return found;
}
+NTSTATUS get_privileges_for_sid_as_set(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **privileges, struct dom_sid *sid)
+{
+ uint64_t mask;
+ if (!get_privileges(sid, &mask)) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ *privileges = talloc_zero(mem_ctx, PRIVILEGE_SET);
+ if (!*privileges) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!se_priv_to_privilege_set(*privileges, mask)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
/*********************************************************************
traversal functions for privilege_enumerate_accounts
return dbwrap_delete_bystring(db, keystr);
}
-/****************************************************************************
- initialise a privilege list and set the talloc context
- ****************************************************************************/
-
-NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set)
-{
- TALLOC_CTX *mem_ctx;
-
- ZERO_STRUCTP( priv_set );
-
- mem_ctx = talloc_init("privilege set");
- if ( !mem_ctx ) {
- DEBUG(0,("privilege_set_init: failed to initialize talloc ctx!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- priv_set->mem_ctx = mem_ctx;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list and with someone else's talloc context
-****************************************************************************/
-
-NTSTATUS privilege_set_init_by_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- ZERO_STRUCTP( priv_set );
-
- priv_set->mem_ctx = mem_ctx;
- priv_set->ext_ctx = True;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- Free all memory used by a PRIVILEGE_SET
-****************************************************************************/
-
-void privilege_set_free(PRIVILEGE_SET *priv_set)
-{
- if ( !priv_set )
- return;
-
- if ( !( priv_set->ext_ctx ) )
- talloc_destroy( priv_set->mem_ctx );
-
- ZERO_STRUCTP( priv_set );
-}
-
/****************************************************************************
duplicate alloc luid_attr
****************************************************************************/
* Copyright (C) Gerald (Jerry) Carter 2005.
* Copyright (C) Volker Lendecke 2005.
* Copyright (C) Guenther Deschner 2008.
+ * Copyright (C) Andrew Bartlett 2010.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
{
NTSTATUS status = NT_STATUS_OK;
struct lsa_info *info=NULL;
- uint64_t mask;
- PRIVILEGE_SET privileges;
+ PRIVILEGE_SET *privileges;
struct lsa_PrivilegeSet *priv_set = NULL;
- struct lsa_LUIDAttribute *luid_attrs = NULL;
- int i;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
if (!(info->access & LSA_ACCOUNT_VIEW))
return NT_STATUS_ACCESS_DENIED;
- get_privileges_for_sids(&mask, &info->sid, 1);
-
- privilege_set_init( &privileges );
-
- priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
- if (!priv_set) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
+ status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if ( se_priv_to_privilege_set( &privileges, mask ) ) {
-
- DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
- sid_string_dbg(&info->sid),
- privileges.count));
-
- luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx,
- struct lsa_LUIDAttribute,
- privileges.count);
- if (!luid_attrs) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- for (i=0; i<privileges.count; i++) {
- luid_attrs[i] = privileges.set[i];
- }
-
- priv_set->count = privileges.count;
- priv_set->unknown = 0;
- priv_set->set = luid_attrs;
-
- } else {
- priv_set->count = 0;
- priv_set->unknown = 0;
- priv_set->set = NULL;
+ *r->out.privs = priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
+ if (!priv_set) {
+ return NT_STATUS_NO_MEMORY;
}
- *r->out.privs = priv_set;
+ DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
+ sid_string_dbg(&info->sid),
+ privileges->count));
- done:
- privilege_set_free( &privileges );
+ priv_set->count = privileges->count;
+ priv_set->unknown = 0;
+ priv_set->set = talloc_move(priv_set, &privileges->set);
return status;
}
NTSTATUS status;
struct lsa_info *info = NULL;
struct dom_sid sid;
- PRIVILEGE_SET privileges;
- uint64_t mask;
+ PRIVILEGE_SET *privileges;
/* find the connection policy handle. */
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
- sid_copy( &sid, r->in.sid );
-
/* according to MS-LSAD 3.1.4.5.10 it is required to return
* NT_STATUS_OBJECT_NAME_NOT_FOUND if the account sid was not found in
* the lsa database */
- if (!get_privileges_for_sids(&mask, &sid, 1)) {
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
-
- status = privilege_set_init(&privileges);
+ status = get_privileges_for_sid_as_set(p->mem_ctx, &privileges, r->in.sid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- se_priv_to_privilege_set(&privileges, mask);
-
DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
- sid_string_dbg(&sid), privileges.count));
-
- status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges);
+ sid_string_dbg(&sid), privileges->count));
- privilege_set_free( &privileges );
+ status = init_lsa_right_set(p->mem_ctx, r->out.rights, privileges);
return status;
}
git.samba.org / sfrench / samba-autobuild / .git / commitdiff