windows-nt/Source/XPSP1/NT/ds/netapi/access/alias.c

2167 lines
59 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
alias.c
Abstract:
NetLocalGroup API functions
Author:
Cliff Van Dyke (cliffv) 05-Mar-1991 Original group.c
Rita Wong (ritaw) 27-Nov-1992 Adapted for alias.c
Environment:
User mode only.
Contains NT-specific code.
Requires ANSI C extensions: slash-slash comments, long external names.
Revision History:
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#undef DOMAIN_ALL_ACCESS // defined in both ntsam.h and ntwinapi.h
#include <ntsam.h>
#include <ntlsa.h>
#include <windef.h>
#include <winbase.h>
#include <lmcons.h>
#include <access.h>
#include <align.h>
#include <lmapibuf.h>
#include <lmaccess.h>
#include <lmerr.h>
#include <netdebug.h>
#include <netlib.h>
#include <netlibnt.h>
#include <rpcutil.h>
#include <rxgroup.h>
#include <prefix.h>
#include <stddef.h>
#include <uasp.h>
#include <stdlib.h>
/*lint -e614 */ /* Auto aggregate initializers need not be constant */
// Lint complains about casts of one structure type to another.
// That is done frequently in the code below.
/*lint -e740 */ /* don't complain about unusual cast */ \
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupAdd(
IN LPCWSTR ServerName OPTIONAL,
IN DWORD Level,
IN LPBYTE Buffer,
OUT LPDWORD ParmError OPTIONAL // Name required by NetpSetParmError
)
/*++
Routine Description:
Create a local group (alias) account in the user account database.
This local group is created in the account domain.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
Level - Level of information provided. Must be 0, or 1.
Buffer - A pointer to the buffer containing the group information
structure.
ParmError - Optional pointer to a DWORD to return the index of the
first parameter in error when ERROR_INVALID_PARAMETER is returned.
If NULL, the parameter is not returned on error.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
LPWSTR AliasName;
UNICODE_STRING AliasNameString;
LPWSTR AliasComment;
SAM_HANDLE SamServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
SAM_HANDLE AliasHandle = NULL;
ULONG RelativeId;
//
// Initialize
//
NetpSetParmError( PARM_ERROR_NONE );
//
// Validate Level parameter and fields of structures.
//
switch (Level) {
case 0:
AliasName = ((PLOCALGROUP_INFO_0) Buffer)->lgrpi0_name;
AliasComment = NULL;
break;
case 1:
AliasName = ((PLOCALGROUP_INFO_1) Buffer)->lgrpi1_name;
AliasComment = ((PLOCALGROUP_INFO_1) Buffer)->lgrpi1_comment;
break;
default:
return ERROR_INVALID_LEVEL;
}
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupAdd: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Make sure that the alias does not already exist in the builtin
// domain.
//
NetStatus = AliaspOpenAliasInDomain( SamServerHandle,
AliaspBuiltinDomain,
ALIAS_READ_INFORMATION,
AliasName,
&AliasHandle );
if ( NetStatus == NERR_Success ) {
//
// We found it in builtin domain. Cannot create same one in
// account domain.
//
(VOID) SamCloseHandle( AliasHandle );
NetStatus = ERROR_ALIAS_EXISTS;
goto Cleanup;
}
//
// Open the Domain asking for DOMAIN_CREATE_ALIAS access.
//
NetStatus = UaspOpenDomain( SamServerHandle,
DOMAIN_CREATE_ALIAS | DOMAIN_LOOKUP,
TRUE, // Account Domain
&DomainHandle,
NULL); // DomainId
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupAdd: Cannot UaspOpenDomain %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Create the LocalGroup with the specified group name
// (and a default security descriptor).
//
RtlInitUnicodeString( &AliasNameString, AliasName );
Status = SamCreateAliasInDomain( DomainHandle,
&AliasNameString,
DELETE | ALIAS_WRITE_ACCOUNT,
&AliasHandle,
&RelativeId );
if ( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
//
// Set the Admin Comment on the group.
//
if (Level == 1) {
ALIAS_ADM_COMMENT_INFORMATION AdminComment;
RtlInitUnicodeString( &AdminComment.AdminComment, AliasComment );
Status = SamSetInformationAlias( AliasHandle,
AliasAdminCommentInformation,
&AdminComment );
if ( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
Status = SamDeleteAlias( AliasHandle );
goto Cleanup;
}
}
//
// Close the created alias.
//
(VOID) SamCloseHandle( AliasHandle );
NetStatus = NERR_Success;
//
// Clean up
//
Cleanup:
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupAdd: returns %lu\n", NetStatus ));
}
UaspCloseDomain( DomainHandle );
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
return NetStatus;
} // NetLocalGroupAdd
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupAddMember(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN PSID MemberSid
)
/*++
Routine Description:
Give an existing user or global group account membership in an existing
local group.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the local group to which the user or global
group is to be given membership.
MemberName - SID of the user or global group to be given local group
membership.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
//
// Call the routine shared by NetLocalGroupAddMember and
// NetLocalGroupDelMember
//
NetStatus = AliaspChangeMember( ServerName, LocalGroupName, MemberSid, TRUE);
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( PREFIX_NETAPI
"NetLocalGroupAddMember: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupAddMember
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupDel(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName
)
/*++
Routine Description:
Delete a localgroup (alias).
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the local group (alias) to delete.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
SAM_HANDLE SamServerHandle = NULL;
SAM_HANDLE AliasHandle = NULL;
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupDel: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Look for the specified alias in either the builtin or account
// domain.
//
NetStatus = AliaspOpenAliasInDomain(
SamServerHandle,
AliaspBuiltinOrAccountDomain,
DELETE,
LocalGroupName,
&AliasHandle );
if (NetStatus != NERR_Success) {
goto Cleanup;
}
//
// Delete it.
//
Status = SamDeleteAlias(AliasHandle);
if (! NT_SUCCESS(Status)) {
NetpKdPrint((PREFIX_NETAPI
"NetLocalGroupDel: SamDeleteAlias returns %lX\n",
Status));
NetStatus = NetpNtStatusToApiStatus(Status);
AliasHandle = NULL;
goto Cleanup;
} else {
//
// Don't touch the handle once it has been deleted
//
AliasHandle = NULL;
}
NetStatus = NERR_Success;
Cleanup:
if ( AliasHandle != NULL ) {
(void) SamCloseHandle(AliasHandle);
}
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupDel: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupDel
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupDelMember(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN PSID MemberSid
)
/*++
Routine Description:
Remove a user from a particular local group.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the local group (alias) from which the
user is to be removed.
MemberSid - SID of the user to be removed from the alias.
Return Value:
Error code for the operation.
--*/
{
//
// Call the routine shared by NetAliasAddMember and NetAliasDelMember
//
return AliaspChangeMember( ServerName, LocalGroupName, MemberSid, FALSE );
} // NetLocalGroupDelMember
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupEnum(
IN LPCWSTR ServerName OPTIONAL,
IN DWORD Level,
OUT LPBYTE *Buffer,
IN DWORD PrefMaxLen,
OUT LPDWORD EntriesRead,
OUT LPDWORD EntriesLeft,
IN OUT PDWORD_PTR ResumeHandle OPTIONAL
)
/*++
Routine Description:
Retrieve information about each local group on a server.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
Level - Level of information required. 0, 1 and 2 are valid.
Buffer - Returns a pointer to the return information structure.
Caller must deallocate buffer using NetApiBufferFree.
PrefMaxLen - Prefered maximum length of returned data.
EntriesRead - Returns the actual enumerated element count.
EntriesLeft - Returns the total entries available to be enumerated.
ResumeHandle - Used to continue an existing search. The handle should
be zero on the first call and left unchanged for subsequent calls.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
PSAM_RID_ENUMERATION SamEnum; // Sam returned buffer
PLOCALGROUP_INFO_0 lgrpi0;
PLOCALGROUP_INFO_0 lgrpi0_temp = NULL;
SAM_HANDLE SamServerHandle = NULL;
BUFFER_DESCRIPTOR BufferDescriptor;
PDOMAIN_GENERAL_INFORMATION DomainGeneral;
//
// Declare Opaque group enumeration handle.
//
struct _UAS_ENUM_HANDLE {
SAM_HANDLE DomainHandleBuiltin; // Enumerate built in domain first
SAM_HANDLE DomainHandleAccounts; // Aliases in the accounts domain
SAM_HANDLE DomainHandleCurrent; // where to get info from
SAM_ENUMERATE_HANDLE SamEnumHandle; // Current Sam Enum Handle
PSAM_RID_ENUMERATION SamEnum; // Sam returned buffer
ULONG Index; // Index to current entry
ULONG Count; // Total Number of entries
ULONG TotalRemaining;
BOOL SamDoneWithBuiltin ; // Set to TRUE after all of
// builtin domain is enumerated
BOOL SamAllDone; // True if both the accounts
// and builtin have been
// enumerated
} *UasEnumHandle = NULL;
//
// If this is a resume, get the resume handle that the caller passed in.
//
BufferDescriptor.Buffer = NULL;
*EntriesRead = 0;
*EntriesLeft = 0;
*Buffer = NULL;
if ( ARGUMENT_PRESENT( ResumeHandle ) && *ResumeHandle != 0 ) {
/*lint -e511 */ /* Size incompatibility */
UasEnumHandle = (struct _UAS_ENUM_HANDLE *) *ResumeHandle;
/*lint +e511 */ /* Size incompatibility */
//
// If this is not a resume, allocate and initialize a resume handle.
//
} else {
//
// Allocate a resume handle.
//
UasEnumHandle = NetpMemoryAllocate( sizeof(struct _UAS_ENUM_HANDLE) );
if ( UasEnumHandle == NULL ) {
NetStatus = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
//
// Initialize all the fields in the newly allocated resume handle
// to indicate that SAM has never yet been called.
//
UasEnumHandle->DomainHandleAccounts = NULL;
UasEnumHandle->DomainHandleBuiltin = NULL;
UasEnumHandle->DomainHandleCurrent = NULL;
UasEnumHandle->SamEnumHandle = 0;
UasEnumHandle->SamEnum = NULL;
UasEnumHandle->Index = 0;
UasEnumHandle->Count = 0;
UasEnumHandle->TotalRemaining = 0;
UasEnumHandle->SamDoneWithBuiltin = FALSE;
UasEnumHandle->SamAllDone = FALSE;
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupEnum: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Open the Domains.
//
NetStatus = UaspOpenDomain( SamServerHandle,
DOMAIN_LOOKUP |
DOMAIN_LIST_ACCOUNTS |
DOMAIN_READ_OTHER_PARAMETERS,
FALSE, // Builtin Domain
&UasEnumHandle->DomainHandleBuiltin,
NULL );
if ( NetStatus != NERR_Success ) {
goto Cleanup;
}
NetStatus = UaspOpenDomain( SamServerHandle,
DOMAIN_LOOKUP |
DOMAIN_LIST_ACCOUNTS |
DOMAIN_READ_OTHER_PARAMETERS,
TRUE, // Account Domain
&UasEnumHandle->DomainHandleAccounts,
NULL );
if ( NetStatus != NERR_Success ) {
goto Cleanup;
}
//
// Get the total number of aliases from SAM
//
Status = SamQueryInformationDomain( UasEnumHandle->DomainHandleBuiltin,
DomainGeneralInformation,
(PVOID *)&DomainGeneral );
if ( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
UasEnumHandle->TotalRemaining = DomainGeneral->AliasCount;
(void) SamFreeMemory( DomainGeneral );
Status = SamQueryInformationDomain( UasEnumHandle->DomainHandleAccounts,
DomainGeneralInformation,
(PVOID *)&DomainGeneral );
if ( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
UasEnumHandle->TotalRemaining += DomainGeneral->AliasCount;
(void) SamFreeMemory( DomainGeneral );
}
//
// Loop for each alias
//
// Each iteration of the loop below puts one more entry into the array
// returned to the caller. The algorithm is split into 3 parts. The
// first part checks to see if we need to retrieve more information from
// SAM. We then get the description of several aliases from SAM in a single
// call. The second part sees if there is room for this entry in the
// buffer we'll return to the caller. If not, a larger buffer is allocated
// for return to the caller. The third part puts the entry in the
// buffer.
//
for ( ;; ) {
DWORD FixedSize;
DWORD Size;
//
// Get more alias information from SAM
//
// Handle when we've already consumed all of the information
// returned on a previous call to SAM. This is a 'while' rather
// than an if to handle the case where SAM returns zero entries.
//
while ( UasEnumHandle->Index >= UasEnumHandle->Count ) {
//
// If we've already gotten everything from SAM,
// return all done status to our caller.
//
if ( UasEnumHandle->SamAllDone ) {
NetStatus = NERR_Success;
goto Cleanup;
}
//
// Free any previous buffer returned from SAM.
//
if ( UasEnumHandle->SamEnum != NULL ) {
Status = SamFreeMemory( UasEnumHandle->SamEnum );
NetpAssert( NT_SUCCESS(Status) );
UasEnumHandle->SamEnum = NULL;
}
//
// Do the actual enumeration
//
UasEnumHandle->DomainHandleCurrent =
UasEnumHandle->SamDoneWithBuiltin ?
UasEnumHandle->DomainHandleAccounts :
UasEnumHandle->DomainHandleBuiltin,
Status = SamEnumerateAliasesInDomain(
UasEnumHandle->DomainHandleCurrent,
&UasEnumHandle->SamEnumHandle,
(PVOID *)&UasEnumHandle->SamEnum,
PrefMaxLen,
&UasEnumHandle->Count );
if ( !NT_SUCCESS( Status ) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
//
// Adjust TotalRemaining as we get better information
//
if (UasEnumHandle->TotalRemaining < UasEnumHandle->Count) {
UasEnumHandle->TotalRemaining = UasEnumHandle->Count;
}
//
// If SAM says there is more information, just ensure he returned
// something to us on this call.
//
if ( Status == STATUS_MORE_ENTRIES ) {
if ( UasEnumHandle->Count == 0 ) {
NetStatus = NERR_BufTooSmall;
goto Cleanup;
}
//
// If SAM says he's returned all of the information for this domain,
// check if we still have to do the accounts domain.
//
} else {
if ( UasEnumHandle->SamDoneWithBuiltin ) {
UasEnumHandle->SamAllDone = TRUE;
} else {
UasEnumHandle->SamDoneWithBuiltin = TRUE ;
UasEnumHandle->SamEnumHandle = 0;
}
}
UasEnumHandle->Index = 0;
}
//
// ASSERT: UasEnumHandle identifies the next entry to return
// from SAM.
//
SamEnum = &UasEnumHandle->SamEnum[UasEnumHandle->Index];
//
// Place this entry into the return buffer.
//
// Determine the size of the data passed back to the caller
//
switch (Level) {
case 0:
FixedSize = sizeof(LOCALGROUP_INFO_0);
Size = sizeof(LOCALGROUP_INFO_0) +
SamEnum->Name.Length + sizeof(WCHAR);
break;
case 1:
{
SAM_HANDLE AliasHandle ;
NetStatus = AliaspOpenAlias2(
UasEnumHandle->DomainHandleCurrent,
ALIAS_READ_INFORMATION,
SamEnum->RelativeId,
&AliasHandle ) ;
if ( NetStatus != NERR_Success ) {
goto Cleanup;
}
NetStatus = AliaspGetInfo( AliasHandle,
Level,
(PVOID *)&lgrpi0_temp);
(void) SamCloseHandle( AliasHandle ) ;
if ( NetStatus != NERR_Success ) {
goto Cleanup;
}
FixedSize = sizeof(LOCALGROUP_INFO_1);
Size = sizeof(LOCALGROUP_INFO_1) +
SamEnum->Name.Length + sizeof(WCHAR) +
(wcslen(((PLOCALGROUP_INFO_1)lgrpi0_temp)->lgrpi1_comment) +
1) * sizeof(WCHAR);
}
break;
default:
NetStatus = ERROR_INVALID_LEVEL;
goto Cleanup;
}
//
// Ensure there is buffer space for this information.
//
Size = ROUND_UP_COUNT( Size, ALIGN_WCHAR );
NetStatus = NetpAllocateEnumBuffer(
&BufferDescriptor,
FALSE, // Not a 'get' operation
PrefMaxLen,
Size,
AliaspRelocationRoutine,
Level );
if (NetStatus != NERR_Success) {
goto Cleanup;
}
//
// Fill in the information. The array of fixed entries is
// placed at the beginning of the allocated buffer. The strings
// pointed to by these fixed entries are allocated starting at
// the end of the allocate buffer.
//
//
// Copy the common group name
//
NetpAssert( offsetof( LOCALGROUP_INFO_0, lgrpi0_name ) ==
offsetof( LOCALGROUP_INFO_1, lgrpi1_name ) );
lgrpi0 = (PLOCALGROUP_INFO_0)(BufferDescriptor.FixedDataEnd);
BufferDescriptor.FixedDataEnd += FixedSize;
//
// Fill in the Level dependent fields
//
switch ( Level ) {
case 1:
if ( !NetpCopyStringToBuffer(
((PLOCALGROUP_INFO_1)lgrpi0_temp)->lgrpi1_comment,
wcslen(((PLOCALGROUP_INFO_1)lgrpi0_temp)->lgrpi1_comment),
BufferDescriptor.FixedDataEnd,
(LPWSTR *)&BufferDescriptor.EndOfVariableData,
&((PLOCALGROUP_INFO_1)lgrpi0)->lgrpi1_comment) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
MIDL_user_free( lgrpi0_temp );
lgrpi0_temp = NULL;
/* FALL THROUGH FOR THE NAME FIELD */
case 0:
if ( !NetpCopyStringToBuffer(
SamEnum->Name.Buffer,
SamEnum->Name.Length/sizeof(WCHAR),
BufferDescriptor.FixedDataEnd,
(LPWSTR *)&BufferDescriptor.EndOfVariableData,
&(lgrpi0->lgrpi0_name))){
NetStatus = NERR_InternalError;
goto Cleanup;
}
break;
default:
NetStatus = ERROR_INVALID_LEVEL;
goto Cleanup;
}
//
// ASSERT: The current entry has been completely copied to the
// return buffer.
//
(*EntriesRead)++;
UasEnumHandle->Index ++;
UasEnumHandle->TotalRemaining --;
}
//
// Clean up.
//
Cleanup:
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
//
// Free any locally used resources.
//
if ( lgrpi0_temp != NULL ) {
MIDL_user_free( lgrpi0_temp );
}
//
// Set EntriesLeft to the number left to return plus those that
// we returned on this call.
//
if ( UasEnumHandle != NULL ) {
*EntriesLeft = UasEnumHandle->TotalRemaining + *EntriesRead;
}
//
// If we're done or the caller doesn't want an enumeration handle,
// free the enumeration handle.
//
if ( NetStatus != ERROR_MORE_DATA || !ARGUMENT_PRESENT( ResumeHandle ) ) {
if ( UasEnumHandle != NULL ) {
if ( UasEnumHandle->DomainHandleAccounts != NULL ) {
UaspCloseDomain( UasEnumHandle->DomainHandleAccounts );
}
if ( UasEnumHandle->DomainHandleBuiltin != NULL ) {
UaspCloseDomain( UasEnumHandle->DomainHandleBuiltin );
}
if ( UasEnumHandle->SamEnum != NULL ) {
Status = SamFreeMemory( UasEnumHandle->SamEnum );
NetpAssert( NT_SUCCESS(Status) );
}
NetpMemoryFree( UasEnumHandle );
UasEnumHandle = NULL;
}
}
//
// If we're not returning data to the caller,
// free the return buffer.
//
if ( NetStatus != ERROR_MORE_DATA && NetStatus != NERR_Success ) {
if ( BufferDescriptor.Buffer != NULL ) {
MIDL_user_free( BufferDescriptor.Buffer );
BufferDescriptor.Buffer = NULL;
}
*EntriesRead = 0;
*EntriesLeft = 0;
}
//
// Set the output parameters
//
*Buffer = BufferDescriptor.Buffer;
if ( ARGUMENT_PRESENT( ResumeHandle ) ) {
*ResumeHandle = (DWORD_PTR) UasEnumHandle;
}
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupEnum: returns %ld\n", NetStatus ));
}
return NetStatus;
}
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupGetInfo(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
OUT LPBYTE *Buffer
)
/*++
Routine Description:
Retrieve information about a particular local group (alias).
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the group to get information about.
Level - Level of information required. 0, 1 and 2 are valid.
Buffer - Returns a pointer to the return information structure.
Caller must deallocate buffer using NetApiBufferFree.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
SAM_HANDLE SamServerHandle = NULL;
SAM_HANDLE AliasHandle = NULL;
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupGetInfo: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Look for the specified alias in either the builtin or account
// domain.
//
NetStatus = AliaspOpenAliasInDomain(
SamServerHandle,
AliaspBuiltinOrAccountDomain,
ALIAS_READ_INFORMATION,
LocalGroupName,
&AliasHandle );
if ( NetStatus != NERR_Success ) {
goto Cleanup;
}
//
// Get the information about the alias.
//
NetStatus = AliaspGetInfo( AliasHandle,
Level,
(PVOID *)Buffer);
Cleanup:
if ( AliasHandle != NULL ) {
(void) SamCloseHandle( AliasHandle );
}
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupGetInfo: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupGetInfo
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupGetMembers(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
OUT LPBYTE *Buffer,
IN DWORD PrefMaxLen,
OUT LPDWORD EntriesRead,
OUT LPDWORD EntriesLeft,
IN OUT PDWORD_PTR ResumeHandle
)
/*++
Routine Description:
Enumerate the users which are members of a particular group.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - The name of the local group whose members are to be listed.
Level - Level of information required. 0 and 1 are valid.
Buffer - Returns a pointer to the return information structure.
Caller must deallocate buffer using NetApiBufferFree.
PrefMaxLen - Prefered maximum length of returned data.
EntriesRead - Returns the actual enumerated element count.
EntriesLeft - Returns the total entries available to be enumerated.
ResumeHandle - Used to continue an existing search. The handle should
be zero on the first call and left unchanged for subsequent calls.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
DWORD FixedSize; // The fixed size of each new entry.
DWORD Size;
BUFFER_DESCRIPTOR BufferDescriptor;
SAM_HANDLE SamServerHandle = NULL;
PLOCALGROUP_MEMBERS_INFO_0 lgrmi0;
LPWSTR MemberName;
//
// Declare Opaque group member enumeration handle.
//
struct _UAS_ENUM_HANDLE {
LSA_HANDLE LsaHandle ; // For looking up the Sids
SAM_HANDLE AliasHandle;
PSID * MemberSids ; // Sid for each member
PLSA_TRANSLATED_NAME Names; // Names of each member
PLSA_REFERENCED_DOMAIN_LIST RefDomains; // Domains of each member
ULONG Index; // Index to current entry
ULONG Count; // Total Number of entries
} *UasEnumHandle = NULL;
//
// Validate Parameters
//
BufferDescriptor.Buffer = NULL;
*Buffer = NULL;
*EntriesRead = 0;
*EntriesLeft = 0;
switch (Level) {
case 0:
FixedSize = sizeof(LOCALGROUP_MEMBERS_INFO_0);
break;
case 1:
FixedSize = sizeof(LOCALGROUP_MEMBERS_INFO_1);
break;
case 2:
FixedSize = sizeof(LOCALGROUP_MEMBERS_INFO_2);
break;
case 3:
FixedSize = sizeof(LOCALGROUP_MEMBERS_INFO_3);
break;
default:
NetStatus = ERROR_INVALID_LEVEL;
goto Cleanup;
}
//
// If this is a resume, get the resume handle that the caller passed in.
//
if ( ARGUMENT_PRESENT( ResumeHandle ) && *ResumeHandle != 0 ) {
/*lint -e511 */ /* Size incompatibility */
UasEnumHandle = (struct _UAS_ENUM_HANDLE *) *ResumeHandle;
/*lint +e511 */ /* Size incompatibility */
//
// If this is not a resume, allocate and initialize a resume handle.
//
} else {
//
// Allocate a resume handle.
//
UasEnumHandle = NetpMemoryAllocate( sizeof(struct _UAS_ENUM_HANDLE) );
if ( UasEnumHandle == NULL ) {
NetStatus = ERROR_NOT_ENOUGH_MEMORY;
goto Cleanup;
}
//
// Initialize all the fields in the newly allocated resume handle
// to indicate that SAM has never yet been called.
//
UasEnumHandle->LsaHandle = NULL;
UasEnumHandle->AliasHandle= NULL;
UasEnumHandle->MemberSids = NULL;
UasEnumHandle->Names = NULL;
UasEnumHandle->RefDomains = NULL;
UasEnumHandle->Index = 0;
UasEnumHandle->Count = 0;
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupGetMembers: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Open the Domain
//
NetStatus = AliaspOpenAliasInDomain(
SamServerHandle,
AliaspBuiltinOrAccountDomain,
ALIAS_READ | ALIAS_EXECUTE,
LocalGroupName,
&UasEnumHandle->AliasHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint((
"NetLocalGroupGetMembers: AliaspOpenAliasInDomain returns %ld\n",
NetStatus ));
}
goto Cleanup;
}
//
// Get the group membership information from SAM
//
Status = SamGetMembersInAlias( UasEnumHandle->AliasHandle,
&UasEnumHandle->MemberSids,
&UasEnumHandle->Count );
if ( !NT_SUCCESS( Status ) ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint((
"NetLocalGroupGetMembers: SamGetMembersInAlias returned %lX\n",
Status ));
}
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
if ( UasEnumHandle->Count == 0 ) {
NetStatus = NERR_Success;
goto Cleanup;
}
if ( Level > 0 ) {
//
// Determine the names and name usage for all the returned SIDs
//
OBJECT_ATTRIBUTES ObjectAttributes ;
UNICODE_STRING ServerNameString ;
RtlInitUnicodeString( &ServerNameString, ServerName ) ;
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, 0, NULL ) ;
Status = LsaOpenPolicy( &ServerNameString,
&ObjectAttributes,
POLICY_EXECUTE,
&UasEnumHandle->LsaHandle ) ;
if ( !NT_SUCCESS( Status ) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
Status = LsaLookupSids( UasEnumHandle->LsaHandle,
UasEnumHandle->Count,
UasEnumHandle->MemberSids,
&UasEnumHandle->RefDomains,
&UasEnumHandle->Names );
if ( !NT_SUCCESS( Status ) ) {
if( Status == STATUS_NONE_MAPPED ||
Status == STATUS_TRUSTED_RELATIONSHIP_FAILURE ||
Status == STATUS_TRUSTED_DOMAIN_FAILURE ||
Status == STATUS_DS_GC_NOT_AVAILABLE ) {
//
// LsaLookupSids may return any of these error codes in Win2K, and STATUS_NONE_MAPPED alone in newer
// versions of server side LsaLookupSids call. The function returns null in RefDomains and Names
// on these errors, but we still have to copy over the SIDs in MemberSids to the return Buffers.
// Ignore the status and fall through.
//
Status = STATUS_SUCCESS;
}
if ( !NT_SUCCESS( Status ) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
goto Cleanup;
}
}
}
}
//
// Loop for each member
//
while ( UasEnumHandle->Index < UasEnumHandle->Count ) {
DWORD cbMemberSid;
PUNICODE_STRING DomainName, UserName;
UNICODE_STRING tempDomain, tempUser;
//
// ASSERT: UasEnumHandle identifies the next entry to return
//
#if 0
//
// Ignore members which aren't a user.
//
if ( UasEnumHandle->NameUse[UasEnumHandle->Index] != SidTypeUser ) {
continue;
}
#endif
//
// Place this entry into the return buffer.
// Compute the total size of this entry. Both info levels have the
// member's SID. Cache the member sid size for copying
//
cbMemberSid = RtlLengthSid( UasEnumHandle->MemberSids[UasEnumHandle->Index] ) ;
Size = FixedSize;
if( UasEnumHandle->Names == NULL || UasEnumHandle->RefDomains == NULL )
{
RtlInitUnicodeString( &tempDomain, L"" );
DomainName = &tempDomain;
RtlInitUnicodeString( &tempUser, L"" );
UserName = &tempUser;
}
else
{
//
// If the domain is unknown, set to the empty string.
//
if (UasEnumHandle->Names[UasEnumHandle->Index].DomainIndex == LSA_UNKNOWN_INDEX) {
RtlInitUnicodeString( &tempDomain, L"" );
DomainName = &tempDomain;
} else {
DomainName = &UasEnumHandle->RefDomains->Domains[UasEnumHandle->Names[UasEnumHandle->Index].DomainIndex].Name;
}
UserName = &UasEnumHandle->Names[UasEnumHandle->Index].Name;
}
switch ( Level )
{
case 0:
Size += cbMemberSid;
break ;
case 1:
Size += cbMemberSid +
UserName->Length +
sizeof( WCHAR );
break ;
case 2:
Size += cbMemberSid +
DomainName->Length + sizeof(WCHAR) +
UserName->Length +
sizeof( WCHAR );
break ;
case 3:
Size += DomainName->Length + sizeof(WCHAR) +
UserName->Length +
sizeof( WCHAR );
break ;
default:
NetStatus = ERROR_INVALID_LEVEL;
goto Cleanup;
}
//
// Ensure there is buffer space for this information.
//
Size = ROUND_UP_COUNT( Size, ALIGN_DWORD );
NetStatus = NetpAllocateEnumBuffer(
&BufferDescriptor,
FALSE, // Not a 'get' operation
PrefMaxLen,
Size,
AliaspMemberRelocationRoutine,
Level );
if (NetStatus != NERR_Success) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint((
"NetLocalGroupGetMembers: NetpAllocateEnumBuffer returns %ld\n",
NetStatus ));
}
goto Cleanup;
}
//
// Copy the common member sid
//
lgrmi0 = (PLOCALGROUP_MEMBERS_INFO_0)BufferDescriptor.FixedDataEnd;
BufferDescriptor.FixedDataEnd += FixedSize;
if ( Level == 0 || Level == 1 || Level == 2 ) {
NetpAssert( offsetof( LOCALGROUP_MEMBERS_INFO_0, lgrmi0_sid ) ==
offsetof( LOCALGROUP_MEMBERS_INFO_1, lgrmi1_sid ) );
NetpAssert( offsetof( LOCALGROUP_MEMBERS_INFO_0, lgrmi0_sid ) ==
offsetof( LOCALGROUP_MEMBERS_INFO_2, lgrmi2_sid ) );
NetpAssert( offsetof( LOCALGROUP_MEMBERS_INFO_0, lgrmi0_sid ) ==
offsetof( LOCALGROUP_MEMBERS_INFO_2, lgrmi2_sid ) );
if ( ! NetpCopyDataToBuffer(
(LPBYTE) UasEnumHandle->MemberSids[UasEnumHandle->Index],
cbMemberSid,
BufferDescriptor.FixedDataEnd,
(LPBYTE *)&BufferDescriptor.EndOfVariableData,
(LPBYTE *)&lgrmi0->lgrmi0_sid,
ALIGN_DWORD ) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
}
//
// Copy DomainName\MemberName
//
if ( Level == 2 || Level == 3 ) {
LPWSTR TempString;
//
// Copy the terminating zero after domain\membername
//
// It might seem you'd want to copy the domain name first,
// but the strings are being copied to the tail of the allocated
// buffer.
//
if ( ! NetpCopyDataToBuffer(
(LPBYTE) L"",
sizeof(WCHAR),
BufferDescriptor.FixedDataEnd,
(LPBYTE *)&BufferDescriptor.EndOfVariableData,
(LPBYTE *)&TempString,
ALIGN_WCHAR) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
//
// Copy the member name portion of domain\membername
//
if ( ! NetpCopyDataToBuffer(
(LPBYTE) UserName->Buffer,
UserName->Length,
BufferDescriptor.FixedDataEnd,
(LPBYTE *)&BufferDescriptor.EndOfVariableData,
(LPBYTE *)&MemberName,
ALIGN_WCHAR) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
//
// Only prepend the dommain name if it is there.
//
if ( DomainName->Length > 0 ) {
//
// Copy the separating \ between domain\membername
//
if ( ! NetpCopyDataToBuffer(
(LPBYTE) L"\\",
sizeof(WCHAR),
BufferDescriptor.FixedDataEnd,
(LPBYTE *)&BufferDescriptor.EndOfVariableData,
(LPBYTE *)&TempString,
ALIGN_WCHAR) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
//
// Copy the domain name onto the front of the domain\membername.
//
if ( ! NetpCopyDataToBuffer(
(LPBYTE) DomainName->Buffer,
DomainName->Length,
BufferDescriptor.FixedDataEnd,
(LPBYTE *)&BufferDescriptor.EndOfVariableData,
(LPBYTE *)&MemberName,
ALIGN_WCHAR) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
}
}
//
// Fill in the Level dependent fields
//
switch ( Level ) {
case 0:
break ;
case 1:
//
// Copy the Member name and sid usage
//
if ( ! NetpCopyStringToBuffer(
UserName->Buffer,
UserName->Length /sizeof(WCHAR),
BufferDescriptor.FixedDataEnd,
(LPWSTR *)&BufferDescriptor.EndOfVariableData,
&((PLOCALGROUP_MEMBERS_INFO_1)lgrmi0)->lgrmi1_name) ) {
NetStatus = NERR_InternalError;
goto Cleanup;
}
((PLOCALGROUP_MEMBERS_INFO_1)lgrmi0)->lgrmi1_sidusage =
UasEnumHandle->Names ?
UasEnumHandle->Names[UasEnumHandle->Index].Use :
SidTypeUnknown;
break ;
case 2:
//
// Copy the Member name and sid usage
//
((PLOCALGROUP_MEMBERS_INFO_2)lgrmi0)->lgrmi2_domainandname = MemberName;
((PLOCALGROUP_MEMBERS_INFO_2)lgrmi0)->lgrmi2_sidusage =
UasEnumHandle->Names ?
UasEnumHandle->Names[UasEnumHandle->Index].Use :
SidTypeUnknown;
break ;
case 3:
//
// Copy the Member name and sid usage
//
((PLOCALGROUP_MEMBERS_INFO_3)lgrmi0)->lgrmi3_domainandname = MemberName;
break;
default:
NetStatus = ERROR_INVALID_LEVEL;
goto Cleanup;
}
//
// ASSERT: The current entry has been completely copied to the
// return buffer.
//
UasEnumHandle->Index ++;
(*EntriesRead)++;
}
//
// All entries have been returned to the caller.
//
NetStatus = NERR_Success;
//
// Clean up.
//
Cleanup:
//
// Set EntriesLeft to the number left to return plus those that
// we returned on this call.
//
if ( UasEnumHandle != NULL ) {
*EntriesLeft = (UasEnumHandle->Count - UasEnumHandle->Index)
+ *EntriesRead;
}
//
// If we're done or the caller doesn't want an enumeration handle,
// free the enumeration handle.
//
if ( NetStatus != ERROR_MORE_DATA || !ARGUMENT_PRESENT( ResumeHandle ) ) {
if ( UasEnumHandle != NULL ) {
if ( UasEnumHandle->LsaHandle != NULL ) {
(void) LsaClose( UasEnumHandle->LsaHandle );
}
if ( UasEnumHandle->AliasHandle != NULL ) {
(void) SamCloseHandle( UasEnumHandle->AliasHandle );
}
if ( UasEnumHandle->Names != NULL ) {
(void) LsaFreeMemory( UasEnumHandle->Names );
}
if ( UasEnumHandle->RefDomains != NULL ) {
(void) LsaFreeMemory( UasEnumHandle->RefDomains );
}
if ( UasEnumHandle->MemberSids != NULL ) {
(void) SamFreeMemory( UasEnumHandle->MemberSids );
}
NetpMemoryFree( UasEnumHandle );
UasEnumHandle = NULL;
}
}
//
// If we're not returning data to the caller,
// free the return buffer.
//
if ( NetStatus != NERR_Success && NetStatus != ERROR_MORE_DATA ) {
if ( BufferDescriptor.Buffer != NULL ) {
MIDL_user_free( BufferDescriptor.Buffer );
}
BufferDescriptor.Buffer = NULL;
}
//
// Set the output parameters
//
*Buffer = BufferDescriptor.Buffer;
if ( ARGUMENT_PRESENT( ResumeHandle ) ) {
NetpAssert( sizeof(UasEnumHandle) <= sizeof(DWORD_PTR) );
*ResumeHandle = (DWORD_PTR) UasEnumHandle;
}
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupGetMembers: returns %ld\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupGetMembers
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupSetInfo(
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
IN LPBYTE Buffer,
OUT LPDWORD ParmError OPTIONAL // Name required by NetpSetParmError
)
/*++
Routine Description:
Set the parameters on a local group account in the user accounts database.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
GroupName - Name of the group to modify.
Level - Level of information provided. Must be 1.
Buffer - A pointer to the buffer containing the local group
information structure.
ParmError - Optional pointer to a DWORD to return the index of the
first parameter in error when ERROR_INVALID_PARAMETER is returned.
If NULL, the parameter is not returned on error.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
SAM_HANDLE SamServerHandle = NULL;
SAM_HANDLE AliasHandle = NULL;
//
// Initialize
//
NetpSetParmError( PARM_ERROR_NONE );
//
// Connect to the SAM server
//
NetStatus = UaspOpenSam( ServerName,
FALSE, // Don't try null session
&SamServerHandle );
if ( NetStatus != NERR_Success ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: Cannot UaspOpenSam %ld\n", NetStatus ));
}
goto Cleanup;
}
//
// Look for the specified alias in either the builtin or account
// domain.
//
NetStatus = AliaspOpenAliasInDomain(
SamServerHandle,
AliaspBuiltinOrAccountDomain,
ALIAS_WRITE_ACCOUNT,
LocalGroupName,
&AliasHandle );
if (NetStatus != NERR_Success) {
goto Cleanup;
}
//
// Change the alias
//
switch (Level) {
case 0:
//
// Set alias name
//
{
LPWSTR NewAliasName;
ALIAS_NAME_INFORMATION NewSamAliasName;
NewAliasName = ((PLOCALGROUP_INFO_0)Buffer)->lgrpi0_name;
if (NewAliasName == NULL) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: Alias Name is NULL\n" ));
}
NetStatus = NERR_Success;
goto Cleanup;
}
RtlInitUnicodeString( &NewSamAliasName.Name, NewAliasName );
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalAliasSetInfo: Renaming Alias Account to %wZ\n",
&NewSamAliasName.Name));
}
Status = SamSetInformationAlias( AliasHandle,
AliasNameInformation,
&NewSamAliasName );
if ( !NT_SUCCESS(Status) ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: SamSetInformationAlias %lX\n",
Status ));
}
NetStatus = NetpNtStatusToApiStatus( Status );
if (NetStatus == ERROR_INVALID_PARAMETER) {
NetpSetParmError(LOCALGROUP_NAME_PARMNUM);
}
goto Cleanup;
}
break;
}
case 1:
case 1002:
//
// Set the alias comment
//
{
LPWSTR AliasComment;
ALIAS_ADM_COMMENT_INFORMATION AdminComment;
//
// Get the new alias comment
//
if ( Level == 1002 ) {
AliasComment = ((PLOCALGROUP_INFO_1002)Buffer)->lgrpi1002_comment;
} else {
AliasComment = ((PLOCALGROUP_INFO_1)Buffer)->lgrpi1_comment;
}
if ( AliasComment == NULL ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: Alias comment is NULL\n" ));
}
NetStatus = NERR_Success;
goto Cleanup;
}
RtlInitUnicodeString( &AdminComment.AdminComment, AliasComment );
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: Setting AdminComment to %wZ\n",
&AdminComment.AdminComment ));
}
Status = SamSetInformationAlias( AliasHandle,
AliasAdminCommentInformation,
&AdminComment );
if ( !NT_SUCCESS(Status) ) {
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: SamSetInformationAlias %lX\n",
Status ));
}
NetStatus = NetpNtStatusToApiStatus( Status );
if (NetStatus == ERROR_INVALID_PARAMETER) {
NetpSetParmError(LOCALGROUP_COMMENT_PARMNUM);
}
goto Cleanup;
}
break;
}
default:
NetStatus = ERROR_INVALID_LEVEL;
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: Invalid Level %lu\n", Level ));
}
goto Cleanup;
}
NetStatus = NERR_Success;
//
// Clean up.
//
Cleanup:
if (AliasHandle != NULL) {
(VOID) SamCloseHandle( AliasHandle );
}
if ( SamServerHandle != NULL ) {
(VOID) SamCloseHandle( SamServerHandle );
}
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetInfo: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupSetInfo
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupSetMembers (
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
IN LPBYTE Buffer,
IN DWORD NewMemberCount
)
/*++
Routine Description:
Set the list of members of a local group.
The SAM API allows only one member to be added or deleted at a time.
This API allows all of the members of a alias to be specified en-masse.
This API is careful to always leave the alias membership in the SAM
database in a reasonable state. It does by mergeing the list of
old and new members, then only changing those memberships which absolutely
need changing.
Alias membership is restored to its previous state (if possible) if
an error occurs during changing the alias membership.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the alias to modify.
Level - Level of information provided. Must be 0 or 3.
Buffer - A pointer to the buffer containing an array of NewMemberCount
the alias membership information structures.
NewMemberCount - Number of entries in Buffer.
Return Value:
Error code for the operation.
NERR_GroupNotFound - The specified LocalGroupName does not exist
ERROR_NO_SUCH_MEMBER - One or more of the members doesn't exist. Therefore,
the local group membership was not changed.
ERROR_INVALID_MEMBER - one or more of the members cannot be added because
it has an invalid account type. Therefore, the local group membership
was not changed.
--*/
{
NET_API_STATUS NetStatus;
NetStatus = AliaspSetMembers( ServerName,
LocalGroupName,
Level,
Buffer,
NewMemberCount,
SetMembers );
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupSetMembers: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupSetMembers
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupAddMembers (
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
IN LPBYTE Buffer,
IN DWORD NewMemberCount
)
/*++
Routine Description:
Add the list of members of a local group. Any previous members of the
local group are preserved.
The SAM API allows only one member to be added at a time.
This API allows several new members of a alias to be specified en-masse.
This API is careful to always leave the alias membership in the SAM
database in a reasonable state.
Alias membership is restored to its previous state (if possible) if
an error occurs during changing the alias membership.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the alias to modify.
Level - Level of information provided. Must be 0 or 3.
Buffer - A pointer to the buffer containing an array of NewMemberCount
the alias membership information structures.
NewMemberCount - Number of entries in Buffer.
Return Value:
NERR_Success - Members were added successfully
NERR_GroupNotFound - The specified LocalGroupName does not exist
ERROR_NO_SUCH_MEMBER - One or more of the members doesn't exist. Therefore,
no new members were added.
ERROR_MEMBER_IN_ALIAS - one or more of the members specified were already
members of the local group. Therefore, no new members were added.
ERROR_INVALID_MEMBER - one or more of the members cannot be added because
it has an invalid account type. Therefore, no new members were added.
--*/
{
NET_API_STATUS NetStatus;
NetStatus = AliaspSetMembers( ServerName,
LocalGroupName,
Level,
Buffer,
NewMemberCount,
AddMembers );
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupAddMembers: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupAddMembers
NET_API_STATUS NET_API_FUNCTION
NetLocalGroupDelMembers (
IN LPCWSTR ServerName OPTIONAL,
IN LPCWSTR LocalGroupName,
IN DWORD Level,
IN LPBYTE Buffer,
IN DWORD NewMemberCount
)
/*++
Routine Description:
Delete the list of members of a local group.
The SAM API allows only one member to be deleted at a time.
This API allows several members of a alias to be specified en-masse.
This API is careful to always leave the alias membership in the SAM
database in a reasonable state.
Alias membership is restored to its previous state (if possible) if
an error occurs during changing the alias membership.
Arguments:
ServerName - A pointer to a string containing the name of the remote
server on which the function is to execute. A NULL pointer
or string specifies the local machine.
LocalGroupName - Name of the alias to modify.
Level - Level of information provided. Must be 0 or 3.
Buffer - A pointer to the buffer containing an array of NewMemberCount
the alias membership information structures.
NewMemberCount - Number of entries in Buffer.
Return Value:
NERR_Success - Members were added successfully
NERR_GroupNotFound - The specified LocalGroupName does not exist
ERROR_MEMBER_NOT_IN_ALIAS - one or more of the members specified were not
in the local group. Therefore, no members were deleted.
ERROR_NO_SUCH_MEMBER - One or more of the members doesn't exist. Therefore,
no new members were added.
--*/
{
NET_API_STATUS NetStatus;
NetStatus = AliaspSetMembers( ServerName,
LocalGroupName,
Level,
Buffer,
NewMemberCount,
DelMembers );
IF_DEBUG( UAS_DEBUG_ALIAS ) {
NetpKdPrint(( "NetLocalGroupDelMembers: returns %lu\n", NetStatus ));
}
return NetStatus;
} // NetLocalGroupDelMembers
/*lint +e614 */
/*lint +e740 */