The branch, master has been updated
via 2e77debc99299cd0defd5c00c6b618dc753905c8 (commit)
via 106d43a1ddf1a9ad9369bde17acede2a6071fb6c (commit)
via 8d68d04258d8a6e090d2eb27476532d63f741231 (commit)
via 4faef0da762fc1689ae9a3bc657fc6b5e77beb94 (commit)
via 35e45fb841e0c36ec2f8b2a8d7216700cc9af691 (commit)
via 3b899af422075949f3c2f0d14787c7e11a3b16df (commit)
from 74c405db406d0971ba4fe2abae4ebd950d27ab1c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2e77debc99299cd0defd5c00c6b618dc753905c8
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:39:06 2009 +0200
Revert "fix LSA-PRIVILEGES"
This reverts commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4.
commit 106d43a1ddf1a9ad9369bde17acede2a6071fb6c
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:38:55 2009 +0200
Revert "fix LSA-TRUSTED-DOMAINS"
This reverts commit 3c9b26276083002124674678ac757e859fb6b20e.
commit 8d68d04258d8a6e090d2eb27476532d63f741231
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:38:25 2009 +0200
s4-smbtorture: use secinfo flags instead of numbers in lsa test.
Guenther
commit 4faef0da762fc1689ae9a3bc657fc6b5e77beb94
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:37:19 2009 +0200
s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity().
Guenther
commit 35e45fb841e0c36ec2f8b2a8d7216700cc9af691
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:32:53 2009 +0200
s3-lsa: implement _lsa_LookupPrivName().
Guenther
commit 3b899af422075949f3c2f0d14787c7e11a3b16df
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 02:25:43 2009 +0200
s3-lsa: implement _lsa_EnumAccountsWithUserRight().
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_lsa_nt.c | 130 +++++++++++++++++++++++++++++++--------
source4/torture/rpc/lsa.c | 14 ++--
2 files changed, 112 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index c62991e..1a6d3ba 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1917,6 +1917,51 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct
*p,
}
/***************************************************************************
+ _lsa_LookupPrivName
+ ***************************************************************************/
+
+NTSTATUS _lsa_LookupPrivName(pipes_struct *p,
+ struct lsa_LookupPrivName *r)
+{
+ struct lsa_info *info = NULL;
+ const char *name;
+ struct lsa_StringLarge *lsa_name;
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (info->type != LSA_HANDLE_POLICY_TYPE) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ name = luid_to_privilege_name((LUID *)r->in.luid);
+ if (!name) {
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
+
+ lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);
+ if (!lsa_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ lsa_name->string = talloc_strdup(lsa_name, name);
+ if (!lsa_name->string) {
+ TALLOC_FREE(lsa_name);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *r->out.name = lsa_name;
+
+ return NT_STATUS_OK;
+}
+
+/***************************************************************************
_lsa_QuerySecurity
***************************************************************************/
@@ -1947,19 +1992,9 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
return status;
}
- switch (r->in.sec_info) {
- case 1:
- /* SD contains only the owner */
- if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size,
psd)) == NULL)
- return NT_STATUS_NO_MEMORY;
- break;
- case 4:
- /* SD contains only the ACL */
- if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size,
psd)) == NULL)
- return NT_STATUS_NO_MEMORY;
- break;
- default:
- return NT_STATUS_INVALID_LEVEL;
+ *r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd);
+ if (!*r->out.sdbuf) {
+ return NT_STATUS_NO_MEMORY;
}
return status;
@@ -2246,6 +2281,63 @@ NTSTATUS _lsa_LookupPrivValue(pipes_struct *p,
return NT_STATUS_OK;
}
+/***************************************************************************
+ _lsa_EnumAccountsWithUserRight
+ ***************************************************************************/
+
+NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p,
+ struct lsa_EnumAccountsWithUserRight *r)
+{
+ NTSTATUS status;
+ struct lsa_info *info = NULL;
+ struct dom_sid *sids = NULL;
+ int num_sids = 0;
+ uint32_t i;
+ SE_PRIV mask;
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (info->type != LSA_HANDLE_POLICY_TYPE) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (!(info->access & LSA_POLICY_LOOKUP_NAMES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (!r->in.name || !r->in.name->string) {
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
+
+ if (!se_priv_from_name(r->in.name->string, &mask)) {
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
+
+ status = privilege_enum_sids(&mask, p->mem_ctx,
+ &sids, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ r->out.sids->num_sids = num_sids;
+ r->out.sids->sids = talloc_array(p->mem_ctx, struct lsa_SidPtr,
+ r->out.sids->num_sids);
+
+ for (i=0; i < r->out.sids->num_sids; i++) {
+ r->out.sids->sids[i].sid = sid_dup_talloc(r->out.sids->sids,
+ &sids[i]);
+ if (!r->out.sids->sids[i].sid) {
+ TALLOC_FREE(r->out.sids->sids);
+ r->out.sids->num_sids = 0;
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
* From here on the server routines are just dummy ones to make smbd link with
* librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are
@@ -2312,18 +2404,6 @@ NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct
lsa_QuerySecret *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct
lsa_EnumAccountsWithUserRight *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct
lsa_QueryTrustedDomainInfoBySid *r)
{
p->rng_fault_state = True;
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 7963092..b45b565 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -1529,7 +1529,9 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
torture_comment(tctx, "\nTesting QuerySecurity\n");
r.in.handle = acct_handle;
- r.in.sec_info = 7;
+ r.in.sec_info = SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL;
r.out.sdbuf = &sdbuf;
status = dcerpc_lsa_QuerySecurity(p, tctx, &r);
@@ -2788,9 +2790,8 @@ struct torture_suite
*torture_rpc_lsa_trusted_domains(TALLOC_CTX *mem_ctx)
suite = torture_suite_create(mem_ctx, "LSA-TRUSTED-DOMAINS");
- tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite,
"lsa",
-
&ndr_table_lsarpc,
-
TEST_MACHINENAME);
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+ &ndr_table_lsarpc);
torture_rpc_tcase_add_test(tcase, "TrustedDomains",
testcase_TrustedDomains);
@@ -2842,9 +2843,8 @@ struct torture_suite
*torture_rpc_lsa_privileges(TALLOC_CTX *mem_ctx)
suite = torture_suite_create(mem_ctx, "LSA-PRIVILEGES");
- tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite,
"lsa",
-
&ndr_table_lsarpc,
-
TEST_MACHINENAME);
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+ &ndr_table_lsarpc);
torture_rpc_tcase_add_test(tcase, "Privileges",
testcase_Privileges);
--
Samba Shared Repository
