2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "lib/netapi/netapi.h"
24 #include "lib/netapi/netapi_private.h"
25 #include "lib/netapi/libnetapi.h"
26 #include "../librpc/gen_ndr/ndr_samr_c.h"
27 #include "rpc_client/init_samr.h"
28 #include "../libds/common/flags.h"
29 #include "rpc_client/init_lsa.h"
30 #include "../libcli/security/security.h"
31 #include "../libds/common/flag_mapping.h"
32 #include "rpc_client/cli_pipe.h"
34 /****************************************************************
35 ****************************************************************/
37 static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
38 struct samr_UserInfo21 *info21)
40 uint32_t fields_present = 0;
41 struct samr_LogonHours zero_logon_hours;
42 struct lsa_BinaryString zero_parameters;
46 ZERO_STRUCT(zero_logon_hours);
47 ZERO_STRUCT(zero_parameters);
49 if (infoX->usriX_flags) {
50 fields_present |= SAMR_FIELD_ACCT_FLAGS;
52 if (infoX->usriX_name) {
53 fields_present |= SAMR_FIELD_ACCOUNT_NAME;
55 if (infoX->usriX_password) {
56 fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
58 if (infoX->usriX_flags) {
59 fields_present |= SAMR_FIELD_ACCT_FLAGS;
61 if (infoX->usriX_home_dir) {
62 fields_present |= SAMR_FIELD_HOME_DIRECTORY;
64 if (infoX->usriX_script_path) {
65 fields_present |= SAMR_FIELD_LOGON_SCRIPT;
67 if (infoX->usriX_comment) {
68 fields_present |= SAMR_FIELD_DESCRIPTION;
70 if (infoX->usriX_password_age) {
71 fields_present |= SAMR_FIELD_EXPIRED_FLAG;
73 if (infoX->usriX_full_name) {
74 fields_present |= SAMR_FIELD_FULL_NAME;
76 if (infoX->usriX_usr_comment) {
77 fields_present |= SAMR_FIELD_COMMENT;
79 if (infoX->usriX_profile) {
80 fields_present |= SAMR_FIELD_PROFILE_PATH;
82 if (infoX->usriX_home_dir_drive) {
83 fields_present |= SAMR_FIELD_HOME_DRIVE;
85 if (infoX->usriX_primary_group_id) {
86 fields_present |= SAMR_FIELD_PRIMARY_GID;
88 if (infoX->usriX_country_code) {
89 fields_present |= SAMR_FIELD_COUNTRY_CODE;
91 if (infoX->usriX_workstations) {
92 fields_present |= SAMR_FIELD_WORKSTATIONS;
95 unix_to_nt_time_abs(&password_age, infoX->usriX_password_age);
97 /* TODO: infoX->usriX_priv */
99 info21->last_logon = 0;
100 info21->last_logoff = 0;
101 info21->last_password_change = 0;
102 info21->acct_expiry = 0;
103 info21->allow_password_change = 0;
104 info21->force_password_change = 0;
105 info21->account_name.string = infoX->usriX_name;
106 info21->full_name.string = infoX->usriX_full_name;
107 info21->home_directory.string = infoX->usriX_home_dir;
108 info21->home_drive.string = infoX->usriX_home_dir_drive;
109 info21->logon_script.string = infoX->usriX_script_path;
110 info21->profile_path.string = infoX->usriX_profile;
111 info21->description.string = infoX->usriX_comment;
112 info21->workstations.string = infoX->usriX_workstations;
113 info21->comment.string = infoX->usriX_usr_comment;
114 info21->parameters = zero_parameters;
115 info21->lm_owf_password = zero_parameters;
116 info21->nt_owf_password = zero_parameters;
117 info21->private_data.string = NULL;
118 info21->buf_count = 0;
119 info21->buffer = NULL;
120 info21->rid = infoX->usriX_user_id;
121 info21->primary_gid = infoX->usriX_primary_group_id;
122 info21->acct_flags = infoX->usriX_flags;
123 info21->fields_present = fields_present;
124 info21->logon_hours = zero_logon_hours;
125 info21->bad_password_count = infoX->usriX_bad_pw_count;
126 info21->logon_count = infoX->usriX_num_logons;
127 info21->country_code = infoX->usriX_country_code;
128 info21->code_page = infoX->usriX_code_page;
129 info21->lm_password_set = 0;
130 info21->nt_password_set = 0;
131 info21->password_expired = infoX->usriX_password_expired;
132 info21->private_data_sensitive = 0;
135 /****************************************************************
136 ****************************************************************/
138 static NTSTATUS construct_USER_INFO_X(uint32_t level,
140 struct USER_INFO_X *uX)
142 struct USER_INFO_0 *u0 = NULL;
143 struct USER_INFO_1 *u1 = NULL;
144 struct USER_INFO_2 *u2 = NULL;
145 struct USER_INFO_3 *u3 = NULL;
146 struct USER_INFO_1003 *u1003 = NULL;
147 struct USER_INFO_1006 *u1006 = NULL;
148 struct USER_INFO_1007 *u1007 = NULL;
149 struct USER_INFO_1009 *u1009 = NULL;
150 struct USER_INFO_1011 *u1011 = NULL;
151 struct USER_INFO_1012 *u1012 = NULL;
152 struct USER_INFO_1014 *u1014 = NULL;
153 struct USER_INFO_1024 *u1024 = NULL;
154 struct USER_INFO_1051 *u1051 = NULL;
155 struct USER_INFO_1052 *u1052 = NULL;
156 struct USER_INFO_1053 *u1053 = NULL;
158 if (!buffer || !uX) {
159 return NT_STATUS_INVALID_PARAMETER;
166 u0 = (struct USER_INFO_0 *)buffer;
167 uX->usriX_name = u0->usri0_name;
170 u1 = (struct USER_INFO_1 *)buffer;
171 uX->usriX_name = u1->usri1_name;
172 uX->usriX_password = u1->usri1_password;
173 uX->usriX_password_age = u1->usri1_password_age;
174 uX->usriX_priv = u1->usri1_priv;
175 uX->usriX_home_dir = u1->usri1_home_dir;
176 uX->usriX_comment = u1->usri1_comment;
177 uX->usriX_flags = u1->usri1_flags;
178 uX->usriX_script_path = u1->usri1_script_path;
181 u2 = (struct USER_INFO_2 *)buffer;
182 uX->usriX_name = u2->usri2_name;
183 uX->usriX_password = u2->usri2_password;
184 uX->usriX_password_age = u2->usri2_password_age;
185 uX->usriX_priv = u2->usri2_priv;
186 uX->usriX_home_dir = u2->usri2_home_dir;
187 uX->usriX_comment = u2->usri2_comment;
188 uX->usriX_flags = u2->usri2_flags;
189 uX->usriX_script_path = u2->usri2_script_path;
190 uX->usriX_auth_flags = u2->usri2_auth_flags;
191 uX->usriX_full_name = u2->usri2_full_name;
192 uX->usriX_usr_comment = u2->usri2_usr_comment;
193 uX->usriX_parms = u2->usri2_parms;
194 uX->usriX_workstations = u2->usri2_workstations;
195 uX->usriX_last_logon = u2->usri2_last_logon;
196 uX->usriX_last_logoff = u2->usri2_last_logoff;
197 uX->usriX_acct_expires = u2->usri2_acct_expires;
198 uX->usriX_max_storage = u2->usri2_max_storage;
199 uX->usriX_units_per_week= u2->usri2_units_per_week;
200 uX->usriX_logon_hours = u2->usri2_logon_hours;
201 uX->usriX_bad_pw_count = u2->usri2_bad_pw_count;
202 uX->usriX_num_logons = u2->usri2_num_logons;
203 uX->usriX_logon_server = u2->usri2_logon_server;
204 uX->usriX_country_code = u2->usri2_country_code;
205 uX->usriX_code_page = u2->usri2_code_page;
208 u3 = (struct USER_INFO_3 *)buffer;
209 uX->usriX_name = u3->usri3_name;
210 uX->usriX_password_age = u3->usri3_password_age;
211 uX->usriX_priv = u3->usri3_priv;
212 uX->usriX_home_dir = u3->usri3_home_dir;
213 uX->usriX_comment = u3->usri3_comment;
214 uX->usriX_flags = u3->usri3_flags;
215 uX->usriX_script_path = u3->usri3_script_path;
216 uX->usriX_auth_flags = u3->usri3_auth_flags;
217 uX->usriX_full_name = u3->usri3_full_name;
218 uX->usriX_usr_comment = u3->usri3_usr_comment;
219 uX->usriX_parms = u3->usri3_parms;
220 uX->usriX_workstations = u3->usri3_workstations;
221 uX->usriX_last_logon = u3->usri3_last_logon;
222 uX->usriX_last_logoff = u3->usri3_last_logoff;
223 uX->usriX_acct_expires = u3->usri3_acct_expires;
224 uX->usriX_max_storage = u3->usri3_max_storage;
225 uX->usriX_units_per_week= u3->usri3_units_per_week;
226 uX->usriX_logon_hours = u3->usri3_logon_hours;
227 uX->usriX_bad_pw_count = u3->usri3_bad_pw_count;
228 uX->usriX_num_logons = u3->usri3_num_logons;
229 uX->usriX_logon_server = u3->usri3_logon_server;
230 uX->usriX_country_code = u3->usri3_country_code;
231 uX->usriX_code_page = u3->usri3_code_page;
232 uX->usriX_user_id = u3->usri3_user_id;
233 uX->usriX_primary_group_id = u3->usri3_primary_group_id;
234 uX->usriX_profile = u3->usri3_profile;
235 uX->usriX_home_dir_drive = u3->usri3_home_dir_drive;
236 uX->usriX_password_expired = u3->usri3_password_expired;
239 u1003 = (struct USER_INFO_1003 *)buffer;
240 uX->usriX_password = u1003->usri1003_password;
243 u1006 = (struct USER_INFO_1006 *)buffer;
244 uX->usriX_home_dir = u1006->usri1006_home_dir;
247 u1007 = (struct USER_INFO_1007 *)buffer;
248 uX->usriX_comment = u1007->usri1007_comment;
251 u1009 = (struct USER_INFO_1009 *)buffer;
252 uX->usriX_script_path = u1009->usri1009_script_path;
255 u1011 = (struct USER_INFO_1011 *)buffer;
256 uX->usriX_full_name = u1011->usri1011_full_name;
259 u1012 = (struct USER_INFO_1012 *)buffer;
260 uX->usriX_usr_comment = u1012->usri1012_usr_comment;
263 u1014 = (struct USER_INFO_1014 *)buffer;
264 uX->usriX_workstations = u1014->usri1014_workstations;
267 u1024 = (struct USER_INFO_1024 *)buffer;
268 uX->usriX_country_code = u1024->usri1024_country_code;
271 u1051 = (struct USER_INFO_1051 *)buffer;
272 uX->usriX_primary_group_id = u1051->usri1051_primary_group_id;
275 u1052 = (struct USER_INFO_1052 *)buffer;
276 uX->usriX_profile = u1052->usri1052_profile;
279 u1053 = (struct USER_INFO_1053 *)buffer;
280 uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive;
284 return NT_STATUS_INVALID_INFO_CLASS;
290 /****************************************************************
291 ****************************************************************/
293 static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *ctx,
294 struct rpc_pipe_client *pipe_cli,
295 DATA_BLOB *session_key,
296 struct policy_handle *user_handle,
297 struct USER_INFO_X *uX)
299 union samr_UserInfo user_info;
300 struct samr_UserInfo21 info21;
301 NTSTATUS status, result;
302 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
305 return NT_STATUS_INVALID_PARAMETER;
308 convert_USER_INFO_X_to_samr_user_info21(uX, &info21);
310 ZERO_STRUCT(user_info);
312 if (uX->usriX_password) {
314 user_info.info25.info = info21;
316 init_samr_CryptPasswordEx(uX->usriX_password,
318 &user_info.info25.password);
320 status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
325 if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
327 user_info.info23.info = info21;
329 init_samr_CryptPassword(uX->usriX_password,
331 &user_info.info23.password);
333 status = dcerpc_samr_SetUserInfo2(b, talloc_tos(),
338 if (!NT_STATUS_IS_OK(status)) {
343 if (!NT_STATUS_IS_OK(status)) {
348 user_info.info21 = info21;
350 status = dcerpc_samr_SetUserInfo(b, talloc_tos(),
355 if (!NT_STATUS_IS_OK(status)) {
363 /****************************************************************
364 ****************************************************************/
366 WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
367 struct NetUserAdd *r)
369 struct rpc_pipe_client *pipe_cli = NULL;
370 NTSTATUS status, result;
372 struct policy_handle connect_handle, domain_handle, user_handle;
373 struct lsa_String lsa_account_name;
374 struct dom_sid2 *domain_sid = NULL;
375 union samr_UserInfo *user_info = NULL;
376 struct samr_PwInfo pw_info;
377 uint32_t access_granted = 0;
379 struct USER_INFO_X uX;
380 struct dcerpc_binding_handle *b = NULL;
381 DATA_BLOB session_key;
383 ZERO_STRUCT(connect_handle);
384 ZERO_STRUCT(domain_handle);
385 ZERO_STRUCT(user_handle);
388 return WERR_INVALID_PARAM;
391 switch (r->in.level) {
398 werr = WERR_NOT_SUPPORTED;
402 werr = libnetapi_open_pipe(ctx, r->in.server_name,
405 if (!W_ERROR_IS_OK(werr)) {
409 b = pipe_cli->binding_handle;
411 status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
412 if (!NT_STATUS_IS_OK(status)) {
413 werr = ntstatus_to_werror(status);
417 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
418 SAMR_ACCESS_ENUM_DOMAINS |
419 SAMR_ACCESS_LOOKUP_DOMAIN,
420 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
421 SAMR_DOMAIN_ACCESS_CREATE_USER |
422 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
426 if (!W_ERROR_IS_OK(werr)) {
430 init_lsa_String(&lsa_account_name, uX.usriX_name);
432 status = dcerpc_samr_CreateUser2(b, talloc_tos(),
438 SAMR_USER_ACCESS_SET_PASSWORD |
439 SAMR_USER_ACCESS_SET_ATTRIBUTES |
440 SAMR_USER_ACCESS_GET_ATTRIBUTES,
445 if (!NT_STATUS_IS_OK(status)) {
446 werr = ntstatus_to_werror(status);
449 if (!NT_STATUS_IS_OK(result)) {
450 werr = ntstatus_to_werror(result);
454 status = dcerpc_samr_QueryUserInfo(b, talloc_tos(),
459 if (!NT_STATUS_IS_OK(status)) {
460 werr = ntstatus_to_werror(status);
463 if (!NT_STATUS_IS_OK(result)) {
464 werr = ntstatus_to_werror(result);
468 if (!(user_info->info16.acct_flags & ACB_NORMAL)) {
469 werr = WERR_INVALID_PARAM;
473 status = dcerpc_samr_GetUserPwInfo(b, talloc_tos(),
477 if (!NT_STATUS_IS_OK(status)) {
478 werr = ntstatus_to_werror(status);
481 if (!NT_STATUS_IS_OK(result)) {
482 werr = ntstatus_to_werror(result);
486 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
487 if (!NT_STATUS_IS_OK(status)) {
488 werr = ntstatus_to_werror(status);
492 uX.usriX_flags |= ACB_NORMAL;
494 status = set_user_info_USER_INFO_X(ctx, pipe_cli,
498 if (!NT_STATUS_IS_OK(status)) {
499 werr = ntstatus_to_werror(status);
507 dcerpc_samr_DeleteUser(b, talloc_tos(),
512 if (is_valid_policy_hnd(&user_handle) && b) {
513 dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
516 if (ctx->disable_policy_handle_cache) {
517 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
518 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
524 /****************************************************************
525 ****************************************************************/
527 WERROR NetUserAdd_l(struct libnetapi_ctx *ctx,
528 struct NetUserAdd *r)
530 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserAdd);
533 /****************************************************************
534 ****************************************************************/
536 WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
537 struct NetUserDel *r)
539 struct rpc_pipe_client *pipe_cli = NULL;
540 NTSTATUS status, result;
542 struct policy_handle connect_handle, builtin_handle, domain_handle, user_handle;
543 struct lsa_String lsa_account_name;
544 struct samr_Ids user_rids, name_types;
545 struct dom_sid2 *domain_sid = NULL;
546 struct dom_sid2 user_sid;
547 struct dcerpc_binding_handle *b = NULL;
549 ZERO_STRUCT(connect_handle);
550 ZERO_STRUCT(builtin_handle);
551 ZERO_STRUCT(domain_handle);
552 ZERO_STRUCT(user_handle);
554 werr = libnetapi_open_pipe(ctx, r->in.server_name,
558 if (!W_ERROR_IS_OK(werr)) {
562 b = pipe_cli->binding_handle;
564 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
565 SAMR_ACCESS_ENUM_DOMAINS |
566 SAMR_ACCESS_LOOKUP_DOMAIN,
567 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
571 if (!W_ERROR_IS_OK(werr)) {
575 status = dcerpc_samr_OpenDomain(b, talloc_tos(),
577 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
578 discard_const_p(struct dom_sid, &global_sid_Builtin),
581 if (!NT_STATUS_IS_OK(status)) {
582 werr = ntstatus_to_werror(status);
585 if (!NT_STATUS_IS_OK(result)) {
586 werr = ntstatus_to_werror(result);
590 init_lsa_String(&lsa_account_name, r->in.user_name);
592 status = dcerpc_samr_LookupNames(b, talloc_tos(),
599 if (!NT_STATUS_IS_OK(status)) {
600 werr = ntstatus_to_werror(status);
603 if (!NT_STATUS_IS_OK(result)) {
604 werr = ntstatus_to_werror(result);
607 if (user_rids.count != 1) {
608 werr = WERR_BAD_NET_RESP;
611 if (name_types.count != 1) {
612 werr = WERR_BAD_NET_RESP;
616 status = dcerpc_samr_OpenUser(b, talloc_tos(),
622 if (!NT_STATUS_IS_OK(status)) {
623 werr = ntstatus_to_werror(status);
626 if (!NT_STATUS_IS_OK(result)) {
627 werr = ntstatus_to_werror(result);
631 sid_compose(&user_sid, domain_sid, user_rids.ids[0]);
633 status = dcerpc_samr_RemoveMemberFromForeignDomain(b, talloc_tos(),
637 if (!NT_STATUS_IS_OK(status)) {
638 werr = ntstatus_to_werror(status);
641 if (!NT_STATUS_IS_OK(result)) {
642 werr = ntstatus_to_werror(result);
646 status = dcerpc_samr_DeleteUser(b, talloc_tos(),
649 if (!NT_STATUS_IS_OK(status)) {
650 werr = ntstatus_to_werror(status);
653 if (!NT_STATUS_IS_OK(result)) {
654 werr = ntstatus_to_werror(result);
661 if (is_valid_policy_hnd(&user_handle)) {
662 dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
665 if (ctx->disable_policy_handle_cache) {
666 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
667 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
668 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
674 /****************************************************************
675 ****************************************************************/
677 WERROR NetUserDel_l(struct libnetapi_ctx *ctx,
678 struct NetUserDel *r)
680 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserDel);
683 /****************************************************************
684 ****************************************************************/
686 static NTSTATUS libnetapi_samr_lookup_user(TALLOC_CTX *mem_ctx,
687 struct rpc_pipe_client *pipe_cli,
688 struct policy_handle *domain_handle,
689 struct policy_handle *builtin_handle,
690 const char *user_name,
691 const struct dom_sid *domain_sid,
694 struct samr_UserInfo21 **info21,
695 struct sec_desc_buf **sec_desc,
696 uint32_t *auth_flag_p)
698 NTSTATUS status, result;
700 struct policy_handle user_handle;
701 union samr_UserInfo *user_info = NULL;
702 struct samr_RidWithAttributeArray *rid_array = NULL;
703 uint32_t access_mask = SEC_STD_READ_CONTROL |
704 SAMR_USER_ACCESS_GET_ATTRIBUTES |
705 SAMR_USER_ACCESS_GET_NAME_ETC;
706 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
708 ZERO_STRUCT(user_handle);
714 access_mask |= SAMR_USER_ACCESS_GET_LOGONINFO |
715 SAMR_USER_ACCESS_GET_GROUPS;
721 access_mask |= SAMR_USER_ACCESS_GET_LOGONINFO |
722 SAMR_USER_ACCESS_GET_GROUPS |
723 SAMR_USER_ACCESS_GET_LOCALE;
730 return NT_STATUS_INVALID_LEVEL;
737 status = dcerpc_samr_OpenUser(b, mem_ctx,
743 if (!NT_STATUS_IS_OK(status)) {
746 if (!NT_STATUS_IS_OK(result)) {
751 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
756 if (!NT_STATUS_IS_OK(status)) {
759 if (!NT_STATUS_IS_OK(result)) {
764 status = dcerpc_samr_QuerySecurity(b, mem_ctx,
769 if (!NT_STATUS_IS_OK(status)) {
772 if (!NT_STATUS_IS_OK(result)) {
777 if (access_mask & SAMR_USER_ACCESS_GET_GROUPS) {
779 struct lsa_SidArray sid_array;
780 struct samr_Ids alias_rids;
782 uint32_t auth_flag = 0;
785 status = dcerpc_samr_GetGroupsForUser(b, mem_ctx,
789 if (!NT_STATUS_IS_OK(status)) {
792 if (!NT_STATUS_IS_OK(result)) {
797 sid_array.num_sids = rid_array->count + 1;
798 sid_array.sids = talloc_array(mem_ctx, struct lsa_SidPtr,
800 NT_STATUS_HAVE_NO_MEMORY(sid_array.sids);
802 for (i=0; i<rid_array->count; i++) {
803 sid_compose(&sid, domain_sid, rid_array->rids[i].rid);
804 sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid);
805 NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid);
808 sid_compose(&sid, domain_sid, rid);
809 sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid);
810 NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid);
812 status = dcerpc_samr_GetAliasMembership(b, mem_ctx,
817 if (!NT_STATUS_IS_OK(status)) {
820 if (!NT_STATUS_IS_OK(result)) {
825 for (i=0; i<alias_rids.count; i++) {
826 switch (alias_rids.ids[i]) {
827 case 550: /* Print Operators */
828 auth_flag |= AF_OP_PRINT;
830 case 549: /* Server Operators */
831 auth_flag |= AF_OP_SERVER;
833 case 548: /* Account Operators */
834 auth_flag |= AF_OP_ACCOUNTS;
842 *auth_flag_p = auth_flag;
846 *info21 = &user_info->info21;
849 if (is_valid_policy_hnd(&user_handle)) {
850 dcerpc_samr_Close(b, mem_ctx, &user_handle, &result);
856 /****************************************************************
857 ****************************************************************/
859 static uint32_t samr_rid_to_priv_level(uint32_t rid)
862 case DOMAIN_RID_ADMINISTRATOR:
863 return USER_PRIV_ADMIN;
864 case DOMAIN_RID_GUEST:
865 return USER_PRIV_GUEST;
867 return USER_PRIV_USER;
871 /****************************************************************
872 ****************************************************************/
874 static uint32_t samr_acb_flags_to_netapi_flags(uint32_t acb)
876 uint32_t fl = UF_SCRIPT; /* god knows why */
878 fl |= ds_acb2uf(acb);
883 /****************************************************************
884 ****************************************************************/
886 static NTSTATUS info21_to_USER_INFO_1(TALLOC_CTX *mem_ctx,
887 const struct samr_UserInfo21 *i21,
888 struct USER_INFO_1 *i)
891 i->usri1_name = talloc_strdup(mem_ctx, i21->account_name.string);
892 NT_STATUS_HAVE_NO_MEMORY(i->usri1_name);
893 i->usri1_password = NULL;
894 i->usri1_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
895 i->usri1_priv = samr_rid_to_priv_level(i21->rid);
896 i->usri1_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
897 i->usri1_comment = talloc_strdup(mem_ctx, i21->description.string);
898 i->usri1_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
899 i->usri1_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
904 /****************************************************************
905 ****************************************************************/
907 static NTSTATUS info21_to_USER_INFO_2(TALLOC_CTX *mem_ctx,
908 const struct samr_UserInfo21 *i21,
910 struct USER_INFO_2 *i)
914 i->usri2_name = talloc_strdup(mem_ctx, i21->account_name.string);
915 NT_STATUS_HAVE_NO_MEMORY(i->usri2_name);
916 i->usri2_password = NULL;
917 i->usri2_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
918 i->usri2_priv = samr_rid_to_priv_level(i21->rid);
919 i->usri2_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
920 i->usri2_comment = talloc_strdup(mem_ctx, i21->description.string);
921 i->usri2_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
922 i->usri2_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
923 i->usri2_auth_flags = auth_flag;
924 i->usri2_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
925 i->usri2_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
926 i->usri2_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
927 i->usri2_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
928 i->usri2_last_logon = nt_time_to_unix(i21->last_logon);
929 i->usri2_last_logoff = nt_time_to_unix(i21->last_logoff);
930 i->usri2_acct_expires = nt_time_to_unix(i21->acct_expiry);
931 i->usri2_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
932 i->usri2_units_per_week = i21->logon_hours.units_per_week;
933 i->usri2_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
934 i->usri2_bad_pw_count = i21->bad_password_count;
935 i->usri2_num_logons = i21->logon_count;
936 i->usri2_logon_server = talloc_strdup(mem_ctx, "\\\\*");
937 i->usri2_country_code = i21->country_code;
938 i->usri2_code_page = i21->code_page;
943 /****************************************************************
944 ****************************************************************/
946 static NTSTATUS info21_to_USER_INFO_3(TALLOC_CTX *mem_ctx,
947 const struct samr_UserInfo21 *i21,
949 struct USER_INFO_3 *i)
953 i->usri3_name = talloc_strdup(mem_ctx, i21->account_name.string);
954 NT_STATUS_HAVE_NO_MEMORY(i->usri3_name);
955 i->usri3_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
956 i->usri3_priv = samr_rid_to_priv_level(i21->rid);
957 i->usri3_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
958 i->usri3_comment = talloc_strdup(mem_ctx, i21->description.string);
959 i->usri3_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
960 i->usri3_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
961 i->usri3_auth_flags = auth_flag;
962 i->usri3_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
963 i->usri3_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
964 i->usri3_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
965 i->usri3_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
966 i->usri3_last_logon = nt_time_to_unix(i21->last_logon);
967 i->usri3_last_logoff = nt_time_to_unix(i21->last_logoff);
968 i->usri3_acct_expires = nt_time_to_unix(i21->acct_expiry);
969 i->usri3_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
970 i->usri3_units_per_week = i21->logon_hours.units_per_week;
971 i->usri3_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
972 i->usri3_bad_pw_count = i21->bad_password_count;
973 i->usri3_num_logons = i21->logon_count;
974 i->usri3_logon_server = talloc_strdup(mem_ctx, "\\\\*");
975 i->usri3_country_code = i21->country_code;
976 i->usri3_code_page = i21->code_page;
977 i->usri3_user_id = i21->rid;
978 i->usri3_primary_group_id = i21->primary_gid;
979 i->usri3_profile = talloc_strdup(mem_ctx, i21->profile_path.string);
980 i->usri3_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string);
981 i->usri3_password_expired = i21->password_expired;
986 /****************************************************************
987 ****************************************************************/
989 static NTSTATUS info21_to_USER_INFO_4(TALLOC_CTX *mem_ctx,
990 const struct samr_UserInfo21 *i21,
992 struct dom_sid *domain_sid,
993 struct USER_INFO_4 *i)
999 i->usri4_name = talloc_strdup(mem_ctx, i21->account_name.string);
1000 NT_STATUS_HAVE_NO_MEMORY(i->usri4_name);
1001 i->usri4_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
1002 i->usri4_password = NULL;
1003 i->usri4_priv = samr_rid_to_priv_level(i21->rid);
1004 i->usri4_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
1005 i->usri4_comment = talloc_strdup(mem_ctx, i21->description.string);
1006 i->usri4_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
1007 i->usri4_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
1008 i->usri4_auth_flags = auth_flag;
1009 i->usri4_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
1010 i->usri4_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
1011 i->usri4_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
1012 i->usri4_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
1013 i->usri4_last_logon = nt_time_to_unix(i21->last_logon);
1014 i->usri4_last_logoff = nt_time_to_unix(i21->last_logoff);
1015 i->usri4_acct_expires = nt_time_to_unix(i21->acct_expiry);
1016 i->usri4_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
1017 i->usri4_units_per_week = i21->logon_hours.units_per_week;
1018 i->usri4_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
1019 i->usri4_bad_pw_count = i21->bad_password_count;
1020 i->usri4_num_logons = i21->logon_count;
1021 i->usri4_logon_server = talloc_strdup(mem_ctx, "\\\\*");
1022 i->usri4_country_code = i21->country_code;
1023 i->usri4_code_page = i21->code_page;
1024 if (!sid_compose(&sid, domain_sid, i21->rid)) {
1025 return NT_STATUS_NO_MEMORY;
1027 i->usri4_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
1028 i->usri4_primary_group_id = i21->primary_gid;
1029 i->usri4_profile = talloc_strdup(mem_ctx, i21->profile_path.string);
1030 i->usri4_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string);
1031 i->usri4_password_expired = i21->password_expired;
1033 return NT_STATUS_OK;
1036 /****************************************************************
1037 ****************************************************************/
1039 static NTSTATUS info21_to_USER_INFO_10(TALLOC_CTX *mem_ctx,
1040 const struct samr_UserInfo21 *i21,
1041 struct USER_INFO_10 *i)
1045 i->usri10_name = talloc_strdup(mem_ctx, i21->account_name.string);
1046 NT_STATUS_HAVE_NO_MEMORY(i->usri10_name);
1047 i->usri10_comment = talloc_strdup(mem_ctx, i21->description.string);
1048 i->usri10_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
1049 i->usri10_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
1051 return NT_STATUS_OK;
1054 /****************************************************************
1055 ****************************************************************/
1057 static NTSTATUS info21_to_USER_INFO_11(TALLOC_CTX *mem_ctx,
1058 const struct samr_UserInfo21 *i21,
1060 struct USER_INFO_11 *i)
1064 i->usri11_name = talloc_strdup(mem_ctx, i21->account_name.string);
1065 NT_STATUS_HAVE_NO_MEMORY(i->usri11_name);
1066 i->usri11_comment = talloc_strdup(mem_ctx, i21->description.string);
1067 i->usri11_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
1068 i->usri11_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
1069 i->usri11_priv = samr_rid_to_priv_level(i21->rid);
1070 i->usri11_auth_flags = auth_flag;
1071 i->usri11_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
1072 i->usri11_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
1073 i->usri11_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
1074 i->usri11_last_logon = nt_time_to_unix(i21->last_logon);
1075 i->usri11_last_logoff = nt_time_to_unix(i21->last_logoff);
1076 i->usri11_bad_pw_count = i21->bad_password_count;
1077 i->usri11_num_logons = i21->logon_count;
1078 i->usri11_logon_server = talloc_strdup(mem_ctx, "\\\\*");
1079 i->usri11_country_code = i21->country_code;
1080 i->usri11_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
1081 i->usri11_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
1082 i->usri11_units_per_week = i21->logon_hours.units_per_week;
1083 i->usri11_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
1084 i->usri11_code_page = i21->code_page;
1086 return NT_STATUS_OK;
1089 /****************************************************************
1090 ****************************************************************/
1092 static NTSTATUS info21_to_USER_INFO_20(TALLOC_CTX *mem_ctx,
1093 const struct samr_UserInfo21 *i21,
1094 struct USER_INFO_20 *i)
1098 i->usri20_name = talloc_strdup(mem_ctx, i21->account_name.string);
1099 NT_STATUS_HAVE_NO_MEMORY(i->usri20_name);
1100 i->usri20_comment = talloc_strdup(mem_ctx, i21->description.string);
1101 i->usri20_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
1102 i->usri20_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
1103 i->usri20_user_id = i21->rid;
1105 return NT_STATUS_OK;
1108 /****************************************************************
1109 ****************************************************************/
1111 static NTSTATUS info21_to_USER_INFO_23(TALLOC_CTX *mem_ctx,
1112 const struct samr_UserInfo21 *i21,
1113 struct dom_sid *domain_sid,
1114 struct USER_INFO_23 *i)
1120 i->usri23_name = talloc_strdup(mem_ctx, i21->account_name.string);
1121 NT_STATUS_HAVE_NO_MEMORY(i->usri23_name);
1122 i->usri23_comment = talloc_strdup(mem_ctx, i21->description.string);
1123 i->usri23_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
1124 i->usri23_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
1125 if (!sid_compose(&sid, domain_sid, i21->rid)) {
1126 return NT_STATUS_NO_MEMORY;
1128 i->usri23_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
1130 return NT_STATUS_OK;
1133 /****************************************************************
1134 ****************************************************************/
1136 static NTSTATUS libnetapi_samr_lookup_user_map_USER_INFO(TALLOC_CTX *mem_ctx,
1137 struct rpc_pipe_client *pipe_cli,
1138 struct dom_sid *domain_sid,
1139 struct policy_handle *domain_handle,
1140 struct policy_handle *builtin_handle,
1141 const char *user_name,
1145 uint32_t *num_entries)
1149 struct samr_UserInfo21 *info21 = NULL;
1150 struct sec_desc_buf *sec_desc = NULL;
1151 uint32_t auth_flag = 0;
1153 struct USER_INFO_0 info0;
1154 struct USER_INFO_1 info1;
1155 struct USER_INFO_2 info2;
1156 struct USER_INFO_3 info3;
1157 struct USER_INFO_4 info4;
1158 struct USER_INFO_10 info10;
1159 struct USER_INFO_11 info11;
1160 struct USER_INFO_20 info20;
1161 struct USER_INFO_23 info23;
1175 return NT_STATUS_INVALID_LEVEL;
1179 info0.usri0_name = talloc_strdup(mem_ctx, user_name);
1180 NT_STATUS_HAVE_NO_MEMORY(info0.usri0_name);
1182 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_0, info0,
1183 (struct USER_INFO_0 **)buffer, num_entries);
1185 return NT_STATUS_OK;
1188 status = libnetapi_samr_lookup_user(mem_ctx, pipe_cli,
1199 if (!NT_STATUS_IS_OK(status)) {
1205 status = info21_to_USER_INFO_1(mem_ctx, info21, &info1);
1206 NT_STATUS_NOT_OK_RETURN(status);
1208 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_1, info1,
1209 (struct USER_INFO_1 **)buffer, num_entries);
1213 status = info21_to_USER_INFO_2(mem_ctx, info21, auth_flag, &info2);
1214 NT_STATUS_NOT_OK_RETURN(status);
1216 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_2, info2,
1217 (struct USER_INFO_2 **)buffer, num_entries);
1221 status = info21_to_USER_INFO_3(mem_ctx, info21, auth_flag, &info3);
1222 NT_STATUS_NOT_OK_RETURN(status);
1224 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_3, info3,
1225 (struct USER_INFO_3 **)buffer, num_entries);
1229 status = info21_to_USER_INFO_4(mem_ctx, info21, auth_flag, domain_sid, &info4);
1230 NT_STATUS_NOT_OK_RETURN(status);
1232 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_4, info4,
1233 (struct USER_INFO_4 **)buffer, num_entries);
1237 status = info21_to_USER_INFO_10(mem_ctx, info21, &info10);
1238 NT_STATUS_NOT_OK_RETURN(status);
1240 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_10, info10,
1241 (struct USER_INFO_10 **)buffer, num_entries);
1245 status = info21_to_USER_INFO_11(mem_ctx, info21, auth_flag, &info11);
1246 NT_STATUS_NOT_OK_RETURN(status);
1248 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_11, info11,
1249 (struct USER_INFO_11 **)buffer, num_entries);
1253 status = info21_to_USER_INFO_20(mem_ctx, info21, &info20);
1254 NT_STATUS_NOT_OK_RETURN(status);
1256 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_20, info20,
1257 (struct USER_INFO_20 **)buffer, num_entries);
1261 status = info21_to_USER_INFO_23(mem_ctx, info21, domain_sid, &info23);
1262 NT_STATUS_NOT_OK_RETURN(status);
1264 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_23, info23,
1265 (struct USER_INFO_23 **)buffer, num_entries);
1268 return NT_STATUS_INVALID_LEVEL;
1275 /****************************************************************
1276 ****************************************************************/
1278 WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
1279 struct NetUserEnum *r)
1281 struct rpc_pipe_client *pipe_cli = NULL;
1282 struct policy_handle connect_handle;
1283 struct dom_sid2 *domain_sid = NULL;
1284 struct policy_handle domain_handle, builtin_handle;
1285 struct samr_SamArray *sam = NULL;
1286 uint32_t filter = ACB_NORMAL;
1288 uint32_t entries_read = 0;
1290 NTSTATUS status = NT_STATUS_OK;
1291 NTSTATUS result = NT_STATUS_OK;
1293 struct dcerpc_binding_handle *b = NULL;
1295 ZERO_STRUCT(connect_handle);
1296 ZERO_STRUCT(domain_handle);
1297 ZERO_STRUCT(builtin_handle);
1299 if (!r->out.buffer) {
1300 return WERR_INVALID_PARAM;
1303 *r->out.buffer = NULL;
1304 *r->out.entries_read = 0;
1306 switch (r->in.level) {
1318 return WERR_UNKNOWN_LEVEL;
1321 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1324 if (!W_ERROR_IS_OK(werr)) {
1328 b = pipe_cli->binding_handle;
1330 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1331 SAMR_ACCESS_ENUM_DOMAINS |
1332 SAMR_ACCESS_LOOKUP_DOMAIN,
1333 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
1334 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
1337 if (!W_ERROR_IS_OK(werr)) {
1341 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1342 SAMR_ACCESS_ENUM_DOMAINS |
1343 SAMR_ACCESS_LOOKUP_DOMAIN,
1344 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
1345 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
1346 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1350 if (!W_ERROR_IS_OK(werr)) {
1354 switch (r->in.filter) {
1355 case FILTER_NORMAL_ACCOUNT:
1356 filter = ACB_NORMAL;
1358 case FILTER_TEMP_DUPLICATE_ACCOUNT:
1359 filter = ACB_TEMPDUP;
1361 case FILTER_INTERDOMAIN_TRUST_ACCOUNT:
1362 filter = ACB_DOMTRUST;
1364 case FILTER_WORKSTATION_TRUST_ACCOUNT:
1365 filter = ACB_WSTRUST;
1367 case FILTER_SERVER_TRUST_ACCOUNT:
1368 filter = ACB_SVRTRUST;
1374 status = dcerpc_samr_EnumDomainUsers(b,
1377 r->in.resume_handle,
1383 if (!NT_STATUS_IS_OK(status)) {
1384 werr = ntstatus_to_werror(status);
1387 werr = ntstatus_to_werror(result);
1388 if (NT_STATUS_IS_ERR(result)) {
1392 for (i=0; i < sam->count; i++) {
1394 status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
1398 sam->entries[i].name.string,
1399 sam->entries[i].idx,
1402 r->out.entries_read);
1403 if (!NT_STATUS_IS_OK(status)) {
1404 werr = ntstatus_to_werror(status);
1411 if (NT_STATUS_IS_OK(result) ||
1412 NT_STATUS_IS_ERR(result)) {
1414 if (ctx->disable_policy_handle_cache) {
1415 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1416 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
1417 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1424 /****************************************************************
1425 ****************************************************************/
1427 WERROR NetUserEnum_l(struct libnetapi_ctx *ctx,
1428 struct NetUserEnum *r)
1430 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserEnum);
1433 /****************************************************************
1434 ****************************************************************/
1436 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_USER(TALLOC_CTX *mem_ctx,
1437 struct samr_DispInfoGeneral *info,
1438 uint32_t *entries_read,
1441 struct NET_DISPLAY_USER *user = NULL;
1444 user = talloc_zero_array(mem_ctx,
1445 struct NET_DISPLAY_USER,
1447 W_ERROR_HAVE_NO_MEMORY(user);
1449 for (i = 0; i < info->count; i++) {
1450 user[i].usri1_name = talloc_strdup(mem_ctx,
1451 info->entries[i].account_name.string);
1452 user[i].usri1_comment = talloc_strdup(mem_ctx,
1453 info->entries[i].description.string);
1454 user[i].usri1_flags =
1455 info->entries[i].acct_flags;
1456 user[i].usri1_full_name = talloc_strdup(mem_ctx,
1457 info->entries[i].full_name.string);
1458 user[i].usri1_user_id =
1459 info->entries[i].rid;
1460 user[i].usri1_next_index =
1461 info->entries[i].idx;
1463 if (!user[i].usri1_name) {
1468 *buffer = talloc_memdup(mem_ctx, user,
1469 sizeof(struct NET_DISPLAY_USER) * info->count);
1470 W_ERROR_HAVE_NO_MEMORY(*buffer);
1472 *entries_read = info->count;
1477 /****************************************************************
1478 ****************************************************************/
1480 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(TALLOC_CTX *mem_ctx,
1481 struct samr_DispInfoFull *info,
1482 uint32_t *entries_read,
1485 struct NET_DISPLAY_MACHINE *machine = NULL;
1488 machine = talloc_zero_array(mem_ctx,
1489 struct NET_DISPLAY_MACHINE,
1491 W_ERROR_HAVE_NO_MEMORY(machine);
1493 for (i = 0; i < info->count; i++) {
1494 machine[i].usri2_name = talloc_strdup(mem_ctx,
1495 info->entries[i].account_name.string);
1496 machine[i].usri2_comment = talloc_strdup(mem_ctx,
1497 info->entries[i].description.string);
1498 machine[i].usri2_flags =
1499 info->entries[i].acct_flags;
1500 machine[i].usri2_user_id =
1501 info->entries[i].rid;
1502 machine[i].usri2_next_index =
1503 info->entries[i].idx;
1505 if (!machine[i].usri2_name) {
1510 *buffer = talloc_memdup(mem_ctx, machine,
1511 sizeof(struct NET_DISPLAY_MACHINE) * info->count);
1512 W_ERROR_HAVE_NO_MEMORY(*buffer);
1514 *entries_read = info->count;
1519 /****************************************************************
1520 ****************************************************************/
1522 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_GROUP(TALLOC_CTX *mem_ctx,
1523 struct samr_DispInfoFullGroups *info,
1524 uint32_t *entries_read,
1527 struct NET_DISPLAY_GROUP *group = NULL;
1530 group = talloc_zero_array(mem_ctx,
1531 struct NET_DISPLAY_GROUP,
1533 W_ERROR_HAVE_NO_MEMORY(group);
1535 for (i = 0; i < info->count; i++) {
1536 group[i].grpi3_name = talloc_strdup(mem_ctx,
1537 info->entries[i].account_name.string);
1538 group[i].grpi3_comment = talloc_strdup(mem_ctx,
1539 info->entries[i].description.string);
1540 group[i].grpi3_group_id =
1541 info->entries[i].rid;
1542 group[i].grpi3_attributes =
1543 info->entries[i].acct_flags;
1544 group[i].grpi3_next_index =
1545 info->entries[i].idx;
1547 if (!group[i].grpi3_name) {
1552 *buffer = talloc_memdup(mem_ctx, group,
1553 sizeof(struct NET_DISPLAY_GROUP) * info->count);
1554 W_ERROR_HAVE_NO_MEMORY(*buffer);
1556 *entries_read = info->count;
1562 /****************************************************************
1563 ****************************************************************/
1565 static WERROR convert_samr_dispinfo_to_NET_DISPLAY(TALLOC_CTX *mem_ctx,
1566 union samr_DispInfo *info,
1568 uint32_t *entries_read,
1573 return convert_samr_dispinfo_to_NET_DISPLAY_USER(mem_ctx,
1578 return convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(mem_ctx,
1583 return convert_samr_dispinfo_to_NET_DISPLAY_GROUP(mem_ctx,
1591 return WERR_UNKNOWN_LEVEL;
1594 /****************************************************************
1595 ****************************************************************/
1597 WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
1598 struct NetQueryDisplayInformation *r)
1600 struct rpc_pipe_client *pipe_cli = NULL;
1601 struct policy_handle connect_handle;
1602 struct dom_sid2 *domain_sid = NULL;
1603 struct policy_handle domain_handle;
1604 union samr_DispInfo info;
1605 struct dcerpc_binding_handle *b = NULL;
1607 uint32_t total_size = 0;
1608 uint32_t returned_size = 0;
1610 NTSTATUS status = NT_STATUS_OK;
1611 NTSTATUS result = NT_STATUS_OK;
1615 *r->out.entries_read = 0;
1617 ZERO_STRUCT(connect_handle);
1618 ZERO_STRUCT(domain_handle);
1620 switch (r->in.level) {
1626 return WERR_UNKNOWN_LEVEL;
1629 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1632 if (!W_ERROR_IS_OK(werr)) {
1636 b = pipe_cli->binding_handle;
1638 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1639 SAMR_ACCESS_ENUM_DOMAINS |
1640 SAMR_ACCESS_LOOKUP_DOMAIN,
1641 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
1642 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
1643 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1647 if (!W_ERROR_IS_OK(werr)) {
1651 status = dcerpc_samr_QueryDisplayInfo2(b,
1656 r->in.entries_requested,
1662 if (!NT_STATUS_IS_OK(status)) {
1663 werr = ntstatus_to_werror(status);
1666 werr = ntstatus_to_werror(result);
1667 if (NT_STATUS_IS_ERR(result)) {
1671 werr_tmp = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info,
1673 r->out.entries_read,
1675 if (!W_ERROR_IS_OK(werr_tmp)) {
1680 if (NT_STATUS_IS_OK(result) ||
1681 NT_STATUS_IS_ERR(result)) {
1683 if (ctx->disable_policy_handle_cache) {
1684 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1685 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1693 /****************************************************************
1694 ****************************************************************/
1697 WERROR NetQueryDisplayInformation_l(struct libnetapi_ctx *ctx,
1698 struct NetQueryDisplayInformation *r)
1700 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetQueryDisplayInformation);
1703 /****************************************************************
1704 ****************************************************************/
1706 WERROR NetUserChangePassword_r(struct libnetapi_ctx *ctx,
1707 struct NetUserChangePassword *r)
1709 return WERR_NOT_SUPPORTED;
1712 /****************************************************************
1713 ****************************************************************/
1715 WERROR NetUserChangePassword_l(struct libnetapi_ctx *ctx,
1716 struct NetUserChangePassword *r)
1718 return WERR_NOT_SUPPORTED;
1721 /****************************************************************
1722 ****************************************************************/
1724 WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
1725 struct NetUserGetInfo *r)
1727 struct rpc_pipe_client *pipe_cli = NULL;
1728 NTSTATUS status, result;
1731 struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
1732 struct lsa_String lsa_account_name;
1733 struct dom_sid2 *domain_sid = NULL;
1734 struct samr_Ids user_rids, name_types;
1735 uint32_t num_entries = 0;
1736 struct dcerpc_binding_handle *b = NULL;
1738 ZERO_STRUCT(connect_handle);
1739 ZERO_STRUCT(domain_handle);
1740 ZERO_STRUCT(builtin_handle);
1741 ZERO_STRUCT(user_handle);
1743 if (!r->out.buffer) {
1744 return WERR_INVALID_PARAM;
1747 switch (r->in.level) {
1759 werr = WERR_UNKNOWN_LEVEL;
1763 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1766 if (!W_ERROR_IS_OK(werr)) {
1770 b = pipe_cli->binding_handle;
1772 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1773 SAMR_ACCESS_ENUM_DOMAINS |
1774 SAMR_ACCESS_LOOKUP_DOMAIN,
1775 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1779 if (!W_ERROR_IS_OK(werr)) {
1783 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1784 SAMR_ACCESS_ENUM_DOMAINS |
1785 SAMR_ACCESS_LOOKUP_DOMAIN,
1786 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
1787 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
1790 if (!W_ERROR_IS_OK(werr)) {
1794 init_lsa_String(&lsa_account_name, r->in.user_name);
1796 status = dcerpc_samr_LookupNames(b, talloc_tos(),
1803 if (!NT_STATUS_IS_OK(status)) {
1804 werr = ntstatus_to_werror(status);
1807 if (!NT_STATUS_IS_OK(result)) {
1808 werr = ntstatus_to_werror(result);
1811 if (user_rids.count != 1) {
1812 werr = WERR_BAD_NET_RESP;
1815 if (name_types.count != 1) {
1816 werr = WERR_BAD_NET_RESP;
1820 status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
1829 if (!NT_STATUS_IS_OK(status)) {
1830 werr = ntstatus_to_werror(status);
1835 if (is_valid_policy_hnd(&user_handle) && b) {
1836 dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
1839 if (ctx->disable_policy_handle_cache) {
1840 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1841 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1847 /****************************************************************
1848 ****************************************************************/
1850 WERROR NetUserGetInfo_l(struct libnetapi_ctx *ctx,
1851 struct NetUserGetInfo *r)
1853 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetInfo);
1856 /****************************************************************
1857 ****************************************************************/
1859 WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
1860 struct NetUserSetInfo *r)
1862 struct rpc_pipe_client *pipe_cli = NULL;
1863 NTSTATUS status, result;
1866 struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
1867 struct lsa_String lsa_account_name;
1868 struct dom_sid2 *domain_sid = NULL;
1869 struct samr_Ids user_rids, name_types;
1870 uint32_t user_mask = 0;
1872 struct USER_INFO_X uX;
1873 struct dcerpc_binding_handle *b = NULL;
1874 DATA_BLOB session_key;
1876 ZERO_STRUCT(connect_handle);
1877 ZERO_STRUCT(domain_handle);
1878 ZERO_STRUCT(builtin_handle);
1879 ZERO_STRUCT(user_handle);
1881 if (!r->in.buffer) {
1882 return WERR_INVALID_PARAM;
1885 switch (r->in.level) {
1887 user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES;
1890 user_mask = SAMR_USER_ACCESS_SET_PASSWORD;
1899 user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES;
1903 user_mask = SAMR_USER_ACCESS_SET_LOC_COM;
1906 user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES |
1907 SAMR_USER_ACCESS_GET_GROUPS;
1910 user_mask = SEC_STD_READ_CONTROL |
1912 SAMR_USER_ACCESS_GET_GROUPS |
1913 SAMR_USER_ACCESS_SET_PASSWORD |
1914 SAMR_USER_ACCESS_SET_ATTRIBUTES |
1915 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1916 SAMR_USER_ACCESS_SET_LOC_COM;
1928 werr = WERR_NOT_SUPPORTED;
1931 werr = WERR_UNKNOWN_LEVEL;
1935 werr = libnetapi_open_pipe(ctx, r->in.server_name,
1938 if (!W_ERROR_IS_OK(werr)) {
1942 b = pipe_cli->binding_handle;
1944 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1945 SAMR_ACCESS_ENUM_DOMAINS |
1946 SAMR_ACCESS_LOOKUP_DOMAIN,
1947 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
1948 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1952 if (!W_ERROR_IS_OK(werr)) {
1956 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1957 SAMR_ACCESS_ENUM_DOMAINS |
1958 SAMR_ACCESS_LOOKUP_DOMAIN,
1959 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
1960 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
1963 if (!W_ERROR_IS_OK(werr)) {
1967 init_lsa_String(&lsa_account_name, r->in.user_name);
1969 status = dcerpc_samr_LookupNames(b, talloc_tos(),
1976 if (!NT_STATUS_IS_OK(status)) {
1977 werr = ntstatus_to_werror(status);
1980 if (!NT_STATUS_IS_OK(result)) {
1981 werr = ntstatus_to_werror(result);
1984 if (user_rids.count != 1) {
1985 werr = WERR_BAD_NET_RESP;
1988 if (name_types.count != 1) {
1989 werr = WERR_BAD_NET_RESP;
1993 status = dcerpc_samr_OpenUser(b, talloc_tos(),
1999 if (!NT_STATUS_IS_OK(status)) {
2000 werr = ntstatus_to_werror(status);
2003 if (!NT_STATUS_IS_OK(result)) {
2004 werr = ntstatus_to_werror(result);
2008 status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
2009 if (!NT_STATUS_IS_OK(status)) {
2010 werr = ntstatus_to_werror(status);
2014 status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
2015 if (!NT_STATUS_IS_OK(status)) {
2016 werr = ntstatus_to_werror(status);
2020 status = set_user_info_USER_INFO_X(ctx, pipe_cli,
2024 if (!NT_STATUS_IS_OK(status)) {
2025 werr = ntstatus_to_werror(status);
2032 if (is_valid_policy_hnd(&user_handle) && b) {
2033 dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
2036 if (ctx->disable_policy_handle_cache) {
2037 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
2038 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
2039 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
2045 /****************************************************************
2046 ****************************************************************/
2048 WERROR NetUserSetInfo_l(struct libnetapi_ctx *ctx,
2049 struct NetUserSetInfo *r)
2051 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserSetInfo);
2054 /****************************************************************
2055 ****************************************************************/
2057 static NTSTATUS query_USER_MODALS_INFO_rpc(TALLOC_CTX *mem_ctx,
2058 struct rpc_pipe_client *pipe_cli,
2059 struct policy_handle *domain_handle,
2060 struct samr_DomInfo1 *info1,
2061 struct samr_DomInfo3 *info3,
2062 struct samr_DomInfo5 *info5,
2063 struct samr_DomInfo6 *info6,
2064 struct samr_DomInfo7 *info7,
2065 struct samr_DomInfo12 *info12)
2067 NTSTATUS status, result;
2068 union samr_DomainInfo *dom_info = NULL;
2069 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
2072 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
2077 NT_STATUS_NOT_OK_RETURN(status);
2078 NT_STATUS_NOT_OK_RETURN(result);
2080 *info1 = dom_info->info1;
2084 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
2089 NT_STATUS_NOT_OK_RETURN(status);
2090 NT_STATUS_NOT_OK_RETURN(result);
2092 *info3 = dom_info->info3;
2096 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
2101 NT_STATUS_NOT_OK_RETURN(status);
2102 NT_STATUS_NOT_OK_RETURN(result);
2104 *info5 = dom_info->info5;
2108 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
2113 NT_STATUS_NOT_OK_RETURN(status);
2114 NT_STATUS_NOT_OK_RETURN(result);
2116 *info6 = dom_info->info6;
2120 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
2125 NT_STATUS_NOT_OK_RETURN(status);
2126 NT_STATUS_NOT_OK_RETURN(result);
2128 *info7 = dom_info->info7;
2132 status = dcerpc_samr_QueryDomainInfo2(b, mem_ctx,
2137 NT_STATUS_NOT_OK_RETURN(status);
2138 NT_STATUS_NOT_OK_RETURN(result);
2140 *info12 = dom_info->info12;
2143 return NT_STATUS_OK;
2146 /****************************************************************
2147 ****************************************************************/
2149 static NTSTATUS query_USER_MODALS_INFO_0(TALLOC_CTX *mem_ctx,
2150 struct rpc_pipe_client *pipe_cli,
2151 struct policy_handle *domain_handle,
2152 struct USER_MODALS_INFO_0 *info0)
2155 struct samr_DomInfo1 dom_info1;
2156 struct samr_DomInfo3 dom_info3;
2158 ZERO_STRUCTP(info0);
2160 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2169 NT_STATUS_NOT_OK_RETURN(status);
2171 info0->usrmod0_min_passwd_len =
2172 dom_info1.min_password_length;
2173 info0->usrmod0_max_passwd_age =
2174 nt_time_to_unix_abs((NTTIME *)&dom_info1.max_password_age);
2175 info0->usrmod0_min_passwd_age =
2176 nt_time_to_unix_abs((NTTIME *)&dom_info1.min_password_age);
2177 info0->usrmod0_password_hist_len =
2178 dom_info1.password_history_length;
2180 info0->usrmod0_force_logoff =
2181 nt_time_to_unix_abs(&dom_info3.force_logoff_time);
2183 return NT_STATUS_OK;
2186 /****************************************************************
2187 ****************************************************************/
2189 static NTSTATUS query_USER_MODALS_INFO_1(TALLOC_CTX *mem_ctx,
2190 struct rpc_pipe_client *pipe_cli,
2191 struct policy_handle *domain_handle,
2192 struct USER_MODALS_INFO_1 *info1)
2195 struct samr_DomInfo6 dom_info6;
2196 struct samr_DomInfo7 dom_info7;
2198 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2207 NT_STATUS_NOT_OK_RETURN(status);
2209 info1->usrmod1_primary =
2210 talloc_strdup(mem_ctx, dom_info6.primary.string);
2212 info1->usrmod1_role = dom_info7.role;
2214 return NT_STATUS_OK;
2217 /****************************************************************
2218 ****************************************************************/
2220 static NTSTATUS query_USER_MODALS_INFO_2(TALLOC_CTX *mem_ctx,
2221 struct rpc_pipe_client *pipe_cli,
2222 struct policy_handle *domain_handle,
2223 struct dom_sid *domain_sid,
2224 struct USER_MODALS_INFO_2 *info2)
2227 struct samr_DomInfo5 dom_info5;
2229 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2238 NT_STATUS_NOT_OK_RETURN(status);
2240 info2->usrmod2_domain_name =
2241 talloc_strdup(mem_ctx, dom_info5.domain_name.string);
2242 info2->usrmod2_domain_id =
2243 (struct domsid *)dom_sid_dup(mem_ctx, domain_sid);
2245 NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_name);
2246 NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_id);
2248 return NT_STATUS_OK;
2251 /****************************************************************
2252 ****************************************************************/
2254 static NTSTATUS query_USER_MODALS_INFO_3(TALLOC_CTX *mem_ctx,
2255 struct rpc_pipe_client *pipe_cli,
2256 struct policy_handle *domain_handle,
2257 struct USER_MODALS_INFO_3 *info3)
2260 struct samr_DomInfo12 dom_info12;
2262 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2271 NT_STATUS_NOT_OK_RETURN(status);
2273 info3->usrmod3_lockout_duration =
2274 nt_time_to_unix_abs(&dom_info12.lockout_duration);
2275 info3->usrmod3_lockout_observation_window =
2276 nt_time_to_unix_abs(&dom_info12.lockout_window);
2277 info3->usrmod3_lockout_threshold =
2278 dom_info12.lockout_threshold;
2280 return NT_STATUS_OK;
2283 /****************************************************************
2284 ****************************************************************/
2286 static NTSTATUS query_USER_MODALS_INFO_to_buffer(TALLOC_CTX *mem_ctx,
2287 struct rpc_pipe_client *pipe_cli,
2289 struct policy_handle *domain_handle,
2290 struct dom_sid *domain_sid,
2295 struct USER_MODALS_INFO_0 info0;
2296 struct USER_MODALS_INFO_1 info1;
2297 struct USER_MODALS_INFO_2 info2;
2298 struct USER_MODALS_INFO_3 info3;
2301 return ERROR_INSUFFICIENT_BUFFER;
2306 status = query_USER_MODALS_INFO_0(mem_ctx,
2310 NT_STATUS_NOT_OK_RETURN(status);
2312 *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info0,
2317 status = query_USER_MODALS_INFO_1(mem_ctx,
2321 NT_STATUS_NOT_OK_RETURN(status);
2323 *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info1,
2327 status = query_USER_MODALS_INFO_2(mem_ctx,
2332 NT_STATUS_NOT_OK_RETURN(status);
2334 *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info2,
2338 status = query_USER_MODALS_INFO_3(mem_ctx,
2342 NT_STATUS_NOT_OK_RETURN(status);
2344 *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3,
2351 NT_STATUS_HAVE_NO_MEMORY(*buffer);
2353 return NT_STATUS_OK;
2356 /****************************************************************
2357 ****************************************************************/
2359 WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
2360 struct NetUserModalsGet *r)
2362 struct rpc_pipe_client *pipe_cli = NULL;
2366 struct policy_handle connect_handle, domain_handle;
2367 struct dom_sid2 *domain_sid = NULL;
2368 uint32_t access_mask = SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT;
2370 ZERO_STRUCT(connect_handle);
2371 ZERO_STRUCT(domain_handle);
2373 if (!r->out.buffer) {
2374 return WERR_INVALID_PARAM;
2377 switch (r->in.level) {
2379 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
2380 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2;
2384 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2;
2387 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1;
2390 werr = WERR_UNKNOWN_LEVEL;
2394 werr = libnetapi_open_pipe(ctx, r->in.server_name,
2397 if (!W_ERROR_IS_OK(werr)) {
2401 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
2402 SAMR_ACCESS_ENUM_DOMAINS |
2403 SAMR_ACCESS_LOOKUP_DOMAIN,
2408 if (!W_ERROR_IS_OK(werr)) {
2415 /* 3: 12 (DomainInfo2) */
2417 status = query_USER_MODALS_INFO_to_buffer(ctx,
2423 if (!NT_STATUS_IS_OK(status)) {
2424 werr = ntstatus_to_werror(status);
2429 if (ctx->disable_policy_handle_cache) {
2430 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
2431 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
2437 /****************************************************************
2438 ****************************************************************/
2440 WERROR NetUserModalsGet_l(struct libnetapi_ctx *ctx,
2441 struct NetUserModalsGet *r)
2443 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserModalsGet);
2446 /****************************************************************
2447 ****************************************************************/
2449 static NTSTATUS set_USER_MODALS_INFO_rpc(TALLOC_CTX *mem_ctx,
2450 struct rpc_pipe_client *pipe_cli,
2451 struct policy_handle *domain_handle,
2452 struct samr_DomInfo1 *info1,
2453 struct samr_DomInfo3 *info3,
2454 struct samr_DomInfo12 *info12)
2456 NTSTATUS status, result;
2457 union samr_DomainInfo dom_info;
2458 struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
2462 ZERO_STRUCT(dom_info);
2464 dom_info.info1 = *info1;
2466 status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
2471 NT_STATUS_NOT_OK_RETURN(status);
2472 NT_STATUS_NOT_OK_RETURN(result);
2477 ZERO_STRUCT(dom_info);
2479 dom_info.info3 = *info3;
2481 status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
2487 NT_STATUS_NOT_OK_RETURN(status);
2488 NT_STATUS_NOT_OK_RETURN(result);
2493 ZERO_STRUCT(dom_info);
2495 dom_info.info12 = *info12;
2497 status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
2503 NT_STATUS_NOT_OK_RETURN(status);
2504 NT_STATUS_NOT_OK_RETURN(result);
2507 return NT_STATUS_OK;
2510 /****************************************************************
2511 ****************************************************************/
2513 static NTSTATUS set_USER_MODALS_INFO_0_buffer(TALLOC_CTX *mem_ctx,
2514 struct rpc_pipe_client *pipe_cli,
2515 struct policy_handle *domain_handle,
2516 struct USER_MODALS_INFO_0 *info0)
2519 struct samr_DomInfo1 dom_info_1;
2520 struct samr_DomInfo3 dom_info_3;
2522 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2531 NT_STATUS_NOT_OK_RETURN(status);
2533 dom_info_1.min_password_length =
2534 info0->usrmod0_min_passwd_len;
2535 dom_info_1.password_history_length =
2536 info0->usrmod0_password_hist_len;
2538 unix_to_nt_time_abs((NTTIME *)&dom_info_1.max_password_age,
2539 info0->usrmod0_max_passwd_age);
2540 unix_to_nt_time_abs((NTTIME *)&dom_info_1.min_password_age,
2541 info0->usrmod0_min_passwd_age);
2543 unix_to_nt_time_abs(&dom_info_3.force_logoff_time,
2544 info0->usrmod0_force_logoff);
2546 return set_USER_MODALS_INFO_rpc(mem_ctx,
2554 /****************************************************************
2555 ****************************************************************/
2557 static NTSTATUS set_USER_MODALS_INFO_3_buffer(TALLOC_CTX *mem_ctx,
2558 struct rpc_pipe_client *pipe_cli,
2559 struct policy_handle *domain_handle,
2560 struct USER_MODALS_INFO_3 *info3)
2563 struct samr_DomInfo12 dom_info_12;
2565 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2574 NT_STATUS_NOT_OK_RETURN(status);
2576 unix_to_nt_time_abs((NTTIME *)&dom_info_12.lockout_duration,
2577 info3->usrmod3_lockout_duration);
2578 unix_to_nt_time_abs((NTTIME *)&dom_info_12.lockout_window,
2579 info3->usrmod3_lockout_observation_window);
2580 dom_info_12.lockout_threshold = info3->usrmod3_lockout_threshold;
2582 return set_USER_MODALS_INFO_rpc(mem_ctx,
2590 /****************************************************************
2591 ****************************************************************/
2593 static NTSTATUS set_USER_MODALS_INFO_1001_buffer(TALLOC_CTX *mem_ctx,
2594 struct rpc_pipe_client *pipe_cli,
2595 struct policy_handle *domain_handle,
2596 struct USER_MODALS_INFO_1001 *info1001)
2599 struct samr_DomInfo1 dom_info_1;
2601 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2610 NT_STATUS_NOT_OK_RETURN(status);
2612 dom_info_1.min_password_length =
2613 info1001->usrmod1001_min_passwd_len;
2615 return set_USER_MODALS_INFO_rpc(mem_ctx,
2623 /****************************************************************
2624 ****************************************************************/
2626 static NTSTATUS set_USER_MODALS_INFO_1002_buffer(TALLOC_CTX *mem_ctx,
2627 struct rpc_pipe_client *pipe_cli,
2628 struct policy_handle *domain_handle,
2629 struct USER_MODALS_INFO_1002 *info1002)
2632 struct samr_DomInfo1 dom_info_1;
2634 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2643 NT_STATUS_NOT_OK_RETURN(status);
2645 unix_to_nt_time_abs((NTTIME *)&dom_info_1.max_password_age,
2646 info1002->usrmod1002_max_passwd_age);
2648 return set_USER_MODALS_INFO_rpc(mem_ctx,
2656 /****************************************************************
2657 ****************************************************************/
2659 static NTSTATUS set_USER_MODALS_INFO_1003_buffer(TALLOC_CTX *mem_ctx,
2660 struct rpc_pipe_client *pipe_cli,
2661 struct policy_handle *domain_handle,
2662 struct USER_MODALS_INFO_1003 *info1003)
2665 struct samr_DomInfo1 dom_info_1;
2667 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2676 NT_STATUS_NOT_OK_RETURN(status);
2678 unix_to_nt_time_abs((NTTIME *)&dom_info_1.min_password_age,
2679 info1003->usrmod1003_min_passwd_age);
2681 return set_USER_MODALS_INFO_rpc(mem_ctx,
2689 /****************************************************************
2690 ****************************************************************/
2692 static NTSTATUS set_USER_MODALS_INFO_1004_buffer(TALLOC_CTX *mem_ctx,
2693 struct rpc_pipe_client *pipe_cli,
2694 struct policy_handle *domain_handle,
2695 struct USER_MODALS_INFO_1004 *info1004)
2698 struct samr_DomInfo3 dom_info_3;
2700 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2709 NT_STATUS_NOT_OK_RETURN(status);
2711 unix_to_nt_time_abs(&dom_info_3.force_logoff_time,
2712 info1004->usrmod1004_force_logoff);
2714 return set_USER_MODALS_INFO_rpc(mem_ctx,
2722 /****************************************************************
2723 ****************************************************************/
2725 static NTSTATUS set_USER_MODALS_INFO_1005_buffer(TALLOC_CTX *mem_ctx,
2726 struct rpc_pipe_client *pipe_cli,
2727 struct policy_handle *domain_handle,
2728 struct USER_MODALS_INFO_1005 *info1005)
2731 struct samr_DomInfo1 dom_info_1;
2733 status = query_USER_MODALS_INFO_rpc(mem_ctx,
2742 NT_STATUS_NOT_OK_RETURN(status);
2744 dom_info_1.password_history_length =
2745 info1005->usrmod1005_password_hist_len;
2747 return set_USER_MODALS_INFO_rpc(mem_ctx,
2755 /****************************************************************
2756 ****************************************************************/
2758 static NTSTATUS set_USER_MODALS_INFO_buffer(TALLOC_CTX *mem_ctx,
2759 struct rpc_pipe_client *pipe_cli,
2761 struct policy_handle *domain_handle,
2762 struct dom_sid *domain_sid,
2765 struct USER_MODALS_INFO_0 *info0;
2766 struct USER_MODALS_INFO_3 *info3;
2767 struct USER_MODALS_INFO_1001 *info1001;
2768 struct USER_MODALS_INFO_1002 *info1002;
2769 struct USER_MODALS_INFO_1003 *info1003;
2770 struct USER_MODALS_INFO_1004 *info1004;
2771 struct USER_MODALS_INFO_1005 *info1005;
2774 return ERROR_INSUFFICIENT_BUFFER;
2779 info0 = (struct USER_MODALS_INFO_0 *)buffer;
2780 return set_USER_MODALS_INFO_0_buffer(mem_ctx,
2785 info3 = (struct USER_MODALS_INFO_3 *)buffer;
2786 return set_USER_MODALS_INFO_3_buffer(mem_ctx,
2791 info1001 = (struct USER_MODALS_INFO_1001 *)buffer;
2792 return set_USER_MODALS_INFO_1001_buffer(mem_ctx,
2797 info1002 = (struct USER_MODALS_INFO_1002 *)buffer;
2798 return set_USER_MODALS_INFO_1002_buffer(mem_ctx,
2803 info1003 = (struct USER_MODALS_INFO_1003 *)buffer;
2804 return set_USER_MODALS_INFO_1003_buffer(mem_ctx,
2809 info1004 = (struct USER_MODALS_INFO_1004 *)buffer;
2810 return set_USER_MODALS_INFO_1004_buffer(mem_ctx,
2815 info1005 = (struct USER_MODALS_INFO_1005 *)buffer;
2816 return set_USER_MODALS_INFO_1005_buffer(mem_ctx,
2825 return NT_STATUS_OK;
2828 /****************************************************************
2829 ****************************************************************/
2831 WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
2832 struct NetUserModalsSet *r)
2834 struct rpc_pipe_client *pipe_cli = NULL;
2838 struct policy_handle connect_handle, domain_handle;
2839 struct dom_sid2 *domain_sid = NULL;
2840 uint32_t access_mask = SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT;
2842 ZERO_STRUCT(connect_handle);
2843 ZERO_STRUCT(domain_handle);
2845 if (!r->in.buffer) {
2846 return WERR_INVALID_PARAM;
2849 switch (r->in.level) {
2851 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
2852 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
2853 SAMR_DOMAIN_ACCESS_SET_INFO_1 |
2854 SAMR_DOMAIN_ACCESS_SET_INFO_2;
2861 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
2862 SAMR_DOMAIN_ACCESS_SET_INFO_1;
2865 access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
2866 SAMR_DOMAIN_ACCESS_SET_INFO_2;
2872 werr = WERR_NOT_SUPPORTED;
2875 werr = WERR_UNKNOWN_LEVEL;
2879 werr = libnetapi_open_pipe(ctx, r->in.server_name,
2882 if (!W_ERROR_IS_OK(werr)) {
2886 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
2887 SAMR_ACCESS_ENUM_DOMAINS |
2888 SAMR_ACCESS_LOOKUP_DOMAIN,
2893 if (!W_ERROR_IS_OK(werr)) {
2897 status = set_USER_MODALS_INFO_buffer(ctx,
2903 if (!NT_STATUS_IS_OK(status)) {
2904 werr = ntstatus_to_werror(status);
2909 if (ctx->disable_policy_handle_cache) {
2910 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
2911 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
2917 /****************************************************************
2918 ****************************************************************/
2920 WERROR NetUserModalsSet_l(struct libnetapi_ctx *ctx,
2921 struct NetUserModalsSet *r)
2923 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserModalsSet);
2926 /****************************************************************
2927 ****************************************************************/
2929 NTSTATUS add_GROUP_USERS_INFO_X_buffer(TALLOC_CTX *mem_ctx,
2931 const char *group_name,
2932 uint32_t attributes,
2934 uint32_t *num_entries)
2936 struct GROUP_USERS_INFO_0 u0;
2937 struct GROUP_USERS_INFO_1 u1;
2942 u0.grui0_name = talloc_strdup(mem_ctx, group_name);
2943 NT_STATUS_HAVE_NO_MEMORY(u0.grui0_name);
2945 u0.grui0_name = NULL;
2948 ADD_TO_ARRAY(mem_ctx, struct GROUP_USERS_INFO_0, u0,
2949 (struct GROUP_USERS_INFO_0 **)buffer, num_entries);
2953 u1.grui1_name = talloc_strdup(mem_ctx, group_name);
2954 NT_STATUS_HAVE_NO_MEMORY(u1.grui1_name);
2956 u1.grui1_name = NULL;
2959 u1.grui1_attributes = attributes;
2961 ADD_TO_ARRAY(mem_ctx, struct GROUP_USERS_INFO_1, u1,
2962 (struct GROUP_USERS_INFO_1 **)buffer, num_entries);
2965 return NT_STATUS_INVALID_INFO_CLASS;
2968 return NT_STATUS_OK;
2971 /****************************************************************
2972 ****************************************************************/
2974 WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
2975 struct NetUserGetGroups *r)
2977 struct rpc_pipe_client *pipe_cli = NULL;
2978 struct policy_handle connect_handle, domain_handle, user_handle;
2979 struct lsa_String lsa_account_name;
2980 struct dom_sid2 *domain_sid = NULL;
2981 struct samr_Ids user_rids, name_types;
2982 struct samr_RidWithAttributeArray *rid_array = NULL;
2983 struct lsa_Strings names;
2984 struct samr_Ids types;
2985 uint32_t *rids = NULL;
2988 uint32_t entries_read = 0;
2990 NTSTATUS status = NT_STATUS_OK;
2991 NTSTATUS result = NT_STATUS_OK;
2993 struct dcerpc_binding_handle *b = NULL;
2995 ZERO_STRUCT(connect_handle);
2996 ZERO_STRUCT(domain_handle);
2998 if (!r->out.buffer) {
2999 return WERR_INVALID_PARAM;
3002 *r->out.buffer = NULL;
3003 *r->out.entries_read = 0;
3004 *r->out.total_entries = 0;
3006 switch (r->in.level) {
3011 return WERR_UNKNOWN_LEVEL;
3014 werr = libnetapi_open_pipe(ctx, r->in.server_name,
3017 if (!W_ERROR_IS_OK(werr)) {
3021 b = pipe_cli->binding_handle;
3023 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
3024 SAMR_ACCESS_ENUM_DOMAINS |
3025 SAMR_ACCESS_LOOKUP_DOMAIN,
3026 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
3030 if (!W_ERROR_IS_OK(werr)) {
3034 init_lsa_String(&lsa_account_name, r->in.user_name);
3036 status = dcerpc_samr_LookupNames(b, talloc_tos(),
3043 if (!NT_STATUS_IS_OK(status)) {
3044 werr = ntstatus_to_werror(status);
3047 if (!NT_STATUS_IS_OK(result)) {
3048 werr = ntstatus_to_werror(result);
3051 if (user_rids.count != 1) {
3052 werr = WERR_BAD_NET_RESP;
3055 if (name_types.count != 1) {
3056 werr = WERR_BAD_NET_RESP;
3060 status = dcerpc_samr_OpenUser(b, talloc_tos(),
3062 SAMR_USER_ACCESS_GET_GROUPS,
3066 if (!NT_STATUS_IS_OK(status)) {
3067 werr = ntstatus_to_werror(status);
3070 if (!NT_STATUS_IS_OK(result)) {
3071 werr = ntstatus_to_werror(result);
3075 status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
3079 if (!NT_STATUS_IS_OK(status)) {
3080 werr = ntstatus_to_werror(status);
3083 if (!NT_STATUS_IS_OK(result)) {
3084 werr = ntstatus_to_werror(result);
3088 rids = talloc_array(ctx, uint32_t, rid_array->count);
3094 for (i=0; i < rid_array->count; i++) {
3095 rids[i] = rid_array->rids[i].rid;
3098 status = dcerpc_samr_LookupRids(b, talloc_tos(),
3105 if (!NT_STATUS_IS_OK(status)) {
3106 werr = ntstatus_to_werror(status);
3109 if (!NT_STATUS_IS_OK(result) &&
3110 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
3111 werr = ntstatus_to_werror(result);
3114 if (names.count != rid_array->count) {
3115 werr = WERR_BAD_NET_RESP;
3118 if (types.count != rid_array->count) {
3119 werr = WERR_BAD_NET_RESP;
3123 for (i=0; i < names.count; i++) {
3124 status = add_GROUP_USERS_INFO_X_buffer(ctx,
3126 names.names[i].string,
3127 rid_array->rids[i].attributes,
3130 if (!NT_STATUS_IS_OK(status)) {
3131 werr = ntstatus_to_werror(status);
3136 *r->out.entries_read = entries_read;
3137 *r->out.total_entries = entries_read;
3140 if (ctx->disable_policy_handle_cache) {
3141 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
3142 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
3148 /****************************************************************
3149 ****************************************************************/
3151 WERROR NetUserGetGroups_l(struct libnetapi_ctx *ctx,
3152 struct NetUserGetGroups *r)
3154 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetGroups);
3157 /****************************************************************
3158 ****************************************************************/
3160 WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
3161 struct NetUserSetGroups *r)
3163 struct rpc_pipe_client *pipe_cli = NULL;
3164 struct policy_handle connect_handle, domain_handle, user_handle, group_handle;
3165 struct lsa_String lsa_account_name;
3166 struct dom_sid2 *domain_sid = NULL;
3167 struct samr_Ids user_rids, name_types;
3168 struct samr_Ids group_rids;
3169 struct samr_RidWithAttributeArray *rid_array = NULL;
3170 struct lsa_String *lsa_names = NULL;
3172 uint32_t *add_rids = NULL;
3173 uint32_t *del_rids = NULL;
3174 size_t num_add_rids = 0;
3175 size_t num_del_rids = 0;
3177 uint32_t *member_rids = NULL;
3179 struct GROUP_USERS_INFO_0 *i0 = NULL;
3180 struct GROUP_USERS_INFO_1 *i1 = NULL;
3184 NTSTATUS status = NT_STATUS_OK;
3185 NTSTATUS result = NT_STATUS_OK;
3187 struct dcerpc_binding_handle *b = NULL;
3189 ZERO_STRUCT(connect_handle);
3190 ZERO_STRUCT(domain_handle);
3191 ZERO_STRUCT(group_handle);
3193 if (!r->in.buffer) {
3194 return WERR_INVALID_PARAM;
3197 switch (r->in.level) {
3202 return WERR_UNKNOWN_LEVEL;
3205 werr = libnetapi_open_pipe(ctx, r->in.server_name,
3208 if (!W_ERROR_IS_OK(werr)) {
3212 b = pipe_cli->binding_handle;
3214 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
3215 SAMR_ACCESS_ENUM_DOMAINS |
3216 SAMR_ACCESS_LOOKUP_DOMAIN,
3217 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
3221 if (!W_ERROR_IS_OK(werr)) {
3225 init_lsa_String(&lsa_account_name, r->in.user_name);
3227 status = dcerpc_samr_LookupNames(b, talloc_tos(),
3234 if (!NT_STATUS_IS_OK(status)) {
3235 werr = ntstatus_to_werror(status);
3238 if (!NT_STATUS_IS_OK(result)) {
3239 werr = ntstatus_to_werror(result);
3242 if (user_rids.count != 1) {
3243 werr = WERR_BAD_NET_RESP;
3246 if (name_types.count != 1) {
3247 werr = WERR_BAD_NET_RESP;
3251 status = dcerpc_samr_OpenUser(b, talloc_tos(),
3253 SAMR_USER_ACCESS_GET_GROUPS,
3257 if (!NT_STATUS_IS_OK(status)) {
3258 werr = ntstatus_to_werror(status);
3261 if (!NT_STATUS_IS_OK(result)) {
3262 werr = ntstatus_to_werror(result);
3266 switch (r->in.level) {
3268 i0 = (struct GROUP_USERS_INFO_0 *)r->in.buffer;
3271 i1 = (struct GROUP_USERS_INFO_1 *)r->in.buffer;
3275 lsa_names = talloc_array(ctx, struct lsa_String, r->in.num_entries);
3281 for (i=0; i < r->in.num_entries; i++) {
3283 switch (r->in.level) {
3285 init_lsa_String(&lsa_names[i], i0->grui0_name);
3289 init_lsa_String(&lsa_names[i], i1->grui1_name);
3295 status = dcerpc_samr_LookupNames(b, talloc_tos(),
3302 if (!NT_STATUS_IS_OK(status)) {
3303 werr = ntstatus_to_werror(status);
3306 if (!NT_STATUS_IS_OK(result)) {
3307 werr = ntstatus_to_werror(result);
3310 if (group_rids.count != r->in.num_entries) {
3311 werr = WERR_BAD_NET_RESP;
3314 if (name_types.count != r->in.num_entries) {
3315 werr = WERR_BAD_NET_RESP;
3319 member_rids = group_rids.ids;
3321 status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
3325 if (!NT_STATUS_IS_OK(status)) {
3326 werr = ntstatus_to_werror(status);
3329 if (!NT_STATUS_IS_OK(result)) {
3330 werr = ntstatus_to_werror(result);
3336 for (i=0; i < r->in.num_entries; i++) {
3337 bool already_member = false;
3338 for (k=0; k < rid_array->count; k++) {
3339 if (member_rids[i] == rid_array->rids[k].rid) {
3340 already_member = true;
3344 if (!already_member) {
3345 if (!add_rid_to_array_unique(ctx,
3347 &add_rids, &num_add_rids)) {
3348 werr = WERR_GENERAL_FAILURE;
3356 for (k=0; k < rid_array->count; k++) {
3357 bool keep_member = false;
3358 for (i=0; i < r->in.num_entries; i++) {
3359 if (member_rids[i] == rid_array->rids[k].rid) {
3365 if (!add_rid_to_array_unique(ctx,
3366 rid_array->rids[k].rid,
3367 &del_rids, &num_del_rids)) {
3368 werr = WERR_GENERAL_FAILURE;
3376 for (i=0; i < num_add_rids; i++) {
3377 status = dcerpc_samr_OpenGroup(b, talloc_tos(),
3379 SAMR_GROUP_ACCESS_ADD_MEMBER,
3383 if (!NT_STATUS_IS_OK(status)) {
3384 werr = ntstatus_to_werror(status);
3387 if (!NT_STATUS_IS_OK(result)) {
3388 werr = ntstatus_to_werror(result);
3392 status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
3397 if (!NT_STATUS_IS_OK(status)) {
3398 werr = ntstatus_to_werror(status);
3401 if (!NT_STATUS_IS_OK(result)) {
3402 werr = ntstatus_to_werror(result);
3406 if (is_valid_policy_hnd(&group_handle)) {
3407 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
3413 for (i=0; i < num_del_rids; i++) {
3414 status = dcerpc_samr_OpenGroup(b, talloc_tos(),
3416 SAMR_GROUP_ACCESS_REMOVE_MEMBER,
3420 if (!NT_STATUS_IS_OK(status)) {
3421 werr = ntstatus_to_werror(status);
3424 if (!NT_STATUS_IS_OK(result)) {
3425 werr = ntstatus_to_werror(result);
3429 status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
3433 if (!NT_STATUS_IS_OK(status)) {
3434 werr = ntstatus_to_werror(status);
3437 if (!NT_STATUS_IS_OK(result)) {
3438 werr = ntstatus_to_werror(result);
3442 if (is_valid_policy_hnd(&group_handle)) {
3443 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
3450 if (is_valid_policy_hnd(&group_handle)) {
3451 dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
3454 if (ctx->disable_policy_handle_cache) {
3455 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
3456 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
3462 /****************************************************************
3463 ****************************************************************/
3465 WERROR NetUserSetGroups_l(struct libnetapi_ctx *ctx,
3466 struct NetUserSetGroups *r)
3468 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserSetGroups);
3471 /****************************************************************
3472 ****************************************************************/
3474 static NTSTATUS add_LOCALGROUP_USERS_INFO_X_buffer(TALLOC_CTX *mem_ctx,
3476 const char *group_name,
3478 uint32_t *num_entries)
3480 struct LOCALGROUP_USERS_INFO_0 u0;
3484 u0.lgrui0_name = talloc_strdup(mem_ctx, group_name);
3485 NT_STATUS_HAVE_NO_MEMORY(u0.lgrui0_name);
3487 ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_USERS_INFO_0, u0,
3488 (struct LOCALGROUP_USERS_INFO_0 **)buffer, num_entries);
3491 return NT_STATUS_INVALID_INFO_CLASS;
3494 return NT_STATUS_OK;
3497 /****************************************************************
3498 ****************************************************************/
3500 WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
3501 struct NetUserGetLocalGroups *r)
3503 struct rpc_pipe_client *pipe_cli = NULL;
3504 struct policy_handle connect_handle, domain_handle, user_handle,
3506 struct lsa_String lsa_account_name;
3507 struct dom_sid2 *domain_sid = NULL;
3508 struct samr_Ids user_rids, name_types;
3509 struct samr_RidWithAttributeArray *rid_array = NULL;
3510 struct lsa_Strings names;
3511 struct samr_Ids types;
3512 uint32_t *rids = NULL;
3513 size_t num_rids = 0;
3514 struct dom_sid user_sid;
3515 struct lsa_SidArray sid_array;
3516 struct samr_Ids domain_rids;
3517 struct samr_Ids builtin_rids;
3520 uint32_t entries_read = 0;
3522 NTSTATUS status = NT_STATUS_OK;
3523 NTSTATUS result = NT_STATUS_OK;
3525 struct dcerpc_binding_handle *b = NULL;
3527 ZERO_STRUCT(connect_handle);
3528 ZERO_STRUCT(domain_handle);
3530 if (!r->out.buffer) {
3531 return WERR_INVALID_PARAM;
3534 *r->out.buffer = NULL;
3535 *r->out.entries_read = 0;
3536 *r->out.total_entries = 0;
3538 switch (r->in.level) {
3543 return WERR_UNKNOWN_LEVEL;
3546 werr = libnetapi_open_pipe(ctx, r->in.server_name,
3549 if (!W_ERROR_IS_OK(werr)) {
3553 b = pipe_cli->binding_handle;
3555 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
3556 SAMR_ACCESS_ENUM_DOMAINS |
3557 SAMR_ACCESS_LOOKUP_DOMAIN,
3558 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
3559 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
3563 if (!W_ERROR_IS_OK(werr)) {
3567 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
3568 SAMR_ACCESS_ENUM_DOMAINS |
3569 SAMR_ACCESS_LOOKUP_DOMAIN,
3570 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
3571 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
3574 if (!W_ERROR_IS_OK(werr)) {
3578 init_lsa_String(&lsa_account_name, r->in.user_name);
3580 status = dcerpc_samr_LookupNames(b, talloc_tos(),
3587 if (!NT_STATUS_IS_OK(status)) {
3588 werr = ntstatus_to_werror(status);
3591 if (!NT_STATUS_IS_OK(result)) {
3592 werr = ntstatus_to_werror(result);
3595 if (user_rids.count != 1) {
3596 werr = WERR_BAD_NET_RESP;
3599 if (name_types.count != 1) {
3600 werr = WERR_BAD_NET_RESP;
3604 status = dcerpc_samr_OpenUser(b, talloc_tos(),
3606 SAMR_USER_ACCESS_GET_GROUPS,
3610 if (!NT_STATUS_IS_OK(status)) {
3611 werr = ntstatus_to_werror(status);
3614 if (!NT_STATUS_IS_OK(result)) {
3615 werr = ntstatus_to_werror(result);
3619 status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
3623 if (!NT_STATUS_IS_OK(status)) {
3624 werr = ntstatus_to_werror(status);
3627 if (!NT_STATUS_IS_OK(result)) {
3628 werr = ntstatus_to_werror(result);
3632 if (!sid_compose(&user_sid, domain_sid, user_rids.ids[0])) {
3637 sid_array.num_sids = rid_array->count + 1;
3638 sid_array.sids = talloc_array(ctx, struct lsa_SidPtr, sid_array.num_sids);
3639 if (!sid_array.sids) {
3644 sid_array.sids[0].sid = dom_sid_dup(ctx, &user_sid);
3645 if (!sid_array.sids[0].sid) {
3650 for (i=0; i < rid_array->count; i++) {
3653 if (!sid_compose(&sid, domain_sid, rid_array->rids[i].rid)) {
3658 sid_array.sids[i+1].sid = dom_sid_dup(ctx, &sid);
3659 if (!sid_array.sids[i+1].sid) {
3665 status = dcerpc_samr_GetAliasMembership(b, talloc_tos(),
3670 if (!NT_STATUS_IS_OK(status)) {
3671 werr = ntstatus_to_werror(status);
3674 if (!NT_STATUS_IS_OK(result)) {
3675 werr = ntstatus_to_werror(result);
3679 for (i=0; i < domain_rids.count; i++) {
3680 if (!add_rid_to_array_unique(ctx, domain_rids.ids[i],
3681 &rids, &num_rids)) {
3687 status = dcerpc_samr_GetAliasMembership(b, talloc_tos(),
3692 if (!NT_STATUS_IS_OK(status)) {
3693 werr = ntstatus_to_werror(status);
3696 if (!NT_STATUS_IS_OK(result)) {
3697 werr = ntstatus_to_werror(result);
3701 for (i=0; i < builtin_rids.count; i++) {
3702 if (!add_rid_to_array_unique(ctx, builtin_rids.ids[i],
3703 &rids, &num_rids)) {
3709 status = dcerpc_samr_LookupRids(b, talloc_tos(),
3716 if (!NT_STATUS_IS_OK(status)) {
3717 werr = ntstatus_to_werror(status);
3720 if (!NT_STATUS_IS_OK(result)) {
3721 werr = ntstatus_to_werror(result);
3724 if (names.count != num_rids) {
3725 werr = WERR_BAD_NET_RESP;
3728 if (types.count != num_rids) {
3729 werr = WERR_BAD_NET_RESP;
3733 for (i=0; i < names.count; i++) {
3734 status = add_LOCALGROUP_USERS_INFO_X_buffer(ctx,
3736 names.names[i].string,
3739 if (!NT_STATUS_IS_OK(status)) {
3740 werr = ntstatus_to_werror(status);
3745 *r->out.entries_read = entries_read;
3746 *r->out.total_entries = entries_read;
3749 if (ctx->disable_policy_handle_cache) {
3750 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
3751 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
3757 /****************************************************************
3758 ****************************************************************/
3760 WERROR NetUserGetLocalGroups_l(struct libnetapi_ctx *ctx,
3761 struct NetUserGetLocalGroups *r)
3763 LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetLocalGroups);