r13864: Some cleanup and the samr set security object function client-side.

Guenther

diff --git a/source/Makefile.in b/source/Makefile.in
index bf565a80af4ea28aa70c77b0a91df1b4022ee0fe..25cecf891b24248b706978cedc457a54b974eec2 100644 (file)
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -573,7 +573,8 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
          $(LIBMSRPC_OBJ) $(IDMAP_OBJ) \
          $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \
          $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \
-         $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ)
+         $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \
+         rpcclient/display_sec.o
 
 CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
          $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ)

diff --git a/source/libmsrpc/cac_samr.c b/source/libmsrpc/cac_samr.c
index 7f39e76813f798bb3bb4b8f9815b4a9d04693330..60c6562988e43ad28d20d2e92d437dc97cf05e42 100644 (file)
--- a/source/libmsrpc/cac_samr.c
+++ b/source/libmsrpc/cac_samr.c
@@ -2343,7 +2343,7 @@ int cac_SamGetSecurityObject(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct S
    struct rpc_pipe_client *pipe_hnd = NULL;
 
    /*this number taken from rpcclient/cmd_samr.c, I think it is the only supported level*/
-   uint16 info_level = 4;
+   uint32 sec_info = DACL_SECURITY_INFORMATION;
 
    SEC_DESC_BUF *sec_out = NULL;
 
@@ -2366,7 +2366,7 @@ int cac_SamGetSecurityObject(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct S
       return CAC_FAILURE;
    }
 
-   hnd->status = rpccli_samr_query_sec_obj(pipe_hnd, mem_ctx, op->in.pol, info_level, mem_ctx, &sec_out);
+   hnd->status = rpccli_samr_query_sec_obj(pipe_hnd, mem_ctx, op->in.pol, sec_info, mem_ctx, &sec_out);
 
    if(!NT_STATUS_IS_OK(hnd->status))
       return CAC_FAILURE;

diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c
index adb61a48bb5cccd835b47aac4091150da12adf4b..07b876cc22c4bc6a50c0b66e2c9adbf755703134 100644 (file)
--- a/source/rpc_client/cli_samr.c
+++ b/source/rpc_client/cli_samr.c
@@ -1808,7 +1808,7 @@ NTSTATUS rpccli_samr_remove_sid_foreign_domain(struct rpc_pipe_client *cli,
 /* Query user security object */
 
 NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 POLICY_HND *user_pol, uint16 switch_value, 
+                                 POLICY_HND *user_pol, uint32 sec_info, 
                                  TALLOC_CTX *ctx, SEC_DESC_BUF **sec_desc_buf)
 {
        prs_struct qbuf, rbuf;
@@ -1823,7 +1823,7 @@ NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_
 
        /* Marshall data and send request */
 
-       init_samr_q_query_sec_obj(&q, user_pol, switch_value);
+       init_samr_q_query_sec_obj(&q, user_pol, sec_info);
 
        CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_SEC_OBJECT,
                q, r,
@@ -1840,6 +1840,41 @@ NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_
        return result;
 }
 
+/* Set user security object */
+
+NTSTATUS rpccli_samr_set_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+                                 POLICY_HND *user_pol, uint32 sec_info, 
+                                 SEC_DESC_BUF *sec_desc_buf)
+{
+       prs_struct qbuf, rbuf;
+       SAMR_Q_SET_SEC_OBJ q;
+       SAMR_R_SET_SEC_OBJ r;
+       NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+       DEBUG(10,("cli_samr_set_sec_obj\n"));
+
+       ZERO_STRUCT(q);
+       ZERO_STRUCT(r);
+
+       /* Marshall data and send request */
+
+       init_samr_q_set_sec_obj(&q, user_pol, sec_info, sec_desc_buf);
+
+       CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_SEC_OBJECT,
+               q, r,
+               qbuf, rbuf,
+               samr_io_q_set_sec_obj,
+               samr_io_r_set_sec_obj,
+               NT_STATUS_UNSUCCESSFUL); 
+
+       /* Return output parameters */
+
+       result = r.status;
+
+       return result;
+}
+
+
 /* Get domain password info */
 
 NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,

diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index 49d0fb7d720e2d042f995568e7b085bf1dee089d..3147ae002841250c0a830e9d4173662943e1b6e8 100644 (file)
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -918,6 +918,21 @@ BOOL samr_io_r_query_dom_info(const char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u,
        return True;
 }
 
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_set_sec_obj(SAMR_Q_SET_SEC_OBJ * q_u,
+                            POLICY_HND *pol, uint32 sec_info, SEC_DESC_BUF *buf)
+{
+       DEBUG(5, ("samr_init_samr_q_set_sec_obj\n"));
+
+       q_u->pol = *pol;
+       q_u->sec_info = sec_info;
+       q_u->buf = buf;
+}
+
+
 /*******************************************************************
 reads or writes a SAMR_R_SET_SEC_OBJ structure.
 ********************************************************************/

diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index 82194c84c7378e0ba7b81300cae5a4a75da30f73..5e1f0c37ddbc59e9bae70cde87e56d3990a7407e 100644 (file)
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -1757,7 +1757,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 {
        POLICY_HND connect_pol, domain_pol, user_pol, *pol;
        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-       uint32 info_level = 4;
+       uint32 sec_info = DACL_SECURITY_INFORMATION;
        fstring server;
        uint32 user_rid = 0;
        TALLOC_CTX *ctx = NULL;
@@ -1766,8 +1766,8 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 
        ctx=talloc_init("cmd_samr_query_sec_obj");
        
-       if ((argc < 1) || (argc > 2)) {
-               printf("Usage: %s [rid|-d]\n", argv[0]);
+       if ((argc < 1) || (argc > 3)) {
+               printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
                printf("\tSpecify rid for security on user, -d for security on domain\n");
                return NT_STATUS_OK;
        }
@@ -1778,6 +1778,10 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
                else
                        sscanf(argv[1], "%i", &user_rid);
        }
+
+       if (argc == 3) {
+               sec_info = atoi(argv[2]);
+       }
        
        slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
        strupper_m(server);
@@ -1815,14 +1819,14 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 
        /* Query SAM security object */
 
-       result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx, 
+       result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, sec_info, ctx, 
                                        &sec_desc_buf);
 
        if (!NT_STATUS_IS_OK(result))
                goto done;
 
        display_sec_desc(sec_desc_buf->sec);
-       
+
        rpccli_samr_close(cli, mem_ctx, &user_pol);
        rpccli_samr_close(cli, mem_ctx, &domain_pol);
        rpccli_samr_close(cli, mem_ctx, &connect_pol);

diff --git a/source/rpcclient/display_sec.c b/source/rpcclient/display_sec.c
index 2a93c915f1ae15a7f72e8b86133f88857f8c9d1e..bc735fa00c24a0cef08b349c10c6393d6bda529d 100644 (file)
--- a/source/rpcclient/display_sec.c
+++ b/source/rpcclient/display_sec.c
@@ -115,6 +115,41 @@ void display_sec_acl(SEC_ACL *sec_acl)
                                
 }
 
+void display_acl_type(uint16 type)
+{
+       static fstring typestr="";
+
+       typestr[0] = 0;
+
+       if (type & SEC_DESC_OWNER_DEFAULTED)    /* 0x0001 */
+               fstrcat(typestr, "SEC_DESC_OWNER_DEFAULTED ");
+       if (type & SEC_DESC_GROUP_DEFAULTED)    /* 0x0002 */
+               fstrcat(typestr, "SEC_DESC_GROUP_DEFAULTED ");
+       if (type & SEC_DESC_DACL_PRESENT)       /* 0x0004 */
+               fstrcat(typestr, "SEC_DESC_DACL_PRESENT ");
+       if (type & SEC_DESC_DACL_DEFAULTED)     /* 0x0008 */
+               fstrcat(typestr, "SEC_DESC_DACL_DEFAULTED ");
+       if (type & SEC_DESC_SACL_PRESENT)       /* 0x0010 */
+               fstrcat(typestr, "SEC_DESC_SACL_PRESENT ");
+       if (type & SEC_DESC_SACL_DEFAULTED)     /* 0x0020 */
+               fstrcat(typestr, "SEC_DESC_SACL_DEFAULTED ");
+       if (type & SEC_DESC_DACL_TRUSTED)       /* 0x0040 */
+               fstrcat(typestr, "SEC_DESC_DACL_TRUSTED ");
+       if (type & SEC_DESC_SERVER_SECURITY)    /* 0x0080 */
+               fstrcat(typestr, "SEC_DESC_SERVER_SECURITY ");
+       if (type & 0x0100) fstrcat(typestr, "0x0100 ");
+       if (type & 0x0200) fstrcat(typestr, "0x0200 ");
+       if (type & 0x0400) fstrcat(typestr, "0x0400 ");
+       if (type & 0x0800) fstrcat(typestr, "0x0800 ");
+       if (type & 0x1000) fstrcat(typestr, "0x1000 ");
+       if (type & 0x2000) fstrcat(typestr, "0x2000 ");
+       if (type & 0x4000) fstrcat(typestr, "0x4000 ");
+       if (type & SEC_DESC_SELF_RELATIVE)      /* 0x8000 */
+               fstrcat(typestr, "SEC_DESC_SELF_RELATIVE ");
+       
+       printf("type: 0x%04x: %s\n", type, typestr);
+}
+
 /****************************************************************************
  display sec_desc structure
  ****************************************************************************/
@@ -122,6 +157,14 @@ void display_sec_desc(SEC_DESC *sec)
 {
        fstring sid_str;
 
+       if (!sec) {
+               printf("NULL\n");
+               return;
+       }
+
+       printf("revision: %d\n", sec->revision);
+       display_acl_type(sec->type);
+
        if (sec->sacl) {
                printf("SACL\n");
                display_sec_acl(sec->sacl);

diff --git a/source/utils/net_rpc_printer.c b/source/utils/net_rpc_printer.c
index 5e282403a2436677ab6995f711463c90bb0d5cef..9bae6a9b4e35093fe143b9bd2982ebeef604316c 100644 (file)
--- a/source/utils/net_rpc_printer.c
+++ b/source/utils/net_rpc_printer.c
@@ -42,136 +42,6 @@ static const struct table_node archi_table[]= {
 };
 
 
-/**
- * The display-functions for Security-Descriptors were taken from rpcclient
- * 
- * They reside here for debugging purpose and should 
- * possibly be removed later on
- *
- **/
-
-/****************************************************************************
- Convert a security permissions into a string.
-****************************************************************************/
-
-char *get_sec_mask_str(uint32 type)
-{
-       static fstring typestr="";
-
-       typestr[0] = 0;
-
-       if (type & GENERIC_ALL_ACCESS)
-               fstrcat(typestr, "Generic all access ");
-       if (type & GENERIC_EXECUTE_ACCESS)
-               fstrcat(typestr, "Generic execute access ");
-       if (type & GENERIC_WRITE_ACCESS)
-               fstrcat(typestr, "Generic write access ");
-       if (type & GENERIC_READ_ACCESS)
-               fstrcat(typestr, "Generic read access ");
-       if (type & MAXIMUM_ALLOWED_ACCESS)
-               fstrcat(typestr, "MAXIMUM_ALLOWED_ACCESS ");
-       if (type & SYSTEM_SECURITY_ACCESS)
-               fstrcat(typestr, "SYSTEM_SECURITY_ACCESS ");
-       if (type & SYNCHRONIZE_ACCESS)
-               fstrcat(typestr, "SYNCHRONIZE_ACCESS ");
-       if (type & WRITE_OWNER_ACCESS)
-               fstrcat(typestr, "WRITE_OWNER_ACCESS ");
-       if (type & WRITE_DAC_ACCESS)
-               fstrcat(typestr, "WRITE_DAC_ACCESS ");
-       if (type & READ_CONTROL_ACCESS)
-               fstrcat(typestr, "READ_CONTROL_ACCESS ");
-       if (type & DELETE_ACCESS)
-               fstrcat(typestr, "DELETE_ACCESS ");
-
-       printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SPECIFIC_RIGHTS_MASK);
-
-       return typestr;
-}
-
-/****************************************************************************
- Display sec_ace structure.
- ****************************************************************************/
-
-void display_sec_ace(SEC_ACE *ace)
-{
-       fstring sid_str;
-
-       printf("\tACE\n\t\ttype: ");
-       switch (ace->type) {
-               case SEC_ACE_TYPE_ACCESS_ALLOWED:
-                       printf("ACCESS ALLOWED");
-                       break;
-               case SEC_ACE_TYPE_ACCESS_DENIED:
-                       printf("ACCESS DENIED");
-                       break;
-               case SEC_ACE_TYPE_SYSTEM_AUDIT:
-                       printf("SYSTEM AUDIT");
-                       break;
-               case SEC_ACE_TYPE_SYSTEM_ALARM:
-                       printf("SYSTEM ALARM");
-                       break;
-               default:
-                       printf("????");
-                       break;
-       }
-       printf(" (%d) flags: %d\n", ace->type, ace->flags);
-       printf("\t\tPermissions: 0x%x: %s\n", ace->info.mask, get_sec_mask_str(ace->info.mask));
-
-       sid_to_string(sid_str, &ace->trustee);
-       printf("\t\tSID: %s\n\n", sid_str);
-}
-
-/****************************************************************************
- Display sec_acl structure.
- ****************************************************************************/
-
-void display_sec_acl(SEC_ACL *sec_acl)
-{
-       int i;
-
-       printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
-                        sec_acl->num_aces, sec_acl->revision); 
-       printf("\t---\n");
-
-       if (sec_acl->size != 0 && sec_acl->num_aces != 0)
-               for (i = 0; i < sec_acl->num_aces; i++)
-                       display_sec_ace(&sec_acl->ace[i]);
-                               
-}
-
-/****************************************************************************
- Display sec_desc structure.
- ****************************************************************************/
-
-void display_sec_desc(SEC_DESC *sec)
-{
-       fstring sid_str;
-
-       if (sec == NULL)
-               return;
-
-       if (sec->sacl) {
-               printf("SACL\n");
-               display_sec_acl(sec->sacl);
-       }
-
-       if (sec->dacl) {
-               printf("DACL\n");
-               display_sec_acl(sec->dacl);
-       }
-
-       if (sec->owner_sid) {
-               sid_to_string(sid_str, sec->owner_sid);
-               printf("\tOwner SID:\t%s\n", sid_str);
-       }
-
-       if (sec->grp_sid) {
-               sid_to_string(sid_str, sec->grp_sid);
-               printf("\tParent SID:\t%s\n", sid_str);
-       }
-}
-
-
 /**
  * This display-printdriver-functions was borrowed from rpcclient/cmd_spoolss.c.
  * It is here for debugging purpose and should be removed later on.