source3/lib/netapi/localgroup.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  NetApi LocalGroup Support
   4  *  Copyright (C) Guenther Deschner 2008
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21
  22 #include "librpc/gen_ndr/libnetapi.h"
  23 #include "lib/netapi/netapi.h"
  24 #include "lib/netapi/netapi_private.h"
  25 #include "lib/netapi/libnetapi.h"
  26
  27 static WERROR libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
  28                                                    struct rpc_pipe_client *pipe_cli,
  29                                                    struct policy_handle *domain_handle,
  30                                                    struct lsa_String *lsa_account_name,
  31                                                    uint32_t access_rights,
  32                                                    struct policy_handle *alias_handle)
  33 {
  34         NTSTATUS status;
  35         WERROR werr;
  36         struct samr_Ids user_rids, name_types;
  37
  38         status = rpccli_samr_LookupNames(pipe_cli, mem_ctx,
  39                                          domain_handle,
  40                                          1,
  41                                          lsa_account_name,
  42                                          &user_rids,
  43                                          &name_types);
  44         if (!NT_STATUS_IS_OK(status)) {
  45                 werr = ntstatus_to_werror(status);
  46                 goto done;
  47         }
  48
  49         switch (name_types.ids[0]) {
  50                 case SID_NAME_ALIAS:
  51                 case SID_NAME_WKN_GRP:
  52                         break;
  53                 default:
  54                         return WERR_INVALID_DATATYPE;
  55         }
  56
  57         status = rpccli_samr_OpenAlias(pipe_cli, mem_ctx,
  58                                        domain_handle,
  59                                        access_rights,
  60                                        user_rids.ids[0],
  61                                        alias_handle);
  62         if (NT_STATUS_IS_OK(status)) {
  63                 werr = ntstatus_to_werror(status);
  64                 goto done;
  65         }
  66
  67         werr = WERR_OK;
  68
  69  done:
  70         return werr;
  71 }
  72
  73 /****************************************************************
  74 ****************************************************************/
  75
  76 static NTSTATUS libnetapi_samr_open_alias_queryinfo(TALLOC_CTX *mem_ctx,
  77                                                     struct rpc_pipe_client *pipe_cli,
  78                                                     struct policy_handle *handle,
  79                                                     uint32_t rid,
  80                                                     uint32_t access_rights,
  81                                                     enum samr_AliasInfoEnum level,
  82                                                     union samr_AliasInfo **alias_info)
  83 {
  84         NTSTATUS status;
  85         struct policy_handle alias_handle;
  86         union samr_AliasInfo *_alias_info = NULL;
  87
  88         ZERO_STRUCT(alias_handle);
  89
  90         status = rpccli_samr_OpenAlias(pipe_cli, mem_ctx,
  91                                        handle,
  92                                        access_rights,
  93                                        rid,
  94                                        &alias_handle);
  95         if (!NT_STATUS_IS_OK(status)) {
  96                 goto done;
  97         }
  98
  99         status = rpccli_samr_QueryAliasInfo(pipe_cli, mem_ctx,
 100                                             &alias_handle,
 101                                             level,
 102                                             &_alias_info);
 103         if (!NT_STATUS_IS_OK(status)) {
 104                 goto done;
 105         }
 106
 107         *alias_info = _alias_info;
 108
 109  done:
 110         if (is_valid_policy_hnd(&alias_handle)) {
 111                 rpccli_samr_Close(pipe_cli, mem_ctx, &alias_handle);
 112         }
 113
 114         return status;
 115 }
 116
 117 /****************************************************************
 118 ****************************************************************/
 119
 120 WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
 121                           struct NetLocalGroupAdd *r)
 122 {
 123         struct cli_state *cli = NULL;
 124         struct rpc_pipe_client *pipe_cli = NULL;
 125         NTSTATUS status;
 126         WERROR werr;
 127         struct lsa_String lsa_account_name;
 128         struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
 129         struct dom_sid2 *domain_sid = NULL;
 130         uint32_t rid;
 131
 132         struct LOCALGROUP_INFO_0 *info0 = NULL;
 133         struct LOCALGROUP_INFO_1 *info1 = NULL;
 134
 135         const char *alias_name = NULL;
 136
 137         if (!r->in.buf) {
 138                 return WERR_INVALID_PARAM;
 139         }
 140
 141         switch (r->in.level) {
 142                 case 0:
 143                         info0 = (struct LOCALGROUP_INFO_0 *)r->in.buf;
 144                         alias_name = info0->lgrpi0_name;
 145                         break;
 146                 case 1:
 147                         info1 = (struct LOCALGROUP_INFO_1 *)r->in.buf;
 148                         alias_name = info1->lgrpi1_name;
 149                         break;
 150                 default:
 151                         werr = WERR_UNKNOWN_LEVEL;
 152                         goto done;
 153         }
 154
 155         ZERO_STRUCT(connect_handle);
 156         ZERO_STRUCT(builtin_handle);
 157         ZERO_STRUCT(domain_handle);
 158         ZERO_STRUCT(alias_handle);
 159
 160         werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
 161         if (!W_ERROR_IS_OK(werr)) {
 162                 goto done;
 163         }
 164
 165         werr = libnetapi_open_pipe(ctx, cli, PI_SAMR, &pipe_cli);
 166         if (!W_ERROR_IS_OK(werr)) {
 167                 goto done;
 168         }
 169
 170         werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
 171                                                   SAMR_ACCESS_OPEN_DOMAIN |
 172                                                   SAMR_ACCESS_ENUM_DOMAINS,
 173                                                   SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 174                                                   &connect_handle,
 175                                                   &builtin_handle);
 176         if (!W_ERROR_IS_OK(werr)) {
 177                 goto done;
 178         }
 179
 180         init_lsa_String(&lsa_account_name, alias_name);
 181
 182         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 183                                                     &builtin_handle,
 184                                                     &lsa_account_name,
 185                                                     SAMR_ALIAS_ACCESS_LOOKUP_INFO,
 186                                                     &alias_handle);
 187
 188         rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 189
 190         if (W_ERROR_IS_OK(werr)) {
 191                 werr = WERR_ALIAS_EXISTS;
 192                 goto done;
 193         }
 194
 195         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 196                                           SAMR_ACCESS_ENUM_DOMAINS |
 197                                           SAMR_ACCESS_OPEN_DOMAIN,
 198                                           SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 199                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 200                                           &connect_handle,
 201                                           &domain_handle,
 202                                           &domain_sid);
 203         if (!W_ERROR_IS_OK(werr)) {
 204                 goto done;
 205         }
 206
 207         status = rpccli_samr_CreateDomAlias(pipe_cli, ctx,
 208                                             &domain_handle,
 209                                             &lsa_account_name,
 210                                             SEC_STD_DELETE |
 211                                             SAMR_ALIAS_ACCESS_SET_INFO,
 212                                             &alias_handle,
 213                                             &rid);
 214         if (!NT_STATUS_IS_OK(status)) {
 215                 werr = ntstatus_to_werror(status);
 216                 goto done;
 217         }
 218
 219         if (r->in.level == 1) {
 220
 221                 union samr_AliasInfo alias_info;
 222
 223                 init_lsa_String(&alias_info.description, info1->lgrpi1_comment);
 224
 225                 status = rpccli_samr_SetAliasInfo(pipe_cli, ctx,
 226                                                   &alias_handle,
 227                                                   ALIASINFODESCRIPTION,
 228                                                   &alias_info);
 229                 if (!NT_STATUS_IS_OK(status)) {
 230                         werr = ntstatus_to_werror(status);
 231                         goto done;
 232                 }
 233         }
 234
 235         werr = WERR_OK;
 236
 237  done:
 238         if (!cli) {
 239                 return werr;
 240         }
 241
 242         if (is_valid_policy_hnd(&alias_handle)) {
 243                 rpccli_samr_Close(pipe_cli, ctx, &alias_handle);
 244         }
 245         if (is_valid_policy_hnd(&domain_handle)) {
 246                 rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 247         }
 248         if (is_valid_policy_hnd(&builtin_handle)) {
 249                 rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 250         }
 251         if (is_valid_policy_hnd(&connect_handle)) {
 252                 rpccli_samr_Close(pipe_cli, ctx, &connect_handle);
 253         }
 254
 255         return werr;
 256 }
 257
 258 /****************************************************************
 259 ****************************************************************/
 260
 261 WERROR NetLocalGroupAdd_l(struct libnetapi_ctx *ctx,
 262                           struct NetLocalGroupAdd *r)
 263 {
 264         return NetLocalGroupAdd_r(ctx, r);
 265 }
 266
 267 /****************************************************************
 268 ****************************************************************/
 269
 270
 271 WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
 272                           struct NetLocalGroupDel *r)
 273 {
 274         struct cli_state *cli = NULL;
 275         struct rpc_pipe_client *pipe_cli = NULL;
 276         NTSTATUS status;
 277         WERROR werr;
 278         struct lsa_String lsa_account_name;
 279         struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
 280         struct dom_sid2 *domain_sid = NULL;
 281
 282         if (!r->in.group_name) {
 283                 return WERR_INVALID_PARAM;
 284         }
 285
 286         ZERO_STRUCT(connect_handle);
 287         ZERO_STRUCT(builtin_handle);
 288         ZERO_STRUCT(domain_handle);
 289         ZERO_STRUCT(alias_handle);
 290
 291         werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
 292         if (!W_ERROR_IS_OK(werr)) {
 293                 goto done;
 294         }
 295
 296         werr = libnetapi_open_pipe(ctx, cli, PI_SAMR, &pipe_cli);
 297         if (!W_ERROR_IS_OK(werr)) {
 298                 goto done;
 299         }
 300
 301         werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
 302                                                   SAMR_ACCESS_OPEN_DOMAIN |
 303                                                   SAMR_ACCESS_ENUM_DOMAINS,
 304                                                   SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 305                                                   &connect_handle,
 306                                                   &builtin_handle);
 307         if (!W_ERROR_IS_OK(werr)) {
 308                 goto done;
 309         }
 310
 311         init_lsa_String(&lsa_account_name, r->in.group_name);
 312
 313         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 314                                                     &builtin_handle,
 315                                                     &lsa_account_name,
 316                                                     SEC_STD_DELETE,
 317                                                     &alias_handle);
 318
 319         rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 320
 321         if (W_ERROR_IS_OK(werr)) {
 322                 goto delete_alias;
 323         }
 324
 325         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 326                                           SAMR_ACCESS_ENUM_DOMAINS |
 327                                           SAMR_ACCESS_OPEN_DOMAIN,
 328                                           SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 329                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 330                                           &connect_handle,
 331                                           &domain_handle,
 332                                           &domain_sid);
 333         if (!W_ERROR_IS_OK(werr)) {
 334                 goto done;
 335         }
 336
 337         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 338                                                     &domain_handle,
 339                                                     &lsa_account_name,
 340                                                     SEC_STD_DELETE,
 341                                                     &alias_handle);
 342
 343         rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 344
 345         if (!W_ERROR_IS_OK(werr)) {
 346                 goto done;
 347         }
 348
 349
 350  delete_alias:
 351         status = rpccli_samr_DeleteDomAlias(pipe_cli, ctx,
 352                                             &alias_handle);
 353         if (!NT_STATUS_IS_OK(status)) {
 354                 werr = ntstatus_to_werror(status);
 355                 goto done;
 356         }
 357
 358         ZERO_STRUCT(alias_handle);
 359
 360         werr = WERR_OK;
 361
 362  done:
 363         if (!cli) {
 364                 return werr;
 365         }
 366
 367         if (is_valid_policy_hnd(&alias_handle)) {
 368                 rpccli_samr_Close(pipe_cli, ctx, &alias_handle);
 369         }
 370         if (is_valid_policy_hnd(&domain_handle)) {
 371                 rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 372         }
 373         if (is_valid_policy_hnd(&builtin_handle)) {
 374                 rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 375         }
 376         if (is_valid_policy_hnd(&connect_handle)) {
 377                 rpccli_samr_Close(pipe_cli, ctx, &connect_handle);
 378         }
 379
 380         return werr;
 381 }
 382
 383 /****************************************************************
 384 ****************************************************************/
 385
 386 WERROR NetLocalGroupDel_l(struct libnetapi_ctx *ctx,
 387                           struct NetLocalGroupDel *r)
 388 {
 389         return NetLocalGroupDel_r(ctx, r);
 390 }
 391
 392 /****************************************************************
 393 ****************************************************************/
 394
 395 static WERROR map_alias_info_to_buffer(TALLOC_CTX *mem_ctx,
 396                                        const char *alias_name,
 397                                        struct samr_AliasInfoAll *info,
 398                                        uint32_t level,
 399                                        uint32_t *entries_read,
 400                                        uint8_t **buffer)
 401 {
 402         struct LOCALGROUP_INFO_0 g0;
 403         struct LOCALGROUP_INFO_1 g1;
 404         struct LOCALGROUP_INFO_1002 g1002;
 405
 406         switch (level) {
 407                 case 0:
 408                         g0.lgrpi0_name          = talloc_strdup(mem_ctx, alias_name);
 409                         W_ERROR_HAVE_NO_MEMORY(g0.lgrpi0_name);
 410
 411                         ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_0, g0,
 412                                      (struct LOCALGROUP_INFO_0 **)buffer, entries_read);
 413
 414                         break;
 415                 case 1:
 416                         g1.lgrpi1_name          = talloc_strdup(mem_ctx, alias_name);
 417                         g1.lgrpi1_comment       = talloc_strdup(mem_ctx, info->description.string);
 418                         W_ERROR_HAVE_NO_MEMORY(g1.lgrpi1_name);
 419
 420                         ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1, g1,
 421                                      (struct LOCALGROUP_INFO_1 **)buffer, entries_read);
 422
 423                         break;
 424                 case 1002:
 425                         g1002.lgrpi1002_comment = talloc_strdup(mem_ctx, info->description.string);
 426
 427                         ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1002, g1002,
 428                                      (struct LOCALGROUP_INFO_1002 **)buffer, entries_read);
 429
 430                         break;
 431                 default:
 432                         return WERR_UNKNOWN_LEVEL;
 433         }
 434
 435         return WERR_OK;
 436 }
 437
 438 /****************************************************************
 439 ****************************************************************/
 440
 441 WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
 442                               struct NetLocalGroupGetInfo *r)
 443 {
 444         struct cli_state *cli = NULL;
 445         struct rpc_pipe_client *pipe_cli = NULL;
 446         NTSTATUS status;
 447         WERROR werr;
 448         struct lsa_String lsa_account_name;
 449         struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
 450         struct dom_sid2 *domain_sid = NULL;
 451         union samr_AliasInfo *alias_info = NULL;
 452         uint32_t entries_read = 0;
 453
 454         if (!r->in.group_name) {
 455                 return WERR_INVALID_PARAM;
 456         }
 457
 458         switch (r->in.level) {
 459                 case 0:
 460                 case 1:
 461                 case 1002:
 462                         break;
 463                 default:
 464                         return WERR_UNKNOWN_LEVEL;
 465         }
 466
 467         ZERO_STRUCT(connect_handle);
 468         ZERO_STRUCT(builtin_handle);
 469         ZERO_STRUCT(domain_handle);
 470         ZERO_STRUCT(alias_handle);
 471
 472         werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
 473         if (!W_ERROR_IS_OK(werr)) {
 474                 goto done;
 475         }
 476
 477         werr = libnetapi_open_pipe(ctx, cli, PI_SAMR, &pipe_cli);
 478         if (!W_ERROR_IS_OK(werr)) {
 479                 goto done;
 480         }
 481
 482         werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
 483                                                   SAMR_ACCESS_OPEN_DOMAIN |
 484                                                   SAMR_ACCESS_ENUM_DOMAINS,
 485                                                   SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 486                                                   &connect_handle,
 487                                                   &builtin_handle);
 488         if (!W_ERROR_IS_OK(werr)) {
 489                 goto done;
 490         }
 491
 492         init_lsa_String(&lsa_account_name, r->in.group_name);
 493
 494         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 495                                                     &builtin_handle,
 496                                                     &lsa_account_name,
 497                                                     SAMR_ALIAS_ACCESS_LOOKUP_INFO,
 498                                                     &alias_handle);
 499
 500         rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 501
 502         if (W_ERROR_IS_OK(werr)) {
 503                 goto query_alias;
 504         }
 505
 506         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 507                                           SAMR_ACCESS_ENUM_DOMAINS |
 508                                           SAMR_ACCESS_OPEN_DOMAIN,
 509                                           SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 510                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 511                                           &connect_handle,
 512                                           &domain_handle,
 513                                           &domain_sid);
 514         if (!W_ERROR_IS_OK(werr)) {
 515                 goto done;
 516         }
 517
 518         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 519                                                     &domain_handle,
 520                                                     &lsa_account_name,
 521                                                     SAMR_ALIAS_ACCESS_LOOKUP_INFO,
 522                                                     &alias_handle);
 523
 524         rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 525
 526         if (!W_ERROR_IS_OK(werr)) {
 527                 goto done;
 528         }
 529
 530  query_alias:
 531         status = rpccli_samr_QueryAliasInfo(pipe_cli, ctx,
 532                                             &alias_handle,
 533                                             ALIASINFOALL,
 534                                             &alias_info);
 535         if (!NT_STATUS_IS_OK(status)) {
 536                 werr = ntstatus_to_werror(status);
 537                 goto done;
 538         }
 539
 540         werr = map_alias_info_to_buffer(ctx,
 541                                         r->in.group_name,
 542                                         &alias_info->all,
 543                                         r->in.level, &entries_read,
 544                                         r->out.buf);
 545
 546  done:
 547         if (!cli) {
 548                 return werr;
 549         }
 550
 551         if (is_valid_policy_hnd(&alias_handle)) {
 552                 rpccli_samr_Close(pipe_cli, ctx, &alias_handle);
 553         }
 554         if (is_valid_policy_hnd(&domain_handle)) {
 555                 rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 556         }
 557         if (is_valid_policy_hnd(&builtin_handle)) {
 558                 rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 559         }
 560         if (is_valid_policy_hnd(&connect_handle)) {
 561                 rpccli_samr_Close(pipe_cli, ctx, &connect_handle);
 562         }
 563
 564         return werr;
 565 }
 566
 567 /****************************************************************
 568 ****************************************************************/
 569
 570 WERROR NetLocalGroupGetInfo_l(struct libnetapi_ctx *ctx,
 571                               struct NetLocalGroupGetInfo *r)
 572 {
 573         return NetLocalGroupGetInfo_r(ctx, r);
 574 }
 575
 576 /****************************************************************
 577 ****************************************************************/
 578
 579 static WERROR map_buffer_to_alias_info(TALLOC_CTX *mem_ctx,
 580                                        uint32_t level,
 581                                        uint8_t *buffer,
 582                                        enum samr_AliasInfoEnum *alias_level,
 583                                        union samr_AliasInfo **alias_info)
 584 {
 585         struct LOCALGROUP_INFO_0 *info0;
 586         struct LOCALGROUP_INFO_1 *info1;
 587         struct LOCALGROUP_INFO_1002 *info1002;
 588         union samr_AliasInfo *info = NULL;
 589
 590         info = TALLOC_ZERO_P(mem_ctx, union samr_AliasInfo);
 591         W_ERROR_HAVE_NO_MEMORY(info);
 592
 593         switch (level) {
 594                 case 0:
 595                         info0 = (struct LOCALGROUP_INFO_0 *)buffer;
 596                         init_lsa_String(&info->name, info0->lgrpi0_name);
 597                         *alias_level = ALIASINFONAME;
 598                         break;
 599                 case 1:
 600                         info1 = (struct LOCALGROUP_INFO_1 *)buffer;
 601                         /* group name will be ignored */
 602                         init_lsa_String(&info->description, info1->lgrpi1_comment);
 603                         *alias_level = ALIASINFODESCRIPTION;
 604                         break;
 605                 case 1002:
 606                         info1002 = (struct LOCALGROUP_INFO_1002 *)buffer;
 607                         init_lsa_String(&info->description, info1002->lgrpi1002_comment);
 608                         *alias_level = ALIASINFODESCRIPTION;
 609                         break;
 610         }
 611
 612         *alias_info = info;
 613
 614         return WERR_OK;
 615 }
 616
 617 /****************************************************************
 618 ****************************************************************/
 619
 620 WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
 621                               struct NetLocalGroupSetInfo *r)
 622 {
 623         struct cli_state *cli = NULL;
 624         struct rpc_pipe_client *pipe_cli = NULL;
 625         NTSTATUS status;
 626         WERROR werr;
 627         struct lsa_String lsa_account_name;
 628         struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
 629         struct dom_sid2 *domain_sid = NULL;
 630         enum samr_AliasInfoEnum alias_level = 0;
 631         union samr_AliasInfo *alias_info = NULL;
 632
 633         if (!r->in.group_name) {
 634                 return WERR_INVALID_PARAM;
 635         }
 636
 637         switch (r->in.level) {
 638                 case 0:
 639                 case 1:
 640                 case 1002:
 641                         break;
 642                 default:
 643                         return WERR_UNKNOWN_LEVEL;
 644         }
 645
 646         ZERO_STRUCT(connect_handle);
 647         ZERO_STRUCT(builtin_handle);
 648         ZERO_STRUCT(domain_handle);
 649         ZERO_STRUCT(alias_handle);
 650
 651         werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
 652         if (!W_ERROR_IS_OK(werr)) {
 653                 goto done;
 654         }
 655
 656         werr = libnetapi_open_pipe(ctx, cli, PI_SAMR, &pipe_cli);
 657         if (!W_ERROR_IS_OK(werr)) {
 658                 goto done;
 659         }
 660
 661         werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
 662                                                   SAMR_ACCESS_OPEN_DOMAIN |
 663                                                   SAMR_ACCESS_ENUM_DOMAINS,
 664                                                   SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 665                                                   &connect_handle,
 666                                                   &builtin_handle);
 667         if (!W_ERROR_IS_OK(werr)) {
 668                 goto done;
 669         }
 670
 671         init_lsa_String(&lsa_account_name, r->in.group_name);
 672
 673         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 674                                                     &builtin_handle,
 675                                                     &lsa_account_name,
 676                                                     SAMR_ALIAS_ACCESS_SET_INFO,
 677                                                     &alias_handle);
 678
 679         rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 680
 681         if (W_ERROR_IS_OK(werr)) {
 682                 goto set_alias;
 683         }
 684
 685         werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 686                                           SAMR_ACCESS_ENUM_DOMAINS |
 687                                           SAMR_ACCESS_OPEN_DOMAIN,
 688                                           SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 689                                           &connect_handle,
 690                                           &domain_handle,
 691                                           &domain_sid);
 692         if (!W_ERROR_IS_OK(werr)) {
 693                 goto done;
 694         }
 695
 696         werr = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
 697                                                     &domain_handle,
 698                                                     &lsa_account_name,
 699                                                     SAMR_ALIAS_ACCESS_SET_INFO,
 700                                                     &alias_handle);
 701         if (!W_ERROR_IS_OK(werr)) {
 702                 goto done;
 703         }
 704
 705         rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 706
 707  set_alias:
 708
 709         werr = map_buffer_to_alias_info(ctx, r->in.level, r->in.buf,
 710                                         &alias_level, &alias_info);
 711         if (!W_ERROR_IS_OK(werr)) {
 712                 goto done;
 713         }
 714
 715         status = rpccli_samr_SetAliasInfo(pipe_cli, ctx,
 716                                           &alias_handle,
 717                                           alias_level,
 718                                           alias_info);
 719         if (!NT_STATUS_IS_OK(status)) {
 720                 werr = ntstatus_to_werror(status);
 721                 goto done;
 722         }
 723
 724         werr = WERR_OK;
 725
 726  done:
 727         if (!cli) {
 728                 return werr;
 729         }
 730
 731         if (is_valid_policy_hnd(&alias_handle)) {
 732                 rpccli_samr_Close(pipe_cli, ctx, &alias_handle);
 733         }
 734         if (is_valid_policy_hnd(&domain_handle)) {
 735                 rpccli_samr_Close(pipe_cli, ctx, &domain_handle);
 736         }
 737         if (is_valid_policy_hnd(&builtin_handle)) {
 738                 rpccli_samr_Close(pipe_cli, ctx, &builtin_handle);
 739         }
 740         if (is_valid_policy_hnd(&connect_handle)) {
 741                 rpccli_samr_Close(pipe_cli, ctx, &connect_handle);
 742         }
 743
 744         return werr;
 745 }
 746
 747 /****************************************************************
 748 ****************************************************************/
 749
 750 WERROR NetLocalGroupSetInfo_l(struct libnetapi_ctx *ctx,
 751                               struct NetLocalGroupSetInfo *r)
 752 {
 753         return NetLocalGroupSetInfo_r(ctx, r);
 754 }
 755
 756 /****************************************************************
 757 ****************************************************************/
 758
 759 WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
 760                            struct NetLocalGroupEnum *r)
 761 {
 762         return WERR_NOT_SUPPORTED;
 763 }
 764
 765 /****************************************************************
 766 ****************************************************************/
 767
 768 WERROR NetLocalGroupEnum_l(struct libnetapi_ctx *ctx,
 769                            struct NetLocalGroupEnum *r)
 770 {
 771         return WERR_NOT_SUPPORTED;
 772 }