From cbb55b34e27b3927f4fb05e47cd8c19828553b6a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 16 Jun 2009 13:17:24 -0700 Subject: _lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy. --- source3/rpc_server/srv_lsa_nt.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f434cfa9a4..8773c29350 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1672,23 +1672,22 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, if (!(info->access & LSA_ACCOUNT_VIEW)) return NT_STATUS_ACCESS_DENIED; - if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) ) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + get_privileges_for_sids(&mask, &info->sid, 1); privilege_set_init( &privileges ); + priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); + if (!priv_set) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + if ( se_priv_to_privilege_set( &privileges, &mask ) ) { DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n", sid_string_dbg(&info->sid), privileges.count)); - priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); - if (!priv_set) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_LUIDAttribute, privileges.count); @@ -1707,11 +1706,14 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, priv_set->unknown = 0; priv_set->set = luid_attrs; - *r->out.privs = priv_set; } else { - status = NT_STATUS_NO_SUCH_PRIVILEGE; + priv_set->count = 0; + priv_set->unknown = 0; + priv_set->set = NULL; } + *r->out.privs = priv_set; + done: privilege_set_free( &privileges ); @@ -2150,20 +2152,16 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, sid_copy( &sid, r->in.sid ); - if ( !get_privileges_for_sids( &mask, &sid, 1 ) ) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + get_privileges_for_sids(&mask, &sid, 1); privilege_set_init( &privileges ); - if ( se_priv_to_privilege_set( &privileges, &mask ) ) { + se_priv_to_privilege_set(&privileges, &mask); - DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n", - sid_string_dbg(&sid), privileges.count)); + DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n", + sid_string_dbg(&sid), privileges.count)); - status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges); - } else { - status = NT_STATUS_NO_SUCH_PRIVILEGE; - } + status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges); privilege_set_free( &privileges ); -- cgit