NET_API_STATUS
NetApiBufferFree(
   PVOID pBuffer
   )
{
    DWORD dwError = ERROR_SUCCESS;

    BAIL_ON_INVALID_PTR(pBuffer, dwError);

    NetFreeMemory(pBuffer);

cleanup:
    return (NET_API_STATUS)dwError;

error:
    goto cleanup;
}
Example #2
0
NET_API_STATUS
NetGetDomainName(
    IN  PCWSTR    pwszHostname,
    OUT PWSTR    *ppwszDomainName
    )
{
    const DWORD dwConnAccess = SAMR_ACCESS_OPEN_DOMAIN |
                               SAMR_ACCESS_ENUM_DOMAINS;

    NTSTATUS ntStatus = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    PNET_CONN pConn = NULL;
    size_t sDomainNameLen = 0;
    PWSTR pwszDomainName = NULL;
    PIO_CREDS pCreds = NULL;

    BAIL_ON_INVALID_PTR(ppwszDomainName, err);

    ntStatus = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(ntStatus);

    ntStatus = NetConnectSamr(&pConn, pwszHostname, dwConnAccess, 0, pCreds);
    BAIL_ON_NT_STATUS(ntStatus);

    err = LwWc16sLen(pConn->Rpc.Samr.pwszDomainName, &sDomainNameLen);
    BAIL_ON_WIN_ERROR(err);

    ntStatus = NetAllocateMemory(
                    OUT_PPVOID(&pwszDomainName),
                    sizeof(pwszDomainName[0]) * (sDomainNameLen + 1));
    BAIL_ON_NT_STATUS(ntStatus);

    err = LwWc16snCpy(pwszDomainName,
                      pConn->Rpc.Samr.pwszDomainName,
                      sDomainNameLen);
    BAIL_ON_WIN_ERROR(err);

    *ppwszDomainName = pwszDomainName;

cleanup:
    NetDisconnectSamr(&pConn);

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    if (err == ERROR_SUCCESS &&
        ntStatus != STATUS_SUCCESS)
    {
        err = NtStatusToWin32Error(ntStatus);
    }

    return err;

error:
    if (pwszDomainName)
    {
        NetFreeMemory(pwszDomainName);
    }

    *ppwszDomainName = NULL;

    goto cleanup;
}
Example #3
0
NET_API_STATUS
NetUserGetLocalGroups(
    PCWSTR  pwszHostname,
    PCWSTR  pwszUsername,
    DWORD   dwLevel,
    DWORD   dwFlags,
    PVOID  *ppBuffer,
    DWORD   dwMaxBufferSize,
    PDWORD  pdwNumEntries,
    PDWORD  pdwTotalEntries
)
{
    const DWORD dwBuiltinDomainAccess = DOMAIN_ACCESS_OPEN_ACCOUNT |
                                        DOMAIN_ACCESS_ENUM_ACCOUNTS;

    const DWORD dwUserAccess = USER_ACCESS_GET_GROUP_MEMBERSHIP;

    NTSTATUS status = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    PNET_CONN pConn = NULL;
    SAMR_BINDING hSamrBinding = NULL;
    DOMAIN_HANDLE hDomain = NULL;
    DOMAIN_HANDLE hBtinDomain = NULL;
    ACCOUNT_HANDLE hUser = NULL;
    PSID pDomainSid = NULL;
    PSID pUserSid = NULL;
    DWORD dwUserRid = 0;
    DWORD dwSidLen = 0;
    DWORD i = 0;
    PDWORD pdwUserRids = NULL;
    PDWORD pdwBuiltinUserRids = NULL;
    DWORD dwRidsCount = 0;
    DWORD dwBuiltinRidsCount = 0;
    DWORD dwInfoLevelSize = 0;
    DWORD dwTotalNumEntries = 0;
    PWSTR *ppwszAliasNames = NULL;
    PWSTR *ppwszBuiltinAliasNames = NULL;
    PDWORD pdwAliasTypes = NULL;
    PDWORD pdwBuiltinAliasTypes = NULL;
    PWSTR *ppwszLocalGroupNames = NULL;
    PVOID pSourceBuffer = NULL;
    PVOID pBuffer = NULL;
    PVOID pBufferCursor = NULL;
    DWORD dwSize = 0;
    DWORD dwTotalSize = 0;
    DWORD dwNumEntries = 0;
    DWORD dwSpaceAvailable = 0;
    PIO_CREDS pCreds = NULL;
    NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_NONE;

    BAIL_ON_INVALID_PTR(pwszUsername, err);
    BAIL_ON_INVALID_PTR(ppBuffer, err);
    BAIL_ON_INVALID_PTR(pdwNumEntries, err);
    BAIL_ON_INVALID_PTR(pdwTotalEntries, err);

    switch (dwLevel)
    {
    case 0:
        dwInfoLevelSize = sizeof(LOCALGROUP_USERS_INFO_0);
        break;

    default:
        err = ERROR_INVALID_LEVEL;
        BAIL_ON_WIN_ERROR(err);
    }

    status = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(status);

    status = NetConnectSamr(&pConn,
                            pwszHostname,
                            0,
                            dwBuiltinDomainAccess,
                            pCreds);
    BAIL_ON_NT_STATUS(status);

    hSamrBinding = pConn->Rpc.Samr.hBinding;
    hDomain      = pConn->Rpc.Samr.hDomain;
    hBtinDomain  = pConn->Rpc.Samr.hBuiltin;
    pDomainSid   = pConn->Rpc.Samr.pDomainSid;

    status = NetOpenUser(pConn,
                         pwszUsername,
                         dwUserAccess,
                         &hUser,
                         &dwUserRid);
    BAIL_ON_NT_STATUS(status);

    dwSidLen = RtlLengthRequiredSid(pDomainSid->SubAuthorityCount + 1);
    err = LwAllocateMemory(dwSidLen,
                           OUT_PPVOID(&pUserSid));
    BAIL_ON_WIN_ERROR(err);

    status = RtlCopySid(dwSidLen,
                        pUserSid,
                        pDomainSid);
    BAIL_ON_NT_STATUS(status);

    status = RtlAppendRidSid(dwSidLen,
                             pUserSid,
                             dwUserRid);
    BAIL_ON_NT_STATUS(status);

    status = SamrGetAliasMembership(hSamrBinding,
                                    hDomain,
                                    &pUserSid,
                                    1,
                                    &pdwUserRids,
                                    &dwRidsCount);
    BAIL_ON_NT_STATUS(status);

    status = SamrGetAliasMembership(hSamrBinding,
                                    hBtinDomain,
                                    &pUserSid,
                                    1,
                                    &pdwBuiltinUserRids,
                                    &dwBuiltinRidsCount);
    BAIL_ON_NT_STATUS(status);

    dwTotalNumEntries = dwRidsCount + dwBuiltinRidsCount;

    err = LwAllocateMemory(
              sizeof(ppwszLocalGroupNames[0]) * dwTotalNumEntries,
              OUT_PPVOID(&ppwszLocalGroupNames));
    BAIL_ON_WIN_ERROR(err);

    if (dwRidsCount > 0)
    {
        status = SamrLookupRids(hSamrBinding,
                                hDomain,
                                dwRidsCount,
                                pdwUserRids,
                                &ppwszAliasNames,
                                &pdwAliasTypes);
        BAIL_ON_NT_STATUS(status);

        for (i = 0; i < dwRidsCount; i++)
        {
            ppwszLocalGroupNames[i] = ppwszAliasNames[i];
        }
    }

    if (dwBuiltinRidsCount > 0)
    {
        status = SamrLookupRids(hSamrBinding,
                                hBtinDomain,
                                dwBuiltinRidsCount,
                                pdwBuiltinUserRids,
                                &ppwszBuiltinAliasNames,
                                &pdwBuiltinAliasTypes);
        BAIL_ON_NT_STATUS(status);

        for (i = 0; i < dwBuiltinRidsCount; i++)
        {
            ppwszLocalGroupNames[i + dwRidsCount] = ppwszBuiltinAliasNames[i];
        }
    }

    for (i = 0; i < dwTotalNumEntries; i++)
    {
        pSourceBuffer = ppwszLocalGroupNames[i];

        dwSize = 0;
        err = NetAllocateLocalGroupUsersInfo(NULL,
                                             NULL,
                                             dwLevel,
                                             pSourceBuffer,
                                             &dwSize,
                                             eValidation);
        BAIL_ON_WIN_ERROR(err);

        dwTotalSize += dwSize;
        dwNumEntries++;

        if (dwTotalSize > dwMaxBufferSize)
        {
            dwTotalSize -= dwSize;
            dwNumEntries--;
            break;
        }
    }

    if (dwTotalNumEntries > 0 && dwNumEntries == 0)
    {
        err = ERROR_INSUFFICIENT_BUFFER;
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwTotalSize)
    {
        status = NetAllocateMemory(OUT_PPVOID(&pBuffer),
                                   dwTotalSize);
        BAIL_ON_NT_STATUS(status);
    }

    dwSize           = 0;
    pBufferCursor    = pBuffer;
    dwSpaceAvailable = dwTotalSize;

    for (i = 0; i < dwNumEntries; i++)
    {
        pSourceBuffer = ppwszLocalGroupNames[i];
        pBufferCursor = pBuffer + (i * dwInfoLevelSize);

        err = NetAllocateLocalGroupUsersInfo(pBufferCursor,
                                             &dwSpaceAvailable,
                                             dwLevel,
                                             pSourceBuffer,
                                             &dwSize,
                                             eValidation);
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwNumEntries < dwTotalNumEntries)
    {
        err = ERROR_MORE_DATA;
    }

    status = SamrClose(hSamrBinding, hUser);
    BAIL_ON_NT_STATUS(status);

    *ppBuffer        = pBuffer;
    *pdwNumEntries   = dwNumEntries;
    *pdwTotalEntries = dwTotalNumEntries;

cleanup:
    LW_SAFE_FREE_MEMORY(pUserSid);
    LW_SAFE_FREE_MEMORY(ppwszLocalGroupNames);

    if (pdwUserRids)
    {
        SamrFreeMemory(pdwUserRids);
    }

    if (pdwBuiltinUserRids)
    {
        SamrFreeMemory(pdwBuiltinUserRids);
    }

    if (ppwszAliasNames)
    {
        SamrFreeMemory(ppwszAliasNames);
    }

    if (pdwAliasTypes)
    {
        SamrFreeMemory(pdwAliasTypes);
    }

    if (ppwszBuiltinAliasNames)
    {
        SamrFreeMemory(ppwszBuiltinAliasNames);
    }

    if (pdwBuiltinAliasTypes)
    {
        SamrFreeMemory(pdwBuiltinAliasTypes);
    }

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    return err;

error:
    if (pBuffer)
    {
        NetFreeMemory(pBuffer);
    }

    *ppBuffer        = NULL;
    *pdwNumEntries   = 0;
    *pdwTotalEntries = 0;

    goto cleanup;
}
Example #4
0
NET_API_STATUS
NetUserAdd(
    PCWSTR  pwszHostname,
    DWORD   dwLevel,
    PVOID   pBuffer,
    PDWORD  pdwParmErr
    )
{
    const DWORD dwUserAccess = USER_ACCESS_GET_NAME_ETC |
                               USER_ACCESS_SET_LOC_COM |
                               USER_ACCESS_GET_LOCALE |
                               USER_ACCESS_GET_LOGONINFO |
                               USER_ACCESS_GET_ATTRIBUTES |
                               USER_ACCESS_GET_GROUPS |
                               USER_ACCESS_GET_GROUP_MEMBERSHIP |
                               USER_ACCESS_CHANGE_GROUP_MEMBERSHIP |
                               USER_ACCESS_SET_ATTRIBUTES |
                               USER_ACCESS_SET_PASSWORD;

    const DWORD dwDomainAccess = DOMAIN_ACCESS_CREATE_USER |
                                 DOMAIN_ACCESS_LOOKUP_INFO_1;

    NTSTATUS status = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    PNET_CONN pConn = NULL;
    SAMR_BINDING hSamrBinding = NULL;
    DOMAIN_HANDLE hDomain = NULL;
    ACCOUNT_HANDLE hUser = NULL;
    DWORD dwSamrInfoLevel = 0;
    DWORD dwSamrPasswordInfoLevel = 0;
    DWORD dwParmErr = 0;
    UserInfo *pSamrUserInfo = NULL;
    UserInfo *pSamrPasswordUserInfo = NULL;
    DWORD dwSize = 0;
    DWORD dwSpaceLeft = 0;
    PIO_CREDS pCreds = NULL;
    PWSTR pwszUsername = NULL;
    DWORD dwRid = 0;
    BOOL bPasswordSet = FALSE;
    NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_USER_ADD;

    BAIL_ON_INVALID_PTR(pBuffer, err);

    if (!(dwLevel == 1 ||
          dwLevel == 2 ||
          dwLevel == 3 ||
          dwLevel == 4))
    {
        err = ERROR_INVALID_LEVEL;
        BAIL_ON_WIN_ERROR(err);
    }

    status = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(status);

    err = NetAllocateSamrUserInfo(NULL,
                                  &dwSamrInfoLevel,
                                  NULL,
                                  dwLevel,
                                  pBuffer,
                                  pConn,
                                  &dwSize,
                                  eValidation,
                                  &dwParmErr);
    BAIL_ON_WIN_ERROR(err);

    dwSpaceLeft = dwSize;
    dwSize      = 0;

    if (dwSpaceLeft)
    {
        status = NetAllocateMemory((void**)&pSamrUserInfo,
                                   dwSpaceLeft);
        BAIL_ON_NT_STATUS(status);
    }

    err = NetAllocateSamrUserInfo(&pSamrUserInfo->info21,
                                  &dwSamrInfoLevel,
                                  &dwSpaceLeft,
                                  dwLevel,
                                  pBuffer,
                                  pConn,
                                  &dwSize,
                                  eValidation,
                                  &dwParmErr);
    BAIL_ON_WIN_ERROR(err);

    status = NetConnectSamr(&pConn,
                            pwszHostname,
                            dwDomainAccess,
                            0,
                            pCreds);
    BAIL_ON_NT_STATUS(status);

    hSamrBinding = pConn->Rpc.Samr.hBinding;
    hDomain      = pConn->Rpc.Samr.hDomain;

    err = LwAllocateWc16StringFromUnicodeString(
                         &pwszUsername,
                         (PUNICODE_STRING)&pSamrUserInfo->info21.account_name);
    BAIL_ON_WIN_ERROR(err);

    status = SamrCreateUser(hSamrBinding,
                            hDomain,
                            pwszUsername,
                            dwUserAccess,
                            &hUser,
                            &dwRid);
    if (status == STATUS_USER_EXISTS)
    {
        err = NERR_UserExists;
    }
    else if (status == STATUS_ALIAS_EXISTS)
    {
        err = NERR_GroupExists;
    }
    BAIL_ON_NT_STATUS(status);

    /*
     * Check if there's password to be set (if it's NULL
     * the function returns ERROR_INVALID_PASSWORD)
     */

    dwSamrPasswordInfoLevel = 26;
    dwSize                  = 0;

    err = NetAllocateSamrUserInfo(NULL,
                                  &dwSamrPasswordInfoLevel,
                                  NULL,
                                  dwLevel,
                                  pBuffer,
                                  pConn,
                                  &dwSize,
                                  eValidation,
                                  &dwParmErr);
    if (err == ERROR_SUCCESS)
    {
        dwSpaceLeft = dwSize;
        dwSize      = 0;

        if (dwSpaceLeft)
        {
            status = NetAllocateMemory((void**)&pSamrPasswordUserInfo,
                                       dwSpaceLeft);
            BAIL_ON_NT_STATUS(status);
        }

        err = NetAllocateSamrUserInfo(&pSamrPasswordUserInfo->info26,
                                      &dwSamrPasswordInfoLevel,
                                      &dwSpaceLeft,
                                      dwLevel,
                                      pBuffer,
                                      pConn,
                                      &dwSize,
                                      eValidation,
                                      &dwParmErr);
        BAIL_ON_WIN_ERROR(err);

        status = SamrSetUserInfo(hSamrBinding,
                                 hUser,
                                 dwSamrPasswordInfoLevel,
                                 pSamrPasswordUserInfo);
        BAIL_ON_NT_STATUS(status);

        bPasswordSet = TRUE;

    }
    else if (err == ERROR_INVALID_PASSWORD)
    {
        /* This error only means we're not going to try
           set the password */
        err = ERROR_SUCCESS;
    }
    else
    {
        BAIL_ON_WIN_ERROR(err);
    }

    /*
     * Prevent from trying to rename (to the same name) the account
     * that has just been created. Created samr user info buffer
     * contains whatever is passed from net user info buffer.
     */
    if (dwSamrInfoLevel == 21 &&
        (pSamrUserInfo->info21.fields_present & SAMR_FIELD_ACCOUNT_NAME))
    {
        pSamrUserInfo->info21.fields_present ^= SAMR_FIELD_ACCOUNT_NAME;
    }

    /*
     * Disable the account only if there was no password
     */
    if (!bPasswordSet &&
        dwSamrInfoLevel == 21)
    {
        pSamrUserInfo->info21.account_flags |= ACB_DISABLED;
    }

    status = SamrSetUserInfo(hSamrBinding,
                             hUser,
                             dwSamrInfoLevel,
                             pSamrUserInfo);
    BAIL_ON_NT_STATUS(status);

    status = SamrClose(hSamrBinding, hUser);
    BAIL_ON_NT_STATUS(status);

cleanup:
    NetDisconnectSamr(&pConn);

    if (pdwParmErr)
    {
        *pdwParmErr = dwParmErr;
    }

    if (pSamrUserInfo)
    {
        NetFreeMemory(pSamrUserInfo);
    }

    if (pSamrPasswordUserInfo)
    {
        NetFreeMemory(pSamrPasswordUserInfo);
    }

    LW_SAFE_FREE_MEMORY(pwszUsername);

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    if (err == ERROR_SUCCESS &&
        status != STATUS_SUCCESS)
    {
        err = NtStatusToWin32Error(status);
    }

    return err;

error:
    goto cleanup;
}
NET_API_STATUS
NetLocalGroupEnum(
    PCWSTR  pwszHostname,
    DWORD   dwLevel,
    PVOID  *ppBuffer,
    DWORD   dwMaxBufferSize,
    PDWORD  pdwNumEntries,
    PDWORD  pdwTotalNumEntries,
    PDWORD  pdwResume
    )
{
    const DWORD dwAccountFlags = 0;
    const DWORD dwAliasAccessFlags = ALIAS_ACCESS_LOOKUP_INFO;
    const WORD wInfoLevel = ALIAS_INFO_ALL;

    NTSTATUS status = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    DWORD dwResume = 0;
    PNET_CONN pConn = NULL;
    SAMR_BINDING hSamrBinding = NULL;
    DOMAIN_HANDLE hDomain = NULL;
    DOMAIN_HANDLE hBtinDomain = NULL;
    DWORD dwSamrResume = 0;
    PWSTR *ppwszDomainAliases = NULL;
    PDWORD pdwDomainRids = NULL;
    DWORD dwNumDomainEntries = 0;
    DWORD dwTotalNumDomainEntries = 0;
    PWSTR *ppwszBtinDomainAliases = NULL;
    PDWORD pdwBtinDomainRids = NULL;
    DWORD dwNumBtinDomainEntries = 0;
    DWORD dwTotalNumBtinDomainEntries = 0;
    DWORD dwTotalNumEntries = 0;
    DWORD dwNumEntries = 0;
    DWORD i = 0;
    PDWORD pdwRids = NULL;
    PWSTR *ppwszAliases = NULL;
    ACCOUNT_HANDLE hAlias = NULL;
    AliasInfo *pSamrAliasInfo = NULL;
    AliasInfoAll **ppAliasInfo = NULL;
    DWORD dwInfoLevelSize = 0;
    PVOID pSourceBuffer = NULL;
    DWORD dwSize = 0;
    DWORD dwTotalSize = 0;
    DWORD dwSpaceAvailable = 0;
    PVOID pBuffer = NULL;
    PVOID pBufferCursor = NULL;
    PIO_CREDS pCreds = NULL;
    NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_NONE;

    BAIL_ON_INVALID_PTR(ppBuffer, err);
    BAIL_ON_INVALID_PTR(pdwNumEntries, err);
    BAIL_ON_INVALID_PTR(pdwTotalNumEntries, err);
    BAIL_ON_INVALID_PTR(pdwResume, err);

    switch (dwLevel)
    {
    case 0: dwInfoLevelSize = sizeof(LOCALGROUP_INFO_0);
        break;

    case 1: dwInfoLevelSize = sizeof(LOCALGROUP_INFO_1);
        break;

    default:
        err = ERROR_INVALID_LEVEL;
        BAIL_ON_WIN_ERROR(err);
    }

    dwResume = *pdwResume;

    status = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(status);

    status = NetConnectSamr(&pConn,
                            pwszHostname,
                            0,
                            0,
                            pCreds);
    BAIL_ON_NT_STATUS(status);

    hSamrBinding = pConn->Rpc.Samr.hBinding;
    hDomain      = pConn->Rpc.Samr.hDomain;
    hBtinDomain  = pConn->Rpc.Samr.hBuiltin;

    do
    {
        status = SamrEnumDomainAliases(hSamrBinding,
                                       hDomain,
                                       &dwSamrResume,
                                       dwAccountFlags,
                                       &ppwszDomainAliases,
                                       &pdwDomainRids,
                                       &dwNumDomainEntries);
        if (status != STATUS_SUCCESS &&
            status != STATUS_MORE_ENTRIES)
        {
            BAIL_ON_NT_STATUS(status);
        }

        if (ppwszDomainAliases)
        {
            SamrFreeMemory(ppwszDomainAliases);
            ppwszDomainAliases = NULL;
        }

        if (pdwDomainRids)
        {
            SamrFreeMemory(pdwDomainRids);
            pdwDomainRids = NULL;
        }

        dwTotalNumDomainEntries += dwNumDomainEntries;
        dwNumDomainEntries       = 0;
    }
    while (status == STATUS_MORE_ENTRIES);

    dwSamrResume = 0;

    do
    {
        status = SamrEnumDomainAliases(hSamrBinding,
                                       hBtinDomain,
                                       &dwSamrResume,
                                       dwAccountFlags,
                                       &ppwszBtinDomainAliases,
                                       &pdwBtinDomainRids,
                                       &dwNumBtinDomainEntries);
        if (status != STATUS_SUCCESS &&
            status != STATUS_MORE_ENTRIES)
        {
            BAIL_ON_NT_STATUS(status);
        }

        if (ppwszBtinDomainAliases)
        {
            SamrFreeMemory(ppwszBtinDomainAliases);
            ppwszBtinDomainAliases = NULL;
        }

        if (pdwBtinDomainRids)
        {
            SamrFreeMemory(pdwBtinDomainRids);
            pdwBtinDomainRids = NULL;
        }

        dwTotalNumBtinDomainEntries += dwNumBtinDomainEntries;
        dwNumBtinDomainEntries       = 0;
    }
    while (status == STATUS_MORE_ENTRIES);

    dwTotalNumEntries = dwTotalNumDomainEntries + dwTotalNumBtinDomainEntries;

    status = NetAllocateMemory(OUT_PPVOID(&pdwRids),
                               sizeof(pdwRids[0]) * dwTotalNumEntries);
    BAIL_ON_NT_STATUS(status);

    status = NetAllocateMemory(OUT_PPVOID(&ppwszAliases),
                               sizeof(ppwszAliases[0]) * dwTotalNumEntries);
    BAIL_ON_NT_STATUS(status);

    status = NetAllocateMemory(OUT_PPVOID(&ppAliasInfo),
                               sizeof(ppAliasInfo[0]) * dwTotalNumEntries);
    BAIL_ON_NT_STATUS(status);

    dwTotalNumDomainEntries     = 0;
    dwTotalNumBtinDomainEntries = 0;
    dwSamrResume                = 0;

    do
    {
        status = SamrEnumDomainAliases(hSamrBinding,
                                       hDomain,
                                       &dwSamrResume,
                                       dwAccountFlags,
                                       &ppwszDomainAliases,
                                       &pdwDomainRids,
                                       &dwNumDomainEntries);
        if (status != STATUS_SUCCESS &&
            status != STATUS_MORE_ENTRIES)
        {
            BAIL_ON_NT_STATUS(status);
        }

        for (i = 0; i < dwNumDomainEntries; i++)
        {
            err = LwAllocateWc16String(&ppwszAliases[dwTotalNumDomainEntries + i],
                                       ppwszDomainAliases[i]);
            BAIL_ON_WIN_ERROR(err);

            pdwRids[dwTotalNumDomainEntries + i] = pdwDomainRids[i];
        }

        dwTotalNumDomainEntries += dwNumDomainEntries;
        dwNumDomainEntries       = 0;

        if (ppwszDomainAliases)
        {
            SamrFreeMemory(ppwszDomainAliases);
            ppwszDomainAliases = NULL;
        }

        if (pdwDomainRids)
        {
            SamrFreeMemory(pdwDomainRids);
            pdwDomainRids = NULL;
        }

    }
    while (status == STATUS_MORE_ENTRIES);

    dwSamrResume = 0;

    do
    {
        status = SamrEnumDomainAliases(hSamrBinding,
                                       hBtinDomain,
                                       &dwSamrResume,
                                       dwAccountFlags,
                                       &ppwszBtinDomainAliases,
                                       &pdwBtinDomainRids,
                                       &dwNumBtinDomainEntries);
        if (status != STATUS_SUCCESS &&
            status != STATUS_MORE_ENTRIES)
        {
            BAIL_ON_NT_STATUS(status);
        }

        for (i = 0; i < dwNumBtinDomainEntries; i++)
        {
            err = LwAllocateWc16String(&ppwszAliases[dwTotalNumDomainEntries +
                                                     dwTotalNumBtinDomainEntries + i],
                                       ppwszBtinDomainAliases[i]);
            BAIL_ON_WIN_ERROR(err);

            pdwRids[dwTotalNumDomainEntries +
                    dwTotalNumBtinDomainEntries + i] = pdwBtinDomainRids[i];
        }

        dwTotalNumBtinDomainEntries += dwNumBtinDomainEntries;
        dwNumBtinDomainEntries       = 0;

        if (ppwszBtinDomainAliases)
        {
            SamrFreeMemory(ppwszBtinDomainAliases);
            ppwszBtinDomainAliases = NULL;
        }

        if (pdwBtinDomainRids)
        {
            SamrFreeMemory(pdwBtinDomainRids);
            pdwBtinDomainRids = NULL;
        }
    }
    while (status == STATUS_MORE_ENTRIES);

    for (i = dwResume; i < dwTotalNumEntries; i++)
    {
        if (dwLevel == 0)
        {
            pSourceBuffer = ppwszAliases[i];
        }
        else
        {
            DOMAIN_HANDLE hDom = NULL;
            DWORD dwRid = 0;

            hDom  = (i < dwTotalNumDomainEntries) ? hDomain : hBtinDomain;
            dwRid = pdwRids[i];

            status = SamrOpenAlias(hSamrBinding,
                                   hDom,
                                   dwAliasAccessFlags,
                                   dwRid,
                                   &hAlias);
            BAIL_ON_NT_STATUS(status);

            status = SamrQueryAliasInfo(hSamrBinding,
                                        hAlias,
                                        wInfoLevel,
                                        &pSamrAliasInfo);
            BAIL_ON_NT_STATUS(status);

            ppAliasInfo[i - dwResume]  = &pSamrAliasInfo->all;
            pSourceBuffer              = &pSamrAliasInfo->all;

            status = SamrClose(hSamrBinding, hAlias);
            BAIL_ON_NT_STATUS(status);
        }

        dwSize = 0;
        err = NetAllocateLocalGroupInfo(NULL,
                                        NULL,
                                        dwLevel,
                                        pSourceBuffer,
                                        &dwSize,
                                        eValidation);
        BAIL_ON_WIN_ERROR(err);

        dwTotalSize += dwSize;
        dwNumEntries++;

        if (dwTotalSize > dwMaxBufferSize)
        {
            dwTotalSize -= dwSize;
            dwNumEntries--;
            break;
        }
    }

    if (dwTotalNumEntries > 0 && dwNumEntries == 0)
    {
        err = ERROR_INSUFFICIENT_BUFFER;
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwTotalSize)
    {
        status = NetAllocateMemory(OUT_PPVOID(&pBuffer),
                                   dwTotalSize);
        BAIL_ON_NT_STATUS(status);
    }

    dwSize           = 0;
    pBufferCursor    = pBuffer;
    dwSpaceAvailable = dwTotalSize;

    for (i = 0; i < dwNumEntries; i++)
    {
        if (dwLevel == 0)
        {
            pSourceBuffer = ppwszAliases[dwResume + i];
        }
        else
        {
            pSourceBuffer = ppAliasInfo[i];
        }

        pBufferCursor = pBuffer + (i * dwInfoLevelSize);

        err = NetAllocateLocalGroupInfo(pBufferCursor,
                                        &dwSpaceAvailable,
                                        dwLevel,
                                        pSourceBuffer,
                                        &dwSize,
                                        eValidation);
        BAIL_ON_WIN_ERROR(err);

    }

    if (dwResume + dwNumEntries < dwTotalNumEntries)
    {
        err = ERROR_MORE_DATA;
    }

    *ppBuffer           = pBuffer;
    *pdwNumEntries      = dwNumEntries;
    *pdwTotalNumEntries = dwTotalNumEntries;
    *pdwResume          = dwResume + dwNumEntries;

cleanup:
    NetDisconnectSamr(&pConn);

    if (pdwRids)
    {
        NetFreeMemory(pdwRids);
    }

    if (ppwszAliases)
    {
        for (i = 0; i < dwTotalNumEntries; i++)
        {
            LW_SAFE_FREE_MEMORY(ppwszAliases[i]);
        }

        NetFreeMemory(ppwszAliases);
    }

    if (ppAliasInfo)
    {
        for (i = 0; i < dwNumEntries; i++)
        {
            if (ppAliasInfo[i])
            {
                SamrFreeMemory(ppAliasInfo[i]);
            }
        }

        NetFreeMemory(ppAliasInfo);
    }

    if (ppwszDomainAliases)
    {
        SamrFreeMemory(ppwszDomainAliases);
    }

    if (pdwDomainRids)
    {
        SamrFreeMemory(pdwDomainRids);
    }

    if (ppwszBtinDomainAliases)
    {
        SamrFreeMemory(ppwszBtinDomainAliases);
    }

    if (pdwBtinDomainRids)
    {
        SamrFreeMemory(pdwBtinDomainRids);
    }

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    if (err == ERROR_SUCCESS &&
        status != STATUS_SUCCESS)
    {
        err = NtStatusToWin32Error(status);
    }

    return err;

error:
    if (pBuffer)
    {
        NetFreeMemory(pBuffer);
    }

    *ppBuffer           = NULL;
    *pdwNumEntries      = 0;
    *pdwTotalNumEntries = 0;
    *pdwResume          = 0;

    goto cleanup;
}
Example #6
0
NET_API_STATUS
NetUserSetInfo(
    PCWSTR  pwszHostname,
    PCWSTR  pwszUsername,
    DWORD   dwLevel,
    PVOID   pBuffer,
    PDWORD  pdwParmErr
    )
{
    /* This is necessary to be able to set account password.
       Otherwise we get access denied. Don't ask... */
    const DWORD dwDomainAccess = DOMAIN_ACCESS_LOOKUP_INFO_1;

    const DWORD dwUserAccess = USER_ACCESS_GET_NAME_ETC |
                               USER_ACCESS_GET_LOCALE |
                               USER_ACCESS_GET_LOGONINFO |
                               USER_ACCESS_GET_ATTRIBUTES |
                               USER_ACCESS_GET_GROUPS |
                               USER_ACCESS_GET_GROUP_MEMBERSHIP |
                               USER_ACCESS_SET_LOC_COM |
                               USER_ACCESS_SET_ATTRIBUTES |
                               USER_ACCESS_CHANGE_PASSWORD |
                               USER_ACCESS_SET_PASSWORD;

    NTSTATUS status = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    PNET_CONN pConn = NULL;
    SAMR_BINDING hSamrBinding = NULL;
    ACCOUNT_HANDLE hUser = NULL;
    DWORD dwUserRid = 0;
    DWORD dwSamrInfoLevel = 0;
    DWORD dwSamrPasswordInfoLevel = 0;
    DWORD dwParmErr = 0;
    UserInfo *pSamrUserInfo = NULL;
    UserInfo *pSamrPasswordUserInfo = NULL;
    DWORD dwSize = 0;
    DWORD dwSpaceLeft = 0;
    PIO_CREDS pCreds = NULL;
    NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_USER_SET;

    if (!(dwLevel == 0 ||
          dwLevel == 1 ||
          dwLevel == 2 ||
          dwLevel == 3 ||
          dwLevel == 4 ||
          dwLevel == 1003 ||
          dwLevel == 1007 ||
          dwLevel == 1008 ||
          dwLevel == 1011))
    {
        err = ERROR_INVALID_LEVEL;
        BAIL_ON_WIN_ERROR(err);
    }


    BAIL_ON_INVALID_PTR(pwszUsername, err);
    BAIL_ON_INVALID_PTR(pBuffer, err);

    status = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(status);

    err = NetAllocateSamrUserInfo(NULL,
                                  &dwSamrInfoLevel,
                                  NULL,
                                  dwLevel,
                                  pBuffer,
                                  pConn,
                                  &dwSize,
                                  eValidation,
                                  &dwParmErr);
    BAIL_ON_WIN_ERROR(err);

    dwSpaceLeft = dwSize;
    dwSize      = 0;

    if (dwSpaceLeft)
    {
        status = NetAllocateMemory(OUT_PPVOID(&pSamrUserInfo),
                                   dwSpaceLeft);
        BAIL_ON_NT_STATUS(status);

        err = NetAllocateSamrUserInfo(&pSamrUserInfo->info21,
                                      &dwSamrInfoLevel,
                                      &dwSpaceLeft,
                                      dwLevel,
                                      pBuffer,
                                      pConn,
                                      &dwSize,
                                      eValidation,
                                      &dwParmErr);
        BAIL_ON_WIN_ERROR(err);
    }

    status = NetConnectSamr(&pConn,
                            pwszHostname,
                            dwDomainAccess,
                            0,
                            pCreds);
    BAIL_ON_NT_STATUS(status);

    hSamrBinding = pConn->Rpc.Samr.hBinding;

    status = NetOpenUser(pConn,
                         pwszUsername,
                         dwUserAccess,
                         &hUser,
                         &dwUserRid);
    BAIL_ON_NT_STATUS(status);

    /*
     * Check if there's password to be set (if it's NULL
     * the function returns ERROR_INVALID_PASSWORD)
     */

    dwSamrPasswordInfoLevel = 26;
    dwSize                  = 0;

    err = NetAllocateSamrUserInfo(NULL,
                                  &dwSamrPasswordInfoLevel,
                                  NULL,
                                  dwLevel,
                                  pBuffer,
                                  pConn,
                                  &dwSize,
                                  eValidation,
                                  &dwParmErr);
    if (err == ERROR_SUCCESS)
    {
        dwSpaceLeft = dwSize;
        dwSize      = 0;

        if (dwSpaceLeft)
        {
            status = NetAllocateMemory(OUT_PPVOID(&pSamrPasswordUserInfo),
                                       dwSpaceLeft);
            BAIL_ON_NT_STATUS(status);
        }

        err = NetAllocateSamrUserInfo(&pSamrPasswordUserInfo->info26,
                                      &dwSamrPasswordInfoLevel,
                                      &dwSpaceLeft,
                                      dwLevel,
                                      pBuffer,
                                      pConn,
                                      &dwSize,
                                      eValidation,
                                      &dwParmErr);
        BAIL_ON_WIN_ERROR(err);

        status = SamrSetUserInfo(hSamrBinding,
                                 hUser,
                                 dwSamrPasswordInfoLevel,
                                 pSamrPasswordUserInfo);
        BAIL_ON_NT_STATUS(status);
    }
    else if (err == ERROR_INVALID_LEVEL ||
             (err == ERROR_INVALID_PASSWORD &&
              dwLevel != 1003))
    {
        /* This error only means we're not going to try
           set the password.
           Either it's set to NULL in infolevel where it's optional
           or called infolevel doesn't support setting password */
        err = ERROR_SUCCESS;
    }
    else
    {
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwSamrInfoLevel)
    {
        status = SamrSetUserInfo(hSamrBinding,
                                 hUser,
                                 dwSamrInfoLevel,
                                 pSamrUserInfo);
        BAIL_ON_NT_STATUS(status);
    }

    status = SamrClose(hSamrBinding, hUser);
    BAIL_ON_NT_STATUS(status);

cleanup:
    NetDisconnectSamr(&pConn);

    if (pdwParmErr)
    {
        *pdwParmErr = dwParmErr;
    }

    if (pSamrUserInfo)
    {
        NetFreeMemory(pSamrUserInfo);
    }

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    if (err == ERROR_SUCCESS &&
        status != STATUS_SUCCESS)
    {
        err = LwNtStatusToWin32Error(status);
    }

    return err;

error:
    goto cleanup;
}
NET_API_STATUS
NetLocalGroupGetMembers(
    IN  PCWSTR  pwszHostname,
    IN  PCWSTR  pwszAliasname,
    IN  DWORD   dwLevel,
    OUT PVOID  *ppBuffer,
    IN  DWORD   dwMaxBufferSize,
    OUT PDWORD  pdwNumEntries,
    OUT PDWORD  pdwTotalEntries,
    OUT PDWORD  pdwResume
    )
{
    const DWORD dwLsaAccessFlags = LSA_ACCESS_LOOKUP_NAMES_SIDS;
    const DWORD dwAliasAccessFlags = ALIAS_ACCESS_GET_MEMBERS;
    const WORD wLookupLevel = 1;

    NTSTATUS status = STATUS_SUCCESS;
    WINERROR err = ERROR_SUCCESS;
    PNET_CONN pConn = NULL;
    SAMR_BINDING hSamrBinding = NULL;
    LSA_BINDING hLsaBinding = NULL;
    ACCOUNT_HANDLE hAlias = NULL;
    PSID *ppSids = NULL;
    DWORD dwInfoLevelSize = 0;
    DWORD dwTotalNumEntries = 0;
    DWORD dwResume = 0;
    DWORD dwAliasRid = 0;
    DWORD i = 0;
    DWORD dwNumSids = 0;
    DWORD dwCount = 0;
    POLICY_HANDLE hLsaPolicy = NULL;
    SID_ARRAY Sids = {0};
    RefDomainList *pDomains = NULL;
    TranslatedName *pNames = NULL;
    PNET_RESOLVED_NAME pResolvedNames = NULL;
    PVOID pSourceBuffer = NULL;
    PVOID pBuffer = NULL;
    PVOID pBufferCursor = NULL;
    DWORD dwSize = 0;
    DWORD dwTotalSize = 0;
    DWORD dwNumEntries = 0;
    DWORD dwSpaceAvailable = 0;
    PIO_CREDS pCreds = NULL;
    NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_NONE;

    BAIL_ON_INVALID_PTR(pwszAliasname, err);
    BAIL_ON_INVALID_PTR(ppBuffer, err);
    BAIL_ON_INVALID_PTR(pdwNumEntries, err);
    BAIL_ON_INVALID_PTR(pdwTotalEntries, err);
    BAIL_ON_INVALID_PTR(pdwResume, err);

    switch (dwLevel)
    {
    case 0:
        dwInfoLevelSize = sizeof(LOCALGROUP_MEMBERS_INFO_0);
        break;

    case 3:
        dwInfoLevelSize = sizeof(LOCALGROUP_MEMBERS_INFO_3);
        break;

    case 1:
    case 2:
    default:
        err = ERROR_INVALID_LEVEL;
        BAIL_ON_WIN_ERROR(err);
    }

    dwResume = *pdwResume;

    status = LwIoGetActiveCreds(NULL, &pCreds);
    BAIL_ON_NT_STATUS(status);

    status = NetConnectSamr(&pConn,
                            pwszHostname,
                            0,
                            0,
                            pCreds);
    BAIL_ON_NT_STATUS(status);

    hSamrBinding = pConn->Rpc.Samr.hBinding;

    status = NetOpenAlias(pConn,
                          pwszAliasname,
                          dwAliasAccessFlags,
                          &hAlias,
                          &dwAliasRid);
    if (status == STATUS_NONE_MAPPED)
    {
        /* No such alias in host's domain.
           Try to look in builtin domain. */
        status = NetOpenAlias(pConn,
                              pwszAliasname,
                              dwAliasAccessFlags,
                              &hAlias,
                              &dwAliasRid);
        BAIL_ON_NT_STATUS(status);

    }
    else if (status != STATUS_SUCCESS)
    {
        BAIL_ON_NT_STATUS(status);
    }

    status = SamrGetMembersInAlias(hSamrBinding,
                                   hAlias,
                                   &ppSids,
                                   &dwNumSids);
    BAIL_ON_NT_STATUS(status);

    status = SamrClose(hSamrBinding, hAlias);
    BAIL_ON_NT_STATUS(status);

    dwTotalNumEntries = dwNumSids;

    if (dwLevel == 0)
    {
        for (i = 0; i + dwResume < dwNumSids; i++)
        {
            pSourceBuffer = ppSids[i + dwResume];

            err = NetAllocateLocalGroupMembersInfo(NULL,
                                                   NULL,
                                                   dwLevel,
                                                   pSourceBuffer,
                                                   &dwSize,
                                                   eValidation);
            BAIL_ON_WIN_ERROR(err);

            dwTotalSize += dwSize;
            dwNumEntries++;

            if (dwTotalSize > dwMaxBufferSize)
            {
                dwTotalSize -= dwSize;
                dwNumEntries--;
                break;
            }
        }
    }
    else
    {
        status = NetConnectLsa(&pConn,
                               pwszHostname,
                               dwLsaAccessFlags,
                               pCreds);
        BAIL_ON_NT_STATUS(status);

        hLsaBinding  = pConn->Rpc.Lsa.hBinding;
        hLsaPolicy   = pConn->Rpc.Lsa.hPolicy;

        Sids.dwNumSids = dwNumSids;
        status = NetAllocateMemory(OUT_PPVOID(&Sids.pSids),
                                   sizeof(Sids.pSids[0]) * Sids.dwNumSids);
        BAIL_ON_NT_STATUS(status);
    
        for (i = 0; i < Sids.dwNumSids; i++)
        {
            Sids.pSids[i].pSid = ppSids[i];
        }

        status = LsaLookupSids(hLsaBinding,
                               hLsaPolicy,
                               &Sids,
                               &pDomains,
                               &pNames,
                               wLookupLevel,
                               &dwCount);
        if (status != STATUS_SUCCESS &&
            status != LW_STATUS_SOME_NOT_MAPPED)
        {
            BAIL_ON_NT_STATUS(status);
        }

        status = NetAllocateMemory(OUT_PPVOID(&pResolvedNames),
                                   sizeof(*pResolvedNames) * dwCount);
        BAIL_ON_NT_STATUS(status);

        for (i = 0; i + dwResume < dwCount; i++)
        {
            DWORD iDomain = pNames[i + dwResume].sid_index;

            pResolvedNames[i].AccountName = pNames[i + dwResume].name;
            pResolvedNames[i].usType      = pNames[i + dwResume].type;
            pResolvedNames[i].DomainName  = pDomains->domains[iDomain].name;

            pSourceBuffer = pResolvedNames;

            err = NetAllocateLocalGroupMembersInfo(NULL,
                                                   NULL,
                                                   dwLevel,
                                                   pSourceBuffer,
                                                   &dwSize,
                                                   eValidation);
            BAIL_ON_WIN_ERROR(err);

            dwTotalSize += dwSize;
            dwNumEntries++;

            if (dwTotalSize > dwMaxBufferSize)
            {
                dwTotalSize -= dwSize;
                dwNumEntries--;
                break;
            }
        }
    }

    if (dwTotalNumEntries > 0 && dwNumEntries == 0)
    {
        err = ERROR_INSUFFICIENT_BUFFER;
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwTotalSize)
    {
        status = NetAllocateMemory(OUT_PPVOID(&pBuffer),
                                   dwTotalSize);
        BAIL_ON_NT_STATUS(status);
    }

    dwSize           = 0;
    pBufferCursor    = pBuffer;
    dwSpaceAvailable = dwTotalSize;

    for (i = 0; i < dwNumEntries; i++)
    {
        if (dwLevel == 0)
        {
            pSourceBuffer = ppSids[i + dwResume];
        }
        else
        {
            pSourceBuffer = &(pResolvedNames[i]);
        }

        pBufferCursor = pBuffer + (i * dwInfoLevelSize);

        err = NetAllocateLocalGroupMembersInfo(pBufferCursor,
                                               &dwSpaceAvailable,
                                               dwLevel,
                                               pSourceBuffer,
                                               &dwSize,
                                               eValidation);
        BAIL_ON_WIN_ERROR(err);
    }

    if (dwResume + dwNumEntries < dwTotalNumEntries)
    {
        err = ERROR_MORE_DATA;
    }

    *ppBuffer        = pBuffer;
    *pdwResume       = dwResume + dwNumEntries;
    *pdwNumEntries   = dwNumEntries;
    *pdwTotalEntries = dwTotalNumEntries;

cleanup:
    NetDisconnectSamr(&pConn);

    if (Sids.pSids)
    {
        NetFreeMemory(Sids.pSids);
    }

    if (ppSids)
    {
        SamrFreeMemory(ppSids);
    }

    if (pNames)
    {
        SamrFreeMemory(pNames);
    }

    if (pDomains)
    {
        SamrFreeMemory(pDomains);
    }

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    if (err == ERROR_SUCCESS &&
        status != STATUS_SUCCESS)
    {
        err = LwNtStatusToWin32Error(status);
    }

    return err;

error:
    if (pBuffer)
    {
        NetFreeMemory(pBuffer);
    }

    *ppBuffer = NULL;

    goto cleanup;
}