sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

s4-lsa: merge lsa_EnumPrivsAccount from s3 lsa idl.

Browse Source 
Guenther
This commit is contained in:
Günther Deschner 2008-10-21 02:11:54 +02:00
parent 95c69caef6
commit ea6b4865ea
5 changed files with 46 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source3/librpc/idl/lsa.idl
View File

@ -488,7 +488,7 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_LUIDAttribute set[*];
} lsa_PrivilegeSet;
NTSTATUS lsa_EnumPrivsAccount (
NTSTATUS lsa_EnumPrivsAccount(
[in] policy_handle *handle,
[out,ref] lsa_PrivilegeSet **privs
);

4
source4/librpc/idl/lsa.idl
View File

@ -483,9 +483,9 @@ import "misc.idl", "security.idl";
[size_is(count)] lsa_LUIDAttribute set[*];
} lsa_PrivilegeSet;
NTSTATUS lsa_EnumPrivsAccount (
NTSTATUS lsa_EnumPrivsAccount(
[in] policy_handle *handle,
[out,unique] lsa_PrivilegeSet *privs
[out,ref] lsa_PrivilegeSet **privs
);

42
source4/rpc_server/lsa/dcesrv_lsa.c
View File

@ -1724,15 +1724,21 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
const char * const attrs[] = { "privilege", NULL};
struct ldb_message_element *el;
const char *sidstr;
struct lsa_PrivilegeSet *privs;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
r->out.privs->count = 0;
r->out.privs->unknown = 0;
r->out.privs->set = NULL;
privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
if (privs == NULL) {
return NT_STATUS_NO_MEMORY;
}
privs->count = 0;
privs->unknown = 0;
privs->set = NULL;
*r->out.privs = privs;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
if (sidstr == NULL) {
@ -1750,9 +1756,9 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
return NT_STATUS_OK;
}
r->out.privs->set = talloc_array(r->out.privs,
struct lsa_LUIDAttribute, el->num_values);
if (r->out.privs->set == NULL) {
privs->set = talloc_array(privs,
struct lsa_LUIDAttribute, el->num_values);
if (privs->set == NULL) {
return NT_STATUS_NO_MEMORY;
}
@ -1761,12 +1767,12 @@ static NTSTATUS dcesrv_lsa_EnumPrivsAccount(struct dcesrv_call_state *dce_call,
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.privs->set[i].attribute = 0;
r->out.privs->set[i].luid.low = id;
r->out.privs->set[i].luid.high = 0;
privs->set[i].attribute = 0;
privs->set[i].luid.low = id;
privs->set[i].luid.high = 0;
}
r->out.privs->count = el->num_values;
privs->count = el->num_values;
return NT_STATUS_OK;
}
@ -2058,8 +2064,18 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
int i;
NTSTATUS status;
struct lsa_EnumPrivsAccount enumPrivs;
struct lsa_PrivilegeSet *privs;
privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
if (!privs) {
return NT_STATUS_NO_MEMORY;
}
privs->count = 0;
privs->unknown = 0;
privs->set = NULL;
enumPrivs.in.handle = r->in.handle;
enumPrivs.out.privs = &privs;
status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
if (!NT_STATUS_IS_OK(status)) {
@ -2068,8 +2084,8 @@ static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_
*(r->out.access_mask) = 0x00000000;
for (i = 0; i < enumPrivs.out.privs->count; i++) {
int priv = enumPrivs.out.privs->set[i].luid.low;
for (i = 0; i < privs->count; i++) {
int priv = privs->set[i].luid.low;
switch (priv) {
case SEC_PRIV_INTERACTIVE_LOGON:

12
source4/torture/rpc/lsa.c
View File

@ -867,11 +867,13 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct lsa_EnumPrivsAccount r;
struct lsa_PrivilegeSet *privs = NULL;
bool ret = true;
printf("\nTesting EnumPrivsAccount\n");
r.in.handle = acct_handle;
r.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@ -879,17 +881,17 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
return false;
}
if (r.out.privs && r.out.privs->count > 0) {
if (privs && privs->count > 0) {
int i;
for (i=0;i<r.out.privs->count;i++) {
for (i=0;i<privs->count;i++) {
test_LookupPrivName(p, mem_ctx, handle,
&r.out.privs->set[i].luid);
&privs->set[i].luid);
}
ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle,
&r.out.privs->set[0].luid);
&privs->set[0].luid);
ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
&r.out.privs->set[0].luid);
&privs->set[0].luid);
}
return ret;

12
source4/torture/rpc/samsync.c
View File

@ -1027,6 +1027,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
struct lsa_OpenAccount a;
struct policy_handle acct_handle;
struct lsa_EnumPrivsAccount e;
struct lsa_PrivilegeSet *privs = NULL;
struct lsa_LookupPrivName r;
int i, j;
@ -1049,6 +1050,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
e.in.handle = &acct_handle;
e.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e);
if (!NT_STATUS_IS_OK(status)) {
@ -1056,23 +1058,23 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa
return false;
}
if ((account->privilege_entries && !e.out.privs)) {
if ((account->privilege_entries && !privs)) {
printf("Account %s has privileges in SamSync, but not LSA\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
if (!account->privilege_entries && e.out.privs && e.out.privs->count) {
if (!account->privilege_entries && privs && privs->count) {
printf("Account %s has privileges in LSA, but not SamSync\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count);
TEST_INT_EQUAL(account->privilege_entries, privs->count);
for (i=0;i< e.out.privs->count; i++) {
for (i=0;i< privs->count; i++) {
r.in.handle = samsync_state->lsa_handle;
r.in.luid = &e.out.privs->set[i].luid;
r.in.luid = &privs->set[i].luid;
status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {