search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:g_lock: reorder the logic in g_lock_lock_simple_fn()
[Samba.git] / source3 / lib / netapi / localgroup.c
blob5d6ad174fb1d3a3904239156fa605945f8a7fa4d
1 /*
2 * Unix SMB/CIFS implementation.
3 * NetApi LocalGroup Support
4 * Copyright (C) Guenther Deschner 2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "lib/netapi/netapi.h"
24 #include "lib/netapi/netapi_private.h"
25 #include "lib/netapi/libnetapi.h"
26 #include "rpc_client/rpc_client.h"
27 #include "../librpc/gen_ndr/ndr_samr_c.h"
28 #include "../librpc/gen_ndr/ndr_lsa_c.h"
29 #include "rpc_client/cli_lsarpc.h"
30 #include "rpc_client/init_lsa.h"
31 #include "../libcli/security/security.h"
32
33 static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
34 struct rpc_pipe_client *pipe_cli,
35 struct policy_handle *domain_handle,
36 const char *group_name,
37 uint32_t access_rights,
38 struct policy_handle *alias_handle)
39 {
40 NTSTATUS status, result;
41
42 struct lsa_String lsa_account_name;
43 struct samr_Ids user_rids, name_types;
44 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
45
46 init_lsa_String(&lsa_account_name, group_name);
47
48 status = dcerpc_samr_LookupNames(b, mem_ctx,
49 domain_handle,
50 1,
51 &lsa_account_name,
52 &user_rids,
53 &name_types,
54 &result);
55 if (any_nt_status_not_ok(status, result, &status)) {
56 return status;
57 }
58 if (user_rids.count != 1) {
59 return NT_STATUS_INVALID_NETWORK_RESPONSE;
60 }
61 if (name_types.count != 1) {
62 return NT_STATUS_INVALID_NETWORK_RESPONSE;
63 }
64
65 switch (name_types.ids[0]) {
66 case SID_NAME_ALIAS:
67 case SID_NAME_WKN_GRP:
68 break;
69 default:
70 return NT_STATUS_INVALID_SID;
71 }
72
73 status = dcerpc_samr_OpenAlias(b, mem_ctx,
74 domain_handle,
75 access_rights,
76 user_rids.ids[0],
77 alias_handle,
78 &result);
79 if (!NT_STATUS_IS_OK(status)) {
80 return status;
81 }
82
83 return result;
84 }
85
86 /****************************************************************
87 ****************************************************************/
88
89 static NTSTATUS libnetapi_samr_open_alias_queryinfo(TALLOC_CTX *mem_ctx,
90 struct rpc_pipe_client *pipe_cli,
91 struct policy_handle *handle,
92 uint32_t rid,
93 uint32_t access_rights,
94 enum samr_AliasInfoEnum level,
95 union samr_AliasInfo **alias_info)
96 {
97 NTSTATUS status, result;
98 struct policy_handle alias_handle;
99 union samr_AliasInfo *_alias_info = NULL;
100 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
101
102 ZERO_STRUCT(alias_handle);
103
104 status = dcerpc_samr_OpenAlias(b, mem_ctx,
105 handle,
106 access_rights,
107 rid,
108 &alias_handle,
109 &result);
110 if (any_nt_status_not_ok(status, result, &status)) {
111 goto done;
112 }
113
114 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
115 &alias_handle,
116 level,
117 &_alias_info,
118 &result);
119 if (any_nt_status_not_ok(status, result, &status)) {
120 goto done;
121 }
122
123 *alias_info = _alias_info;
124
125 done:
126 if (is_valid_policy_hnd(&alias_handle)) {
127 dcerpc_samr_Close(b, mem_ctx, &alias_handle, &result);
128 }
129
130 return status;
131 }
132
133 /****************************************************************
134 ****************************************************************/
135
136 WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
137 struct NetLocalGroupAdd *r)
138 {
139 struct rpc_pipe_client *pipe_cli = NULL;
140 NTSTATUS status, result;
141 WERROR werr;
142 struct lsa_String lsa_account_name;
143 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
144 struct dom_sid2 *domain_sid = NULL;
145 uint32_t rid;
146 struct dcerpc_binding_handle *b = NULL;
147
148 struct LOCALGROUP_INFO_0 *info0 = NULL;
149 struct LOCALGROUP_INFO_1 *info1 = NULL;
150
151 const char *alias_name = NULL;
152
153 if (!r->in.buffer) {
154 return WERR_INVALID_PARAMETER;
155 }
156
157 ZERO_STRUCT(connect_handle);
158 ZERO_STRUCT(builtin_handle);
159 ZERO_STRUCT(domain_handle);
160 ZERO_STRUCT(alias_handle);
161
162 switch (r->in.level) {
163 case 0:
164 info0 = (struct LOCALGROUP_INFO_0 *)r->in.buffer;
165 alias_name = info0->lgrpi0_name;
166 break;
167 case 1:
168 info1 = (struct LOCALGROUP_INFO_1 *)r->in.buffer;
169 alias_name = info1->lgrpi1_name;
170 break;
171 default:
172 werr = WERR_INVALID_LEVEL;
173 goto done;
174 }
175
176 werr = libnetapi_open_pipe(ctx, r->in.server_name,
177 &ndr_table_samr,
178 &pipe_cli);
179 if (!W_ERROR_IS_OK(werr)) {
180 goto done;
181 }
182
183 b = pipe_cli->binding_handle;
184
185 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
186 SAMR_ACCESS_LOOKUP_DOMAIN |
187 SAMR_ACCESS_ENUM_DOMAINS,
188 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
189 &connect_handle,
190 &builtin_handle);
191 if (!W_ERROR_IS_OK(werr)) {
192 goto done;
193 }
194
195 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
196 &builtin_handle,
197 alias_name,
198 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
199 &alias_handle);
200 if (ctx->disable_policy_handle_cache) {
201 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
202 }
203
204 if (NT_STATUS_IS_OK(status)) {
205 werr = WERR_ALIAS_EXISTS;
206 goto done;
207 }
208
209 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
210 SAMR_ACCESS_ENUM_DOMAINS |
211 SAMR_ACCESS_LOOKUP_DOMAIN,
212 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
213 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
214 &connect_handle,
215 &domain_handle,
216 &domain_sid);
217 if (!W_ERROR_IS_OK(werr)) {
218 goto done;
219 }
220
221 init_lsa_String(&lsa_account_name, alias_name);
222
223 status = dcerpc_samr_CreateDomAlias(b, talloc_tos(),
224 &domain_handle,
225 &lsa_account_name,
226 SEC_STD_DELETE |
227 SAMR_ALIAS_ACCESS_SET_INFO,
228 &alias_handle,
229 &rid,
230 &result);
231 if (any_nt_status_not_ok(status, result, &status)) {
232 werr = ntstatus_to_werror(status);
233 goto done;
234 }
235
236 if (r->in.level == 1 && info1->lgrpi1_comment) {
237
238 union samr_AliasInfo alias_info;
239
240 init_lsa_String(&alias_info.description, info1->lgrpi1_comment);
241
242 status = dcerpc_samr_SetAliasInfo(b, talloc_tos(),
243 &alias_handle,
244 ALIASINFODESCRIPTION,
245 &alias_info,
246 &result);
247 if (any_nt_status_not_ok(status, result, &status)) {
248 werr = ntstatus_to_werror(status);
249 goto done;
250 }
251 }
252
253 werr = WERR_OK;
254
255 done:
256 if (is_valid_policy_hnd(&alias_handle)) {
257 dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
258 }
259
260 if (ctx->disable_policy_handle_cache) {
261 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
262 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
263 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
264 }
265
266 return werr;
267 }
268
269 /****************************************************************
270 ****************************************************************/
271
272 WERROR NetLocalGroupAdd_l(struct libnetapi_ctx *ctx,
273 struct NetLocalGroupAdd *r)
274 {
275 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupAdd);
276 }
277
278 /****************************************************************
279 ****************************************************************/
280
281
282 WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
283 struct NetLocalGroupDel *r)
284 {
285 struct rpc_pipe_client *pipe_cli = NULL;
286 NTSTATUS status, result;
287 WERROR werr;
288 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
289 struct dom_sid2 *domain_sid = NULL;
290 struct dcerpc_binding_handle *b = NULL;
291
292 if (!r->in.group_name) {
293 return WERR_INVALID_PARAMETER;
294 }
295
296 ZERO_STRUCT(connect_handle);
297 ZERO_STRUCT(builtin_handle);
298 ZERO_STRUCT(domain_handle);
299 ZERO_STRUCT(alias_handle);
300
301 werr = libnetapi_open_pipe(ctx, r->in.server_name,
302 &ndr_table_samr,
303 &pipe_cli);
304 if (!W_ERROR_IS_OK(werr)) {
305 goto done;
306 }
307
308 b = pipe_cli->binding_handle;
309
310 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
311 SAMR_ACCESS_LOOKUP_DOMAIN |
312 SAMR_ACCESS_ENUM_DOMAINS,
313 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
314 &connect_handle,
315 &builtin_handle);
316 if (!W_ERROR_IS_OK(werr)) {
317 goto done;
318 }
319
320 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
321 &builtin_handle,
322 r->in.group_name,
323 SEC_STD_DELETE,
324 &alias_handle);
325
326 if (ctx->disable_policy_handle_cache) {
327 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
328 }
329
330 if (NT_STATUS_IS_OK(status)) {
331 goto delete_alias;
332 }
333
334 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
335 SAMR_ACCESS_ENUM_DOMAINS |
336 SAMR_ACCESS_LOOKUP_DOMAIN,
337 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
338 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
339 &connect_handle,
340 &domain_handle,
341 &domain_sid);
342 if (!W_ERROR_IS_OK(werr)) {
343 goto done;
344 }
345
346 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
347 &domain_handle,
348 r->in.group_name,
349 SEC_STD_DELETE,
350 &alias_handle);
351
352 if (ctx->disable_policy_handle_cache) {
353 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
354 }
355
356 if (!NT_STATUS_IS_OK(status)) {
357 werr = ntstatus_to_werror(status);
358 goto done;
359 }
360
361
362 delete_alias:
363 status = dcerpc_samr_DeleteDomAlias(b, talloc_tos(),
364 &alias_handle,
365 &result);
366 if (any_nt_status_not_ok(status, result, &status)) {
367 werr = ntstatus_to_werror(status);
368 goto done;
369 }
370
371 ZERO_STRUCT(alias_handle);
372
373 werr = WERR_OK;
374
375 done:
376 if (is_valid_policy_hnd(&alias_handle)) {
377 dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
378 }
379
380 if (ctx->disable_policy_handle_cache) {
381 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
382 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
383 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
384 }
385
386 return werr;
387 }
388
389 /****************************************************************
390 ****************************************************************/
391
392 WERROR NetLocalGroupDel_l(struct libnetapi_ctx *ctx,
393 struct NetLocalGroupDel *r)
394 {
395 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupDel);
396 }
397
398 /****************************************************************
399 ****************************************************************/
400
401 static WERROR map_alias_info_to_buffer(TALLOC_CTX *mem_ctx,
402 const char *alias_name,
403 struct samr_AliasInfoAll *info,
404 uint32_t level,
405 uint32_t *entries_read,
406 uint8_t **buffer)
407 {
408 struct LOCALGROUP_INFO_0 g0;
409 struct LOCALGROUP_INFO_1 g1;
410 struct LOCALGROUP_INFO_1002 g1002;
411
412 switch (level) {
413 case 0:
414 g0.lgrpi0_name = talloc_strdup(mem_ctx, alias_name);
415 W_ERROR_HAVE_NO_MEMORY(g0.lgrpi0_name);
416
417 ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_0, g0,
418 (struct LOCALGROUP_INFO_0 **)buffer, entries_read);
419
420 break;
421 case 1:
422 g1.lgrpi1_name = talloc_strdup(mem_ctx, alias_name);
423 g1.lgrpi1_comment = talloc_strdup(mem_ctx, info->description.string);
424 W_ERROR_HAVE_NO_MEMORY(g1.lgrpi1_name);
425
426 ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1, g1,
427 (struct LOCALGROUP_INFO_1 **)buffer, entries_read);
428
429 break;
430 case 1002:
431 g1002.lgrpi1002_comment = talloc_strdup(mem_ctx, info->description.string);
432
433 ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1002, g1002,
434 (struct LOCALGROUP_INFO_1002 **)buffer, entries_read);
435
436 break;
437 default:
438 return WERR_INVALID_LEVEL;
439 }
440
441 return WERR_OK;
442 }
443
444 /****************************************************************
445 ****************************************************************/
446
447 WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
448 struct NetLocalGroupGetInfo *r)
449 {
450 struct rpc_pipe_client *pipe_cli = NULL;
451 NTSTATUS status, result;
452 WERROR werr;
453 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
454 struct dom_sid2 *domain_sid = NULL;
455 union samr_AliasInfo *alias_info = NULL;
456 uint32_t entries_read = 0;
457 struct dcerpc_binding_handle *b = NULL;
458
459 if (!r->in.group_name) {
460 return WERR_INVALID_PARAMETER;
461 }
462
463 switch (r->in.level) {
464 case 0:
465 case 1:
466 case 1002:
467 break;
468 default:
469 return WERR_INVALID_LEVEL;
470 }
471
472 ZERO_STRUCT(connect_handle);
473 ZERO_STRUCT(builtin_handle);
474 ZERO_STRUCT(domain_handle);
475 ZERO_STRUCT(alias_handle);
476
477 werr = libnetapi_open_pipe(ctx, r->in.server_name,
478 &ndr_table_samr,
479 &pipe_cli);
480 if (!W_ERROR_IS_OK(werr)) {
481 goto done;
482 }
483
484 b = pipe_cli->binding_handle;
485
486 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
487 SAMR_ACCESS_LOOKUP_DOMAIN |
488 SAMR_ACCESS_ENUM_DOMAINS,
489 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
490 &connect_handle,
491 &builtin_handle);
492 if (!W_ERROR_IS_OK(werr)) {
493 goto done;
494 }
495
496 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
497 &builtin_handle,
498 r->in.group_name,
499 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
500 &alias_handle);
501
502 if (ctx->disable_policy_handle_cache) {
503 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
504 }
505
506 if (NT_STATUS_IS_OK(status)) {
507 goto query_alias;
508 }
509
510 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
511 SAMR_ACCESS_ENUM_DOMAINS |
512 SAMR_ACCESS_LOOKUP_DOMAIN,
513 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
514 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
515 &connect_handle,
516 &domain_handle,
517 &domain_sid);
518 if (!W_ERROR_IS_OK(werr)) {
519 goto done;
520 }
521
522 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
523 &domain_handle,
524 r->in.group_name,
525 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
526 &alias_handle);
527
528 if (ctx->disable_policy_handle_cache) {
529 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
530 }
531
532 if (!NT_STATUS_IS_OK(status)) {
533 werr = ntstatus_to_werror(status);
534 goto done;
535 }
536
537 query_alias:
538 status = dcerpc_samr_QueryAliasInfo(b, talloc_tos(),
539 &alias_handle,
540 ALIASINFOALL,
541 &alias_info,
542 &result);
543 if (any_nt_status_not_ok(status, result, &status)) {
544 werr = ntstatus_to_werror(status);
545 goto done;
546 }
547
548 werr = map_alias_info_to_buffer(ctx,
549 r->in.group_name,
550 &alias_info->all,
551 r->in.level, &entries_read,
552 r->out.buffer);
553
554 done:
555 if (is_valid_policy_hnd(&alias_handle)) {
556 dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
557 }
558
559 if (ctx->disable_policy_handle_cache) {
560 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
561 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
562 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
563 }
564
565 return werr;
566 }
567
568 /****************************************************************
569 ****************************************************************/
570
571 WERROR NetLocalGroupGetInfo_l(struct libnetapi_ctx *ctx,
572 struct NetLocalGroupGetInfo *r)
573 {
574 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupGetInfo);
575 }
576
577 /****************************************************************
578 ****************************************************************/
579
580 static WERROR map_buffer_to_alias_info(TALLOC_CTX *mem_ctx,
581 uint32_t level,
582 uint8_t *buffer,
583 enum samr_AliasInfoEnum *alias_level,
584 union samr_AliasInfo **alias_info)
585 {
586 struct LOCALGROUP_INFO_0 *info0;
587 struct LOCALGROUP_INFO_1 *info1;
588 struct LOCALGROUP_INFO_1002 *info1002;
589 union samr_AliasInfo *info = NULL;
590
591 info = talloc_zero(mem_ctx, union samr_AliasInfo);
592 W_ERROR_HAVE_NO_MEMORY(info);
593
594 switch (level) {
595 case 0:
596 info0 = (struct LOCALGROUP_INFO_0 *)buffer;
597 init_lsa_String(&info->name, info0->lgrpi0_name);
598 *alias_level = ALIASINFONAME;
599 break;
600 case 1:
601 info1 = (struct LOCALGROUP_INFO_1 *)buffer;
602 /* group name will be ignored */
603 init_lsa_String(&info->description, info1->lgrpi1_comment);
604 *alias_level = ALIASINFODESCRIPTION;
605 break;
606 case 1002:
607 info1002 = (struct LOCALGROUP_INFO_1002 *)buffer;
608 init_lsa_String(&info->description, info1002->lgrpi1002_comment);
609 *alias_level = ALIASINFODESCRIPTION;
610 break;
611 }
612
613 *alias_info = info;
614
615 return WERR_OK;
616 }
617
618 /****************************************************************
619 ****************************************************************/
620
621 WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
622 struct NetLocalGroupSetInfo *r)
623 {
624 struct rpc_pipe_client *pipe_cli = NULL;
625 NTSTATUS status, result;
626 WERROR werr;
627 struct lsa_String lsa_account_name;
628 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
629 struct dom_sid2 *domain_sid = NULL;
630 enum samr_AliasInfoEnum alias_level = 0;
631 union samr_AliasInfo *alias_info = NULL;
632 struct dcerpc_binding_handle *b = NULL;
633
634 if (!r->in.group_name) {
635 return WERR_INVALID_PARAMETER;
636 }
637
638 switch (r->in.level) {
639 case 0:
640 case 1:
641 case 1002:
642 break;
643 default:
644 return WERR_INVALID_LEVEL;
645 }
646
647 ZERO_STRUCT(connect_handle);
648 ZERO_STRUCT(builtin_handle);
649 ZERO_STRUCT(domain_handle);
650 ZERO_STRUCT(alias_handle);
651
652 werr = libnetapi_open_pipe(ctx, r->in.server_name,
653 &ndr_table_samr,
654 &pipe_cli);
655 if (!W_ERROR_IS_OK(werr)) {
656 goto done;
657 }
658
659 b = pipe_cli->binding_handle;
660
661 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
662 SAMR_ACCESS_LOOKUP_DOMAIN |
663 SAMR_ACCESS_ENUM_DOMAINS,
664 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
665 &connect_handle,
666 &builtin_handle);
667 if (!W_ERROR_IS_OK(werr)) {
668 goto done;
669 }
670
671 init_lsa_String(&lsa_account_name, r->in.group_name);
672
673 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
674 &builtin_handle,
675 r->in.group_name,
676 SAMR_ALIAS_ACCESS_SET_INFO,
677 &alias_handle);
678
679 if (ctx->disable_policy_handle_cache) {
680 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
681 }
682
683 if (NT_STATUS_IS_OK(status)) {
684 goto set_alias;
685 }
686
687 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
688 SAMR_ACCESS_ENUM_DOMAINS |
689 SAMR_ACCESS_LOOKUP_DOMAIN,
690 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
691 &connect_handle,
692 &domain_handle,
693 &domain_sid);
694 if (!W_ERROR_IS_OK(werr)) {
695 goto done;
696 }
697
698 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
699 &domain_handle,
700 r->in.group_name,
701 SAMR_ALIAS_ACCESS_SET_INFO,
702 &alias_handle);
703 if (!NT_STATUS_IS_OK(status)) {
704 werr = ntstatus_to_werror(status);
705 goto done;
706 }
707
708 if (ctx->disable_policy_handle_cache) {
709 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
710 }
711
712 set_alias:
713
714 werr = map_buffer_to_alias_info(ctx, r->in.level, r->in.buffer,
715 &alias_level, &alias_info);
716 if (!W_ERROR_IS_OK(werr)) {
717 goto done;
718 }
719
720 status = dcerpc_samr_SetAliasInfo(b, talloc_tos(),
721 &alias_handle,
722 alias_level,
723 alias_info,
724 &result);
725 if (any_nt_status_not_ok(status, result, &status)) {
726 werr = ntstatus_to_werror(status);
727 goto done;
728 }
729
730 werr = WERR_OK;
731
732 done:
733 if (is_valid_policy_hnd(&alias_handle)) {
734 dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
735 }
736
737 if (ctx->disable_policy_handle_cache) {
738 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
739 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
740 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
741 }
742
743 return werr;
744 }
745
746 /****************************************************************
747 ****************************************************************/
748
749 WERROR NetLocalGroupSetInfo_l(struct libnetapi_ctx *ctx,
750 struct NetLocalGroupSetInfo *r)
751 {
752 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetInfo);
753 }
754
755 /****************************************************************
756 ****************************************************************/
757
758 WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
759 struct NetLocalGroupEnum *r)
760 {
761 struct rpc_pipe_client *pipe_cli = NULL;
762 NTSTATUS status, result;
763 WERROR werr;
764 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
765 struct dom_sid2 *domain_sid = NULL;
766 uint32_t entries_read = 0;
767 union samr_DomainInfo *domain_info = NULL;
768 union samr_DomainInfo *builtin_info = NULL;
769 struct samr_SamArray *domain_sam_array = NULL;
770 struct samr_SamArray *builtin_sam_array = NULL;
771 int i;
772 struct dcerpc_binding_handle *b = NULL;
773
774 if (!r->out.buffer) {
775 return WERR_INVALID_PARAMETER;
776 }
777
778 switch (r->in.level) {
779 case 0:
780 case 1:
781 break;
782 default:
783 return WERR_INVALID_LEVEL;
784 }
785
786 if (r->out.total_entries) {
787 *r->out.total_entries = 0;
788 }
789 if (r->out.entries_read) {
790 *r->out.entries_read = 0;
791 }
792
793 ZERO_STRUCT(connect_handle);
794 ZERO_STRUCT(builtin_handle);
795 ZERO_STRUCT(domain_handle);
796 ZERO_STRUCT(alias_handle);
797
798 werr = libnetapi_open_pipe(ctx, r->in.server_name,
799 &ndr_table_samr,
800 &pipe_cli);
801 if (!W_ERROR_IS_OK(werr)) {
802 goto done;
803 }
804
805 b = pipe_cli->binding_handle;
806
807 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
808 SAMR_ACCESS_LOOKUP_DOMAIN |
809 SAMR_ACCESS_ENUM_DOMAINS,
810 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
811 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
812 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
813 &connect_handle,
814 &builtin_handle);
815 if (!W_ERROR_IS_OK(werr)) {
816 goto done;
817 }
818
819 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
820 SAMR_ACCESS_LOOKUP_DOMAIN |
821 SAMR_ACCESS_ENUM_DOMAINS,
822 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
823 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
824 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
825 &connect_handle,
826 &domain_handle,
827 &domain_sid);
828 if (!W_ERROR_IS_OK(werr)) {
829 goto done;
830 }
831
832 status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
833 &builtin_handle,
834 2,
835 &builtin_info,
836 &result);
837 if (any_nt_status_not_ok(status, result, &status)) {
838 werr = ntstatus_to_werror(status);
839 goto done;
840 }
841
842 if (r->out.total_entries) {
843 *r->out.total_entries += builtin_info->general.num_aliases;
844 }
845
846 status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
847 &domain_handle,
848 2,
849 &domain_info,
850 &result);
851 if (any_nt_status_not_ok(status, result, &status)) {
852 werr = ntstatus_to_werror(status);
853 goto done;
854 }
855
856 if (r->out.total_entries) {
857 *r->out.total_entries += domain_info->general.num_aliases;
858 }
859
860 status = dcerpc_samr_EnumDomainAliases(b, talloc_tos(),
861 &builtin_handle,
862 r->in.resume_handle,
863 &builtin_sam_array,
864 r->in.prefmaxlen,
865 &entries_read,
866 &result);
867 if (any_nt_status_not_ok(status, result, &status)) {
868 werr = ntstatus_to_werror(status);
869 goto done;
870 }
871
872 for (i=0; i<builtin_sam_array->count; i++) {
873 union samr_AliasInfo *alias_info = NULL;
874
875 if (r->in.level == 1) {
876
877 status = libnetapi_samr_open_alias_queryinfo(ctx, pipe_cli,
878 &builtin_handle,
879 builtin_sam_array->entries[i].idx,
880 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
881 ALIASINFOALL,
882 &alias_info);
883 if (!NT_STATUS_IS_OK(status)) {
884 werr = ntstatus_to_werror(status);
885 goto done;
886 }
887 }
888
889 werr = map_alias_info_to_buffer(ctx,
890 builtin_sam_array->entries[i].name.string,
891 alias_info ? &alias_info->all : NULL,
892 r->in.level,
893 r->out.entries_read,
894 r->out.buffer);
895 }
896
897 status = dcerpc_samr_EnumDomainAliases(b, talloc_tos(),
898 &domain_handle,
899 r->in.resume_handle,
900 &domain_sam_array,
901 r->in.prefmaxlen,
902 &entries_read,
903 &result);
904 if (any_nt_status_not_ok(status, result, &status)) {
905 werr = ntstatus_to_werror(status);
906 goto done;
907 }
908
909 for (i=0; i<domain_sam_array->count; i++) {
910
911 union samr_AliasInfo *alias_info = NULL;
912
913 if (r->in.level == 1) {
914 status = libnetapi_samr_open_alias_queryinfo(ctx, pipe_cli,
915 &domain_handle,
916 domain_sam_array->entries[i].idx,
917 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
918 ALIASINFOALL,
919 &alias_info);
920 if (!NT_STATUS_IS_OK(status)) {
921 werr = ntstatus_to_werror(status);
922 goto done;
923 }
924 }
925
926 werr = map_alias_info_to_buffer(ctx,
927 domain_sam_array->entries[i].name.string,
928 alias_info ? &alias_info->all : NULL,
929 r->in.level,
930 r->out.entries_read,
931 r->out.buffer);
932 }
933
934 done:
935 if (ctx->disable_policy_handle_cache) {
936 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
937 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
938 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
939 }
940
941 return werr;
942 }
943
944 /****************************************************************
945 ****************************************************************/
946
947 WERROR NetLocalGroupEnum_l(struct libnetapi_ctx *ctx,
948 struct NetLocalGroupEnum *r)
949 {
950 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupEnum);
951 }
952
953 /****************************************************************
954 ****************************************************************/
955
956 static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
957 struct rpc_pipe_client *lsa_pipe,
958 const char *name,
959 struct dom_sid *sid)
960 {
961 NTSTATUS status, result;
962 struct policy_handle lsa_handle;
963 struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;
964
965 struct lsa_RefDomainList *domains = NULL;
966 struct lsa_TransSidArray3 sids;
967 uint32_t count = 0;
968
969 struct lsa_String names;
970 uint32_t num_names = 1;
971
972 if (!sid || !name) {
973 return NT_STATUS_INVALID_PARAMETER;
974 }
975
976 ZERO_STRUCT(sids);
977
978 init_lsa_String(&names, name);
979
980 status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
981 false,
982 SEC_STD_READ_CONTROL |
983 LSA_POLICY_VIEW_LOCAL_INFORMATION |
984 LSA_POLICY_LOOKUP_NAMES,
985 &lsa_handle);
986 NT_STATUS_NOT_OK_RETURN(status);
987
988 status = dcerpc_lsa_LookupNames3(b, mem_ctx,
989 &lsa_handle,
990 num_names,
991 &names,
992 &domains,
993 &sids,
994 LSA_LOOKUP_NAMES_ALL, /* sure ? */
995 &count,
996 0, 0,
997 &result);
998 NT_STATUS_NOT_OK_RETURN(status);
999 NT_STATUS_NOT_OK_RETURN(result);
1000
1001 if (count != 1 || sids.count != 1) {
1002 return NT_STATUS_INVALID_NETWORK_RESPONSE;
1003 }
1004
1005 sid_copy(sid, sids.sids[0].sid);
1006
1007 return NT_STATUS_OK;
1008 }
1009
1010 /****************************************************************
1011 ****************************************************************/
1012
1013 static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
1014 struct NetLocalGroupAddMembers *add,
1015 struct NetLocalGroupDelMembers *del,
1016 struct NetLocalGroupSetMembers *set)
1017 {
1018 struct NetLocalGroupAddMembers *r = NULL;
1019
1020 struct rpc_pipe_client *pipe_cli = NULL;
1021 struct rpc_pipe_client *lsa_pipe = NULL;
1022 NTSTATUS status, result;
1023 WERROR werr;
1024 struct lsa_String lsa_account_name;
1025 struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
1026 struct dom_sid2 *domain_sid = NULL;
1027 struct dom_sid *member_sids = NULL;
1028 int i = 0, k = 0;
1029
1030 struct LOCALGROUP_MEMBERS_INFO_0 *info0 = NULL;
1031 struct LOCALGROUP_MEMBERS_INFO_3 *info3 = NULL;
1032
1033 struct dom_sid *add_sids = NULL;
1034 struct dom_sid *del_sids = NULL;
1035 uint32_t num_add_sids = 0;
1036 uint32_t num_del_sids = 0;
1037 struct dcerpc_binding_handle *b = NULL;
1038
1039 if ((!add && !del && !set) || (add && del && set)) {
1040 return WERR_INVALID_PARAMETER;
1041 }
1042
1043 if (add) {
1044 r = add;
1045 }
1046
1047 if (del) {
1048 r = (struct NetLocalGroupAddMembers *)del;
1049 }
1050
1051 if (set) {
1052 r = (struct NetLocalGroupAddMembers *)set;
1053 }
1054
1055 if (r==NULL || r->in.group_name == NULL) {
1056 return WERR_INVALID_PARAMETER;
1057 }
1058
1059 switch (r->in.level) {
1060 case 0:
1061 case 3:
1062 break;
1063 default:
1064 return WERR_INVALID_LEVEL;
1065 }
1066
1067 if (r->in.total_entries == 0 || !r->in.buffer) {
1068 return WERR_INVALID_PARAMETER;
1069 }
1070
1071 ZERO_STRUCT(connect_handle);
1072 ZERO_STRUCT(builtin_handle);
1073 ZERO_STRUCT(domain_handle);
1074 ZERO_STRUCT(alias_handle);
1075
1076 member_sids = talloc_zero_array(ctx, struct dom_sid,
1077 r->in.total_entries);
1078 W_ERROR_HAVE_NO_MEMORY(member_sids);
1079
1080 switch (r->in.level) {
1081 case 0:
1082 info0 = (struct LOCALGROUP_MEMBERS_INFO_0 *)r->in.buffer;
1083 for (i=0; i < r->in.total_entries; i++) {
1084 sid_copy(&member_sids[i], (struct dom_sid *)info0[i].lgrmi0_sid);
1085 }
1086 break;
1087 case 3:
1088 info3 = (struct LOCALGROUP_MEMBERS_INFO_3 *)r->in.buffer;
1089 break;
1090 default:
1091 break;
1092 }
1093
1094 if (r->in.level == 3) {
1095 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1096 &ndr_table_lsarpc,
1097 &lsa_pipe);
1098 if (!W_ERROR_IS_OK(werr)) {
1099 goto done;
1100 }
1101
1102 for (i=0; i < r->in.total_entries; i++) {
1103 status = libnetapi_lsa_lookup_names3(ctx, lsa_pipe,
1104 info3[i].lgrmi3_domainandname,
1105 &member_sids[i]);
1106 if (!NT_STATUS_IS_OK(status)) {
1107 werr = ntstatus_to_werror(status);
1108 goto done;
1109 }
1110 }
1111 TALLOC_FREE(lsa_pipe);
1112 }
1113
1114 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1115 &ndr_table_samr,
1116 &pipe_cli);
1117 if (!W_ERROR_IS_OK(werr)) {
1118 goto done;
1119 }
1120
1121 b = pipe_cli->binding_handle;
1122
1123 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1124 SAMR_ACCESS_LOOKUP_DOMAIN |
1125 SAMR_ACCESS_ENUM_DOMAINS,
1126 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1127 &connect_handle,
1128 &builtin_handle);
1129 if (!W_ERROR_IS_OK(werr)) {
1130 goto done;
1131 }
1132
1133 init_lsa_String(&lsa_account_name, r->in.group_name);
1134
1135 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
1136 &builtin_handle,
1137 r->in.group_name,
1138 SAMR_ALIAS_ACCESS_ADD_MEMBER |
1139 SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
1140 SAMR_ALIAS_ACCESS_GET_MEMBERS |
1141 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
1142 &alias_handle);
1143
1144 if (ctx->disable_policy_handle_cache) {
1145 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
1146 }
1147
1148 if (NT_STATUS_IS_OK(status)) {
1149 goto modify_membership;
1150 }
1151
1152 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1153 SAMR_ACCESS_ENUM_DOMAINS |
1154 SAMR_ACCESS_LOOKUP_DOMAIN,
1155 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1156 &connect_handle,
1157 &domain_handle,
1158 &domain_sid);
1159 if (!W_ERROR_IS_OK(werr)) {
1160 goto done;
1161 }
1162
1163 status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
1164 &domain_handle,
1165 r->in.group_name,
1166 SAMR_ALIAS_ACCESS_ADD_MEMBER |
1167 SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
1168 SAMR_ALIAS_ACCESS_GET_MEMBERS |
1169 SAMR_ALIAS_ACCESS_LOOKUP_INFO,
1170 &alias_handle);
1171 if (!NT_STATUS_IS_OK(status)) {
1172 werr = ntstatus_to_werror(status);
1173 goto done;
1174 }
1175
1176 if (ctx->disable_policy_handle_cache) {
1177 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1178 }
1179
1180 modify_membership:
1181
1182 if (add) {
1183 for (i=0; i < r->in.total_entries; i++) {
1184 status = add_sid_to_array_unique(ctx, &member_sids[i],
1185 &add_sids,
1186 &num_add_sids);
1187 if (!NT_STATUS_IS_OK(status)) {
1188 werr = ntstatus_to_werror(status);
1189 goto done;
1190 }
1191 }
1192 }
1193
1194 if (del) {
1195 for (i=0; i < r->in.total_entries; i++) {
1196 status = add_sid_to_array_unique(ctx, &member_sids[i],
1197 &del_sids,
1198 &num_del_sids);
1199 if (!NT_STATUS_IS_OK(status)) {
1200 werr = ntstatus_to_werror(status);
1201 goto done;
1202 }
1203 }
1204 }
1205
1206 if (set) {
1207
1208 struct lsa_SidArray current_sids;
1209
1210 status = dcerpc_samr_GetMembersInAlias(b, talloc_tos(),
1211 &alias_handle,
1212 &current_sids,
1213 &result);
1214 if (any_nt_status_not_ok(status, result, &status)) {
1215 werr = ntstatus_to_werror(status);
1216 goto done;
1217 }
1218
1219 /* add list */
1220
1221 for (i=0; i < r->in.total_entries; i++) {
1222 bool already_member = false;
1223 for (k=0; k < current_sids.num_sids; k++) {
1224 if (dom_sid_equal(&member_sids[i],
1225 current_sids.sids[k].sid)) {
1226 already_member = true;
1227 break;
1228 }
1229 }
1230 if (!already_member) {
1231 status = add_sid_to_array_unique(ctx,
1232 &member_sids[i],
1233 &add_sids, &num_add_sids);
1234 if (!NT_STATUS_IS_OK(status)) {
1235 werr = ntstatus_to_werror(status);
1236 goto done;
1237 }
1238 }
1239 }
1240
1241 /* del list */
1242
1243 for (k=0; k < current_sids.num_sids; k++) {
1244 bool keep_member = false;
1245 for (i=0; i < r->in.total_entries; i++) {
1246 if (dom_sid_equal(&member_sids[i],
1247 current_sids.sids[k].sid)) {
1248 keep_member = true;
1249 break;
1250 }
1251 }
1252 if (!keep_member) {
1253 status = add_sid_to_array_unique(ctx,
1254 current_sids.sids[k].sid,
1255 &del_sids, &num_del_sids);
1256 if (!NT_STATUS_IS_OK(status)) {
1257 werr = ntstatus_to_werror(status);
1258 goto done;
1259 }
1260 }
1261 }
1262 }
1263
1264 /* add list */
1265
1266 for (i=0; i < num_add_sids; i++) {
1267 status = dcerpc_samr_AddAliasMember(b, talloc_tos(),
1268 &alias_handle,
1269 &add_sids[i],
1270 &result);
1271 if (any_nt_status_not_ok(status, result, &status)) {
1272 werr = ntstatus_to_werror(status);
1273 goto done;
1274 }
1275 }
1276
1277 /* del list */
1278
1279 for (i=0; i < num_del_sids; i++) {
1280 status = dcerpc_samr_DeleteAliasMember(b, talloc_tos(),
1281 &alias_handle,
1282 &del_sids[i],
1283 &result);
1284 if (any_nt_status_not_ok(status, result, &status)) {
1285 werr = ntstatus_to_werror(status);
1286 goto done;
1287 }
1288 }
1289
1290 werr = WERR_OK;
1291
1292 done:
1293 if (b && is_valid_policy_hnd(&alias_handle)) {
1294 dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
1295 }
1296
1297 if (ctx->disable_policy_handle_cache) {
1298 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1299 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
1300 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1301 }
1302
1303 return werr;
1304 }
1305
1306 /****************************************************************
1307 ****************************************************************/
1308
1309 WERROR NetLocalGroupAddMembers_r(struct libnetapi_ctx *ctx,
1310 struct NetLocalGroupAddMembers *r)
1311 {
1312 return NetLocalGroupModifyMembers_r(ctx, r, NULL, NULL);
1313 }
1314
1315 /****************************************************************
1316 ****************************************************************/
1317
1318 WERROR NetLocalGroupAddMembers_l(struct libnetapi_ctx *ctx,
1319 struct NetLocalGroupAddMembers *r)
1320 {
1321 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupAddMembers);
1322 }
1323
1324 /****************************************************************
1325 ****************************************************************/
1326
1327 WERROR NetLocalGroupDelMembers_r(struct libnetapi_ctx *ctx,
1328 struct NetLocalGroupDelMembers *r)
1329 {
1330 return NetLocalGroupModifyMembers_r(ctx, NULL, r, NULL);
1331 }
1332
1333 /****************************************************************
1334 ****************************************************************/
1335
1336 WERROR NetLocalGroupDelMembers_l(struct libnetapi_ctx *ctx,
1337 struct NetLocalGroupDelMembers *r)
1338 {
1339 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupDelMembers);
1340 }
1341
1342 /****************************************************************
1343 ****************************************************************/
1344
1345 WERROR NetLocalGroupGetMembers_r(struct libnetapi_ctx *ctx,
1346 struct NetLocalGroupGetMembers *r)
1347 {
1348 return WERR_NOT_SUPPORTED;
1349 }
1350
1351 /****************************************************************
1352 ****************************************************************/
1353
1354 WERROR NetLocalGroupGetMembers_l(struct libnetapi_ctx *ctx,
1355 struct NetLocalGroupGetMembers *r)
1356 {
1357 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupGetMembers);
1358 }
1359
1360 /****************************************************************
1361 ****************************************************************/
1362
1363 WERROR NetLocalGroupSetMembers_r(struct libnetapi_ctx *ctx,
1364 struct NetLocalGroupSetMembers *r)
1365 {
1366 return NetLocalGroupModifyMembers_r(ctx, NULL, NULL, r);
1367 }
1368
1369 /****************************************************************
1370 ****************************************************************/
1371
1372 WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
1373 struct NetLocalGroupSetMembers *r)
1374 {
1375 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
1376 }
Samba GIT mirror