NET_API_STATUS
NetGetDomainName(
IN PCWSTR pwszHostname,
OUT PWSTR *ppwszDomainName
)
{
const DWORD dwConnAccess = SAMR_ACCESS_OPEN_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS;
NTSTATUS ntStatus = STATUS_SUCCESS;
WINERROR err = ERROR_SUCCESS;
PNET_CONN pConn = NULL;
size_t sDomainNameLen = 0;
PWSTR pwszDomainName = NULL;
PIO_CREDS pCreds = NULL;
BAIL_ON_INVALID_PTR(ppwszDomainName, err);
ntStatus = LwIoGetActiveCreds(NULL, &pCreds);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = NetConnectSamr(&pConn, pwszHostname, dwConnAccess, 0, pCreds);
BAIL_ON_NT_STATUS(ntStatus);
err = LwWc16sLen(pConn->Rpc.Samr.pwszDomainName, &sDomainNameLen);
BAIL_ON_WIN_ERROR(err);
ntStatus = NetAllocateMemory(
OUT_PPVOID(&pwszDomainName),
sizeof(pwszDomainName[0]) * (sDomainNameLen + 1));
BAIL_ON_NT_STATUS(ntStatus);
err = LwWc16snCpy(pwszDomainName,
pConn->Rpc.Samr.pwszDomainName,
sDomainNameLen);
BAIL_ON_WIN_ERROR(err);
*ppwszDomainName = pwszDomainName;
cleanup:
NetDisconnectSamr(&pConn);
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = NtStatusToWin32Error(ntStatus);
}
return err;
error:
if (pwszDomainName)
{
NetFreeMemory(pwszDomainName);
}
*ppwszDomainName = NULL;
goto cleanup;
}
NET_API_STATUS
NetUserAdd(
PCWSTR pwszHostname,
DWORD dwLevel,
PVOID pBuffer,
PDWORD pdwParmErr
)
{
const DWORD dwUserAccess = USER_ACCESS_GET_NAME_ETC |
USER_ACCESS_SET_LOC_COM |
USER_ACCESS_GET_LOCALE |
USER_ACCESS_GET_LOGONINFO |
USER_ACCESS_GET_ATTRIBUTES |
USER_ACCESS_GET_GROUPS |
USER_ACCESS_GET_GROUP_MEMBERSHIP |
USER_ACCESS_CHANGE_GROUP_MEMBERSHIP |
USER_ACCESS_SET_ATTRIBUTES |
USER_ACCESS_SET_PASSWORD;
const DWORD dwDomainAccess = DOMAIN_ACCESS_CREATE_USER |
DOMAIN_ACCESS_LOOKUP_INFO_1;
NTSTATUS status = STATUS_SUCCESS;
WINERROR err = ERROR_SUCCESS;
PNET_CONN pConn = NULL;
SAMR_BINDING hSamrBinding = NULL;
DOMAIN_HANDLE hDomain = NULL;
ACCOUNT_HANDLE hUser = NULL;
DWORD dwSamrInfoLevel = 0;
DWORD dwSamrPasswordInfoLevel = 0;
DWORD dwParmErr = 0;
UserInfo *pSamrUserInfo = NULL;
UserInfo *pSamrPasswordUserInfo = NULL;
DWORD dwSize = 0;
DWORD dwSpaceLeft = 0;
PIO_CREDS pCreds = NULL;
PWSTR pwszUsername = NULL;
DWORD dwRid = 0;
BOOL bPasswordSet = FALSE;
NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_USER_ADD;
BAIL_ON_INVALID_PTR(pBuffer, err);
if (!(dwLevel == 1 ||
dwLevel == 2 ||
dwLevel == 3 ||
dwLevel == 4))
{
err = ERROR_INVALID_LEVEL;
BAIL_ON_WIN_ERROR(err);
}
status = LwIoGetActiveCreds(NULL, &pCreds);
BAIL_ON_NT_STATUS(status);
err = NetAllocateSamrUserInfo(NULL,
&dwSamrInfoLevel,
NULL,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
dwSpaceLeft = dwSize;
dwSize = 0;
if (dwSpaceLeft)
{
status = NetAllocateMemory((void**)&pSamrUserInfo,
dwSpaceLeft);
BAIL_ON_NT_STATUS(status);
}
err = NetAllocateSamrUserInfo(&pSamrUserInfo->info21,
&dwSamrInfoLevel,
&dwSpaceLeft,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
status = NetConnectSamr(&pConn,
pwszHostname,
dwDomainAccess,
0,
pCreds);
BAIL_ON_NT_STATUS(status);
hSamrBinding = pConn->Rpc.Samr.hBinding;
hDomain = pConn->Rpc.Samr.hDomain;
err = LwAllocateWc16StringFromUnicodeString(
&pwszUsername,
(PUNICODE_STRING)&pSamrUserInfo->info21.account_name);
BAIL_ON_WIN_ERROR(err);
status = SamrCreateUser(hSamrBinding,
hDomain,
pwszUsername,
dwUserAccess,
&hUser,
&dwRid);
if (status == STATUS_USER_EXISTS)
{
err = NERR_UserExists;
}
else if (status == STATUS_ALIAS_EXISTS)
{
err = NERR_GroupExists;
}
BAIL_ON_NT_STATUS(status);
/*
* Check if there's password to be set (if it's NULL
* the function returns ERROR_INVALID_PASSWORD)
*/
dwSamrPasswordInfoLevel = 26;
dwSize = 0;
err = NetAllocateSamrUserInfo(NULL,
&dwSamrPasswordInfoLevel,
NULL,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
if (err == ERROR_SUCCESS)
{
dwSpaceLeft = dwSize;
dwSize = 0;
if (dwSpaceLeft)
{
status = NetAllocateMemory((void**)&pSamrPasswordUserInfo,
dwSpaceLeft);
BAIL_ON_NT_STATUS(status);
}
err = NetAllocateSamrUserInfo(&pSamrPasswordUserInfo->info26,
&dwSamrPasswordInfoLevel,
&dwSpaceLeft,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
status = SamrSetUserInfo(hSamrBinding,
hUser,
dwSamrPasswordInfoLevel,
pSamrPasswordUserInfo);
BAIL_ON_NT_STATUS(status);
bPasswordSet = TRUE;
}
else if (err == ERROR_INVALID_PASSWORD)
{
/* This error only means we're not going to try
set the password */
err = ERROR_SUCCESS;
}
else
{
BAIL_ON_WIN_ERROR(err);
}
/*
* Prevent from trying to rename (to the same name) the account
* that has just been created. Created samr user info buffer
* contains whatever is passed from net user info buffer.
*/
if (dwSamrInfoLevel == 21 &&
(pSamrUserInfo->info21.fields_present & SAMR_FIELD_ACCOUNT_NAME))
{
pSamrUserInfo->info21.fields_present ^= SAMR_FIELD_ACCOUNT_NAME;
}
/*
* Disable the account only if there was no password
*/
if (!bPasswordSet &&
dwSamrInfoLevel == 21)
{
pSamrUserInfo->info21.account_flags |= ACB_DISABLED;
}
status = SamrSetUserInfo(hSamrBinding,
hUser,
dwSamrInfoLevel,
pSamrUserInfo);
BAIL_ON_NT_STATUS(status);
status = SamrClose(hSamrBinding, hUser);
BAIL_ON_NT_STATUS(status);
cleanup:
NetDisconnectSamr(&pConn);
if (pdwParmErr)
{
*pdwParmErr = dwParmErr;
}
if (pSamrUserInfo)
{
NetFreeMemory(pSamrUserInfo);
}
if (pSamrPasswordUserInfo)
{
NetFreeMemory(pSamrPasswordUserInfo);
}
LW_SAFE_FREE_MEMORY(pwszUsername);
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
status != STATUS_SUCCESS)
{
err = NtStatusToWin32Error(status);
}
return err;
error:
goto cleanup;
}
NET_API_STATUS
NetUserSetInfo(
PCWSTR pwszHostname,
PCWSTR pwszUsername,
DWORD dwLevel,
PVOID pBuffer,
PDWORD pdwParmErr
)
{
/* This is necessary to be able to set account password.
Otherwise we get access denied. Don't ask... */
const DWORD dwDomainAccess = DOMAIN_ACCESS_LOOKUP_INFO_1;
const DWORD dwUserAccess = USER_ACCESS_GET_NAME_ETC |
USER_ACCESS_GET_LOCALE |
USER_ACCESS_GET_LOGONINFO |
USER_ACCESS_GET_ATTRIBUTES |
USER_ACCESS_GET_GROUPS |
USER_ACCESS_GET_GROUP_MEMBERSHIP |
USER_ACCESS_SET_LOC_COM |
USER_ACCESS_SET_ATTRIBUTES |
USER_ACCESS_CHANGE_PASSWORD |
USER_ACCESS_SET_PASSWORD;
NTSTATUS status = STATUS_SUCCESS;
WINERROR err = ERROR_SUCCESS;
PNET_CONN pConn = NULL;
SAMR_BINDING hSamrBinding = NULL;
ACCOUNT_HANDLE hUser = NULL;
DWORD dwUserRid = 0;
DWORD dwSamrInfoLevel = 0;
DWORD dwSamrPasswordInfoLevel = 0;
DWORD dwParmErr = 0;
UserInfo *pSamrUserInfo = NULL;
UserInfo *pSamrPasswordUserInfo = NULL;
DWORD dwSize = 0;
DWORD dwSpaceLeft = 0;
PIO_CREDS pCreds = NULL;
NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_USER_SET;
if (!(dwLevel == 0 ||
dwLevel == 1 ||
dwLevel == 2 ||
dwLevel == 3 ||
dwLevel == 4 ||
dwLevel == 1003 ||
dwLevel == 1007 ||
dwLevel == 1008 ||
dwLevel == 1011))
{
err = ERROR_INVALID_LEVEL;
BAIL_ON_WIN_ERROR(err);
}
BAIL_ON_INVALID_PTR(pwszUsername, err);
BAIL_ON_INVALID_PTR(pBuffer, err);
status = LwIoGetActiveCreds(NULL, &pCreds);
BAIL_ON_NT_STATUS(status);
err = NetAllocateSamrUserInfo(NULL,
&dwSamrInfoLevel,
NULL,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
dwSpaceLeft = dwSize;
dwSize = 0;
if (dwSpaceLeft)
{
status = NetAllocateMemory(OUT_PPVOID(&pSamrUserInfo),
dwSpaceLeft);
BAIL_ON_NT_STATUS(status);
err = NetAllocateSamrUserInfo(&pSamrUserInfo->info21,
&dwSamrInfoLevel,
&dwSpaceLeft,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
}
status = NetConnectSamr(&pConn,
pwszHostname,
dwDomainAccess,
0,
pCreds);
BAIL_ON_NT_STATUS(status);
hSamrBinding = pConn->Rpc.Samr.hBinding;
status = NetOpenUser(pConn,
pwszUsername,
dwUserAccess,
&hUser,
&dwUserRid);
BAIL_ON_NT_STATUS(status);
/*
* Check if there's password to be set (if it's NULL
* the function returns ERROR_INVALID_PASSWORD)
*/
dwSamrPasswordInfoLevel = 26;
dwSize = 0;
err = NetAllocateSamrUserInfo(NULL,
&dwSamrPasswordInfoLevel,
NULL,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
if (err == ERROR_SUCCESS)
{
dwSpaceLeft = dwSize;
dwSize = 0;
if (dwSpaceLeft)
{
status = NetAllocateMemory(OUT_PPVOID(&pSamrPasswordUserInfo),
dwSpaceLeft);
BAIL_ON_NT_STATUS(status);
}
err = NetAllocateSamrUserInfo(&pSamrPasswordUserInfo->info26,
&dwSamrPasswordInfoLevel,
&dwSpaceLeft,
dwLevel,
pBuffer,
pConn,
&dwSize,
eValidation,
&dwParmErr);
BAIL_ON_WIN_ERROR(err);
status = SamrSetUserInfo(hSamrBinding,
hUser,
dwSamrPasswordInfoLevel,
pSamrPasswordUserInfo);
BAIL_ON_NT_STATUS(status);
}
else if (err == ERROR_INVALID_LEVEL ||
(err == ERROR_INVALID_PASSWORD &&
dwLevel != 1003))
{
/* This error only means we're not going to try
set the password.
Either it's set to NULL in infolevel where it's optional
or called infolevel doesn't support setting password */
err = ERROR_SUCCESS;
}
else
{
BAIL_ON_WIN_ERROR(err);
}
if (dwSamrInfoLevel)
{
status = SamrSetUserInfo(hSamrBinding,
hUser,
dwSamrInfoLevel,
pSamrUserInfo);
BAIL_ON_NT_STATUS(status);
}
status = SamrClose(hSamrBinding, hUser);
BAIL_ON_NT_STATUS(status);
cleanup:
NetDisconnectSamr(&pConn);
if (pdwParmErr)
{
*pdwParmErr = dwParmErr;
}
if (pSamrUserInfo)
{
NetFreeMemory(pSamrUserInfo);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
status != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(status);
}
return err;
error:
goto cleanup;
}
NET_API_STATUS
NetLocalGroupEnum(
PCWSTR pwszHostname,
DWORD dwLevel,
PVOID *ppBuffer,
DWORD dwMaxBufferSize,
PDWORD pdwNumEntries,
PDWORD pdwTotalNumEntries,
PDWORD pdwResume
)
{
const DWORD dwAccountFlags = 0;
const DWORD dwAliasAccessFlags = ALIAS_ACCESS_LOOKUP_INFO;
const WORD wInfoLevel = ALIAS_INFO_ALL;
NTSTATUS status = STATUS_SUCCESS;
WINERROR err = ERROR_SUCCESS;
DWORD dwResume = 0;
PNET_CONN pConn = NULL;
SAMR_BINDING hSamrBinding = NULL;
DOMAIN_HANDLE hDomain = NULL;
DOMAIN_HANDLE hBtinDomain = NULL;
DWORD dwSamrResume = 0;
PWSTR *ppwszDomainAliases = NULL;
PDWORD pdwDomainRids = NULL;
DWORD dwNumDomainEntries = 0;
DWORD dwTotalNumDomainEntries = 0;
PWSTR *ppwszBtinDomainAliases = NULL;
PDWORD pdwBtinDomainRids = NULL;
DWORD dwNumBtinDomainEntries = 0;
DWORD dwTotalNumBtinDomainEntries = 0;
DWORD dwTotalNumEntries = 0;
DWORD dwNumEntries = 0;
DWORD i = 0;
PDWORD pdwRids = NULL;
PWSTR *ppwszAliases = NULL;
ACCOUNT_HANDLE hAlias = NULL;
AliasInfo *pSamrAliasInfo = NULL;
AliasInfoAll **ppAliasInfo = NULL;
DWORD dwInfoLevelSize = 0;
PVOID pSourceBuffer = NULL;
DWORD dwSize = 0;
DWORD dwTotalSize = 0;
DWORD dwSpaceAvailable = 0;
PVOID pBuffer = NULL;
PVOID pBufferCursor = NULL;
PIO_CREDS pCreds = NULL;
NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_NONE;
BAIL_ON_INVALID_PTR(ppBuffer, err);
BAIL_ON_INVALID_PTR(pdwNumEntries, err);
BAIL_ON_INVALID_PTR(pdwTotalNumEntries, err);
BAIL_ON_INVALID_PTR(pdwResume, err);
switch (dwLevel)
{
case 0: dwInfoLevelSize = sizeof(LOCALGROUP_INFO_0);
break;
case 1: dwInfoLevelSize = sizeof(LOCALGROUP_INFO_1);
break;
default:
err = ERROR_INVALID_LEVEL;
BAIL_ON_WIN_ERROR(err);
}
dwResume = *pdwResume;
status = LwIoGetActiveCreds(NULL, &pCreds);
BAIL_ON_NT_STATUS(status);
status = NetConnectSamr(&pConn,
pwszHostname,
0,
0,
pCreds);
BAIL_ON_NT_STATUS(status);
hSamrBinding = pConn->Rpc.Samr.hBinding;
hDomain = pConn->Rpc.Samr.hDomain;
hBtinDomain = pConn->Rpc.Samr.hBuiltin;
do
{
status = SamrEnumDomainAliases(hSamrBinding,
hDomain,
&dwSamrResume,
dwAccountFlags,
&ppwszDomainAliases,
&pdwDomainRids,
&dwNumDomainEntries);
if (status != STATUS_SUCCESS &&
status != STATUS_MORE_ENTRIES)
{
BAIL_ON_NT_STATUS(status);
}
if (ppwszDomainAliases)
{
SamrFreeMemory(ppwszDomainAliases);
ppwszDomainAliases = NULL;
}
if (pdwDomainRids)
{
SamrFreeMemory(pdwDomainRids);
pdwDomainRids = NULL;
}
dwTotalNumDomainEntries += dwNumDomainEntries;
dwNumDomainEntries = 0;
}
while (status == STATUS_MORE_ENTRIES);
dwSamrResume = 0;
do
{
status = SamrEnumDomainAliases(hSamrBinding,
hBtinDomain,
&dwSamrResume,
dwAccountFlags,
&ppwszBtinDomainAliases,
&pdwBtinDomainRids,
&dwNumBtinDomainEntries);
if (status != STATUS_SUCCESS &&
status != STATUS_MORE_ENTRIES)
{
BAIL_ON_NT_STATUS(status);
}
if (ppwszBtinDomainAliases)
{
SamrFreeMemory(ppwszBtinDomainAliases);
ppwszBtinDomainAliases = NULL;
}
if (pdwBtinDomainRids)
{
SamrFreeMemory(pdwBtinDomainRids);
pdwBtinDomainRids = NULL;
}
dwTotalNumBtinDomainEntries += dwNumBtinDomainEntries;
dwNumBtinDomainEntries = 0;
}
while (status == STATUS_MORE_ENTRIES);
dwTotalNumEntries = dwTotalNumDomainEntries + dwTotalNumBtinDomainEntries;
status = NetAllocateMemory(OUT_PPVOID(&pdwRids),
sizeof(pdwRids[0]) * dwTotalNumEntries);
BAIL_ON_NT_STATUS(status);
status = NetAllocateMemory(OUT_PPVOID(&ppwszAliases),
sizeof(ppwszAliases[0]) * dwTotalNumEntries);
BAIL_ON_NT_STATUS(status);
status = NetAllocateMemory(OUT_PPVOID(&ppAliasInfo),
sizeof(ppAliasInfo[0]) * dwTotalNumEntries);
BAIL_ON_NT_STATUS(status);
dwTotalNumDomainEntries = 0;
dwTotalNumBtinDomainEntries = 0;
dwSamrResume = 0;
do
{
status = SamrEnumDomainAliases(hSamrBinding,
hDomain,
&dwSamrResume,
dwAccountFlags,
&ppwszDomainAliases,
&pdwDomainRids,
&dwNumDomainEntries);
if (status != STATUS_SUCCESS &&
status != STATUS_MORE_ENTRIES)
{
BAIL_ON_NT_STATUS(status);
}
for (i = 0; i < dwNumDomainEntries; i++)
{
err = LwAllocateWc16String(&ppwszAliases[dwTotalNumDomainEntries + i],
ppwszDomainAliases[i]);
BAIL_ON_WIN_ERROR(err);
pdwRids[dwTotalNumDomainEntries + i] = pdwDomainRids[i];
}
dwTotalNumDomainEntries += dwNumDomainEntries;
dwNumDomainEntries = 0;
if (ppwszDomainAliases)
{
SamrFreeMemory(ppwszDomainAliases);
ppwszDomainAliases = NULL;
}
if (pdwDomainRids)
{
SamrFreeMemory(pdwDomainRids);
pdwDomainRids = NULL;
}
}
while (status == STATUS_MORE_ENTRIES);
dwSamrResume = 0;
do
{
status = SamrEnumDomainAliases(hSamrBinding,
hBtinDomain,
&dwSamrResume,
dwAccountFlags,
&ppwszBtinDomainAliases,
&pdwBtinDomainRids,
&dwNumBtinDomainEntries);
if (status != STATUS_SUCCESS &&
status != STATUS_MORE_ENTRIES)
{
BAIL_ON_NT_STATUS(status);
}
for (i = 0; i < dwNumBtinDomainEntries; i++)
{
err = LwAllocateWc16String(&ppwszAliases[dwTotalNumDomainEntries +
dwTotalNumBtinDomainEntries + i],
ppwszBtinDomainAliases[i]);
BAIL_ON_WIN_ERROR(err);
pdwRids[dwTotalNumDomainEntries +
dwTotalNumBtinDomainEntries + i] = pdwBtinDomainRids[i];
}
dwTotalNumBtinDomainEntries += dwNumBtinDomainEntries;
dwNumBtinDomainEntries = 0;
if (ppwszBtinDomainAliases)
{
SamrFreeMemory(ppwszBtinDomainAliases);
ppwszBtinDomainAliases = NULL;
}
if (pdwBtinDomainRids)
{
SamrFreeMemory(pdwBtinDomainRids);
pdwBtinDomainRids = NULL;
}
}
while (status == STATUS_MORE_ENTRIES);
for (i = dwResume; i < dwTotalNumEntries; i++)
{
if (dwLevel == 0)
{
pSourceBuffer = ppwszAliases[i];
}
else
{
DOMAIN_HANDLE hDom = NULL;
DWORD dwRid = 0;
hDom = (i < dwTotalNumDomainEntries) ? hDomain : hBtinDomain;
dwRid = pdwRids[i];
status = SamrOpenAlias(hSamrBinding,
hDom,
dwAliasAccessFlags,
dwRid,
&hAlias);
BAIL_ON_NT_STATUS(status);
status = SamrQueryAliasInfo(hSamrBinding,
hAlias,
wInfoLevel,
&pSamrAliasInfo);
BAIL_ON_NT_STATUS(status);
ppAliasInfo[i - dwResume] = &pSamrAliasInfo->all;
pSourceBuffer = &pSamrAliasInfo->all;
status = SamrClose(hSamrBinding, hAlias);
BAIL_ON_NT_STATUS(status);
}
dwSize = 0;
err = NetAllocateLocalGroupInfo(NULL,
NULL,
dwLevel,
pSourceBuffer,
&dwSize,
eValidation);
BAIL_ON_WIN_ERROR(err);
dwTotalSize += dwSize;
dwNumEntries++;
if (dwTotalSize > dwMaxBufferSize)
{
dwTotalSize -= dwSize;
dwNumEntries--;
break;
}
}
if (dwTotalNumEntries > 0 && dwNumEntries == 0)
{
err = ERROR_INSUFFICIENT_BUFFER;
BAIL_ON_WIN_ERROR(err);
}
if (dwTotalSize)
{
status = NetAllocateMemory(OUT_PPVOID(&pBuffer),
dwTotalSize);
BAIL_ON_NT_STATUS(status);
}
dwSize = 0;
pBufferCursor = pBuffer;
dwSpaceAvailable = dwTotalSize;
for (i = 0; i < dwNumEntries; i++)
{
if (dwLevel == 0)
{
pSourceBuffer = ppwszAliases[dwResume + i];
}
else
{
pSourceBuffer = ppAliasInfo[i];
}
pBufferCursor = pBuffer + (i * dwInfoLevelSize);
err = NetAllocateLocalGroupInfo(pBufferCursor,
&dwSpaceAvailable,
dwLevel,
pSourceBuffer,
&dwSize,
eValidation);
BAIL_ON_WIN_ERROR(err);
}
if (dwResume + dwNumEntries < dwTotalNumEntries)
{
err = ERROR_MORE_DATA;
}
*ppBuffer = pBuffer;
*pdwNumEntries = dwNumEntries;
*pdwTotalNumEntries = dwTotalNumEntries;
*pdwResume = dwResume + dwNumEntries;
cleanup:
NetDisconnectSamr(&pConn);
if (pdwRids)
{
NetFreeMemory(pdwRids);
}
if (ppwszAliases)
{
for (i = 0; i < dwTotalNumEntries; i++)
{
LW_SAFE_FREE_MEMORY(ppwszAliases[i]);
}
NetFreeMemory(ppwszAliases);
}
if (ppAliasInfo)
{
for (i = 0; i < dwNumEntries; i++)
{
if (ppAliasInfo[i])
{
SamrFreeMemory(ppAliasInfo[i]);
}
}
NetFreeMemory(ppAliasInfo);
}
if (ppwszDomainAliases)
{
SamrFreeMemory(ppwszDomainAliases);
}
if (pdwDomainRids)
{
SamrFreeMemory(pdwDomainRids);
}
if (ppwszBtinDomainAliases)
{
SamrFreeMemory(ppwszBtinDomainAliases);
}
if (pdwBtinDomainRids)
{
SamrFreeMemory(pdwBtinDomainRids);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
status != STATUS_SUCCESS)
{
err = NtStatusToWin32Error(status);
}
return err;
error:
if (pBuffer)
{
NetFreeMemory(pBuffer);
}
*ppBuffer = NULL;
*pdwNumEntries = 0;
*pdwTotalNumEntries = 0;
*pdwResume = 0;
goto cleanup;
}
NET_API_STATUS
NetLocalGroupGetMembers(
IN PCWSTR pwszHostname,
IN PCWSTR pwszAliasname,
IN DWORD dwLevel,
OUT PVOID *ppBuffer,
IN DWORD dwMaxBufferSize,
OUT PDWORD pdwNumEntries,
OUT PDWORD pdwTotalEntries,
OUT PDWORD pdwResume
)
{
const DWORD dwLsaAccessFlags = LSA_ACCESS_LOOKUP_NAMES_SIDS;
const DWORD dwAliasAccessFlags = ALIAS_ACCESS_GET_MEMBERS;
const WORD wLookupLevel = 1;
NTSTATUS status = STATUS_SUCCESS;
WINERROR err = ERROR_SUCCESS;
PNET_CONN pConn = NULL;
SAMR_BINDING hSamrBinding = NULL;
LSA_BINDING hLsaBinding = NULL;
ACCOUNT_HANDLE hAlias = NULL;
PSID *ppSids = NULL;
DWORD dwInfoLevelSize = 0;
DWORD dwTotalNumEntries = 0;
DWORD dwResume = 0;
DWORD dwAliasRid = 0;
DWORD i = 0;
DWORD dwNumSids = 0;
DWORD dwCount = 0;
POLICY_HANDLE hLsaPolicy = NULL;
SID_ARRAY Sids = {0};
RefDomainList *pDomains = NULL;
TranslatedName *pNames = NULL;
PNET_RESOLVED_NAME pResolvedNames = NULL;
PVOID pSourceBuffer = NULL;
PVOID pBuffer = NULL;
PVOID pBufferCursor = NULL;
DWORD dwSize = 0;
DWORD dwTotalSize = 0;
DWORD dwNumEntries = 0;
DWORD dwSpaceAvailable = 0;
PIO_CREDS pCreds = NULL;
NET_VALIDATION_LEVEL eValidation = NET_VALIDATION_NONE;
BAIL_ON_INVALID_PTR(pwszAliasname, err);
BAIL_ON_INVALID_PTR(ppBuffer, err);
BAIL_ON_INVALID_PTR(pdwNumEntries, err);
BAIL_ON_INVALID_PTR(pdwTotalEntries, err);
BAIL_ON_INVALID_PTR(pdwResume, err);
switch (dwLevel)
{
case 0:
dwInfoLevelSize = sizeof(LOCALGROUP_MEMBERS_INFO_0);
break;
case 3:
dwInfoLevelSize = sizeof(LOCALGROUP_MEMBERS_INFO_3);
break;
case 1:
case 2:
default:
err = ERROR_INVALID_LEVEL;
BAIL_ON_WIN_ERROR(err);
}
dwResume = *pdwResume;
status = LwIoGetActiveCreds(NULL, &pCreds);
BAIL_ON_NT_STATUS(status);
status = NetConnectSamr(&pConn,
pwszHostname,
0,
0,
pCreds);
BAIL_ON_NT_STATUS(status);
hSamrBinding = pConn->Rpc.Samr.hBinding;
status = NetOpenAlias(pConn,
pwszAliasname,
dwAliasAccessFlags,
&hAlias,
&dwAliasRid);
if (status == STATUS_NONE_MAPPED)
{
/* No such alias in host's domain.
Try to look in builtin domain. */
status = NetOpenAlias(pConn,
pwszAliasname,
dwAliasAccessFlags,
&hAlias,
&dwAliasRid);
BAIL_ON_NT_STATUS(status);
}
else if (status != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(status);
}
status = SamrGetMembersInAlias(hSamrBinding,
hAlias,
&ppSids,
&dwNumSids);
BAIL_ON_NT_STATUS(status);
status = SamrClose(hSamrBinding, hAlias);
BAIL_ON_NT_STATUS(status);
dwTotalNumEntries = dwNumSids;
if (dwLevel == 0)
{
for (i = 0; i + dwResume < dwNumSids; i++)
{
pSourceBuffer = ppSids[i + dwResume];
err = NetAllocateLocalGroupMembersInfo(NULL,
NULL,
dwLevel,
pSourceBuffer,
&dwSize,
eValidation);
BAIL_ON_WIN_ERROR(err);
dwTotalSize += dwSize;
dwNumEntries++;
if (dwTotalSize > dwMaxBufferSize)
{
dwTotalSize -= dwSize;
dwNumEntries--;
break;
}
}
}
else
{
status = NetConnectLsa(&pConn,
pwszHostname,
dwLsaAccessFlags,
pCreds);
BAIL_ON_NT_STATUS(status);
hLsaBinding = pConn->Rpc.Lsa.hBinding;
hLsaPolicy = pConn->Rpc.Lsa.hPolicy;
Sids.dwNumSids = dwNumSids;
status = NetAllocateMemory(OUT_PPVOID(&Sids.pSids),
sizeof(Sids.pSids[0]) * Sids.dwNumSids);
BAIL_ON_NT_STATUS(status);
for (i = 0; i < Sids.dwNumSids; i++)
{
Sids.pSids[i].pSid = ppSids[i];
}
status = LsaLookupSids(hLsaBinding,
hLsaPolicy,
&Sids,
&pDomains,
&pNames,
wLookupLevel,
&dwCount);
if (status != STATUS_SUCCESS &&
status != LW_STATUS_SOME_NOT_MAPPED)
{
BAIL_ON_NT_STATUS(status);
}
status = NetAllocateMemory(OUT_PPVOID(&pResolvedNames),
sizeof(*pResolvedNames) * dwCount);
BAIL_ON_NT_STATUS(status);
for (i = 0; i + dwResume < dwCount; i++)
{
DWORD iDomain = pNames[i + dwResume].sid_index;
pResolvedNames[i].AccountName = pNames[i + dwResume].name;
pResolvedNames[i].usType = pNames[i + dwResume].type;
pResolvedNames[i].DomainName = pDomains->domains[iDomain].name;
pSourceBuffer = pResolvedNames;
err = NetAllocateLocalGroupMembersInfo(NULL,
NULL,
dwLevel,
pSourceBuffer,
&dwSize,
eValidation);
BAIL_ON_WIN_ERROR(err);
dwTotalSize += dwSize;
dwNumEntries++;
if (dwTotalSize > dwMaxBufferSize)
{
dwTotalSize -= dwSize;
dwNumEntries--;
break;
}
}
}
if (dwTotalNumEntries > 0 && dwNumEntries == 0)
{
err = ERROR_INSUFFICIENT_BUFFER;
BAIL_ON_WIN_ERROR(err);
}
if (dwTotalSize)
{
status = NetAllocateMemory(OUT_PPVOID(&pBuffer),
dwTotalSize);
BAIL_ON_NT_STATUS(status);
}
dwSize = 0;
pBufferCursor = pBuffer;
dwSpaceAvailable = dwTotalSize;
for (i = 0; i < dwNumEntries; i++)
{
if (dwLevel == 0)
{
pSourceBuffer = ppSids[i + dwResume];
}
else
{
pSourceBuffer = &(pResolvedNames[i]);
}
pBufferCursor = pBuffer + (i * dwInfoLevelSize);
err = NetAllocateLocalGroupMembersInfo(pBufferCursor,
&dwSpaceAvailable,
dwLevel,
pSourceBuffer,
&dwSize,
eValidation);
BAIL_ON_WIN_ERROR(err);
}
if (dwResume + dwNumEntries < dwTotalNumEntries)
{
err = ERROR_MORE_DATA;
}
*ppBuffer = pBuffer;
*pdwResume = dwResume + dwNumEntries;
*pdwNumEntries = dwNumEntries;
*pdwTotalEntries = dwTotalNumEntries;
cleanup:
NetDisconnectSamr(&pConn);
if (Sids.pSids)
{
NetFreeMemory(Sids.pSids);
}
if (ppSids)
{
SamrFreeMemory(ppSids);
}
if (pNames)
{
SamrFreeMemory(pNames);
}
if (pDomains)
{
SamrFreeMemory(pDomains);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
status != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(status);
}
return err;
error:
if (pBuffer)
{
NetFreeMemory(pBuffer);
}
*ppBuffer = NULL;
goto cleanup;
}