diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-01-15 07:40:40 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-01-15 07:40:40 +0000 |
commit | 65bac11d716f873dcdbda528313c33634c26a072 (patch) | |
tree | e6cddf1a044dc72ff1d5a2ac5aa01460fa930d4c /source/rpc_client | |
parent | 919889de78fc3c7bc5dfebcc180385f2f3d7a564 (diff) | |
download | samba-65bac11d716f873dcdbda528313c33634c26a072.tar.gz samba-65bac11d716f873dcdbda528313c33634c26a072.tar.xz samba-65bac11d716f873dcdbda528313c33634c26a072.zip |
added cli_lsa_enum_account_rights() call. Note that this is in
principal similar to the existing cli_lsa_enum_privsaccount() call,
except that cli_lsa_enum_account_rights() doesn't require a call to
open_account first. There is also the minor matter that
cli_lsa_enum_account_rights() works whereas
cli_lsa_enum_privsaccount() doesn't!
this call can be used to find what privileges an account or group
has. This is a first step towards proper privileges support in Samba.
Diffstat (limited to 'source/rpc_client')
-rw-r--r-- | source/rpc_client/cli_lsarpc.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 6d1d56ee849..2b65c67f156 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -1150,6 +1150,63 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Enumerate account rights This is similar to enum_privileges but + takes a SID directly, avoiding the open_account call. +*/ + +NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID sid, + uint32 *count, char ***privs_name) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_ACCT_RIGHTS q; + LSA_R_ENUM_ACCT_RIGHTS r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + init_q_enum_acct_rights(&q, pol, 2, &sid); + + if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!lsa_io_r_enum_acct_rights("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *count = r.count; + if (! *count) { + goto done; + } + + *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **)); + for (i=0;i<*count;i++) { + pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); + } + +done: + + return result; +} + + #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN |