This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
#include "includes.h"
#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli.h"
+#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
struct smblsa_state {
struct dcerpc_pipe *pipe;
return NT_STATUS_OK;
}
- lsa = talloc_p(cli, struct smblsa_state);
+ lsa = talloc(cli, struct smblsa_state);
if (lsa == NULL) {
return NT_STATUS_NO_MEMORY;
}
- lsa->ipc_tree = smbcli_tree_init(cli->session);
+ lsa->ipc_tree = smbcli_tree_init(cli->session, lsa, False);
if (lsa->ipc_tree == NULL) {
return NT_STATUS_NO_MEMORY;
}
tcon.tconx.in.password = data_blob(NULL, 0);
tcon.tconx.in.path = "ipc$";
tcon.tconx.in.device = "IPC";
- status = smb_tree_connect(lsa->ipc_tree, lsa, &tcon);
+ status = smb_raw_tcon(lsa->ipc_tree, lsa, &tcon);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(lsa);
return status;
}
- lsa->ipc_tree->tid = tcon.tconx.out.cnum;
+ lsa->ipc_tree->tid = tcon.tconx.out.tid;
+
+ lsa->pipe = dcerpc_pipe_init(lsa, cli->transport->socket->event.ctx);
+ if (lsa->pipe == NULL) {
+ talloc_free(lsa);
+ return NT_STATUS_NO_MEMORY;
+ }
/* open the LSA pipe */
- status = dcerpc_pipe_open_smb(&lsa->pipe, lsa->ipc_tree, DCERPC_LSARPC_NAME);
+ status = dcerpc_pipe_open_smb(lsa->pipe, lsa->ipc_tree, NDR_LSARPC_NAME);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(lsa);
return status;
}
/* bind to the LSA pipe */
- status = dcerpc_bind_auth_none(lsa->pipe, DCERPC_LSARPC_UUID, DCERPC_LSARPC_VERSION);
+ status = dcerpc_bind_auth_none(lsa->pipe, &ndr_table_lsarpc);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(lsa);
return status;
{
struct lsa_RightSet rights;
NTSTATUS status;
- TALLOC_CTX *mem_ctx = talloc(cli, 0);
+ TALLOC_CTX *mem_ctx = talloc_new(cli);
struct dom_sid *sid;
unsigned i;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
- TALLOC_CTX *mem_ctx2 = talloc(mem_ctx, 0);
+ TALLOC_CTX *mem_ctx2 = talloc_new(mem_ctx);
status = smblsa_connect(cli);
if (!NT_STATUS_IS_OK(status)) {
names.names = NULL;
sids.num_sids = 1;
- sids.sids = talloc_p(mem_ctx2, struct lsa_SidPtr);
+ sids.sids = talloc(mem_ctx2, struct lsa_SidPtr);
sids.sids[0].sid = sid;
r.in.handle = &cli->lsa->handle;
uint32_t count = 1;
NTSTATUS status;
struct dom_sid *sid;
- TALLOC_CTX *mem_ctx2 = talloc(mem_ctx, 0);
+ TALLOC_CTX *mem_ctx2 = talloc_new(mem_ctx);
uint32_t rid;
status = smblsa_connect(cli);
return NT_STATUS_OK;
}
+
+
+/*
+ add a set of privileges to the given sid
+*/
+NTSTATUS smblsa_sid_add_privileges(struct smbcli_state *cli, struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *rights)
+{
+ NTSTATUS status;
+ struct lsa_AddAccountRights r;
+
+ status = smblsa_connect(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ r.in.handle = &cli->lsa->handle;
+ r.in.sid = sid;
+ r.in.rights = rights;
+
+ return dcerpc_lsa_AddAccountRights(cli->lsa->pipe, mem_ctx, &r);
+}
+
+/*
+ remove a set of privileges from the given sid
+*/
+NTSTATUS smblsa_sid_del_privileges(struct smbcli_state *cli, struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *rights)
+{
+ NTSTATUS status;
+ struct lsa_RemoveAccountRights r;
+
+ status = smblsa_connect(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ r.in.handle = &cli->lsa->handle;
+ r.in.sid = sid;
+ r.in.unknown = 0;
+ r.in.rights = rights;
+
+ return dcerpc_lsa_RemoveAccountRights(cli->lsa->pipe, mem_ctx, &r);
+}