summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c68
1 files changed, 63 insertions, 5 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 9f708dac10..9f205d6ef0 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1031,18 +1031,76 @@ static NTSTATUS lsa_EnumAccountRights(struct dcesrv_call_state *dce_call,
/*
lsa_AddAccountRights
*/
-static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_AddAccountRights *r)
+static NTSTATUS lsa_AddAccountRights(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_AddAccountRights *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct lsa_policy_state *state;
+ const char *sidstr;
+ struct ldb_message msg;
+ struct ldb_message_element el;
+ int i, ret;
+ const char *dn;
+
+ DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
+
+ state = h->data;
+
+ sidstr = dom_sid_string(mem_ctx, r->in.sid);
+ if (sidstr == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dn = samdb_search_string(state->sam_ctx, mem_ctx, NULL, "dn",
+ "objectSid=%s", sidstr);
+ if (dn == NULL) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ msg.dn = talloc_strdup(mem_ctx, dn);
+ if (msg.dn == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ msg.num_elements = 1;
+ msg.elements = ⪙
+ el.flags = LDB_FLAG_MOD_ADD;
+ el.name = talloc_strdup(mem_ctx, "privilege");
+ if (el.name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ el.num_values = r->in.rights->count;
+ el.values = talloc_array_p(mem_ctx, struct ldb_val, el.num_values);
+ if (el.values == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i=0;i<el.num_values;i++) {
+ if (sec_privilege_id(r->in.rights->names[i].string) == -1) {
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
+ el.values[i].length = strlen(r->in.rights->names[i].string);
+ el.values[i].data = talloc_strdup(mem_ctx,
+ r->in.rights->names[i].string);
+ if (el.values[i].data == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ ret = samdb_modify(state->sam_ctx, mem_ctx, &msg);
+ if (ret != 0) {
+ return NT_STATUS_UNEXPECTED_IO_ERROR;
+ }
+
+ return NT_STATUS_OK;
}
/*
lsa_RemoveAccountRights
*/
-static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct lsa_RemoveAccountRights *r)
+static NTSTATUS lsa_RemoveAccountRights(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_RemoveAccountRights *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}