Author: tridge Date: 2004-12-14 06:31:20 +0000 (Tue, 14 Dec 2004) New Revision: 4202
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4202 Log: added smbclient commands "addprivileges" and "delprivileges" for easily adding/removing privileges from users Modified: branches/SAMBA_4_0/source/client/client.c branches/SAMBA_4_0/source/libcli/util/clilsa.c branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c Changeset: Modified: branches/SAMBA_4_0/source/client/client.c =================================================================== --- branches/SAMBA_4_0/source/client/client.c 2004-12-14 06:25:19 UTC (rev 4201) +++ branches/SAMBA_4_0/source/client/client.c 2004-12-14 06:31:20 UTC (rev 4202) @@ -1909,7 +1909,7 @@ unsigned i; if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) { - d_printf("lookupsid <sid>\n"); + d_printf("privileges <sid|name>\n"); talloc_free(mem_ctx); return 1; } @@ -1944,7 +1944,108 @@ /**************************************************************************** +add privileges for a user ****************************************************************************/ +static int cmd_addprivileges(const char **cmd_ptr) +{ + fstring buf; + TALLOC_CTX *mem_ctx = talloc(NULL, 0); + NTSTATUS status; + struct dom_sid *sid; + struct lsa_RightSet rights; + + if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) { + d_printf("addprivileges <sid> <privilege...>\n"); + talloc_free(mem_ctx); + return 1; + } + + sid = dom_sid_parse_talloc(mem_ctx, buf); + if (sid == NULL) { + const char *sid_str; + status = smblsa_lookup_name(cli, buf, mem_ctx, &sid_str); + if (!NT_STATUS_IS_OK(status)) { + d_printf("lsa_LookupNames - %s\n", nt_errstr(status)); + talloc_free(mem_ctx); + return 1; + } + sid = dom_sid_parse_talloc(mem_ctx, sid_str); + } + + ZERO_STRUCT(rights); + while (next_token(cmd_ptr,buf,NULL,sizeof(buf))) { + rights.names = talloc_realloc_p(mem_ctx, rights.names, + struct lsa_String, rights.count+1); + rights.names[rights.count].string = talloc_strdup(mem_ctx, buf); + rights.count++; + } + + + status = smblsa_sid_add_privileges(cli, sid, mem_ctx, &rights); + if (!NT_STATUS_IS_OK(status)) { + d_printf("lsa_AddAccountRights - %s\n", nt_errstr(status)); + talloc_free(mem_ctx); + return 1; + } + + talloc_free(mem_ctx); + + return 0; +} + +/**************************************************************************** +delete privileges for a user +****************************************************************************/ +static int cmd_delprivileges(const char **cmd_ptr) +{ + fstring buf; + TALLOC_CTX *mem_ctx = talloc(NULL, 0); + NTSTATUS status; + struct dom_sid *sid; + struct lsa_RightSet rights; + + if (!next_token(cmd_ptr,buf,NULL,sizeof(buf))) { + d_printf("delprivileges <sid> <privilege...>\n"); + talloc_free(mem_ctx); + return 1; + } + + sid = dom_sid_parse_talloc(mem_ctx, buf); + if (sid == NULL) { + const char *sid_str; + status = smblsa_lookup_name(cli, buf, mem_ctx, &sid_str); + if (!NT_STATUS_IS_OK(status)) { + d_printf("lsa_LookupNames - %s\n", nt_errstr(status)); + talloc_free(mem_ctx); + return 1; + } + sid = dom_sid_parse_talloc(mem_ctx, sid_str); + } + + ZERO_STRUCT(rights); + while (next_token(cmd_ptr,buf,NULL,sizeof(buf))) { + rights.names = talloc_realloc_p(mem_ctx, rights.names, + struct lsa_String, rights.count+1); + rights.names[rights.count].string = talloc_strdup(mem_ctx, buf); + rights.count++; + } + + + status = smblsa_sid_del_privileges(cli, sid, mem_ctx, &rights); + if (!NT_STATUS_IS_OK(status)) { + d_printf("lsa_RemoveAccountRights - %s\n", nt_errstr(status)); + talloc_free(mem_ctx); + return 1; + } + + talloc_free(mem_ctx); + + return 0; +} + + +/**************************************************************************** +****************************************************************************/ static int cmd_open(const char **cmd_ptr) { pstring mask; @@ -2492,6 +2593,7 @@ } commands[] = { {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}}, + {"addprivileges",cmd_addprivileges,"<sid|user> <privilege...> add privileges for a user",{COMPL_NONE,COMPL_NONE}}, {"altname",cmd_altname,"<file> show alt name",{COMPL_NONE,COMPL_NONE}}, {"acl",cmd_acl,"<file> show file ACL",{COMPL_NONE,COMPL_NONE}}, {"allinfo",cmd_allinfo,"<file> show all possible info about a file",{COMPL_NONE,COMPL_NONE}}, @@ -2501,6 +2603,7 @@ {"chmod",cmd_chmod,"<src> <mode> chmod a file using UNIX permission",{COMPL_REMOTE,COMPL_REMOTE}}, {"chown",cmd_chown,"<src> <uid> <gid> chown a file using UNIX uids and gids",{COMPL_REMOTE,COMPL_REMOTE}}, {"del",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}}, + {"delprivileges",cmd_delprivileges,"<sid|user> <privilege...> remove privileges for a user",{COMPL_NONE,COMPL_NONE}}, {"deltree",cmd_deltree,"<dir> delete a whole directory tree",{COMPL_REMOTE,COMPL_NONE}}, {"dir",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}}, {"du",cmd_du,"<mask> computes the total size of the current directory",{COMPL_REMOTE,COMPL_NONE}}, Modified: branches/SAMBA_4_0/source/libcli/util/clilsa.c =================================================================== --- branches/SAMBA_4_0/source/libcli/util/clilsa.c 2004-12-14 06:25:19 UTC (rev 4201) +++ branches/SAMBA_4_0/source/libcli/util/clilsa.c 2004-12-14 06:31:20 UTC (rev 4202) @@ -297,3 +297,49 @@ return NT_STATUS_OK; } + + +/* + add a set of privileges to the given sid +*/ +NTSTATUS smblsa_sid_add_privileges(struct smbcli_state *cli, struct dom_sid *sid, + TALLOC_CTX *mem_ctx, + struct lsa_RightSet *rights) +{ + NTSTATUS status; + struct lsa_AddAccountRights r; + + status = smblsa_connect(cli); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + r.in.handle = &cli->lsa->handle; + r.in.sid = sid; + r.in.rights = rights; + + return dcerpc_lsa_AddAccountRights(cli->lsa->pipe, mem_ctx, &r); +} + +/* + remove a set of privileges from the given sid +*/ +NTSTATUS smblsa_sid_del_privileges(struct smbcli_state *cli, struct dom_sid *sid, + TALLOC_CTX *mem_ctx, + struct lsa_RightSet *rights) +{ + NTSTATUS status; + struct lsa_RemoveAccountRights r; + + status = smblsa_connect(cli); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + r.in.handle = &cli->lsa->handle; + r.in.sid = sid; + r.in.unknown = 0; + r.in.rights = rights; + + return dcerpc_lsa_RemoveAccountRights(cli->lsa->pipe, mem_ctx, &r); +} Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c =================================================================== --- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-12-14 06:25:19 UTC (rev 4201) +++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2004-12-14 06:31:20 UTC (rev 4202) @@ -1084,6 +1084,9 @@ ret = samdb_modify(state->sam_ctx, mem_ctx, &msg); if (ret != 0) { + if (ldb_flag == LDB_FLAG_MOD_DELETE) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } return NT_STATUS_UNEXPECTED_IO_ERROR; }