Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

net_rpc_rights.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 20.3 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) Gerald (Jerry) Carter 2004
5	Copyright (C) Guenther Deschner 2008
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20	#include "includes.h"
21	#include "utils/net.h"
22	#include "rpc_client/rpc_client.h"
23	#include "../librpc/gen_ndr/ndr_lsa_c.h"
24	#include "rpc_client/cli_lsarpc.h"
25	#include "rpc_client/init_lsa.h"
26	#include "../libcli/security/security.h"
27
28	/********************************************************************
29	********************************************************************/
30
31	static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
32	TALLOC_CTX *mem_ctx,
33	struct dom_sid *sid,
34	fstring name)
35	{
36	struct policy_handle pol;
37	enum lsa_SidType *sid_types = NULL;
38	NTSTATUS status, result;
39	char domains = NULL, names = NULL;
40	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
41
42	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
43	SEC_FLAG_MAXIMUM_ALLOWED, &pol);
44
45	if ( !NT_STATUS_IS_OK(status) )
46	return status;
47
48	status = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);
49
50	if ( NT_STATUS_IS_OK(status) ) {
51	if ( *domains[0] )
52	fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
53	else
54	fstrcpy( name, names[0] );
55	}
56
57	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
58	return status;
59	}
60
61	/********************************************************************
62	********************************************************************/
63
64	static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd,
65	TALLOC_CTX *mem_ctx,
66	struct dom_sid sid, const char name)
67	{
68	struct policy_handle pol;
69	enum lsa_SidType *sid_types;
70	NTSTATUS status, result;
71	struct dom_sid *sids;
72	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
73
74	/* maybe its a raw SID */
75	if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) {
76	return NT_STATUS_OK;
77	}
78
79	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
80	SEC_FLAG_MAXIMUM_ALLOWED, &pol);
81
82	if ( !NT_STATUS_IS_OK(status) )
83	return status;
84
85	status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &pol, 1, &name,
86	NULL, 1, &sids, &sid_types);
87
88	if ( NT_STATUS_IS_OK(status) )
89	sid_copy( sid, &sids[0] );
90
91	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
92	return status;
93	}
94
95	/********************************************************************
96	********************************************************************/
97
98	static NTSTATUS enum_privileges(struct rpc_pipe_client *pipe_hnd,
99	TALLOC_CTX *ctx,
100	struct policy_handle *pol )
101	{
102	NTSTATUS status, result;
103	uint32 enum_context = 0;
104	uint32 pref_max_length=0x1000;
105	int i;
106	uint16 lang_id=0;
107	uint16 lang_id_sys=0;
108	uint16 lang_id_desc;
109	struct lsa_StringLarge *description = NULL;
110	struct lsa_PrivArray priv_array;
111	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
112
113	status = dcerpc_lsa_EnumPrivs(b, ctx,
114	pol,
115	&enum_context,
116	&priv_array,
117	pref_max_length,
118	&result);
119
120	if ( !NT_STATUS_IS_OK(status) )
121	return status;
122	if (!NT_STATUS_IS_OK(result)) {
123	return result;
124	}
125
126	/* Print results */
127
128	for (i = 0; i < priv_array.count; i++) {
129
130	struct lsa_String lsa_name;
131
132	d_printf("%30s ",
133	priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "unknown" );
134
135	/* try to get the description */
136
137	init_lsa_String(&lsa_name, priv_array.privs[i].name.string);
138
139	status = dcerpc_lsa_LookupPrivDisplayName(b, ctx,
140	pol,
141	&lsa_name,
142	lang_id,
143	lang_id_sys,
144	&description,
145	&lang_id_desc,
146	&result);
147	if (!NT_STATUS_IS_OK(status)) {
148	d_printf("??????\n");
149	continue;
150	}
151	if (!NT_STATUS_IS_OK(result)) {
152	d_printf("??????\n");
153	continue;
154	}
155
156	d_printf("%s\n", description->string);
157	}
158
159	return NT_STATUS_OK;
160	}
161
162	/********************************************************************
163	********************************************************************/
164
165	static NTSTATUS check_privilege_for_user(struct rpc_pipe_client *pipe_hnd,
166	TALLOC_CTX *ctx,
167	struct policy_handle *pol,
168	struct dom_sid *sid,
169	const char *right)
170	{
171	NTSTATUS status, result;
172	struct lsa_RightSet rights;
173	int i;
174	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
175
176	status = dcerpc_lsa_EnumAccountRights(b, ctx,
177	pol,
178	sid,
179	&rights,
180	&result);
181	if (!NT_STATUS_IS_OK(status)) {
182	return status;
183	}
184	if (!NT_STATUS_IS_OK(result)) {
185	return result;
186	}
187
188	if (rights.count == 0) {
189	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
190	}
191
192	for (i = 0; i < rights.count; i++) {
193	if (StrCaseCmp(rights.names[i].string, right) == 0) {
194	return NT_STATUS_OK;
195	}
196	}
197
198	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
199	}
200
201	/********************************************************************
202	********************************************************************/
203
204	static NTSTATUS enum_privileges_for_user(struct rpc_pipe_client *pipe_hnd,
205	TALLOC_CTX *ctx,
206	struct policy_handle *pol,
207	struct dom_sid *sid )
208	{
209	NTSTATUS status, result;
210	struct lsa_RightSet rights;
211	int i;
212	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
213
214	status = dcerpc_lsa_EnumAccountRights(b, ctx,
215	pol,
216	sid,
217	&rights,
218	&result);
219	if (!NT_STATUS_IS_OK(status))
220	return status;
221	if (!NT_STATUS_IS_OK(result))
222	return result;
223
224	if (rights.count == 0) {
225	d_printf(_("No privileges assigned\n"));
226	}
227
228	for (i = 0; i < rights.count; i++) {
229	printf("%s\n", rights.names[i].string);
230	}
231
232	return NT_STATUS_OK;
233	}
234
235	/********************************************************************
236	********************************************************************/
237
238	static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
239	TALLOC_CTX *ctx,
240	struct policy_handle *pol,
241	const char *privilege)
242	{
243	NTSTATUS status, result;
244	uint32 enum_context=0;
245	uint32 pref_max_length=0x1000;
246	struct lsa_SidArray sid_array;
247	int i;
248	fstring name;
249	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
250
251	status = dcerpc_lsa_EnumAccounts(b, ctx,
252	pol,
253	&enum_context,
254	&sid_array,
255	pref_max_length,
256	&result);
257	if (!NT_STATUS_IS_OK(status))
258	return status;
259	if (!NT_STATUS_IS_OK(result))
260	return result;
261
262	d_printf("%s:\n", privilege);
263
264	for ( i=0; i<sid_array.num_sids; i++ ) {
265
266	status = check_privilege_for_user(pipe_hnd, ctx, pol,
267	sid_array.sids[i].sid,
268	privilege);
269
270	if ( ! NT_STATUS_IS_OK(status)) {
271	if ( ! NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
272	return status;
273	}
274	continue;
275	}
276
277	/* try to convert the SID to a name. Fall back to
278	printing the raw SID if necessary */
279	status = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name );
280	if ( !NT_STATUS_IS_OK (status) )
281	sid_to_fstring(name, sid_array.sids[i].sid);
282
283	d_printf(" %s\n", name);
284	}
285
286	return NT_STATUS_OK;
287	}
288
289	/********************************************************************
290	********************************************************************/
291
292	static NTSTATUS enum_privileges_for_accounts(struct rpc_pipe_client *pipe_hnd,
293	TALLOC_CTX *ctx,
294	struct policy_handle *pol)
295	{
296	NTSTATUS status, result;
297	uint32 enum_context=0;
298	uint32 pref_max_length=0x1000;
299	struct lsa_SidArray sid_array;
300	int i;
301	fstring name;
302	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
303
304	status = dcerpc_lsa_EnumAccounts(b, ctx,
305	pol,
306	&enum_context,
307	&sid_array,
308	pref_max_length,
309	&result);
310	if (!NT_STATUS_IS_OK(status))
311	return status;
312	if (!NT_STATUS_IS_OK(result))
313	return result;
314
315	for ( i=0; i<sid_array.num_sids; i++ ) {
316
317	/* try to convert the SID to a name. Fall back to
318	printing the raw SID if necessary */
319
320	status = sid_to_name(pipe_hnd, ctx, sid_array.sids[i].sid, name);
321	if ( !NT_STATUS_IS_OK (status) )
322	sid_to_fstring(name, sid_array.sids[i].sid);
323
324	d_printf("%s\n", name);
325
326	status = enum_privileges_for_user(pipe_hnd, ctx, pol,
327	sid_array.sids[i].sid);
328	if ( !NT_STATUS_IS_OK(status) )
329	return status;
330
331	d_printf("\n");
332	}
333
334	return NT_STATUS_OK;
335	}
336
337	/********************************************************************
338	********************************************************************/
339
340	static NTSTATUS rpc_rights_list_internal(struct net_context *c,
341	const struct dom_sid *domain_sid,
342	const char *domain_name,
343	struct cli_state *cli,
344	struct rpc_pipe_client *pipe_hnd,
345	TALLOC_CTX *mem_ctx,
346	int argc,
347	const char **argv )
348	{
349	struct policy_handle pol;
350	NTSTATUS status, result;
351	struct dom_sid sid;
352	fstring privname;
353	struct lsa_String lsa_name;
354	struct lsa_StringLarge *description = NULL;
355	uint16 lang_id = 0;
356	uint16 lang_id_sys = 0;
357	uint16 lang_id_desc;
358	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
359
360	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
361	SEC_FLAG_MAXIMUM_ALLOWED, &pol);
362
363	if ( !NT_STATUS_IS_OK(status) )
364	return status;
365
366	/* backwards compatibility; just list available privileges if no arguement */
367
368	if (argc == 0) {
369	status = enum_privileges(pipe_hnd, mem_ctx, &pol );
370	goto done;
371	}
372
373	if (strequal(argv[0], "privileges")) {
374	int i = 1;
375
376	if (argv[1] == NULL) {
377	status = enum_privileges(pipe_hnd, mem_ctx, &pol );
378	goto done;
379	}
380
381	while ( argv[i] != NULL ) {
382	fstrcpy(privname, argv[i]);
383	init_lsa_String(&lsa_name, argv[i]);
384	i++;
385
386	/* verify that this is a valid privilege for error reporting */
387	status = dcerpc_lsa_LookupPrivDisplayName(b, mem_ctx,
388	&pol,
389	&lsa_name,
390	lang_id,
391	lang_id_sys,
392	&description,
393	&lang_id_desc,
394	&result);
395	if (!NT_STATUS_IS_OK(status)) {
396	continue;
397	}
398	status = result;
399	if ( !NT_STATUS_IS_OK(result) ) {
400	if ( NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_PRIVILEGE))
401	d_fprintf(stderr, _("No such privilege "
402	"exists: %s.\n"), privname);
403	else
404	d_fprintf(stderr, _("Error resolving "
405	"privilege display name "
406	"[%s].\n"),
407	nt_errstr(result));
408	continue;
409	}
410
411	status = enum_accounts_for_privilege(pipe_hnd, mem_ctx, &pol, privname);
412	if (!NT_STATUS_IS_OK(status)) {
413	d_fprintf(stderr, _("Error enumerating "
414	"accounts for privilege %s [%s].\n"),
415	privname, nt_errstr(status));
416	continue;
417	}
418	}
419	goto done;
420	}
421
422	/* special case to enumerate all privileged SIDs with associated rights */
423
424	if (strequal( argv[0], "accounts")) {
425	int i = 1;
426
427	if (argv[1] == NULL) {
428	status = enum_privileges_for_accounts(pipe_hnd, mem_ctx, &pol);
429	goto done;
430	}
431
432	while (argv[i] != NULL) {
433	status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[i]);
434	if (!NT_STATUS_IS_OK(status)) {
435	goto done;
436	}
437	status = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid);
438	if (!NT_STATUS_IS_OK(status)) {
439	goto done;
440	}
441	i++;
442	}
443	goto done;
444	}
445
446	/* backward comaptibility: if no keyword provided, treat the key
447	as an account name */
448	if (argc > 1) {
449	d_printf("%s net rpc rights list [[accounts\|privileges] "
450	"[name\|SID]]\n", _("Usage:"));
451	status = NT_STATUS_OK;
452	goto done;
453	}
454
455	status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
456	if (!NT_STATUS_IS_OK(status)) {
457	goto done;
458	}
459	status = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid );
460
461	done:
462	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
463
464	return status;
465	}
466
467	/********************************************************************
468	********************************************************************/
469
470	static NTSTATUS rpc_rights_grant_internal(struct net_context *c,
471	const struct dom_sid *domain_sid,
472	const char *domain_name,
473	struct cli_state *cli,
474	struct rpc_pipe_client *pipe_hnd,
475	TALLOC_CTX *mem_ctx,
476	int argc,
477	const char **argv )
478	{
479	struct policy_handle dom_pol;
480	NTSTATUS status, result;
481	struct lsa_RightSet rights;
482	int i;
483	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
484
485	struct dom_sid sid;
486
487	if (argc < 2 ) {
488	d_printf("%s\n%s",
489	_("Usage:"),
490	_(" net rpc rights grant <name\|SID> <rights...>\n"));
491	return NT_STATUS_OK;
492	}
493
494	status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
495	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
496	status = NT_STATUS_NO_SUCH_USER;
497
498	if (!NT_STATUS_IS_OK(status))
499	goto done;
500
501	status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
502	SEC_FLAG_MAXIMUM_ALLOWED,
503	&dom_pol);
504
505	if (!NT_STATUS_IS_OK(status))
506	return status;
507
508	rights.count = argc-1;
509	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
510	rights.count);
511	if (!rights.names) {
512	return NT_STATUS_NO_MEMORY;
513	}
514
515	for (i=0; i<argc-1; i++) {
516	init_lsa_StringLarge(&rights.names[i], argv[i+1]);
517	}
518
519	status = dcerpc_lsa_AddAccountRights(b, mem_ctx,
520	&dom_pol,
521	&sid,
522	&rights,
523	&result);
524	if (!NT_STATUS_IS_OK(status))
525	goto done;
526	if (!NT_STATUS_IS_OK(result)) {
527	status = result;
528	goto done;
529	}
530
531	d_printf(_("Successfully granted rights.\n"));
532
533	done:
534	if ( !NT_STATUS_IS_OK(status) ) {
535	d_fprintf(stderr, _("Failed to grant privileges for %s (%s)\n"),
536	argv[0], nt_errstr(status));
537	}
538
539	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
540
541	return status;
542	}
543
544	/********************************************************************
545	********************************************************************/
546
547	static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
548	const struct dom_sid *domain_sid,
549	const char *domain_name,
550	struct cli_state *cli,
551	struct rpc_pipe_client *pipe_hnd,
552	TALLOC_CTX *mem_ctx,
553	int argc,
554	const char **argv )
555	{
556	struct policy_handle dom_pol;
557	NTSTATUS status, result;
558	struct lsa_RightSet rights;
559	struct dom_sid sid;
560	int i;
561	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
562
563	if (argc < 2 ) {
564	d_printf("%s\n%s",
565	_("Usage:"),
566	_(" net rpc rights revoke <name\|SID> <rights...>\n"));
567	return NT_STATUS_OK;
568	}
569
570	status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
571	if (!NT_STATUS_IS_OK(status))
572	return status;
573
574	status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
575	SEC_FLAG_MAXIMUM_ALLOWED,
576	&dom_pol);
577
578	if (!NT_STATUS_IS_OK(status))
579	return status;
580
581	rights.count = argc-1;
582	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
583	rights.count);
584	if (!rights.names) {
585	return NT_STATUS_NO_MEMORY;
586	}
587
588	for (i=0; i<argc-1; i++) {
589	init_lsa_StringLarge(&rights.names[i], argv[i+1]);
590	}
591
592	status = dcerpc_lsa_RemoveAccountRights(b, mem_ctx,
593	&dom_pol,
594	&sid,
595	false,
596	&rights,
597	&result);
598	if (!NT_STATUS_IS_OK(status))
599	goto done;
600	if (!NT_STATUS_IS_OK(result)) {
601	status = result;
602	goto done;
603	}
604
605	d_printf(_("Successfully revoked rights.\n"));
606
607	done:
608	if ( !NT_STATUS_IS_OK(status) ) {
609	d_fprintf(stderr,_("Failed to revoke privileges for %s (%s)\n"),
610	argv[0], nt_errstr(status));
611	}
612
613	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
614
615	return status;
616	}
617
618
619	/********************************************************************
620	********************************************************************/
621
622	static int rpc_rights_list(struct net_context c, int argc, const char *argv )
623	{
624	if (c->display_usage) {
625	d_printf("%s\n%s",
626	_("Usage:"),
627	_("net rpc rights list [{accounts\|privileges} "
628	"[name\|SID]]\n"
629	" View available/assigned privileges\n"));
630	return 0;
631	}
632
633	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
634	rpc_rights_list_internal, argc, argv );
635	}
636
637	/********************************************************************
638	********************************************************************/
639
640	static int rpc_rights_grant(struct net_context c, int argc, const char *argv )
641	{
642	if (c->display_usage) {
643	d_printf("%s\n%s",
644	_("Usage:"),
645	_("net rpc rights grant <name\|SID> <right>\n"
646	" Assign privilege[s]\n"));
647	d_printf(_("For example:\n"
648	" net rpc rights grant 'VALE\\biddle' "
649	"SePrintOperatorPrivilege SeDiskOperatorPrivilege\n"
650	" would grant the printer admin and disk manager "
651	"rights to the user 'VALE\\biddle'\n"));
652	return 0;
653	}
654
655	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
656	rpc_rights_grant_internal, argc, argv );
657	}
658
659	/********************************************************************
660	********************************************************************/
661
662	static int rpc_rights_revoke(struct net_context c, int argc, const char *argv)
663	{
664	if (c->display_usage) {
665	d_printf("%s\n%s",
666	_("Usage:"),
667	_("net rpc rights revoke <name\|SID> <right>\n"
668	" Revoke privilege[s]\n"));
669	d_printf(_("For example:\n"
670	" net rpc rights revoke 'VALE\\biddle' "
671	"SePrintOperatorPrivilege SeDiskOperatorPrivilege\n"
672	" would revoke the printer admin and disk manager"
673	" rights from the user 'VALE\\biddle'\n"));
674	return 0;
675	}
676
677	return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
678	rpc_rights_revoke_internal, argc, argv );
679	}
680
681	/********************************************************************
682	********************************************************************/
683
684	int net_rpc_rights(struct net_context c, int argc, const char *argv)
685	{
686	struct functable func[] = {
687	{
688	"list",
689	rpc_rights_list,
690	NET_TRANSPORT_RPC,
691	N_("View available/assigned privileges"),
692	N_("net rpc rights list\n"
693	" View available/assigned privileges")
694	},
695	{
696	"grant",
697	rpc_rights_grant,
698	NET_TRANSPORT_RPC,
699	N_("Assign privilege[s]"),
700	N_("net rpc rights grant\n"
701	" Assign privilege[s]")
702	},
703	{
704	"revoke",
705	rpc_rights_revoke,
706	NET_TRANSPORT_RPC,
707	N_("Revoke privilege[s]"),
708	N_("net rpc rights revoke\n"
709	" Revoke privilege[s]")
710	},
711	{NULL, NULL, 0, NULL, NULL}
712	};
713
714	return net_run_function(c, argc, argv, "net rpc rights", func);
715	}
716
717	static NTSTATUS rpc_sh_rights_list(struct net_context *c,
718	TALLOC_CTX mem_ctx, struct rpc_sh_ctx ctx,
719	struct rpc_pipe_client *pipe_hnd,
720	int argc, const char **argv)
721	{
722	return rpc_rights_list_internal(c, ctx->domain_sid, ctx->domain_name,
723	ctx->cli, pipe_hnd, mem_ctx,
724	argc, argv);
725	}
726
727	static NTSTATUS rpc_sh_rights_grant(struct net_context *c,
728	TALLOC_CTX *mem_ctx,
729	struct rpc_sh_ctx *ctx,
730	struct rpc_pipe_client *pipe_hnd,
731	int argc, const char **argv)
732	{
733	return rpc_rights_grant_internal(c, ctx->domain_sid, ctx->domain_name,
734	ctx->cli, pipe_hnd, mem_ctx,
735	argc, argv);
736	}
737
738	static NTSTATUS rpc_sh_rights_revoke(struct net_context *c,
739	TALLOC_CTX *mem_ctx,
740	struct rpc_sh_ctx *ctx,
741	struct rpc_pipe_client *pipe_hnd,
742	int argc, const char **argv)
743	{
744	return rpc_rights_revoke_internal(c, ctx->domain_sid, ctx->domain_name,
745	ctx->cli, pipe_hnd, mem_ctx,
746	argc, argv);
747	}
748
749	struct rpc_sh_cmd net_rpc_rights_cmds(struct net_context c, TALLOC_CTX *mem_ctx,
750	struct rpc_sh_ctx *ctx)
751	{
752	static struct rpc_sh_cmd cmds[] = {
753
754	{ "list", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_list,
755	N_("View available or assigned privileges") },
756
757	{ "grant", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_grant,
758	N_("Assign privilege[s]") },
759
760	{ "revoke", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_revoke,
761	N_("Revoke privilege[s]") },
762
763	{ NULL, NULL, 0, NULL, NULL }
764	};
765
766	return cmds;
767	}
768

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source3/utils/net_rpc_rights.c

Download in other formats: