s3-rpc_client: add and use rpc_client/rpc_client.h.
[samba.git] / source3 / lib / netapi / group.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  NetApi Group Support
4  *  Copyright (C) Guenther Deschner 2008
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 3 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19
20 #include "includes.h"
21
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "lib/netapi/netapi.h"
24 #include "lib/netapi/netapi_private.h"
25 #include "lib/netapi/libnetapi.h"
26 #include "rpc_client/rpc_client.h"
27 #include "../librpc/gen_ndr/ndr_samr_c.h"
28 #include "rpc_client/init_lsa.h"
29 #include "../libcli/security/security.h"
30
31 /****************************************************************
32 ****************************************************************/
33
34 WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
35                      struct NetGroupAdd *r)
36 {
37         struct rpc_pipe_client *pipe_cli = NULL;
38         NTSTATUS status, result;
39         WERROR werr;
40         struct policy_handle connect_handle, domain_handle, group_handle;
41         struct lsa_String lsa_group_name;
42         struct dom_sid2 *domain_sid = NULL;
43         uint32_t rid = 0;
44         struct dcerpc_binding_handle *b = NULL;
45
46         struct GROUP_INFO_0 *info0 = NULL;
47         struct GROUP_INFO_1 *info1 = NULL;
48         struct GROUP_INFO_2 *info2 = NULL;
49         struct GROUP_INFO_3 *info3 = NULL;
50         union samr_GroupInfo info;
51
52         ZERO_STRUCT(connect_handle);
53         ZERO_STRUCT(domain_handle);
54         ZERO_STRUCT(group_handle);
55
56         if (!r->in.buffer) {
57                 return WERR_INVALID_PARAM;
58         }
59
60         switch (r->in.level) {
61                 case 0:
62                         info0 = (struct GROUP_INFO_0 *)r->in.buffer;
63                         break;
64                 case 1:
65                         info1 = (struct GROUP_INFO_1 *)r->in.buffer;
66                         break;
67                 case 2:
68                         info2 = (struct GROUP_INFO_2 *)r->in.buffer;
69                         break;
70                 case 3:
71                         info3 = (struct GROUP_INFO_3 *)r->in.buffer;
72                         break;
73                 default:
74                         werr = WERR_UNKNOWN_LEVEL;
75                         goto done;
76         }
77
78         werr = libnetapi_open_pipe(ctx, r->in.server_name,
79                                    &ndr_table_samr.syntax_id,
80                                    &pipe_cli);
81         if (!W_ERROR_IS_OK(werr)) {
82                 goto done;
83         }
84
85         b = pipe_cli->binding_handle;
86
87         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
88                                           SAMR_ACCESS_ENUM_DOMAINS |
89                                           SAMR_ACCESS_LOOKUP_DOMAIN,
90                                           SAMR_DOMAIN_ACCESS_CREATE_GROUP |
91                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
92                                           &connect_handle,
93                                           &domain_handle,
94                                           &domain_sid);
95         if (!W_ERROR_IS_OK(werr)) {
96                 goto done;
97         }
98
99         switch (r->in.level) {
100                 case 0:
101                         init_lsa_String(&lsa_group_name, info0->grpi0_name);
102                         break;
103                 case 1:
104                         init_lsa_String(&lsa_group_name, info1->grpi1_name);
105                         break;
106                 case 2:
107                         init_lsa_String(&lsa_group_name, info2->grpi2_name);
108                         break;
109                 case 3:
110                         init_lsa_String(&lsa_group_name, info3->grpi3_name);
111                         break;
112         }
113
114         status = dcerpc_samr_CreateDomainGroup(b, talloc_tos(),
115                                                &domain_handle,
116                                                &lsa_group_name,
117                                                SEC_STD_DELETE |
118                                                SAMR_GROUP_ACCESS_SET_INFO,
119                                                &group_handle,
120                                                &rid,
121                                                &result);
122
123         if (!NT_STATUS_IS_OK(status)) {
124                 werr = ntstatus_to_werror(status);
125                 goto done;
126         }
127         if (!NT_STATUS_IS_OK(result)) {
128                 werr = ntstatus_to_werror(result);
129                 goto done;
130         }
131
132         switch (r->in.level) {
133                 case 1:
134                         if (info1->grpi1_comment) {
135                                 init_lsa_String(&info.description,
136                                                 info1->grpi1_comment);
137
138                                 status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
139                                                                   &group_handle,
140                                                                   GROUPINFODESCRIPTION,
141                                                                   &info,
142                                                                   &result);
143                         }
144                         break;
145                 case 2:
146                         if (info2->grpi2_comment) {
147                                 init_lsa_String(&info.description,
148                                                 info2->grpi2_comment);
149
150                                 status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
151                                                                   &group_handle,
152                                                                   GROUPINFODESCRIPTION,
153                                                                   &info,
154                                                                   &result);
155                                 if (!NT_STATUS_IS_OK(status)) {
156                                         werr = ntstatus_to_werror(status);
157                                         goto failed;
158                                 }
159                                 if (!NT_STATUS_IS_OK(result)) {
160                                         werr = ntstatus_to_werror(result);
161                                         goto failed;
162                                 }
163                         }
164
165                         if (info2->grpi2_attributes != 0) {
166                                 info.attributes.attributes = info2->grpi2_attributes;
167                                 status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
168                                                                   &group_handle,
169                                                                   GROUPINFOATTRIBUTES,
170                                                                   &info,
171                                                                   &result);
172
173                         }
174                         break;
175                 case 3:
176                         if (info3->grpi3_comment) {
177                                 init_lsa_String(&info.description,
178                                                 info3->grpi3_comment);
179
180                                 status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
181                                                                   &group_handle,
182                                                                   GROUPINFODESCRIPTION,
183                                                                   &info,
184                                                                   &result);
185                                 if (!NT_STATUS_IS_OK(status)) {
186                                         werr = ntstatus_to_werror(status);
187                                         goto failed;
188                                 }
189                                 if (!NT_STATUS_IS_OK(result)) {
190                                         werr = ntstatus_to_werror(result);
191                                         goto failed;
192                                 }
193                         }
194
195                         if (info3->grpi3_attributes != 0) {
196                                 info.attributes.attributes = info3->grpi3_attributes;
197                                 status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
198                                                                   &group_handle,
199                                                                   GROUPINFOATTRIBUTES,
200                                                                   &info,
201                                                                   &result);
202                         }
203                         break;
204                 default:
205                         break;
206         }
207
208         if (!NT_STATUS_IS_OK(status)) {
209                 werr = ntstatus_to_werror(status);
210                 goto failed;
211         }
212         if (!NT_STATUS_IS_OK(result)) {
213                 werr = ntstatus_to_werror(result);
214                 goto failed;
215         }
216
217         werr = WERR_OK;
218         goto done;
219
220  failed:
221         dcerpc_samr_DeleteDomainGroup(b, talloc_tos(),
222                                       &group_handle, &result);
223
224  done:
225         if (is_valid_policy_hnd(&group_handle)) {
226                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
227         }
228
229         if (ctx->disable_policy_handle_cache) {
230                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
231                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
232         }
233
234         return werr;
235 }
236
237 /****************************************************************
238 ****************************************************************/
239
240 WERROR NetGroupAdd_l(struct libnetapi_ctx *ctx,
241                      struct NetGroupAdd *r)
242 {
243         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupAdd);
244 }
245
246 /****************************************************************
247 ****************************************************************/
248
249 WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
250                      struct NetGroupDel *r)
251 {
252         struct rpc_pipe_client *pipe_cli = NULL;
253         NTSTATUS status, result;
254         WERROR werr;
255         struct policy_handle connect_handle, domain_handle, group_handle;
256         struct lsa_String lsa_group_name;
257         struct dom_sid2 *domain_sid = NULL;
258         int i = 0;
259         struct dcerpc_binding_handle *b = NULL;
260
261         struct samr_Ids rids;
262         struct samr_Ids types;
263         union samr_GroupInfo *info = NULL;
264         struct samr_RidAttrArray *rid_array = NULL;
265
266         ZERO_STRUCT(connect_handle);
267         ZERO_STRUCT(domain_handle);
268         ZERO_STRUCT(group_handle);
269
270         if (!r->in.group_name) {
271                 return WERR_INVALID_PARAM;
272         }
273
274         werr = libnetapi_open_pipe(ctx, r->in.server_name,
275                                    &ndr_table_samr.syntax_id,
276                                    &pipe_cli);
277         if (!W_ERROR_IS_OK(werr)) {
278                 goto done;
279         }
280
281         b = pipe_cli->binding_handle;
282
283         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
284                                           SAMR_ACCESS_ENUM_DOMAINS |
285                                           SAMR_ACCESS_LOOKUP_DOMAIN,
286                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
287                                           &connect_handle,
288                                           &domain_handle,
289                                           &domain_sid);
290         if (!W_ERROR_IS_OK(werr)) {
291                 goto done;
292         }
293
294         init_lsa_String(&lsa_group_name, r->in.group_name);
295
296         status = dcerpc_samr_LookupNames(b, talloc_tos(),
297                                          &domain_handle,
298                                          1,
299                                          &lsa_group_name,
300                                          &rids,
301                                          &types,
302                                          &result);
303         if (!NT_STATUS_IS_OK(status)) {
304                 werr = ntstatus_to_werror(status);
305                 goto done;
306         }
307         if (!NT_STATUS_IS_OK(result)) {
308                 werr = ntstatus_to_werror(result);
309                 goto done;
310         }
311
312         if (types.ids[0] != SID_NAME_DOM_GRP) {
313                 werr = WERR_INVALID_DATATYPE;
314                 goto done;
315         }
316
317         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
318                                        &domain_handle,
319                                        SEC_STD_DELETE |
320                                        SAMR_GROUP_ACCESS_GET_MEMBERS |
321                                        SAMR_GROUP_ACCESS_REMOVE_MEMBER |
322                                        SAMR_GROUP_ACCESS_ADD_MEMBER |
323                                        SAMR_GROUP_ACCESS_LOOKUP_INFO,
324                                        rids.ids[0],
325                                        &group_handle,
326                                        &result);
327         if (!NT_STATUS_IS_OK(status)) {
328                 werr = ntstatus_to_werror(status);
329                 goto done;
330         }
331         if (!NT_STATUS_IS_OK(result)) {
332                 werr = ntstatus_to_werror(result);
333                 goto done;
334         }
335
336         status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
337                                             &group_handle,
338                                             GROUPINFOATTRIBUTES,
339                                             &info,
340                                             &result);
341         if (!NT_STATUS_IS_OK(status)) {
342                 werr = ntstatus_to_werror(status);
343                 goto done;
344         }
345         if (!NT_STATUS_IS_OK(result)) {
346                 werr = ntstatus_to_werror(result);
347                 goto done;
348         }
349
350 #if 0
351         /* breaks against NT4 */
352         if (!(info->attributes.attributes & SE_GROUP_ENABLED)) {
353                 werr = WERR_ACCESS_DENIED;
354                 goto done;
355         }
356 #endif
357         status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
358                                               &group_handle,
359                                               &rid_array,
360                                               &result);
361         if (!NT_STATUS_IS_OK(status)) {
362                 werr = ntstatus_to_werror(status);
363                 goto done;
364         }
365         if (!NT_STATUS_IS_OK(result)) {
366                 werr = ntstatus_to_werror(result);
367                 goto done;
368         }
369
370         {
371         struct lsa_Strings names;
372         struct samr_Ids member_types;
373
374         status = dcerpc_samr_LookupRids(b, talloc_tos(),
375                                         &domain_handle,
376                                         rid_array->count,
377                                         rid_array->rids,
378                                         &names,
379                                         &member_types,
380                                         &result);
381         if (!NT_STATUS_IS_OK(status)) {
382                 werr = ntstatus_to_werror(status);
383                 goto done;
384         }
385         if (!NT_STATUS_IS_OK(result)) {
386                 werr = ntstatus_to_werror(result);
387                 goto done;
388         }
389         }
390
391         for (i=0; i < rid_array->count; i++) {
392
393                 status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
394                                                        &group_handle,
395                                                        rid_array->rids[i],
396                                                        &result);
397                 if (!NT_STATUS_IS_OK(status)) {
398                         werr = ntstatus_to_werror(status);
399                         goto done;
400                 }
401                 if (!NT_STATUS_IS_OK(result)) {
402                         werr = ntstatus_to_werror(result);
403                         goto done;
404                 }
405         }
406
407         status = dcerpc_samr_DeleteDomainGroup(b, talloc_tos(),
408                                                &group_handle,
409                                                &result);
410         if (!NT_STATUS_IS_OK(status)) {
411                 werr = ntstatus_to_werror(status);
412                 goto done;
413         }
414         if (!NT_STATUS_IS_OK(result)) {
415                 werr = ntstatus_to_werror(result);
416                 goto done;
417         }
418
419         ZERO_STRUCT(group_handle);
420
421         werr = WERR_OK;
422
423  done:
424         if (is_valid_policy_hnd(&group_handle)) {
425                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
426         }
427
428         if (ctx->disable_policy_handle_cache) {
429                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
430                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
431         }
432
433         return werr;
434 }
435
436 /****************************************************************
437 ****************************************************************/
438
439 WERROR NetGroupDel_l(struct libnetapi_ctx *ctx,
440                      struct NetGroupDel *r)
441 {
442         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupDel);
443 }
444
445 /****************************************************************
446 ****************************************************************/
447
448 WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
449                          struct NetGroupSetInfo *r)
450 {
451         struct rpc_pipe_client *pipe_cli = NULL;
452         NTSTATUS status, result;
453         WERROR werr;
454         struct policy_handle connect_handle, domain_handle, group_handle;
455         struct lsa_String lsa_group_name;
456         struct dom_sid2 *domain_sid = NULL;
457         struct dcerpc_binding_handle *b = NULL;
458
459         struct samr_Ids rids;
460         struct samr_Ids types;
461         union samr_GroupInfo info;
462         struct GROUP_INFO_0 *g0;
463         struct GROUP_INFO_1 *g1;
464         struct GROUP_INFO_2 *g2;
465         struct GROUP_INFO_3 *g3;
466         struct GROUP_INFO_1002 *g1002;
467         struct GROUP_INFO_1005 *g1005;
468
469         ZERO_STRUCT(connect_handle);
470         ZERO_STRUCT(domain_handle);
471         ZERO_STRUCT(group_handle);
472
473         if (!r->in.group_name) {
474                 return WERR_INVALID_PARAM;
475         }
476
477         werr = libnetapi_open_pipe(ctx, r->in.server_name,
478                                    &ndr_table_samr.syntax_id,
479                                    &pipe_cli);
480         if (!W_ERROR_IS_OK(werr)) {
481                 goto done;
482         }
483
484         b = pipe_cli->binding_handle;
485
486         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
487                                           SAMR_ACCESS_ENUM_DOMAINS |
488                                           SAMR_ACCESS_LOOKUP_DOMAIN,
489                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
490                                           &connect_handle,
491                                           &domain_handle,
492                                           &domain_sid);
493         if (!W_ERROR_IS_OK(werr)) {
494                 goto done;
495         }
496
497         init_lsa_String(&lsa_group_name, r->in.group_name);
498
499         status = dcerpc_samr_LookupNames(b, talloc_tos(),
500                                          &domain_handle,
501                                          1,
502                                          &lsa_group_name,
503                                          &rids,
504                                          &types,
505                                          &result);
506         if (!NT_STATUS_IS_OK(status)) {
507                 werr = ntstatus_to_werror(status);
508                 goto done;
509         }
510         if (!NT_STATUS_IS_OK(result)) {
511                 werr = ntstatus_to_werror(result);
512                 goto done;
513         }
514
515         if (types.ids[0] != SID_NAME_DOM_GRP) {
516                 werr = WERR_INVALID_DATATYPE;
517                 goto done;
518         }
519
520         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
521                                        &domain_handle,
522                                        SAMR_GROUP_ACCESS_SET_INFO |
523                                        SAMR_GROUP_ACCESS_LOOKUP_INFO,
524                                        rids.ids[0],
525                                        &group_handle,
526                                        &result);
527         if (!NT_STATUS_IS_OK(status)) {
528                 werr = ntstatus_to_werror(status);
529                 goto done;
530         }
531         if (!NT_STATUS_IS_OK(result)) {
532                 werr = ntstatus_to_werror(result);
533                 goto done;
534         }
535
536         switch (r->in.level) {
537                 case 0:
538                         g0 = (struct GROUP_INFO_0 *)r->in.buffer;
539                         init_lsa_String(&info.name, g0->grpi0_name);
540                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
541                                                           &group_handle,
542                                                           GROUPINFONAME,
543                                                           &info,
544                                                           &result);
545                         break;
546                 case 1:
547                         g1 = (struct GROUP_INFO_1 *)r->in.buffer;
548                         init_lsa_String(&info.description, g1->grpi1_comment);
549                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
550                                                           &group_handle,
551                                                           GROUPINFODESCRIPTION,
552                                                           &info,
553                                                           &result);
554                         break;
555                 case 2:
556                         g2 = (struct GROUP_INFO_2 *)r->in.buffer;
557                         init_lsa_String(&info.description, g2->grpi2_comment);
558                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
559                                                           &group_handle,
560                                                           GROUPINFODESCRIPTION,
561                                                           &info,
562                                                           &result);
563                         if (!NT_STATUS_IS_OK(status)) {
564                                 werr = ntstatus_to_werror(status);
565                                 goto done;
566                         }
567                         if (!NT_STATUS_IS_OK(result)) {
568                                 werr = ntstatus_to_werror(result);
569                                 goto done;
570                         }
571
572                         info.attributes.attributes = g2->grpi2_attributes;
573                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
574                                                           &group_handle,
575                                                           GROUPINFOATTRIBUTES,
576                                                           &info,
577                                                           &result);
578                         break;
579                 case 3:
580                         g3 = (struct GROUP_INFO_3 *)r->in.buffer;
581                         init_lsa_String(&info.description, g3->grpi3_comment);
582                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
583                                                           &group_handle,
584                                                           GROUPINFODESCRIPTION,
585                                                           &info,
586                                                           &result);
587                         if (!NT_STATUS_IS_OK(status)) {
588                                 werr = ntstatus_to_werror(status);
589                                 goto done;
590                         }
591                         if (!NT_STATUS_IS_OK(result)) {
592                                 werr = ntstatus_to_werror(result);
593                                 goto done;
594                         }
595
596                         info.attributes.attributes = g3->grpi3_attributes;
597                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
598                                                           &group_handle,
599                                                           GROUPINFOATTRIBUTES,
600                                                           &info,
601                                                           &result);
602                         break;
603                 case 1002:
604                         g1002 = (struct GROUP_INFO_1002 *)r->in.buffer;
605                         init_lsa_String(&info.description, g1002->grpi1002_comment);
606                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
607                                                           &group_handle,
608                                                           GROUPINFODESCRIPTION,
609                                                           &info,
610                                                           &result);
611                         break;
612                 case 1005:
613                         g1005 = (struct GROUP_INFO_1005 *)r->in.buffer;
614                         info.attributes.attributes = g1005->grpi1005_attributes;
615                         status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
616                                                           &group_handle,
617                                                           GROUPINFOATTRIBUTES,
618                                                           &info,
619                                                           &result);
620                         break;
621                 default:
622                         status = NT_STATUS_INVALID_LEVEL;
623                         break;
624         }
625
626         if (!NT_STATUS_IS_OK(status)) {
627                 werr = ntstatus_to_werror(status);
628                 goto done;
629         }
630         if (!NT_STATUS_IS_OK(result)) {
631                 werr = ntstatus_to_werror(result);
632                 goto done;
633         }
634
635         werr = WERR_OK;
636
637  done:
638         if (is_valid_policy_hnd(&group_handle)) {
639                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
640         }
641
642         if (ctx->disable_policy_handle_cache) {
643                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
644                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
645         }
646
647         return werr;
648 }
649
650 /****************************************************************
651 ****************************************************************/
652
653 WERROR NetGroupSetInfo_l(struct libnetapi_ctx *ctx,
654                          struct NetGroupSetInfo *r)
655 {
656         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupSetInfo);
657 }
658
659 /****************************************************************
660 ****************************************************************/
661
662 static WERROR map_group_info_to_buffer(TALLOC_CTX *mem_ctx,
663                                        uint32_t level,
664                                        struct samr_GroupInfoAll *info,
665                                        struct dom_sid2 *domain_sid,
666                                        uint32_t rid,
667                                        uint8_t **buffer)
668 {
669         struct GROUP_INFO_0 info0;
670         struct GROUP_INFO_1 info1;
671         struct GROUP_INFO_2 info2;
672         struct GROUP_INFO_3 info3;
673         struct dom_sid sid;
674
675         switch (level) {
676                 case 0:
677                         info0.grpi0_name        = info->name.string;
678
679                         *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info0, sizeof(info0));
680
681                         break;
682                 case 1:
683                         info1.grpi1_name        = info->name.string;
684                         info1.grpi1_comment     = info->description.string;
685
686                         *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info1, sizeof(info1));
687
688                         break;
689                 case 2:
690                         info2.grpi2_name        = info->name.string;
691                         info2.grpi2_comment     = info->description.string;
692                         info2.grpi2_group_id    = rid;
693                         info2.grpi2_attributes  = info->attributes;
694
695                         *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info2, sizeof(info2));
696
697                         break;
698                 case 3:
699                         if (!sid_compose(&sid, domain_sid, rid)) {
700                                 return WERR_NOMEM;
701                         }
702
703                         info3.grpi3_name        = info->name.string;
704                         info3.grpi3_comment     = info->description.string;
705                         info3.grpi3_attributes  = info->attributes;
706                         info3.grpi3_group_sid   = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
707
708                         *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3, sizeof(info3));
709
710                         break;
711                 default:
712                         return WERR_UNKNOWN_LEVEL;
713         }
714
715         W_ERROR_HAVE_NO_MEMORY(*buffer);
716
717         return WERR_OK;
718 }
719
720 /****************************************************************
721 ****************************************************************/
722
723 WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
724                          struct NetGroupGetInfo *r)
725 {
726         struct rpc_pipe_client *pipe_cli = NULL;
727         NTSTATUS status, result;
728         WERROR werr;
729         struct policy_handle connect_handle, domain_handle, group_handle;
730         struct lsa_String lsa_group_name;
731         struct dom_sid2 *domain_sid = NULL;
732         struct dcerpc_binding_handle *b = NULL;
733
734         struct samr_Ids rids;
735         struct samr_Ids types;
736         union samr_GroupInfo *info = NULL;
737         bool group_info_all = false;
738
739         ZERO_STRUCT(connect_handle);
740         ZERO_STRUCT(domain_handle);
741         ZERO_STRUCT(group_handle);
742
743         if (!r->in.group_name) {
744                 return WERR_INVALID_PARAM;
745         }
746
747         werr = libnetapi_open_pipe(ctx, r->in.server_name,
748                                    &ndr_table_samr.syntax_id,
749                                    &pipe_cli);
750         if (!W_ERROR_IS_OK(werr)) {
751                 goto done;
752         }
753
754         b = pipe_cli->binding_handle;
755
756         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
757                                           SAMR_ACCESS_ENUM_DOMAINS |
758                                           SAMR_ACCESS_LOOKUP_DOMAIN,
759                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
760                                           &connect_handle,
761                                           &domain_handle,
762                                           &domain_sid);
763         if (!W_ERROR_IS_OK(werr)) {
764                 goto done;
765         }
766
767         init_lsa_String(&lsa_group_name, r->in.group_name);
768
769         status = dcerpc_samr_LookupNames(b, talloc_tos(),
770                                          &domain_handle,
771                                          1,
772                                          &lsa_group_name,
773                                          &rids,
774                                          &types,
775                                          &result);
776         if (!NT_STATUS_IS_OK(status)) {
777                 werr = ntstatus_to_werror(status);
778                 goto done;
779         }
780         if (!NT_STATUS_IS_OK(result)) {
781                 werr = ntstatus_to_werror(result);
782                 goto done;
783         }
784
785         if (types.ids[0] != SID_NAME_DOM_GRP) {
786                 werr = WERR_INVALID_DATATYPE;
787                 goto done;
788         }
789
790         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
791                                        &domain_handle,
792                                        SAMR_GROUP_ACCESS_LOOKUP_INFO,
793                                        rids.ids[0],
794                                        &group_handle,
795                                        &result);
796         if (!NT_STATUS_IS_OK(status)) {
797                 werr = ntstatus_to_werror(status);
798                 goto done;
799         }
800         if (!NT_STATUS_IS_OK(result)) {
801                 werr = ntstatus_to_werror(result);
802                 goto done;
803         }
804
805         status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
806                                             &group_handle,
807                                             GROUPINFOALL2,
808                                             &info,
809                                             &result);
810         if (!NT_STATUS_IS_OK(status)) {
811                 werr = ntstatus_to_werror(status);
812                 goto done;
813         }
814
815         if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_INFO_CLASS)) {
816                 status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
817                                                     &group_handle,
818                                                     GROUPINFOALL,
819                                                     &info,
820                                                     &result);
821                 group_info_all = true;
822                 if (!NT_STATUS_IS_OK(status)) {
823                         werr = ntstatus_to_werror(status);
824                         goto done;
825                 }
826         }
827
828         if (!NT_STATUS_IS_OK(result)) {
829                 werr = ntstatus_to_werror(result);
830                 goto done;
831         }
832
833         werr = map_group_info_to_buffer(ctx, r->in.level,
834                                         group_info_all ? &info->all : &info->all2,
835                                         domain_sid, rids.ids[0],
836                                         r->out.buffer);
837         if (!W_ERROR_IS_OK(werr)) {
838                 goto done;
839         }
840  done:
841         if (is_valid_policy_hnd(&group_handle)) {
842                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
843         }
844
845         if (ctx->disable_policy_handle_cache) {
846                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
847                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
848         }
849
850         return werr;
851 }
852
853 /****************************************************************
854 ****************************************************************/
855
856 WERROR NetGroupGetInfo_l(struct libnetapi_ctx *ctx,
857                          struct NetGroupGetInfo *r)
858 {
859         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupGetInfo);
860 }
861
862 /****************************************************************
863 ****************************************************************/
864
865 WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
866                          struct NetGroupAddUser *r)
867 {
868         struct rpc_pipe_client *pipe_cli = NULL;
869         NTSTATUS status, result;
870         WERROR werr;
871         struct policy_handle connect_handle, domain_handle, group_handle;
872         struct lsa_String lsa_group_name, lsa_user_name;
873         struct dom_sid2 *domain_sid = NULL;
874         struct dcerpc_binding_handle *b = NULL;
875
876         struct samr_Ids rids;
877         struct samr_Ids types;
878
879         ZERO_STRUCT(connect_handle);
880         ZERO_STRUCT(domain_handle);
881         ZERO_STRUCT(group_handle);
882
883         if (!r->in.group_name) {
884                 return WERR_INVALID_PARAM;
885         }
886
887         werr = libnetapi_open_pipe(ctx, r->in.server_name,
888                                    &ndr_table_samr.syntax_id,
889                                    &pipe_cli);
890         if (!W_ERROR_IS_OK(werr)) {
891                 goto done;
892         }
893
894         b = pipe_cli->binding_handle;
895
896         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
897                                           SAMR_ACCESS_ENUM_DOMAINS |
898                                           SAMR_ACCESS_LOOKUP_DOMAIN,
899                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
900                                           &connect_handle,
901                                           &domain_handle,
902                                           &domain_sid);
903         if (!W_ERROR_IS_OK(werr)) {
904                 goto done;
905         }
906
907         init_lsa_String(&lsa_group_name, r->in.group_name);
908
909         status = dcerpc_samr_LookupNames(b, talloc_tos(),
910                                          &domain_handle,
911                                          1,
912                                          &lsa_group_name,
913                                          &rids,
914                                          &types,
915                                          &result);
916         if (!NT_STATUS_IS_OK(status)) {
917                 werr = ntstatus_to_werror(status);
918                 goto done;
919         }
920         if (!NT_STATUS_IS_OK(result)) {
921                 werr = WERR_GROUPNOTFOUND;
922                 goto done;
923         }
924
925         if (types.ids[0] != SID_NAME_DOM_GRP) {
926                 werr = WERR_GROUPNOTFOUND;
927                 goto done;
928         }
929
930         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
931                                        &domain_handle,
932                                        SAMR_GROUP_ACCESS_ADD_MEMBER,
933                                        rids.ids[0],
934                                        &group_handle,
935                                        &result);
936         if (!NT_STATUS_IS_OK(status)) {
937                 werr = ntstatus_to_werror(status);
938                 goto done;
939         }
940         if (!NT_STATUS_IS_OK(result)) {
941                 werr = ntstatus_to_werror(result);
942                 goto done;
943         }
944
945         init_lsa_String(&lsa_user_name, r->in.user_name);
946
947         status = dcerpc_samr_LookupNames(b, talloc_tos(),
948                                          &domain_handle,
949                                          1,
950                                          &lsa_user_name,
951                                          &rids,
952                                          &types,
953                                          &result);
954         if (!NT_STATUS_IS_OK(status)) {
955                 werr = ntstatus_to_werror(status);
956                 goto done;
957         }
958         if (!NT_STATUS_IS_OK(result)) {
959                 werr = WERR_USER_NOT_FOUND;
960                 goto done;
961         }
962
963         if (types.ids[0] != SID_NAME_USER) {
964                 werr = WERR_USER_NOT_FOUND;
965                 goto done;
966         }
967
968         status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
969                                             &group_handle,
970                                             rids.ids[0],
971                                             7, /* why ? */
972                                             &result);
973         if (!NT_STATUS_IS_OK(status)) {
974                 werr = ntstatus_to_werror(status);
975                 goto done;
976         }
977         if (!NT_STATUS_IS_OK(result)) {
978                 werr = ntstatus_to_werror(result);
979                 goto done;
980         }
981
982         werr = WERR_OK;
983
984  done:
985         if (is_valid_policy_hnd(&group_handle)) {
986                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
987         }
988
989         if (ctx->disable_policy_handle_cache) {
990                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
991                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
992         }
993
994         return werr;
995 }
996
997 /****************************************************************
998 ****************************************************************/
999
1000 WERROR NetGroupAddUser_l(struct libnetapi_ctx *ctx,
1001                          struct NetGroupAddUser *r)
1002 {
1003         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupAddUser);
1004 }
1005
1006 /****************************************************************
1007 ****************************************************************/
1008
1009 WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
1010                          struct NetGroupDelUser *r)
1011 {
1012         struct rpc_pipe_client *pipe_cli = NULL;
1013         NTSTATUS status, result;
1014         WERROR werr;
1015         struct policy_handle connect_handle, domain_handle, group_handle;
1016         struct lsa_String lsa_group_name, lsa_user_name;
1017         struct dom_sid2 *domain_sid = NULL;
1018         struct dcerpc_binding_handle *b = NULL;
1019
1020         struct samr_Ids rids;
1021         struct samr_Ids types;
1022
1023         ZERO_STRUCT(connect_handle);
1024         ZERO_STRUCT(domain_handle);
1025         ZERO_STRUCT(group_handle);
1026
1027         if (!r->in.group_name) {
1028                 return WERR_INVALID_PARAM;
1029         }
1030
1031         werr = libnetapi_open_pipe(ctx, r->in.server_name,
1032                                    &ndr_table_samr.syntax_id,
1033                                    &pipe_cli);
1034         if (!W_ERROR_IS_OK(werr)) {
1035                 goto done;
1036         }
1037
1038         b = pipe_cli->binding_handle;
1039
1040         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1041                                           SAMR_ACCESS_ENUM_DOMAINS |
1042                                           SAMR_ACCESS_LOOKUP_DOMAIN,
1043                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1044                                           &connect_handle,
1045                                           &domain_handle,
1046                                           &domain_sid);
1047         if (!W_ERROR_IS_OK(werr)) {
1048                 goto done;
1049         }
1050
1051         init_lsa_String(&lsa_group_name, r->in.group_name);
1052
1053         status = dcerpc_samr_LookupNames(b, talloc_tos(),
1054                                          &domain_handle,
1055                                          1,
1056                                          &lsa_group_name,
1057                                          &rids,
1058                                          &types,
1059                                          &result);
1060         if (!NT_STATUS_IS_OK(status)) {
1061                 werr = ntstatus_to_werror(status);
1062                 goto done;
1063         }
1064         if (!NT_STATUS_IS_OK(result)) {
1065                 werr = WERR_GROUPNOTFOUND;
1066                 goto done;
1067         }
1068
1069         if (types.ids[0] != SID_NAME_DOM_GRP) {
1070                 werr = WERR_GROUPNOTFOUND;
1071                 goto done;
1072         }
1073
1074         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
1075                                        &domain_handle,
1076                                        SAMR_GROUP_ACCESS_REMOVE_MEMBER,
1077                                        rids.ids[0],
1078                                        &group_handle,
1079                                        &result);
1080         if (!NT_STATUS_IS_OK(status)) {
1081                 werr = ntstatus_to_werror(status);
1082                 goto done;
1083         }
1084         if (!NT_STATUS_IS_OK(result)) {
1085                 werr = ntstatus_to_werror(result);
1086                 goto done;
1087         }
1088
1089         init_lsa_String(&lsa_user_name, r->in.user_name);
1090
1091         status = dcerpc_samr_LookupNames(b, talloc_tos(),
1092                                          &domain_handle,
1093                                          1,
1094                                          &lsa_user_name,
1095                                          &rids,
1096                                          &types,
1097                                          &result);
1098         if (!NT_STATUS_IS_OK(status)) {
1099                 werr = ntstatus_to_werror(status);
1100                 goto done;
1101         }
1102
1103         if (!NT_STATUS_IS_OK(result)) {
1104                 werr = WERR_USER_NOT_FOUND;
1105                 goto done;
1106         }
1107
1108         if (types.ids[0] != SID_NAME_USER) {
1109                 werr = WERR_USER_NOT_FOUND;
1110                 goto done;
1111         }
1112
1113         status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
1114                                                &group_handle,
1115                                                rids.ids[0],
1116                                                &result);
1117         if (!NT_STATUS_IS_OK(status)) {
1118                 werr = ntstatus_to_werror(status);
1119                 goto done;
1120         }
1121         if (!NT_STATUS_IS_OK(result)) {
1122                 werr = ntstatus_to_werror(result);
1123                 goto done;
1124         }
1125
1126         werr = WERR_OK;
1127
1128  done:
1129         if (is_valid_policy_hnd(&group_handle)) {
1130                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
1131         }
1132
1133         if (ctx->disable_policy_handle_cache) {
1134                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1135                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1136         }
1137
1138         return werr;
1139 }
1140
1141 /****************************************************************
1142 ****************************************************************/
1143
1144 WERROR NetGroupDelUser_l(struct libnetapi_ctx *ctx,
1145                          struct NetGroupDelUser *r)
1146 {
1147         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupDelUser);
1148 }
1149
1150 /****************************************************************
1151 ****************************************************************/
1152
1153 static WERROR convert_samr_disp_groups_to_GROUP_INFO_0_buffer(TALLOC_CTX *mem_ctx,
1154                                                               struct samr_DispInfoFullGroups *groups,
1155                                                               uint8_t **buffer)
1156 {
1157         struct GROUP_INFO_0 *g0;
1158         int i;
1159
1160         g0 = TALLOC_ZERO_ARRAY(mem_ctx, struct GROUP_INFO_0, groups->count);
1161         W_ERROR_HAVE_NO_MEMORY(g0);
1162
1163         for (i=0; i<groups->count; i++) {
1164                 g0[i].grpi0_name = talloc_strdup(mem_ctx,
1165                         groups->entries[i].account_name.string);
1166                 W_ERROR_HAVE_NO_MEMORY(g0[i].grpi0_name);
1167         }
1168
1169         *buffer = (uint8_t *)talloc_memdup(mem_ctx, g0,
1170                                            sizeof(struct GROUP_INFO_0) * groups->count);
1171         W_ERROR_HAVE_NO_MEMORY(*buffer);
1172
1173         return WERR_OK;
1174 }
1175
1176 /****************************************************************
1177 ****************************************************************/
1178
1179 static WERROR convert_samr_disp_groups_to_GROUP_INFO_1_buffer(TALLOC_CTX *mem_ctx,
1180                                                               struct samr_DispInfoFullGroups *groups,
1181                                                               uint8_t **buffer)
1182 {
1183         struct GROUP_INFO_1 *g1;
1184         int i;
1185
1186         g1 = TALLOC_ZERO_ARRAY(mem_ctx, struct GROUP_INFO_1, groups->count);
1187         W_ERROR_HAVE_NO_MEMORY(g1);
1188
1189         for (i=0; i<groups->count; i++) {
1190                 g1[i].grpi1_name = talloc_strdup(mem_ctx,
1191                         groups->entries[i].account_name.string);
1192                 g1[i].grpi1_comment = talloc_strdup(mem_ctx,
1193                         groups->entries[i].description.string);
1194                 W_ERROR_HAVE_NO_MEMORY(g1[i].grpi1_name);
1195         }
1196
1197         *buffer = (uint8_t *)talloc_memdup(mem_ctx, g1,
1198                                            sizeof(struct GROUP_INFO_1) * groups->count);
1199         W_ERROR_HAVE_NO_MEMORY(*buffer);
1200
1201         return WERR_OK;
1202 }
1203
1204 /****************************************************************
1205 ****************************************************************/
1206
1207 static WERROR convert_samr_disp_groups_to_GROUP_INFO_2_buffer(TALLOC_CTX *mem_ctx,
1208                                                               struct samr_DispInfoFullGroups *groups,
1209                                                               uint8_t **buffer)
1210 {
1211         struct GROUP_INFO_2 *g2;
1212         int i;
1213
1214         g2 = TALLOC_ZERO_ARRAY(mem_ctx, struct GROUP_INFO_2, groups->count);
1215         W_ERROR_HAVE_NO_MEMORY(g2);
1216
1217         for (i=0; i<groups->count; i++) {
1218                 g2[i].grpi2_name = talloc_strdup(mem_ctx,
1219                         groups->entries[i].account_name.string);
1220                 g2[i].grpi2_comment = talloc_strdup(mem_ctx,
1221                         groups->entries[i].description.string);
1222                 g2[i].grpi2_group_id = groups->entries[i].rid;
1223                 g2[i].grpi2_attributes = groups->entries[i].acct_flags;
1224                 W_ERROR_HAVE_NO_MEMORY(g2[i].grpi2_name);
1225         }
1226
1227         *buffer = (uint8_t *)talloc_memdup(mem_ctx, g2,
1228                                            sizeof(struct GROUP_INFO_2) * groups->count);
1229         W_ERROR_HAVE_NO_MEMORY(*buffer);
1230
1231         return WERR_OK;
1232 }
1233
1234 /****************************************************************
1235 ****************************************************************/
1236
1237 static WERROR convert_samr_disp_groups_to_GROUP_INFO_3_buffer(TALLOC_CTX *mem_ctx,
1238                                                               struct samr_DispInfoFullGroups *groups,
1239                                                               const struct dom_sid *domain_sid,
1240                                                               uint8_t **buffer)
1241 {
1242         struct GROUP_INFO_3 *g3;
1243         int i;
1244
1245         g3 = TALLOC_ZERO_ARRAY(mem_ctx, struct GROUP_INFO_3, groups->count);
1246         W_ERROR_HAVE_NO_MEMORY(g3);
1247
1248         for (i=0; i<groups->count; i++) {
1249
1250                 struct dom_sid sid;
1251
1252                 if (!sid_compose(&sid, domain_sid, groups->entries[i].rid)) {
1253                         return WERR_NOMEM;
1254                 }
1255
1256                 g3[i].grpi3_name = talloc_strdup(mem_ctx,
1257                         groups->entries[i].account_name.string);
1258                 g3[i].grpi3_comment = talloc_strdup(mem_ctx,
1259                         groups->entries[i].description.string);
1260                 g3[i].grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
1261                 g3[i].grpi3_attributes = groups->entries[i].acct_flags;
1262                 W_ERROR_HAVE_NO_MEMORY(g3[i].grpi3_name);
1263         }
1264
1265         *buffer = (uint8_t *)talloc_memdup(mem_ctx, g3,
1266                                            sizeof(struct GROUP_INFO_3) * groups->count);
1267         W_ERROR_HAVE_NO_MEMORY(*buffer);
1268
1269         return WERR_OK;
1270 }
1271
1272 /****************************************************************
1273 ****************************************************************/
1274
1275 static WERROR convert_samr_disp_groups_to_GROUP_INFO_buffer(TALLOC_CTX *mem_ctx,
1276                                                             uint32_t level,
1277                                                             struct samr_DispInfoFullGroups *groups,
1278                                                             const struct dom_sid *domain_sid,
1279                                                             uint32_t *entries_read,
1280                                                             uint8_t **buffer)
1281 {
1282         if (entries_read) {
1283                 *entries_read = groups->count;
1284         }
1285
1286         switch (level) {
1287                 case 0:
1288                         return convert_samr_disp_groups_to_GROUP_INFO_0_buffer(mem_ctx, groups, buffer);
1289                 case 1:
1290                         return convert_samr_disp_groups_to_GROUP_INFO_1_buffer(mem_ctx, groups, buffer);
1291                 case 2:
1292                         return convert_samr_disp_groups_to_GROUP_INFO_2_buffer(mem_ctx, groups, buffer);
1293                 case 3:
1294                         return convert_samr_disp_groups_to_GROUP_INFO_3_buffer(mem_ctx, groups, domain_sid, buffer);
1295                 default:
1296                         return WERR_UNKNOWN_LEVEL;
1297         }
1298 }
1299
1300 /****************************************************************
1301 ****************************************************************/
1302
1303 WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
1304                       struct NetGroupEnum *r)
1305 {
1306         struct rpc_pipe_client *pipe_cli = NULL;
1307         struct policy_handle connect_handle;
1308         struct dom_sid2 *domain_sid = NULL;
1309         struct policy_handle domain_handle;
1310         union samr_DispInfo info;
1311         union samr_DomainInfo *domain_info = NULL;
1312         struct dcerpc_binding_handle *b = NULL;
1313
1314         uint32_t total_size = 0;
1315         uint32_t returned_size = 0;
1316
1317         NTSTATUS result = NT_STATUS_OK;
1318         NTSTATUS status = NT_STATUS_OK;
1319         WERROR werr, tmp_werr;
1320
1321         ZERO_STRUCT(connect_handle);
1322         ZERO_STRUCT(domain_handle);
1323
1324         switch (r->in.level) {
1325                 case 0:
1326                 case 1:
1327                 case 2:
1328                 case 3:
1329                         break;
1330                 default:
1331                         return WERR_UNKNOWN_LEVEL;
1332         }
1333
1334         werr = libnetapi_open_pipe(ctx, r->in.server_name,
1335                                    &ndr_table_samr.syntax_id,
1336                                    &pipe_cli);
1337         if (!W_ERROR_IS_OK(werr)) {
1338                 goto done;
1339         }
1340
1341         b = pipe_cli->binding_handle;
1342
1343         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1344                                           SAMR_ACCESS_ENUM_DOMAINS |
1345                                           SAMR_ACCESS_LOOKUP_DOMAIN,
1346                                           SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
1347                                           SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
1348                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1349                                           &connect_handle,
1350                                           &domain_handle,
1351                                           &domain_sid);
1352         if (!W_ERROR_IS_OK(werr)) {
1353                 goto done;
1354         }
1355
1356         status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
1357                                              &domain_handle,
1358                                              2,
1359                                              &domain_info,
1360                                              &result);
1361         if (!NT_STATUS_IS_OK(status)) {
1362                 werr = ntstatus_to_werror(status);
1363                 goto done;
1364         }
1365         if (!NT_STATUS_IS_OK(result)) {
1366                 werr = ntstatus_to_werror(result);
1367                 goto done;
1368         }
1369
1370         if (r->out.total_entries) {
1371                 *r->out.total_entries = domain_info->general.num_groups;
1372         }
1373
1374         status = dcerpc_samr_QueryDisplayInfo2(b,
1375                                                ctx,
1376                                                &domain_handle,
1377                                                3,
1378                                                r->in.resume_handle ?
1379                                                *r->in.resume_handle : 0,
1380                                                (uint32_t)-1,
1381                                                r->in.prefmaxlen,
1382                                                &total_size,
1383                                                &returned_size,
1384                                                &info,
1385                                                &result);
1386         if (!NT_STATUS_IS_OK(status)) {
1387                 werr = ntstatus_to_werror(status);
1388                 goto done;
1389         }
1390
1391         werr = ntstatus_to_werror(result);
1392         if (NT_STATUS_IS_ERR(result)) {
1393                 goto done;
1394         }
1395
1396         if (r->out.resume_handle && info.info3.count > 0) {
1397                 *r->out.resume_handle =
1398                         info.info3.entries[info.info3.count-1].idx;
1399         }
1400
1401         tmp_werr = convert_samr_disp_groups_to_GROUP_INFO_buffer(ctx,
1402                                                                  r->in.level,
1403                                                                  &info.info3,
1404                                                                  domain_sid,
1405                                                                  r->out.entries_read,
1406                                                                  r->out.buffer);
1407         if (!W_ERROR_IS_OK(tmp_werr)) {
1408                 werr = tmp_werr;
1409                 goto done;
1410         }
1411
1412  done:
1413         /* if last query */
1414         if (NT_STATUS_IS_OK(result) ||
1415             NT_STATUS_IS_ERR(result)) {
1416
1417                 if (ctx->disable_policy_handle_cache) {
1418                         libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1419                         libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1420                 }
1421         }
1422
1423         return werr;
1424 }
1425
1426 /****************************************************************
1427 ****************************************************************/
1428
1429 WERROR NetGroupEnum_l(struct libnetapi_ctx *ctx,
1430                       struct NetGroupEnum *r)
1431 {
1432         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupEnum);
1433 }
1434
1435 /****************************************************************
1436 ****************************************************************/
1437
1438 WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
1439                           struct NetGroupGetUsers *r)
1440 {
1441         /* FIXME: this call needs to cope with large replies */
1442
1443         struct rpc_pipe_client *pipe_cli = NULL;
1444         struct policy_handle connect_handle, domain_handle, group_handle;
1445         struct lsa_String lsa_account_name;
1446         struct dom_sid2 *domain_sid = NULL;
1447         struct samr_Ids group_rids, name_types;
1448         struct samr_RidAttrArray *rid_array = NULL;
1449         struct lsa_Strings names;
1450         struct samr_Ids member_types;
1451         struct dcerpc_binding_handle *b = NULL;
1452
1453         int i;
1454         uint32_t entries_read = 0;
1455
1456         NTSTATUS status = NT_STATUS_OK;
1457         NTSTATUS result = NT_STATUS_OK;
1458         WERROR werr;
1459
1460         ZERO_STRUCT(connect_handle);
1461         ZERO_STRUCT(domain_handle);
1462
1463         if (!r->out.buffer) {
1464                 return WERR_INVALID_PARAM;
1465         }
1466
1467         *r->out.buffer = NULL;
1468         *r->out.entries_read = 0;
1469         *r->out.total_entries = 0;
1470
1471         switch (r->in.level) {
1472                 case 0:
1473                 case 1:
1474                         break;
1475                 default:
1476                         return WERR_UNKNOWN_LEVEL;
1477         }
1478
1479
1480         werr = libnetapi_open_pipe(ctx, r->in.server_name,
1481                                    &ndr_table_samr.syntax_id,
1482                                    &pipe_cli);
1483         if (!W_ERROR_IS_OK(werr)) {
1484                 goto done;
1485         }
1486
1487         b = pipe_cli->binding_handle;
1488
1489         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1490                                           SAMR_ACCESS_ENUM_DOMAINS |
1491                                           SAMR_ACCESS_LOOKUP_DOMAIN,
1492                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1493                                           &connect_handle,
1494                                           &domain_handle,
1495                                           &domain_sid);
1496         if (!W_ERROR_IS_OK(werr)) {
1497                 goto done;
1498         }
1499
1500         init_lsa_String(&lsa_account_name, r->in.group_name);
1501
1502         status = dcerpc_samr_LookupNames(b, talloc_tos(),
1503                                          &domain_handle,
1504                                          1,
1505                                          &lsa_account_name,
1506                                          &group_rids,
1507                                          &name_types,
1508                                          &result);
1509         if (!NT_STATUS_IS_OK(status)) {
1510                 werr = ntstatus_to_werror(status);
1511                 goto done;
1512         }
1513         if (!NT_STATUS_IS_OK(result)) {
1514                 werr = ntstatus_to_werror(result);
1515                 goto done;
1516         }
1517
1518         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
1519                                        &domain_handle,
1520                                        SAMR_GROUP_ACCESS_GET_MEMBERS,
1521                                        group_rids.ids[0],
1522                                        &group_handle,
1523                                        &result);
1524         if (!NT_STATUS_IS_OK(status)) {
1525                 werr = ntstatus_to_werror(status);
1526                 goto done;
1527         }
1528         if (!NT_STATUS_IS_OK(result)) {
1529                 werr = ntstatus_to_werror(result);
1530                 goto done;
1531         }
1532
1533         status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
1534                                               &group_handle,
1535                                               &rid_array,
1536                                               &result);
1537         if (!NT_STATUS_IS_OK(status)) {
1538                 werr = ntstatus_to_werror(status);
1539                 goto done;
1540         }
1541         if (!NT_STATUS_IS_OK(result)) {
1542                 werr = ntstatus_to_werror(result);
1543                 goto done;
1544         }
1545
1546         status = dcerpc_samr_LookupRids(b, talloc_tos(),
1547                                         &domain_handle,
1548                                         rid_array->count,
1549                                         rid_array->rids,
1550                                         &names,
1551                                         &member_types,
1552                                         &result);
1553         if (!NT_STATUS_IS_OK(status)) {
1554                 werr = ntstatus_to_werror(status);
1555                 goto done;
1556         }
1557         if (!NT_STATUS_IS_OK(result)) {
1558                 werr = ntstatus_to_werror(result);
1559                 goto done;
1560         }
1561
1562         for (i=0; i < names.count; i++) {
1563
1564                 if (member_types.ids[i] != SID_NAME_USER) {
1565                         continue;
1566                 }
1567
1568                 status = add_GROUP_USERS_INFO_X_buffer(ctx,
1569                                                        r->in.level,
1570                                                        names.names[i].string,
1571                                                        7,
1572                                                        r->out.buffer,
1573                                                        &entries_read);
1574                 if (!NT_STATUS_IS_OK(status)) {
1575                         werr = ntstatus_to_werror(status);
1576                         goto done;
1577                 }
1578         }
1579
1580         *r->out.entries_read = entries_read;
1581         *r->out.total_entries = entries_read;
1582
1583         werr = WERR_OK;
1584
1585  done:
1586         if (is_valid_policy_hnd(&group_handle)) {
1587                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
1588         }
1589
1590         if (ctx->disable_policy_handle_cache) {
1591                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1592                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1593         }
1594
1595         return werr;
1596 }
1597
1598 /****************************************************************
1599 ****************************************************************/
1600
1601 WERROR NetGroupGetUsers_l(struct libnetapi_ctx *ctx,
1602                           struct NetGroupGetUsers *r)
1603 {
1604         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupGetUsers);
1605 }
1606
1607 /****************************************************************
1608 ****************************************************************/
1609
1610 WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
1611                           struct NetGroupSetUsers *r)
1612 {
1613         struct rpc_pipe_client *pipe_cli = NULL;
1614         struct policy_handle connect_handle, domain_handle, group_handle;
1615         struct lsa_String lsa_account_name;
1616         struct dom_sid2 *domain_sid = NULL;
1617         union samr_GroupInfo *group_info = NULL;
1618         struct samr_Ids user_rids, name_types;
1619         struct samr_Ids group_rids, group_types;
1620         struct samr_RidAttrArray *rid_array = NULL;
1621         struct lsa_String *lsa_names = NULL;
1622         struct dcerpc_binding_handle *b = NULL;
1623
1624         uint32_t *add_rids = NULL;
1625         uint32_t *del_rids = NULL;
1626         size_t num_add_rids = 0;
1627         size_t num_del_rids = 0;
1628
1629         uint32_t *member_rids = NULL;
1630
1631         struct GROUP_USERS_INFO_0 *i0 = NULL;
1632         struct GROUP_USERS_INFO_1 *i1 = NULL;
1633
1634         int i, k;
1635
1636         NTSTATUS status = NT_STATUS_OK;
1637         NTSTATUS result = NT_STATUS_OK;
1638         WERROR werr;
1639
1640         ZERO_STRUCT(connect_handle);
1641         ZERO_STRUCT(domain_handle);
1642
1643         if (!r->in.buffer) {
1644                 return WERR_INVALID_PARAM;
1645         }
1646
1647         switch (r->in.level) {
1648                 case 0:
1649                 case 1:
1650                         break;
1651                 default:
1652                         return WERR_UNKNOWN_LEVEL;
1653         }
1654
1655         werr = libnetapi_open_pipe(ctx, r->in.server_name,
1656                                    &ndr_table_samr.syntax_id,
1657                                    &pipe_cli);
1658         if (!W_ERROR_IS_OK(werr)) {
1659                 goto done;
1660         }
1661
1662         b = pipe_cli->binding_handle;
1663
1664         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1665                                           SAMR_ACCESS_ENUM_DOMAINS |
1666                                           SAMR_ACCESS_LOOKUP_DOMAIN,
1667                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1668                                           &connect_handle,
1669                                           &domain_handle,
1670                                           &domain_sid);
1671         if (!W_ERROR_IS_OK(werr)) {
1672                 goto done;
1673         }
1674
1675         init_lsa_String(&lsa_account_name, r->in.group_name);
1676
1677         status = dcerpc_samr_LookupNames(b, talloc_tos(),
1678                                          &domain_handle,
1679                                          1,
1680                                          &lsa_account_name,
1681                                          &group_rids,
1682                                          &group_types,
1683                                          &result);
1684         if (!NT_STATUS_IS_OK(status)) {
1685                 werr = ntstatus_to_werror(status);
1686                 goto done;
1687         }
1688         if (!NT_STATUS_IS_OK(result)) {
1689                 werr = ntstatus_to_werror(result);
1690                 goto done;
1691         }
1692
1693         status = dcerpc_samr_OpenGroup(b, talloc_tos(),
1694                                        &domain_handle,
1695                                        SAMR_GROUP_ACCESS_GET_MEMBERS |
1696                                        SAMR_GROUP_ACCESS_ADD_MEMBER |
1697                                        SAMR_GROUP_ACCESS_REMOVE_MEMBER |
1698                                        SAMR_GROUP_ACCESS_LOOKUP_INFO,
1699                                        group_rids.ids[0],
1700                                        &group_handle,
1701                                        &result);
1702         if (!NT_STATUS_IS_OK(status)) {
1703                 werr = ntstatus_to_werror(status);
1704                 goto done;
1705         }
1706         if (!NT_STATUS_IS_OK(result)) {
1707                 werr = ntstatus_to_werror(result);
1708                 goto done;
1709         }
1710
1711         status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
1712                                             &group_handle,
1713                                             GROUPINFOATTRIBUTES,
1714                                             &group_info,
1715                                             &result);
1716         if (!NT_STATUS_IS_OK(status)) {
1717                 werr = ntstatus_to_werror(status);
1718                 goto done;
1719         }
1720         if (!NT_STATUS_IS_OK(result)) {
1721                 werr = ntstatus_to_werror(result);
1722                 goto done;
1723         }
1724
1725         switch (r->in.level) {
1726                 case 0:
1727                         i0 = (struct GROUP_USERS_INFO_0 *)r->in.buffer;
1728                         break;
1729                 case 1:
1730                         i1 = (struct GROUP_USERS_INFO_1 *)r->in.buffer;
1731                         break;
1732         }
1733
1734         lsa_names = talloc_array(ctx, struct lsa_String, r->in.num_entries);
1735         if (!lsa_names) {
1736                 werr = WERR_NOMEM;
1737                 goto done;
1738         }
1739
1740         for (i=0; i < r->in.num_entries; i++) {
1741
1742                 switch (r->in.level) {
1743                         case 0:
1744                                 init_lsa_String(&lsa_names[i], i0->grui0_name);
1745                                 i0++;
1746                                 break;
1747                         case 1:
1748                                 init_lsa_String(&lsa_names[i], i1->grui1_name);
1749                                 i1++;
1750                                 break;
1751                 }
1752         }
1753
1754         status = dcerpc_samr_LookupNames(b, talloc_tos(),
1755                                          &domain_handle,
1756                                          r->in.num_entries,
1757                                          lsa_names,
1758                                          &user_rids,
1759                                          &name_types,
1760                                          &result);
1761         if (!NT_STATUS_IS_OK(status)) {
1762                 werr = ntstatus_to_werror(status);
1763                 goto done;
1764         }
1765         if (!NT_STATUS_IS_OK(result)) {
1766                 werr = ntstatus_to_werror(result);
1767                 goto done;
1768         }
1769
1770         member_rids = user_rids.ids;
1771
1772         status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
1773                                               &group_handle,
1774                                               &rid_array,
1775                                               &result);
1776         if (!NT_STATUS_IS_OK(status)) {
1777                 werr = ntstatus_to_werror(status);
1778                 goto done;
1779         }
1780         if (!NT_STATUS_IS_OK(result)) {
1781                 werr = ntstatus_to_werror(result);
1782                 goto done;
1783         }
1784
1785         /* add list */
1786
1787         for (i=0; i < r->in.num_entries; i++) {
1788                 bool already_member = false;
1789                 for (k=0; k < rid_array->count; k++) {
1790                         if (member_rids[i] == rid_array->rids[k]) {
1791                                 already_member = true;
1792                                 break;
1793                         }
1794                 }
1795                 if (!already_member) {
1796                         if (!add_rid_to_array_unique(ctx,
1797                                                      member_rids[i],
1798                                                      &add_rids, &num_add_rids)) {
1799                                 werr = WERR_GENERAL_FAILURE;
1800                                 goto done;
1801                         }
1802                 }
1803         }
1804
1805         /* del list */
1806
1807         for (k=0; k < rid_array->count; k++) {
1808                 bool keep_member = false;
1809                 for (i=0; i < r->in.num_entries; i++) {
1810                         if (member_rids[i] == rid_array->rids[k]) {
1811                                 keep_member = true;
1812                                 break;
1813                         }
1814                 }
1815                 if (!keep_member) {
1816                         if (!add_rid_to_array_unique(ctx,
1817                                                      rid_array->rids[k],
1818                                                      &del_rids, &num_del_rids)) {
1819                                 werr = WERR_GENERAL_FAILURE;
1820                                 goto done;
1821                         }
1822                 }
1823         }
1824
1825         /* add list */
1826
1827         for (i=0; i < num_add_rids; i++) {
1828                 status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
1829                                                     &group_handle,
1830                                                     add_rids[i],
1831                                                     7 /* ? */,
1832                                                     &result);
1833                 if (!NT_STATUS_IS_OK(status)) {
1834                         werr = ntstatus_to_werror(status);
1835                         goto done;
1836                 }
1837                 if (!NT_STATUS_IS_OK(result)) {
1838                         werr = ntstatus_to_werror(result);
1839                         goto done;
1840                 }
1841         }
1842
1843         /* del list */
1844
1845         for (i=0; i < num_del_rids; i++) {
1846                 status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
1847                                                        &group_handle,
1848                                                        del_rids[i],
1849                                                        &result);
1850                 if (!NT_STATUS_IS_OK(status)) {
1851                         werr = ntstatus_to_werror(status);
1852                         goto done;
1853                 }
1854                 if (!NT_STATUS_IS_OK(result)) {
1855                         werr = ntstatus_to_werror(result);
1856                         goto done;
1857                 }
1858         }
1859
1860         werr = WERR_OK;
1861
1862  done:
1863         if (is_valid_policy_hnd(&group_handle)) {
1864                 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
1865         }
1866
1867         if (ctx->disable_policy_handle_cache) {
1868                 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1869                 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1870         }
1871
1872         return werr;
1873 }
1874
1875 /****************************************************************
1876 ****************************************************************/
1877
1878 WERROR NetGroupSetUsers_l(struct libnetapi_ctx *ctx,
1879                           struct NetGroupSetUsers *r)
1880 {
1881         LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupSetUsers);
1882 }