From 86450bd59caf5ff08edf7fed3af0622e559569f5 Mon Sep 17 00:00:00 2001
From: David Markey <admin@dmarkey.com>
Date: Wed, 17 Jun 2009 18:29:20 +0200
Subject: s3-net: Fix Bug #6328: support "net sam rights grant/revoke" with
 multiple rights.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

David

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/utils/net_sam.c | 42 ++++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 18 deletions(-)

(limited to 'source3/utils/net_sam.c')

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index e8ab412469..787bbdd502 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -682,12 +682,12 @@ static int net_sam_rights_grant(struct net_context *c, int argc,
 
 	if (argc < 2 || c->display_usage) {
 		d_fprintf(stderr, "usage: net sam rights grant <name> "
-			  "<right> ...\n");
+			"<rights> ...\n");
 		return -1;
 	}
 
 	if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
-			 &dom, &name, &sid, &type)) {
+			&dom, &name, &sid, &type)) {
 		d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 		return -1;
 	}
@@ -709,36 +709,42 @@ static int net_sam_rights_grant(struct net_context *c, int argc,
 	return 0;
 }
 
-static int net_sam_rights_revoke(struct net_context *c, int argc, const char **argv)
+static int net_sam_rights_revoke(struct net_context *c, int argc,
+				const char **argv)
 {
 	DOM_SID sid;
 	enum lsa_SidType type;
 	const char *dom, *name;
 	SE_PRIV mask;
+	int i;
 
-	if (argc != 2 || c->display_usage) {
+	if (argc < 2 || c->display_usage) {
 		d_fprintf(stderr, "usage: net sam rights revoke <name> "
-			  "<right>\n");
+			"<rights>\n");
 		return -1;
 	}
 
 	if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
-			 &dom, &name, &sid, &type)) {
+			&dom, &name, &sid, &type)) {
 		d_fprintf(stderr, "Could not find name %s\n", argv[0]);
 		return -1;
 	}
 
-	if (!se_priv_from_name(argv[1], &mask)) {
-		d_fprintf(stderr, "%s unknown\n", argv[1]);
-		return -1;
-	}
+	for (i=1; i < argc; i++) {
 
-	if (!revoke_privilege(&sid, &mask)) {
-		d_fprintf(stderr, "Could not revoke privilege\n");
-		return -1;
+		if (!se_priv_from_name(argv[i], &mask)) {
+			d_fprintf(stderr, "%s unknown\n", argv[i]);
+			return -1;
+		}
+
+		if (!revoke_privilege(&sid, &mask)) {
+			d_fprintf(stderr, "Could not revoke privilege\n");
+			return -1;
+		}
+
+		d_printf("Revoked %s from %s\\%s\n", argv[i], dom, name);
 	}
 
-	d_printf("Revoked %s from %s\\%s\n", argv[1], dom, name);
 	return 0;
 }
 
@@ -757,17 +763,17 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv)
 			"grant",
 			net_sam_rights_grant,
 			NET_TRANSPORT_LOCAL,
-			"Grant a right",
+			"Grant right(s)",
 			"net sam rights grant\n"
-			"    Grant a right"
+			"    Grant right(s)"
 		},
 		{
 			"revoke",
 			net_sam_rights_revoke,
 			NET_TRANSPORT_LOCAL,
-			"Revoke a right",
+			"Revoke right(s)",
 			"net sam rights revoke\n"
-			"    Revoke a right"
+			"    Revoke right(s)"
 		},
 		{NULL, NULL, 0, NULL, NULL}
 	};
-- 
cgit