root/source3/utils/net_rpc_rights.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. sid_to_name
  2. name_to_sid
  3. enum_privileges
  4. check_privilege_for_user
  5. enum_privileges_for_user
  6. enum_accounts_for_privilege
  7. enum_privileges_for_accounts
  8. rpc_rights_list_internal
  9. rpc_rights_grant_internal
  10. rpc_rights_revoke_internal
  11. rpc_rights_list
  12. rpc_rights_grant
  13. rpc_rights_revoke
  14. net_rpc_rights
  15. rpc_sh_rights_list
  16. rpc_sh_rights_grant
  17. rpc_sh_rights_revoke
  18. net_rpc_rights_cmds

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) Gerald (Jerry) Carter          2004
   5    Copyright (C) Guenther Deschner              2008
   6 
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11 
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16 
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #include "includes.h"
  21 #include "utils/net.h"
  22 
  23 /********************************************************************
  24 ********************************************************************/
  25 
  26 static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
  27                                 TALLOC_CTX *mem_ctx,
  28                                 DOM_SID *sid,
  29                                 fstring name)
  30 {
  31         struct policy_handle pol;
  32         enum lsa_SidType *sid_types = NULL;
  33         NTSTATUS result;
  34         char **domains = NULL, **names = NULL;
  35 
  36         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
  37                 SEC_FLAG_MAXIMUM_ALLOWED, &pol);
  38 
  39         if ( !NT_STATUS_IS_OK(result) )
  40                 return result;
  41 
  42         result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);
  43 
  44         if ( NT_STATUS_IS_OK(result) ) {
  45                 if ( *domains[0] )
  46                         fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
  47                 else
  48                         fstrcpy( name, names[0] );
  49         }
  50 
  51         rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol);
  52         return result;
  53 }
  54 
  55 /********************************************************************
  56 ********************************************************************/
  57 
  58 static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
  59                             TALLOC_CTX *mem_ctx,
  60                             DOM_SID *sid, const char *name)
  61 {
  62         struct policy_handle pol;
  63         enum lsa_SidType *sid_types;
  64         NTSTATUS result;
  65         DOM_SID *sids;
  66 
  67         /* maybe its a raw SID */
  68         if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) {
  69                 return NT_STATUS_OK;
  70         }
  71 
  72         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
  73                 SEC_FLAG_MAXIMUM_ALLOWED, &pol);
  74 
  75         if ( !NT_STATUS_IS_OK(result) )
  76                 return result;
  77 
  78         result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &pol, 1, &name,
  79                                          NULL, 1, &sids, &sid_types);
  80 
  81         if ( NT_STATUS_IS_OK(result) )
  82                 sid_copy( sid, &sids[0] );
  83 
  84         rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol);
  85         return result;
  86 }
  87 
  88 /********************************************************************
  89 ********************************************************************/
  90 
  91 static NTSTATUS enum_privileges(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
  92                                 TALLOC_CTX *ctx,
  93                                 struct policy_handle *pol )
  94 {
  95         NTSTATUS result;
  96         uint32 enum_context = 0;
  97         uint32 pref_max_length=0x1000;
  98         int i;
  99         uint16 lang_id=0;
 100         uint16 lang_id_sys=0;
 101         uint16 lang_id_desc;
 102         struct lsa_StringLarge *description = NULL;
 103         struct lsa_PrivArray priv_array;
 104 
 105         result = rpccli_lsa_EnumPrivs(pipe_hnd, ctx,
 106                                       pol,
 107                                       &enum_context,
 108                                       &priv_array,
 109                                       pref_max_length);
 110 
 111         if ( !NT_STATUS_IS_OK(result) )
 112                 return result;
 113 
 114         /* Print results */
 115 
 116         for (i = 0; i < priv_array.count; i++) {
 117 
 118                 struct lsa_String lsa_name;
 119 
 120                 d_printf("%30s  ",
 121                         priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*" );
 122 
 123                 /* try to get the description */
 124 
 125                 init_lsa_String(&lsa_name, priv_array.privs[i].name.string);
 126 
 127                 result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, ctx,
 128                                                           pol,
 129                                                           &lsa_name,
 130                                                           lang_id,
 131                                                           lang_id_sys,
 132                                                           &description,
 133                                                           &lang_id_desc);
 134 
 135                 if (!NT_STATUS_IS_OK(result)) {
 136                         d_printf("??????\n");
 137                         continue;
 138                 }
 139 
 140                 d_printf("%s\n", description->string);
 141         }
 142 
 143         return NT_STATUS_OK;
 144 }
 145 
 146 /********************************************************************
 147 ********************************************************************/
 148 
 149 static NTSTATUS check_privilege_for_user(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
 150                                         TALLOC_CTX *ctx,
 151                                         struct policy_handle *pol,
 152                                         DOM_SID *sid,
 153                                         const char *right)
 154 {
 155         NTSTATUS result;
 156         struct lsa_RightSet rights;
 157         int i;
 158 
 159         result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
 160                                               pol,
 161                                               sid,
 162                                               &rights);
 163 
 164         if (!NT_STATUS_IS_OK(result)) {
 165                 return result;
 166         }
 167 
 168         if (rights.count == 0) {
 169                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 170         }
 171 
 172         for (i = 0; i < rights.count; i++) {
 173                 if (StrCaseCmp(rights.names[i].string, right) == 0) {
 174                         return NT_STATUS_OK;
 175                 }
 176         }
 177 
 178         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 179 }
 180 
 181 /********************************************************************
 182 ********************************************************************/
 183 
 184 static NTSTATUS enum_privileges_for_user(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
 185                                         TALLOC_CTX *ctx,
 186                                         struct policy_handle *pol,
 187                                         DOM_SID *sid )
 188 {
 189         NTSTATUS result;
 190         struct lsa_RightSet rights;
 191         int i;
 192 
 193         result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
 194                                               pol,
 195                                               sid,
 196                                               &rights);
 197 
 198         if (!NT_STATUS_IS_OK(result))
 199                 return result;
 200 
 201         if (rights.count == 0) {
 202                 d_printf("No privileges assigned\n");
 203         }
 204 
 205         for (i = 0; i < rights.count; i++) {
 206                 printf("%s\n", rights.names[i].string);
 207         }
 208 
 209         return NT_STATUS_OK;
 210 }
 211 
 212 /********************************************************************
 213 ********************************************************************/
 214 
 215 static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
 216                                                 TALLOC_CTX *ctx,
 217                                                 struct policy_handle *pol,
 218                                                 const char *privilege)
 219 {
 220         NTSTATUS result;
 221         uint32 enum_context=0;
 222         uint32 pref_max_length=0x1000;
 223         struct lsa_SidArray sid_array;
 224         int i;
 225         fstring name;
 226 
 227         result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx,
 228                                          pol,
 229                                          &enum_context,
 230                                          &sid_array,
 231                                          pref_max_length);
 232 
 233         if (!NT_STATUS_IS_OK(result))
 234                 return result;
 235 
 236         d_printf("%s:\n", privilege);
 237 
 238         for ( i=0; i<sid_array.num_sids; i++ ) {
 239 
 240                 result = check_privilege_for_user(pipe_hnd, ctx, pol,
 241                                                   sid_array.sids[i].sid,
 242                                                   privilege);
 243 
 244                 if ( ! NT_STATUS_IS_OK(result)) {
 245                         if ( ! NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
 246                                 return result;
 247                         }
 248                         continue;
 249                 }
 250 
 251                 /* try to convert the SID to a name.  Fall back to
 252                    printing the raw SID if necessary */
 253                 result = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name );
 254                 if ( !NT_STATUS_IS_OK (result) )
 255                         sid_to_fstring(name, sid_array.sids[i].sid);
 256 
 257                 d_printf("  %s\n", name);
 258         }
 259 
 260         return NT_STATUS_OK;
 261 }
 262 
 263 /********************************************************************
 264 ********************************************************************/
 265 
 266 static NTSTATUS enum_privileges_for_accounts(struct rpc_pipe_client *pipe_hnd,
     /* [<][>][^][v][top][bottom][index][help] */
 267                                                 TALLOC_CTX *ctx,
 268                                                 struct policy_handle *pol)
 269 {
 270         NTSTATUS result;
 271         uint32 enum_context=0;
 272         uint32 pref_max_length=0x1000;
 273         struct lsa_SidArray sid_array;
 274         int i;
 275         fstring name;
 276 
 277         result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx,
 278                                          pol,
 279                                          &enum_context,
 280                                          &sid_array,
 281                                          pref_max_length);
 282 
 283         if (!NT_STATUS_IS_OK(result))
 284                 return result;
 285 
 286         for ( i=0; i<sid_array.num_sids; i++ ) {
 287 
 288                 /* try to convert the SID to a name.  Fall back to
 289                    printing the raw SID if necessary */
 290 
 291                 result = sid_to_name(pipe_hnd, ctx, sid_array.sids[i].sid, name);
 292                 if ( !NT_STATUS_IS_OK (result) )
 293                         sid_to_fstring(name, sid_array.sids[i].sid);
 294 
 295                 d_printf("%s\n", name);
 296 
 297                 result = enum_privileges_for_user(pipe_hnd, ctx, pol,
 298                                                   sid_array.sids[i].sid);
 299                 if ( !NT_STATUS_IS_OK(result) )
 300                         return result;
 301 
 302                 d_printf("\n");
 303         }
 304 
 305         return NT_STATUS_OK;
 306 }
 307 
 308 /********************************************************************
 309 ********************************************************************/
 310 
 311 static NTSTATUS rpc_rights_list_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 312                                         const DOM_SID *domain_sid,
 313                                         const char *domain_name,
 314                                         struct cli_state *cli,
 315                                         struct rpc_pipe_client *pipe_hnd,
 316                                         TALLOC_CTX *mem_ctx,
 317                                         int argc,
 318                                         const char **argv )
 319 {
 320         struct policy_handle pol;
 321         NTSTATUS result;
 322         DOM_SID sid;
 323         fstring privname;
 324         struct lsa_String lsa_name;
 325         struct lsa_StringLarge *description = NULL;
 326         uint16 lang_id = 0;
 327         uint16 lang_id_sys = 0;
 328         uint16 lang_id_desc;
 329 
 330         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 331                 SEC_FLAG_MAXIMUM_ALLOWED, &pol);
 332 
 333         if ( !NT_STATUS_IS_OK(result) )
 334                 return result;
 335 
 336         /* backwards compatibility; just list available privileges if no arguement */
 337 
 338         if (argc == 0) {
 339                 result = enum_privileges(pipe_hnd, mem_ctx, &pol );
 340                 goto done;
 341         }
 342 
 343         if (strequal(argv[0], "privileges")) {
 344                 int i = 1;
 345 
 346                 if (argv[1] == NULL) {
 347                         result = enum_privileges(pipe_hnd, mem_ctx, &pol );
 348                         goto done;
 349                 }
 350 
 351                 while ( argv[i] != NULL ) {
 352                         fstrcpy(privname, argv[i]);
 353                         init_lsa_String(&lsa_name, argv[i]);
 354                         i++;
 355 
 356                         /* verify that this is a valid privilege for error reporting */
 357                         result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, mem_ctx,
 358                                                                   &pol,
 359                                                                   &lsa_name,
 360                                                                   lang_id,
 361                                                                   lang_id_sys,
 362                                                                   &description,
 363                                                                   &lang_id_desc);
 364 
 365                         if ( !NT_STATUS_IS_OK(result) ) {
 366                                 if ( NT_STATUS_EQUAL( result, NT_STATUS_NO_SUCH_PRIVILEGE ) ) 
 367                                         d_fprintf(stderr, "No such privilege exists: %s.\n", privname);
 368                                 else
 369                                         d_fprintf(stderr, "Error resolving privilege display name [%s].\n", nt_errstr(result));
 370                                 continue;
 371                         }
 372 
 373                         result = enum_accounts_for_privilege(pipe_hnd, mem_ctx, &pol, privname);
 374                         if (!NT_STATUS_IS_OK(result)) {
 375                                 d_fprintf(stderr, "Error enumerating accounts for privilege %s [%s].\n", 
 376                                         privname, nt_errstr(result));
 377                                 continue;
 378                         }
 379                 }
 380                 goto done;
 381         }
 382 
 383         /* special case to enumerate all privileged SIDs with associated rights */
 384 
 385         if (strequal( argv[0], "accounts")) {
 386                 int i = 1;
 387 
 388                 if (argv[1] == NULL) {
 389                         result = enum_privileges_for_accounts(pipe_hnd, mem_ctx, &pol);
 390                         goto done;
 391                 }
 392 
 393                 while (argv[i] != NULL) {
 394                         result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[i]);
 395                         if (!NT_STATUS_IS_OK(result)) {
 396                                 goto done;
 397                         }
 398                         result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid);
 399                         if (!NT_STATUS_IS_OK(result)) {
 400                                 goto done;
 401                         }
 402                         i++;
 403                 }
 404                 goto done;
 405         }
 406 
 407         /* backward comaptibility: if no keyword provided, treat the key
 408            as an account name */
 409         if (argc > 1) {
 410                 d_printf("Usage: net rpc rights list [[accounts|privileges] [name|SID]]\n");
 411                 result = NT_STATUS_OK;
 412                 goto done;
 413         }
 414 
 415         result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
 416         if (!NT_STATUS_IS_OK(result)) {
 417                 goto done;
 418         }
 419         result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid );
 420 
 421 done:
 422         rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol);
 423 
 424         return result;
 425 }
 426 
 427 /********************************************************************
 428 ********************************************************************/
 429 
 430 static NTSTATUS rpc_rights_grant_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 431                                         const DOM_SID *domain_sid,
 432                                         const char *domain_name,
 433                                         struct cli_state *cli,
 434                                         struct rpc_pipe_client *pipe_hnd,
 435                                         TALLOC_CTX *mem_ctx,
 436                                         int argc,
 437                                         const char **argv )
 438 {
 439         struct policy_handle dom_pol;
 440         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 441         struct lsa_RightSet rights;
 442         int i;
 443 
 444         DOM_SID sid;
 445 
 446         if (argc < 2 ) {
 447                 d_printf("Usage: net rpc rights grant <name|SID> <rights...>\n");
 448                 return NT_STATUS_OK;
 449         }
 450 
 451         result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
 452         if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED))
 453                 result = NT_STATUS_NO_SUCH_USER;
 454 
 455         if (!NT_STATUS_IS_OK(result))
 456                 goto done;
 457 
 458         result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
 459                                      SEC_FLAG_MAXIMUM_ALLOWED,
 460                                      &dom_pol);
 461 
 462         if (!NT_STATUS_IS_OK(result))
 463                 return result;
 464 
 465         rights.count = argc-1;
 466         rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
 467                                     rights.count);
 468         if (!rights.names) {
 469                 return NT_STATUS_NO_MEMORY;
 470         }
 471 
 472         for (i=0; i<argc-1; i++) {
 473                 init_lsa_StringLarge(&rights.names[i], argv[i+1]);
 474         }
 475 
 476         result = rpccli_lsa_AddAccountRights(pipe_hnd, mem_ctx,
 477                                              &dom_pol,
 478                                              &sid,
 479                                              &rights);
 480 
 481         if (!NT_STATUS_IS_OK(result))
 482                 goto done;
 483 
 484         d_printf("Successfully granted rights.\n");
 485 
 486  done:
 487         if ( !NT_STATUS_IS_OK(result) ) {
 488                 d_fprintf(stderr, "Failed to grant privileges for %s (%s)\n",
 489                         argv[0], nt_errstr(result));
 490         }
 491 
 492         rpccli_lsa_Close(pipe_hnd, mem_ctx, &dom_pol);
 493 
 494         return result;
 495 }
 496 
 497 /********************************************************************
 498 ********************************************************************/
 499 
 500 static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 501                                         const DOM_SID *domain_sid,
 502                                         const char *domain_name,
 503                                         struct cli_state *cli,
 504                                         struct rpc_pipe_client *pipe_hnd,
 505                                         TALLOC_CTX *mem_ctx,
 506                                         int argc,
 507                                         const char **argv )
 508 {
 509         struct policy_handle dom_pol;
 510         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 511         struct lsa_RightSet rights;
 512         DOM_SID sid;
 513         int i;
 514 
 515         if (argc < 2 ) {
 516                 d_printf("Usage: net rpc rights revoke <name|SID> <rights...>\n");
 517                 return NT_STATUS_OK;
 518         }
 519 
 520         result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
 521         if (!NT_STATUS_IS_OK(result))
 522                 return result;
 523 
 524         result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
 525                                      SEC_FLAG_MAXIMUM_ALLOWED,
 526                                      &dom_pol);
 527 
 528         if (!NT_STATUS_IS_OK(result))
 529                 return result;
 530 
 531         rights.count = argc-1;
 532         rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
 533                                     rights.count);
 534         if (!rights.names) {
 535                 return NT_STATUS_NO_MEMORY;
 536         }
 537 
 538         for (i=0; i<argc-1; i++) {
 539                 init_lsa_StringLarge(&rights.names[i], argv[i+1]);
 540         }
 541 
 542         result = rpccli_lsa_RemoveAccountRights(pipe_hnd, mem_ctx,
 543                                                 &dom_pol,
 544                                                 &sid,
 545                                                 false,
 546                                                 &rights);
 547 
 548         if (!NT_STATUS_IS_OK(result))
 549                 goto done;
 550 
 551         d_printf("Successfully revoked rights.\n");
 552 
 553 done:
 554         if ( !NT_STATUS_IS_OK(result) ) {
 555                 d_fprintf(stderr, "Failed to revoke privileges for %s (%s)\n",
 556                         argv[0], nt_errstr(result));
 557         }
 558 
 559         rpccli_lsa_Close(pipe_hnd, mem_ctx, &dom_pol);
 560 
 561         return result;
 562 }
 563 
 564 
 565 /********************************************************************
 566 ********************************************************************/
 567 
 568 static int rpc_rights_list(struct net_context *c, int argc, const char **argv )
     /* [<][>][^][v][top][bottom][index][help] */
 569 {
 570         if (c->display_usage) {
 571                 d_printf("Usage:\n"
 572                          "net rpc rights list [{accounts|privileges} "
 573                          "[name|SID]]\n"
 574                          "    View available/assigned privileges\n");
 575                 return 0;
 576         }
 577 
 578         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 579                 rpc_rights_list_internal, argc, argv );
 580 }
 581 
 582 /********************************************************************
 583 ********************************************************************/
 584 
 585 static int rpc_rights_grant(struct net_context *c, int argc, const char **argv )
     /* [<][>][^][v][top][bottom][index][help] */
 586 {
 587         if (c->display_usage) {
 588                 d_printf("Usage:\n"
 589                          "net rpc rights grant <name|SID> <right>\n"
 590                          "    Assign privilege[s]\n");
 591                 d_printf("For example:\n");
 592                 d_printf("    net rpc rights grant 'VALE\\biddle' "
 593                          "SePrintOperatorPrivilege SeDiskOperatorPrivilege\n");
 594                 d_printf("    would grant the printer admin and disk manager "
 595                          "rights to the user 'VALE\\biddle'\n");
 596                 return 0;
 597         }
 598 
 599         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 600                 rpc_rights_grant_internal, argc, argv );
 601 }
 602 
 603 /********************************************************************
 604 ********************************************************************/
 605 
 606 static int rpc_rights_revoke(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 607 {
 608         if (c->display_usage) {
 609                 d_printf("Usage:\n"
 610                          "net rpc rights revoke <name|SID> <right>\n"
 611                          "    Revoke privilege[s]\n");
 612                 d_printf("For example:\n");
 613                 d_printf("    net rpc rights revoke 'VALE\\biddle' "
 614                          "SePrintOperatorPrivilege SeDiskOperatorPrivilege\n");
 615                 d_printf("    would revoke the printer admin and disk manager "
 616                          "rights from the user 'VALE\\biddle'\n");
 617                 return 0;
 618         }
 619 
 620         return run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
 621                 rpc_rights_revoke_internal, argc, argv );
 622 }
 623 
 624 /********************************************************************
 625 ********************************************************************/
 626 
 627 int net_rpc_rights(struct net_context *c, int argc, const char **argv)
     /* [<][>][^][v][top][bottom][index][help] */
 628 {
 629         struct functable func[] = {
 630                 {
 631                         "list",
 632                         rpc_rights_list,
 633                         NET_TRANSPORT_RPC,
 634                         "View available/assigned privileges",
 635                         "net rpc rights list\n"
 636                         "    View available/assigned privileges"
 637                 },
 638                 {
 639                         "grant",
 640                         rpc_rights_grant,
 641                         NET_TRANSPORT_RPC,
 642                         "Assign privilege[s]",
 643                         "net rpc rights grant\n"
 644                         "    Assign privilege[s]"
 645                 },
 646                 {
 647                         "revoke",
 648                         rpc_rights_revoke,
 649                         NET_TRANSPORT_RPC,
 650                         "Revoke privilege[s]",
 651                         "net rpc rights revoke\n"
 652                         "    Revoke privilege[s]"
 653                 },
 654                 {NULL, NULL, 0, NULL, NULL}
 655         };
 656 
 657         return net_run_function(c, argc, argv, "net rpc rights", func);
 658 }
 659 
 660 static NTSTATUS rpc_sh_rights_list(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 661                                    TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 662                                    struct rpc_pipe_client *pipe_hnd,
 663                                    int argc, const char **argv)
 664 {
 665         return rpc_rights_list_internal(c, ctx->domain_sid, ctx->domain_name,
 666                                         ctx->cli, pipe_hnd, mem_ctx,
 667                                         argc, argv);
 668 }
 669 
 670 static NTSTATUS rpc_sh_rights_grant(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 671                                     TALLOC_CTX *mem_ctx,
 672                                     struct rpc_sh_ctx *ctx,
 673                                     struct rpc_pipe_client *pipe_hnd,
 674                                     int argc, const char **argv)
 675 {
 676         return rpc_rights_grant_internal(c, ctx->domain_sid, ctx->domain_name,
 677                                          ctx->cli, pipe_hnd, mem_ctx,
 678                                          argc, argv);
 679 }
 680 
 681 static NTSTATUS rpc_sh_rights_revoke(struct net_context *c,
     /* [<][>][^][v][top][bottom][index][help] */
 682                                      TALLOC_CTX *mem_ctx,
 683                                      struct rpc_sh_ctx *ctx,
 684                                      struct rpc_pipe_client *pipe_hnd,
 685                                      int argc, const char **argv)
 686 {
 687         return rpc_rights_revoke_internal(c, ctx->domain_sid, ctx->domain_name,
 688                                           ctx->cli, pipe_hnd, mem_ctx,
 689                                           argc, argv);
 690 }
 691 
 692 struct rpc_sh_cmd *net_rpc_rights_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 693                                        struct rpc_sh_ctx *ctx)
 694 {
 695         static struct rpc_sh_cmd cmds[] = {
 696 
 697         { "list", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_list,
 698           "View available or assigned privileges" },
 699 
 700         { "grant", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_grant,
 701           "Assign privilege[s]" },
 702 
 703         { "revoke", NULL, &ndr_table_lsarpc.syntax_id, rpc_sh_rights_revoke,
 704           "Revoke privilege[s]" },
 705 
 706         { NULL, NULL, 0, NULL, NULL }
 707         };
 708 
 709         return cmds;
 710 }
 711 

/* [<][>][^][v][top][bottom][index][help] */