From b4776d89ea9861def5b9d491b3ec6b881d086505 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 6 Feb 2003 05:42:19 +0000
Subject: added the LSA privileges server backend stubs. Right now they just
 log what was requested. (This used to be commit
 64ac6c2bcb729c4658de48e929cc792681903ecc)

---
 source3/rpc_server/srv_lsa.c    | 99 ++++++++++++++++++++++++++++++++++++++++-
 source3/rpc_server/srv_lsa_nt.c | 81 +++++++++++++++++++++++++++++++++
 2 files changed, 179 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 815de390ec..ace95e7308 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -642,6 +642,100 @@ static BOOL api_lsa_query_info2(pipes_struct *p)
 }
 
 
+
+/***************************************************************************
+ api_lsa_enum_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
+{
+	LSA_Q_ENUM_ACCT_RIGHTS q_u;
+	LSA_R_ENUM_ACCT_RIGHTS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/***************************************************************************
+ api_lsa_add_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_add_acct_rights(pipes_struct *p)
+{
+	LSA_Q_ADD_ACCT_RIGHTS q_u;
+	LSA_R_ADD_ACCT_RIGHTS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/***************************************************************************
+ api_lsa_remove_acctrights
+ ***************************************************************************/
+static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
+{
+	LSA_Q_REMOVE_ACCT_RIGHTS q_u;
+	LSA_R_REMOVE_ACCT_RIGHTS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
 /***************************************************************************
  \PIPE\ntlsa commands
  ***************************************************************************/
@@ -673,7 +767,10 @@ int rpc_lsa_init(void)
       { "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
       { "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
       { "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
-      { "LSA_QUERYINFO2"      , LSA_QUERYINFO2      , api_lsa_query_info2      }
+      { "LSA_QUERYINFO2"      , LSA_QUERYINFO2      , api_lsa_query_info2      },
+      { "LSA_ENUMACCTRIGHTS"  , LSA_ENUMACCTRIGHTS  , api_lsa_enum_acct_rights },
+      { "LSA_ADDACCTRIGHTS"   , LSA_ADDACCTRIGHTS   , api_lsa_add_acct_rights  },
+      { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
     };
 
   return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds, 
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index fc51d7ef2f..7a2f5ae443 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1260,3 +1260,84 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
 
 	return r_u->status;
 }
+
+
+/***************************************************************************
+ For a given SID, enumerate all the privilege this account has.
+ ***************************************************************************/
+NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+{
+	struct lsa_info *info=NULL;
+	char **rights = NULL;
+	int num_rights = 0;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	init_r_enum_acct_rights(r_u, num_rights, rights);
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ add privileges to a acct by SID
+ ***************************************************************************/
+NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
+{
+	struct lsa_info *info=NULL;
+	int i;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* no backend yet - just print them */
+
+	DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", 
+		 sid_string_static(&q_u->sid.sid), q_u->rights.count));
+
+	for (i=0;i<q_u->rights.count;i++) {
+		DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
+	}
+
+	init_r_add_acct_rights(r_u);
+
+	return r_u->status;
+}
+
+
+/***************************************************************************
+ remove privileges from a acct by SID
+ ***************************************************************************/
+NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
+{
+	struct lsa_info *info=NULL;
+	int i;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+
+	/* no backend yet - just print them */
+
+	DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", 
+		 sid_string_static(&q_u->sid.sid),
+		 q_u->removeall,
+		 q_u->rights.count));
+
+	for (i=0;i<q_u->rights.count;i++) {
+		DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
+	}
+
+	init_r_remove_acct_rights(r_u);
+
+	return r_u->status;
+}
-- 
cgit