summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa.c72
-rw-r--r--source3/rpc_server/srv_lsa_nt.c46
-rw-r--r--source3/rpc_server/srv_samr_nt.c88
3 files changed, 81 insertions, 125 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5811d8535b..24bc65c51a 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -316,29 +316,7 @@ static bool api_lsa_create_account(pipes_struct *p)
static bool api_lsa_open_account(pipes_struct *p)
{
- LSA_Q_OPENACCOUNT q_u;
- LSA_R_OPENACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_open_account("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_open_account(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_open_account("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_OPENACCOUNT);
}
/***************************************************************************
@@ -378,29 +356,7 @@ static bool api_lsa_enum_privsaccount(pipes_struct *p)
static bool api_lsa_getsystemaccount(pipes_struct *p)
{
- LSA_Q_GETSYSTEMACCOUNT q_u;
- LSA_R_GETSYSTEMACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_GETSYSTEMACCESSACCOUNT);
}
@@ -410,29 +366,7 @@ static bool api_lsa_getsystemaccount(pipes_struct *p)
static bool api_lsa_setsystemaccount(pipes_struct *p)
{
- LSA_Q_SETSYSTEMACCOUNT q_u;
- LSA_R_SETSYSTEMACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_SETSYSTEMACCESSACCOUNT);
}
/***************************************************************************
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index c197f20bfe..247a52df46 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1655,16 +1655,17 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
/***************************************************************************
- Lsa Open Account
+ _lsa_OpenAccount
***************************************************************************/
-NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u)
+NTSTATUS _lsa_OpenAccount(pipes_struct *p,
+ struct lsa_OpenAccount *r)
{
struct lsa_info *handle;
struct lsa_info *info;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
@@ -1686,11 +1687,11 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = q_u->sid.sid;
- info->access = q_u->access;
+ info->sid = *r->in.sid;
+ info->access = r->in.access_mask;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+ if (!create_policy_hnd(p, *r->out.acct_handle, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
@@ -1732,16 +1733,17 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS
}
/***************************************************************************
-
+ _lsa_GetSystemAccessAccount
***************************************************************************/
-NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
+ struct lsa_GetSystemAccessAccount *r)
{
struct lsa_info *info=NULL;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
@@ -1756,7 +1758,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
they can be ORed together
*/
- r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
+ *r->out.access_mask = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
return NT_STATUS_OK;
}
@@ -1765,14 +1767,14 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
update the systemaccount information
***************************************************************************/
-NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p,
+ struct lsa_SetSystemAccessAccount *r)
{
struct lsa_info *info=NULL;
GROUP_MAP map;
- r_u->status = NT_STATUS_OK;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
/* check to see if the pipe_user is a Domain Admin since
@@ -2240,12 +2242,6 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_OpenAccount(pipes_struct *p, struct lsa_OpenAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, struct lsa_EnumPrivsAccount *r)
{
p->rng_fault_state = True;
@@ -2276,18 +2272,6 @@ NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccoun
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, struct lsa_GetSystemAccessAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, struct lsa_SetSystemAccessAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r)
{
p->rng_fault_state = True;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9ed7014bff..4c242dc323 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -586,8 +586,9 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function( info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_OpenDomain" );
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_SAM_OPEN_DOMAIN,
+ "_samr_OpenDomain" );
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -728,7 +729,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_SetSecurity");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_USER_SET_ATTRIBUTES,
+ "_samr_SetSecurity");
if (NT_STATUS_IS_OK(status)) {
become_root();
status = pdb_update_sam_account(sampass);
@@ -1550,9 +1553,9 @@ NTSTATUS _samr_LookupNames(pipes_struct *p,
/*******************************************************************
_samr_ChangePasswordUser2
********************************************************************/
+
NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
struct samr_ChangePasswordUser2 *r)
-
{
NTSTATUS status;
fstring user_name;
@@ -1577,8 +1580,12 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
* is case insensitive.
*/
- status = pass_oem_change(user_name, r->in.lm_password->data, r->in.lm_verifier->hash,
- r->in.nt_password->data, r->in.nt_verifier->hash, NULL);
+ status = pass_oem_change(user_name,
+ r->in.lm_password->data,
+ r->in.lm_verifier->hash,
+ r->in.nt_password->data,
+ r->in.nt_verifier->hash,
+ NULL);
DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
@@ -1825,8 +1832,9 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
return NT_STATUS_INVALID_HANDLE;
- nt_status = access_check_samr_function( acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenUser" );
+ nt_status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenUser" );
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
@@ -2940,6 +2948,7 @@ NTSTATUS _samr_Connect5(pipes_struct *p,
/**********************************************************************
_samr_LookupDomain
**********************************************************************/
+
NTSTATUS _samr_LookupDomain(pipes_struct *p,
struct samr_LookupDomain *r)
{
@@ -3079,7 +3088,8 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenAlias");
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenAlias");
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -3894,8 +3904,12 @@ NTSTATUS _samr_GetAliasMembership(pipes_struct *p,
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_GetAliasMembership");
- ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_GetAliasMembership");
+ ntstatus1 = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM,
+ "_samr_GetAliasMembership");
+ ntstatus2 = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_GetAliasMembership");
if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
@@ -3960,7 +3974,9 @@ NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_GetMembersInAlias");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_GET_MEMBERS,
+ "_samr_GetMembersInAlias");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4026,7 +4042,9 @@ NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_QueryGroupMember");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_GET_MEMBERS,
+ "_samr_QueryGroupMember");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4088,7 +4106,9 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_AddAliasMember");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_ADD_MEMBER,
+ "_samr_AddAliasMember");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4135,7 +4155,9 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_DeleteAliasMember");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_REMOVE_MEMBER,
+ "_samr_DeleteAliasMember");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4184,7 +4206,9 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_AddGroupMember");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_ADD_MEMBER,
+ "_samr_AddGroupMember");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4242,7 +4266,9 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_DeleteGroupMember");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_REMOVE_MEMBER,
+ "_samr_DeleteGroupMember");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4294,7 +4320,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteUser");
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteUser");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4379,7 +4407,9 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomainGroup");
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteDomainGroup");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4446,7 +4476,9 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle));
- status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomAlias");
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteDomAlias");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4513,7 +4545,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_CreateDomainGroup");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_CREATE_GROUP,
+ "_samr_CreateDomainGroup");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -4593,7 +4627,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- result = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_CreateDomAlias");
+ result = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_CREATE_ALIAS,
+ "_samr_CreateDomAlias");
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -4982,7 +5018,8 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenGroup");
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenGroup");
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -5053,8 +5090,9 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p,
&acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS,
- "_samr_RemoveMemberFromForeignDomain");
+ result = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_RemoveMemberFromForeignDomain");
if (!NT_STATUS_IS_OK(result))
return result;
generated by cgit (git 2.34.1) at 2024-07-31 16:16:28 +0000