2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "lib/netapi/netapi.h"
24 #include "lib/netapi/netapi_private.h"
25 #include "lib/netapi/libnetapi.h"
26 #include "../librpc/gen_ndr/ndr_samr_c.h"
27 #include "rpc_client/init_samr.h"
28 #include "../libds/common/flags.h"
29 #include "rpc_client/init_lsa.h"
30 #include "../libcli/security/security.h"
31 #include "../libds/common/flag_mapping.h"
32 #include "rpc_client/cli_pipe.h"
34 /****************************************************************
35 ****************************************************************/
37 static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X
*infoX
,
38 struct samr_UserInfo21
*info21
)
40 uint32_t fields_present
= 0;
41 struct samr_LogonHours zero_logon_hours
;
42 struct lsa_BinaryString zero_parameters
;
46 ZERO_STRUCT(zero_logon_hours
);
47 ZERO_STRUCT(zero_parameters
);
49 if (infoX
->usriX_flags
) {
50 fields_present
|= SAMR_FIELD_ACCT_FLAGS
;
52 if (infoX
->usriX_name
) {
53 fields_present
|= SAMR_FIELD_ACCOUNT_NAME
;
55 if (infoX
->usriX_password
) {
56 fields_present
|= SAMR_FIELD_NT_PASSWORD_PRESENT
;
58 if (infoX
->usriX_flags
) {
59 fields_present
|= SAMR_FIELD_ACCT_FLAGS
;
61 if (infoX
->usriX_home_dir
) {
62 fields_present
|= SAMR_FIELD_HOME_DIRECTORY
;
64 if (infoX
->usriX_script_path
) {
65 fields_present
|= SAMR_FIELD_LOGON_SCRIPT
;
67 if (infoX
->usriX_comment
) {
68 fields_present
|= SAMR_FIELD_DESCRIPTION
;
70 if (infoX
->usriX_password_age
) {
71 fields_present
|= SAMR_FIELD_FORCE_PWD_CHANGE
;
73 if (infoX
->usriX_full_name
) {
74 fields_present
|= SAMR_FIELD_FULL_NAME
;
76 if (infoX
->usriX_usr_comment
) {
77 fields_present
|= SAMR_FIELD_COMMENT
;
79 if (infoX
->usriX_profile
) {
80 fields_present
|= SAMR_FIELD_PROFILE_PATH
;
82 if (infoX
->usriX_home_dir_drive
) {
83 fields_present
|= SAMR_FIELD_HOME_DRIVE
;
85 if (infoX
->usriX_primary_group_id
) {
86 fields_present
|= SAMR_FIELD_PRIMARY_GID
;
88 if (infoX
->usriX_country_code
) {
89 fields_present
|= SAMR_FIELD_COUNTRY_CODE
;
91 if (infoX
->usriX_workstations
) {
92 fields_present
|= SAMR_FIELD_WORKSTATIONS
;
95 unix_to_nt_time_abs(&password_age
, infoX
->usriX_password_age
);
97 /* TODO: infoX->usriX_priv */
99 info21
->last_logon
= 0;
100 info21
->last_logoff
= 0;
101 info21
->last_password_change
= 0;
102 info21
->acct_expiry
= 0;
103 info21
->allow_password_change
= 0;
104 info21
->force_password_change
= 0;
105 info21
->account_name
.string
= infoX
->usriX_name
;
106 info21
->full_name
.string
= infoX
->usriX_full_name
;
107 info21
->home_directory
.string
= infoX
->usriX_home_dir
;
108 info21
->home_drive
.string
= infoX
->usriX_home_dir_drive
;
109 info21
->logon_script
.string
= infoX
->usriX_script_path
;
110 info21
->profile_path
.string
= infoX
->usriX_profile
;
111 info21
->description
.string
= infoX
->usriX_comment
;
112 info21
->workstations
.string
= infoX
->usriX_workstations
;
113 info21
->comment
.string
= infoX
->usriX_usr_comment
;
114 info21
->parameters
= zero_parameters
;
115 info21
->lm_owf_password
= zero_parameters
;
116 info21
->nt_owf_password
= zero_parameters
;
117 info21
->private_data
.string
= NULL
;
118 info21
->buf_count
= 0;
119 info21
->buffer
= NULL
;
120 info21
->rid
= infoX
->usriX_user_id
;
121 info21
->primary_gid
= infoX
->usriX_primary_group_id
;
122 info21
->acct_flags
= infoX
->usriX_flags
;
123 info21
->fields_present
= fields_present
;
124 info21
->logon_hours
= zero_logon_hours
;
125 info21
->bad_password_count
= infoX
->usriX_bad_pw_count
;
126 info21
->logon_count
= infoX
->usriX_num_logons
;
127 info21
->country_code
= infoX
->usriX_country_code
;
128 info21
->code_page
= infoX
->usriX_code_page
;
129 info21
->lm_password_set
= 0;
130 info21
->nt_password_set
= 0;
131 info21
->password_expired
= infoX
->usriX_password_expired
;
132 info21
->private_data_sensitive
= 0;
135 /****************************************************************
136 ****************************************************************/
138 static NTSTATUS
construct_USER_INFO_X(uint32_t level
,
140 struct USER_INFO_X
*uX
)
142 struct USER_INFO_0
*u0
= NULL
;
143 struct USER_INFO_1
*u1
= NULL
;
144 struct USER_INFO_2
*u2
= NULL
;
145 struct USER_INFO_3
*u3
= NULL
;
146 struct USER_INFO_1003
*u1003
= NULL
;
147 struct USER_INFO_1006
*u1006
= NULL
;
148 struct USER_INFO_1007
*u1007
= NULL
;
149 struct USER_INFO_1009
*u1009
= NULL
;
150 struct USER_INFO_1011
*u1011
= NULL
;
151 struct USER_INFO_1012
*u1012
= NULL
;
152 struct USER_INFO_1014
*u1014
= NULL
;
153 struct USER_INFO_1024
*u1024
= NULL
;
154 struct USER_INFO_1051
*u1051
= NULL
;
155 struct USER_INFO_1052
*u1052
= NULL
;
156 struct USER_INFO_1053
*u1053
= NULL
;
158 if (!buffer
|| !uX
) {
159 return NT_STATUS_INVALID_PARAMETER
;
166 u0
= (struct USER_INFO_0
*)buffer
;
167 uX
->usriX_name
= u0
->usri0_name
;
170 u1
= (struct USER_INFO_1
*)buffer
;
171 uX
->usriX_name
= u1
->usri1_name
;
172 uX
->usriX_password
= u1
->usri1_password
;
173 uX
->usriX_password_age
= u1
->usri1_password_age
;
174 uX
->usriX_priv
= u1
->usri1_priv
;
175 uX
->usriX_home_dir
= u1
->usri1_home_dir
;
176 uX
->usriX_comment
= u1
->usri1_comment
;
177 uX
->usriX_flags
= u1
->usri1_flags
;
178 uX
->usriX_script_path
= u1
->usri1_script_path
;
181 u2
= (struct USER_INFO_2
*)buffer
;
182 uX
->usriX_name
= u2
->usri2_name
;
183 uX
->usriX_password
= u2
->usri2_password
;
184 uX
->usriX_password_age
= u2
->usri2_password_age
;
185 uX
->usriX_priv
= u2
->usri2_priv
;
186 uX
->usriX_home_dir
= u2
->usri2_home_dir
;
187 uX
->usriX_comment
= u2
->usri2_comment
;
188 uX
->usriX_flags
= u2
->usri2_flags
;
189 uX
->usriX_script_path
= u2
->usri2_script_path
;
190 uX
->usriX_auth_flags
= u2
->usri2_auth_flags
;
191 uX
->usriX_full_name
= u2
->usri2_full_name
;
192 uX
->usriX_usr_comment
= u2
->usri2_usr_comment
;
193 uX
->usriX_parms
= u2
->usri2_parms
;
194 uX
->usriX_workstations
= u2
->usri2_workstations
;
195 uX
->usriX_last_logon
= u2
->usri2_last_logon
;
196 uX
->usriX_last_logoff
= u2
->usri2_last_logoff
;
197 uX
->usriX_acct_expires
= u2
->usri2_acct_expires
;
198 uX
->usriX_max_storage
= u2
->usri2_max_storage
;
199 uX
->usriX_units_per_week
= u2
->usri2_units_per_week
;
200 uX
->usriX_logon_hours
= u2
->usri2_logon_hours
;
201 uX
->usriX_bad_pw_count
= u2
->usri2_bad_pw_count
;
202 uX
->usriX_num_logons
= u2
->usri2_num_logons
;
203 uX
->usriX_logon_server
= u2
->usri2_logon_server
;
204 uX
->usriX_country_code
= u2
->usri2_country_code
;
205 uX
->usriX_code_page
= u2
->usri2_code_page
;
208 u3
= (struct USER_INFO_3
*)buffer
;
209 uX
->usriX_name
= u3
->usri3_name
;
210 uX
->usriX_password_age
= u3
->usri3_password_age
;
211 uX
->usriX_priv
= u3
->usri3_priv
;
212 uX
->usriX_home_dir
= u3
->usri3_home_dir
;
213 uX
->usriX_comment
= u3
->usri3_comment
;
214 uX
->usriX_flags
= u3
->usri3_flags
;
215 uX
->usriX_script_path
= u3
->usri3_script_path
;
216 uX
->usriX_auth_flags
= u3
->usri3_auth_flags
;
217 uX
->usriX_full_name
= u3
->usri3_full_name
;
218 uX
->usriX_usr_comment
= u3
->usri3_usr_comment
;
219 uX
->usriX_parms
= u3
->usri3_parms
;
220 uX
->usriX_workstations
= u3
->usri3_workstations
;
221 uX
->usriX_last_logon
= u3
->usri3_last_logon
;
222 uX
->usriX_last_logoff
= u3
->usri3_last_logoff
;
223 uX
->usriX_acct_expires
= u3
->usri3_acct_expires
;
224 uX
->usriX_max_storage
= u3
->usri3_max_storage
;
225 uX
->usriX_units_per_week
= u3
->usri3_units_per_week
;
226 uX
->usriX_logon_hours
= u3
->usri3_logon_hours
;
227 uX
->usriX_bad_pw_count
= u3
->usri3_bad_pw_count
;
228 uX
->usriX_num_logons
= u3
->usri3_num_logons
;
229 uX
->usriX_logon_server
= u3
->usri3_logon_server
;
230 uX
->usriX_country_code
= u3
->usri3_country_code
;
231 uX
->usriX_code_page
= u3
->usri3_code_page
;
232 uX
->usriX_user_id
= u3
->usri3_user_id
;
233 uX
->usriX_primary_group_id
= u3
->usri3_primary_group_id
;
234 uX
->usriX_profile
= u3
->usri3_profile
;
235 uX
->usriX_home_dir_drive
= u3
->usri3_home_dir_drive
;
236 uX
->usriX_password_expired
= u3
->usri3_password_expired
;
239 u1003
= (struct USER_INFO_1003
*)buffer
;
240 uX
->usriX_password
= u1003
->usri1003_password
;
243 u1006
= (struct USER_INFO_1006
*)buffer
;
244 uX
->usriX_home_dir
= u1006
->usri1006_home_dir
;
247 u1007
= (struct USER_INFO_1007
*)buffer
;
248 uX
->usriX_comment
= u1007
->usri1007_comment
;
251 u1009
= (struct USER_INFO_1009
*)buffer
;
252 uX
->usriX_script_path
= u1009
->usri1009_script_path
;
255 u1011
= (struct USER_INFO_1011
*)buffer
;
256 uX
->usriX_full_name
= u1011
->usri1011_full_name
;
259 u1012
= (struct USER_INFO_1012
*)buffer
;
260 uX
->usriX_usr_comment
= u1012
->usri1012_usr_comment
;
263 u1014
= (struct USER_INFO_1014
*)buffer
;
264 uX
->usriX_workstations
= u1014
->usri1014_workstations
;
267 u1024
= (struct USER_INFO_1024
*)buffer
;
268 uX
->usriX_country_code
= u1024
->usri1024_country_code
;
271 u1051
= (struct USER_INFO_1051
*)buffer
;
272 uX
->usriX_primary_group_id
= u1051
->usri1051_primary_group_id
;
275 u1052
= (struct USER_INFO_1052
*)buffer
;
276 uX
->usriX_profile
= u1052
->usri1052_profile
;
279 u1053
= (struct USER_INFO_1053
*)buffer
;
280 uX
->usriX_home_dir_drive
= u1053
->usri1053_home_dir_drive
;
284 return NT_STATUS_INVALID_INFO_CLASS
;
290 /****************************************************************
291 ****************************************************************/
293 static NTSTATUS
set_user_info_USER_INFO_X(TALLOC_CTX
*ctx
,
294 struct rpc_pipe_client
*pipe_cli
,
295 DATA_BLOB
*session_key
,
296 struct policy_handle
*user_handle
,
297 struct USER_INFO_X
*uX
)
299 union samr_UserInfo user_info
;
300 struct samr_UserInfo21 info21
;
301 NTSTATUS status
, result
;
302 struct dcerpc_binding_handle
*b
= pipe_cli
->binding_handle
;
305 return NT_STATUS_INVALID_PARAMETER
;
308 convert_USER_INFO_X_to_samr_user_info21(uX
, &info21
);
310 ZERO_STRUCT(user_info
);
312 if (uX
->usriX_password
) {
314 user_info
.info25
.info
= info21
;
316 init_samr_CryptPasswordEx(uX
->usriX_password
,
318 &user_info
.info25
.password
);
320 status
= dcerpc_samr_SetUserInfo2(b
, talloc_tos(),
325 if (NT_STATUS_EQUAL(status
, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
)) {
327 user_info
.info23
.info
= info21
;
329 init_samr_CryptPassword(uX
->usriX_password
,
331 &user_info
.info23
.password
);
333 status
= dcerpc_samr_SetUserInfo2(b
, talloc_tos(),
338 if (!NT_STATUS_IS_OK(status
)) {
343 if (!NT_STATUS_IS_OK(status
)) {
348 user_info
.info21
= info21
;
350 status
= dcerpc_samr_SetUserInfo(b
, talloc_tos(),
355 if (!NT_STATUS_IS_OK(status
)) {
363 /****************************************************************
364 ****************************************************************/
366 WERROR
NetUserAdd_r(struct libnetapi_ctx
*ctx
,
367 struct NetUserAdd
*r
)
369 struct rpc_pipe_client
*pipe_cli
= NULL
;
370 NTSTATUS status
, result
;
372 struct policy_handle connect_handle
, domain_handle
, user_handle
;
373 struct lsa_String lsa_account_name
;
374 struct dom_sid2
*domain_sid
= NULL
;
375 union samr_UserInfo
*user_info
= NULL
;
376 struct samr_PwInfo pw_info
;
377 uint32_t access_granted
= 0;
379 struct USER_INFO_X uX
;
380 struct dcerpc_binding_handle
*b
= NULL
;
381 DATA_BLOB session_key
;
383 ZERO_STRUCT(connect_handle
);
384 ZERO_STRUCT(domain_handle
);
385 ZERO_STRUCT(user_handle
);
388 return WERR_INVALID_PARAM
;
391 switch (r
->in
.level
) {
398 werr
= WERR_NOT_SUPPORTED
;
402 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
403 &ndr_table_samr
.syntax_id
,
405 if (!W_ERROR_IS_OK(werr
)) {
409 b
= pipe_cli
->binding_handle
;
411 status
= construct_USER_INFO_X(r
->in
.level
, r
->in
.buffer
, &uX
);
412 if (!NT_STATUS_IS_OK(status
)) {
413 werr
= ntstatus_to_werror(status
);
417 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
418 SAMR_ACCESS_ENUM_DOMAINS
|
419 SAMR_ACCESS_LOOKUP_DOMAIN
,
420 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
|
421 SAMR_DOMAIN_ACCESS_CREATE_USER
|
422 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
426 if (!W_ERROR_IS_OK(werr
)) {
430 init_lsa_String(&lsa_account_name
, uX
.usriX_name
);
432 status
= dcerpc_samr_CreateUser2(b
, talloc_tos(),
438 SAMR_USER_ACCESS_SET_PASSWORD
|
439 SAMR_USER_ACCESS_SET_ATTRIBUTES
|
440 SAMR_USER_ACCESS_GET_ATTRIBUTES
,
445 if (!NT_STATUS_IS_OK(status
)) {
446 werr
= ntstatus_to_werror(status
);
449 if (!NT_STATUS_IS_OK(result
)) {
450 werr
= ntstatus_to_werror(result
);
454 status
= dcerpc_samr_QueryUserInfo(b
, talloc_tos(),
459 if (!NT_STATUS_IS_OK(status
)) {
460 werr
= ntstatus_to_werror(status
);
463 if (!NT_STATUS_IS_OK(result
)) {
464 werr
= ntstatus_to_werror(result
);
468 if (!(user_info
->info16
.acct_flags
& ACB_NORMAL
)) {
469 werr
= WERR_INVALID_PARAM
;
473 status
= dcerpc_samr_GetUserPwInfo(b
, talloc_tos(),
477 if (!NT_STATUS_IS_OK(status
)) {
478 werr
= ntstatus_to_werror(status
);
481 if (!NT_STATUS_IS_OK(result
)) {
482 werr
= ntstatus_to_werror(result
);
486 status
= cli_get_session_key(talloc_tos(), pipe_cli
, &session_key
);
487 if (!NT_STATUS_IS_OK(status
)) {
488 werr
= ntstatus_to_werror(status
);
492 uX
.usriX_flags
|= ACB_NORMAL
;
494 status
= set_user_info_USER_INFO_X(ctx
, pipe_cli
,
498 if (!NT_STATUS_IS_OK(status
)) {
499 werr
= ntstatus_to_werror(status
);
507 dcerpc_samr_DeleteUser(b
, talloc_tos(),
512 if (is_valid_policy_hnd(&user_handle
) && b
) {
513 dcerpc_samr_Close(b
, talloc_tos(), &user_handle
, &result
);
516 if (ctx
->disable_policy_handle_cache
) {
517 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
518 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
524 /****************************************************************
525 ****************************************************************/
527 WERROR
NetUserAdd_l(struct libnetapi_ctx
*ctx
,
528 struct NetUserAdd
*r
)
530 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserAdd
);
533 /****************************************************************
534 ****************************************************************/
536 WERROR
NetUserDel_r(struct libnetapi_ctx
*ctx
,
537 struct NetUserDel
*r
)
539 struct rpc_pipe_client
*pipe_cli
= NULL
;
540 NTSTATUS status
, result
;
542 struct policy_handle connect_handle
, builtin_handle
, domain_handle
, user_handle
;
543 struct lsa_String lsa_account_name
;
544 struct samr_Ids user_rids
, name_types
;
545 struct dom_sid2
*domain_sid
= NULL
;
546 struct dom_sid2 user_sid
;
547 struct dcerpc_binding_handle
*b
= NULL
;
549 ZERO_STRUCT(connect_handle
);
550 ZERO_STRUCT(builtin_handle
);
551 ZERO_STRUCT(domain_handle
);
552 ZERO_STRUCT(user_handle
);
554 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
555 &ndr_table_samr
.syntax_id
,
558 if (!W_ERROR_IS_OK(werr
)) {
562 b
= pipe_cli
->binding_handle
;
564 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
565 SAMR_ACCESS_ENUM_DOMAINS
|
566 SAMR_ACCESS_LOOKUP_DOMAIN
,
567 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
571 if (!W_ERROR_IS_OK(werr
)) {
575 status
= dcerpc_samr_OpenDomain(b
, talloc_tos(),
577 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
578 discard_const_p(struct dom_sid
, &global_sid_Builtin
),
581 if (!NT_STATUS_IS_OK(status
)) {
582 werr
= ntstatus_to_werror(status
);
585 if (!NT_STATUS_IS_OK(result
)) {
586 werr
= ntstatus_to_werror(result
);
590 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
592 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
599 if (!NT_STATUS_IS_OK(status
)) {
600 werr
= ntstatus_to_werror(status
);
603 if (!NT_STATUS_IS_OK(result
)) {
604 werr
= ntstatus_to_werror(result
);
608 status
= dcerpc_samr_OpenUser(b
, talloc_tos(),
614 if (!NT_STATUS_IS_OK(status
)) {
615 werr
= ntstatus_to_werror(status
);
618 if (!NT_STATUS_IS_OK(result
)) {
619 werr
= ntstatus_to_werror(result
);
623 sid_compose(&user_sid
, domain_sid
, user_rids
.ids
[0]);
625 status
= dcerpc_samr_RemoveMemberFromForeignDomain(b
, talloc_tos(),
629 if (!NT_STATUS_IS_OK(status
)) {
630 werr
= ntstatus_to_werror(status
);
633 if (!NT_STATUS_IS_OK(result
)) {
634 werr
= ntstatus_to_werror(result
);
638 status
= dcerpc_samr_DeleteUser(b
, talloc_tos(),
641 if (!NT_STATUS_IS_OK(status
)) {
642 werr
= ntstatus_to_werror(status
);
645 if (!NT_STATUS_IS_OK(result
)) {
646 werr
= ntstatus_to_werror(result
);
653 if (is_valid_policy_hnd(&user_handle
)) {
654 dcerpc_samr_Close(b
, talloc_tos(), &user_handle
, &result
);
657 if (ctx
->disable_policy_handle_cache
) {
658 libnetapi_samr_close_builtin_handle(ctx
, &builtin_handle
);
659 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
660 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
666 /****************************************************************
667 ****************************************************************/
669 WERROR
NetUserDel_l(struct libnetapi_ctx
*ctx
,
670 struct NetUserDel
*r
)
672 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserDel
);
675 /****************************************************************
676 ****************************************************************/
678 static NTSTATUS
libnetapi_samr_lookup_user(TALLOC_CTX
*mem_ctx
,
679 struct rpc_pipe_client
*pipe_cli
,
680 struct policy_handle
*domain_handle
,
681 struct policy_handle
*builtin_handle
,
682 const char *user_name
,
683 const struct dom_sid
*domain_sid
,
686 struct samr_UserInfo21
**info21
,
687 struct sec_desc_buf
**sec_desc
,
688 uint32_t *auth_flag_p
)
690 NTSTATUS status
, result
;
692 struct policy_handle user_handle
;
693 union samr_UserInfo
*user_info
= NULL
;
694 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
695 uint32_t access_mask
= SEC_STD_READ_CONTROL
|
696 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
697 SAMR_USER_ACCESS_GET_NAME_ETC
;
698 struct dcerpc_binding_handle
*b
= pipe_cli
->binding_handle
;
700 ZERO_STRUCT(user_handle
);
706 access_mask
|= SAMR_USER_ACCESS_GET_LOGONINFO
|
707 SAMR_USER_ACCESS_GET_GROUPS
;
713 access_mask
|= SAMR_USER_ACCESS_GET_LOGONINFO
|
714 SAMR_USER_ACCESS_GET_GROUPS
|
715 SAMR_USER_ACCESS_GET_LOCALE
;
722 return NT_STATUS_INVALID_LEVEL
;
729 status
= dcerpc_samr_OpenUser(b
, mem_ctx
,
735 if (!NT_STATUS_IS_OK(status
)) {
738 if (!NT_STATUS_IS_OK(result
)) {
743 status
= dcerpc_samr_QueryUserInfo(b
, mem_ctx
,
748 if (!NT_STATUS_IS_OK(status
)) {
751 if (!NT_STATUS_IS_OK(result
)) {
756 status
= dcerpc_samr_QuerySecurity(b
, mem_ctx
,
761 if (!NT_STATUS_IS_OK(status
)) {
764 if (!NT_STATUS_IS_OK(result
)) {
769 if (access_mask
& SAMR_USER_ACCESS_GET_GROUPS
) {
771 struct lsa_SidArray sid_array
;
772 struct samr_Ids alias_rids
;
774 uint32_t auth_flag
= 0;
777 status
= dcerpc_samr_GetGroupsForUser(b
, mem_ctx
,
781 if (!NT_STATUS_IS_OK(status
)) {
784 if (!NT_STATUS_IS_OK(result
)) {
789 sid_array
.num_sids
= rid_array
->count
+ 1;
790 sid_array
.sids
= talloc_array(mem_ctx
, struct lsa_SidPtr
,
792 NT_STATUS_HAVE_NO_MEMORY(sid_array
.sids
);
794 for (i
=0; i
<rid_array
->count
; i
++) {
795 sid_compose(&sid
, domain_sid
, rid_array
->rids
[i
].rid
);
796 sid_array
.sids
[i
].sid
= dom_sid_dup(mem_ctx
, &sid
);
797 NT_STATUS_HAVE_NO_MEMORY(sid_array
.sids
[i
].sid
);
800 sid_compose(&sid
, domain_sid
, rid
);
801 sid_array
.sids
[i
].sid
= dom_sid_dup(mem_ctx
, &sid
);
802 NT_STATUS_HAVE_NO_MEMORY(sid_array
.sids
[i
].sid
);
804 status
= dcerpc_samr_GetAliasMembership(b
, mem_ctx
,
809 if (!NT_STATUS_IS_OK(status
)) {
812 if (!NT_STATUS_IS_OK(result
)) {
817 for (i
=0; i
<alias_rids
.count
; i
++) {
818 switch (alias_rids
.ids
[i
]) {
819 case 550: /* Print Operators */
820 auth_flag
|= AF_OP_PRINT
;
822 case 549: /* Server Operators */
823 auth_flag
|= AF_OP_SERVER
;
825 case 548: /* Account Operators */
826 auth_flag
|= AF_OP_ACCOUNTS
;
834 *auth_flag_p
= auth_flag
;
838 *info21
= &user_info
->info21
;
841 if (is_valid_policy_hnd(&user_handle
)) {
842 dcerpc_samr_Close(b
, mem_ctx
, &user_handle
, &result
);
848 /****************************************************************
849 ****************************************************************/
851 static uint32_t samr_rid_to_priv_level(uint32_t rid
)
854 case DOMAIN_RID_ADMINISTRATOR
:
855 return USER_PRIV_ADMIN
;
856 case DOMAIN_RID_GUEST
:
857 return USER_PRIV_GUEST
;
859 return USER_PRIV_USER
;
863 /****************************************************************
864 ****************************************************************/
866 static uint32_t samr_acb_flags_to_netapi_flags(uint32_t acb
)
868 uint32_t fl
= UF_SCRIPT
; /* god knows why */
870 fl
|= ds_acb2uf(acb
);
875 /****************************************************************
876 ****************************************************************/
878 static NTSTATUS
info21_to_USER_INFO_1(TALLOC_CTX
*mem_ctx
,
879 const struct samr_UserInfo21
*i21
,
880 struct USER_INFO_1
*i
)
883 i
->usri1_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
884 NT_STATUS_HAVE_NO_MEMORY(i
->usri1_name
);
885 i
->usri1_password
= NULL
;
886 i
->usri1_password_age
= time(NULL
) - nt_time_to_unix(i21
->last_password_change
);
887 i
->usri1_priv
= samr_rid_to_priv_level(i21
->rid
);
888 i
->usri1_home_dir
= talloc_strdup(mem_ctx
, i21
->home_directory
.string
);
889 i
->usri1_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
890 i
->usri1_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
891 i
->usri1_script_path
= talloc_strdup(mem_ctx
, i21
->logon_script
.string
);
896 /****************************************************************
897 ****************************************************************/
899 static NTSTATUS
info21_to_USER_INFO_2(TALLOC_CTX
*mem_ctx
,
900 const struct samr_UserInfo21
*i21
,
902 struct USER_INFO_2
*i
)
906 i
->usri2_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
907 NT_STATUS_HAVE_NO_MEMORY(i
->usri2_name
);
908 i
->usri2_password
= NULL
;
909 i
->usri2_password_age
= time(NULL
) - nt_time_to_unix(i21
->last_password_change
);
910 i
->usri2_priv
= samr_rid_to_priv_level(i21
->rid
);
911 i
->usri2_home_dir
= talloc_strdup(mem_ctx
, i21
->home_directory
.string
);
912 i
->usri2_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
913 i
->usri2_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
914 i
->usri2_script_path
= talloc_strdup(mem_ctx
, i21
->logon_script
.string
);
915 i
->usri2_auth_flags
= auth_flag
;
916 i
->usri2_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
917 i
->usri2_usr_comment
= talloc_strdup(mem_ctx
, i21
->comment
.string
);
918 i
->usri2_parms
= talloc_strndup(mem_ctx
, (const char *)i21
->parameters
.array
, i21
->parameters
.size
/2);
919 i
->usri2_workstations
= talloc_strdup(mem_ctx
, i21
->workstations
.string
);
920 i
->usri2_last_logon
= nt_time_to_unix(i21
->last_logon
);
921 i
->usri2_last_logoff
= nt_time_to_unix(i21
->last_logoff
);
922 i
->usri2_acct_expires
= nt_time_to_unix(i21
->acct_expiry
);
923 i
->usri2_max_storage
= USER_MAXSTORAGE_UNLIMITED
; /* FIXME */
924 i
->usri2_units_per_week
= i21
->logon_hours
.units_per_week
;
925 i
->usri2_logon_hours
= (uint8_t *)talloc_memdup(mem_ctx
, i21
->logon_hours
.bits
, 21);
926 i
->usri2_bad_pw_count
= i21
->bad_password_count
;
927 i
->usri2_num_logons
= i21
->logon_count
;
928 i
->usri2_logon_server
= talloc_strdup(mem_ctx
, "\\\\*");
929 i
->usri2_country_code
= i21
->country_code
;
930 i
->usri2_code_page
= i21
->code_page
;
935 /****************************************************************
936 ****************************************************************/
938 static NTSTATUS
info21_to_USER_INFO_3(TALLOC_CTX
*mem_ctx
,
939 const struct samr_UserInfo21
*i21
,
941 struct USER_INFO_3
*i
)
945 i
->usri3_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
946 NT_STATUS_HAVE_NO_MEMORY(i
->usri3_name
);
947 i
->usri3_password_age
= time(NULL
) - nt_time_to_unix(i21
->last_password_change
);
948 i
->usri3_priv
= samr_rid_to_priv_level(i21
->rid
);
949 i
->usri3_home_dir
= talloc_strdup(mem_ctx
, i21
->home_directory
.string
);
950 i
->usri3_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
951 i
->usri3_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
952 i
->usri3_script_path
= talloc_strdup(mem_ctx
, i21
->logon_script
.string
);
953 i
->usri3_auth_flags
= auth_flag
;
954 i
->usri3_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
955 i
->usri3_usr_comment
= talloc_strdup(mem_ctx
, i21
->comment
.string
);
956 i
->usri3_parms
= talloc_strndup(mem_ctx
, (const char *)i21
->parameters
.array
, i21
->parameters
.size
/2);
957 i
->usri3_workstations
= talloc_strdup(mem_ctx
, i21
->workstations
.string
);
958 i
->usri3_last_logon
= nt_time_to_unix(i21
->last_logon
);
959 i
->usri3_last_logoff
= nt_time_to_unix(i21
->last_logoff
);
960 i
->usri3_acct_expires
= nt_time_to_unix(i21
->acct_expiry
);
961 i
->usri3_max_storage
= USER_MAXSTORAGE_UNLIMITED
; /* FIXME */
962 i
->usri3_units_per_week
= i21
->logon_hours
.units_per_week
;
963 i
->usri3_logon_hours
= (uint8_t *)talloc_memdup(mem_ctx
, i21
->logon_hours
.bits
, 21);
964 i
->usri3_bad_pw_count
= i21
->bad_password_count
;
965 i
->usri3_num_logons
= i21
->logon_count
;
966 i
->usri3_logon_server
= talloc_strdup(mem_ctx
, "\\\\*");
967 i
->usri3_country_code
= i21
->country_code
;
968 i
->usri3_code_page
= i21
->code_page
;
969 i
->usri3_user_id
= i21
->rid
;
970 i
->usri3_primary_group_id
= i21
->primary_gid
;
971 i
->usri3_profile
= talloc_strdup(mem_ctx
, i21
->profile_path
.string
);
972 i
->usri3_home_dir_drive
= talloc_strdup(mem_ctx
, i21
->home_drive
.string
);
973 i
->usri3_password_expired
= i21
->password_expired
;
978 /****************************************************************
979 ****************************************************************/
981 static NTSTATUS
info21_to_USER_INFO_4(TALLOC_CTX
*mem_ctx
,
982 const struct samr_UserInfo21
*i21
,
984 struct dom_sid
*domain_sid
,
985 struct USER_INFO_4
*i
)
991 i
->usri4_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
992 NT_STATUS_HAVE_NO_MEMORY(i
->usri4_name
);
993 i
->usri4_password_age
= time(NULL
) - nt_time_to_unix(i21
->last_password_change
);
994 i
->usri4_password
= NULL
;
995 i
->usri4_priv
= samr_rid_to_priv_level(i21
->rid
);
996 i
->usri4_home_dir
= talloc_strdup(mem_ctx
, i21
->home_directory
.string
);
997 i
->usri4_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
998 i
->usri4_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
999 i
->usri4_script_path
= talloc_strdup(mem_ctx
, i21
->logon_script
.string
);
1000 i
->usri4_auth_flags
= auth_flag
;
1001 i
->usri4_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
1002 i
->usri4_usr_comment
= talloc_strdup(mem_ctx
, i21
->comment
.string
);
1003 i
->usri4_parms
= talloc_strndup(mem_ctx
, (const char *)i21
->parameters
.array
, i21
->parameters
.size
/2);
1004 i
->usri4_workstations
= talloc_strdup(mem_ctx
, i21
->workstations
.string
);
1005 i
->usri4_last_logon
= nt_time_to_unix(i21
->last_logon
);
1006 i
->usri4_last_logoff
= nt_time_to_unix(i21
->last_logoff
);
1007 i
->usri4_acct_expires
= nt_time_to_unix(i21
->acct_expiry
);
1008 i
->usri4_max_storage
= USER_MAXSTORAGE_UNLIMITED
; /* FIXME */
1009 i
->usri4_units_per_week
= i21
->logon_hours
.units_per_week
;
1010 i
->usri4_logon_hours
= (uint8_t *)talloc_memdup(mem_ctx
, i21
->logon_hours
.bits
, 21);
1011 i
->usri4_bad_pw_count
= i21
->bad_password_count
;
1012 i
->usri4_num_logons
= i21
->logon_count
;
1013 i
->usri4_logon_server
= talloc_strdup(mem_ctx
, "\\\\*");
1014 i
->usri4_country_code
= i21
->country_code
;
1015 i
->usri4_code_page
= i21
->code_page
;
1016 if (!sid_compose(&sid
, domain_sid
, i21
->rid
)) {
1017 return NT_STATUS_NO_MEMORY
;
1019 i
->usri4_user_sid
= (struct domsid
*)dom_sid_dup(mem_ctx
, &sid
);
1020 i
->usri4_primary_group_id
= i21
->primary_gid
;
1021 i
->usri4_profile
= talloc_strdup(mem_ctx
, i21
->profile_path
.string
);
1022 i
->usri4_home_dir_drive
= talloc_strdup(mem_ctx
, i21
->home_drive
.string
);
1023 i
->usri4_password_expired
= i21
->password_expired
;
1025 return NT_STATUS_OK
;
1028 /****************************************************************
1029 ****************************************************************/
1031 static NTSTATUS
info21_to_USER_INFO_10(TALLOC_CTX
*mem_ctx
,
1032 const struct samr_UserInfo21
*i21
,
1033 struct USER_INFO_10
*i
)
1037 i
->usri10_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
1038 NT_STATUS_HAVE_NO_MEMORY(i
->usri10_name
);
1039 i
->usri10_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
1040 i
->usri10_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
1041 i
->usri10_usr_comment
= talloc_strdup(mem_ctx
, i21
->comment
.string
);
1043 return NT_STATUS_OK
;
1046 /****************************************************************
1047 ****************************************************************/
1049 static NTSTATUS
info21_to_USER_INFO_11(TALLOC_CTX
*mem_ctx
,
1050 const struct samr_UserInfo21
*i21
,
1052 struct USER_INFO_11
*i
)
1056 i
->usri11_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
1057 NT_STATUS_HAVE_NO_MEMORY(i
->usri11_name
);
1058 i
->usri11_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
1059 i
->usri11_usr_comment
= talloc_strdup(mem_ctx
, i21
->comment
.string
);
1060 i
->usri11_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
1061 i
->usri11_priv
= samr_rid_to_priv_level(i21
->rid
);
1062 i
->usri11_auth_flags
= auth_flag
;
1063 i
->usri11_password_age
= time(NULL
) - nt_time_to_unix(i21
->last_password_change
);
1064 i
->usri11_home_dir
= talloc_strdup(mem_ctx
, i21
->home_directory
.string
);
1065 i
->usri11_parms
= talloc_strndup(mem_ctx
, (const char *)i21
->parameters
.array
, i21
->parameters
.size
/2);
1066 i
->usri11_last_logon
= nt_time_to_unix(i21
->last_logon
);
1067 i
->usri11_last_logoff
= nt_time_to_unix(i21
->last_logoff
);
1068 i
->usri11_bad_pw_count
= i21
->bad_password_count
;
1069 i
->usri11_num_logons
= i21
->logon_count
;
1070 i
->usri11_logon_server
= talloc_strdup(mem_ctx
, "\\\\*");
1071 i
->usri11_country_code
= i21
->country_code
;
1072 i
->usri11_workstations
= talloc_strdup(mem_ctx
, i21
->workstations
.string
);
1073 i
->usri11_max_storage
= USER_MAXSTORAGE_UNLIMITED
; /* FIXME */
1074 i
->usri11_units_per_week
= i21
->logon_hours
.units_per_week
;
1075 i
->usri11_logon_hours
= (uint8_t *)talloc_memdup(mem_ctx
, i21
->logon_hours
.bits
, 21);
1076 i
->usri11_code_page
= i21
->code_page
;
1078 return NT_STATUS_OK
;
1081 /****************************************************************
1082 ****************************************************************/
1084 static NTSTATUS
info21_to_USER_INFO_20(TALLOC_CTX
*mem_ctx
,
1085 const struct samr_UserInfo21
*i21
,
1086 struct USER_INFO_20
*i
)
1090 i
->usri20_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
1091 NT_STATUS_HAVE_NO_MEMORY(i
->usri20_name
);
1092 i
->usri20_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
1093 i
->usri20_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
1094 i
->usri20_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
1095 i
->usri20_user_id
= i21
->rid
;
1097 return NT_STATUS_OK
;
1100 /****************************************************************
1101 ****************************************************************/
1103 static NTSTATUS
info21_to_USER_INFO_23(TALLOC_CTX
*mem_ctx
,
1104 const struct samr_UserInfo21
*i21
,
1105 struct dom_sid
*domain_sid
,
1106 struct USER_INFO_23
*i
)
1112 i
->usri23_name
= talloc_strdup(mem_ctx
, i21
->account_name
.string
);
1113 NT_STATUS_HAVE_NO_MEMORY(i
->usri23_name
);
1114 i
->usri23_comment
= talloc_strdup(mem_ctx
, i21
->description
.string
);
1115 i
->usri23_full_name
= talloc_strdup(mem_ctx
, i21
->full_name
.string
);
1116 i
->usri23_flags
= samr_acb_flags_to_netapi_flags(i21
->acct_flags
);
1117 if (!sid_compose(&sid
, domain_sid
, i21
->rid
)) {
1118 return NT_STATUS_NO_MEMORY
;
1120 i
->usri23_user_sid
= (struct domsid
*)dom_sid_dup(mem_ctx
, &sid
);
1122 return NT_STATUS_OK
;
1125 /****************************************************************
1126 ****************************************************************/
1128 static NTSTATUS
libnetapi_samr_lookup_user_map_USER_INFO(TALLOC_CTX
*mem_ctx
,
1129 struct rpc_pipe_client
*pipe_cli
,
1130 struct dom_sid
*domain_sid
,
1131 struct policy_handle
*domain_handle
,
1132 struct policy_handle
*builtin_handle
,
1133 const char *user_name
,
1137 uint32_t *num_entries
)
1141 struct samr_UserInfo21
*info21
= NULL
;
1142 struct sec_desc_buf
*sec_desc
= NULL
;
1143 uint32_t auth_flag
= 0;
1145 struct USER_INFO_0 info0
;
1146 struct USER_INFO_1 info1
;
1147 struct USER_INFO_2 info2
;
1148 struct USER_INFO_3 info3
;
1149 struct USER_INFO_4 info4
;
1150 struct USER_INFO_10 info10
;
1151 struct USER_INFO_11 info11
;
1152 struct USER_INFO_20 info20
;
1153 struct USER_INFO_23 info23
;
1167 return NT_STATUS_INVALID_LEVEL
;
1171 info0
.usri0_name
= talloc_strdup(mem_ctx
, user_name
);
1172 NT_STATUS_HAVE_NO_MEMORY(info0
.usri0_name
);
1174 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_0
, info0
,
1175 (struct USER_INFO_0
**)buffer
, num_entries
);
1177 return NT_STATUS_OK
;
1180 status
= libnetapi_samr_lookup_user(mem_ctx
, pipe_cli
,
1191 if (!NT_STATUS_IS_OK(status
)) {
1197 /* already returned above */
1200 status
= info21_to_USER_INFO_1(mem_ctx
, info21
, &info1
);
1201 NT_STATUS_NOT_OK_RETURN(status
);
1203 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_1
, info1
,
1204 (struct USER_INFO_1
**)buffer
, num_entries
);
1208 status
= info21_to_USER_INFO_2(mem_ctx
, info21
, auth_flag
, &info2
);
1209 NT_STATUS_NOT_OK_RETURN(status
);
1211 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_2
, info2
,
1212 (struct USER_INFO_2
**)buffer
, num_entries
);
1216 status
= info21_to_USER_INFO_3(mem_ctx
, info21
, auth_flag
, &info3
);
1217 NT_STATUS_NOT_OK_RETURN(status
);
1219 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_3
, info3
,
1220 (struct USER_INFO_3
**)buffer
, num_entries
);
1224 status
= info21_to_USER_INFO_4(mem_ctx
, info21
, auth_flag
, domain_sid
, &info4
);
1225 NT_STATUS_NOT_OK_RETURN(status
);
1227 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_4
, info4
,
1228 (struct USER_INFO_4
**)buffer
, num_entries
);
1232 status
= info21_to_USER_INFO_10(mem_ctx
, info21
, &info10
);
1233 NT_STATUS_NOT_OK_RETURN(status
);
1235 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_10
, info10
,
1236 (struct USER_INFO_10
**)buffer
, num_entries
);
1240 status
= info21_to_USER_INFO_11(mem_ctx
, info21
, auth_flag
, &info11
);
1241 NT_STATUS_NOT_OK_RETURN(status
);
1243 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_11
, info11
,
1244 (struct USER_INFO_11
**)buffer
, num_entries
);
1248 status
= info21_to_USER_INFO_20(mem_ctx
, info21
, &info20
);
1249 NT_STATUS_NOT_OK_RETURN(status
);
1251 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_20
, info20
,
1252 (struct USER_INFO_20
**)buffer
, num_entries
);
1256 status
= info21_to_USER_INFO_23(mem_ctx
, info21
, domain_sid
, &info23
);
1257 NT_STATUS_NOT_OK_RETURN(status
);
1259 ADD_TO_ARRAY(mem_ctx
, struct USER_INFO_23
, info23
,
1260 (struct USER_INFO_23
**)buffer
, num_entries
);
1263 return NT_STATUS_INVALID_LEVEL
;
1270 /****************************************************************
1271 ****************************************************************/
1273 WERROR
NetUserEnum_r(struct libnetapi_ctx
*ctx
,
1274 struct NetUserEnum
*r
)
1276 struct rpc_pipe_client
*pipe_cli
= NULL
;
1277 struct policy_handle connect_handle
;
1278 struct dom_sid2
*domain_sid
= NULL
;
1279 struct policy_handle domain_handle
, builtin_handle
;
1280 struct samr_SamArray
*sam
= NULL
;
1281 uint32_t filter
= ACB_NORMAL
;
1283 uint32_t entries_read
= 0;
1285 NTSTATUS status
= NT_STATUS_OK
;
1286 NTSTATUS result
= NT_STATUS_OK
;
1288 struct dcerpc_binding_handle
*b
= NULL
;
1290 ZERO_STRUCT(connect_handle
);
1291 ZERO_STRUCT(domain_handle
);
1292 ZERO_STRUCT(builtin_handle
);
1294 if (!r
->out
.buffer
) {
1295 return WERR_INVALID_PARAM
;
1298 *r
->out
.buffer
= NULL
;
1299 *r
->out
.entries_read
= 0;
1301 switch (r
->in
.level
) {
1313 return WERR_UNKNOWN_LEVEL
;
1316 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
1317 &ndr_table_samr
.syntax_id
,
1319 if (!W_ERROR_IS_OK(werr
)) {
1323 b
= pipe_cli
->binding_handle
;
1325 werr
= libnetapi_samr_open_builtin_domain(ctx
, pipe_cli
,
1326 SAMR_ACCESS_ENUM_DOMAINS
|
1327 SAMR_ACCESS_LOOKUP_DOMAIN
,
1328 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
|
1329 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
,
1332 if (!W_ERROR_IS_OK(werr
)) {
1336 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
1337 SAMR_ACCESS_ENUM_DOMAINS
|
1338 SAMR_ACCESS_LOOKUP_DOMAIN
,
1339 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
|
1340 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
|
1341 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
1345 if (!W_ERROR_IS_OK(werr
)) {
1349 switch (r
->in
.filter
) {
1350 case FILTER_NORMAL_ACCOUNT
:
1351 filter
= ACB_NORMAL
;
1353 case FILTER_TEMP_DUPLICATE_ACCOUNT
:
1354 filter
= ACB_TEMPDUP
;
1356 case FILTER_INTERDOMAIN_TRUST_ACCOUNT
:
1357 filter
= ACB_DOMTRUST
;
1359 case FILTER_WORKSTATION_TRUST_ACCOUNT
:
1360 filter
= ACB_WSTRUST
;
1362 case FILTER_SERVER_TRUST_ACCOUNT
:
1363 filter
= ACB_SVRTRUST
;
1369 status
= dcerpc_samr_EnumDomainUsers(b
,
1372 r
->in
.resume_handle
,
1378 if (!NT_STATUS_IS_OK(status
)) {
1379 werr
= ntstatus_to_werror(status
);
1382 werr
= ntstatus_to_werror(result
);
1383 if (NT_STATUS_IS_ERR(result
)) {
1387 for (i
=0; i
< sam
->count
; i
++) {
1389 status
= libnetapi_samr_lookup_user_map_USER_INFO(ctx
, pipe_cli
,
1393 sam
->entries
[i
].name
.string
,
1394 sam
->entries
[i
].idx
,
1397 r
->out
.entries_read
);
1398 if (!NT_STATUS_IS_OK(status
)) {
1399 werr
= ntstatus_to_werror(status
);
1406 if (NT_STATUS_IS_OK(result
) ||
1407 NT_STATUS_IS_ERR(result
)) {
1409 if (ctx
->disable_policy_handle_cache
) {
1410 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
1411 libnetapi_samr_close_builtin_handle(ctx
, &builtin_handle
);
1412 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
1419 /****************************************************************
1420 ****************************************************************/
1422 WERROR
NetUserEnum_l(struct libnetapi_ctx
*ctx
,
1423 struct NetUserEnum
*r
)
1425 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserEnum
);
1428 /****************************************************************
1429 ****************************************************************/
1431 static WERROR
convert_samr_dispinfo_to_NET_DISPLAY_USER(TALLOC_CTX
*mem_ctx
,
1432 struct samr_DispInfoGeneral
*info
,
1433 uint32_t *entries_read
,
1436 struct NET_DISPLAY_USER
*user
= NULL
;
1439 user
= talloc_zero_array(mem_ctx
,
1440 struct NET_DISPLAY_USER
,
1442 W_ERROR_HAVE_NO_MEMORY(user
);
1444 for (i
= 0; i
< info
->count
; i
++) {
1445 user
[i
].usri1_name
= talloc_strdup(mem_ctx
,
1446 info
->entries
[i
].account_name
.string
);
1447 user
[i
].usri1_comment
= talloc_strdup(mem_ctx
,
1448 info
->entries
[i
].description
.string
);
1449 user
[i
].usri1_flags
=
1450 info
->entries
[i
].acct_flags
;
1451 user
[i
].usri1_full_name
= talloc_strdup(mem_ctx
,
1452 info
->entries
[i
].full_name
.string
);
1453 user
[i
].usri1_user_id
=
1454 info
->entries
[i
].rid
;
1455 user
[i
].usri1_next_index
=
1456 info
->entries
[i
].idx
;
1458 if (!user
[i
].usri1_name
) {
1463 *buffer
= talloc_memdup(mem_ctx
, user
,
1464 sizeof(struct NET_DISPLAY_USER
) * info
->count
);
1465 W_ERROR_HAVE_NO_MEMORY(*buffer
);
1467 *entries_read
= info
->count
;
1472 /****************************************************************
1473 ****************************************************************/
1475 static WERROR
convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(TALLOC_CTX
*mem_ctx
,
1476 struct samr_DispInfoFull
*info
,
1477 uint32_t *entries_read
,
1480 struct NET_DISPLAY_MACHINE
*machine
= NULL
;
1483 machine
= talloc_zero_array(mem_ctx
,
1484 struct NET_DISPLAY_MACHINE
,
1486 W_ERROR_HAVE_NO_MEMORY(machine
);
1488 for (i
= 0; i
< info
->count
; i
++) {
1489 machine
[i
].usri2_name
= talloc_strdup(mem_ctx
,
1490 info
->entries
[i
].account_name
.string
);
1491 machine
[i
].usri2_comment
= talloc_strdup(mem_ctx
,
1492 info
->entries
[i
].description
.string
);
1493 machine
[i
].usri2_flags
=
1494 info
->entries
[i
].acct_flags
;
1495 machine
[i
].usri2_user_id
=
1496 info
->entries
[i
].rid
;
1497 machine
[i
].usri2_next_index
=
1498 info
->entries
[i
].idx
;
1500 if (!machine
[i
].usri2_name
) {
1505 *buffer
= talloc_memdup(mem_ctx
, machine
,
1506 sizeof(struct NET_DISPLAY_MACHINE
) * info
->count
);
1507 W_ERROR_HAVE_NO_MEMORY(*buffer
);
1509 *entries_read
= info
->count
;
1514 /****************************************************************
1515 ****************************************************************/
1517 static WERROR
convert_samr_dispinfo_to_NET_DISPLAY_GROUP(TALLOC_CTX
*mem_ctx
,
1518 struct samr_DispInfoFullGroups
*info
,
1519 uint32_t *entries_read
,
1522 struct NET_DISPLAY_GROUP
*group
= NULL
;
1525 group
= talloc_zero_array(mem_ctx
,
1526 struct NET_DISPLAY_GROUP
,
1528 W_ERROR_HAVE_NO_MEMORY(group
);
1530 for (i
= 0; i
< info
->count
; i
++) {
1531 group
[i
].grpi3_name
= talloc_strdup(mem_ctx
,
1532 info
->entries
[i
].account_name
.string
);
1533 group
[i
].grpi3_comment
= talloc_strdup(mem_ctx
,
1534 info
->entries
[i
].description
.string
);
1535 group
[i
].grpi3_group_id
=
1536 info
->entries
[i
].rid
;
1537 group
[i
].grpi3_attributes
=
1538 info
->entries
[i
].acct_flags
;
1539 group
[i
].grpi3_next_index
=
1540 info
->entries
[i
].idx
;
1542 if (!group
[i
].grpi3_name
) {
1547 *buffer
= talloc_memdup(mem_ctx
, group
,
1548 sizeof(struct NET_DISPLAY_GROUP
) * info
->count
);
1549 W_ERROR_HAVE_NO_MEMORY(*buffer
);
1551 *entries_read
= info
->count
;
1557 /****************************************************************
1558 ****************************************************************/
1560 static WERROR
convert_samr_dispinfo_to_NET_DISPLAY(TALLOC_CTX
*mem_ctx
,
1561 union samr_DispInfo
*info
,
1563 uint32_t *entries_read
,
1568 return convert_samr_dispinfo_to_NET_DISPLAY_USER(mem_ctx
,
1573 return convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(mem_ctx
,
1578 return convert_samr_dispinfo_to_NET_DISPLAY_GROUP(mem_ctx
,
1586 return WERR_UNKNOWN_LEVEL
;
1589 /****************************************************************
1590 ****************************************************************/
1592 WERROR
NetQueryDisplayInformation_r(struct libnetapi_ctx
*ctx
,
1593 struct NetQueryDisplayInformation
*r
)
1595 struct rpc_pipe_client
*pipe_cli
= NULL
;
1596 struct policy_handle connect_handle
;
1597 struct dom_sid2
*domain_sid
= NULL
;
1598 struct policy_handle domain_handle
;
1599 union samr_DispInfo info
;
1600 struct dcerpc_binding_handle
*b
= NULL
;
1602 uint32_t total_size
= 0;
1603 uint32_t returned_size
= 0;
1605 NTSTATUS status
= NT_STATUS_OK
;
1606 NTSTATUS result
= NT_STATUS_OK
;
1610 *r
->out
.entries_read
= 0;
1612 ZERO_STRUCT(connect_handle
);
1613 ZERO_STRUCT(domain_handle
);
1615 switch (r
->in
.level
) {
1621 return WERR_UNKNOWN_LEVEL
;
1624 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
1625 &ndr_table_samr
.syntax_id
,
1627 if (!W_ERROR_IS_OK(werr
)) {
1631 b
= pipe_cli
->binding_handle
;
1633 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
1634 SAMR_ACCESS_ENUM_DOMAINS
|
1635 SAMR_ACCESS_LOOKUP_DOMAIN
,
1636 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
|
1637 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
|
1638 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
1642 if (!W_ERROR_IS_OK(werr
)) {
1646 status
= dcerpc_samr_QueryDisplayInfo2(b
,
1651 r
->in
.entries_requested
,
1657 if (!NT_STATUS_IS_OK(status
)) {
1658 werr
= ntstatus_to_werror(status
);
1661 werr
= ntstatus_to_werror(result
);
1662 if (NT_STATUS_IS_ERR(result
)) {
1666 werr_tmp
= convert_samr_dispinfo_to_NET_DISPLAY(ctx
, &info
,
1668 r
->out
.entries_read
,
1670 if (!W_ERROR_IS_OK(werr_tmp
)) {
1675 if (NT_STATUS_IS_OK(result
) ||
1676 NT_STATUS_IS_ERR(result
)) {
1678 if (ctx
->disable_policy_handle_cache
) {
1679 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
1680 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
1688 /****************************************************************
1689 ****************************************************************/
1692 WERROR
NetQueryDisplayInformation_l(struct libnetapi_ctx
*ctx
,
1693 struct NetQueryDisplayInformation
*r
)
1695 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetQueryDisplayInformation
);
1698 /****************************************************************
1699 ****************************************************************/
1701 WERROR
NetUserChangePassword_r(struct libnetapi_ctx
*ctx
,
1702 struct NetUserChangePassword
*r
)
1704 return WERR_NOT_SUPPORTED
;
1707 /****************************************************************
1708 ****************************************************************/
1710 WERROR
NetUserChangePassword_l(struct libnetapi_ctx
*ctx
,
1711 struct NetUserChangePassword
*r
)
1713 return WERR_NOT_SUPPORTED
;
1716 /****************************************************************
1717 ****************************************************************/
1719 WERROR
NetUserGetInfo_r(struct libnetapi_ctx
*ctx
,
1720 struct NetUserGetInfo
*r
)
1722 struct rpc_pipe_client
*pipe_cli
= NULL
;
1723 NTSTATUS status
, result
;
1726 struct policy_handle connect_handle
, domain_handle
, builtin_handle
, user_handle
;
1727 struct lsa_String lsa_account_name
;
1728 struct dom_sid2
*domain_sid
= NULL
;
1729 struct samr_Ids user_rids
, name_types
;
1730 uint32_t num_entries
= 0;
1731 struct dcerpc_binding_handle
*b
= NULL
;
1733 ZERO_STRUCT(connect_handle
);
1734 ZERO_STRUCT(domain_handle
);
1735 ZERO_STRUCT(builtin_handle
);
1736 ZERO_STRUCT(user_handle
);
1738 if (!r
->out
.buffer
) {
1739 return WERR_INVALID_PARAM
;
1742 switch (r
->in
.level
) {
1754 werr
= WERR_UNKNOWN_LEVEL
;
1758 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
1759 &ndr_table_samr
.syntax_id
,
1761 if (!W_ERROR_IS_OK(werr
)) {
1765 b
= pipe_cli
->binding_handle
;
1767 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
1768 SAMR_ACCESS_ENUM_DOMAINS
|
1769 SAMR_ACCESS_LOOKUP_DOMAIN
,
1770 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
1774 if (!W_ERROR_IS_OK(werr
)) {
1778 werr
= libnetapi_samr_open_builtin_domain(ctx
, pipe_cli
,
1779 SAMR_ACCESS_ENUM_DOMAINS
|
1780 SAMR_ACCESS_LOOKUP_DOMAIN
,
1781 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
|
1782 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
,
1785 if (!W_ERROR_IS_OK(werr
)) {
1789 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
1791 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
1798 if (!NT_STATUS_IS_OK(status
)) {
1799 werr
= ntstatus_to_werror(status
);
1802 if (!NT_STATUS_IS_OK(result
)) {
1803 werr
= ntstatus_to_werror(result
);
1807 status
= libnetapi_samr_lookup_user_map_USER_INFO(ctx
, pipe_cli
,
1816 if (!NT_STATUS_IS_OK(status
)) {
1817 werr
= ntstatus_to_werror(status
);
1822 if (is_valid_policy_hnd(&user_handle
) && b
) {
1823 dcerpc_samr_Close(b
, talloc_tos(), &user_handle
, &result
);
1826 if (ctx
->disable_policy_handle_cache
) {
1827 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
1828 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
1834 /****************************************************************
1835 ****************************************************************/
1837 WERROR
NetUserGetInfo_l(struct libnetapi_ctx
*ctx
,
1838 struct NetUserGetInfo
*r
)
1840 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserGetInfo
);
1843 /****************************************************************
1844 ****************************************************************/
1846 WERROR
NetUserSetInfo_r(struct libnetapi_ctx
*ctx
,
1847 struct NetUserSetInfo
*r
)
1849 struct rpc_pipe_client
*pipe_cli
= NULL
;
1850 NTSTATUS status
, result
;
1853 struct policy_handle connect_handle
, domain_handle
, builtin_handle
, user_handle
;
1854 struct lsa_String lsa_account_name
;
1855 struct dom_sid2
*domain_sid
= NULL
;
1856 struct samr_Ids user_rids
, name_types
;
1857 uint32_t user_mask
= 0;
1859 struct USER_INFO_X uX
;
1860 struct dcerpc_binding_handle
*b
= NULL
;
1861 DATA_BLOB session_key
;
1863 ZERO_STRUCT(connect_handle
);
1864 ZERO_STRUCT(domain_handle
);
1865 ZERO_STRUCT(builtin_handle
);
1866 ZERO_STRUCT(user_handle
);
1868 if (!r
->in
.buffer
) {
1869 return WERR_INVALID_PARAM
;
1872 switch (r
->in
.level
) {
1874 user_mask
= SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1877 user_mask
= SAMR_USER_ACCESS_SET_PASSWORD
;
1886 user_mask
= SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1890 user_mask
= SAMR_USER_ACCESS_SET_LOC_COM
;
1892 user_mask
= SAMR_USER_ACCESS_SET_ATTRIBUTES
|
1893 SAMR_USER_ACCESS_GET_GROUPS
;
1896 user_mask
= SEC_STD_READ_CONTROL
|
1898 SAMR_USER_ACCESS_GET_GROUPS
|
1899 SAMR_USER_ACCESS_SET_PASSWORD
|
1900 SAMR_USER_ACCESS_SET_ATTRIBUTES
|
1901 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
1902 SAMR_USER_ACCESS_SET_LOC_COM
;
1914 werr
= WERR_NOT_SUPPORTED
;
1917 werr
= WERR_UNKNOWN_LEVEL
;
1921 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
1922 &ndr_table_samr
.syntax_id
,
1924 if (!W_ERROR_IS_OK(werr
)) {
1928 b
= pipe_cli
->binding_handle
;
1930 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
1931 SAMR_ACCESS_ENUM_DOMAINS
|
1932 SAMR_ACCESS_LOOKUP_DOMAIN
,
1933 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
|
1934 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
1938 if (!W_ERROR_IS_OK(werr
)) {
1942 werr
= libnetapi_samr_open_builtin_domain(ctx
, pipe_cli
,
1943 SAMR_ACCESS_ENUM_DOMAINS
|
1944 SAMR_ACCESS_LOOKUP_DOMAIN
,
1945 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
|
1946 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
,
1949 if (!W_ERROR_IS_OK(werr
)) {
1953 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
1955 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
1962 if (!NT_STATUS_IS_OK(status
)) {
1963 werr
= ntstatus_to_werror(status
);
1966 if (!NT_STATUS_IS_OK(result
)) {
1967 werr
= ntstatus_to_werror(result
);
1971 status
= dcerpc_samr_OpenUser(b
, talloc_tos(),
1977 if (!NT_STATUS_IS_OK(status
)) {
1978 werr
= ntstatus_to_werror(status
);
1981 if (!NT_STATUS_IS_OK(result
)) {
1982 werr
= ntstatus_to_werror(result
);
1986 status
= construct_USER_INFO_X(r
->in
.level
, r
->in
.buffer
, &uX
);
1987 if (!NT_STATUS_IS_OK(status
)) {
1988 werr
= ntstatus_to_werror(status
);
1992 status
= cli_get_session_key(talloc_tos(), pipe_cli
, &session_key
);
1993 if (!NT_STATUS_IS_OK(status
)) {
1994 werr
= ntstatus_to_werror(status
);
1998 status
= set_user_info_USER_INFO_X(ctx
, pipe_cli
,
2002 if (!NT_STATUS_IS_OK(status
)) {
2003 werr
= ntstatus_to_werror(status
);
2010 if (is_valid_policy_hnd(&user_handle
) && b
) {
2011 dcerpc_samr_Close(b
, talloc_tos(), &user_handle
, &result
);
2014 if (ctx
->disable_policy_handle_cache
) {
2015 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
2016 libnetapi_samr_close_builtin_handle(ctx
, &builtin_handle
);
2017 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
2023 /****************************************************************
2024 ****************************************************************/
2026 WERROR
NetUserSetInfo_l(struct libnetapi_ctx
*ctx
,
2027 struct NetUserSetInfo
*r
)
2029 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserSetInfo
);
2032 /****************************************************************
2033 ****************************************************************/
2035 static NTSTATUS
query_USER_MODALS_INFO_rpc(TALLOC_CTX
*mem_ctx
,
2036 struct rpc_pipe_client
*pipe_cli
,
2037 struct policy_handle
*domain_handle
,
2038 struct samr_DomInfo1
*info1
,
2039 struct samr_DomInfo3
*info3
,
2040 struct samr_DomInfo5
*info5
,
2041 struct samr_DomInfo6
*info6
,
2042 struct samr_DomInfo7
*info7
,
2043 struct samr_DomInfo12
*info12
)
2045 NTSTATUS status
, result
;
2046 union samr_DomainInfo
*dom_info
= NULL
;
2047 struct dcerpc_binding_handle
*b
= pipe_cli
->binding_handle
;
2050 status
= dcerpc_samr_QueryDomainInfo(b
, mem_ctx
,
2055 NT_STATUS_NOT_OK_RETURN(status
);
2056 NT_STATUS_NOT_OK_RETURN(result
);
2058 *info1
= dom_info
->info1
;
2062 status
= dcerpc_samr_QueryDomainInfo(b
, mem_ctx
,
2067 NT_STATUS_NOT_OK_RETURN(status
);
2068 NT_STATUS_NOT_OK_RETURN(result
);
2070 *info3
= dom_info
->info3
;
2074 status
= dcerpc_samr_QueryDomainInfo(b
, mem_ctx
,
2079 NT_STATUS_NOT_OK_RETURN(status
);
2080 NT_STATUS_NOT_OK_RETURN(result
);
2082 *info5
= dom_info
->info5
;
2086 status
= dcerpc_samr_QueryDomainInfo(b
, mem_ctx
,
2091 NT_STATUS_NOT_OK_RETURN(status
);
2092 NT_STATUS_NOT_OK_RETURN(result
);
2094 *info6
= dom_info
->info6
;
2098 status
= dcerpc_samr_QueryDomainInfo(b
, mem_ctx
,
2103 NT_STATUS_NOT_OK_RETURN(status
);
2104 NT_STATUS_NOT_OK_RETURN(result
);
2106 *info7
= dom_info
->info7
;
2110 status
= dcerpc_samr_QueryDomainInfo2(b
, mem_ctx
,
2115 NT_STATUS_NOT_OK_RETURN(status
);
2116 NT_STATUS_NOT_OK_RETURN(result
);
2118 *info12
= dom_info
->info12
;
2121 return NT_STATUS_OK
;
2124 /****************************************************************
2125 ****************************************************************/
2127 static NTSTATUS
query_USER_MODALS_INFO_0(TALLOC_CTX
*mem_ctx
,
2128 struct rpc_pipe_client
*pipe_cli
,
2129 struct policy_handle
*domain_handle
,
2130 struct USER_MODALS_INFO_0
*info0
)
2133 struct samr_DomInfo1 dom_info1
;
2134 struct samr_DomInfo3 dom_info3
;
2136 ZERO_STRUCTP(info0
);
2138 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2147 NT_STATUS_NOT_OK_RETURN(status
);
2149 info0
->usrmod0_min_passwd_len
=
2150 dom_info1
.min_password_length
;
2151 info0
->usrmod0_max_passwd_age
=
2152 nt_time_to_unix_abs((NTTIME
*)&dom_info1
.max_password_age
);
2153 info0
->usrmod0_min_passwd_age
=
2154 nt_time_to_unix_abs((NTTIME
*)&dom_info1
.min_password_age
);
2155 info0
->usrmod0_password_hist_len
=
2156 dom_info1
.password_history_length
;
2158 info0
->usrmod0_force_logoff
=
2159 nt_time_to_unix_abs(&dom_info3
.force_logoff_time
);
2161 return NT_STATUS_OK
;
2164 /****************************************************************
2165 ****************************************************************/
2167 static NTSTATUS
query_USER_MODALS_INFO_1(TALLOC_CTX
*mem_ctx
,
2168 struct rpc_pipe_client
*pipe_cli
,
2169 struct policy_handle
*domain_handle
,
2170 struct USER_MODALS_INFO_1
*info1
)
2173 struct samr_DomInfo6 dom_info6
;
2174 struct samr_DomInfo7 dom_info7
;
2176 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2185 NT_STATUS_NOT_OK_RETURN(status
);
2187 info1
->usrmod1_primary
=
2188 talloc_strdup(mem_ctx
, dom_info6
.primary
.string
);
2190 info1
->usrmod1_role
= dom_info7
.role
;
2192 return NT_STATUS_OK
;
2195 /****************************************************************
2196 ****************************************************************/
2198 static NTSTATUS
query_USER_MODALS_INFO_2(TALLOC_CTX
*mem_ctx
,
2199 struct rpc_pipe_client
*pipe_cli
,
2200 struct policy_handle
*domain_handle
,
2201 struct dom_sid
*domain_sid
,
2202 struct USER_MODALS_INFO_2
*info2
)
2205 struct samr_DomInfo5 dom_info5
;
2207 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2216 NT_STATUS_NOT_OK_RETURN(status
);
2218 info2
->usrmod2_domain_name
=
2219 talloc_strdup(mem_ctx
, dom_info5
.domain_name
.string
);
2220 info2
->usrmod2_domain_id
=
2221 (struct domsid
*)dom_sid_dup(mem_ctx
, domain_sid
);
2223 NT_STATUS_HAVE_NO_MEMORY(info2
->usrmod2_domain_name
);
2224 NT_STATUS_HAVE_NO_MEMORY(info2
->usrmod2_domain_id
);
2226 return NT_STATUS_OK
;
2229 /****************************************************************
2230 ****************************************************************/
2232 static NTSTATUS
query_USER_MODALS_INFO_3(TALLOC_CTX
*mem_ctx
,
2233 struct rpc_pipe_client
*pipe_cli
,
2234 struct policy_handle
*domain_handle
,
2235 struct USER_MODALS_INFO_3
*info3
)
2238 struct samr_DomInfo12 dom_info12
;
2240 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2249 NT_STATUS_NOT_OK_RETURN(status
);
2251 info3
->usrmod3_lockout_duration
=
2252 nt_time_to_unix_abs(&dom_info12
.lockout_duration
);
2253 info3
->usrmod3_lockout_observation_window
=
2254 nt_time_to_unix_abs(&dom_info12
.lockout_window
);
2255 info3
->usrmod3_lockout_threshold
=
2256 dom_info12
.lockout_threshold
;
2258 return NT_STATUS_OK
;
2261 /****************************************************************
2262 ****************************************************************/
2264 static NTSTATUS
query_USER_MODALS_INFO_to_buffer(TALLOC_CTX
*mem_ctx
,
2265 struct rpc_pipe_client
*pipe_cli
,
2267 struct policy_handle
*domain_handle
,
2268 struct dom_sid
*domain_sid
,
2273 struct USER_MODALS_INFO_0 info0
;
2274 struct USER_MODALS_INFO_1 info1
;
2275 struct USER_MODALS_INFO_2 info2
;
2276 struct USER_MODALS_INFO_3 info3
;
2279 return ERROR_INSUFFICIENT_BUFFER
;
2284 status
= query_USER_MODALS_INFO_0(mem_ctx
,
2288 NT_STATUS_NOT_OK_RETURN(status
);
2290 *buffer
= (uint8_t *)talloc_memdup(mem_ctx
, &info0
,
2295 status
= query_USER_MODALS_INFO_1(mem_ctx
,
2299 NT_STATUS_NOT_OK_RETURN(status
);
2301 *buffer
= (uint8_t *)talloc_memdup(mem_ctx
, &info1
,
2305 status
= query_USER_MODALS_INFO_2(mem_ctx
,
2310 NT_STATUS_NOT_OK_RETURN(status
);
2312 *buffer
= (uint8_t *)talloc_memdup(mem_ctx
, &info2
,
2316 status
= query_USER_MODALS_INFO_3(mem_ctx
,
2320 NT_STATUS_NOT_OK_RETURN(status
);
2322 *buffer
= (uint8_t *)talloc_memdup(mem_ctx
, &info3
,
2329 NT_STATUS_HAVE_NO_MEMORY(*buffer
);
2331 return NT_STATUS_OK
;
2334 /****************************************************************
2335 ****************************************************************/
2337 WERROR
NetUserModalsGet_r(struct libnetapi_ctx
*ctx
,
2338 struct NetUserModalsGet
*r
)
2340 struct rpc_pipe_client
*pipe_cli
= NULL
;
2344 struct policy_handle connect_handle
, domain_handle
;
2345 struct dom_sid2
*domain_sid
= NULL
;
2346 uint32_t access_mask
= SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
;
2348 ZERO_STRUCT(connect_handle
);
2349 ZERO_STRUCT(domain_handle
);
2351 if (!r
->out
.buffer
) {
2352 return WERR_INVALID_PARAM
;
2355 switch (r
->in
.level
) {
2357 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
|
2358 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
;
2362 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
;
2365 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
;
2368 werr
= WERR_UNKNOWN_LEVEL
;
2372 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
2373 &ndr_table_samr
.syntax_id
,
2375 if (!W_ERROR_IS_OK(werr
)) {
2379 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
2380 SAMR_ACCESS_ENUM_DOMAINS
|
2381 SAMR_ACCESS_LOOKUP_DOMAIN
,
2386 if (!W_ERROR_IS_OK(werr
)) {
2393 /* 3: 12 (DomainInfo2) */
2395 status
= query_USER_MODALS_INFO_to_buffer(ctx
,
2401 if (!NT_STATUS_IS_OK(status
)) {
2402 werr
= ntstatus_to_werror(status
);
2407 if (ctx
->disable_policy_handle_cache
) {
2408 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
2409 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
2415 /****************************************************************
2416 ****************************************************************/
2418 WERROR
NetUserModalsGet_l(struct libnetapi_ctx
*ctx
,
2419 struct NetUserModalsGet
*r
)
2421 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserModalsGet
);
2424 /****************************************************************
2425 ****************************************************************/
2427 static NTSTATUS
set_USER_MODALS_INFO_rpc(TALLOC_CTX
*mem_ctx
,
2428 struct rpc_pipe_client
*pipe_cli
,
2429 struct policy_handle
*domain_handle
,
2430 struct samr_DomInfo1
*info1
,
2431 struct samr_DomInfo3
*info3
,
2432 struct samr_DomInfo12
*info12
)
2434 NTSTATUS status
, result
;
2435 union samr_DomainInfo dom_info
;
2436 struct dcerpc_binding_handle
*b
= pipe_cli
->binding_handle
;
2440 ZERO_STRUCT(dom_info
);
2442 dom_info
.info1
= *info1
;
2444 status
= dcerpc_samr_SetDomainInfo(b
, mem_ctx
,
2449 NT_STATUS_NOT_OK_RETURN(status
);
2450 NT_STATUS_NOT_OK_RETURN(result
);
2455 ZERO_STRUCT(dom_info
);
2457 dom_info
.info3
= *info3
;
2459 status
= dcerpc_samr_SetDomainInfo(b
, mem_ctx
,
2465 NT_STATUS_NOT_OK_RETURN(status
);
2466 NT_STATUS_NOT_OK_RETURN(result
);
2471 ZERO_STRUCT(dom_info
);
2473 dom_info
.info12
= *info12
;
2475 status
= dcerpc_samr_SetDomainInfo(b
, mem_ctx
,
2481 NT_STATUS_NOT_OK_RETURN(status
);
2482 NT_STATUS_NOT_OK_RETURN(result
);
2485 return NT_STATUS_OK
;
2488 /****************************************************************
2489 ****************************************************************/
2491 static NTSTATUS
set_USER_MODALS_INFO_0_buffer(TALLOC_CTX
*mem_ctx
,
2492 struct rpc_pipe_client
*pipe_cli
,
2493 struct policy_handle
*domain_handle
,
2494 struct USER_MODALS_INFO_0
*info0
)
2497 struct samr_DomInfo1 dom_info_1
;
2498 struct samr_DomInfo3 dom_info_3
;
2500 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2509 NT_STATUS_NOT_OK_RETURN(status
);
2511 dom_info_1
.min_password_length
=
2512 info0
->usrmod0_min_passwd_len
;
2513 dom_info_1
.password_history_length
=
2514 info0
->usrmod0_password_hist_len
;
2516 unix_to_nt_time_abs((NTTIME
*)&dom_info_1
.max_password_age
,
2517 info0
->usrmod0_max_passwd_age
);
2518 unix_to_nt_time_abs((NTTIME
*)&dom_info_1
.min_password_age
,
2519 info0
->usrmod0_min_passwd_age
);
2521 unix_to_nt_time_abs(&dom_info_3
.force_logoff_time
,
2522 info0
->usrmod0_force_logoff
);
2524 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2532 /****************************************************************
2533 ****************************************************************/
2535 static NTSTATUS
set_USER_MODALS_INFO_3_buffer(TALLOC_CTX
*mem_ctx
,
2536 struct rpc_pipe_client
*pipe_cli
,
2537 struct policy_handle
*domain_handle
,
2538 struct USER_MODALS_INFO_3
*info3
)
2541 struct samr_DomInfo12 dom_info_12
;
2543 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2552 NT_STATUS_NOT_OK_RETURN(status
);
2554 unix_to_nt_time_abs((NTTIME
*)&dom_info_12
.lockout_duration
,
2555 info3
->usrmod3_lockout_duration
);
2556 unix_to_nt_time_abs((NTTIME
*)&dom_info_12
.lockout_window
,
2557 info3
->usrmod3_lockout_observation_window
);
2558 dom_info_12
.lockout_threshold
= info3
->usrmod3_lockout_threshold
;
2560 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2568 /****************************************************************
2569 ****************************************************************/
2571 static NTSTATUS
set_USER_MODALS_INFO_1001_buffer(TALLOC_CTX
*mem_ctx
,
2572 struct rpc_pipe_client
*pipe_cli
,
2573 struct policy_handle
*domain_handle
,
2574 struct USER_MODALS_INFO_1001
*info1001
)
2577 struct samr_DomInfo1 dom_info_1
;
2579 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2588 NT_STATUS_NOT_OK_RETURN(status
);
2590 dom_info_1
.min_password_length
=
2591 info1001
->usrmod1001_min_passwd_len
;
2593 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2601 /****************************************************************
2602 ****************************************************************/
2604 static NTSTATUS
set_USER_MODALS_INFO_1002_buffer(TALLOC_CTX
*mem_ctx
,
2605 struct rpc_pipe_client
*pipe_cli
,
2606 struct policy_handle
*domain_handle
,
2607 struct USER_MODALS_INFO_1002
*info1002
)
2610 struct samr_DomInfo1 dom_info_1
;
2612 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2621 NT_STATUS_NOT_OK_RETURN(status
);
2623 unix_to_nt_time_abs((NTTIME
*)&dom_info_1
.max_password_age
,
2624 info1002
->usrmod1002_max_passwd_age
);
2626 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2634 /****************************************************************
2635 ****************************************************************/
2637 static NTSTATUS
set_USER_MODALS_INFO_1003_buffer(TALLOC_CTX
*mem_ctx
,
2638 struct rpc_pipe_client
*pipe_cli
,
2639 struct policy_handle
*domain_handle
,
2640 struct USER_MODALS_INFO_1003
*info1003
)
2643 struct samr_DomInfo1 dom_info_1
;
2645 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2654 NT_STATUS_NOT_OK_RETURN(status
);
2656 unix_to_nt_time_abs((NTTIME
*)&dom_info_1
.min_password_age
,
2657 info1003
->usrmod1003_min_passwd_age
);
2659 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2667 /****************************************************************
2668 ****************************************************************/
2670 static NTSTATUS
set_USER_MODALS_INFO_1004_buffer(TALLOC_CTX
*mem_ctx
,
2671 struct rpc_pipe_client
*pipe_cli
,
2672 struct policy_handle
*domain_handle
,
2673 struct USER_MODALS_INFO_1004
*info1004
)
2676 struct samr_DomInfo3 dom_info_3
;
2678 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2687 NT_STATUS_NOT_OK_RETURN(status
);
2689 unix_to_nt_time_abs(&dom_info_3
.force_logoff_time
,
2690 info1004
->usrmod1004_force_logoff
);
2692 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2700 /****************************************************************
2701 ****************************************************************/
2703 static NTSTATUS
set_USER_MODALS_INFO_1005_buffer(TALLOC_CTX
*mem_ctx
,
2704 struct rpc_pipe_client
*pipe_cli
,
2705 struct policy_handle
*domain_handle
,
2706 struct USER_MODALS_INFO_1005
*info1005
)
2709 struct samr_DomInfo1 dom_info_1
;
2711 status
= query_USER_MODALS_INFO_rpc(mem_ctx
,
2720 NT_STATUS_NOT_OK_RETURN(status
);
2722 dom_info_1
.password_history_length
=
2723 info1005
->usrmod1005_password_hist_len
;
2725 return set_USER_MODALS_INFO_rpc(mem_ctx
,
2733 /****************************************************************
2734 ****************************************************************/
2736 static NTSTATUS
set_USER_MODALS_INFO_buffer(TALLOC_CTX
*mem_ctx
,
2737 struct rpc_pipe_client
*pipe_cli
,
2739 struct policy_handle
*domain_handle
,
2740 struct dom_sid
*domain_sid
,
2743 struct USER_MODALS_INFO_0
*info0
;
2744 struct USER_MODALS_INFO_3
*info3
;
2745 struct USER_MODALS_INFO_1001
*info1001
;
2746 struct USER_MODALS_INFO_1002
*info1002
;
2747 struct USER_MODALS_INFO_1003
*info1003
;
2748 struct USER_MODALS_INFO_1004
*info1004
;
2749 struct USER_MODALS_INFO_1005
*info1005
;
2752 return ERROR_INSUFFICIENT_BUFFER
;
2757 info0
= (struct USER_MODALS_INFO_0
*)buffer
;
2758 return set_USER_MODALS_INFO_0_buffer(mem_ctx
,
2763 info3
= (struct USER_MODALS_INFO_3
*)buffer
;
2764 return set_USER_MODALS_INFO_3_buffer(mem_ctx
,
2769 info1001
= (struct USER_MODALS_INFO_1001
*)buffer
;
2770 return set_USER_MODALS_INFO_1001_buffer(mem_ctx
,
2775 info1002
= (struct USER_MODALS_INFO_1002
*)buffer
;
2776 return set_USER_MODALS_INFO_1002_buffer(mem_ctx
,
2781 info1003
= (struct USER_MODALS_INFO_1003
*)buffer
;
2782 return set_USER_MODALS_INFO_1003_buffer(mem_ctx
,
2787 info1004
= (struct USER_MODALS_INFO_1004
*)buffer
;
2788 return set_USER_MODALS_INFO_1004_buffer(mem_ctx
,
2793 info1005
= (struct USER_MODALS_INFO_1005
*)buffer
;
2794 return set_USER_MODALS_INFO_1005_buffer(mem_ctx
,
2803 return NT_STATUS_OK
;
2806 /****************************************************************
2807 ****************************************************************/
2809 WERROR
NetUserModalsSet_r(struct libnetapi_ctx
*ctx
,
2810 struct NetUserModalsSet
*r
)
2812 struct rpc_pipe_client
*pipe_cli
= NULL
;
2816 struct policy_handle connect_handle
, domain_handle
;
2817 struct dom_sid2
*domain_sid
= NULL
;
2818 uint32_t access_mask
= SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
;
2820 ZERO_STRUCT(connect_handle
);
2821 ZERO_STRUCT(domain_handle
);
2823 if (!r
->in
.buffer
) {
2824 return WERR_INVALID_PARAM
;
2827 switch (r
->in
.level
) {
2829 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
|
2830 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
|
2831 SAMR_DOMAIN_ACCESS_SET_INFO_1
|
2832 SAMR_DOMAIN_ACCESS_SET_INFO_2
;
2839 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
|
2840 SAMR_DOMAIN_ACCESS_SET_INFO_1
;
2843 access_mask
|= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
|
2844 SAMR_DOMAIN_ACCESS_SET_INFO_2
;
2850 werr
= WERR_NOT_SUPPORTED
;
2853 werr
= WERR_UNKNOWN_LEVEL
;
2857 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
2858 &ndr_table_samr
.syntax_id
,
2860 if (!W_ERROR_IS_OK(werr
)) {
2864 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
2865 SAMR_ACCESS_ENUM_DOMAINS
|
2866 SAMR_ACCESS_LOOKUP_DOMAIN
,
2871 if (!W_ERROR_IS_OK(werr
)) {
2875 status
= set_USER_MODALS_INFO_buffer(ctx
,
2881 if (!NT_STATUS_IS_OK(status
)) {
2882 werr
= ntstatus_to_werror(status
);
2887 if (ctx
->disable_policy_handle_cache
) {
2888 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
2889 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
2895 /****************************************************************
2896 ****************************************************************/
2898 WERROR
NetUserModalsSet_l(struct libnetapi_ctx
*ctx
,
2899 struct NetUserModalsSet
*r
)
2901 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserModalsSet
);
2904 /****************************************************************
2905 ****************************************************************/
2907 NTSTATUS
add_GROUP_USERS_INFO_X_buffer(TALLOC_CTX
*mem_ctx
,
2909 const char *group_name
,
2910 uint32_t attributes
,
2912 uint32_t *num_entries
)
2914 struct GROUP_USERS_INFO_0 u0
;
2915 struct GROUP_USERS_INFO_1 u1
;
2920 u0
.grui0_name
= talloc_strdup(mem_ctx
, group_name
);
2921 NT_STATUS_HAVE_NO_MEMORY(u0
.grui0_name
);
2923 u0
.grui0_name
= NULL
;
2926 ADD_TO_ARRAY(mem_ctx
, struct GROUP_USERS_INFO_0
, u0
,
2927 (struct GROUP_USERS_INFO_0
**)buffer
, num_entries
);
2931 u1
.grui1_name
= talloc_strdup(mem_ctx
, group_name
);
2932 NT_STATUS_HAVE_NO_MEMORY(u1
.grui1_name
);
2934 u1
.grui1_name
= NULL
;
2937 u1
.grui1_attributes
= attributes
;
2939 ADD_TO_ARRAY(mem_ctx
, struct GROUP_USERS_INFO_1
, u1
,
2940 (struct GROUP_USERS_INFO_1
**)buffer
, num_entries
);
2943 return NT_STATUS_INVALID_INFO_CLASS
;
2946 return NT_STATUS_OK
;
2949 /****************************************************************
2950 ****************************************************************/
2952 WERROR
NetUserGetGroups_r(struct libnetapi_ctx
*ctx
,
2953 struct NetUserGetGroups
*r
)
2955 struct rpc_pipe_client
*pipe_cli
= NULL
;
2956 struct policy_handle connect_handle
, domain_handle
, user_handle
;
2957 struct lsa_String lsa_account_name
;
2958 struct dom_sid2
*domain_sid
= NULL
;
2959 struct samr_Ids user_rids
, name_types
;
2960 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
2961 struct lsa_Strings names
;
2962 struct samr_Ids types
;
2963 uint32_t *rids
= NULL
;
2966 uint32_t entries_read
= 0;
2968 NTSTATUS status
= NT_STATUS_OK
;
2969 NTSTATUS result
= NT_STATUS_OK
;
2971 struct dcerpc_binding_handle
*b
= NULL
;
2973 ZERO_STRUCT(connect_handle
);
2974 ZERO_STRUCT(domain_handle
);
2976 if (!r
->out
.buffer
) {
2977 return WERR_INVALID_PARAM
;
2980 *r
->out
.buffer
= NULL
;
2981 *r
->out
.entries_read
= 0;
2982 *r
->out
.total_entries
= 0;
2984 switch (r
->in
.level
) {
2989 return WERR_UNKNOWN_LEVEL
;
2992 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
2993 &ndr_table_samr
.syntax_id
,
2995 if (!W_ERROR_IS_OK(werr
)) {
2999 b
= pipe_cli
->binding_handle
;
3001 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
3002 SAMR_ACCESS_ENUM_DOMAINS
|
3003 SAMR_ACCESS_LOOKUP_DOMAIN
,
3004 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
3008 if (!W_ERROR_IS_OK(werr
)) {
3012 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
3014 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
3021 if (!NT_STATUS_IS_OK(status
)) {
3022 werr
= ntstatus_to_werror(status
);
3025 if (!NT_STATUS_IS_OK(result
)) {
3026 werr
= ntstatus_to_werror(result
);
3030 status
= dcerpc_samr_OpenUser(b
, talloc_tos(),
3032 SAMR_USER_ACCESS_GET_GROUPS
,
3036 if (!NT_STATUS_IS_OK(status
)) {
3037 werr
= ntstatus_to_werror(status
);
3040 if (!NT_STATUS_IS_OK(result
)) {
3041 werr
= ntstatus_to_werror(result
);
3045 status
= dcerpc_samr_GetGroupsForUser(b
, talloc_tos(),
3049 if (!NT_STATUS_IS_OK(status
)) {
3050 werr
= ntstatus_to_werror(status
);
3053 if (!NT_STATUS_IS_OK(result
)) {
3054 werr
= ntstatus_to_werror(result
);
3058 rids
= talloc_array(ctx
, uint32_t, rid_array
->count
);
3064 for (i
=0; i
< rid_array
->count
; i
++) {
3065 rids
[i
] = rid_array
->rids
[i
].rid
;
3068 status
= dcerpc_samr_LookupRids(b
, talloc_tos(),
3075 if (!NT_STATUS_IS_OK(status
)) {
3076 werr
= ntstatus_to_werror(status
);
3079 if (!NT_STATUS_IS_OK(result
) &&
3080 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
)) {
3081 werr
= ntstatus_to_werror(result
);
3085 for (i
=0; i
< names
.count
; i
++) {
3086 status
= add_GROUP_USERS_INFO_X_buffer(ctx
,
3088 names
.names
[i
].string
,
3089 rid_array
->rids
[i
].attributes
,
3092 if (!NT_STATUS_IS_OK(status
)) {
3093 werr
= ntstatus_to_werror(status
);
3098 *r
->out
.entries_read
= entries_read
;
3099 *r
->out
.total_entries
= entries_read
;
3102 if (ctx
->disable_policy_handle_cache
) {
3103 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
3104 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
3110 /****************************************************************
3111 ****************************************************************/
3113 WERROR
NetUserGetGroups_l(struct libnetapi_ctx
*ctx
,
3114 struct NetUserGetGroups
*r
)
3116 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserGetGroups
);
3119 /****************************************************************
3120 ****************************************************************/
3122 WERROR
NetUserSetGroups_r(struct libnetapi_ctx
*ctx
,
3123 struct NetUserSetGroups
*r
)
3125 struct rpc_pipe_client
*pipe_cli
= NULL
;
3126 struct policy_handle connect_handle
, domain_handle
, user_handle
, group_handle
;
3127 struct lsa_String lsa_account_name
;
3128 struct dom_sid2
*domain_sid
= NULL
;
3129 struct samr_Ids user_rids
, name_types
;
3130 struct samr_Ids group_rids
;
3131 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
3132 struct lsa_String
*lsa_names
= NULL
;
3134 uint32_t *add_rids
= NULL
;
3135 uint32_t *del_rids
= NULL
;
3136 size_t num_add_rids
= 0;
3137 size_t num_del_rids
= 0;
3139 uint32_t *member_rids
= NULL
;
3141 struct GROUP_USERS_INFO_0
*i0
= NULL
;
3142 struct GROUP_USERS_INFO_1
*i1
= NULL
;
3146 NTSTATUS status
= NT_STATUS_OK
;
3147 NTSTATUS result
= NT_STATUS_OK
;
3149 struct dcerpc_binding_handle
*b
= NULL
;
3151 ZERO_STRUCT(connect_handle
);
3152 ZERO_STRUCT(domain_handle
);
3154 if (!r
->in
.buffer
) {
3155 return WERR_INVALID_PARAM
;
3158 switch (r
->in
.level
) {
3163 return WERR_UNKNOWN_LEVEL
;
3166 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
3167 &ndr_table_samr
.syntax_id
,
3169 if (!W_ERROR_IS_OK(werr
)) {
3173 b
= pipe_cli
->binding_handle
;
3175 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
3176 SAMR_ACCESS_ENUM_DOMAINS
|
3177 SAMR_ACCESS_LOOKUP_DOMAIN
,
3178 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
,
3182 if (!W_ERROR_IS_OK(werr
)) {
3186 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
3188 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
3195 if (!NT_STATUS_IS_OK(status
)) {
3196 werr
= ntstatus_to_werror(status
);
3199 if (!NT_STATUS_IS_OK(result
)) {
3200 werr
= ntstatus_to_werror(result
);
3204 status
= dcerpc_samr_OpenUser(b
, talloc_tos(),
3206 SAMR_USER_ACCESS_GET_GROUPS
,
3210 if (!NT_STATUS_IS_OK(status
)) {
3211 werr
= ntstatus_to_werror(status
);
3214 if (!NT_STATUS_IS_OK(result
)) {
3215 werr
= ntstatus_to_werror(result
);
3219 switch (r
->in
.level
) {
3221 i0
= (struct GROUP_USERS_INFO_0
*)r
->in
.buffer
;
3224 i1
= (struct GROUP_USERS_INFO_1
*)r
->in
.buffer
;
3228 lsa_names
= talloc_array(ctx
, struct lsa_String
, r
->in
.num_entries
);
3234 for (i
=0; i
< r
->in
.num_entries
; i
++) {
3236 switch (r
->in
.level
) {
3238 init_lsa_String(&lsa_names
[i
], i0
->grui0_name
);
3242 init_lsa_String(&lsa_names
[i
], i1
->grui1_name
);
3248 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
3255 if (!NT_STATUS_IS_OK(status
)) {
3256 werr
= ntstatus_to_werror(status
);
3259 if (!NT_STATUS_IS_OK(result
)) {
3260 werr
= ntstatus_to_werror(result
);
3264 member_rids
= group_rids
.ids
;
3266 status
= dcerpc_samr_GetGroupsForUser(b
, talloc_tos(),
3270 if (!NT_STATUS_IS_OK(status
)) {
3271 werr
= ntstatus_to_werror(status
);
3274 if (!NT_STATUS_IS_OK(result
)) {
3275 werr
= ntstatus_to_werror(result
);
3281 for (i
=0; i
< r
->in
.num_entries
; i
++) {
3282 bool already_member
= false;
3283 for (k
=0; k
< rid_array
->count
; k
++) {
3284 if (member_rids
[i
] == rid_array
->rids
[k
].rid
) {
3285 already_member
= true;
3289 if (!already_member
) {
3290 if (!add_rid_to_array_unique(ctx
,
3292 &add_rids
, &num_add_rids
)) {
3293 werr
= WERR_GENERAL_FAILURE
;
3301 for (k
=0; k
< rid_array
->count
; k
++) {
3302 bool keep_member
= false;
3303 for (i
=0; i
< r
->in
.num_entries
; i
++) {
3304 if (member_rids
[i
] == rid_array
->rids
[k
].rid
) {
3310 if (!add_rid_to_array_unique(ctx
,
3311 rid_array
->rids
[k
].rid
,
3312 &del_rids
, &num_del_rids
)) {
3313 werr
= WERR_GENERAL_FAILURE
;
3321 for (i
=0; i
< num_add_rids
; i
++) {
3322 status
= dcerpc_samr_OpenGroup(b
, talloc_tos(),
3324 SAMR_GROUP_ACCESS_ADD_MEMBER
,
3328 if (!NT_STATUS_IS_OK(status
)) {
3329 werr
= ntstatus_to_werror(status
);
3332 if (!NT_STATUS_IS_OK(result
)) {
3333 werr
= ntstatus_to_werror(result
);
3337 status
= dcerpc_samr_AddGroupMember(b
, talloc_tos(),
3342 if (!NT_STATUS_IS_OK(status
)) {
3343 werr
= ntstatus_to_werror(status
);
3346 if (!NT_STATUS_IS_OK(result
)) {
3347 werr
= ntstatus_to_werror(result
);
3351 if (is_valid_policy_hnd(&group_handle
)) {
3352 dcerpc_samr_Close(b
, talloc_tos(), &group_handle
, &result
);
3358 for (i
=0; i
< num_del_rids
; i
++) {
3359 status
= dcerpc_samr_OpenGroup(b
, talloc_tos(),
3361 SAMR_GROUP_ACCESS_REMOVE_MEMBER
,
3365 if (!NT_STATUS_IS_OK(status
)) {
3366 werr
= ntstatus_to_werror(status
);
3369 if (!NT_STATUS_IS_OK(result
)) {
3370 werr
= ntstatus_to_werror(result
);
3374 status
= dcerpc_samr_DeleteGroupMember(b
, talloc_tos(),
3378 if (!NT_STATUS_IS_OK(status
)) {
3379 werr
= ntstatus_to_werror(status
);
3382 if (!NT_STATUS_IS_OK(result
)) {
3383 werr
= ntstatus_to_werror(result
);
3387 if (is_valid_policy_hnd(&group_handle
)) {
3388 dcerpc_samr_Close(b
, talloc_tos(), &group_handle
, &result
);
3395 if (is_valid_policy_hnd(&group_handle
)) {
3396 dcerpc_samr_Close(b
, talloc_tos(), &group_handle
, &result
);
3399 if (ctx
->disable_policy_handle_cache
) {
3400 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
3401 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
3407 /****************************************************************
3408 ****************************************************************/
3410 WERROR
NetUserSetGroups_l(struct libnetapi_ctx
*ctx
,
3411 struct NetUserSetGroups
*r
)
3413 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserSetGroups
);
3416 /****************************************************************
3417 ****************************************************************/
3419 static NTSTATUS
add_LOCALGROUP_USERS_INFO_X_buffer(TALLOC_CTX
*mem_ctx
,
3421 const char *group_name
,
3423 uint32_t *num_entries
)
3425 struct LOCALGROUP_USERS_INFO_0 u0
;
3429 u0
.lgrui0_name
= talloc_strdup(mem_ctx
, group_name
);
3430 NT_STATUS_HAVE_NO_MEMORY(u0
.lgrui0_name
);
3432 ADD_TO_ARRAY(mem_ctx
, struct LOCALGROUP_USERS_INFO_0
, u0
,
3433 (struct LOCALGROUP_USERS_INFO_0
**)buffer
, num_entries
);
3436 return NT_STATUS_INVALID_INFO_CLASS
;
3439 return NT_STATUS_OK
;
3442 /****************************************************************
3443 ****************************************************************/
3445 WERROR
NetUserGetLocalGroups_r(struct libnetapi_ctx
*ctx
,
3446 struct NetUserGetLocalGroups
*r
)
3448 struct rpc_pipe_client
*pipe_cli
= NULL
;
3449 struct policy_handle connect_handle
, domain_handle
, user_handle
,
3451 struct lsa_String lsa_account_name
;
3452 struct dom_sid2
*domain_sid
= NULL
;
3453 struct samr_Ids user_rids
, name_types
;
3454 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
3455 struct lsa_Strings names
;
3456 struct samr_Ids types
;
3457 uint32_t *rids
= NULL
;
3458 size_t num_rids
= 0;
3459 struct dom_sid user_sid
;
3460 struct lsa_SidArray sid_array
;
3461 struct samr_Ids domain_rids
;
3462 struct samr_Ids builtin_rids
;
3465 uint32_t entries_read
= 0;
3467 NTSTATUS status
= NT_STATUS_OK
;
3468 NTSTATUS result
= NT_STATUS_OK
;
3470 struct dcerpc_binding_handle
*b
= NULL
;
3472 ZERO_STRUCT(connect_handle
);
3473 ZERO_STRUCT(domain_handle
);
3475 if (!r
->out
.buffer
) {
3476 return WERR_INVALID_PARAM
;
3479 *r
->out
.buffer
= NULL
;
3480 *r
->out
.entries_read
= 0;
3481 *r
->out
.total_entries
= 0;
3483 switch (r
->in
.level
) {
3488 return WERR_UNKNOWN_LEVEL
;
3491 werr
= libnetapi_open_pipe(ctx
, r
->in
.server_name
,
3492 &ndr_table_samr
.syntax_id
,
3494 if (!W_ERROR_IS_OK(werr
)) {
3498 b
= pipe_cli
->binding_handle
;
3500 werr
= libnetapi_samr_open_domain(ctx
, pipe_cli
,
3501 SAMR_ACCESS_ENUM_DOMAINS
|
3502 SAMR_ACCESS_LOOKUP_DOMAIN
,
3503 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
|
3504 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
,
3508 if (!W_ERROR_IS_OK(werr
)) {
3512 werr
= libnetapi_samr_open_builtin_domain(ctx
, pipe_cli
,
3513 SAMR_ACCESS_ENUM_DOMAINS
|
3514 SAMR_ACCESS_LOOKUP_DOMAIN
,
3515 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
|
3516 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
,
3519 if (!W_ERROR_IS_OK(werr
)) {
3523 init_lsa_String(&lsa_account_name
, r
->in
.user_name
);
3525 status
= dcerpc_samr_LookupNames(b
, talloc_tos(),
3532 if (!NT_STATUS_IS_OK(status
)) {
3533 werr
= ntstatus_to_werror(status
);
3536 if (!NT_STATUS_IS_OK(result
)) {
3537 werr
= ntstatus_to_werror(result
);
3541 status
= dcerpc_samr_OpenUser(b
, talloc_tos(),
3543 SAMR_USER_ACCESS_GET_GROUPS
,
3547 if (!NT_STATUS_IS_OK(status
)) {
3548 werr
= ntstatus_to_werror(status
);
3551 if (!NT_STATUS_IS_OK(result
)) {
3552 werr
= ntstatus_to_werror(result
);
3556 status
= dcerpc_samr_GetGroupsForUser(b
, talloc_tos(),
3560 if (!NT_STATUS_IS_OK(status
)) {
3561 werr
= ntstatus_to_werror(status
);
3564 if (!NT_STATUS_IS_OK(result
)) {
3565 werr
= ntstatus_to_werror(result
);
3569 if (!sid_compose(&user_sid
, domain_sid
, user_rids
.ids
[0])) {
3574 sid_array
.num_sids
= rid_array
->count
+ 1;
3575 sid_array
.sids
= talloc_array(ctx
, struct lsa_SidPtr
, sid_array
.num_sids
);
3576 if (!sid_array
.sids
) {
3581 sid_array
.sids
[0].sid
= dom_sid_dup(ctx
, &user_sid
);
3582 if (!sid_array
.sids
[0].sid
) {
3587 for (i
=0; i
< rid_array
->count
; i
++) {
3590 if (!sid_compose(&sid
, domain_sid
, rid_array
->rids
[i
].rid
)) {
3595 sid_array
.sids
[i
+1].sid
= dom_sid_dup(ctx
, &sid
);
3596 if (!sid_array
.sids
[i
+1].sid
) {
3602 status
= dcerpc_samr_GetAliasMembership(b
, talloc_tos(),
3607 if (!NT_STATUS_IS_OK(status
)) {
3608 werr
= ntstatus_to_werror(status
);
3611 if (!NT_STATUS_IS_OK(result
)) {
3612 werr
= ntstatus_to_werror(result
);
3616 for (i
=0; i
< domain_rids
.count
; i
++) {
3617 if (!add_rid_to_array_unique(ctx
, domain_rids
.ids
[i
],
3618 &rids
, &num_rids
)) {
3624 status
= dcerpc_samr_GetAliasMembership(b
, talloc_tos(),
3629 if (!NT_STATUS_IS_OK(status
)) {
3630 werr
= ntstatus_to_werror(status
);
3633 if (!NT_STATUS_IS_OK(result
)) {
3634 werr
= ntstatus_to_werror(result
);
3638 for (i
=0; i
< builtin_rids
.count
; i
++) {
3639 if (!add_rid_to_array_unique(ctx
, builtin_rids
.ids
[i
],
3640 &rids
, &num_rids
)) {
3646 status
= dcerpc_samr_LookupRids(b
, talloc_tos(),
3653 if (!NT_STATUS_IS_OK(status
)) {
3654 werr
= ntstatus_to_werror(status
);
3657 if (!NT_STATUS_IS_OK(result
)) {
3658 werr
= ntstatus_to_werror(result
);
3662 for (i
=0; i
< names
.count
; i
++) {
3663 status
= add_LOCALGROUP_USERS_INFO_X_buffer(ctx
,
3665 names
.names
[i
].string
,
3668 if (!NT_STATUS_IS_OK(status
)) {
3669 werr
= ntstatus_to_werror(status
);
3674 *r
->out
.entries_read
= entries_read
;
3675 *r
->out
.total_entries
= entries_read
;
3678 if (ctx
->disable_policy_handle_cache
) {
3679 libnetapi_samr_close_domain_handle(ctx
, &domain_handle
);
3680 libnetapi_samr_close_connect_handle(ctx
, &connect_handle
);
3686 /****************************************************************
3687 ****************************************************************/
3689 WERROR
NetUserGetLocalGroups_l(struct libnetapi_ctx
*ctx
,
3690 struct NetUserGetLocalGroups
*r
)
3692 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx
, r
, NetUserGetLocalGroups
);