APIERR MNetUserGetGroups( const TCHAR FAR * pszServer, const TCHAR FAR * pszUserName, UINT Level, BYTE FAR ** ppbBuffer, UINT FAR * pcEntriesRead ) { DWORD cTotalAvail; return (APIERR)NetUserGetGroups( (TCHAR *)pszServer, (TCHAR *)pszUserName, Level, ppbBuffer, MAXPREFERREDLENGTH, pcEntriesRead, &cTotalAvail ); } // MNetUserGetGroups
static int get_user_global_groups(WCHAR *user, struct oscap_list *list) { NET_API_STATUS status; GROUP_USERS_INFO_0 *buffer = NULL; DWORD preffered_max_len = MAX_PREFERRED_LENGTH; DWORD entries_read = 0; DWORD total_entries = 0; status = NetUserGetGroups(NULL, user, 0, (LPBYTE *)&buffer, preffered_max_len, &entries_read, &total_entries); if (status != NERR_Success) { dD("NetUserGetGroups failed: %d", status); return 1; } for (DWORD i = 0; i < entries_read; i++) { WCHAR *group_name = buffer[i].grui0_name; oscap_list_add(list, wcsdup(group_name)); } NetApiBufferFree(buffer); return 0; }
int SetupTokenGroups(PTOKEN_GROUPS *groupsToken, wchar_t *userNameW) { wchar_t **localGroups = NULL; wchar_t **globalGroups = NULL; DWORD nLocalGroups = 0; DWORD nLocalGroupsTot = 0; DWORD nGlobalGroups = 0; DWORD nGlobalGroupsTot = 0; DWORD nGroupsTotal = 0; DWORD size; int i; int exitCode = 1; /* * Retrieve local groups, which user belong to. */ debug("Retrieving local groups list..."); FAIL(NetUserGetLocalGroups(NULL, userNameW, 0, LG_INCLUDE_INDIRECT, (LPBYTE *) &localGroups, MAX_PREFERRED_LENGTH, &nLocalGroups, &nLocalGroupsTot)); debug("Retrieving global groups list..."); /* * Retrieve global groups, which user belong to. */ FAIL(NetUserGetGroups(NULL, userNameW, 0, (LPBYTE *) &globalGroups, MAX_PREFERRED_LENGTH, &nGlobalGroups, &nGlobalGroupsTot)); /* * Allocate buffer for TOKEN_GROUPS struct. * * We assume user belong to Everyone, AuthenticatedUsers, Local, Interactive * and groups retrievied from NetUserGetLocalGroups() and NetUserGetGroups() * for given user. */ nGroupsTotal = nLocalGroups + nGlobalGroups + 4; size = (nGroupsTotal + 1) * sizeof(SID_AND_ATTRIBUTES) + sizeof(DWORD); *groupsToken = (TOKEN_GROUPS *) LocalAlloc(LPTR, size); (*groupsToken) -> GroupCount = nGroupsTotal; /* * Write SIDs of local groups into TOKEN_GROUPS struct. */ #define INSIDE_GROUP_FLAG SE_GROUP_ENABLED\ | SE_GROUP_ENABLED_BY_DEFAULT\ | SE_GROUP_MANDATORY int delta = 4; for (i = 0; i < nLocalGroups; i++) { FAIL(GetSidW(&(*groupsToken) -> Groups[i + delta].Sid, localGroups[i])); (*groupsToken) -> Groups[i + delta].Attributes = INSIDE_GROUP_FLAG; } /* * Write SIDs of global groups into TOKEN_GROUPS struct. */ delta = 4 + nLocalGroups; for (i = 0; i < nGlobalGroups; i++) { FAIL(GetSidW(&(*groupsToken) -> Groups[delta + i].Sid, globalGroups[i])); (*groupsToken) -> Groups[delta + i].Attributes = INSIDE_GROUP_FLAG; } /* * Write SIDs of Everyone, AuthenticatedUsers, Local and Interactive * groups into TOKEN_GROUPS struct. */ (*groupsToken) -> Groups[0].Sid = EveryoneSID(); (*groupsToken) -> Groups[0].Attributes = INSIDE_GROUP_FLAG; (*groupsToken) -> Groups[1].Sid = AuthenticatedUsersSID(); (*groupsToken) -> Groups[1].Attributes = INSIDE_GROUP_FLAG; (*groupsToken) -> Groups[2].Sid = LocalSID(); (*groupsToken) -> Groups[2].Attributes = INSIDE_GROUP_FLAG; (*groupsToken) -> Groups[3].Sid = InteractiveSID(); (*groupsToken) -> Groups[3].Attributes = INSIDE_GROUP_FLAG; exitCode = 0; fail: /* * Clean up. */ NetApiBufferFree(localGroups); NetApiBufferFree(globalGroups); if (exitCode) { debug("ERROR. Failed to setup TOKEN_GROUPS (%u).", GetLastError()); } return exitCode; }
int main(int argc, const char **argv) { NET_API_STATUS status; struct libnetapi_ctx *ctx = NULL; const char *hostname = NULL; const char *username = NULL; uint32_t level = 0; uint8_t *buffer = NULL; uint32_t entries_read = 0; uint32_t total_entries = 0; int i; struct GROUP_USERS_INFO_0 *info0 = NULL; struct GROUP_USERS_INFO_1 *info1 = NULL; poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP POPT_COMMON_LIBNETAPI_EXAMPLES POPT_TABLEEND }; status = libnetapi_init(&ctx); if (status != 0) { return status; } pc = poptGetContext("user_getgroups", argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "hostname username level"); while((opt = poptGetNextOpt(pc)) != -1) { } if (!poptPeekArg(pc)) { poptPrintHelp(pc, stderr, 0); goto out; } hostname = poptGetArg(pc); if (!poptPeekArg(pc)) { poptPrintHelp(pc, stderr, 0); goto out; } username = poptGetArg(pc); if (poptPeekArg(pc)) { level = atoi(poptGetArg(pc)); } /* NetUserGetGroups */ do { status = NetUserGetGroups(hostname, username, level, &buffer, (uint32_t)-1, &entries_read, &total_entries); if (status == 0 || status == ERROR_MORE_DATA) { switch (level) { case 0: info0 = (struct GROUP_USERS_INFO_0 *)buffer; break; case 1: info1 = (struct GROUP_USERS_INFO_1 *)buffer; break; default: break; } for (i=0; i<entries_read; i++) { switch (level) { case 0: printf("#%d group: %s\n", i, info0->grui0_name); info0++; break; case 1: printf("#%d group: %s\n", i, info1->grui1_name); printf("#%d attributes: %d\n", i, info1->grui1_attributes); info1++; break; default: break; } } NetApiBufferFree(buffer); } } while (status == ERROR_MORE_DATA); if (status != 0) { printf("NetUserGetGroups failed with: %s\n", libnetapi_get_error_string(ctx, status)); } out: libnetapi_free(ctx); poptFreeContext(pc); return status; }
// @pymethod [(groupName, attribute), ...]|win32net|NetUserGetGroups|Returns a list of groups,attributes for all groups for the user. // @todo This needs to be extended to support the new model, while // not breaking existing code. A default arg would be perfect. PyObject * PyNetUserGetGroups( PyObject *self, PyObject *args) { DWORD dwBuffsize = MAX_PREFERRED_LENGTH; PyWin_AutoFreeBstr wzServerName; // storage for incoming servername string pointer PyWin_AutoFreeBstr wzUserName; // incoming username PyObject * obServerName; PyObject * obUserName; if (!PyArg_ParseTuple(args, "OO:NetUserGetGroups", &obServerName, // @pyparm string|serverName||The name of the remote server on which the function is to execute. None or an empty string specifies the server program running on the local computer. &obUserName)) // @pyparm string|userName||The name of the user to search for in each group account. return NULL; if (!PyWinObject_AsAutoFreeBstr(obServerName, &wzServerName, TRUE)) return NULL; if (!PyWinObject_AsAutoFreeBstr(obUserName, &wzUserName, FALSE)) return NULL; DWORD dwMaxCount, dwCount; // see the win32api call for how these are used. GROUP_USERS_INFO_1 *lpBuffer; NET_API_STATUS Errno; dwMaxCount = dwCount = 0; PyObject * pRetlist = PyList_New(0); //create a return list of 0 size if (pRetlist==NULL) return NULL; // did we err? Py_BEGIN_ALLOW_THREADS Errno = NetUserGetGroups((BSTR)wzServerName, (BSTR)wzUserName, 1, (LPBYTE *)&lpBuffer, dwBuffsize, &dwCount, &dwMaxCount); Py_END_ALLOW_THREADS if (Errno == NERR_Success) // if no error, then build the list { GROUP_USERS_INFO_1 *p_nr = lpBuffer; // Enum Resource returns a buffer of successive structs if (dwCount > 0) // we actually got something { do { PyObject *obName = PyWinObject_FromWCHAR(p_nr->grui1_name); PyObject *t_ob = Py_BuildValue("(Oi)",obName, p_nr->grui1_attributes); Py_XDECREF(obName); int listerr = PyList_Append(pRetlist,t_ob); // append our obj...Append does an INCREF! Py_DECREF(t_ob); if (listerr) // or bail { Py_DECREF(pRetlist); // free the Python List NetApiBufferFree((LPVOID)lpBuffer); return NULL; } p_nr++; // next object (its a ++ because it is a typed pointer!) dwCount--; } while (dwCount); }; // if (dwCount > 0) } else { // ERROR Occurred Py_DECREF(pRetlist); return ReturnNetError("NetUserGetGroups", Errno); } // @rdesc Always makes the level 1 call and returns all data. // Data return format is a Python List. Each "Item" // is a tuple of (groupname, attributes). "(s,i)" respectively. In NT 4 the attributes seem to be hardcoded to 7. // Earlier version of NT have not been tested. NetApiBufferFree((LPVOID)lpBuffer); return pRetlist; }
isc_result_t isc_ntsecurity_getaccountgroups (char *username, char **GroupList, unsigned int maxgroups, unsigned int *totalGroups) { LPGROUP_USERS_INFO_0 pTmpBuf; LPLOCALGROUP_USERS_INFO_0 pTmpLBuf; DWORD i; LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; LPGROUP_USERS_INFO_0 pgrpBuf = NULL; DWORD dwLevel = 0; DWORD dwFlags = LG_INCLUDE_INDIRECT; DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; NET_API_STATUS nStatus; DWORD dwTotalCount = 0; size_t retlen; wchar_t user[MAX_NAME_LENGTH]; retlen = mbstowcs (user, username, MAX_NAME_LENGTH); *totalGroups = 0; /* * Call the NetUserGetLocalGroups function * specifying information level 0. * * The LG_INCLUDE_INDIRECT flag specifies that the * function should also return the names of the local * groups in which the user is indirectly a member. */ nStatus = NetUserGetLocalGroups (NULL, user, dwLevel, dwFlags, (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); /* * See if the call succeeds, */ if (nStatus != NERR_Success) { if (nStatus == ERROR_ACCESS_DENIED) return (ISC_R_NOPERM); if (nStatus == ERROR_MORE_DATA) return (ISC_R_NOSPACE); if (nStatus == NERR_UserNotFound) dwEntriesRead = 0; } dwTotalCount = 0; if (pBuf != NULL) { pTmpLBuf = pBuf; /* * Loop through the entries */ for (i = 0; (i < dwEntriesRead && *totalGroups < maxgroups); i++) { assert (pTmpLBuf != NULL); if (pTmpLBuf == NULL) break; retlen = wcslen (pTmpLBuf->lgrui0_name); GroupList[*totalGroups] = (char *) malloc (retlen + 1); if (GroupList[*totalGroups] == NULL) return (ISC_R_NOMEMORY); retlen = wcstombs (GroupList[*totalGroups], pTmpLBuf->lgrui0_name, retlen); GroupList[*totalGroups][retlen] = '\0'; if (strcmp (GroupList[*totalGroups], "None") == 0) free (GroupList[*totalGroups]); else (*totalGroups)++; pTmpLBuf++; } } /* Free the allocated memory. */ if (pBuf != NULL) NetApiBufferFree (pBuf); /* * Call the NetUserGetGroups function, specifying level 0. */ nStatus = NetUserGetGroups (NULL, user, dwLevel, (LPBYTE *) & pgrpBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); /* * See if the call succeeds, */ if (nStatus != NERR_Success) { if (nStatus == ERROR_ACCESS_DENIED) return (ISC_R_NOPERM); if (nStatus == ERROR_MORE_DATA) return (ISC_R_NOSPACE); if (nStatus == NERR_UserNotFound) dwEntriesRead = 0; } if (pgrpBuf != NULL) { pTmpBuf = pgrpBuf; /* * Loop through the entries */ for (i = 0; (i < dwEntriesRead && *totalGroups < maxgroups); i++) { assert (pTmpBuf != NULL); if (pTmpBuf == NULL) break; retlen = wcslen (pTmpBuf->grui0_name); GroupList[*totalGroups] = (char *) malloc (retlen + 1); if (GroupList[*totalGroups] == NULL) return (ISC_R_NOMEMORY); retlen = wcstombs (GroupList[*totalGroups], pTmpBuf->grui0_name, retlen); GroupList[*totalGroups][retlen] = '\0'; if (strcmp (GroupList[*totalGroups], "None") == 0) free (GroupList[*totalGroups]); else (*totalGroups)++; pTmpBuf++; } } /* * Free the allocated memory. */ if (pgrpBuf != NULL) NetApiBufferFree (pgrpBuf); return (ISC_R_SUCCESS); }
Boolean System::isGroupMember(const char* userName, const char* groupName) { Boolean retVal = false; LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; DWORD dwLevel = 0; DWORD dwFlags = LG_INCLUDE_INDIRECT ; DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; NET_API_STATUS nStatus; wchar_t wcUserName[UNLEN+1]; wchar_t wcGroupName[UNLEN+1]; //Convert user name to unicode if (!MultiByteToWideChar(CP_ACP,0,userName, -1, wcUserName, strlen(userName)+1)) { return false; } //Convert group name to unicode if (!MultiByteToWideChar(CP_ACP, 0, groupName, -1, wcGroupName, strlen(groupName)+1)) { return false; } // // Call the NetUserGetLocalGroups function // specifying information level 0. // // The LG_INCLUDE_INDIRECT flag specifies that the // function should also return the names of the local // groups in which the user is indirectly a member. // nStatus = NetUserGetLocalGroups( NULL, (LPCWSTR)wcUserName, dwLevel, dwFlags, (LPBYTE *) &pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); // // If the call succeeds, // if (nStatus == NERR_Success) { LPLOCALGROUP_USERS_INFO_0 pTmpBuf; DWORD i; DWORD dwTotalCount = 0; if ((pTmpBuf = pBuf) != NULL) { // // Loop through the local groups that the user belongs // and find the matching group name. // for (i = 0; i < dwEntriesRead; i++) { // // Compare the user's group name to groupName. // if (wcscmp(pTmpBuf->lgrui0_name, wcGroupName) == 0) { // User is a member of the group. retVal = true; break; } pTmpBuf++; dwTotalCount++; } } } // // Free the allocated memory. // if (pBuf != NULL) NetApiBufferFree(pBuf); // // If the given user and group are not found in the local group // then try on the global groups. // if (!retVal) { LPGROUP_USERS_INFO_0 pBuf = NULL; dwLevel = 0; dwPrefMaxLen = MAX_PREFERRED_LENGTH; dwEntriesRead = 0; dwTotalEntries = 0; // // Call the NetUserGetGroups function, specifying level 0. // nStatus = NetUserGetGroups( NULL, (LPCWSTR)wcUserName, dwLevel, (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); // // If the call succeeds, // if (nStatus == NERR_Success) { LPGROUP_USERS_INFO_0 pTmpBuf; DWORD i; DWORD dwTotalCount = 0; if ((pTmpBuf = pBuf) != NULL) { // // Loop through the global groups to which the user belongs // and find the matching group name. // for (i = 0; i < dwEntriesRead; i++) { // // Compare the user's group name to groupName. // if (wcscmp(pTmpBuf->grui0_name, wcGroupName) == 0) { // User is a member of the group. retVal = true; break; } pTmpBuf++; dwTotalCount++; } } } // // Free the allocated buffer. // if (pBuf != NULL) NetApiBufferFree(pBuf); } return retVal; }
static NET_API_STATUS DisplayUser(LPWSTR lpUserName) { PUSER_MODALS_INFO_0 pUserModals = NULL; PUSER_INFO_4 pUserInfo = NULL; PLOCALGROUP_USERS_INFO_0 pLocalGroupInfo = NULL; PGROUP_USERS_INFO_0 pGroupInfo = NULL; DWORD dwLocalGroupRead, dwLocalGroupTotal; DWORD dwGroupRead, dwGroupTotal; DWORD dwLastSet; DWORD i; INT nPaddedLength = 29; NET_API_STATUS Status; /* Modify the user */ Status = NetUserGetInfo(NULL, lpUserName, 4, (LPBYTE*)&pUserInfo); if (Status != NERR_Success) return Status; Status = NetUserModalsGet(NULL, 0, (LPBYTE*)&pUserModals); if (Status != NERR_Success) goto done; Status = NetUserGetLocalGroups(NULL, lpUserName, 0, 0, (LPBYTE*)&pLocalGroupInfo, MAX_PREFERRED_LENGTH, &dwLocalGroupRead, &dwLocalGroupTotal); if (Status != NERR_Success) goto done; Status = NetUserGetGroups(NULL, lpUserName, 0, (LPBYTE*)&pGroupInfo, MAX_PREFERRED_LENGTH, &dwGroupRead, &dwGroupTotal); if (Status != NERR_Success) goto done; PrintPaddedResourceString(IDS_USER_NAME, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_name); PrintPaddedResourceString(IDS_USER_FULL_NAME, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_full_name); PrintPaddedResourceString(IDS_USER_COMMENT, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_comment); PrintPaddedResourceString(IDS_USER_USER_COMMENT, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_usr_comment); PrintPaddedResourceString(IDS_USER_COUNTRY_CODE, nPaddedLength); ConPrintf(StdOut, L"%03ld ()\n", pUserInfo->usri4_country_code); PrintPaddedResourceString(IDS_USER_ACCOUNT_ACTIVE, nPaddedLength); if (pUserInfo->usri4_flags & UF_ACCOUNTDISABLE) ConResPuts(StdOut, IDS_GENERIC_NO); else if (pUserInfo->usri4_flags & UF_LOCKOUT) ConResPuts(StdOut, IDS_GENERIC_LOCKED); else ConResPuts(StdOut, IDS_GENERIC_YES); ConPuts(StdOut, L"\n"); PrintPaddedResourceString(IDS_USER_ACCOUNT_EXPIRES, nPaddedLength); if (pUserInfo->usri4_acct_expires == TIMEQ_FOREVER) ConResPuts(StdOut, IDS_GENERIC_NEVER); else PrintDateTime(pUserInfo->usri4_acct_expires); ConPuts(StdOut, L"\n\n"); PrintPaddedResourceString(IDS_USER_PW_LAST_SET, nPaddedLength); dwLastSet = GetTimeInSeconds() - pUserInfo->usri4_password_age; PrintDateTime(dwLastSet); PrintPaddedResourceString(IDS_USER_PW_EXPIRES, nPaddedLength); if ((pUserInfo->usri4_flags & UF_DONT_EXPIRE_PASSWD) || pUserModals->usrmod0_max_passwd_age == TIMEQ_FOREVER) ConResPuts(StdOut, IDS_GENERIC_NEVER); else PrintDateTime(dwLastSet + pUserModals->usrmod0_max_passwd_age); ConPuts(StdOut, L"\n"); PrintPaddedResourceString(IDS_USER_PW_CHANGEABLE, nPaddedLength); PrintDateTime(dwLastSet + pUserModals->usrmod0_min_passwd_age); PrintPaddedResourceString(IDS_USER_PW_REQUIRED, nPaddedLength); ConResPuts(StdOut, (pUserInfo->usri4_flags & UF_PASSWD_NOTREQD) ? IDS_GENERIC_NO : IDS_GENERIC_YES); ConPuts(StdOut, L"\n"); PrintPaddedResourceString(IDS_USER_CHANGE_PW, nPaddedLength); ConResPuts(StdOut, (pUserInfo->usri4_flags & UF_PASSWD_CANT_CHANGE) ? IDS_GENERIC_NO : IDS_GENERIC_YES); ConPuts(StdOut, L"\n\n"); PrintPaddedResourceString(IDS_USER_WORKSTATIONS, nPaddedLength); if (pUserInfo->usri4_workstations == NULL || wcslen(pUserInfo->usri4_workstations) == 0) ConResPuts(StdOut, IDS_GENERIC_ALL); else ConPrintf(StdOut, L"%s", pUserInfo->usri4_workstations); ConPuts(StdOut, L"\n"); PrintPaddedResourceString(IDS_USER_LOGON_SCRIPT, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_script_path); PrintPaddedResourceString(IDS_USER_PROFILE, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_profile); PrintPaddedResourceString(IDS_USER_HOME_DIR, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_home_dir); PrintPaddedResourceString(IDS_USER_LAST_LOGON, nPaddedLength); if (pUserInfo->usri4_last_logon == 0) ConResPuts(StdOut, IDS_GENERIC_NEVER); else PrintDateTime(pUserInfo->usri4_last_logon); ConPuts(StdOut, L"\n\n"); PrintPaddedResourceString(IDS_USER_LOGON_HOURS, nPaddedLength); if (pUserInfo->usri4_logon_hours == NULL) ConResPuts(StdOut, IDS_GENERIC_ALL); ConPuts(StdOut, L"\n\n"); ConPuts(StdOut, L"\n"); PrintPaddedResourceString(IDS_USER_LOCAL_GROUPS, nPaddedLength); if (dwLocalGroupTotal != 0 && pLocalGroupInfo != NULL) { for (i = 0; i < dwLocalGroupTotal; i++) { if (i != 0) PrintPadding(L' ', nPaddedLength); ConPrintf(StdOut, L"*%s\n", pLocalGroupInfo[i].lgrui0_name); } } else { ConPuts(StdOut, L"\n"); } PrintPaddedResourceString(IDS_USER_GLOBAL_GROUPS, nPaddedLength); if (dwGroupTotal != 0 && pGroupInfo != NULL) { for (i = 0; i < dwGroupTotal; i++) { if (i != 0) PrintPadding(L' ', nPaddedLength); ConPrintf(StdOut, L"*%s\n", pGroupInfo[i].grui0_name); } } else { ConPuts(StdOut, L"\n"); } done: if (pGroupInfo != NULL) NetApiBufferFree(pGroupInfo); if (pLocalGroupInfo != NULL) NetApiBufferFree(pLocalGroupInfo); if (pUserModals != NULL) NetApiBufferFree(pUserModals); if (pUserInfo != NULL) NetApiBufferFree(pUserInfo); return NERR_Success; }
/* returns 1 on success, 0 on failure */ int Valid_Global_Groups(char *UserName, const char **Groups) { int result = 0; WCHAR wszUserName[UNLEN + 1]; // Unicode user name WCHAR wszDomainControllerName[UNCLEN + 1]; char NTDomain[DNLEN + UNLEN + 2]; char *domain_qualify = NULL; char User[UNLEN + 1]; size_t j; LPGROUP_USERS_INFO_0 pUsrBuf = NULL; LPGROUP_USERS_INFO_0 pTmpBuf; PDOMAIN_CONTROLLER_INFO pDCInfo = NULL; DWORD dwLevel = 0; DWORD dwPrefMaxLen = -1; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; NET_API_STATUS nStatus; DWORD i; DWORD dwTotalCount = 0; LPBYTE pBufTmp = NULL; strncpy(NTDomain, UserName, sizeof(NTDomain)); for (j = 0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) { if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL) break; } if (domain_qualify == NULL) { strcpy(User, NTDomain); strcpy(NTDomain, DefaultDomain); } else { strcpy(User, domain_qualify + 1); domain_qualify[0] = '\0'; strlwr(NTDomain); } debug("Valid_Global_Groups: checking group membership of '%s\\%s'.\n", NTDomain, User); /* Convert ANSI User Name to Unicode */ MultiByteToWideChar(CP_ACP, 0, User, strlen(User) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0])); /* Query AD for a DC */ if (DsGetDcName(NULL, NTDomain, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_FLAT_NAME, &pDCInfo) != NO_ERROR) { fprintf(stderr, "%s DsGetDcName() failed.'\n", myname); if (pDCInfo != NULL) NetApiBufferFree(pDCInfo); return result; } /* Convert ANSI Domain Controller Name to Unicode */ MultiByteToWideChar(CP_ACP, 0, pDCInfo->DomainControllerName, strlen(pDCInfo->DomainControllerName) + 1, wszDomainControllerName, sizeof(wszDomainControllerName) / sizeof(wszDomainControllerName[0])); debug("Using '%S' as DC for '%s' user's domain.\n", wszDomainControllerName, NTDomain); debug("DC Active Directory Site is %s\n", pDCInfo->DcSiteName); debug("Machine Active Directory Site is %s\n", pDCInfo->ClientSiteName); /* * Call the NetUserGetGroups function * specifying information level 0. */ dwLevel = 0; pBufTmp = NULL; nStatus = NetUserGetGroups(wszDomainControllerName, wszUserName, dwLevel, &pBufTmp, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); pUsrBuf = (LPGROUP_USERS_INFO_0) pBufTmp; /* * If the call succeeds, */ if (nStatus == NERR_Success) { if ((pTmpBuf = pUsrBuf) != NULL) { for (i = 0; i < dwEntriesRead; i++) { assert(pTmpBuf != NULL); if (pTmpBuf == NULL) { result = 0; break; } if (wcstrcmparray(pTmpBuf->grui0_name, Groups) == 0) { result = 1; break; } pTmpBuf++; dwTotalCount++; } } } else { result = 0; fprintf(stderr, "%s NetUserGetGroups() failed.'\n", myname); } /* * Free the allocated memory. */ if (pUsrBuf != NULL) NetApiBufferFree(pUsrBuf); if (pDCInfo != NULL) NetApiBufferFree((LPVOID) pDCInfo); return result; }
static NET_API_STATUS test_netusergetgroups(struct torture_context *tctx, const char *hostname, uint32_t level, const char *username, const char *groupname) { NET_API_STATUS status; uint32_t entries_read = 0; uint32_t total_entries = 0; const char *current_name; int found_group = 0; uint8_t *buffer = NULL; int i; struct GROUP_USERS_INFO_0 *i0; struct GROUP_USERS_INFO_1 *i1; torture_comment(tctx, "Testing NetUserGetGroups level %d\n", level); do { status = NetUserGetGroups(hostname, username, level, &buffer, (uint32_t)-1, &entries_read, &total_entries); if (status == 0 || status == ERROR_MORE_DATA) { switch (level) { case 0: i0 = (struct GROUP_USERS_INFO_0 *)buffer; break; case 1: i1 = (struct GROUP_USERS_INFO_1 *)buffer; break; default: return -1; } for (i=0; i<entries_read; i++) { switch (level) { case 0: current_name = i0->grui0_name; break; case 1: current_name = i1->grui1_name; break; default: return -1; } if (groupname && strcasecmp(current_name, groupname) == 0) { found_group = 1; } switch (level) { case 0: i0++; break; case 1: i1++; break; default: break; } } NetApiBufferFree(buffer); } } while (status == ERROR_MORE_DATA); if (status) { return status; } if (groupname && !found_group) { torture_comment(tctx, "failed to get membership\n"); return -1; } return 0; }
static NET_API_STATUS DisplayUser(LPWSTR lpUserName) { PUSER_MODALS_INFO_0 pUserModals = NULL; PUSER_INFO_4 pUserInfo = NULL; PLOCALGROUP_USERS_INFO_0 pLocalGroupInfo = NULL; PGROUP_USERS_INFO_0 pGroupInfo = NULL; DWORD dwLocalGroupRead, dwLocalGroupTotal; DWORD dwGroupRead, dwGroupTotal; DWORD dwLastSet; DWORD i; WCHAR szCountry[40]; INT nPaddedLength = 36; NET_API_STATUS Status; /* Modify the user */ Status = NetUserGetInfo(NULL, lpUserName, 4, (LPBYTE*)&pUserInfo); if (Status != NERR_Success) return Status; Status = NetUserModalsGet(NULL, 0, (LPBYTE*)&pUserModals); if (Status != NERR_Success) goto done; Status = NetUserGetLocalGroups(NULL, lpUserName, 0, 0, (LPBYTE*)&pLocalGroupInfo, MAX_PREFERRED_LENGTH, &dwLocalGroupRead, &dwLocalGroupTotal); if (Status != NERR_Success) goto done; Status = NetUserGetGroups(NULL, lpUserName, 0, (LPBYTE*)&pGroupInfo, MAX_PREFERRED_LENGTH, &dwGroupRead, &dwGroupTotal); if (Status != NERR_Success) goto done; PrintPaddedMessageString(4411, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_name); PrintPaddedMessageString(4412, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_full_name); PrintPaddedMessageString(4413, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_comment); PrintPaddedMessageString(4414, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_usr_comment); PrintPaddedMessageString(4416, nPaddedLength); GetCountryFromCountryCode(pUserInfo->usri4_country_code, ARRAYSIZE(szCountry), szCountry); ConPrintf(StdOut, L"%03ld (%s)\n", pUserInfo->usri4_country_code, szCountry); PrintPaddedMessageString(4419, nPaddedLength); if (pUserInfo->usri4_flags & UF_ACCOUNTDISABLE) PrintMessageString(4301); else if (pUserInfo->usri4_flags & UF_LOCKOUT) PrintMessageString(4440); else PrintMessageString(4300); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4420, nPaddedLength); if (pUserInfo->usri4_acct_expires == TIMEQ_FOREVER) PrintMessageString(4305); else PrintDateTime(pUserInfo->usri4_acct_expires); ConPuts(StdOut, L"\n\n"); PrintPaddedMessageString(4421, nPaddedLength); dwLastSet = GetTimeInSeconds() - pUserInfo->usri4_password_age; PrintDateTime(dwLastSet); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4422, nPaddedLength); if ((pUserInfo->usri4_flags & UF_DONT_EXPIRE_PASSWD) || pUserModals->usrmod0_max_passwd_age == TIMEQ_FOREVER) PrintMessageString(4305); else PrintDateTime(dwLastSet + pUserModals->usrmod0_max_passwd_age); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4423, nPaddedLength); PrintDateTime(dwLastSet + pUserModals->usrmod0_min_passwd_age); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4437, nPaddedLength); PrintMessageString((pUserInfo->usri4_flags & UF_PASSWD_NOTREQD) ? 4301 : 4300); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4438, nPaddedLength); PrintMessageString((pUserInfo->usri4_flags & UF_PASSWD_CANT_CHANGE) ? 4301 : 4300); ConPuts(StdOut, L"\n\n"); PrintPaddedMessageString(4424, nPaddedLength); if (pUserInfo->usri4_workstations == NULL || wcslen(pUserInfo->usri4_workstations) == 0) PrintMessageString(4302); else ConPrintf(StdOut, L"%s", pUserInfo->usri4_workstations); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4429, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_script_path); PrintPaddedMessageString(4439, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_profile); PrintPaddedMessageString(4436, nPaddedLength); ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_home_dir); PrintPaddedMessageString(4430, nPaddedLength); if (pUserInfo->usri4_last_logon == 0) PrintMessageString(4305); else PrintDateTime(pUserInfo->usri4_last_logon); ConPuts(StdOut, L"\n\n"); PrintPaddedMessageString(4432, nPaddedLength); if (pUserInfo->usri4_logon_hours == NULL) PrintMessageString(4302); ConPuts(StdOut, L"\n\n"); ConPuts(StdOut, L"\n"); PrintPaddedMessageString(4427, nPaddedLength); if (dwLocalGroupTotal != 0 && pLocalGroupInfo != NULL) { for (i = 0; i < dwLocalGroupTotal; i++) { if (i != 0) PrintPadding(L' ', nPaddedLength); ConPrintf(StdOut, L"*%s\n", pLocalGroupInfo[i].lgrui0_name); } } else { ConPuts(StdOut, L"\n"); } PrintPaddedMessageString(4431, nPaddedLength); if (dwGroupTotal != 0 && pGroupInfo != NULL) { for (i = 0; i < dwGroupTotal; i++) { if (i != 0) PrintPadding(L' ', nPaddedLength); ConPrintf(StdOut, L"*%s\n", pGroupInfo[i].grui0_name); } } else { ConPuts(StdOut, L"\n"); } done: if (pGroupInfo != NULL) NetApiBufferFree(pGroupInfo); if (pLocalGroupInfo != NULL) NetApiBufferFree(pLocalGroupInfo); if (pUserModals != NULL) NetApiBufferFree(pUserModals); if (pUserInfo != NULL) NetApiBufferFree(pUserInfo); return NERR_Success; }