2005-01-18 17:46:24 +03:00
/*
Samba Unix / Linux SMB client library
Distributed SMB / CIFS Server Management Utility
Copyright ( C ) Gerald ( Jerry ) Carter 2004
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2005-01-18 17:46:24 +03:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>. */
2005-01-18 17:46:24 +03:00
# include "includes.h"
# include "utils/net.h"
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS sid_to_name ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
DOM_SID * sid ,
fstring name )
2005-01-19 19:52:19 +03:00
{
POLICY_HND pol ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType * sid_types ;
2005-01-19 19:52:19 +03:00
NTSTATUS result ;
char * * domains , * * names ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , True ,
2005-01-19 19:52:19 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED , & pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_lookup_sids ( pipe_hnd , mem_ctx , & pol , 1 , sid , & domains , & names , & sid_types ) ;
2005-01-19 19:52:19 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
if ( * domains [ 0 ] )
fstr_sprintf ( name , " %s \\ %s " , domains [ 0 ] , names [ 0 ] ) ;
else
fstrcpy ( name , names [ 0 ] ) ;
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( pipe_hnd , mem_ctx , & pol ) ;
2005-01-19 19:52:19 +03:00
return result ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS name_to_sid ( struct rpc_pipe_client * pipe_hnd ,
2005-01-18 21:28:34 +03:00
TALLOC_CTX * mem_ctx ,
DOM_SID * sid , const char * name )
{
POLICY_HND pol ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType * sid_types ;
2005-01-18 21:28:34 +03:00
NTSTATUS result ;
DOM_SID * sids ;
/* maybe its a raw SID */
2005-09-30 21:13:37 +04:00
if ( strncmp ( name , " S- " , 2 ) = = 0 & & string_to_sid ( sid , name ) ) {
2005-01-18 21:28:34 +03:00
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , True ,
2005-01-18 21:28:34 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED , & pol ) ;
2005-01-19 19:52:19 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
2005-01-18 21:28:34 +03:00
return result ;
2006-02-04 01:19:41 +03:00
result = rpccli_lsa_lookup_names ( pipe_hnd , mem_ctx , & pol , 1 , & name ,
2007-06-27 15:42:17 +04:00
NULL , 1 , & sids , & sid_types ) ;
2005-01-18 21:28:34 +03:00
2005-01-19 19:52:19 +03:00
if ( NT_STATUS_IS_OK ( result ) )
sid_copy ( sid , & sids [ 0 ] ) ;
2005-01-18 21:28:34 +03:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( pipe_hnd , mem_ctx , & pol ) ;
2005-01-18 21:28:34 +03:00
return result ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS enum_privileges ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * ctx ,
POLICY_HND * pol )
2005-01-18 21:28:34 +03:00
{
NTSTATUS result ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
uint32 count = 0 ;
char * * privs_name ;
uint32 * privs_high ;
uint32 * privs_low ;
int i ;
uint16 lang_id = 0 ;
uint16 lang_id_sys = 0 ;
uint16 lang_id_desc ;
fstring description ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_enum_privilege ( pipe_hnd , ctx , pol , & enum_context ,
2005-01-18 21:28:34 +03:00
pref_max_length , & count , & privs_name , & privs_high , & privs_low ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
/* Print results */
for ( i = 0 ; i < count ; i + + ) {
d_printf ( " %30s " , privs_name [ i ] ? privs_name [ i ] : " *unknown* " ) ;
/* try to get the description */
2005-09-30 21:13:37 +04:00
if ( ! NT_STATUS_IS_OK ( rpccli_lsa_get_dispname ( pipe_hnd , ctx , pol ,
2005-01-18 21:28:34 +03:00
privs_name [ i ] , lang_id , lang_id_sys , description , & lang_id_desc ) ) )
{
d_printf ( " ?????? \n " ) ;
continue ;
}
d_printf ( " %s \n " , description ) ;
}
return NT_STATUS_OK ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS check_privilege_for_user ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * ctx ,
POLICY_HND * pol ,
DOM_SID * sid ,
const char * right )
2005-03-20 21:01:46 +03:00
{
NTSTATUS result ;
uint32 count ;
char * * rights ;
int i ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_enum_account_rights ( pipe_hnd , ctx , pol , sid , & count , & rights ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
if ( count = = 0 ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
for ( i = 0 ; i < count ; i + + ) {
if ( StrCaseCmp ( rights [ i ] , right ) = = 0 ) {
return NT_STATUS_OK ;
}
}
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS enum_privileges_for_user ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * ctx ,
POLICY_HND * pol ,
DOM_SID * sid )
2005-01-18 21:28:34 +03:00
{
NTSTATUS result ;
uint32 count ;
char * * rights ;
int i ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_enum_account_rights ( pipe_hnd , ctx , pol , sid , & count , & rights ) ;
2005-01-18 21:28:34 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-01-18 23:51:06 +03:00
if ( count = = 0 )
d_printf ( " No privileges assigned \n " ) ;
2005-01-18 21:28:34 +03:00
for ( i = 0 ; i < count ; i + + ) {
2005-01-18 23:51:06 +03:00
printf ( " %s \n " , rights [ i ] ) ;
}
return NT_STATUS_OK ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS enum_accounts_for_privilege ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * ctx ,
POLICY_HND * pol ,
const char * privilege )
2005-03-20 21:01:46 +03:00
{
NTSTATUS result ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
DOM_SID * sids ;
uint32 count = 0 ;
int i ;
fstring name ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_enum_sids ( pipe_hnd , ctx , pol , & enum_context ,
2005-03-20 21:01:46 +03:00
pref_max_length , & count , & sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
d_printf ( " %s: \n " , privilege ) ;
for ( i = 0 ; i < count ; i + + ) {
2005-09-30 21:13:37 +04:00
result = check_privilege_for_user ( pipe_hnd , ctx , pol , & sids [ i ] , privilege ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
return result ;
}
continue ;
}
/* try to convert the SID to a name. Fall back to
printing the raw SID if necessary */
2005-09-30 21:13:37 +04:00
result = sid_to_name ( pipe_hnd , ctx , & sids [ i ] , name ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
2007-12-16 00:47:30 +03:00
sid_to_fstring ( name , & sids [ i ] ) ;
2007-12-15 23:11:36 +03:00
2005-03-20 21:01:46 +03:00
d_printf ( " %s \n " , name ) ;
}
return NT_STATUS_OK ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS enum_privileges_for_accounts ( struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * ctx ,
POLICY_HND * pol )
2005-01-18 23:51:06 +03:00
{
NTSTATUS result ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
DOM_SID * sids ;
uint32 count = 0 ;
int i ;
2005-01-19 19:52:19 +03:00
fstring name ;
2005-01-18 23:51:06 +03:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_enum_sids ( pipe_hnd , ctx , pol , & enum_context ,
2005-01-18 23:51:06 +03:00
pref_max_length , & count , & sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
for ( i = 0 ; i < count ; i + + ) {
2005-01-19 19:52:19 +03:00
/* try to convert the SID to a name. Fall back to
printing the raw SID if necessary */
2005-09-30 21:13:37 +04:00
result = sid_to_name ( pipe_hnd , ctx , & sids [ i ] , name ) ;
2005-01-19 19:52:19 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
2007-12-16 00:47:30 +03:00
sid_to_fstring ( name , & sids [ i ] ) ;
2005-01-19 19:52:19 +03:00
d_printf ( " %s \n " , name ) ;
2005-09-30 21:13:37 +04:00
result = enum_privileges_for_user ( pipe_hnd , ctx , pol , & sids [ i ] ) ;
2005-01-18 23:51:06 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
d_printf ( " \n " ) ;
2005-01-18 21:28:34 +03:00
}
return NT_STATUS_OK ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS rpc_rights_list_internal ( const DOM_SID * domain_sid ,
const char * domain_name ,
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
2005-01-18 17:46:24 +03:00
{
2005-01-18 21:28:34 +03:00
POLICY_HND pol ;
NTSTATUS result ;
DOM_SID sid ;
2005-03-26 09:52:56 +03:00
fstring privname ;
fstring description ;
uint16 lang_id = 0 ;
uint16 lang_id_sys = 0 ;
uint16 lang_id_desc ;
2005-01-18 21:28:34 +03:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( pipe_hnd , mem_ctx , True ,
2005-01-18 21:28:34 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED , & pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-03-26 09:52:56 +03:00
/* backwards compatibility; just list available privileges if no arguement */
2005-03-20 21:01:46 +03:00
if ( argc = = 0 ) {
2005-09-30 21:13:37 +04:00
result = enum_privileges ( pipe_hnd , mem_ctx , & pol ) ;
2005-03-20 21:01:46 +03:00
goto done ;
}
2005-01-18 21:28:34 +03:00
2005-03-20 21:01:46 +03:00
if ( strequal ( argv [ 0 ] , " privileges " ) ) {
int i = 1 ;
if ( argv [ 1 ] = = NULL ) {
2005-09-30 21:13:37 +04:00
result = enum_privileges ( pipe_hnd , mem_ctx , & pol ) ;
2005-03-20 21:01:46 +03:00
goto done ;
2005-01-18 23:51:06 +03:00
}
2005-03-20 21:01:46 +03:00
2005-09-30 21:13:37 +04:00
while ( argv [ i ] ! = NULL ) {
2005-03-26 09:52:56 +03:00
fstrcpy ( privname , argv [ i ] ) ;
i + + ;
/* verify that this is a valid privilege for error reporting */
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_get_dispname ( pipe_hnd , mem_ctx , & pol , privname , lang_id ,
2005-03-26 09:52:56 +03:00
lang_id_sys , description , & lang_id_desc ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( NT_STATUS_EQUAL ( result , NT_STATUS_NO_SUCH_PRIVILEGE ) )
2006-01-18 00:22:00 +03:00
d_fprintf ( stderr , " No such privilege exists: %s. \n " , privname ) ;
2005-03-26 09:52:56 +03:00
else
2006-01-18 00:22:00 +03:00
d_fprintf ( stderr , " Error resolving privilege display name [%s]. \n " , nt_errstr ( result ) ) ;
2005-03-26 09:52:56 +03:00
continue ;
}
2005-09-30 21:13:37 +04:00
result = enum_accounts_for_privilege ( pipe_hnd , mem_ctx , & pol , privname ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-01-18 00:22:00 +03:00
d_fprintf ( stderr , " Error enumerating accounts for privilege %s [%s]. \n " ,
2005-03-26 09:52:56 +03:00
privname , nt_errstr ( result ) ) ;
continue ;
2005-03-20 21:01:46 +03:00
}
2005-01-18 21:28:34 +03:00
}
2005-03-20 21:01:46 +03:00
goto done ;
2005-01-18 21:28:34 +03:00
}
2005-03-26 09:52:56 +03:00
/* special case to enumerate all privileged SIDs with associated rights */
2005-01-18 21:28:34 +03:00
2005-03-20 21:01:46 +03:00
if ( strequal ( argv [ 0 ] , " accounts " ) ) {
int i = 1 ;
if ( argv [ 1 ] = = NULL ) {
2005-09-30 21:13:37 +04:00
result = enum_privileges_for_accounts ( pipe_hnd , mem_ctx , & pol ) ;
2005-03-20 21:01:46 +03:00
goto done ;
}
2005-01-18 21:28:34 +03:00
2005-03-20 21:01:46 +03:00
while ( argv [ i ] ! = NULL ) {
2005-09-30 21:13:37 +04:00
result = name_to_sid ( pipe_hnd , mem_ctx , & sid , argv [ i ] ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2005-09-30 21:13:37 +04:00
result = enum_privileges_for_user ( pipe_hnd , mem_ctx , & pol , & sid ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
i + + ;
}
goto done ;
}
/* backward comaptibility: if no keyword provided, treat the key
as an account name */
if ( argc > 1 ) {
2005-03-26 09:52:56 +03:00
d_printf ( " Usage: net rpc rights list [[accounts|privileges] [name|SID]] \n " ) ;
2005-03-20 21:01:46 +03:00
result = NT_STATUS_OK ;
goto done ;
}
2005-09-30 21:13:37 +04:00
result = name_to_sid ( pipe_hnd , mem_ctx , & sid , argv [ 0 ] ) ;
2005-03-20 21:01:46 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
2005-09-30 21:13:37 +04:00
result = enum_privileges_for_user ( pipe_hnd , mem_ctx , & pol , & sid ) ;
2005-01-18 21:28:34 +03:00
done :
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( pipe_hnd , mem_ctx , & pol ) ;
2005-01-18 21:28:34 +03:00
return result ;
2005-01-18 17:46:24 +03:00
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS rpc_rights_grant_internal ( const DOM_SID * domain_sid ,
const char * domain_name ,
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
2005-01-18 17:46:24 +03:00
{
2005-01-18 21:28:34 +03:00
POLICY_HND dom_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
if ( argc < 2 ) {
d_printf ( " Usage: net rpc rights grant <name|SID> <rights...> \n " ) ;
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = name_to_sid ( pipe_hnd , mem_ctx , & sid , argv [ 0 ] ) ;
2005-01-18 21:28:34 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( pipe_hnd , mem_ctx , True ,
2005-01-18 21:28:34 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_add_account_rights ( pipe_hnd , mem_ctx , & dom_pol , sid ,
2005-01-18 21:28:34 +03:00
argc - 1 , argv + 1 ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
d_printf ( " Successfully granted rights. \n " ) ;
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-01-18 00:22:00 +03:00
d_fprintf ( stderr , " Failed to grant privileges for %s (%s) \n " ,
2005-01-18 21:28:34 +03:00
argv [ 0 ] , nt_errstr ( result ) ) ;
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( pipe_hnd , mem_ctx , & dom_pol ) ;
2005-01-18 21:28:34 +03:00
return result ;
2005-01-18 17:46:24 +03:00
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
static NTSTATUS rpc_rights_revoke_internal ( const DOM_SID * domain_sid ,
const char * domain_name ,
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
2005-01-18 17:46:24 +03:00
{
2005-01-18 21:28:34 +03:00
POLICY_HND dom_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
if ( argc < 2 ) {
d_printf ( " Usage: net rpc rights revoke <name|SID> <rights...> \n " ) ;
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = name_to_sid ( pipe_hnd , mem_ctx , & sid , argv [ 0 ] ) ;
2005-01-18 21:28:34 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( pipe_hnd , mem_ctx , True ,
2005-01-18 21:28:34 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
return result ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_remove_account_rights ( pipe_hnd , mem_ctx , & dom_pol , sid ,
2005-01-18 21:28:34 +03:00
False , argc - 1 , argv + 1 ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
d_printf ( " Successfully revoked rights. \n " ) ;
done :
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-02-04 01:19:41 +03:00
d_fprintf ( stderr , " Failed to revoke privileges for %s (%s) \n " ,
2005-01-18 21:28:34 +03:00
argv [ 0 ] , nt_errstr ( result ) ) ;
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( pipe_hnd , mem_ctx , & dom_pol ) ;
2005-01-18 21:28:34 +03:00
return result ;
}
2005-01-18 17:46:24 +03:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_rights_list ( int argc , const char * * argv )
{
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
rpc_rights_list_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_rights_grant ( int argc , const char * * argv )
{
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
rpc_rights_grant_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int rpc_rights_revoke ( int argc , const char * * argv )
{
return run_rpc_command ( NULL , PI_LSARPC , 0 ,
rpc_rights_revoke_internal , argc , argv ) ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int net_help_rights ( int argc , const char * * argv )
{
2005-03-26 09:52:56 +03:00
d_printf ( " net rpc rights list [{accounts|privileges} [name|SID]] View available or assigned privileges \n " ) ;
d_printf ( " net rpc rights grant <name|SID> <right> Assign privilege[s] \n " ) ;
d_printf ( " net rpc rights revoke <name|SID> <right> Revoke privilege[s] \n " ) ;
2005-01-18 17:46:24 +03:00
2005-01-18 23:51:06 +03:00
d_printf ( " \n Both 'grant' and 'revoke' require a SID and a list of privilege names. \n " ) ;
d_printf ( " For example \n " ) ;
2005-03-04 20:38:25 +03:00
d_printf ( " \n net rpc rights grant 'VALE \\ biddle' SePrintOperatorPrivilege SeDiskOperatorPrivilege \n " ) ;
2005-01-18 23:51:06 +03:00
d_printf ( " \n would grant the printer admin and disk manager rights to the user 'VALE \\ biddle' \n \n " ) ;
2005-01-18 17:46:24 +03:00
return - 1 ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int net_rpc_rights ( int argc , const char * * argv )
{
struct functable func [ ] = {
{ " list " , rpc_rights_list } ,
{ " grant " , rpc_rights_grant } ,
{ " revoke " , rpc_rights_revoke } ,
{ NULL , NULL }
} ;
if ( argc )
return net_run_function ( argc , argv , func , net_help_rights ) ;
return net_help_rights ( argc , argv ) ;
}
2006-02-04 01:19:41 +03:00
static NTSTATUS rpc_sh_rights_list ( TALLOC_CTX * mem_ctx , struct rpc_sh_ctx * ctx ,
struct rpc_pipe_client * pipe_hnd ,
int argc , const char * * argv )
{
return rpc_rights_list_internal ( ctx - > domain_sid , ctx - > domain_name ,
ctx - > cli , pipe_hnd , mem_ctx ,
argc , argv ) ;
}
static NTSTATUS rpc_sh_rights_grant ( TALLOC_CTX * mem_ctx ,
struct rpc_sh_ctx * ctx ,
struct rpc_pipe_client * pipe_hnd ,
int argc , const char * * argv )
{
return rpc_rights_grant_internal ( ctx - > domain_sid , ctx - > domain_name ,
ctx - > cli , pipe_hnd , mem_ctx ,
argc , argv ) ;
}
static NTSTATUS rpc_sh_rights_revoke ( TALLOC_CTX * mem_ctx ,
struct rpc_sh_ctx * ctx ,
struct rpc_pipe_client * pipe_hnd ,
int argc , const char * * argv )
{
return rpc_rights_revoke_internal ( ctx - > domain_sid , ctx - > domain_name ,
ctx - > cli , pipe_hnd , mem_ctx ,
argc , argv ) ;
}
struct rpc_sh_cmd * net_rpc_rights_cmds ( TALLOC_CTX * mem_ctx ,
struct rpc_sh_ctx * ctx )
{
static struct rpc_sh_cmd cmds [ ] = {
{ " list " , NULL , PI_LSARPC , rpc_sh_rights_list ,
" View available or assigned privileges " } ,
{ " grant " , NULL , PI_LSARPC , rpc_sh_rights_grant ,
" Assign privilege[s] " } ,
{ " revoke " , NULL , PI_LSARPC , rpc_sh_rights_revoke ,
" Revoke privilege[s] " } ,
{ NULL , NULL , 0 , NULL , NULL }
} ;
return cmds ;
2006-05-17 15:14:26 +04:00
}
2006-02-04 01:19:41 +03:00
