[size_is(count)] lsa_LUIDAttribute set[*];
} lsa_PrivilegeSet;
- NTSTATUS lsa_EnumPrivsAccount (
+ NTSTATUS lsa_EnumPrivsAccount(
[in] policy_handle *handle,
[out,ref] lsa_PrivilegeSet **privs
);
[size_is(count)] lsa_LUIDAttribute set[*];
} lsa_PrivilegeSet;
- NTSTATUS lsa_EnumPrivsAccount (
+ NTSTATUS lsa_EnumPrivsAccount(
[in] policy_handle *handle,
- [out,unique] lsa_PrivilegeSet *privs
+ [out,ref] lsa_PrivilegeSet **privs
);
const char * const attrs[] = { "privilege", NULL};
struct ldb_message_element *el;
const char *sidstr;
+ struct lsa_PrivilegeSet *privs;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_ACCOUNT);
astate = h->data;
- r->out.privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
- r->out.privs->count = 0;
- r->out.privs->unknown = 0;
- r->out.privs->set = NULL;
+ privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+ if (privs == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ privs->count = 0;
+ privs->unknown = 0;
+ privs->set = NULL;
+
+ *r->out.privs = privs;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, astate->account_sid);
if (sidstr == NULL) {
return NT_STATUS_OK;
}
- r->out.privs->set = talloc_array(r->out.privs,
- struct lsa_LUIDAttribute, el->num_values);
- if (r->out.privs->set == NULL) {
+ privs->set = talloc_array(privs,
+ struct lsa_LUIDAttribute, el->num_values);
+ if (privs->set == NULL) {
return NT_STATUS_NO_MEMORY;
}
if (id == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- r->out.privs->set[i].attribute = 0;
- r->out.privs->set[i].luid.low = id;
- r->out.privs->set[i].luid.high = 0;
+ privs->set[i].attribute = 0;
+ privs->set[i].luid.low = id;
+ privs->set[i].luid.high = 0;
}
- r->out.privs->count = el->num_values;
+ privs->count = el->num_values;
return NT_STATUS_OK;
}
int i;
NTSTATUS status;
struct lsa_EnumPrivsAccount enumPrivs;
+ struct lsa_PrivilegeSet *privs;
+
+ privs = talloc(mem_ctx, struct lsa_PrivilegeSet);
+ if (!privs) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ privs->count = 0;
+ privs->unknown = 0;
+ privs->set = NULL;
enumPrivs.in.handle = r->in.handle;
+ enumPrivs.out.privs = &privs;
status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs);
if (!NT_STATUS_IS_OK(status)) {
*(r->out.access_mask) = 0x00000000;
- for (i = 0; i < enumPrivs.out.privs->count; i++) {
- int priv = enumPrivs.out.privs->set[i].luid.low;
+ for (i = 0; i < privs->count; i++) {
+ int priv = privs->set[i].luid.low;
switch (priv) {
case SEC_PRIV_INTERACTIVE_LOGON:
{
NTSTATUS status;
struct lsa_EnumPrivsAccount r;
+ struct lsa_PrivilegeSet *privs = NULL;
bool ret = true;
printf("\nTesting EnumPrivsAccount\n");
r.in.handle = acct_handle;
+ r.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- if (r.out.privs && r.out.privs->count > 0) {
+ if (privs && privs->count > 0) {
int i;
- for (i=0;i<r.out.privs->count;i++) {
+ for (i=0;i<privs->count;i++) {
test_LookupPrivName(p, mem_ctx, handle,
- &r.out.privs->set[i].luid);
+ &privs->set[i].luid);
}
ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle,
- &r.out.privs->set[0].luid);
+ &privs->set[0].luid);
ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
- &r.out.privs->set[0].luid);
+ &privs->set[0].luid);
}
return ret;
struct lsa_OpenAccount a;
struct policy_handle acct_handle;
struct lsa_EnumPrivsAccount e;
+ struct lsa_PrivilegeSet *privs = NULL;
struct lsa_LookupPrivName r;
int i, j;
found_priv_in_lsa = talloc_zero_array(mem_ctx, bool, account->privilege_entries);
e.in.handle = &acct_handle;
+ e.out.privs = &privs;
status = dcerpc_lsa_EnumPrivsAccount(samsync_state->p_lsa, mem_ctx, &e);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- if ((account->privilege_entries && !e.out.privs)) {
+ if ((account->privilege_entries && !privs)) {
printf("Account %s has privileges in SamSync, but not LSA\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
- if (!account->privilege_entries && e.out.privs && e.out.privs->count) {
+ if (!account->privilege_entries && privs && privs->count) {
printf("Account %s has privileges in LSA, but not SamSync\n",
dom_sid_string(mem_ctx, dom_sid));
return false;
}
- TEST_INT_EQUAL(account->privilege_entries, e.out.privs->count);
+ TEST_INT_EQUAL(account->privilege_entries, privs->count);
- for (i=0;i< e.out.privs->count; i++) {
+ for (i=0;i< privs->count; i++) {
r.in.handle = samsync_state->lsa_handle;
- r.in.luid = &e.out.privs->set[i].luid;
+ r.in.luid = &privs->set[i].luid;
status = dcerpc_lsa_LookupPrivName(samsync_state->p_lsa, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
git.samba.org / kamenim / samba.git / commitdiff