APIERR MNetUserGetGroups(
const TCHAR FAR * pszServer,
const TCHAR FAR * pszUserName,
UINT Level,
BYTE FAR ** ppbBuffer,
UINT FAR * pcEntriesRead )
{
DWORD cTotalAvail;
return (APIERR)NetUserGetGroups( (TCHAR *)pszServer,
(TCHAR *)pszUserName,
Level,
ppbBuffer,
MAXPREFERREDLENGTH,
pcEntriesRead,
&cTotalAvail );
} // MNetUserGetGroups
static int get_user_global_groups(WCHAR *user, struct oscap_list *list)
{
NET_API_STATUS status;
GROUP_USERS_INFO_0 *buffer = NULL;
DWORD preffered_max_len = MAX_PREFERRED_LENGTH;
DWORD entries_read = 0;
DWORD total_entries = 0;
status = NetUserGetGroups(NULL, user, 0, (LPBYTE *)&buffer, preffered_max_len, &entries_read, &total_entries);
if (status != NERR_Success) {
dD("NetUserGetGroups failed: %d", status);
return 1;
}
for (DWORD i = 0; i < entries_read; i++) {
WCHAR *group_name = buffer[i].grui0_name;
oscap_list_add(list, wcsdup(group_name));
}
NetApiBufferFree(buffer);
return 0;
}
int SetupTokenGroups(PTOKEN_GROUPS *groupsToken, wchar_t *userNameW)
{
wchar_t **localGroups = NULL;
wchar_t **globalGroups = NULL;
DWORD nLocalGroups = 0;
DWORD nLocalGroupsTot = 0;
DWORD nGlobalGroups = 0;
DWORD nGlobalGroupsTot = 0;
DWORD nGroupsTotal = 0;
DWORD size;
int i;
int exitCode = 1;
/*
* Retrieve local groups, which user belong to.
*/
debug("Retrieving local groups list...");
FAIL(NetUserGetLocalGroups(NULL, userNameW, 0,
LG_INCLUDE_INDIRECT,
(LPBYTE *) &localGroups,
MAX_PREFERRED_LENGTH,
&nLocalGroups,
&nLocalGroupsTot));
debug("Retrieving global groups list...");
/*
* Retrieve global groups, which user belong to.
*/
FAIL(NetUserGetGroups(NULL, userNameW, 0, (LPBYTE *)
&globalGroups, MAX_PREFERRED_LENGTH,
&nGlobalGroups, &nGlobalGroupsTot));
/*
* Allocate buffer for TOKEN_GROUPS struct.
*
* We assume user belong to Everyone, AuthenticatedUsers, Local, Interactive
* and groups retrievied from NetUserGetLocalGroups() and NetUserGetGroups()
* for given user.
*/
nGroupsTotal = nLocalGroups + nGlobalGroups + 4;
size = (nGroupsTotal + 1) * sizeof(SID_AND_ATTRIBUTES) + sizeof(DWORD);
*groupsToken = (TOKEN_GROUPS *) LocalAlloc(LPTR, size);
(*groupsToken) -> GroupCount = nGroupsTotal;
/*
* Write SIDs of local groups into TOKEN_GROUPS struct.
*/
#define INSIDE_GROUP_FLAG SE_GROUP_ENABLED\
| SE_GROUP_ENABLED_BY_DEFAULT\
| SE_GROUP_MANDATORY
int delta = 4;
for (i = 0; i < nLocalGroups; i++)
{
FAIL(GetSidW(&(*groupsToken) -> Groups[i + delta].Sid, localGroups[i]));
(*groupsToken) -> Groups[i + delta].Attributes = INSIDE_GROUP_FLAG;
}
/*
* Write SIDs of global groups into TOKEN_GROUPS struct.
*/
delta = 4 + nLocalGroups;
for (i = 0; i < nGlobalGroups; i++)
{
FAIL(GetSidW(&(*groupsToken) -> Groups[delta + i].Sid, globalGroups[i]));
(*groupsToken) -> Groups[delta + i].Attributes = INSIDE_GROUP_FLAG;
}
/*
* Write SIDs of Everyone, AuthenticatedUsers, Local and Interactive
* groups into TOKEN_GROUPS struct.
*/
(*groupsToken) -> Groups[0].Sid = EveryoneSID();
(*groupsToken) -> Groups[0].Attributes = INSIDE_GROUP_FLAG;
(*groupsToken) -> Groups[1].Sid = AuthenticatedUsersSID();
(*groupsToken) -> Groups[1].Attributes = INSIDE_GROUP_FLAG;
(*groupsToken) -> Groups[2].Sid = LocalSID();
(*groupsToken) -> Groups[2].Attributes = INSIDE_GROUP_FLAG;
(*groupsToken) -> Groups[3].Sid = InteractiveSID();
(*groupsToken) -> Groups[3].Attributes = INSIDE_GROUP_FLAG;
exitCode = 0;
fail:
/*
* Clean up.
*/
NetApiBufferFree(localGroups);
NetApiBufferFree(globalGroups);
if (exitCode)
{
debug("ERROR. Failed to setup TOKEN_GROUPS (%u).", GetLastError());
}
return exitCode;
}
int main(int argc, const char **argv)
{
NET_API_STATUS status;
struct libnetapi_ctx *ctx = NULL;
const char *hostname = NULL;
const char *username = NULL;
uint32_t level = 0;
uint8_t *buffer = NULL;
uint32_t entries_read = 0;
uint32_t total_entries = 0;
int i;
struct GROUP_USERS_INFO_0 *info0 = NULL;
struct GROUP_USERS_INFO_1 *info1 = NULL;
poptContext pc;
int opt;
struct poptOption long_options[] = {
POPT_AUTOHELP
POPT_COMMON_LIBNETAPI_EXAMPLES
POPT_TABLEEND
};
status = libnetapi_init(&ctx);
if (status != 0) {
return status;
}
pc = poptGetContext("user_getgroups", argc, argv, long_options, 0);
poptSetOtherOptionHelp(pc, "hostname username level");
while((opt = poptGetNextOpt(pc)) != -1) {
}
if (!poptPeekArg(pc)) {
poptPrintHelp(pc, stderr, 0);
goto out;
}
hostname = poptGetArg(pc);
if (!poptPeekArg(pc)) {
poptPrintHelp(pc, stderr, 0);
goto out;
}
username = poptGetArg(pc);
if (poptPeekArg(pc)) {
level = atoi(poptGetArg(pc));
}
/* NetUserGetGroups */
do {
status = NetUserGetGroups(hostname,
username,
level,
&buffer,
(uint32_t)-1,
&entries_read,
&total_entries);
if (status == 0 || status == ERROR_MORE_DATA) {
switch (level) {
case 0:
info0 = (struct GROUP_USERS_INFO_0 *)buffer;
break;
case 1:
info1 = (struct GROUP_USERS_INFO_1 *)buffer;
break;
default:
break;
}
for (i=0; i<entries_read; i++) {
switch (level) {
case 0:
printf("#%d group: %s\n", i, info0->grui0_name);
info0++;
break;
case 1:
printf("#%d group: %s\n", i, info1->grui1_name);
printf("#%d attributes: %d\n", i, info1->grui1_attributes);
info1++;
break;
default:
break;
}
}
NetApiBufferFree(buffer);
}
} while (status == ERROR_MORE_DATA);
if (status != 0) {
printf("NetUserGetGroups failed with: %s\n",
libnetapi_get_error_string(ctx, status));
}
out:
libnetapi_free(ctx);
poptFreeContext(pc);
return status;
}
// @pymethod [(groupName, attribute), ...]|win32net|NetUserGetGroups|Returns a list of groups,attributes for all groups for the user.
// @todo This needs to be extended to support the new model, while
// not breaking existing code. A default arg would be perfect.
PyObject *
PyNetUserGetGroups( PyObject *self, PyObject *args)
{
DWORD dwBuffsize = MAX_PREFERRED_LENGTH;
PyWin_AutoFreeBstr wzServerName; // storage for incoming servername string pointer
PyWin_AutoFreeBstr wzUserName; // incoming username
PyObject * obServerName;
PyObject * obUserName;
if (!PyArg_ParseTuple(args, "OO:NetUserGetGroups",
&obServerName, // @pyparm string|serverName||The name of the remote server on which the function is to execute. None or an empty string specifies the server program running on the local computer.
&obUserName)) // @pyparm string|userName||The name of the user to search for in each group account.
return NULL;
if (!PyWinObject_AsAutoFreeBstr(obServerName, &wzServerName, TRUE))
return NULL;
if (!PyWinObject_AsAutoFreeBstr(obUserName, &wzUserName, FALSE))
return NULL;
DWORD dwMaxCount, dwCount; // see the win32api call for how these are used.
GROUP_USERS_INFO_1 *lpBuffer;
NET_API_STATUS Errno;
dwMaxCount = dwCount = 0;
PyObject * pRetlist = PyList_New(0); //create a return list of 0 size
if (pRetlist==NULL) return NULL; // did we err?
Py_BEGIN_ALLOW_THREADS
Errno = NetUserGetGroups((BSTR)wzServerName, (BSTR)wzUserName, 1, (LPBYTE *)&lpBuffer, dwBuffsize, &dwCount, &dwMaxCount);
Py_END_ALLOW_THREADS
if (Errno == NERR_Success) // if no error, then build the list
{
GROUP_USERS_INFO_1 *p_nr = lpBuffer; // Enum Resource returns a buffer of successive structs
if (dwCount > 0) // we actually got something
{
do
{
PyObject *obName = PyWinObject_FromWCHAR(p_nr->grui1_name);
PyObject *t_ob = Py_BuildValue("(Oi)",obName, p_nr->grui1_attributes);
Py_XDECREF(obName);
int listerr = PyList_Append(pRetlist,t_ob); // append our obj...Append does an INCREF!
Py_DECREF(t_ob);
if (listerr) // or bail
{
Py_DECREF(pRetlist); // free the Python List
NetApiBufferFree((LPVOID)lpBuffer);
return NULL;
}
p_nr++; // next object (its a ++ because it is a typed pointer!)
dwCount--;
} while (dwCount);
}; // if (dwCount > 0)
}
else { // ERROR Occurred
Py_DECREF(pRetlist);
return ReturnNetError("NetUserGetGroups", Errno);
}
// @rdesc Always makes the level 1 call and returns all data.
// Data return format is a Python List. Each "Item"
// is a tuple of (groupname, attributes). "(s,i)" respectively. In NT 4 the attributes seem to be hardcoded to 7.
// Earlier version of NT have not been tested.
NetApiBufferFree((LPVOID)lpBuffer);
return pRetlist;
}
isc_result_t
isc_ntsecurity_getaccountgroups (char *username, char **GroupList, unsigned int maxgroups, unsigned int *totalGroups)
{
LPGROUP_USERS_INFO_0 pTmpBuf;
LPLOCALGROUP_USERS_INFO_0 pTmpLBuf;
DWORD i;
LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
LPGROUP_USERS_INFO_0 pgrpBuf = NULL;
DWORD dwLevel = 0;
DWORD dwFlags = LG_INCLUDE_INDIRECT;
DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
NET_API_STATUS nStatus;
DWORD dwTotalCount = 0;
size_t retlen;
wchar_t user[MAX_NAME_LENGTH];
retlen = mbstowcs (user, username, MAX_NAME_LENGTH);
*totalGroups = 0;
/*
* Call the NetUserGetLocalGroups function
* specifying information level 0.
*
* The LG_INCLUDE_INDIRECT flag specifies that the
* function should also return the names of the local
* groups in which the user is indirectly a member.
*/
nStatus = NetUserGetLocalGroups (NULL,
user,
dwLevel,
dwFlags, (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
/*
* See if the call succeeds,
*/
if (nStatus != NERR_Success)
{
if (nStatus == ERROR_ACCESS_DENIED)
return (ISC_R_NOPERM);
if (nStatus == ERROR_MORE_DATA)
return (ISC_R_NOSPACE);
if (nStatus == NERR_UserNotFound)
dwEntriesRead = 0;
}
dwTotalCount = 0;
if (pBuf != NULL)
{
pTmpLBuf = pBuf;
/*
* Loop through the entries
*/
for (i = 0; (i < dwEntriesRead && *totalGroups < maxgroups); i++)
{
assert (pTmpLBuf != NULL);
if (pTmpLBuf == NULL)
break;
retlen = wcslen (pTmpLBuf->lgrui0_name);
GroupList[*totalGroups] = (char *) malloc (retlen + 1);
if (GroupList[*totalGroups] == NULL)
return (ISC_R_NOMEMORY);
retlen = wcstombs (GroupList[*totalGroups], pTmpLBuf->lgrui0_name, retlen);
GroupList[*totalGroups][retlen] = '\0';
if (strcmp (GroupList[*totalGroups], "None") == 0)
free (GroupList[*totalGroups]);
else
(*totalGroups)++;
pTmpLBuf++;
}
}
/* Free the allocated memory. */
if (pBuf != NULL)
NetApiBufferFree (pBuf);
/*
* Call the NetUserGetGroups function, specifying level 0.
*/
nStatus = NetUserGetGroups (NULL,
user, dwLevel, (LPBYTE *) & pgrpBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
/*
* See if the call succeeds,
*/
if (nStatus != NERR_Success)
{
if (nStatus == ERROR_ACCESS_DENIED)
return (ISC_R_NOPERM);
if (nStatus == ERROR_MORE_DATA)
return (ISC_R_NOSPACE);
if (nStatus == NERR_UserNotFound)
dwEntriesRead = 0;
}
if (pgrpBuf != NULL)
{
pTmpBuf = pgrpBuf;
/*
* Loop through the entries
*/
for (i = 0; (i < dwEntriesRead && *totalGroups < maxgroups); i++)
{
assert (pTmpBuf != NULL);
if (pTmpBuf == NULL)
break;
retlen = wcslen (pTmpBuf->grui0_name);
GroupList[*totalGroups] = (char *) malloc (retlen + 1);
if (GroupList[*totalGroups] == NULL)
return (ISC_R_NOMEMORY);
retlen = wcstombs (GroupList[*totalGroups], pTmpBuf->grui0_name, retlen);
GroupList[*totalGroups][retlen] = '\0';
if (strcmp (GroupList[*totalGroups], "None") == 0)
free (GroupList[*totalGroups]);
else
(*totalGroups)++;
pTmpBuf++;
}
}
/*
* Free the allocated memory.
*/
if (pgrpBuf != NULL)
NetApiBufferFree (pgrpBuf);
return (ISC_R_SUCCESS);
}
Boolean System::isGroupMember(const char* userName, const char* groupName)
{
Boolean retVal = false;
LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
DWORD dwLevel = 0;
DWORD dwFlags = LG_INCLUDE_INDIRECT ;
DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
NET_API_STATUS nStatus;
wchar_t wcUserName[UNLEN+1];
wchar_t wcGroupName[UNLEN+1];
//Convert user name to unicode
if (!MultiByteToWideChar(CP_ACP,0,userName, -1, wcUserName,
strlen(userName)+1))
{
return false;
}
//Convert group name to unicode
if (!MultiByteToWideChar(CP_ACP, 0, groupName, -1, wcGroupName,
strlen(groupName)+1))
{
return false;
}
//
// Call the NetUserGetLocalGroups function
// specifying information level 0.
//
// The LG_INCLUDE_INDIRECT flag specifies that the
// function should also return the names of the local
// groups in which the user is indirectly a member.
//
nStatus = NetUserGetLocalGroups(
NULL,
(LPCWSTR)wcUserName,
dwLevel,
dwFlags,
(LPBYTE *) &pBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries);
//
// If the call succeeds,
//
if (nStatus == NERR_Success)
{
LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
DWORD i;
DWORD dwTotalCount = 0;
if ((pTmpBuf = pBuf) != NULL)
{
//
// Loop through the local groups that the user belongs
// and find the matching group name.
//
for (i = 0; i < dwEntriesRead; i++)
{
//
// Compare the user's group name to groupName.
//
if (wcscmp(pTmpBuf->lgrui0_name, wcGroupName) == 0)
{
// User is a member of the group.
retVal = true;
break;
}
pTmpBuf++;
dwTotalCount++;
}
}
}
//
// Free the allocated memory.
//
if (pBuf != NULL)
NetApiBufferFree(pBuf);
//
// If the given user and group are not found in the local group
// then try on the global groups.
//
if (!retVal)
{
LPGROUP_USERS_INFO_0 pBuf = NULL;
dwLevel = 0;
dwPrefMaxLen = MAX_PREFERRED_LENGTH;
dwEntriesRead = 0;
dwTotalEntries = 0;
//
// Call the NetUserGetGroups function, specifying level 0.
//
nStatus = NetUserGetGroups(
NULL,
(LPCWSTR)wcUserName,
dwLevel,
(LPBYTE*)&pBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries);
//
// If the call succeeds,
//
if (nStatus == NERR_Success)
{
LPGROUP_USERS_INFO_0 pTmpBuf;
DWORD i;
DWORD dwTotalCount = 0;
if ((pTmpBuf = pBuf) != NULL)
{
//
// Loop through the global groups to which the user belongs
// and find the matching group name.
//
for (i = 0; i < dwEntriesRead; i++)
{
//
// Compare the user's group name to groupName.
//
if (wcscmp(pTmpBuf->grui0_name, wcGroupName) == 0)
{
// User is a member of the group.
retVal = true;
break;
}
pTmpBuf++;
dwTotalCount++;
}
}
}
//
// Free the allocated buffer.
//
if (pBuf != NULL)
NetApiBufferFree(pBuf);
}
return retVal;
}
static
NET_API_STATUS
DisplayUser(LPWSTR lpUserName)
{
PUSER_MODALS_INFO_0 pUserModals = NULL;
PUSER_INFO_4 pUserInfo = NULL;
PLOCALGROUP_USERS_INFO_0 pLocalGroupInfo = NULL;
PGROUP_USERS_INFO_0 pGroupInfo = NULL;
DWORD dwLocalGroupRead, dwLocalGroupTotal;
DWORD dwGroupRead, dwGroupTotal;
DWORD dwLastSet;
DWORD i;
INT nPaddedLength = 29;
NET_API_STATUS Status;
/* Modify the user */
Status = NetUserGetInfo(NULL,
lpUserName,
4,
(LPBYTE*)&pUserInfo);
if (Status != NERR_Success)
return Status;
Status = NetUserModalsGet(NULL,
0,
(LPBYTE*)&pUserModals);
if (Status != NERR_Success)
goto done;
Status = NetUserGetLocalGroups(NULL,
lpUserName,
0,
0,
(LPBYTE*)&pLocalGroupInfo,
MAX_PREFERRED_LENGTH,
&dwLocalGroupRead,
&dwLocalGroupTotal);
if (Status != NERR_Success)
goto done;
Status = NetUserGetGroups(NULL,
lpUserName,
0,
(LPBYTE*)&pGroupInfo,
MAX_PREFERRED_LENGTH,
&dwGroupRead,
&dwGroupTotal);
if (Status != NERR_Success)
goto done;
PrintPaddedResourceString(IDS_USER_NAME, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_name);
PrintPaddedResourceString(IDS_USER_FULL_NAME, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_full_name);
PrintPaddedResourceString(IDS_USER_COMMENT, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_comment);
PrintPaddedResourceString(IDS_USER_USER_COMMENT, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_usr_comment);
PrintPaddedResourceString(IDS_USER_COUNTRY_CODE, nPaddedLength);
ConPrintf(StdOut, L"%03ld ()\n", pUserInfo->usri4_country_code);
PrintPaddedResourceString(IDS_USER_ACCOUNT_ACTIVE, nPaddedLength);
if (pUserInfo->usri4_flags & UF_ACCOUNTDISABLE)
ConResPuts(StdOut, IDS_GENERIC_NO);
else if (pUserInfo->usri4_flags & UF_LOCKOUT)
ConResPuts(StdOut, IDS_GENERIC_LOCKED);
else
ConResPuts(StdOut, IDS_GENERIC_YES);
ConPuts(StdOut, L"\n");
PrintPaddedResourceString(IDS_USER_ACCOUNT_EXPIRES, nPaddedLength);
if (pUserInfo->usri4_acct_expires == TIMEQ_FOREVER)
ConResPuts(StdOut, IDS_GENERIC_NEVER);
else
PrintDateTime(pUserInfo->usri4_acct_expires);
ConPuts(StdOut, L"\n\n");
PrintPaddedResourceString(IDS_USER_PW_LAST_SET, nPaddedLength);
dwLastSet = GetTimeInSeconds() - pUserInfo->usri4_password_age;
PrintDateTime(dwLastSet);
PrintPaddedResourceString(IDS_USER_PW_EXPIRES, nPaddedLength);
if ((pUserInfo->usri4_flags & UF_DONT_EXPIRE_PASSWD) || pUserModals->usrmod0_max_passwd_age == TIMEQ_FOREVER)
ConResPuts(StdOut, IDS_GENERIC_NEVER);
else
PrintDateTime(dwLastSet + pUserModals->usrmod0_max_passwd_age);
ConPuts(StdOut, L"\n");
PrintPaddedResourceString(IDS_USER_PW_CHANGEABLE, nPaddedLength);
PrintDateTime(dwLastSet + pUserModals->usrmod0_min_passwd_age);
PrintPaddedResourceString(IDS_USER_PW_REQUIRED, nPaddedLength);
ConResPuts(StdOut, (pUserInfo->usri4_flags & UF_PASSWD_NOTREQD) ? IDS_GENERIC_NO : IDS_GENERIC_YES);
ConPuts(StdOut, L"\n");
PrintPaddedResourceString(IDS_USER_CHANGE_PW, nPaddedLength);
ConResPuts(StdOut, (pUserInfo->usri4_flags & UF_PASSWD_CANT_CHANGE) ? IDS_GENERIC_NO : IDS_GENERIC_YES);
ConPuts(StdOut, L"\n\n");
PrintPaddedResourceString(IDS_USER_WORKSTATIONS, nPaddedLength);
if (pUserInfo->usri4_workstations == NULL || wcslen(pUserInfo->usri4_workstations) == 0)
ConResPuts(StdOut, IDS_GENERIC_ALL);
else
ConPrintf(StdOut, L"%s", pUserInfo->usri4_workstations);
ConPuts(StdOut, L"\n");
PrintPaddedResourceString(IDS_USER_LOGON_SCRIPT, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_script_path);
PrintPaddedResourceString(IDS_USER_PROFILE, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_profile);
PrintPaddedResourceString(IDS_USER_HOME_DIR, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_home_dir);
PrintPaddedResourceString(IDS_USER_LAST_LOGON, nPaddedLength);
if (pUserInfo->usri4_last_logon == 0)
ConResPuts(StdOut, IDS_GENERIC_NEVER);
else
PrintDateTime(pUserInfo->usri4_last_logon);
ConPuts(StdOut, L"\n\n");
PrintPaddedResourceString(IDS_USER_LOGON_HOURS, nPaddedLength);
if (pUserInfo->usri4_logon_hours == NULL)
ConResPuts(StdOut, IDS_GENERIC_ALL);
ConPuts(StdOut, L"\n\n");
ConPuts(StdOut, L"\n");
PrintPaddedResourceString(IDS_USER_LOCAL_GROUPS, nPaddedLength);
if (dwLocalGroupTotal != 0 && pLocalGroupInfo != NULL)
{
for (i = 0; i < dwLocalGroupTotal; i++)
{
if (i != 0)
PrintPadding(L' ', nPaddedLength);
ConPrintf(StdOut, L"*%s\n", pLocalGroupInfo[i].lgrui0_name);
}
}
else
{
ConPuts(StdOut, L"\n");
}
PrintPaddedResourceString(IDS_USER_GLOBAL_GROUPS, nPaddedLength);
if (dwGroupTotal != 0 && pGroupInfo != NULL)
{
for (i = 0; i < dwGroupTotal; i++)
{
if (i != 0)
PrintPadding(L' ', nPaddedLength);
ConPrintf(StdOut, L"*%s\n", pGroupInfo[i].grui0_name);
}
}
else
{
ConPuts(StdOut, L"\n");
}
done:
if (pGroupInfo != NULL)
NetApiBufferFree(pGroupInfo);
if (pLocalGroupInfo != NULL)
NetApiBufferFree(pLocalGroupInfo);
if (pUserModals != NULL)
NetApiBufferFree(pUserModals);
if (pUserInfo != NULL)
NetApiBufferFree(pUserInfo);
return NERR_Success;
}
/* returns 1 on success, 0 on failure */
int
Valid_Global_Groups(char *UserName, const char **Groups)
{
int result = 0;
WCHAR wszUserName[UNLEN + 1]; // Unicode user name
WCHAR wszDomainControllerName[UNCLEN + 1];
char NTDomain[DNLEN + UNLEN + 2];
char *domain_qualify = NULL;
char User[UNLEN + 1];
size_t j;
LPGROUP_USERS_INFO_0 pUsrBuf = NULL;
LPGROUP_USERS_INFO_0 pTmpBuf;
PDOMAIN_CONTROLLER_INFO pDCInfo = NULL;
DWORD dwLevel = 0;
DWORD dwPrefMaxLen = -1;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
NET_API_STATUS nStatus;
DWORD i;
DWORD dwTotalCount = 0;
LPBYTE pBufTmp = NULL;
strncpy(NTDomain, UserName, sizeof(NTDomain));
for (j = 0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) {
if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL)
break;
}
if (domain_qualify == NULL) {
strcpy(User, NTDomain);
strcpy(NTDomain, DefaultDomain);
} else {
strcpy(User, domain_qualify + 1);
domain_qualify[0] = '\0';
strlwr(NTDomain);
}
debug("Valid_Global_Groups: checking group membership of '%s\\%s'.\n", NTDomain, User);
/* Convert ANSI User Name to Unicode */
MultiByteToWideChar(CP_ACP, 0, User,
strlen(User) + 1, wszUserName,
sizeof(wszUserName) / sizeof(wszUserName[0]));
/* Query AD for a DC */
if (DsGetDcName(NULL, NTDomain, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_FLAT_NAME, &pDCInfo) != NO_ERROR) {
fprintf(stderr, "%s DsGetDcName() failed.'\n", myname);
if (pDCInfo != NULL)
NetApiBufferFree(pDCInfo);
return result;
}
/* Convert ANSI Domain Controller Name to Unicode */
MultiByteToWideChar(CP_ACP, 0, pDCInfo->DomainControllerName,
strlen(pDCInfo->DomainControllerName) + 1, wszDomainControllerName,
sizeof(wszDomainControllerName) / sizeof(wszDomainControllerName[0]));
debug("Using '%S' as DC for '%s' user's domain.\n", wszDomainControllerName, NTDomain);
debug("DC Active Directory Site is %s\n", pDCInfo->DcSiteName);
debug("Machine Active Directory Site is %s\n", pDCInfo->ClientSiteName);
/*
* Call the NetUserGetGroups function
* specifying information level 0.
*/
dwLevel = 0;
pBufTmp = NULL;
nStatus = NetUserGetGroups(wszDomainControllerName,
wszUserName,
dwLevel,
&pBufTmp,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries);
pUsrBuf = (LPGROUP_USERS_INFO_0) pBufTmp;
/*
* If the call succeeds,
*/
if (nStatus == NERR_Success) {
if ((pTmpBuf = pUsrBuf) != NULL) {
for (i = 0; i < dwEntriesRead; i++) {
assert(pTmpBuf != NULL);
if (pTmpBuf == NULL) {
result = 0;
break;
}
if (wcstrcmparray(pTmpBuf->grui0_name, Groups) == 0) {
result = 1;
break;
}
pTmpBuf++;
dwTotalCount++;
}
}
} else {
result = 0;
fprintf(stderr, "%s NetUserGetGroups() failed.'\n", myname);
}
/*
* Free the allocated memory.
*/
if (pUsrBuf != NULL)
NetApiBufferFree(pUsrBuf);
if (pDCInfo != NULL)
NetApiBufferFree((LPVOID) pDCInfo);
return result;
}
static NET_API_STATUS test_netusergetgroups(struct torture_context *tctx,
const char *hostname,
uint32_t level,
const char *username,
const char *groupname)
{
NET_API_STATUS status;
uint32_t entries_read = 0;
uint32_t total_entries = 0;
const char *current_name;
int found_group = 0;
uint8_t *buffer = NULL;
int i;
struct GROUP_USERS_INFO_0 *i0;
struct GROUP_USERS_INFO_1 *i1;
torture_comment(tctx, "Testing NetUserGetGroups level %d\n", level);
do {
status = NetUserGetGroups(hostname,
username,
level,
&buffer,
(uint32_t)-1,
&entries_read,
&total_entries);
if (status == 0 || status == ERROR_MORE_DATA) {
switch (level) {
case 0:
i0 = (struct GROUP_USERS_INFO_0 *)buffer;
break;
case 1:
i1 = (struct GROUP_USERS_INFO_1 *)buffer;
break;
default:
return -1;
}
for (i=0; i<entries_read; i++) {
switch (level) {
case 0:
current_name = i0->grui0_name;
break;
case 1:
current_name = i1->grui1_name;
break;
default:
return -1;
}
if (groupname && strcasecmp(current_name, groupname) == 0) {
found_group = 1;
}
switch (level) {
case 0:
i0++;
break;
case 1:
i1++;
break;
default:
break;
}
}
NetApiBufferFree(buffer);
}
} while (status == ERROR_MORE_DATA);
if (status) {
return status;
}
if (groupname && !found_group) {
torture_comment(tctx, "failed to get membership\n");
return -1;
}
return 0;
}
static
NET_API_STATUS
DisplayUser(LPWSTR lpUserName)
{
PUSER_MODALS_INFO_0 pUserModals = NULL;
PUSER_INFO_4 pUserInfo = NULL;
PLOCALGROUP_USERS_INFO_0 pLocalGroupInfo = NULL;
PGROUP_USERS_INFO_0 pGroupInfo = NULL;
DWORD dwLocalGroupRead, dwLocalGroupTotal;
DWORD dwGroupRead, dwGroupTotal;
DWORD dwLastSet;
DWORD i;
WCHAR szCountry[40];
INT nPaddedLength = 36;
NET_API_STATUS Status;
/* Modify the user */
Status = NetUserGetInfo(NULL,
lpUserName,
4,
(LPBYTE*)&pUserInfo);
if (Status != NERR_Success)
return Status;
Status = NetUserModalsGet(NULL,
0,
(LPBYTE*)&pUserModals);
if (Status != NERR_Success)
goto done;
Status = NetUserGetLocalGroups(NULL,
lpUserName,
0,
0,
(LPBYTE*)&pLocalGroupInfo,
MAX_PREFERRED_LENGTH,
&dwLocalGroupRead,
&dwLocalGroupTotal);
if (Status != NERR_Success)
goto done;
Status = NetUserGetGroups(NULL,
lpUserName,
0,
(LPBYTE*)&pGroupInfo,
MAX_PREFERRED_LENGTH,
&dwGroupRead,
&dwGroupTotal);
if (Status != NERR_Success)
goto done;
PrintPaddedMessageString(4411, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_name);
PrintPaddedMessageString(4412, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_full_name);
PrintPaddedMessageString(4413, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_comment);
PrintPaddedMessageString(4414, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_usr_comment);
PrintPaddedMessageString(4416, nPaddedLength);
GetCountryFromCountryCode(pUserInfo->usri4_country_code,
ARRAYSIZE(szCountry), szCountry);
ConPrintf(StdOut, L"%03ld (%s)\n", pUserInfo->usri4_country_code, szCountry);
PrintPaddedMessageString(4419, nPaddedLength);
if (pUserInfo->usri4_flags & UF_ACCOUNTDISABLE)
PrintMessageString(4301);
else if (pUserInfo->usri4_flags & UF_LOCKOUT)
PrintMessageString(4440);
else
PrintMessageString(4300);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4420, nPaddedLength);
if (pUserInfo->usri4_acct_expires == TIMEQ_FOREVER)
PrintMessageString(4305);
else
PrintDateTime(pUserInfo->usri4_acct_expires);
ConPuts(StdOut, L"\n\n");
PrintPaddedMessageString(4421, nPaddedLength);
dwLastSet = GetTimeInSeconds() - pUserInfo->usri4_password_age;
PrintDateTime(dwLastSet);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4422, nPaddedLength);
if ((pUserInfo->usri4_flags & UF_DONT_EXPIRE_PASSWD) || pUserModals->usrmod0_max_passwd_age == TIMEQ_FOREVER)
PrintMessageString(4305);
else
PrintDateTime(dwLastSet + pUserModals->usrmod0_max_passwd_age);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4423, nPaddedLength);
PrintDateTime(dwLastSet + pUserModals->usrmod0_min_passwd_age);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4437, nPaddedLength);
PrintMessageString((pUserInfo->usri4_flags & UF_PASSWD_NOTREQD) ? 4301 : 4300);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4438, nPaddedLength);
PrintMessageString((pUserInfo->usri4_flags & UF_PASSWD_CANT_CHANGE) ? 4301 : 4300);
ConPuts(StdOut, L"\n\n");
PrintPaddedMessageString(4424, nPaddedLength);
if (pUserInfo->usri4_workstations == NULL || wcslen(pUserInfo->usri4_workstations) == 0)
PrintMessageString(4302);
else
ConPrintf(StdOut, L"%s", pUserInfo->usri4_workstations);
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4429, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_script_path);
PrintPaddedMessageString(4439, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_profile);
PrintPaddedMessageString(4436, nPaddedLength);
ConPrintf(StdOut, L"%s\n", pUserInfo->usri4_home_dir);
PrintPaddedMessageString(4430, nPaddedLength);
if (pUserInfo->usri4_last_logon == 0)
PrintMessageString(4305);
else
PrintDateTime(pUserInfo->usri4_last_logon);
ConPuts(StdOut, L"\n\n");
PrintPaddedMessageString(4432, nPaddedLength);
if (pUserInfo->usri4_logon_hours == NULL)
PrintMessageString(4302);
ConPuts(StdOut, L"\n\n");
ConPuts(StdOut, L"\n");
PrintPaddedMessageString(4427, nPaddedLength);
if (dwLocalGroupTotal != 0 && pLocalGroupInfo != NULL)
{
for (i = 0; i < dwLocalGroupTotal; i++)
{
if (i != 0)
PrintPadding(L' ', nPaddedLength);
ConPrintf(StdOut, L"*%s\n", pLocalGroupInfo[i].lgrui0_name);
}
}
else
{
ConPuts(StdOut, L"\n");
}
PrintPaddedMessageString(4431, nPaddedLength);
if (dwGroupTotal != 0 && pGroupInfo != NULL)
{
for (i = 0; i < dwGroupTotal; i++)
{
if (i != 0)
PrintPadding(L' ', nPaddedLength);
ConPrintf(StdOut, L"*%s\n", pGroupInfo[i].grui0_name);
}
}
else
{
ConPuts(StdOut, L"\n");
}
done:
if (pGroupInfo != NULL)
NetApiBufferFree(pGroupInfo);
if (pLocalGroupInfo != NULL)
NetApiBufferFree(pLocalGroupInfo);
if (pUserModals != NULL)
NetApiBufferFree(pUserModals);
if (pUserInfo != NULL)
NetApiBufferFree(pUserInfo);
return NERR_Success;
}