From 66df8431ec092c4e629fc07e8e5a242ff3821b2d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 10 Mar 2005 18:50:47 +0000 Subject: r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6) --- source3/rpc_server/srv_lsa.c | 40 ++++++++++++++++++++++++++++++++++++- source3/rpc_server/srv_lsa_nt.c | 44 +++++++++++++++++++++++++++++++++++------ 2 files changed, 77 insertions(+), 7 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index e3c7832aac..dbd5d8c0bf 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -734,6 +734,39 @@ static BOOL api_lsa_enum_acct_rights(pipes_struct *p) return True; } +/*************************************************************************** + api_lsa_lookup_priv_value + ***************************************************************************/ + +static BOOL api_lsa_lookup_priv_value(pipes_struct *p) +{ + LSA_Q_LOOKUP_PRIV_VALUE q_u; + LSA_R_LOOKUP_PRIV_VALUE r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_lookup_priv_value("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_lookup_priv_value: failed to unmarshall LSA_Q_LOOKUP_PRIV_VALUE .\n")); + return False; + } + + r_u.status = _lsa_lookup_priv_value(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_lookup_priv_value("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_lookup_priv_value: Failed to marshall LSA_R_LOOKUP_PRIV_VALUE.\n")); + return False; + } + + return True; +} + +#if 0 /* AD DC work in ongoing in Samba 4 */ + /*************************************************************************** api_lsa_query_info2 ***************************************************************************/ @@ -763,7 +796,7 @@ static BOOL api_lsa_query_info2(pipes_struct *p) return True; } - +#endif /* AD DC work in ongoing in Samba 4 */ /*************************************************************************** \PIPE\ntlsa commands @@ -794,15 +827,19 @@ static struct api_struct api_lsa_cmds[] = { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights }, { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, + { "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value } +#if 0 /* AD DC work in ongoing in Samba 4 */ /* be careful of the adding of new RPC's. See commentrs below about ADS DC capabilities */ { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 } +#endif /* AD DC work in ongoing in Samba 4 */ }; static int count_fns(void) { int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct); +#if 0 /* AD DC work is on going in Samba 4 */ /* * NOTE: Certain calls can not be enabled if we aren't an ADS DC. Make sure * these calls are always last and that you decrement by the amount of calls @@ -811,6 +848,7 @@ static int count_fns(void) if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) { funcs -= 1; } +#endif /* AD DC work in ongoing in Samba 4 */ return funcs; } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 225e5efd54..7ea35a91fa 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -8,6 +8,7 @@ * Copyright (C) Rafal Szczesniak 2002, * Copyright (C) Jim McDonough 2002, * Copyright (C) Simo Sorce 2003. + * Copyright (C) Gerald (Jerry) Carter 2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -345,6 +346,8 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s return NT_STATUS_OK; } +#if 0 /* AD DC work in ongoing in Samba 4 */ + /*************************************************************************** Init_dns_dom_info. ***************************************************************************/ @@ -384,6 +387,8 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, init_dom_sid2(&r_l->dom_sid, dom_sid); } } +#endif /* AD DC work in ongoing in Samba 4 */ + /*************************************************************************** _lsa_open_policy2. @@ -776,9 +781,6 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, num_privs)); - if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs + 1))) - return NT_STATUS_NO_MEMORY; - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) return NT_STATUS_INVALID_HANDLE; @@ -791,7 +793,6 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs )) ) return NT_STATUS_NO_MEMORY; - for (i = 0; i < num_privs; i++) { if( i < enum_context) { init_unistr2(&entries[i].name, NULL, UNI_FLAGS_NONE); @@ -1143,7 +1144,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - + get_current_user( &user, p ); if ( user.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) @@ -1184,7 +1185,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - + get_current_user( &user, p ); if ( user.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) @@ -1261,6 +1262,8 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER return r_u->status; } +#if 0 /* AD DC work in ongoing in Samba 4 */ + /*************************************************************************** ***************************************************************************/ @@ -1323,6 +1326,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I return r_u->status; } +#endif /* AD DC work in ongoing in Samba 4 */ /*************************************************************************** ***************************************************************************/ @@ -1474,3 +1478,31 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA } +NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, LSA_R_LOOKUP_PRIV_VALUE *r_u) +{ + struct lsa_info *info = NULL; + fstring name; + LUID_ATTR priv_luid; + SE_PRIV mask; + + /* find the connection policy handle. */ + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name)); + + DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name)); + + if ( !se_priv_from_name( name, &mask ) ) + return NT_STATUS_NO_SUCH_PRIVILEGE; + + priv_luid = get_privilege_luid( &mask ); + + r_u->luid.low = priv_luid.luid.low; + r_u->luid.high = priv_luid.luid.high; + + + return NT_STATUS_OK; +} + -- cgit