sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-17 04:23:50 +03:00
Code Activity

added the LSA privileges server backend stubs. Right now they just log

Browse Source 
what was requested.
This commit is contained in:
Andrew Tridgell
-
parent 203959f1c2
commit 64ac6c2bcb
4 changed files with 209 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/include/rpc_lsa.h
View File

@@ -537,7 +537,6 @@ typedef struct
POLICY_HND pol; /* policy handle */ POLICY_HND pol; /* policy handle */
DOM_SID2 sid; DOM_SID2 sid;
UNISTR2_ARRAY rights; UNISTR2_ARRAY rights;
uint32 count;
} LSA_Q_ADD_ACCT_RIGHTS; } LSA_Q_ADD_ACCT_RIGHTS;
/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
@@ -563,7 +562,6 @@ typedef struct
NTSTATUS status; NTSTATUS status;
} LSA_R_REMOVE_ACCT_RIGHTS; } LSA_R_REMOVE_ACCT_RIGHTS;
/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
typedef struct lsa_q_priv_get_dispname typedef struct lsa_q_priv_get_dispname
{ {

31
source/rpc_parse/parse_lsa.c
View File

@@ -2301,6 +2301,19 @@ BOOL lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *r_c, pr
return True; return True;
} }
/*******************************************************************
Inits an LSA_R_ENUM_ACCT_RIGHTS structure.
********************************************************************/
void init_r_enum_acct_rights(LSA_R_ENUM_ACCT_RIGHTS *q_r,
uint32 count,
const char **rights)
{
DEBUG(5, ("init_r_enum_acct_rights\n"));
q_r->count = count;
init_unistr2_array(&q_r->rights, count, rights);
}
/******************************************************************* /*******************************************************************
Inits an LSA_Q_ADD_ACCT_RIGHTS structure. Inits an LSA_Q_ADD_ACCT_RIGHTS structure.
@@ -2316,7 +2329,6 @@ void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q,
q_q->pol = *hnd; q_q->pol = *hnd;
init_dom_sid2(&q_q->sid, sid); init_dom_sid2(&q_q->sid, sid);
init_unistr2_array(&q_q->rights, count, rights); init_unistr2_array(&q_q->rights, count, rights);
q_q->count = 5;
} }
@@ -2357,6 +2369,15 @@ BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_
return True; return True;
} }
/*******************************************************************
Inits an LSA_R_ADD_ACCT_RIGHTS structure.
********************************************************************/
void init_r_add_acct_rights(LSA_R_ADD_ACCT_RIGHTS *q_r)
{
DEBUG(5, ("init_r_add_acct_rights\n"));
/* oh what a silly function! */
}
/******************************************************************* /*******************************************************************
Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure. Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure.
@@ -2417,3 +2438,11 @@ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c
return True; return True;
} }
/*******************************************************************
Inits an LSA_R_REMOVE_ACCT_RIGHTS structure.
********************************************************************/
void init_r_remove_acct_rights(LSA_R_REMOVE_ACCT_RIGHTS *q_r)
{
DEBUG(5, ("init_r_remove_acct_rights\n"));
}

99
source/rpc_server/srv_lsa.c
View File

@@ -642,6 +642,100 @@ static BOOL api_lsa_query_info2(pipes_struct *p)
} }
/***************************************************************************
api_lsa_enum_acctrights
***************************************************************************/
static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
{
LSA_Q_ENUM_ACCT_RIGHTS q_u;
LSA_R_ENUM_ACCT_RIGHTS r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
return False;
}
r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
return False;
}
return True;
}
/***************************************************************************
api_lsa_add_acctrights
***************************************************************************/
static BOOL api_lsa_add_acct_rights(pipes_struct *p)
{
LSA_Q_ADD_ACCT_RIGHTS q_u;
LSA_R_ADD_ACCT_RIGHTS r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
return False;
}
r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
return False;
}
return True;
}
/***************************************************************************
api_lsa_remove_acctrights
***************************************************************************/
static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
{
LSA_Q_REMOVE_ACCT_RIGHTS q_u;
LSA_R_REMOVE_ACCT_RIGHTS r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
return False;
}
r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
return False;
}
return True;
}
/*************************************************************************** /***************************************************************************
\PIPE\ntlsa commands \PIPE\ntlsa commands
***************************************************************************/ ***************************************************************************/
@@ -673,7 +767,10 @@ int rpc_lsa_init(void)
{ "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
{ "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
{ "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
{ "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 } { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
{ "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
{ "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
}; };
return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds, return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds,

81
source/rpc_server/srv_lsa_nt.c
View File

@@ -1260,3 +1260,84 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
return r_u->status; return r_u->status;
} }
/***************************************************************************
For a given SID, enumerate all the privilege this account has.
***************************************************************************/
NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
{
struct lsa_info *info=NULL;
char **rights = NULL;
int num_rights = 0;
r_u->status = NT_STATUS_OK;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
init_r_enum_acct_rights(r_u, num_rights, rights);
return r_u->status;
}
/***************************************************************************
add privileges to a acct by SID
***************************************************************************/
NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
{
struct lsa_info *info=NULL;
int i;
r_u->status = NT_STATUS_OK;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
/* no backend yet - just print them */
DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n",
sid_string_static(&q_u->sid.sid), q_u->rights.count));
for (i=0;i<q_u->rights.count;i++) {
DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
}
init_r_add_acct_rights(r_u);
return r_u->status;
}
/***************************************************************************
remove privileges from a acct by SID
***************************************************************************/
NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
{
struct lsa_info *info=NULL;
int i;
r_u->status = NT_STATUS_OK;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
/* no backend yet - just print them */
DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n",
sid_string_static(&q_u->sid.sid),
q_u->removeall,
q_u->rights.count));
for (i=0;i<q_u->rights.count;i++) {
DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
}
init_r_remove_acct_rights(r_u);
return r_u->status;
}