1 /* $NetBSD: ntgroups.c,v 1.5 2014/12/10 04:38:01 christos Exp $ */
2
3 /*
4 * Copyright (C) 2004, 2006, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2001 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /* Id: ntgroups.c,v 1.12 2009/09/29 23:48:04 tbox Exp */
21
22 /*
23 * The NT Groups have two groups that are not well documented and are
24 * not normally seen: None and Everyone. A user account belongs to
25 * any number of groups, but if it is not a member of any group then
26 * it is a member of the None Group. The None group is not listed
27 * anywhere. You cannot remove an account from the none group except
28 * by making it a member of some other group, The second group is the
29 * Everyone group. All accounts, no matter how many groups that they
30 * belong to, also belong to the Everyone group. You cannot remove an
31 * account from the Everyone group.
32 */
33
34 #ifndef UNICODE
35 #define UNICODE
36 #endif /* UNICODE */
37
38 /*
39 * Silence warnings.
40 */
41 #define _CRT_SECURE_NO_DEPRECATE 1
42
43 #include <windows.h>
44 #include <assert.h>
45 #include <lm.h>
46
47 #include <isc/ntgroups.h>
48 #include <isc/result.h>
49
50 #define MAX_NAME_LENGTH 256
51
52 isc_result_t
isc_ntsecurity_getaccountgroups(char * username,char ** GroupList,unsigned int maxgroups,unsigned int * totalGroups)53 isc_ntsecurity_getaccountgroups(char *username, char **GroupList,
54 unsigned int maxgroups,
55 unsigned int *totalGroups) {
56 LPGROUP_USERS_INFO_0 pTmpBuf;
57 LPLOCALGROUP_USERS_INFO_0 pTmpLBuf;
58 DWORD i;
59 LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
60 LPGROUP_USERS_INFO_0 pgrpBuf = NULL;
61 DWORD dwLevel = 0;
62 DWORD dwFlags = LG_INCLUDE_INDIRECT;
63 DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
64 DWORD dwEntriesRead = 0;
65 DWORD dwTotalEntries = 0;
66 NET_API_STATUS nStatus;
67 size_t retlen;
68 wchar_t user[MAX_NAME_LENGTH];
69
70 retlen = mbstowcs(user, username, MAX_NAME_LENGTH);
71
72 *totalGroups = 0;
73 /*
74 * Call the NetUserGetLocalGroups function
75 * specifying information level 0.
76 *
77 * The LG_INCLUDE_INDIRECT flag specifies that the
78 * function should also return the names of the local
79 * groups in which the user is indirectly a member.
80 */
81 nStatus = NetUserGetLocalGroups(NULL,
82 user,
83 dwLevel,
84 dwFlags,
85 (LPBYTE *) &pBuf,
86 dwPrefMaxLen,
87 &dwEntriesRead,
88 &dwTotalEntries);
89 /*
90 * See if the call succeeds,
91 */
92 if (nStatus != NERR_Success) {
93 if (nStatus == ERROR_ACCESS_DENIED)
94 return (ISC_R_NOPERM);
95 if (nStatus == ERROR_MORE_DATA)
96 return (ISC_R_NOSPACE);
97 if (nStatus == NERR_UserNotFound)
98 dwEntriesRead = 0;
99 }
100
101 if (pBuf != NULL) {
102 pTmpLBuf = pBuf;
103 /*
104 * Loop through the entries
105 */
106 for (i = 0;
107 (i < dwEntriesRead && *totalGroups < maxgroups); i++) {
108 assert(pTmpLBuf != NULL);
109 if (pTmpLBuf == NULL)
110 break;
111 retlen = wcslen(pTmpLBuf->lgrui0_name);
112 GroupList[*totalGroups] = (char *) malloc(retlen +1);
113 if (GroupList[*totalGroups] == NULL)
114 return (ISC_R_NOMEMORY);
115
116 retlen = wcstombs(GroupList[*totalGroups],
117 pTmpLBuf->lgrui0_name, retlen);
118 GroupList[*totalGroups][retlen] = '\0';
119 if (strcmp(GroupList[*totalGroups], "None") == 0)
120 free(GroupList[*totalGroups]);
121 else
122 (*totalGroups)++;
123 pTmpLBuf++;
124 }
125 }
126 /* Free the allocated memory. */
127 if (pBuf != NULL)
128 NetApiBufferFree(pBuf);
129
130
131 /*
132 * Call the NetUserGetGroups function, specifying level 0.
133 */
134 nStatus = NetUserGetGroups(NULL,
135 user,
136 dwLevel,
137 (LPBYTE*)&pgrpBuf,
138 dwPrefMaxLen,
139 &dwEntriesRead,
140 &dwTotalEntries);
141 /*
142 * See if the call succeeds,
143 */
144 if (nStatus != NERR_Success) {
145 if (nStatus == ERROR_ACCESS_DENIED)
146 return (ISC_R_NOPERM);
147 if (nStatus == ERROR_MORE_DATA)
148 return (ISC_R_NOSPACE);
149 if (nStatus == NERR_UserNotFound)
150 dwEntriesRead = 0;
151 }
152
153 if (pgrpBuf != NULL) {
154 pTmpBuf = pgrpBuf;
155 /*
156 * Loop through the entries
157 */
158 for (i = 0;
159 (i < dwEntriesRead && *totalGroups < maxgroups); i++) {
160 assert(pTmpBuf != NULL);
161
162 if (pTmpBuf == NULL)
163 break;
164 retlen = wcslen(pTmpBuf->grui0_name);
165 GroupList[*totalGroups] = (char *) malloc(retlen +1);
166 if (GroupList[*totalGroups] == NULL)
167 return (ISC_R_NOMEMORY);
168
169 retlen = wcstombs(GroupList[*totalGroups],
170 pTmpBuf->grui0_name, retlen);
171 GroupList[*totalGroups][retlen] = '\0';
172 if (strcmp(GroupList[*totalGroups], "None") == 0)
173 free(GroupList[*totalGroups]);
174 else
175 (*totalGroups)++;
176 pTmpBuf++;
177 }
178 }
179 /*
180 * Free the allocated memory.
181 */
182 if (pgrpBuf != NULL)
183 NetApiBufferFree(pgrpBuf);
184
185 return (ISC_R_SUCCESS);
186 }
187