static NTSTATUS rpc_rights_list_internal( const DOM_SID *domain_sid, const char *domain_name,
struct cli_state *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv )
{
POLICY_HND pol;
NTSTATUS result;
DOM_SID sid;
result = cli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
switch (argc) {
case 0:
result = enum_privileges( mem_ctx, cli, &pol );
break;
case 1:
/* special case to enuemrate all privileged SIDs
with associated rights */
if ( strequal( argv[0], "accounts" ) ) {
result = enum_privileges_for_accounts( mem_ctx, cli, &pol );
}
else {
result = name_to_sid(cli, mem_ctx, &sid, argv[0]);
if (!NT_STATUS_IS_OK(result))
goto done;
result = enum_privileges_for_user( mem_ctx, cli, &pol, &sid );
}
break;
default:
if ( argc > 1 ) {
d_printf("Usage: net rpc rights list [name|SID]\n");
result = NT_STATUS_OK;
}
}
done:
cli_lsa_close(cli, mem_ctx, &pol);
return result;
}
static NTSTATUS rpc_rights_list_internal(struct net_context *c,
const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv )
{
struct policy_handle pol;
NTSTATUS result;
DOM_SID sid;
fstring privname;
struct lsa_String lsa_name;
struct lsa_StringLarge *description = NULL;
uint16 lang_id = 0;
uint16 lang_id_sys = 0;
uint16 lang_id_desc;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
/* backwards compatibility; just list available privileges if no arguement */
if (argc == 0) {
result = enum_privileges(pipe_hnd, mem_ctx, &pol );
goto done;
}
if (strequal(argv[0], "privileges")) {
int i = 1;
if (argv[1] == NULL) {
result = enum_privileges(pipe_hnd, mem_ctx, &pol );
goto done;
}
while ( argv[i] != NULL ) {
fstrcpy(privname, argv[i]);
init_lsa_String(&lsa_name, argv[i]);
i++;
/* verify that this is a valid privilege for error reporting */
result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, mem_ctx,
&pol,
&lsa_name,
lang_id,
lang_id_sys,
&description,
&lang_id_desc);
if ( !NT_STATUS_IS_OK(result) ) {
if ( NT_STATUS_EQUAL( result, NT_STATUS_NO_SUCH_PRIVILEGE ) )
d_fprintf(stderr, _("No such privilege "
"exists: %s.\n"), privname);
else
d_fprintf(stderr, _("Error resolving "
"privilege display name "
"[%s].\n"),
nt_errstr(result));
continue;
}
result = enum_accounts_for_privilege(pipe_hnd, mem_ctx, &pol, privname);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, _("Error enumerating "
"accounts for privilege %s [%s].\n"),
privname, nt_errstr(result));
continue;
}
}
goto done;
}
/* special case to enumerate all privileged SIDs with associated rights */
if (strequal( argv[0], "accounts")) {
int i = 1;
if (argv[1] == NULL) {
result = enum_privileges_for_accounts(pipe_hnd, mem_ctx, &pol);
goto done;
}
while (argv[i] != NULL) {
result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[i]);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
i++;
}
goto done;
}
/* backward comaptibility: if no keyword provided, treat the key
as an account name */
if (argc > 1) {
d_printf(_("Usage: net rpc rights list [[accounts|privileges] "
"[name|SID]]\n"));
result = NT_STATUS_OK;
goto done;
}
result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid );
done:
rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol);
return result;
}