DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
sid_string_dbg(&pol_sid)));
- status = access_check_samr_function(acc_granted,
- STD_RIGHT_READ_CONTROL_ACCESS,
- "_samr_QuerySecurity");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
/* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
return NT_STATUS_OK;
}
- status = access_check_samr_function(info->acc_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- "_samr_QueryDisplayInfo");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
/*
* calculate how many entries we will return.
* based on
if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(acc_granted,
- 0, /* Don't know the acc_bits yet */
- "_samr_LookupRids");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if (num_rids > 1000) {
DEBUG(0, ("Got asked for %d rids (more than 1000) -- according "
"to samba4 idl this is not possible\n", num_rids));
if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(info->acc_granted,
- SAMR_USER_ACCESS_GET_ATTRIBUTES,
- "_samr_QueryUserInfo");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
domain_sid = info->sid;
sid_split_rid(&domain_sid, &rid);
return NT_STATUS_INVALID_HANDLE;
}
- status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_LOOKUP_DOMAIN,
- "_samr_QueryDomainInfo" );
-
- if ( !NT_STATUS_IS_OK(status) )
- return status;
-
switch (r->in.level) {
case 0x01:
time_t u_expire, u_min_age;
time_t u_logout;
time_t u_lock_duration, u_reset_time;
- NTSTATUS result;
DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* We do have different access bits for info
- * levels here, but we're really just looking for
- * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately
- * this maps to different specific bits. So
- * assume if we have SAMR_DOMAIN_ACCESS_SET_INFO_1
- * set we are ok. */
-
- result = access_check_samr_function(info->acc_granted,
- SAMR_DOMAIN_ACCESS_SET_INFO_1,
- "_samr_SetDomainInfo");
-
- if (!NT_STATUS_IS_OK(result))
- return result;
-
DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
switch (r->in.level) {
int i;
uint32_t num_account = 0;
struct samr_displayentry *entries = NULL;
- NTSTATUS status;
DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__));
return NT_STATUS_INVALID_HANDLE;
}
- status = access_check_samr_function(info->acc_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
- "_samr_GetDisplayEnumerationIndex");
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if ((r->in.level < 1) || (r->in.level > 3)) {
DEBUG(0,("_samr_GetDisplayEnumerationIndex: "
"Unknown info level (%u)\n",
git.samba.org / rusty / samba.git / commitdiff