mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Use pidl for _lsa_AddPrivilegesToAccount and _lsa_RemovePrivilegesFromAccount.
Guenther
(This used to be commit 0c9904864b)
This commit is contained in:
Günther Deschner
parent
55e5e753bb
commit
08f019d973
@ -473,7 +473,7 @@ bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask )
|
||||
/*******************************************************************
|
||||
*******************************************************************/
|
||||
|
||||
static bool luid_to_se_priv( LUID *luid, SE_PRIV *mask )
|
||||
static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask )
|
||||
{
|
||||
int i;
|
||||
uint32 num_privs = count_all_privileges();
|
||||
@ -491,7 +491,7 @@ static bool luid_to_se_priv( LUID *luid, SE_PRIV *mask )
|
||||
/*******************************************************************
|
||||
*******************************************************************/
|
||||
|
||||
bool privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
|
||||
bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset )
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
@ -249,29 +249,7 @@ static bool api_lsa_setsystemaccount(pipes_struct *p)
|
||||
|
||||
static bool api_lsa_addprivs(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_ADDPRIVS q_u;
|
||||
LSA_R_ADDPRIVS r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_addprivs("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_addprivs(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_addprivs("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
return proxy_lsa_call(p, NDR_LSA_ADDPRIVILEGESTOACCOUNT);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
@ -280,29 +258,7 @@ static bool api_lsa_addprivs(pipes_struct *p)
|
||||
|
||||
static bool api_lsa_removeprivs(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_REMOVEPRIVS q_u;
|
||||
LSA_R_REMOVEPRIVS r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_removeprivs("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_removeprivs(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_removeprivs("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
return proxy_lsa_call(p, NDR_LSA_REMOVEPRIVILEGESFROMACCOUNT);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
|
||||
@ -1843,17 +1843,19 @@ NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p,
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_AddPrivilegesToAccount
|
||||
For a given SID, add some privileges.
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
|
||||
NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p,
|
||||
struct lsa_AddPrivilegesToAccount *r)
|
||||
{
|
||||
struct lsa_info *info = NULL;
|
||||
SE_PRIV mask;
|
||||
PRIVILEGE_SET *set = NULL;
|
||||
struct lsa_PrivilegeSet *set = NULL;
|
||||
|
||||
/* find the connection policy handle. */
|
||||
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
|
||||
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
|
||||
return NT_STATUS_INVALID_HANDLE;
|
||||
|
||||
/* check to see if the pipe_user is root or a Domain Admin since
|
||||
@ -1865,13 +1867,12 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
set = &q_u->set;
|
||||
|
||||
set = r->in.privs;
|
||||
if ( !privilege_set_to_se_priv( &mask, set ) )
|
||||
return NT_STATUS_NO_SUCH_PRIVILEGE;
|
||||
|
||||
if ( !grant_privilege( &info->sid, &mask ) ) {
|
||||
DEBUG(3,("_lsa_addprivs: grant_privilege(%s) failed!\n",
|
||||
DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege(%s) failed!\n",
|
||||
sid_string_dbg(&info->sid) ));
|
||||
DEBUG(3,("Privilege mask:\n"));
|
||||
dump_se_priv( DBGC_ALL, 3, &mask );
|
||||
@ -1882,17 +1883,19 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_RemovePrivilegesFromAccount
|
||||
For a given SID, remove some privileges.
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
|
||||
NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p,
|
||||
struct lsa_RemovePrivilegesFromAccount *r)
|
||||
{
|
||||
struct lsa_info *info = NULL;
|
||||
SE_PRIV mask;
|
||||
PRIVILEGE_SET *set = NULL;
|
||||
struct lsa_PrivilegeSet *set = NULL;
|
||||
|
||||
/* find the connection policy handle. */
|
||||
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
|
||||
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
|
||||
return NT_STATUS_INVALID_HANDLE;
|
||||
|
||||
/* check to see if the pipe_user is root or a Domain Admin since
|
||||
@ -1904,13 +1907,13 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
set = &q_u->set;
|
||||
set = r->in.privs;
|
||||
|
||||
if ( !privilege_set_to_se_priv( &mask, set ) )
|
||||
return NT_STATUS_NO_SUCH_PRIVILEGE;
|
||||
|
||||
if ( !revoke_privilege( &info->sid, &mask ) ) {
|
||||
DEBUG(3,("_lsa_removeprivs: revoke_privilege(%s) failed!\n",
|
||||
DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
|
||||
sid_string_dbg(&info->sid) ));
|
||||
DEBUG(3,("Privilege mask:\n"));
|
||||
dump_se_priv( DBGC_ALL, 3, &mask );
|
||||
@ -2277,18 +2280,6 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r)
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, struct lsa_AddPrivilegesToAccount *r)
|
||||
{
|
||||
p->rng_fault_state = True;
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, struct lsa_RemovePrivilegesFromAccount *r)
|
||||
{
|
||||
p->rng_fault_state = True;
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r)
|
||||
{
|
||||
p->rng_fault_state = True;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user