2 * Unix SMB/CIFS implementation.
4 * Winbind rpc backend functions
6 * Copyright (c) 2000-2003 Tim Potter
7 * Copyright (c) 2001 Andrew Tridgell
8 * Copyright (c) 2005 Volker Lendecke
9 * Copyright (c) 2008 Guenther Deschner (pidl conversion)
10 * Copyright (c) 2010 Andreas Schneider <asn@samba.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "winbindd_rpc.h"
29 #include "rpc_client/rpc_client.h"
30 #include "librpc/gen_ndr/ndr_samr_c.h"
31 #include "librpc/gen_ndr/ndr_lsa_c.h"
32 #include "rpc_client/cli_samr.h"
33 #include "rpc_client/cli_lsarpc.h"
34 #include "../libcli/security/security.h"
36 /* Query display info for a domain */
37 NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
38 struct rpc_pipe_client *samr_pipe,
39 struct policy_handle *samr_policy,
40 const struct dom_sid *domain_sid,
43 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
44 uint32_t *rids = NULL;
45 uint32_t num_rids = 0;
47 uint32_t resume_handle = 0;
53 struct samr_SamArray *sam_array = NULL;
58 status = dcerpc_samr_EnumDomainUsers(
59 b, mem_ctx, samr_policy, &resume_handle,
60 ACB_NORMAL, &sam_array, 0xffff, &count, &result);
61 if (!NT_STATUS_IS_OK(status)) {
64 if (!NT_STATUS_IS_OK(result)) {
65 if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
66 DBG_WARNING("EnumDomainUsers failed: %s\n",
69 TALLOC_FREE(sam_array);
74 if (num_rids + count < num_rids) {
75 TALLOC_FREE(sam_array);
77 return NT_STATUS_INTEGER_OVERFLOW;
80 tmp = talloc_realloc(mem_ctx, rids, uint32_t, num_rids+count);
82 TALLOC_FREE(sam_array);
84 return NT_STATUS_NO_MEMORY;
88 for (i=0; i<count; i++) {
89 rids[num_rids++] = sam_array->entries[i].idx;
91 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
98 /* List all domain groups */
99 NTSTATUS rpc_enum_dom_groups(TALLOC_CTX *mem_ctx,
100 struct rpc_pipe_client *samr_pipe,
101 struct policy_handle *samr_policy,
103 struct wb_acct_info **pinfo)
105 struct wb_acct_info *info = NULL;
107 uint32_t num_info = 0;
108 NTSTATUS status, result;
109 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
114 struct samr_SamArray *sam_array = NULL;
118 /* start is updated by this call. */
119 status = dcerpc_samr_EnumDomainGroups(b,
124 0xFFFF, /* buffer size? */
127 if (!NT_STATUS_IS_OK(status)) {
130 if (!NT_STATUS_IS_OK(result)) {
131 if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
132 DEBUG(2,("query_user_list: failed to enum domain groups: %s\n",
138 info = talloc_realloc(mem_ctx,
143 return NT_STATUS_NO_MEMORY;
146 for (g = 0; g < count; g++) {
147 struct wb_acct_info *i = &info[num_info + g];
149 fstrcpy(i->acct_name,
150 sam_array->entries[g].name.string);
151 fstrcpy(i->acct_desc, "");
152 i->rid = sam_array->entries[g].idx;
156 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
158 *pnum_info = num_info;
164 NTSTATUS rpc_enum_local_groups(TALLOC_CTX *mem_ctx,
165 struct rpc_pipe_client *samr_pipe,
166 struct policy_handle *samr_policy,
168 struct wb_acct_info **pinfo)
170 struct wb_acct_info *info = NULL;
171 uint32_t num_info = 0;
172 NTSTATUS status, result;
173 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
178 struct samr_SamArray *sam_array = NULL;
180 uint32_t start = num_info;
183 status = dcerpc_samr_EnumDomainAliases(b,
188 0xFFFF, /* buffer size? */
191 if (!NT_STATUS_IS_OK(status)) {
194 if (!NT_STATUS_IS_OK(result)) {
195 if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
200 info = talloc_realloc(mem_ctx,
205 return NT_STATUS_NO_MEMORY;
208 for (g = 0; g < count; g++) {
209 struct wb_acct_info *i = &info[num_info + g];
211 fstrcpy(i->acct_name,
212 sam_array->entries[g].name.string);
213 fstrcpy(i->acct_desc, "");
214 i->rid = sam_array->entries[g].idx;
218 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
220 *pnum_info = num_info;
226 /* convert a single name to a sid in a domain */
227 NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
228 struct rpc_pipe_client *lsa_pipe,
229 struct policy_handle *lsa_policy,
230 const char *domain_name,
234 enum lsa_SidType *type)
236 enum lsa_SidType *types = NULL;
237 struct dom_sid *sids = NULL;
238 char *full_name = NULL;
239 const char *names[1];
240 char *mapped_name = NULL;
243 if (name == NULL || name[0] == '\0') {
244 full_name = talloc_asprintf(mem_ctx, "%s", domain_name);
245 } else if (domain_name == NULL || domain_name[0] == '\0') {
246 full_name = talloc_asprintf(mem_ctx, "%s", name);
248 full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name);
251 if (full_name == NULL) {
252 return NT_STATUS_NO_MEMORY;
255 status = normalize_name_unmap(mem_ctx, full_name, &mapped_name);
256 /* Reset the full_name pointer if we mapped anything */
257 if (NT_STATUS_IS_OK(status) ||
258 NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
259 full_name = mapped_name;
262 DEBUG(3,("name_to_sid: %s for domain %s\n",
263 full_name ? full_name : "", domain_name ));
265 names[0] = full_name;
268 * We don't run into deadlocks here, cause winbind_off() is
269 * called in the main function.
271 status = rpccli_lsa_lookup_names(lsa_pipe,
280 if (!NT_STATUS_IS_OK(status)) {
281 DEBUG(2,("name_to_sid: failed to lookup name: %s\n",
286 sid_copy(sid, &sids[0]);
292 /* Convert a domain SID to a user or group name */
293 NTSTATUS rpc_sid_to_name(TALLOC_CTX *mem_ctx,
294 struct rpc_pipe_client *lsa_pipe,
295 struct policy_handle *lsa_policy,
296 struct winbindd_domain *domain,
297 const struct dom_sid *sid,
300 enum lsa_SidType *ptype)
302 char *mapped_name = NULL;
303 char **domains = NULL;
305 enum lsa_SidType *types = NULL;
309 status = rpccli_lsa_lookup_sids(lsa_pipe,
317 if (!NT_STATUS_IS_OK(status)) {
318 DEBUG(2,("sid_to_name: failed to lookup sids: %s\n",
323 *ptype = (enum lsa_SidType) types[0];
325 map_status = normalize_name_map(mem_ctx,
329 if (NT_STATUS_IS_OK(map_status) ||
330 NT_STATUS_EQUAL(map_status, NT_STATUS_FILE_RENAMED)) {
331 *pname = talloc_strdup(mem_ctx, mapped_name);
332 DEBUG(5,("returning mapped name -- %s\n", *pname));
334 *pname = talloc_strdup(mem_ctx, names[0]);
336 if ((names[0] != NULL) && (*pname == NULL)) {
337 return NT_STATUS_NO_MEMORY;
340 *pdomain_name = talloc_strdup(mem_ctx, domains[0]);
341 if (*pdomain_name == NULL) {
342 return NT_STATUS_NO_MEMORY;
348 /* Convert a bunch of rids to user or group names */
349 NTSTATUS rpc_rids_to_names(TALLOC_CTX *mem_ctx,
350 struct rpc_pipe_client *lsa_pipe,
351 struct policy_handle *lsa_policy,
352 struct winbindd_domain *domain,
353 const struct dom_sid *sid,
358 enum lsa_SidType **ptypes)
360 enum lsa_SidType *types = NULL;
361 char *domain_name = NULL;
362 char **domains = NULL;
364 struct dom_sid *sids;
369 sids = talloc_array(mem_ctx, struct dom_sid, num_rids);
371 return NT_STATUS_NO_MEMORY;
377 for (i = 0; i < num_rids; i++) {
378 if (!sid_compose(&sids[i], sid, rids[i])) {
379 return NT_STATUS_INTERNAL_ERROR;
383 status = rpccli_lsa_lookup_sids(lsa_pipe,
391 if (!NT_STATUS_IS_OK(status) &&
392 !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
393 DEBUG(2,("rids_to_names: failed to lookup sids: %s\n",
398 for (i = 0; i < num_rids; i++) {
399 char *mapped_name = NULL;
402 if (types[i] != SID_NAME_UNKNOWN) {
403 map_status = normalize_name_map(mem_ctx,
407 if (NT_STATUS_IS_OK(map_status) ||
408 NT_STATUS_EQUAL(map_status, NT_STATUS_FILE_RENAMED)) {
409 TALLOC_FREE(names[i]);
410 names[i] = talloc_strdup(names, mapped_name);
411 if (names[i] == NULL) {
412 return NT_STATUS_NO_MEMORY;
416 domain_name = domains[i];
420 *pdomain_name = domain_name;
427 NTSTATUS rpc_lookup_useraliases(TALLOC_CTX *mem_ctx,
428 struct rpc_pipe_client *samr_pipe,
429 struct policy_handle *samr_policy,
431 const struct dom_sid *sids,
432 uint32_t *pnum_aliases,
433 uint32_t **palias_rids)
435 #define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
436 uint32_t num_query_sids = 0;
437 uint32_t num_queries = 1;
438 uint32_t num_aliases = 0;
439 uint32_t total_sids = 0;
440 uint32_t *alias_rids = NULL;
441 uint32_t rangesize = MAX_SAM_ENTRIES_W2K;
443 struct samr_Ids alias_rids_query;
444 NTSTATUS status, result;
445 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
449 struct lsa_SidArray sid_array;
451 ZERO_STRUCT(sid_array);
453 num_query_sids = MIN(num_sids - total_sids, rangesize);
455 DEBUG(10,("rpc: lookup_useraliases: entering query %d for %d sids\n",
456 num_queries, num_query_sids));
458 if (num_query_sids) {
459 sid_array.sids = talloc_zero_array(mem_ctx, struct lsa_SidPtr, num_query_sids);
460 if (sid_array.sids == NULL) {
461 return NT_STATUS_NO_MEMORY;
464 sid_array.sids = NULL;
467 for (i = 0; i < num_query_sids; i++) {
468 sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sids[total_sids++]);
469 if (sid_array.sids[i].sid == NULL) {
470 return NT_STATUS_NO_MEMORY;
473 sid_array.num_sids = num_query_sids;
476 status = dcerpc_samr_GetAliasMembership(b,
482 if (!NT_STATUS_IS_OK(status)) {
485 if (!NT_STATUS_IS_OK(result)) {
490 for (i = 0; i < alias_rids_query.count; i++) {
491 size_t na = num_aliases;
493 if (!add_rid_to_array_unique(mem_ctx,
494 alias_rids_query.ids[i],
497 return NT_STATUS_NO_MEMORY;
504 } while (total_sids < num_sids);
506 DEBUG(10,("rpc: rpc_lookup_useraliases: got %d aliases in %d queries "
507 "(rangesize: %d)\n", num_aliases, num_queries, rangesize));
509 *pnum_aliases = num_aliases;
510 *palias_rids = alias_rids;
513 #undef MAX_SAM_ENTRIES_W2K
516 /* Lookup group membership given a rid. */
517 NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx,
518 struct rpc_pipe_client *samr_pipe,
519 struct policy_handle *samr_policy,
520 const char *domain_name,
521 const struct dom_sid *domain_sid,
522 const struct dom_sid *group_sid,
523 enum lsa_SidType type,
524 uint32_t *pnum_names,
525 struct dom_sid **psid_mem,
527 uint32_t **pname_types)
529 struct policy_handle group_policy;
531 uint32_t *rid_mem = NULL;
533 uint32_t num_names = 0;
534 uint32_t total_names = 0;
535 struct dom_sid *sid_mem = NULL;
537 uint32_t *name_types = NULL;
539 struct lsa_Strings tmp_names;
540 struct samr_Ids tmp_types;
543 NTSTATUS status, result;
544 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
546 if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
547 return NT_STATUS_UNSUCCESSFUL;
551 case SID_NAME_DOM_GRP:
553 struct samr_RidAttrArray *rids = NULL;
555 status = dcerpc_samr_OpenGroup(b,
558 SEC_FLAG_MAXIMUM_ALLOWED,
562 if (!NT_STATUS_IS_OK(status)) {
565 if (!NT_STATUS_IS_OK(result)) {
570 * Step #1: Get a list of user rids that are the members of the group.
572 status = dcerpc_samr_QueryGroupMember(b,
579 dcerpc_samr_Close(b, mem_ctx, &group_policy, &_result);
582 if (!NT_STATUS_IS_OK(status)) {
585 if (!NT_STATUS_IS_OK(result)) {
590 if (rids == NULL || rids->count == 0) {
599 num_names = rids->count;
600 rid_mem = rids->rids;
604 case SID_NAME_WKN_GRP:
607 struct lsa_SidArray sid_array;
608 struct lsa_SidPtr sid_ptr;
609 struct samr_Ids rids_query;
611 sid_ptr.sid = dom_sid_dup(mem_ctx, group_sid);
612 if (sid_ptr.sid == NULL) {
613 return NT_STATUS_NO_MEMORY;
616 sid_array.num_sids = 1;
617 sid_array.sids = &sid_ptr;
619 status = dcerpc_samr_GetAliasMembership(b,
625 if (!NT_STATUS_IS_OK(status)) {
628 if (!NT_STATUS_IS_OK(result)) {
632 if (rids_query.count == 0) {
641 num_names = rids_query.count;
642 rid_mem = rids_query.ids;
647 return NT_STATUS_UNSUCCESSFUL;
651 * Step #2: Convert list of rids into list of usernames.
654 names = talloc_zero_array(mem_ctx, char *, num_names);
655 name_types = talloc_zero_array(mem_ctx, uint32_t, num_names);
656 sid_mem = talloc_zero_array(mem_ctx, struct dom_sid, num_names);
657 if (names == NULL || name_types == NULL || sid_mem == NULL) {
658 return NT_STATUS_NO_MEMORY;
662 for (j = 0; j < num_names; j++) {
663 sid_compose(&sid_mem[j], domain_sid, rid_mem[j]);
666 status = dcerpc_samr_LookupRids(b,
674 if (!NT_STATUS_IS_OK(status)) {
678 if (!NT_STATUS_IS_OK(result)) {
679 if (!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
684 /* Copy result into array. The talloc system will take
685 care of freeing the temporary arrays later on. */
686 if (tmp_names.count != num_names) {
687 return NT_STATUS_INVALID_NETWORK_RESPONSE;
689 if (tmp_types.count != num_names) {
690 return NT_STATUS_INVALID_NETWORK_RESPONSE;
693 for (r = 0; r < tmp_names.count; r++) {
694 if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
697 if (total_names >= num_names) {
700 names[total_names] = fill_domain_username_talloc(names,
702 tmp_names.names[r].string,
704 if (names[total_names] == NULL) {
705 return NT_STATUS_NO_MEMORY;
707 name_types[total_names] = tmp_types.ids[r];
711 *pnum_names = total_names;
713 *pname_types = name_types;
719 /* Find the sequence number for a domain */
720 NTSTATUS rpc_sequence_number(TALLOC_CTX *mem_ctx,
721 struct rpc_pipe_client *samr_pipe,
722 struct policy_handle *samr_policy,
723 const char *domain_name,
726 union samr_DomainInfo *info = NULL;
727 bool got_seq_num = false;
728 NTSTATUS status, result;
729 struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
731 /* query domain info */
732 status = dcerpc_samr_QueryDomainInfo(b,
738 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
739 *pseq = info->info8.sequence_num;
744 /* retry with info-level 2 in case the dc does not support info-level 8
745 * (like all older samba2 and samba3 dc's) - Guenther */
746 status = dcerpc_samr_QueryDomainInfo(b,
752 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
753 *pseq = info->general.sequence_num;
758 if (!NT_STATUS_IS_OK(status)) {
766 DEBUG(10,("domain_sequence_number: for domain %s is %u\n",
767 domain_name, (unsigned) *pseq));
769 DEBUG(10,("domain_sequence_number: failed to get sequence "
770 "number (%u) for domain %s\n",
771 (unsigned) *pseq, domain_name ));
772 status = NT_STATUS_OK;
778 /* Get a list of trusted domains */
779 NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
780 struct rpc_pipe_client *lsa_pipe,
781 struct policy_handle *lsa_policy,
782 uint32_t *pnum_trusts,
783 struct netr_DomainTrust **ptrusts)
785 struct netr_DomainTrust *array = NULL;
786 uint32_t enum_ctx = 0;
788 NTSTATUS status, result;
789 struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;
792 struct lsa_DomainList dom_list;
793 struct lsa_DomainListEx dom_list_ex;
798 * We don't run into deadlocks here, cause winbind_off() is
799 * called in the main function.
801 status = dcerpc_lsa_EnumTrustedDomainsEx(b,
808 if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_ERR(result) &&
809 dom_list_ex.count > 0) {
810 count += dom_list_ex.count;
813 status = dcerpc_lsa_EnumTrustDom(b,
820 if (!NT_STATUS_IS_OK(status)) {
823 if (!NT_STATUS_IS_OK(result)) {
824 if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
829 count += dom_list.count;
832 array = talloc_realloc(mem_ctx,
834 struct netr_DomainTrust,
837 return NT_STATUS_NO_MEMORY;
840 for (i = 0; i < count; i++) {
841 struct netr_DomainTrust *trust = &array[i];
846 sid = talloc(array, struct dom_sid);
848 return NT_STATUS_NO_MEMORY;
852 trust->netbios_name = talloc_move(array,
853 &dom_list_ex.domains[i].netbios_name.string);
854 trust->dns_name = talloc_move(array,
855 &dom_list_ex.domains[i].domain_name.string);
856 if (dom_list_ex.domains[i].sid == NULL) {
857 DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name));
858 return NT_STATUS_INVALID_NETWORK_RESPONSE;
860 sid_copy(sid, dom_list_ex.domains[i].sid);
862 trust->netbios_name = talloc_move(array,
863 &dom_list.domains[i].name.string);
864 trust->dns_name = NULL;
866 if (dom_list.domains[i].sid == NULL) {
867 DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name));
868 return NT_STATUS_INVALID_NETWORK_RESPONSE;
871 sid_copy(sid, dom_list.domains[i].sid);
876 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
878 *pnum_trusts = count;
884 static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
885 struct winbindd_domain *domain,
886 struct rpc_pipe_client *cli,
887 struct lsa_SidArray *sids,
888 struct lsa_RefDomainList **pdomains,
889 struct lsa_TransNameArray **pnames)
891 struct lsa_TransNameArray2 lsa_names2;
892 struct lsa_TransNameArray *names = *pnames;
893 uint32_t i, count = 0;
894 NTSTATUS status, result;
896 ZERO_STRUCT(lsa_names2);
897 status = dcerpc_lsa_LookupSids3(cli->binding_handle,
902 LSA_LOOKUP_NAMES_ALL,
904 LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES,
905 LSA_CLIENT_REVISION_2,
907 if (!NT_STATUS_IS_OK(status)) {
910 if (NT_STATUS_IS_ERR(result)) {
913 if (sids->num_sids != lsa_names2.count) {
914 return NT_STATUS_INVALID_NETWORK_RESPONSE;
917 names->count = lsa_names2.count;
918 names->names = talloc_array(names, struct lsa_TranslatedName,
920 if (names->names == NULL) {
921 return NT_STATUS_NO_MEMORY;
923 for (i=0; i<names->count; i++) {
924 names->names[i].sid_type = lsa_names2.names[i].sid_type;
925 names->names[i].name.string = talloc_move(
926 names->names, &lsa_names2.names[i].name.string);
927 names->names[i].sid_index = lsa_names2.names[i].sid_index;
929 if (names->names[i].sid_index == UINT32_MAX) {
932 if ((*pdomains) == NULL) {
933 return NT_STATUS_INVALID_NETWORK_RESPONSE;
935 if (names->names[i].sid_index >= (*pdomains)->count) {
936 return NT_STATUS_INVALID_NETWORK_RESPONSE;
942 NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
943 struct winbindd_domain *domain,
944 struct lsa_SidArray *sids,
945 struct lsa_RefDomainList **pdomains,
946 struct lsa_TransNameArray **pnames)
948 struct lsa_TransNameArray *names = *pnames;
949 struct rpc_pipe_client *cli = NULL;
950 struct policy_handle lsa_policy;
953 NTSTATUS status, result;
955 status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
956 if (!NT_STATUS_IS_OK(status)) {
960 if (cli->transport->transport == NCACN_IP_TCP) {
961 return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids,
965 status = dcerpc_lsa_LookupSids(cli->binding_handle, mem_ctx,
966 &lsa_policy, sids, pdomains,
967 names, LSA_LOOKUP_NAMES_ALL,
969 if (!NT_STATUS_IS_OK(status)) {
972 if (NT_STATUS_IS_ERR(result)) {
976 if (sids->num_sids != names->count) {
977 return NT_STATUS_INVALID_NETWORK_RESPONSE;
980 for (i=0; i < names->count; i++) {
981 if (names->names[i].sid_index == UINT32_MAX) {
984 if ((*pdomains) == NULL) {
985 return NT_STATUS_INVALID_NETWORK_RESPONSE;
987 if (names->names[i].sid_index >= (*pdomains)->count) {
988 return NT_STATUS_INVALID_NETWORK_RESPONSE;