From 7f6301811781675a7f8f5509e67fb34820a9806d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Jan 2011 15:49:37 +0100 Subject: s3-libnetapi: prefer dcerpc_samr_X functions in lib/netapi/group.c. Guenther --- source3/lib/netapi/group.c | 487 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 367 insertions(+), 120 deletions(-) diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c index b9dd1e9872..5507f71d30 100644 --- a/source3/lib/netapi/group.c +++ b/source3/lib/netapi/group.c @@ -23,7 +23,7 @@ #include "lib/netapi/netapi.h" #include "lib/netapi/netapi_private.h" #include "lib/netapi/libnetapi.h" -#include "../librpc/gen_ndr/cli_samr.h" +#include "../librpc/gen_ndr/ndr_samr_c.h" #include "rpc_client/init_lsa.h" #include "../libcli/security/security.h" @@ -34,12 +34,13 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, struct NetGroupAdd *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name; struct dom_sid2 *domain_sid = NULL; uint32_t rid = 0; + struct dcerpc_binding_handle *b = NULL; struct GROUP_INFO_0 *info0 = NULL; struct GROUP_INFO_1 *info1 = NULL; @@ -80,6 +81,8 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -107,18 +110,23 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, break; } - status = rpccli_samr_CreateDomainGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_CreateDomainGroup(b, talloc_tos(), &domain_handle, &lsa_group_name, SEC_STD_DELETE | SAMR_GROUP_ACCESS_SET_INFO, &group_handle, - &rid); + &rid, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } switch (r->in.level) { case 1: @@ -126,10 +134,11 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, init_lsa_String(&info.description, info1->grpi1_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); } break; case 2: @@ -137,22 +146,28 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, init_lsa_String(&info.description, info2->grpi2_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto failed; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto failed; + } } if (info2->grpi2_attributes != 0) { info.attributes.attributes = info2->grpi2_attributes; - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); } break; @@ -161,22 +176,28 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, init_lsa_String(&info.description, info3->grpi3_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto failed; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto failed; + } } if (info3->grpi3_attributes != 0) { info.attributes.attributes = info3->grpi3_attributes; - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); } break; default: @@ -187,17 +208,21 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx, werr = ntstatus_to_werror(status); goto failed; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto failed; + } werr = WERR_OK; goto done; failed: - rpccli_samr_DeleteDomainGroup(pipe_cli, talloc_tos(), - &group_handle); + dcerpc_samr_DeleteDomainGroup(b, talloc_tos(), + &group_handle, &result); done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -224,12 +249,13 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, struct NetGroupDel *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name; struct dom_sid2 *domain_sid = NULL; int i = 0; + struct dcerpc_binding_handle *b = NULL; struct samr_Ids rids; struct samr_Ids types; @@ -251,6 +277,8 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -264,23 +292,28 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_group_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_group_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } if (types.ids[0] != SID_NAME_DOM_GRP) { werr = WERR_INVALID_DATATYPE; goto done; } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SEC_STD_DELETE | SAMR_GROUP_ACCESS_GET_MEMBERS | @@ -288,20 +321,30 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, SAMR_GROUP_ACCESS_ADD_MEMBER | SAMR_GROUP_ACCESS_LOOKUP_INFO, rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_QueryGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } #if 0 /* breaks against NT4 */ @@ -310,47 +353,67 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, goto done; } #endif - status = rpccli_samr_QueryGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupMember(b, talloc_tos(), &group_handle, - &rid_array); + &rid_array, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } { struct lsa_Strings names; struct samr_Ids member_types; - status = rpccli_samr_LookupRids(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupRids(b, talloc_tos(), &domain_handle, rid_array->count, rid_array->rids, &names, - &member_types); + &member_types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } } for (i=0; i < rid_array->count; i++) { - status = rpccli_samr_DeleteGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(), &group_handle, - rid_array->rids[i]); + rid_array->rids[i], + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } } - status = rpccli_samr_DeleteDomainGroup(pipe_cli, talloc_tos(), - &group_handle); + status = dcerpc_samr_DeleteDomainGroup(b, talloc_tos(), + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } ZERO_STRUCT(group_handle); @@ -358,7 +421,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -385,11 +448,12 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx, struct NetGroupSetInfo *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name; struct dom_sid2 *domain_sid = NULL; + struct dcerpc_binding_handle *b = NULL; struct samr_Ids rids; struct samr_Ids types; @@ -416,6 +480,8 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -429,99 +495,127 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_group_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_group_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } if (types.ids[0] != SID_NAME_DOM_GRP) { werr = WERR_INVALID_DATATYPE; goto done; } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_SET_INFO | SAMR_GROUP_ACCESS_LOOKUP_INFO, rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } switch (r->in.level) { case 0: g0 = (struct GROUP_INFO_0 *)r->in.buffer; init_lsa_String(&info.name, g0->grpi0_name); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFONAME, - &info); + &info, + &result); break; case 1: g1 = (struct GROUP_INFO_1 *)r->in.buffer; init_lsa_String(&info.description, g1->grpi1_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); break; case 2: g2 = (struct GROUP_INFO_2 *)r->in.buffer; init_lsa_String(&info.description, g2->grpi2_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } + info.attributes.attributes = g2->grpi2_attributes; - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); break; case 3: g3 = (struct GROUP_INFO_3 *)r->in.buffer; init_lsa_String(&info.description, g3->grpi3_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } + info.attributes.attributes = g3->grpi3_attributes; - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); break; case 1002: g1002 = (struct GROUP_INFO_1002 *)r->in.buffer; init_lsa_String(&info.description, g1002->grpi1002_comment); - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFODESCRIPTION, - &info); + &info, + &result); break; case 1005: g1005 = (struct GROUP_INFO_1005 *)r->in.buffer; info.attributes.attributes = g1005->grpi1005_attributes; - status = rpccli_samr_SetGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_SetGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &info); + &info, + &result); break; default: status = NT_STATUS_INVALID_LEVEL; @@ -532,12 +626,16 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx, werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } werr = WERR_OK; done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -625,11 +723,12 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx, struct NetGroupGetInfo *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name; struct dom_sid2 *domain_sid = NULL; + struct dcerpc_binding_handle *b = NULL; struct samr_Ids rids; struct samr_Ids types; @@ -651,6 +750,8 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -664,46 +765,67 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_group_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_group_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } if (types.ids[0] != SID_NAME_DOM_GRP) { werr = WERR_INVALID_DATATYPE; goto done; } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_LOOKUP_INFO, rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_QueryGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOALL2, - &info); - if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) { - status = rpccli_samr_QueryGroupInfo(pipe_cli, talloc_tos(), + &info, + &result); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_INFO_CLASS)) { + status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOALL, - &info); + &info, + &result); group_info_all = true; + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } } - if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); goto done; } @@ -716,7 +838,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx, } done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -743,11 +865,12 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, struct NetGroupAddUser *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name, lsa_user_name; struct dom_sid2 *domain_sid = NULL; + struct dcerpc_binding_handle *b = NULL; struct samr_Ids rids; struct samr_Ids types; @@ -767,6 +890,8 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -780,13 +905,18 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_group_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_group_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + if (!NT_STATUS_IS_OK(result)) { werr = WERR_GROUPNOTFOUND; goto done; } @@ -796,25 +926,35 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, goto done; } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_ADD_MEMBER, rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } init_lsa_String(&lsa_user_name, r->in.user_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_user_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + if (!NT_STATUS_IS_OK(result)) { werr = WERR_USER_NOT_FOUND; goto done; } @@ -824,20 +964,25 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx, goto done; } - status = rpccli_samr_AddGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_AddGroupMember(b, talloc_tos(), &group_handle, rids.ids[0], - 7); /* why ? */ + 7, /* why ? */ + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } werr = WERR_OK; done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -864,11 +1009,12 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, struct NetGroupDelUser *r) { struct rpc_pipe_client *pipe_cli = NULL; - NTSTATUS status; + NTSTATUS status, result; WERROR werr; struct policy_handle connect_handle, domain_handle, group_handle; struct lsa_String lsa_group_name, lsa_user_name; struct dom_sid2 *domain_sid = NULL; + struct dcerpc_binding_handle *b = NULL; struct samr_Ids rids; struct samr_Ids types; @@ -888,6 +1034,8 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -901,13 +1049,18 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_group_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_group_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + if (!NT_STATUS_IS_OK(result)) { werr = WERR_GROUPNOTFOUND; goto done; } @@ -917,25 +1070,36 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, goto done; } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_REMOVE_MEMBER, rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } init_lsa_String(&lsa_user_name, r->in.user_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_user_name, &rids, - &types); + &types, + &result); if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + if (!NT_STATUS_IS_OK(result)) { werr = WERR_USER_NOT_FOUND; goto done; } @@ -945,19 +1109,24 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx, goto done; } - status = rpccli_samr_DeleteGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(), &group_handle, - rids.ids[0]); + rids.ids[0], + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } werr = WERR_OK; done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -1139,10 +1308,12 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, struct policy_handle domain_handle; union samr_DispInfo info; union samr_DomainInfo *domain_info = NULL; + struct dcerpc_binding_handle *b = NULL; uint32_t total_size = 0; uint32_t returned_size = 0; + NTSTATUS result = NT_STATUS_OK; NTSTATUS status = NT_STATUS_OK; WERROR werr, tmp_werr; @@ -1166,6 +1337,8 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -1179,20 +1352,25 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, goto done; } - status = rpccli_samr_QueryDomainInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(), &domain_handle, 2, - &domain_info); + &domain_info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } if (r->out.total_entries) { *r->out.total_entries = domain_info->general.num_groups; } - status = rpccli_samr_QueryDisplayInfo2(pipe_cli, + status = dcerpc_samr_QueryDisplayInfo2(b, ctx, &domain_handle, 3, @@ -1202,9 +1380,15 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, r->in.prefmaxlen, &total_size, &returned_size, - &info); - werr = ntstatus_to_werror(status); - if (NT_STATUS_IS_ERR(status)) { + &info, + &result); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + werr = ntstatus_to_werror(result); + if (NT_STATUS_IS_ERR(result)) { goto done; } @@ -1226,8 +1410,8 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx, done: /* if last query */ - if (NT_STATUS_IS_OK(status) || - NT_STATUS_IS_ERR(status)) { + if (NT_STATUS_IS_OK(result) || + NT_STATUS_IS_ERR(result)) { if (ctx->disable_policy_handle_cache) { libnetapi_samr_close_domain_handle(ctx, &domain_handle); @@ -1263,11 +1447,13 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, struct samr_RidAttrArray *rid_array = NULL; struct lsa_Strings names; struct samr_Ids member_types; + struct dcerpc_binding_handle *b = NULL; int i; uint32_t entries_read = 0; NTSTATUS status = NT_STATUS_OK; + NTSTATUS result = NT_STATUS_OK; WERROR werr; ZERO_STRUCT(connect_handle); @@ -1297,6 +1483,8 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -1310,45 +1498,65 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_account_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_account_name, &group_rids, - &name_types); + &name_types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_GET_MEMBERS, group_rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_QueryGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupMember(b, talloc_tos(), &group_handle, - &rid_array); + &rid_array, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_LookupRids(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupRids(b, talloc_tos(), &domain_handle, rid_array->count, rid_array->rids, &names, - &member_types); + &member_types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } for (i=0; i < names.count; i++) { @@ -1375,7 +1583,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { @@ -1410,6 +1618,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, struct samr_Ids group_rids, group_types; struct samr_RidAttrArray *rid_array = NULL; struct lsa_String *lsa_names = NULL; + struct dcerpc_binding_handle *b = NULL; uint32_t *add_rids = NULL; uint32_t *del_rids = NULL; @@ -1424,6 +1633,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, int i, k; NTSTATUS status = NT_STATUS_OK; + NTSTATUS result = NT_STATUS_OK; WERROR werr; ZERO_STRUCT(connect_handle); @@ -1448,6 +1658,8 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, goto done; } + b = pipe_cli->binding_handle; + werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | SAMR_ACCESS_LOOKUP_DOMAIN, @@ -1461,38 +1673,53 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, init_lsa_String(&lsa_account_name, r->in.group_name); - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, 1, &lsa_account_name, &group_rids, - &group_types); + &group_types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_OpenGroup(pipe_cli, talloc_tos(), + status = dcerpc_samr_OpenGroup(b, talloc_tos(), &domain_handle, SAMR_GROUP_ACCESS_GET_MEMBERS | SAMR_GROUP_ACCESS_ADD_MEMBER | SAMR_GROUP_ACCESS_REMOVE_MEMBER | SAMR_GROUP_ACCESS_LOOKUP_INFO, group_rids.ids[0], - &group_handle); + &group_handle, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } - status = rpccli_samr_QueryGroupInfo(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(), &group_handle, GROUPINFOATTRIBUTES, - &group_info); + &group_info, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } switch (r->in.level) { case 0: @@ -1523,26 +1750,36 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, } } - status = rpccli_samr_LookupNames(pipe_cli, talloc_tos(), + status = dcerpc_samr_LookupNames(b, talloc_tos(), &domain_handle, r->in.num_entries, lsa_names, &user_rids, - &name_types); + &name_types, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } member_rids = user_rids.ids; - status = rpccli_samr_QueryGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_QueryGroupMember(b, talloc_tos(), &group_handle, - &rid_array); + &rid_array, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } /* add list */ @@ -1587,33 +1824,43 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx, /* add list */ for (i=0; i < num_add_rids; i++) { - status = rpccli_samr_AddGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_AddGroupMember(b, talloc_tos(), &group_handle, add_rids[i], - 7 /* ? */); + 7 /* ? */, + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } } /* del list */ for (i=0; i < num_del_rids; i++) { - status = rpccli_samr_DeleteGroupMember(pipe_cli, talloc_tos(), + status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(), &group_handle, - del_rids[i]); + del_rids[i], + &result); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); goto done; } + if (!NT_STATUS_IS_OK(result)) { + werr = ntstatus_to_werror(result); + goto done; + } } werr = WERR_OK; done: if (is_valid_policy_hnd(&group_handle)) { - rpccli_samr_Close(pipe_cli, talloc_tos(), &group_handle); + dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result); } if (ctx->disable_policy_handle_cache) { -- cgit