summaryrefslogtreecommitdiffstats
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-02-12 09:14:35 +0000
committerAndrew Tridgell <tridge@samba.org>2003-02-12 09:14:35 +0000
commitfaf30e69ae0a54a770ef230c0ebae802c0a86be4 (patch)
tree2b95db3b72331eb12f4177e333355ffb3b74b41a /source3/rpc_server
parentce7db9bdcc8ed1333812b95a672e946aeb986bdc (diff)
downloadsamba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.tar.gz
samba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.tar.xz
samba-faf30e69ae0a54a770ef230c0ebae802c0a86be4.zip
initial server side privileges implementation, using a tdb. This needs to be hooked into pdb, and we need some access control on changing privileges. That's next
(This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa_nt.c37
1 files changed, 32 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 57e8177bc60..b230381d629 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1270,6 +1270,7 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
struct lsa_info *info=NULL;
char **rights = NULL;
int num_rights = 0;
+ int i;
r_u->status = NT_STATUS_OK;
@@ -1277,8 +1278,15 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
+ r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights);
+
init_r_enum_acct_rights(r_u, num_rights, rights);
+ for (i=0;i<num_rights;i++) {
+ free(rights[i]);
+ }
+ safe_free(rights);
+
return r_u->status;
}
@@ -1304,10 +1312,12 @@ NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p,
DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right));
- /* no backend db yet .... */
+ r_u->status = privilege_enum_account_with_right(right, &count, &sids);
init_r_enum_acct_with_right(r_u, count, sids);
+ safe_free(sids);
+
return r_u->status;
}
@@ -1325,8 +1335,6 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- /* no backend yet - just print them */
-
DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n",
sid_string_static(&q_u->sid.sid), q_u->rights.count));
@@ -1334,6 +1342,17 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R
DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
}
+
+ for (i=0;i<q_u->rights.count;i++) {
+ r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string),
+ &q_u->sid.sid);
+ if (!NT_STATUS_IS_OK(r_u->status)) {
+ DEBUG(2,("Failed to add right '%s'\n",
+ unistr2_static(&q_u->rights.strings[i].string)));
+ break;
+ }
+ }
+
init_r_add_acct_rights(r_u);
return r_u->status;
@@ -1355,8 +1374,6 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
return NT_STATUS_INVALID_HANDLE;
- /* no backend yet - just print them */
-
DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n",
sid_string_static(&q_u->sid.sid),
q_u->removeall,
@@ -1366,6 +1383,16 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
}
+ for (i=0;i<q_u->rights.count;i++) {
+ r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string),
+ &q_u->sid.sid);
+ if (!NT_STATUS_IS_OK(r_u->status)) {
+ DEBUG(2,("Failed to remove right '%s'\n",
+ unistr2_static(&q_u->rights.strings[i].string)));
+ break;
+ }
+ }
+
init_r_remove_acct_rights(r_u);
return r_u->status;