1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* The NT Groups have two groups that are not well documented and are
* not normally seen: None and Everyone. A user account belongs to
* any number of groups, but if it is not a member of any group then
* it is a member of the None Group. The None group is not listed
* anywhere. You cannot remove an account from the none group except
* by making it a member of some other group, The second group is the
* Everyone group. All accounts, no matter how many groups that they
* belong to, also belong to the Everyone group. You cannot remove an
* account from the Everyone group.
*/
#ifndef UNICODE
#define UNICODE
#endif /* UNICODE */
/*
* Silence warnings.
*/
#define _CRT_SECURE_NO_DEPRECATE 1
#include <windows.h>
#include <assert.h>
#include <lm.h>
#include <isc/ntgroups.h>
#include <isc/result.h>
#define MAX_NAME_LENGTH 256
isc_result_t
isc_ntsecurity_getaccountgroups(char *username, char **GroupList,
unsigned int maxgroups,
unsigned int *totalGroups) {
LPGROUP_USERS_INFO_0 pTmpBuf;
LPLOCALGROUP_USERS_INFO_0 pTmpLBuf;
DWORD i;
LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
LPGROUP_USERS_INFO_0 pgrpBuf = NULL;
DWORD dwLevel = 0;
DWORD dwFlags = LG_INCLUDE_INDIRECT;
DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
NET_API_STATUS nStatus;
size_t retlen;
wchar_t user[MAX_NAME_LENGTH];
retlen = mbstowcs(user, username, MAX_NAME_LENGTH);
*totalGroups = 0;
/*
* Call the NetUserGetLocalGroups function
* specifying information level 0.
*
* The LG_INCLUDE_INDIRECT flag specifies that the
* function should also return the names of the local
* groups in which the user is indirectly a member.
*/
nStatus = NetUserGetLocalGroups(NULL,
user,
dwLevel,
dwFlags,
(LPBYTE *) &pBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries);
/*
* See if the call succeeds,
*/
if (nStatus != NERR_Success) {
if (nStatus == ERROR_ACCESS_DENIED)
return (ISC_R_NOPERM);
if (nStatus == ERROR_MORE_DATA)
return (ISC_R_NOSPACE);
if (nStatus == NERR_UserNotFound)
dwEntriesRead = 0;
}
if (pBuf != NULL) {
pTmpLBuf = pBuf;
/*
* Loop through the entries
*/
for (i = 0;
(i < dwEntriesRead && *totalGroups < maxgroups); i++) {
assert(pTmpLBuf != NULL);
if (pTmpLBuf == NULL)
break;
retlen = wcslen(pTmpLBuf->lgrui0_name);
GroupList[*totalGroups] = (char *) malloc(retlen +1);
if (GroupList[*totalGroups] == NULL)
return (ISC_R_NOMEMORY);
retlen = wcstombs(GroupList[*totalGroups],
pTmpLBuf->lgrui0_name, retlen);
GroupList[*totalGroups][retlen] = '\0';
if (strcmp(GroupList[*totalGroups], "None") == 0)
free(GroupList[*totalGroups]);
else
(*totalGroups)++;
pTmpLBuf++;
}
}
/* Free the allocated memory. */
if (pBuf != NULL)
NetApiBufferFree(pBuf);
/*
* Call the NetUserGetGroups function, specifying level 0.
*/
nStatus = NetUserGetGroups(NULL,
user,
dwLevel,
(LPBYTE*)&pgrpBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries);
/*
* See if the call succeeds,
*/
if (nStatus != NERR_Success) {
if (nStatus == ERROR_ACCESS_DENIED)
return (ISC_R_NOPERM);
if (nStatus == ERROR_MORE_DATA)
return (ISC_R_NOSPACE);
if (nStatus == NERR_UserNotFound)
dwEntriesRead = 0;
}
if (pgrpBuf != NULL) {
pTmpBuf = pgrpBuf;
/*
* Loop through the entries
*/
for (i = 0;
(i < dwEntriesRead && *totalGroups < maxgroups); i++) {
assert(pTmpBuf != NULL);
if (pTmpBuf == NULL)
break;
retlen = wcslen(pTmpBuf->grui0_name);
GroupList[*totalGroups] = (char *) malloc(retlen +1);
if (GroupList[*totalGroups] == NULL)
return (ISC_R_NOMEMORY);
retlen = wcstombs(GroupList[*totalGroups],
pTmpBuf->grui0_name, retlen);
GroupList[*totalGroups][retlen] = '\0';
if (strcmp(GroupList[*totalGroups], "None") == 0)
free(GroupList[*totalGroups]);
else
(*totalGroups)++;
pTmpBuf++;
}
}
/*
* Free the allocated memory.
*/
if (pgrpBuf != NULL)
NetApiBufferFree(pgrpBuf);
return (ISC_R_SUCCESS);
}
|
