return NT_STATUS_OK;
}
+static void *samr_policy_handle_find(struct pipes_struct *p,
+ const struct policy_handle *handle,
+ uint8_t handle_type,
+ uint32_t access_required,
+ uint32_t *access_granted,
+ NTSTATUS *pstatus)
+{
+ struct samr_info *info = NULL;
+ NTSTATUS status;
+
+ info = policy_handle_find(p,
+ handle,
+ handle_type,
+ struct samr_info,
+ &status);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = samr_handle_access_check(info->access_granted,
+ access_required,
+ access_granted);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ *pstatus = NT_STATUS_OK;
+ return info;
+
+fail:
+ *pstatus = status;
+ return NULL;
+}
+
static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor **psd, size_t *sd_size,
const struct generic_mapping *map,
struct dom_sid *sid, uint32_t sid_access )
NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
struct samr_OpenDomain *r)
{
- struct samr_info *cinfo = NULL;
struct security_descriptor *psd = NULL;
uint32_t acc_granted;
uint32_t des_access = r->in.access_mask;
struct disp_info *disp_info = NULL;
/* find the connection policy handle. */
-
- cinfo = policy_handle_find(p, r->in.connect_handle,
- SAMR_HANDLE_CONNECT,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(cinfo->access_granted, 0, NULL);
+ (void)samr_policy_handle_find(p,
+ r->in.connect_handle,
+ SAMR_HANDLE_CONNECT,
+ 0,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(uinfo->access_granted,
- SAMR_USER_ACCESS_GET_ATTRIBUTES,
- NULL);
+ uinfo = samr_policy_handle_find(p, r->in.user_handle,
+ SAMR_HANDLE_USER,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samu *sampass=NULL;
NTSTATUS status;
- uinfo = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(uinfo->access_granted,
- SAMR_USER_ACCESS_SET_ATTRIBUTES,
- NULL);
+ uinfo = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_USER,
+ SAMR_USER_ACCESS_SET_ATTRIBUTES,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct security_descriptor * psd = NULL;
size_t sd_size = 0;
struct dom_sid_buf buf;
- NTSTATUS acc_status;
-
- info = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_CONNECT,
- struct samr_info, &status);
- if (info != NULL) {
- acc_status = samr_handle_access_check(info->access_granted,
- SEC_STD_READ_CONTROL,
- NULL);
- } else {
- acc_status = NT_STATUS_INVALID_HANDLE;
- }
- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) {
+
+ info = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_CONNECT,
+ SEC_STD_READ_CONTROL,
+ NULL,
+ &status);
+ if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size,
&sam_generic_mapping, NULL, 0);
goto done;
}
- info = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (info != NULL) {
- acc_status = samr_handle_access_check(info->access_granted,
- SEC_STD_READ_CONTROL,
- NULL);
- } else {
- acc_status = NT_STATUS_INVALID_HANDLE;
- }
- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) {
+ info = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_DOMAIN,
+ SEC_STD_READ_CONTROL,
+ NULL,
+ &status);
+ if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
"with SID: %s\n",
dom_sid_str_buf(&info->sid, &buf)));
goto done;
}
- info = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (info != NULL) {
- acc_status = samr_handle_access_check(info->access_granted,
- SEC_STD_READ_CONTROL,
- NULL);
- } else {
- acc_status = NT_STATUS_INVALID_HANDLE;
- }
- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) {
+ info = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_USER,
+ SEC_STD_READ_CONTROL,
+ NULL,
+ &status);
+ if (NT_STATUS_IS_OK(status)) {
DEBUG(10,("_samr_QuerySecurity: querying security on user "
"Object with SID: %s\n",
dom_sid_str_buf(&info->sid, &buf)));
goto done;
}
- info = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (info != NULL) {
- acc_status = samr_handle_access_check(info->access_granted,
- SEC_STD_READ_CONTROL,
- NULL);
- } else {
- acc_status = NT_STATUS_INVALID_HANDLE;
- }
- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) {
+ info = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_GROUP,
+ SEC_STD_READ_CONTROL,
+ NULL,
+ &status);
+ if (NT_STATUS_IS_OK(status)) {
/*
* TODO: different SDs have to be generated for aliases groups
* and users. Currently all three get a default user SD
goto done;
}
- info = policy_handle_find(p, r->in.handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (info != NULL) {
- acc_status = samr_handle_access_check(info->access_granted,
- SEC_STD_READ_CONTROL,
- NULL);
- } else {
- acc_status = NT_STATUS_INVALID_HANDLE;
- }
-
- if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) {
+ info = samr_policy_handle_find(p,
+ r->in.handle,
+ SAMR_HANDLE_ALIAS,
+ SEC_STD_READ_CONTROL,
+ NULL,
+ &status);
+ if (NT_STATUS_IS_OK(status)) {
/*
* TODO: different SDs have to be generated for aliases groups
* and users. Currently all three get a default user SD
DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samr_SamArray *samr_array = NULL;
struct samr_SamEntry *samr_entries = NULL;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samr_SamEntry *samr_entries = NULL;
struct dom_sid_buf buf;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_QueryDisplayInfo: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SAMR_ALIAS_ACCESS_LOOKUP_INFO,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- 0 /* Don't know the acc_bits yet */,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ 0 /* Don't know the acc_bits yet */,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- 0 /* Don't know the acc_bits yet */,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ 0 /* Don't know the acc_bits yet */,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
enum sec_privilege needed_priv_1, needed_priv_2;
NTSTATUS status;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
break;
}
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(uinfo->access_granted,
- acc_required,
- &acc_granted);
+ uinfo = samr_policy_handle_find(p,
+ r->in.user_handle,
+ SAMR_HANDLE_USER,
+ acc_required,
+ &acc_granted,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_HANDLE_USER,
- struct samr_info, &result);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- result = samr_handle_access_check(uinfo->access_granted,
- SAMR_USER_ACCESS_GET_GROUPS,
- NULL);
+ uinfo = samr_policy_handle_find(p,
+ r->in.user_handle,
+ SAMR_HANDLE_USER,
+ SAMR_USER_ACCESS_GET_GROUPS,
+ NULL,
+ &result);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
return NT_STATUS_INVALID_INFO_CLASS;
}
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- acc_required,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ acc_required,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Which privilege is needed to override the ACL? */
enum sec_privilege needed_priv = SEC_PRIV_INVALID;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &nt_status);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- nt_status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_CREATE_USER,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_USER,
+ NULL,
+ &nt_status);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
const char *domain_name;
struct dom_sid *sid = NULL;
struct dom_sid_buf buf;
- struct samr_info *cinfo = NULL;
/* win9x user manager likes to use SAMR_ACCESS_ENUM_DOMAINS here.
Reverted that change so we will work with RAS servers again */
- cinfo = policy_handle_find(p, r->in.connect_handle,
- SAMR_HANDLE_CONNECT,
- struct samr_info,
- &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(cinfo->access_granted,
- SAMR_ACCESS_LOOKUP_DOMAIN,
- NULL);
+ (void)samr_policy_handle_find(p,
+ r->in.connect_handle,
+ SAMR_HANDLE_CONNECT,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
uint32_t num_entries = 2;
struct samr_SamEntry *entry_array = NULL;
struct samr_SamArray *sam;
- struct samr_info *cinfo = NULL;
-
- cinfo = policy_handle_find(p, r->in.connect_handle,
- SAMR_HANDLE_CONNECT,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- status = samr_handle_access_check(cinfo->access_granted,
- SAMR_ACCESS_ENUM_DOMAINS,
- NULL);
+ (void)samr_policy_handle_find(p,
+ r->in.connect_handle,
+ SAMR_HANDLE_CONNECT,
+ SAMR_ACCESS_ENUM_DOMAINS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
size_t sd_size;
NTSTATUS status;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_INVALID_INFO_CLASS;
}
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(uinfo->access_granted,
- acc_required,
- NULL);
+ uinfo = samr_policy_handle_find(p,
+ r->in.user_handle,
+ SAMR_HANDLE_USER,
+ acc_required,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_GetAliasMembership: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
- | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
+ | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct dom_sid *pdb_sids = NULL;
struct dom_sid_buf buf;
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SAMR_ALIAS_ACCESS_GET_MEMBERS,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SAMR_ALIAS_ACCESS_GET_MEMBERS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samr_RidAttrArray *rids = NULL;
struct dom_sid_buf buf;
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SAMR_GROUP_ACCESS_GET_MEMBERS,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SAMR_GROUP_ACCESS_GET_MEMBERS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct dom_sid_buf buf;
NTSTATUS status;
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SAMR_ALIAS_ACCESS_ADD_MEMBER,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SAMR_ALIAS_ACCESS_ADD_MEMBER,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct dom_sid_buf buf;
NTSTATUS status;
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SAMR_ALIAS_ACCESS_REMOVE_MEMBER,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
uint32_t group_rid;
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SAMR_GROUP_ACCESS_ADD_MEMBER,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SAMR_GROUP_ACCESS_ADD_MEMBER,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
* the rid is a user's rid as the group is a domain group.
*/
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SAMR_GROUP_ACCESS_REMOVE_MEMBER,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_HANDLE_USER,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(uinfo->access_granted,
- SEC_STD_DELETE,
- NULL);
+ uinfo = samr_policy_handle_find(p,
+ r->in.user_handle,
+ SAMR_HANDLE_USER,
+ SEC_STD_DELETE,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__));
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SEC_STD_DELETE,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SEC_STD_DELETE,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SEC_STD_DELETE,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SEC_STD_DELETE,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samr_info *dinfo;
struct dom_sid sid;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_CREATE_GROUP,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
gid_t gid;
NTSTATUS result;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &result);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- result = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_CREATE_ALIAS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS,
+ NULL,
+ &result);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
const char *group_name = NULL;
const char *group_description = NULL;
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SAMR_GROUP_ACCESS_LOOKUP_INFO,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SAMR_GROUP_ACCESS_LOOKUP_INFO,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
bool ret;
- ginfo = policy_handle_find(p, r->in.group_handle,
- SAMR_HANDLE_GROUP,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ginfo->access_granted,
- SAMR_GROUP_ACCESS_SET_INFO,
- NULL);
+ ginfo = samr_policy_handle_find(p,
+ r->in.group_handle,
+ SAMR_HANDLE_GROUP,
+ SAMR_GROUP_ACCESS_SET_INFO,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct acct_info *info;
NTSTATUS status;
- ainfo = policy_handle_find(p, r->in.alias_handle,
- SAMR_HANDLE_ALIAS,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(ainfo->access_granted,
- SAMR_ALIAS_ACCESS_SET_INFO,
- NULL);
+ ainfo = samr_policy_handle_find(p,
+ r->in.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ SAMR_ALIAS_ACCESS_SET_INFO,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
bool ret;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Find the policy handle. Open a policy on it. */
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &result);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- result = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ NULL,
+ &result);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
{
NTSTATUS status;
uint32_t acc_required = 0;
- struct samr_info *dinfo = NULL;
DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
return NT_STATUS_INVALID_INFO_CLASS;
}
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- acc_required,
- NULL);
+ (void)samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ acc_required,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__));
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
struct dom_sid sid;
- dinfo = policy_handle_find(p, r->in.domain_handle,
- SAMR_HANDLE_DOMAIN,
- struct samr_info, &status);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = samr_handle_access_check(dinfo->access_granted,
- 0,
- NULL);
+ dinfo = samr_policy_handle_find(p,
+ r->in.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ 0,
+ NULL,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}