The branch, master has been updated via 2e77debc99299cd0defd5c00c6b618dc753905c8 (commit) via 106d43a1ddf1a9ad9369bde17acede2a6071fb6c (commit) via 8d68d04258d8a6e090d2eb27476532d63f741231 (commit) via 4faef0da762fc1689ae9a3bc657fc6b5e77beb94 (commit) via 35e45fb841e0c36ec2f8b2a8d7216700cc9af691 (commit) via 3b899af422075949f3c2f0d14787c7e11a3b16df (commit) from 74c405db406d0971ba4fe2abae4ebd950d27ab1c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 2e77debc99299cd0defd5c00c6b618dc753905c8 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:39:06 2009 +0200 Revert "fix LSA-PRIVILEGES" This reverts commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4. commit 106d43a1ddf1a9ad9369bde17acede2a6071fb6c Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:38:55 2009 +0200 Revert "fix LSA-TRUSTED-DOMAINS" This reverts commit 3c9b26276083002124674678ac757e859fb6b20e. commit 8d68d04258d8a6e090d2eb27476532d63f741231 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:38:25 2009 +0200 s4-smbtorture: use secinfo flags instead of numbers in lsa test. Guenther commit 4faef0da762fc1689ae9a3bc657fc6b5e77beb94 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:37:19 2009 +0200 s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity(). Guenther commit 35e45fb841e0c36ec2f8b2a8d7216700cc9af691 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:32:53 2009 +0200 s3-lsa: implement _lsa_LookupPrivName(). Guenther commit 3b899af422075949f3c2f0d14787c7e11a3b16df Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 02:25:43 2009 +0200 s3-lsa: implement _lsa_EnumAccountsWithUserRight(). Guenther ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/srv_lsa_nt.c | 130 +++++++++++++++++++++++++++++++-------- source4/torture/rpc/lsa.c | 14 ++-- 2 files changed, 112 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index c62991e..1a6d3ba 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1917,6 +1917,51 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, } /*************************************************************************** + _lsa_LookupPrivName + ***************************************************************************/ + +NTSTATUS _lsa_LookupPrivName(pipes_struct *p, + struct lsa_LookupPrivName *r) +{ + struct lsa_info *info = NULL; + const char *name; + struct lsa_StringLarge *lsa_name; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) { + return NT_STATUS_INVALID_HANDLE; + } + + if (info->type != LSA_HANDLE_POLICY_TYPE) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION)) { + return NT_STATUS_ACCESS_DENIED; + } + + name = luid_to_privilege_name((LUID *)r->in.luid); + if (!name) { + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + + lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge); + if (!lsa_name) { + return NT_STATUS_NO_MEMORY; + } + + lsa_name->string = talloc_strdup(lsa_name, name); + if (!lsa_name->string) { + TALLOC_FREE(lsa_name); + return NT_STATUS_NO_MEMORY; + } + + *r->out.name = lsa_name; + + return NT_STATUS_OK; +} + +/*************************************************************************** _lsa_QuerySecurity ***************************************************************************/ @@ -1947,19 +1992,9 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p, return status; } - switch (r->in.sec_info) { - case 1: - /* SD contains only the owner */ - if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) - return NT_STATUS_NO_MEMORY; - break; - case 4: - /* SD contains only the ACL */ - if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) - return NT_STATUS_NO_MEMORY; - break; - default: - return NT_STATUS_INVALID_LEVEL; + *r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd); + if (!*r->out.sdbuf) { + return NT_STATUS_NO_MEMORY; } return status; @@ -2246,6 +2281,63 @@ NTSTATUS _lsa_LookupPrivValue(pipes_struct *p, return NT_STATUS_OK; } +/*************************************************************************** + _lsa_EnumAccountsWithUserRight + ***************************************************************************/ + +NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, + struct lsa_EnumAccountsWithUserRight *r) +{ + NTSTATUS status; + struct lsa_info *info = NULL; + struct dom_sid *sids = NULL; + int num_sids = 0; + uint32_t i; + SE_PRIV mask; + + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) { + return NT_STATUS_INVALID_HANDLE; + } + + if (info->type != LSA_HANDLE_POLICY_TYPE) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!(info->access & LSA_POLICY_LOOKUP_NAMES)) { + return NT_STATUS_ACCESS_DENIED; + } + + if (!r->in.name || !r->in.name->string) { + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + + if (!se_priv_from_name(r->in.name->string, &mask)) { + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + + status = privilege_enum_sids(&mask, p->mem_ctx, + &sids, &num_sids); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + r->out.sids->num_sids = num_sids; + r->out.sids->sids = talloc_array(p->mem_ctx, struct lsa_SidPtr, + r->out.sids->num_sids); + + for (i=0; i < r->out.sids->num_sids; i++) { + r->out.sids->sids[i].sid = sid_dup_talloc(r->out.sids->sids, + &sids[i]); + if (!r->out.sids->sids[i].sid) { + TALLOC_FREE(r->out.sids->sids); + r->out.sids->num_sids = 0; + return NT_STATUS_NO_MEMORY; + } + } + + return NT_STATUS_OK; +} + /* * From here on the server routines are just dummy ones to make smbd link with * librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are @@ -2312,18 +2404,6 @@ NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct lsa_QuerySecret *r) return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccountsWithUserRight *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct lsa_QueryTrustedDomainInfoBySid *r) { p->rng_fault_state = True; diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 7963092..b45b565 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1529,7 +1529,9 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, torture_comment(tctx, "\nTesting QuerySecurity\n"); r.in.handle = acct_handle; - r.in.sec_info = 7; + r.in.sec_info = SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL; r.out.sdbuf = &sdbuf; status = dcerpc_lsa_QuerySecurity(p, tctx, &r); @@ -2788,9 +2790,8 @@ struct torture_suite *torture_rpc_lsa_trusted_domains(TALLOC_CTX *mem_ctx) suite = torture_suite_create(mem_ctx, "LSA-TRUSTED-DOMAINS"); - tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "lsa", - &ndr_table_lsarpc, - TEST_MACHINENAME); + tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa", + &ndr_table_lsarpc); torture_rpc_tcase_add_test(tcase, "TrustedDomains", testcase_TrustedDomains); @@ -2842,9 +2843,8 @@ struct torture_suite *torture_rpc_lsa_privileges(TALLOC_CTX *mem_ctx) suite = torture_suite_create(mem_ctx, "LSA-PRIVILEGES"); - tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "lsa", - &ndr_table_lsarpc, - TEST_MACHINENAME); + tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa", + &ndr_table_lsarpc); torture_rpc_tcase_add_test(tcase, "Privileges", testcase_Privileges); -- Samba Shared Repository