NTSTATUS status;
} LSA_R_ENUM_PRIVS;
-/* LSA_Q_ENUM_ACCOUNTS - LSA enum account rights */
+/* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
typedef struct lsa_q_enum_acct_rights
{
POLICY_HND pol; /* policy handle */
- uint32 count; /* what is this for in the query? */
- DOM_SID sid;
+ DOM_SID2 sid;
} LSA_Q_ENUM_ACCT_RIGHTS;
-/* LSA_R_ENUM_ACCOUNTS - LSA enum account rights */
+/* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
typedef struct lsa_r_enum_acct_rights
{
uint32 count;
- UNISTR_ARRAY rights;
+ UNISTR2_ARRAY rights;
NTSTATUS status;
} LSA_R_ENUM_ACCT_RIGHTS;
+/* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
+typedef struct
+{
+ POLICY_HND pol; /* policy handle */
+ DOM_SID2 sid;
+ UNISTR2_ARRAY rights;
+ uint32 count;
+} LSA_Q_ADD_ACCT_RIGHTS;
+
+/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
+typedef struct lsa_r_add_acct_rights
+{
+ NTSTATUS status;
+} LSA_R_ADD_ACCT_RIGHTS;
+
+
/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
typedef struct lsa_q_priv_get_dispname
{
uint16 size;
uint32 ref_id;
UNISTR2 string;
-} UNISTR_ARRAY_EL;
+} UNISTR2_ARRAY_EL;
/* an array of unicode strings */
typedef struct
{
uint32 ref_id;
uint32 count;
- UNISTR_ARRAY_EL *strings;
-} UNISTR_ARRAY;
+ UNISTR2_ARRAY_EL *strings;
+} UNISTR2_ARRAY;
/* DOM_RID2 - domain RID structure for ntlsa pipe */
typedef struct domrid2_info
}
+
+/* add account rights to an account. */
+
+NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID sid,
+ uint32 count, const char **privs_name)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_ADD_ACCT_RIGHTS q;
+ LSA_R_ADD_ACCT_RIGHTS r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+
+ /* Initialise parse structures */
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+ init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
+
+ if (!lsa_io_q_add_acct_rights("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!lsa_io_r_add_acct_rights("", &r, &rbuf, 0)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+done:
+
+ return result;
+}
+
+
#if 0
/** An example of how to use the routines in this file. Fetch a DOMAIN
return True;
}
+/*
+ initialise a LSA_Q_ENUM_ACCOUNTS structure
+*/
void init_lsa_q_enum_accounts(LSA_Q_ENUM_ACCOUNTS *trn, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
{
memcpy(&trn->pol, hnd, sizeof(trn->pol));
return True;
}
+
/*******************************************************************
Inits an LSA_R_ENUM_PRIVS structure.
********************************************************************/
DEBUG(5, ("init_q_enum_acct_rights\n"));
q_q->pol = *hnd;
- q_q->count = count;
- q_q->sid = *sid;
+ init_dom_sid2(&q_q->sid, sid);
}
/*******************************************************************
********************************************************************/
BOOL lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *q_q, prs_struct *ps, int depth)
{
+
if (q_q == NULL)
return False;
if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
return False;
- if(!prs_uint32("count ", ps, depth, &q_q->count))
- return False;
-
- if(!smb_io_dom_sid("sid", &q_q->sid, ps, depth))
+ if(!smb_io_dom_sid2("sid", &q_q->sid, ps, depth))
return False;
return True;
if(!prs_uint32("count ", ps, depth, &r_c->count))
return False;
- if(!smb_io_unistr_array("rights", &r_c->rights, ps, depth))
+ if(!smb_io_unistr2_array("rights", &r_c->rights, ps, depth))
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_ntstatus("status", ps, depth, &r_c->status))
return False;
+ return True;
+}
+
+
+/*******************************************************************
+ Inits an LSA_Q_ADD_ACCT_RIGHTS structure.
+********************************************************************/
+void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q,
+ POLICY_HND *hnd,
+ DOM_SID *sid,
+ uint32 count,
+ const char **rights)
+{
+ DEBUG(5, ("init_q_add_acct_rights\n"));
+
+ q_q->pol = *hnd;
+ init_dom_sid2(&q_q->sid, sid);
+ init_unistr2_array(&q_q->rights, count, rights);
+ q_q->count = 5;
+}
+
+
+/*******************************************************************
+reads or writes a LSA_Q_ADD_ACCT_RIGHTS structure.
+********************************************************************/
+BOOL lsa_io_q_add_acct_rights(const char *desc, LSA_Q_ADD_ACCT_RIGHTS *q_q, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_q_add_acct_rights");
+ depth++;
+
+ if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+ return False;
+
+ if(!smb_io_dom_sid2("sid", &q_q->sid, ps, depth))
+ return False;
+
+ if(!prs_uint32("count", ps, depth, &q_q->rights.count))
+ return False;
+
+ if(!smb_io_unistr2_array("rights", &q_q->rights, ps, depth))
+ return False;
+
+ return True;
+}
+
+/*******************************************************************
+reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
+********************************************************************/
+BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_r_add_acct_rights");
+ depth++;
+
if(!prs_ntstatus("status", ps, depth, &r_c->status))
return False;
if(!prs_uint8 ("sid_rev_num", ps, depth, &sid->sid_rev_num))
return False;
+
if(!prs_uint8 ("num_auths ", ps, depth, &sid->num_auths))
return False;
}
+/*
+ initialise a UNISTR_ARRAY from a char**
+*/
+BOOL init_unistr2_array(UNISTR2_ARRAY *array,
+ uint32 count, const char **strings)
+{
+ int i;
+
+ array->count = count;
+ array->ref_id = count?1:0;
+ if (array->count == 0) {
+ return True;
+ }
+
+ array->strings = (UNISTR2_ARRAY_EL *)talloc_zero(get_talloc_ctx(), count * sizeof(UNISTR2_ARRAY_EL));
+ if (!array->strings) {
+ return False;
+ }
+
+ for (i=0;i<count;i++) {
+ init_unistr2(&array->strings[i].string, strings[i], strlen(strings[i]));
+ array->strings[i].size = array->strings[i].string.uni_max_len*2;
+ array->strings[i].length = array->strings[i].size;
+ array->strings[i].ref_id = 1;
+ }
+
+ return True;
+}
+
/*******************************************************************
- Reads or writes a UNISTR_ARRAY structure.
+ Reads or writes a UNISTR2_ARRAY structure.
********************************************************************/
-BOOL smb_io_unistr_array(const char *desc, UNISTR_ARRAY *array, prs_struct *ps, int depth)
+BOOL smb_io_unistr2_array(const char *desc, UNISTR2_ARRAY *array, prs_struct *ps, int depth)
{
int i;
+ prs_debug(ps, depth, desc, "smb_io_unistr2_array");
depth++;
- array->count = 0;
-
if(!prs_uint32("ref_id", ps, depth, &array->ref_id))
return False;
return True;
}
- array->strings = talloc_zero(get_talloc_ctx(), array->count * sizeof(array->strings[0]));
+ if (UNMARSHALLING(ps)) {
+ array->strings = talloc_zero(get_talloc_ctx(), array->count * sizeof(array->strings[0]));
+ }
if (! array->strings) {
return False;
}
}
+/* add some privileges to a SID via LsaAddAccountRights */
+
+static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ POLICY_HND dom_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ DOM_SID sid;
+
+ if (argc < 3 ) {
+ printf("Usage: %s SID [rights...]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_lsa_open_policy2(cli, mem_ctx, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &dom_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
+ argc-2, argv+2);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ done:
+ return result;
+}
+
+
/* Get a privilege value given its name */
static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
{ "lsaenumsid", cmd_lsa_enum_sids, PI_LSARPC, "Enumerate the LSA SIDS", "" },
{ "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the privileges of an SID", "" },
{ "lsaenumacctrights", cmd_lsa_enum_acct_rights, PI_LSARPC, "Enumerate the rights of an SID", "" },
+ { "lsaaddacctrights", cmd_lsa_add_acct_rights, PI_LSARPC, "Add rights to an account", "" },
{ "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PI_LSARPC, "Get a privilege value given its name", "" },
{ "lsaquerysecobj", cmd_lsa_query_secobj, PI_LSARPC, "Query LSA security object", "" },
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff