* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
r_l->hdr_nb_dom_name.uni_max_len += 2;
r_l->uni_nb_dom_name.uni_max_len += 1;
}
-
+
if (dns_name && *dns_name) {
init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE);
init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name);
if (dom_guid) {
memcpy(&r_l->dom_guid, dom_guid, sizeof(struct GUID));
}
-
+
if (dom_sid) {
r_l->ptr_dom_sid = 1;
init_dom_sid2(&r_l->dom_sid, dom_sid);
* RID as 8 bytes hex, in others it returns the full
* SID. We (Jerry/VL) could not figure out which the
* hard cases are, so leave it with the SID. */
- name->name = talloc_asprintf(p->mem_ctx, "%s",
+ name->name = talloc_asprintf(p->mem_ctx, "%s",
sid_to_fstring(tmp,
sids[i]));
if (name->name == NULL) {
r_u->status = _lsa_lookup_sids_internal(p,
q_u->level,
- num_sids,
+ num_sids,
q_u->sids.sid,
&ref,
&names,
r_u->status = _lsa_lookup_sids_internal(p,
q_u->level,
- num_sids,
+ num_sids,
q_u->sids.sid,
&ref,
&r_u->names,
r_u->status = _lsa_lookup_sids_internal(p,
q_u->level,
- num_sids,
+ num_sids,
q_u->sids.sid,
&ref,
&r_u->names,
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
}
-
+
flags = lsa_lookup_level_to_flags(q_u->lookup_level);
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_names3: truncating name lookup list to %d\n", num_entries));
}
-
+
/* Probably the lookup_level is some sort of bitmask. */
if (q_u->lookup_level == 1) {
flags = LOOKUP_NAME_ALL;
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_names4: truncating name lookup list to %d\n", num_entries));
}
-
+
/* Probably the lookup_level is some sort of bitmask. */
if (q_u->lookup_level == 1) {
flags = LOOKUP_NAME_ALL;
if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
-
+
if ( is_privileged_sid( r->in.sid ) )
return NT_STATUS_OBJECT_NAME_COLLISION;
/* associate the user/group SID with the (unique) handle. */
-
+
if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
return NT_STATUS_NO_MEMORY;
0x02 -> Access this computer from network
0x04 -> Log on as a batch job
0x10 -> Log on as a service
-
+
they can be ORed together
*/
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is root or a Domain Admin since
+
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
- if ( p->pipe_user.ut.uid != sec_initial_uid()
+
+ if ( p->pipe_user.ut.uid != sec_initial_uid()
&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is root or a Domain Admin since
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
default:
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name,
+ init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name,
forest_name,&guid,sid);
break;
default:
DOM_SID sid;
fstring privname;
UNISTR4_ARRAY *uni_privnames = q_u->rights;
-
+
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is a Domain Admin since
+
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
-
+
sid_copy( &sid, &q_u->sid.sid );
-
+
/* just a little sanity check */
-
+
if ( q_u->count != uni_privnames->count ) {
DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
- return NT_STATUS_INVALID_HANDLE;
+ return NT_STATUS_INVALID_HANDLE;
}
-
+
for ( i=0; i<q_u->count; i++ ) {
UNISTR4 *uni4_str = &uni_privnames->strings[i];
continue;
rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-
+
if ( !grant_privilege_by_name( &sid, privname ) ) {
DEBUG(2,("_lsa_add_acct_rights: Failed to add privilege [%s]\n", privname ));
return NT_STATUS_NO_SUCH_PRIVILEGE;
DOM_SID sid;
fstring privname;
UNISTR4_ARRAY *uni_privnames = q_u->rights;
-
+
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is a Domain Admin since
+
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
sid_copy( &sid, &q_u->sid.sid );
if ( q_u->removeall ) {
- if ( !revoke_all_privileges( &sid ) )
+ if ( !revoke_all_privileges( &sid ) )
return NT_STATUS_ACCESS_DENIED;
-
+
return NT_STATUS_OK;
}
-
+
/* just a little sanity check */
-
+
if ( q_u->count != uni_privnames->count ) {
DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
- return NT_STATUS_INVALID_HANDLE;
+ return NT_STATUS_INVALID_HANDLE;
}
-
+
for ( i=0; i<q_u->count; i++ ) {
UNISTR4 *uni4_str = &uni_privnames->strings[i];
continue;
rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-
+
if ( !revoke_privilege_by_name( &sid, privname ) ) {
DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname ));
return NT_STATUS_NO_SUCH_PRIVILEGE;
DOM_SID sid;
PRIVILEGE_SET privileges;
SE_PRIV mask;
-
+
/* find the connection policy handle. */
-
+
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
+
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
-
+
sid_copy( &sid, &q_u->sid.sid );
-
+
if ( !get_privileges_for_sids( &mask, &sid, 1 ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
r_u->status = init_r_enum_acct_rights( r_u, &privileges );
}
- else
+ else
r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
privilege_set_free( &privileges );
fstring name;
LUID_ATTR priv_luid;
SE_PRIV mask;
-
+
/* find the connection policy handle. */
-
+
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
+
unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name));
-
+
DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name));
if ( !se_priv_from_name( name, &mask ) )
r_u->luid.low = priv_luid.luid.low;
r_u->luid.high = priv_luid.luid.high;
-
+
return NT_STATUS_OK;
}
* From here on the server routines are just dummy ones to make smbd link with
* librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are
* pulling the server stubs across one by one.
- */
+ */
NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r)
{
projects / thirdparty / samba.git / commitdiff
