2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/libnetapi.h"
23 #include "lib/netapi/netapi.h"
24 #include "lib/netapi/netapi_private.h"
25 #include "lib/netapi/libnetapi.h"
27 /****************************************************************
28 ****************************************************************/
30 static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
31 struct samr_UserInfo21 *info21)
33 uint32_t fields_present = SAMR_FIELD_ACCT_FLAGS;
34 struct samr_LogonHours zero_logon_hours;
35 struct lsa_BinaryString zero_parameters;
36 uint32_t acct_flags = 0;
40 ZERO_STRUCT(zero_logon_hours);
41 ZERO_STRUCT(zero_parameters);
43 if (infoX->usriX_name) {
44 fields_present |= SAMR_FIELD_FULL_NAME;
46 if (infoX->usriX_password) {
47 fields_present |= SAMR_FIELD_PASSWORD;
49 if (infoX->usriX_flags) {
50 fields_present |= SAMR_FIELD_ACCT_FLAGS;
52 if (infoX->usriX_name) {
53 fields_present |= SAMR_FIELD_FULL_NAME;
55 if (infoX->usriX_home_dir) {
56 fields_present |= SAMR_FIELD_HOME_DIRECTORY;
58 if (infoX->usriX_script_path) {
59 fields_present |= SAMR_FIELD_LOGON_SCRIPT;
61 if (infoX->usriX_comment) {
62 fields_present |= SAMR_FIELD_DESCRIPTION;
64 if (infoX->usriX_password_age) {
65 fields_present |= SAMR_FIELD_FORCE_PWD_CHANGE;
68 acct_flags |= infoX->usriX_flags | ACB_NORMAL;
70 unix_to_nt_time_abs(&password_age, infoX->usriX_password_age);
72 /* TODO: infoX->usriX_priv */
73 init_samr_user_info21(info21,
82 infoX->usriX_home_dir,
84 infoX->usriX_script_path,
104 /****************************************************************
105 ****************************************************************/
107 static NTSTATUS construct_USER_INFO_X(uint32_t level,
109 struct USER_INFO_X *uX)
111 struct USER_INFO_0 *u0 = NULL;
112 struct USER_INFO_1 *u1 = NULL;
113 struct USER_INFO_2 *u2 = NULL;
114 struct USER_INFO_1007 *u1007 = NULL;
116 if (!buffer || !uX) {
117 return NT_STATUS_INVALID_PARAMETER;
124 u0 = (struct USER_INFO_0 *)buffer;
125 uX->usriX_name = u0->usri0_name;
128 u1 = (struct USER_INFO_1 *)buffer;
129 uX->usriX_name = u1->usri1_name;
130 uX->usriX_password = u1->usri1_password;
131 uX->usriX_password_age = u1->usri1_password_age;
132 uX->usriX_priv = u1->usri1_priv;
133 uX->usriX_home_dir = u1->usri1_home_dir;
134 uX->usriX_comment = u1->usri1_comment;
135 uX->usriX_flags = u1->usri1_flags;
136 uX->usriX_script_path = u1->usri1_script_path;
139 u2 = (struct USER_INFO_2 *)buffer;
140 uX->usriX_name = u2->usri2_name;
141 uX->usriX_password = u2->usri2_password;
142 uX->usriX_password_age = u2->usri2_password_age;
143 uX->usriX_priv = u2->usri2_priv;
144 uX->usriX_home_dir = u2->usri2_home_dir;
145 uX->usriX_comment = u2->usri2_comment;
146 uX->usriX_flags = u2->usri2_flags;
147 uX->usriX_script_path = u2->usri2_script_path;
148 uX->usriX_auth_flags = u2->usri2_auth_flags;
149 uX->usriX_full_name = u2->usri2_full_name;
150 uX->usriX_usr_comment = u2->usri2_usr_comment;
151 uX->usriX_parms = u2->usri2_parms;
152 uX->usriX_workstations = u2->usri2_workstations;
153 uX->usriX_last_logon = u2->usri2_last_logon;
154 uX->usriX_last_logoff = u2->usri2_last_logoff;
155 uX->usriX_acct_expires = u2->usri2_acct_expires;
156 uX->usriX_max_storage = u2->usri2_max_storage;
157 uX->usriX_units_per_week= u2->usri2_units_per_week;
158 uX->usriX_logon_hours = u2->usri2_logon_hours;
159 uX->usriX_bad_pw_count = u2->usri2_bad_pw_count;
160 uX->usriX_num_logons = u2->usri2_num_logons;
161 uX->usriX_logon_server = u2->usri2_logon_server;
162 uX->usriX_country_code = u2->usri2_country_code;
163 uX->usriX_code_page = u2->usri2_code_page;
166 u1007 = (struct USER_INFO_1007 *)buffer;
167 uX->usriX_comment = u1007->usri1007_comment;
172 return NT_STATUS_INVALID_INFO_CLASS;
178 /****************************************************************
179 ****************************************************************/
181 WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
182 struct NetUserAdd *r)
184 struct cli_state *cli = NULL;
185 struct rpc_pipe_client *pipe_cli = NULL;
188 POLICY_HND connect_handle, domain_handle, user_handle;
189 struct lsa_String lsa_account_name;
190 struct dom_sid2 *domain_sid = NULL;
191 struct samr_UserInfo21 info21;
192 union samr_UserInfo *user_info = NULL;
193 struct samr_PwInfo pw_info;
194 uint32_t access_granted = 0;
196 struct USER_INFO_X uX;
198 ZERO_STRUCT(connect_handle);
199 ZERO_STRUCT(domain_handle);
200 ZERO_STRUCT(user_handle);
203 return WERR_INVALID_PARAM;
206 switch (r->in.level) {
213 werr = WERR_NOT_SUPPORTED;
217 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
218 if (!W_ERROR_IS_OK(werr)) {
222 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
224 if (!W_ERROR_IS_OK(werr)) {
228 status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
229 if (!NT_STATUS_IS_OK(status)) {
230 werr = ntstatus_to_werror(status);
234 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
235 SAMR_ACCESS_ENUM_DOMAINS |
236 SAMR_ACCESS_OPEN_DOMAIN,
237 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
238 SAMR_DOMAIN_ACCESS_CREATE_USER |
239 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
243 if (!W_ERROR_IS_OK(werr)) {
247 init_lsa_String(&lsa_account_name, uX.usriX_name);
249 status = rpccli_samr_CreateUser2(pipe_cli, ctx,
255 SAMR_USER_ACCESS_SET_PASSWORD |
256 SAMR_USER_ACCESS_SET_ATTRIBUTES |
257 SAMR_USER_ACCESS_GET_ATTRIBUTES,
261 if (!NT_STATUS_IS_OK(status)) {
262 werr = ntstatus_to_werror(status);
266 status = rpccli_samr_QueryUserInfo(pipe_cli, ctx,
270 if (!NT_STATUS_IS_OK(status)) {
271 werr = ntstatus_to_werror(status);
275 if (!(user_info->info16.acct_flags & ACB_NORMAL)) {
276 werr = WERR_INVALID_PARAM;
280 status = rpccli_samr_GetUserPwInfo(pipe_cli, ctx,
283 if (!NT_STATUS_IS_OK(status)) {
284 werr = ntstatus_to_werror(status);
288 convert_USER_INFO_X_to_samr_user_info21(&uX,
291 ZERO_STRUCTP(user_info);
293 if (uX.usriX_password) {
296 struct MD5Context md5_ctx;
297 uint8_t confounder[16];
298 DATA_BLOB confounded_session_key = data_blob(NULL, 16);
300 encode_pw_buffer(pwbuf, uX.usriX_password, STR_UNICODE);
302 generate_random_buffer((uint8_t *)confounder, 16);
305 MD5Update(&md5_ctx, confounder, 16);
306 MD5Update(&md5_ctx, cli->user_session_key.data,
307 cli->user_session_key.length);
308 MD5Final(confounded_session_key.data, &md5_ctx);
310 SamOEMhashBlob(pwbuf, 516, &confounded_session_key);
311 memcpy(&pwbuf[516], confounder, 16);
313 memcpy(user_info->info25.password.data, pwbuf, sizeof(pwbuf));
314 data_blob_free(&confounded_session_key);
316 user_info->info25.info = info21;
318 status = rpccli_samr_SetUserInfo2(pipe_cli, ctx,
323 if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
325 user_info->info23.info = info21;
327 encode_pw_buffer(user_info->info23.password.data,
328 uX.usriX_password, STR_UNICODE);
329 SamOEMhashBlob(user_info->info23.password.data, 516,
330 &cli->user_session_key);
332 status = rpccli_samr_SetUserInfo2(pipe_cli, ctx,
338 user_info->info21 = info21;
339 status = rpccli_samr_SetUserInfo(pipe_cli, ctx,
345 if (!NT_STATUS_IS_OK(status)) {
346 werr = ntstatus_to_werror(status);
354 rpccli_samr_DeleteUser(pipe_cli, ctx,
362 if (is_valid_policy_hnd(&user_handle)) {
363 rpccli_samr_Close(pipe_cli, ctx, &user_handle);
366 if (ctx->disable_policy_handle_cache) {
367 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
368 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
374 /****************************************************************
375 ****************************************************************/
377 WERROR NetUserAdd_l(struct libnetapi_ctx *ctx,
378 struct NetUserAdd *r)
380 /* for now just talk to local RPC server */
381 if (!r->in.server_name) {
382 r->in.server_name = "localhost";
385 return NetUserAdd_r(ctx, r);
388 /****************************************************************
389 ****************************************************************/
391 WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
392 struct NetUserDel *r)
394 struct cli_state *cli = NULL;
395 struct rpc_pipe_client *pipe_cli = NULL;
398 POLICY_HND connect_handle, builtin_handle, domain_handle, user_handle;
399 struct lsa_String lsa_account_name;
400 struct samr_Ids user_rids, name_types;
401 struct dom_sid2 *domain_sid = NULL;
402 struct dom_sid2 user_sid;
404 ZERO_STRUCT(connect_handle);
405 ZERO_STRUCT(builtin_handle);
406 ZERO_STRUCT(domain_handle);
407 ZERO_STRUCT(user_handle);
409 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
410 if (!W_ERROR_IS_OK(werr)) {
414 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
416 if (!W_ERROR_IS_OK(werr)) {
420 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
421 SAMR_ACCESS_ENUM_DOMAINS |
422 SAMR_ACCESS_OPEN_DOMAIN,
423 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
427 if (!W_ERROR_IS_OK(werr)) {
431 status = rpccli_samr_OpenDomain(pipe_cli, ctx,
433 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
434 CONST_DISCARD(DOM_SID *, &global_sid_Builtin),
436 if (!NT_STATUS_IS_OK(status)) {
437 werr = ntstatus_to_werror(status);
441 init_lsa_String(&lsa_account_name, r->in.user_name);
443 status = rpccli_samr_LookupNames(pipe_cli, ctx,
449 if (!NT_STATUS_IS_OK(status)) {
450 werr = ntstatus_to_werror(status);
454 status = rpccli_samr_OpenUser(pipe_cli, ctx,
456 STD_RIGHT_DELETE_ACCESS,
459 if (!NT_STATUS_IS_OK(status)) {
460 werr = ntstatus_to_werror(status);
464 sid_compose(&user_sid, domain_sid, user_rids.ids[0]);
466 status = rpccli_samr_RemoveMemberFromForeignDomain(pipe_cli, ctx,
469 if (!NT_STATUS_IS_OK(status)) {
470 werr = ntstatus_to_werror(status);
474 status = rpccli_samr_DeleteUser(pipe_cli, ctx,
476 if (!NT_STATUS_IS_OK(status)) {
477 werr = ntstatus_to_werror(status);
488 if (is_valid_policy_hnd(&user_handle)) {
489 rpccli_samr_Close(pipe_cli, ctx, &user_handle);
492 if (ctx->disable_policy_handle_cache) {
493 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
494 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
495 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
501 /****************************************************************
502 ****************************************************************/
504 WERROR NetUserDel_l(struct libnetapi_ctx *ctx,
505 struct NetUserDel *r)
507 /* for now just talk to local RPC server */
508 if (!r->in.server_name) {
509 r->in.server_name = "localhost";
512 return NetUserDel_r(ctx, r);
515 /****************************************************************
516 ****************************************************************/
518 static NTSTATUS libnetapi_samr_lookup_user(TALLOC_CTX *mem_ctx,
519 struct rpc_pipe_client *pipe_cli,
520 struct policy_handle *domain_handle,
521 struct policy_handle *builtin_handle,
522 const char *user_name,
525 struct samr_UserInfo21 **info21,
526 struct sec_desc_buf **sec_desc)
530 struct policy_handle user_handle;
531 union samr_UserInfo *user_info = NULL;
532 struct samr_RidWithAttributeArray *rid_array = NULL;
533 uint32_t access_mask = SEC_STD_READ_CONTROL |
534 SAMR_USER_ACCESS_GET_ATTRIBUTES |
535 SAMR_USER_ACCESS_GET_NAME_ETC;
537 ZERO_STRUCT(user_handle);
550 return NT_STATUS_INVALID_LEVEL;
557 status = rpccli_samr_OpenUser(pipe_cli, mem_ctx,
562 if (!NT_STATUS_IS_OK(status)) {
566 status = rpccli_samr_QueryUserInfo(pipe_cli, mem_ctx,
570 if (!NT_STATUS_IS_OK(status)) {
574 status = rpccli_samr_QuerySecurity(pipe_cli, mem_ctx,
578 if (!NT_STATUS_IS_OK(status)) {
583 status = rpccli_samr_GetGroupsForUser(pipe_cli, mem_ctx,
586 if (!NT_STATUS_IS_OK(status)) {
591 status = rpccli_samr_GetAliasMembership(pipe_cli, ctx,
595 if (!NT_STATUS_IS_OK(status)) {
601 *info21 = &user_info->info21;
604 if (is_valid_policy_hnd(&user_handle)) {
605 rpccli_samr_Close(pipe_cli, mem_ctx, &user_handle);
611 /****************************************************************
612 ****************************************************************/
614 static NTSTATUS libnetapi_samr_lookup_user_map_USER_INFO(TALLOC_CTX *mem_ctx,
615 struct rpc_pipe_client *pipe_cli,
616 struct dom_sid *domain_sid,
617 struct policy_handle *domain_handle,
618 struct policy_handle *builtin_handle,
619 const char *user_name,
623 uint32_t *num_entries)
627 struct samr_UserInfo21 *info21 = NULL;
628 struct sec_desc_buf *sec_desc = NULL;
631 struct USER_INFO_0 *info0 = NULL;
632 struct USER_INFO_10 *info10 = NULL;
633 struct USER_INFO_20 *info20 = NULL;
634 struct USER_INFO_23 *info23 = NULL;
647 return NT_STATUS_INVALID_LEVEL;
651 info0 = TALLOC_P(mem_ctx, struct USER_INFO_0);
652 NT_STATUS_HAVE_NO_MEMORY(info0);
654 info0->usri0_name = talloc_strdup(mem_ctx, user_name);
655 NT_STATUS_HAVE_NO_MEMORY(info0->usri0_name);
657 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_0, *info0,
658 (struct USER_INFO_0 **)buffer, num_entries);
663 status = libnetapi_samr_lookup_user(mem_ctx, pipe_cli,
672 if (!NT_STATUS_IS_OK(status)) {
678 info10 = TALLOC_P(mem_ctx, struct USER_INFO_10);
679 NT_STATUS_HAVE_NO_MEMORY(info10);
681 info10->usri10_name = talloc_strdup(mem_ctx, user_name);
682 NT_STATUS_HAVE_NO_MEMORY(info10->usri10_name);
684 info10->usri10_comment = talloc_strdup(mem_ctx,
685 info21->description.string);
687 info10->usri10_full_name = talloc_strdup(mem_ctx,
688 info21->full_name.string);
690 info10->usri10_usr_comment = talloc_strdup(mem_ctx,
691 info21->comment.string);
693 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_10, *info10,
694 (struct USER_INFO_10 **)buffer, num_entries);
699 info20 = TALLOC_P(mem_ctx, struct USER_INFO_20);
700 NT_STATUS_HAVE_NO_MEMORY(info20);
702 info20->usri20_name = talloc_strdup(mem_ctx, user_name);
703 NT_STATUS_HAVE_NO_MEMORY(info20->usri20_name);
705 info20->usri20_comment = talloc_strdup(mem_ctx,
706 info21->description.string);
708 info20->usri20_flags = info21->acct_flags;
709 info20->usri20_user_id = rid;
711 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_20, *info20,
712 (struct USER_INFO_20 **)buffer, num_entries);
716 info23 = TALLOC_P(mem_ctx, struct USER_INFO_23);
717 NT_STATUS_HAVE_NO_MEMORY(info23);
719 info23->usri23_name = talloc_strdup(mem_ctx, user_name);
720 NT_STATUS_HAVE_NO_MEMORY(info23->usri23_name);
722 info23->usri23_comment = talloc_strdup(mem_ctx,
723 info21->description.string);
725 info23->usri23_flags = info21->acct_flags;
727 if (!sid_compose(&sid, domain_sid, rid)) {
728 return NT_STATUS_NO_MEMORY;
731 info23->usri23_user_sid =
732 (struct domsid *)sid_dup_talloc(mem_ctx, &sid);
734 ADD_TO_ARRAY(mem_ctx, struct USER_INFO_23, *info23,
735 (struct USER_INFO_23 **)buffer, num_entries);
743 /****************************************************************
744 ****************************************************************/
746 WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
747 struct NetUserEnum *r)
749 struct cli_state *cli = NULL;
750 struct rpc_pipe_client *pipe_cli = NULL;
751 struct policy_handle connect_handle;
752 struct dom_sid2 *domain_sid = NULL;
753 struct policy_handle domain_handle;
754 struct samr_SamArray *sam = NULL;
755 uint32_t filter = ACB_NORMAL;
757 uint32_t entries_read = 0;
759 NTSTATUS status = NT_STATUS_OK;
762 ZERO_STRUCT(connect_handle);
763 ZERO_STRUCT(domain_handle);
765 if (!r->out.buffer) {
766 return WERR_INVALID_PARAM;
769 *r->out.buffer = NULL;
770 *r->out.entries_read = 0;
772 switch (r->in.level) {
783 return WERR_NOT_SUPPORTED;
786 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
787 if (!W_ERROR_IS_OK(werr)) {
791 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
793 if (!W_ERROR_IS_OK(werr)) {
797 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
798 SAMR_ACCESS_ENUM_DOMAINS |
799 SAMR_ACCESS_OPEN_DOMAIN,
800 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
801 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
802 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
806 if (!W_ERROR_IS_OK(werr)) {
810 switch (r->in.filter) {
811 case FILTER_NORMAL_ACCOUNT:
814 case FILTER_TEMP_DUPLICATE_ACCOUNT:
815 filter = ACB_TEMPDUP;
817 case FILTER_INTERDOMAIN_TRUST_ACCOUNT:
818 filter = ACB_DOMTRUST;
820 case FILTER_WORKSTATION_TRUST_ACCOUNT:
821 filter = ACB_WSTRUST;
823 case FILTER_SERVER_TRUST_ACCOUNT:
824 filter = ACB_SVRTRUST;
830 status = rpccli_samr_EnumDomainUsers(pipe_cli,
838 werr = ntstatus_to_werror(status);
839 if (NT_STATUS_IS_ERR(status)) {
843 for (i=0; i < sam->count; i++) {
845 status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
848 NULL, /*&builtin_handle, */
849 sam->entries[i].name.string,
853 r->out.entries_read);
854 if (!NT_STATUS_IS_OK(status)) {
855 werr = ntstatus_to_werror(status);
866 if (NT_STATUS_IS_OK(status) ||
867 NT_STATUS_IS_ERR(status)) {
869 if (ctx->disable_policy_handle_cache) {
870 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
871 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
878 /****************************************************************
879 ****************************************************************/
881 WERROR NetUserEnum_l(struct libnetapi_ctx *ctx,
882 struct NetUserEnum *r)
884 return WERR_NOT_SUPPORTED;
887 /****************************************************************
888 ****************************************************************/
890 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_USER(TALLOC_CTX *mem_ctx,
891 struct samr_DispInfoGeneral *info,
892 uint32_t *entries_read,
895 struct NET_DISPLAY_USER *user = NULL;
898 user = TALLOC_ZERO_ARRAY(mem_ctx,
899 struct NET_DISPLAY_USER,
901 W_ERROR_HAVE_NO_MEMORY(user);
903 for (i = 0; i < info->count; i++) {
904 user[i].usri1_name = talloc_strdup(mem_ctx,
905 info->entries[i].account_name.string);
906 user[i].usri1_comment = talloc_strdup(mem_ctx,
907 info->entries[i].description.string);
908 user[i].usri1_flags =
909 info->entries[i].acct_flags;
910 user[i].usri1_full_name = talloc_strdup(mem_ctx,
911 info->entries[i].full_name.string);
912 user[i].usri1_user_id =
913 info->entries[i].rid;
914 user[i].usri1_next_index =
915 info->entries[i].idx;
917 if (!user[i].usri1_name) {
922 *buffer = talloc_memdup(mem_ctx, user,
923 sizeof(struct NET_DISPLAY_USER) * info->count);
924 W_ERROR_HAVE_NO_MEMORY(*buffer);
926 *entries_read = info->count;
931 /****************************************************************
932 ****************************************************************/
934 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(TALLOC_CTX *mem_ctx,
935 struct samr_DispInfoFull *info,
936 uint32_t *entries_read,
939 struct NET_DISPLAY_MACHINE *machine = NULL;
942 machine = TALLOC_ZERO_ARRAY(mem_ctx,
943 struct NET_DISPLAY_MACHINE,
945 W_ERROR_HAVE_NO_MEMORY(machine);
947 for (i = 0; i < info->count; i++) {
948 machine[i].usri2_name = talloc_strdup(mem_ctx,
949 info->entries[i].account_name.string);
950 machine[i].usri2_comment = talloc_strdup(mem_ctx,
951 info->entries[i].description.string);
952 machine[i].usri2_flags =
953 info->entries[i].acct_flags;
954 machine[i].usri2_user_id =
955 info->entries[i].rid;
956 machine[i].usri2_next_index =
957 info->entries[i].idx;
959 if (!machine[i].usri2_name) {
964 *buffer = talloc_memdup(mem_ctx, machine,
965 sizeof(struct NET_DISPLAY_MACHINE) * info->count);
966 W_ERROR_HAVE_NO_MEMORY(*buffer);
968 *entries_read = info->count;
973 /****************************************************************
974 ****************************************************************/
976 static WERROR convert_samr_dispinfo_to_NET_DISPLAY_GROUP(TALLOC_CTX *mem_ctx,
977 struct samr_DispInfoFullGroups *info,
978 uint32_t *entries_read,
981 struct NET_DISPLAY_GROUP *group = NULL;
984 group = TALLOC_ZERO_ARRAY(mem_ctx,
985 struct NET_DISPLAY_GROUP,
987 W_ERROR_HAVE_NO_MEMORY(group);
989 for (i = 0; i < info->count; i++) {
990 group[i].grpi3_name = talloc_strdup(mem_ctx,
991 info->entries[i].account_name.string);
992 group[i].grpi3_comment = talloc_strdup(mem_ctx,
993 info->entries[i].description.string);
994 group[i].grpi3_group_id =
995 info->entries[i].rid;
996 group[i].grpi3_attributes =
997 info->entries[i].acct_flags;
998 group[i].grpi3_next_index =
999 info->entries[i].idx;
1001 if (!group[i].grpi3_name) {
1006 *buffer = talloc_memdup(mem_ctx, group,
1007 sizeof(struct NET_DISPLAY_GROUP) * info->count);
1008 W_ERROR_HAVE_NO_MEMORY(*buffer);
1010 *entries_read = info->count;
1016 /****************************************************************
1017 ****************************************************************/
1019 static WERROR convert_samr_dispinfo_to_NET_DISPLAY(TALLOC_CTX *mem_ctx,
1020 union samr_DispInfo *info,
1022 uint32_t *entries_read,
1027 return convert_samr_dispinfo_to_NET_DISPLAY_USER(mem_ctx,
1032 return convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(mem_ctx,
1037 return convert_samr_dispinfo_to_NET_DISPLAY_GROUP(mem_ctx,
1042 return WERR_UNKNOWN_LEVEL;
1048 /****************************************************************
1049 ****************************************************************/
1051 WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
1052 struct NetQueryDisplayInformation *r)
1054 struct cli_state *cli = NULL;
1055 struct rpc_pipe_client *pipe_cli = NULL;
1056 struct policy_handle connect_handle;
1057 struct dom_sid2 *domain_sid = NULL;
1058 struct policy_handle domain_handle;
1059 union samr_DispInfo info;
1061 uint32_t total_size = 0;
1062 uint32_t returned_size = 0;
1064 NTSTATUS status = NT_STATUS_OK;
1067 ZERO_STRUCT(connect_handle);
1068 ZERO_STRUCT(domain_handle);
1070 switch (r->in.level) {
1076 return WERR_UNKNOWN_LEVEL;
1079 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
1080 if (!W_ERROR_IS_OK(werr)) {
1084 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
1086 if (!W_ERROR_IS_OK(werr)) {
1090 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1091 SAMR_ACCESS_ENUM_DOMAINS |
1092 SAMR_ACCESS_OPEN_DOMAIN,
1093 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
1094 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
1095 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1099 if (!W_ERROR_IS_OK(werr)) {
1103 status = rpccli_samr_QueryDisplayInfo2(pipe_cli,
1108 r->in.entries_requested,
1113 if (!NT_STATUS_IS_OK(status)) {
1114 werr = ntstatus_to_werror(status);
1118 werr = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info,
1120 r->out.entries_read,
1128 if (NT_STATUS_IS_OK(status) ||
1129 NT_STATUS_IS_ERR(status)) {
1131 if (ctx->disable_policy_handle_cache) {
1132 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1133 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1141 /****************************************************************
1142 ****************************************************************/
1145 WERROR NetQueryDisplayInformation_l(struct libnetapi_ctx *ctx,
1146 struct NetQueryDisplayInformation *r)
1148 return WERR_NOT_SUPPORTED;
1151 /****************************************************************
1152 ****************************************************************/
1154 WERROR NetUserChangePassword_r(struct libnetapi_ctx *ctx,
1155 struct NetUserChangePassword *r)
1157 return WERR_NOT_SUPPORTED;
1160 /****************************************************************
1161 ****************************************************************/
1163 WERROR NetUserChangePassword_l(struct libnetapi_ctx *ctx,
1164 struct NetUserChangePassword *r)
1166 return WERR_NOT_SUPPORTED;
1169 /****************************************************************
1170 ****************************************************************/
1172 WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
1173 struct NetUserGetInfo *r)
1175 struct cli_state *cli = NULL;
1176 struct rpc_pipe_client *pipe_cli = NULL;
1180 struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
1181 struct lsa_String lsa_account_name;
1182 struct dom_sid2 *domain_sid = NULL;
1183 struct samr_Ids user_rids, name_types;
1184 uint32_t num_entries = 0;
1186 ZERO_STRUCT(connect_handle);
1187 ZERO_STRUCT(domain_handle);
1188 ZERO_STRUCT(builtin_handle);
1189 ZERO_STRUCT(user_handle);
1191 if (!r->out.buffer) {
1192 return WERR_INVALID_PARAM;
1195 switch (r->in.level) {
1203 werr = WERR_NOT_SUPPORTED;
1207 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
1208 if (!W_ERROR_IS_OK(werr)) {
1212 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
1214 if (!W_ERROR_IS_OK(werr)) {
1218 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1219 SAMR_ACCESS_ENUM_DOMAINS |
1220 SAMR_ACCESS_OPEN_DOMAIN,
1221 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1225 if (!W_ERROR_IS_OK(werr)) {
1229 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1230 SAMR_ACCESS_ENUM_DOMAINS |
1231 SAMR_ACCESS_OPEN_DOMAIN,
1232 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
1233 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
1236 if (!W_ERROR_IS_OK(werr)) {
1240 init_lsa_String(&lsa_account_name, r->in.user_name);
1242 status = rpccli_samr_LookupNames(pipe_cli, ctx,
1248 if (!NT_STATUS_IS_OK(status)) {
1249 werr = ntstatus_to_werror(status);
1253 status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
1262 if (!NT_STATUS_IS_OK(status)) {
1263 werr = ntstatus_to_werror(status);
1272 if (is_valid_policy_hnd(&user_handle)) {
1273 rpccli_samr_Close(pipe_cli, ctx, &user_handle);
1276 if (ctx->disable_policy_handle_cache) {
1277 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1278 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1284 /****************************************************************
1285 ****************************************************************/
1287 WERROR NetUserGetInfo_l(struct libnetapi_ctx *ctx,
1288 struct NetUserGetInfo *r)
1290 return WERR_NOT_SUPPORTED;
1293 /****************************************************************
1294 ****************************************************************/
1296 WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
1297 struct NetUserSetInfo *r)
1299 struct cli_state *cli = NULL;
1300 struct rpc_pipe_client *pipe_cli = NULL;
1304 struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
1305 struct lsa_String lsa_account_name;
1306 struct dom_sid2 *domain_sid = NULL;
1307 struct samr_Ids user_rids, name_types;
1308 union samr_UserInfo user_info;
1310 struct USER_INFO_X uX;
1312 ZERO_STRUCT(connect_handle);
1313 ZERO_STRUCT(domain_handle);
1314 ZERO_STRUCT(builtin_handle);
1315 ZERO_STRUCT(user_handle);
1317 if (!r->in.buffer) {
1318 return WERR_INVALID_PARAM;
1321 switch (r->in.level) {
1326 werr = WERR_NOT_SUPPORTED;
1330 werr = libnetapi_open_ipc_connection(ctx, r->in.server_name, &cli);
1331 if (!W_ERROR_IS_OK(werr)) {
1335 werr = libnetapi_open_pipe(ctx, cli, &ndr_table_samr.syntax_id,
1337 if (!W_ERROR_IS_OK(werr)) {
1341 werr = libnetapi_samr_open_domain(ctx, pipe_cli,
1342 SAMR_ACCESS_ENUM_DOMAINS |
1343 SAMR_ACCESS_OPEN_DOMAIN,
1344 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
1345 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
1349 if (!W_ERROR_IS_OK(werr)) {
1353 werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
1354 SAMR_ACCESS_ENUM_DOMAINS |
1355 SAMR_ACCESS_OPEN_DOMAIN,
1356 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
1357 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
1360 if (!W_ERROR_IS_OK(werr)) {
1364 init_lsa_String(&lsa_account_name, r->in.user_name);
1366 status = rpccli_samr_LookupNames(pipe_cli, ctx,
1372 if (!NT_STATUS_IS_OK(status)) {
1373 werr = ntstatus_to_werror(status);
1377 status = rpccli_samr_OpenUser(pipe_cli, ctx,
1379 SAMR_USER_ACCESS_SET_ATTRIBUTES,
1382 if (!NT_STATUS_IS_OK(status)) {
1383 werr = ntstatus_to_werror(status);
1387 status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
1388 if (!NT_STATUS_IS_OK(status)) {
1389 werr = ntstatus_to_werror(status);
1393 convert_USER_INFO_X_to_samr_user_info21(&uX, &user_info.info21);
1395 status = rpccli_samr_SetUserInfo(pipe_cli, ctx,
1399 if (!NT_STATUS_IS_OK(status)) {
1400 werr = ntstatus_to_werror(status);
1411 if (is_valid_policy_hnd(&user_handle)) {
1412 rpccli_samr_Close(pipe_cli, ctx, &user_handle);
1415 if (ctx->disable_policy_handle_cache) {
1416 libnetapi_samr_close_domain_handle(ctx, &domain_handle);
1417 libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
1418 libnetapi_samr_close_connect_handle(ctx, &connect_handle);
1424 /****************************************************************
1425 ****************************************************************/
1427 WERROR NetUserSetInfo_l(struct libnetapi_ctx *ctx,
1428 struct NetUserSetInfo *r)
1430 return WERR_NOT_SUPPORTED;