bind/lib/isc/win32/ntgroups.c

/*
 * Copyright (C) 2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: ntgroups.c,v 1.2 2001/09/28 23:34:55 gson Exp $ */

/*
 * The NT Groups have two groups that are not well documented and are
 * not normally seen: None and Everyone.  A user account belongs to
 * any number of groups, but if it is not a member of any group then
 * it is a member of the None Group. The None group is not listed
 * anywhere. You cannot remove an account from the none group except
 * by making it a member of some other group, The second group is the
 * Everyone group.  All accounts, no matter how many groups that they
 * belong to, also belong to the Everyone group. You cannot remove an
 * account from the Everyone group.
 */

#ifndef UNICODE
#define UNICODE
#endif /* UNICODE */

#include <windows.h>
#include <assert.h>
#include <lm.h>

#include <isc/ntgroups.h>

#define MAX_NAME_LENGTH 25

#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS  ((NTSTATUS)0x00000000L)
#endif

int
isc_ntsecurity_getaccountgroups(char *username, char **GroupList,
				unsigned int maxgroups,
				unsigned int *totalGroups)
{
	LPGROUP_USERS_INFO_0 pTmpBuf;
	LPLOCALGROUP_USERS_INFO_0 pTmpLBuf;
	DWORD i;
	LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
	LPGROUP_USERS_INFO_0 pgrpBuf = NULL;
	DWORD dwLevel = 0;
	DWORD dwFlags = LG_INCLUDE_INDIRECT;
	DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
	DWORD dwEntriesRead = 0;
	DWORD dwTotalEntries = 0;
	NET_API_STATUS nStatus;
	DWORD dwTotalCount = 0;
	int retlen;

	wchar_t *user = (wchar_t *)malloc(MAX_NAME_LENGTH*sizeof(wchar_t) + 1);

	retlen = mbstowcs(user, username, MAX_NAME_LENGTH);

	*totalGroups = 0;
	/*
	 * Call the NetUserGetLocalGroups function 
	 * specifying information level 0.
	 *
	 * The LG_INCLUDE_INDIRECT flag specifies that the 
	 * function should also return the names of the local 
	 * groups in which the user is indirectly a member.
	 */
	nStatus = NetUserGetLocalGroups(NULL,
                                   user,
                                   dwLevel,
                                   dwFlags,
                                   (LPBYTE *) &pBuf,
                                   dwPrefMaxLen,
                                   &dwEntriesRead,
                                   &dwTotalEntries);
	/*
	 * If the call succeeds,
	 */
	if (nStatus != NERR_Success)
		return (nStatus);

 	dwTotalCount = 0;
	if ((pTmpLBuf = pBuf) != NULL) {
		/*
		 * Loop through the entries
		 */
	         for (i = 0;
		     (i < dwEntriesRead && *totalGroups < maxgroups); i++)
		 {
			assert(pTmpLBuf != NULL);
			if (pTmpLBuf == NULL)
				break;
			retlen = wcslen(pTmpLBuf->lgrui0_name);
			GroupList[*totalGroups] = (char *) malloc(retlen +1);
			retlen = wcstombs(GroupList[*totalGroups],
				 pTmpLBuf->lgrui0_name, retlen);
			GroupList[*totalGroups][retlen] = '\0';
			if (strcmp(GroupList[*totalGroups], "None") == 0)
				free(GroupList[*totalGroups]);
			else
				(*totalGroups)++;
			pTmpLBuf++;
		}
	}

	if (pBuf != NULL)
		NetApiBufferFree(pBuf);

	/*
	 * Call the NetUserGetGroups function, specifying level 0.
	 */
	nStatus = NetUserGetGroups(NULL,
                              user,
                              dwLevel,
                              (LPBYTE*)&pgrpBuf,
                              dwPrefMaxLen,
                              &dwEntriesRead,
                              &dwTotalEntries);
	/*
	 * If the call succeeds,
	 */
	if (nStatus != NERR_Success)
		return (nStatus);
 
	if ((pTmpBuf = pgrpBuf) != NULL) {
		/*
		 * Loop through the entries
		 */
	         for (i = 0;
		     (i < dwEntriesRead && *totalGroups < maxgroups); i++) 
		 {
			assert(pTmpBuf != NULL);

			if (pTmpBuf == NULL)
				break;
			retlen = wcslen(pTmpBuf->grui0_name);
			GroupList[*totalGroups] = (char *) malloc(retlen +1);
			retlen = wcstombs(GroupList[*totalGroups],
				 pTmpBuf->grui0_name, retlen);
			GroupList[*totalGroups][retlen] = '\0';
			if (strcmp(GroupList[*totalGroups], "None") == 0)
				free(GroupList[*totalGroups]);
			else
				(*totalGroups)++;
			pTmpBuf++;
		}
	}

	if (pgrpBuf != NULL)
		NetApiBufferFree(pgrpBuf);

	if (user != NULL)
		free(user);

	return (0);
}
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`/*`
			`* Copyright (C) 2001 Internet Software Consortium.`
			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM`
			`* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL`
			`* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,`
			`* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING`
			`* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,`
			`* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION`
			`* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`

style 2001-09-28 23:34:55 +00:00			`/* $Id: ntgroups.c,v 1.2 2001/09/28 23:34:55 gson Exp $ */`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00
			`/*`
style 2001-09-28 23:34:55 +00:00			`* The NT Groups have two groups that are not well documented and are`
			`* not normally seen: None and Everyone. A user account belongs to`
			`* any number of groups, but if it is not a member of any group then`
			`* it is a member of the None Group. The None group is not listed`
			`* anywhere. You cannot remove an account from the none group except`
			`* by making it a member of some other group, The second group is the`
			`* Everyone group. All accounts, no matter how many groups that they`
			`* belong to, also belong to the Everyone group. You cannot remove an`
			`* account from the Everyone group.`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`*/`

			`#ifndef UNICODE`
			`#define UNICODE`
style 2001-09-28 23:34:55 +00:00			`#endif /* UNICODE */`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00
			`#include <windows.h>`
			`#include <assert.h>`
			`#include <lm.h>`

			`#include <isc/ntgroups.h>`

			`#define MAX_NAME_LENGTH 25`

			`#ifndef STATUS_SUCCESS`
			`#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)`
			`#endif`

			`int`
			`isc_ntsecurity_getaccountgroups(char username, char *GroupList,`
			`unsigned int maxgroups,`
style 2001-09-28 23:34:55 +00:00			`unsigned int *totalGroups)`
			`{`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`LPGROUP_USERS_INFO_0 pTmpBuf;`
			`LPLOCALGROUP_USERS_INFO_0 pTmpLBuf;`
			`DWORD i;`
			`LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;`
			`LPGROUP_USERS_INFO_0 pgrpBuf = NULL;`
			`DWORD dwLevel = 0;`
			`DWORD dwFlags = LG_INCLUDE_INDIRECT;`
			`DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;`
			`DWORD dwEntriesRead = 0;`
			`DWORD dwTotalEntries = 0;`
			`NET_API_STATUS nStatus;`
			`DWORD dwTotalCount = 0;`
			`int retlen;`
style 2001-09-28 23:34:55 +00:00
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`wchar_t user = (wchar_t )malloc(MAX_NAME_LENGTH*sizeof(wchar_t) + 1);`

			`retlen = mbstowcs(user, username, MAX_NAME_LENGTH);`

			`*totalGroups = 0;`
			`/*`
			`* Call the NetUserGetLocalGroups function`
			`* specifying information level 0.`
			`*`
			`* The LG_INCLUDE_INDIRECT flag specifies that the`
			`* function should also return the names of the local`
			`* groups in which the user is indirectly a member.`
			`*/`
			`nStatus = NetUserGetLocalGroups(NULL,`
			`user,`
			`dwLevel,`
			`dwFlags,`
			`(LPBYTE *) &pBuf,`
			`dwPrefMaxLen,`
			`&dwEntriesRead,`
			`&dwTotalEntries);`
			`/*`
			`* If the call succeeds,`
			`*/`
style 2001-09-28 23:34:55 +00:00			`if (nStatus != NERR_Success)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`return (nStatus);`
style 2001-09-28 23:34:55 +00:00
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`dwTotalCount = 0;`
			`if ((pTmpLBuf = pBuf) != NULL) {`
			`/*`
			`* Loop through the entries`
			`*/`
			`for (i = 0;`
style 2001-09-28 23:34:55 +00:00			`(i < dwEntriesRead && *totalGroups < maxgroups); i++)`
			`{`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`assert(pTmpLBuf != NULL);`
style 2001-09-28 23:34:55 +00:00			`if (pTmpLBuf == NULL)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`break;`
			`retlen = wcslen(pTmpLBuf->lgrui0_name);`
			`GroupList[totalGroups] = (char ) malloc(retlen +1);`
			`retlen = wcstombs(GroupList[*totalGroups],`
			`pTmpLBuf->lgrui0_name, retlen);`
			`GroupList[*totalGroups][retlen] = '\0';`
style 2001-09-28 23:34:55 +00:00			`if (strcmp(GroupList[*totalGroups], "None") == 0)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`free(GroupList[*totalGroups]);`
style 2001-09-28 23:34:55 +00:00			`else`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`(*totalGroups)++;`
			`pTmpLBuf++;`
			`}`
			`}`
style 2001-09-28 23:34:55 +00:00
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`if (pBuf != NULL)`
			`NetApiBufferFree(pBuf);`

			`/*`
			`* Call the NetUserGetGroups function, specifying level 0.`
			`*/`
			`nStatus = NetUserGetGroups(NULL,`
			`user,`
			`dwLevel,`
			`(LPBYTE*)&pgrpBuf,`
			`dwPrefMaxLen,`
			`&dwEntriesRead,`
			`&dwTotalEntries);`
			`/*`
			`* If the call succeeds,`
			`*/`
style 2001-09-28 23:34:55 +00:00			`if (nStatus != NERR_Success)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`return (nStatus);`

			`if ((pTmpBuf = pgrpBuf) != NULL) {`
			`/*`
			`* Loop through the entries`
			`*/`
			`for (i = 0;`
style 2001-09-28 23:34:55 +00:00			`(i < dwEntriesRead && *totalGroups < maxgroups); i++)`
			`{`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`assert(pTmpBuf != NULL);`

style 2001-09-28 23:34:55 +00:00			`if (pTmpBuf == NULL)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`break;`
			`retlen = wcslen(pTmpBuf->grui0_name);`
			`GroupList[totalGroups] = (char ) malloc(retlen +1);`
			`retlen = wcstombs(GroupList[*totalGroups],`
			`pTmpBuf->grui0_name, retlen);`
			`GroupList[*totalGroups][retlen] = '\0';`
style 2001-09-28 23:34:55 +00:00			`if (strcmp(GroupList[*totalGroups], "None") == 0)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`free(GroupList[*totalGroups]);`
style 2001-09-28 23:34:55 +00:00			`else`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`(*totalGroups)++;`
			`pTmpBuf++;`
			`}`
			`}`
style 2001-09-28 23:34:55 +00:00
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`if (pgrpBuf != NULL)`
			`NetApiBufferFree(pgrpBuf);`

style 2001-09-28 23:34:55 +00:00			`if (user != NULL)`
Code to fetch list of NT Groups for a given account. This is used for retrieving privilege information and rights for an account as well as for NTFS File system and other object security 2001-09-25 01:37:02 +00:00			`free(user);`

			`return (0);`
			`}`