diff options
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 68 |
1 files changed, 63 insertions, 5 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 9f708dac10..9f205d6ef0 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1031,18 +1031,76 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call, /* lsa_AddAccountRights */ -static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_AddAccountRights *r) +static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_AddAccountRights *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + struct lsa_policy_state *state; + const char *sidstr; + struct ldb_message msg; + struct ldb_message_element el; + int i, ret; + const char *dn; + + DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); + + state = h->data; + + sidstr = dom_sid_string(mem_ctx, r->in.sid); + if (sidstr == NULL) { + return NT_STATUS_NO_MEMORY; + } + + dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn", + "objectSid=%s", sidstr); + if (dn == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + msg.dn = talloc_strdup(mem_ctx, dn); + if (msg.dn == NULL) { + return NT_STATUS_NO_MEMORY; + } + msg.num_elements = 1; + msg.elements = ⪙ + el.flags = LDB_FLAG_MOD_ADD; + el.name = talloc_strdup(mem_ctx, "privilege"); + if (el.name == NULL) { + return NT_STATUS_NO_MEMORY; + } + el.num_values = r->in.rights->count; + el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values); + if (el.values == NULL) { + return NT_STATUS_NO_MEMORY; + } + for (i=0;i<el.num_values;i++) { + if (sec_privilege_id(r->in.rights->names[i].string) == -1) { + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + el.values[i].length = strlen(r->in.rights->names[i].string); + el.values[i].data = talloc_strdup(mem_ctx, + r->in.rights->names[i].string); + if (el.values[i].data == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + ret = samdb_modify(state->sam_ctx, mem_ctx, &msg); + if (ret != 0) { + return NT_STATUS_UNEXPECTED_IO_ERROR; + } + + return NT_STATUS_OK; } /* lsa_RemoveAccountRights */ -static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_RemoveAccountRights *r) +static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct lsa_RemoveAccountRights *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } |