg(&info->sid),
- privileges.count));
-
- luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx,
- struct lsa_LUIDAttribute,
- privileges.count);
- if (!luid_attrs) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i<privileges.count; i++) {
- luid_attrs[i] = privileges.set[i];
- }
-
- priv_set->count = privileges.count;
- priv_set->unknown = 0;
- priv_set->set = luid_attrs;
-
- } else {
- priv_set->count = 0;
- priv_set->unknown = 0;
- priv_set->set = NULL;
+ *r->out.privs = priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
+ if (!priv_set) {
+ return NT_STATUS_NO_MEMORY;
}
- *r->out.privs = priv_set;
+ DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
+ sid_string_dbg(&info->sid),
+ privileges->count));
- done:
- privilege_set_free( &privileges );
+ priv_set->count = privileges->count;
+ priv_set->unknown = 0;
+ priv_set->set = talloc_move(priv_set, &privileges->set);
return status;
}
@@ -2339,8 +2312,7 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p,
NTSTATUS status;
struct lsa_info *info = NULL;
struct dom_sid sid;
- PRIVILEGE_SET privileges;
- uint64_t mask;
+ PRIVILEGE_SET *privileges;
/* find the connection policy handle. */
@@ -2358,29 +2330,19 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p,
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
- sid_copy( &sid, r->in.sid );
-
/* according to MS-LSAD 3.1.4.5.10 it is required to return
* NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
* the lsa database */
- if (!get_privileges_for_sids(&mask, &sid, 1)) {
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- status = privilege_set_init(&privileges);
+ status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, r->in.sid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- se_priv_to_privilege_set(&privileges, mask);
-
DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
- sid_string_dbg(&sid), privileges.count));
-
- status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges);
+ sid_string_dbg(&sid), privileges->count));
- privilege_set_free( &privileges );
+ status = init_lsa_right_set(p->mem_ctx, r->out.rights, privileges);
return status;
}