/*
* =====================================================================================
* Filename: userGroup.cpp
* Description: add user
* Created: 2014年11月22日15:27:18
* Author: wzy
*
* lpServerName: 传入参数, 域名, 不带双反斜杠
* lpUserName: 传入参数, 用户, 以杠零结束的字符串
* lpUserPwd: 传入参数, 密码, 以杠零结束的字符串
* other:
* =====================================================================================
*/
CREATE_RETURN_RES createNewUser(LPTSTR lpServerName, LPTSTR lpUserName, LPTSTR lpUserPwd, BOOL bAdmin)
{
WriteLog("createNewUser: domain is %s, username is %s, userpwd is %s\n", WideCharToChar(lpServerName), WideCharToChar(lpUserName), WideCharToChar(lpUserPwd));
USER_INFO_4 ui = {};
DWORD dwLevel = ;
DWORD dwError = ;
LPBYTE lpBuf = NULL;
LPTSTR pwServerName = NULL;
NET_API_STATUS nStatus;
int err = ; CREATE_RETURN_RES cRes = e_CREATE_FAILED; do
{ if (NULL == lpUserName)
{
break ;
} DWORD dwLen = _tcslen(lpServerName); TCHAR buffer[] = {};
DWORD dwSize = sizeof(buffer);
GetComputerNameEx(ComputerNameDnsDomain, buffer, &dwSize);// buffer本机所属域名 CString str;
str.SetString(buffer); TCHAR chServerName[] = _T("\\\\");
pwServerName = lstrcat(chServerName, str.GetBuffer()); do
{
if ( == _tcscmp(lpServerName, _T("NULL")) || (NULL == lpServerName))
{
pwServerName = NULL;
lpServerName = NULL;
WriteLog("域名字段填的为无,将创建本地用户\n");
break ;
} if (FALSE == IsDomainUser()) // 本地计算机名 == 本机所属域名
{
pwServerName = NULL;
WriteLog("本机不在域中,无法创建域用户,将创建本地用户\n");
break ;
}
else // 在域中
{
if ( != _tcscmp((buffer), lpServerName)) // 判断用户输入的域名是否合法
{
WriteLog("用户所输入的域名和本机所在的域不一致,将创建本地用户. 本机所属域名=%s, 用户输入的域名=%s\n", WideCharToChar(buffer), WideCharToChar(lpServerName));
break;
}
}
} while (); ui.usri4_name = lpUserName;
ui.usri4_password = lpUserPwd;
ui.usri4_priv = USER_PRIV_USER;
ui.usri4_home_dir = NULL;
ui.usri4_comment = NULL;
ui.usri4_full_name = lpUserName;
ui.usri4_flags = UF_SCRIPT;
ui.usri4_profile = NULL; nStatus = NetUserGetInfo(lpServerName, ui.usri4_name, , (LPBYTE *)&lpBuf); //If this parameter1 is NULL, then the local computer is used
DWORD asdf = nStatus; if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("访问拒绝"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else if (ERROR_BAD_NETPATH == nStatus)
{
MessageBox(NULL,_T("网络路径不可用"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_BAD_NETPATH;
break ;
}
else if (ERROR_INVALID_LEVEL == nStatus)
{
MessageBox(NULL,_T("无效的级别"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_INVALID_LEVEL;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("无效的电脑"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (NERR_Success == nStatus) // 已存在
{ MessageBox(NULL,_T("用户已存在,请重新输入用户名"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
}
else if (NERR_UserNotFound == nStatus) // 不存在,创建
{
ui.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS;
ui.usri4_flags = UF_DONT_EXPIRE_PASSWD;
ui.usri4_acct_expires = TIMEQ_FOREVER;
//ui.usri4_priv = USER_PRIV_USER;
ui.usri4_priv = USER_PRIV_ADMIN;
ui.usri4_logon_hours = NULL;
ui.usri4_script_path = NULL; //int n = NetUserSetInfo(lpServerName, lpUserName, 4, (LPBYTE)&ui, &dwError); nStatus = NetUserAdd(lpServerName, dwLevel, (LPBYTE)&ui, &dwError);//If this parameter1 is NULL, then the local computer is used TakeOwnshipOfDiretory(ui.usri4_home_dir, ui.usri4_name, pwServerName); if (NERR_Success == nStatus)// 创建成功,移入User和Remote Desktop Users组
{
cRes = e_CREATE_SUCCESS; if (!SetUserToUserGroup(pwServerName, ui.usri4_name, bAdmin))
{
ui.usri4_flags |= UF_DONT_EXPIRE_PASSWD;
break;
}
}
else if (NERR_Success != nStatus) // 创建失败
{
if (NERR_UserNotInGroup == nStatus)
{ }
if(NERR_PasswordTooShort == nStatus)
{
MessageBox(NULL,_T("Password Not Match Policy"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_PasswordTooShort;
break ;
}
else if (NERR_UserNotInGroup == nStatus)
{
MessageBox(NULL,_T("UserNotInGroup"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because UserNotInGroup, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_UserNotInGroup;
break ;
}
else if (NERR_UserExists == nStatus)
{
MessageBox(NULL,_T("UserExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
} else if(NERR_GroupExists == nStatus)
{
MessageBox(NULL,_T("GroupExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_GroupExists;
}
else if (NERR_NotPrimary == nStatus)
{
MessageBox(NULL,_T("NotPrimary"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_NotPrimary;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("InvalidComputer"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("ACCESS_DENIED"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else
{
MessageBox(NULL,_T("创建用户失败"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
err = GetLastError();
cRes = e_CREATE_FAILED;
break ;
}
} // endif
}
else
{
break ;
} } while (); if (NULL != ui.usri4_name)
{
ui.usri4_name = NULL;
}
if (NULL != ui.usri4_password)
{
ui.usri4_password = NULL;
}
if (NULL != ui.usri4_home_dir)
{
ui.usri4_home_dir = NULL;
}
if(NULL != ui.usri4_comment)
{
ui.usri4_comment = NULL;
}
if (NULL != ui.usri4_full_name)
{
ui.usri4_full_name = NULL;
}
if (NULL != ui.usri4_profile)
{
ui.usri4_profile = NULL;
}
if (NULL != ui.usri4_script_path)
{
ui.usri4_script_path = NULL;
} return cRes;
}
BOOL IsDomainUser()
{
TCHAR *pDomainName = NULL;
DWORD dwDomainNameSize = ; TCHAR compName[] = {};
DWORD dwCompNameLen = ;
do
{
//Minimum supported client: Windows Vista
//Minimum supported server: Windows Server 2003
BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSDomainName,&pDomainName,&dwDomainNameSize);
if (bRes == FALSE)
{
return FALSE;
}
GetComputerName(compName, &dwCompNameLen);
int ret = lstrcmpi(pDomainName,compName);
WTSFreeMemory(pDomainName); if ( != ret)
{
return TRUE; // 域名 != 计算机名, 在域中
} } while (); return FALSE; // 域名 == 计算机名, 不在域中
}
BOOL TakeOwnshipOfDiretory(wchar_t *pwDir,wchar_t *pwUserName,wchar_t *pwServerName)
{
USER_INFO_4 *pUserInfo4 = NULL;
DWORD nStatus;
BOOL bRet = FALSE;
PSID pSIDAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[] = {};
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL; do
{
nStatus = NetUserGetInfo(pwServerName, pwUserName, , (LPBYTE *)&pUserInfo4);
if(NERR_Success != nStatus)
{
printf("NetUserGetInfo failed\n");
break;
}
nStatus = GetNamedSecurityInfoW(pwDir, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
if(NERR_Success != nStatus)
{
printf("GetNamedSecurityInfo Failed\n");
break;
}
if(FALSE == SetSecurityDescriptorControl(pSD, SE_DACL_PROTECTED, SE_DACL_PROTECTED))
{
printf("SetSecurityDescriptorControl failed\n");
break;
}
if(FALSE == SetFileSecurityW(pwDir, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, pSD))
{
printf("SetFileSecurity failed\n");
break;
}
if(FALSE == AllocateAndInitializeSid(&SIDAuthNT, , SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, , , , , , , &pSIDAdmin))
{
printf("AllocataAndInitializeSid failed\n");
break;
} ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[].Trustee.ptstrName = (LPTSTR)pUserInfo4->usri4_user_sid; // Set full control for Administrators.
ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[].Trustee.ptstrName = (LPTSTR)pSIDAdmin; if(NERR_Success != SetEntriesInAcl(, ea, NULL, &pACL))
{
printf("set entriesInAcl failed\n");
break;
}
if(NERR_Success != SetNamedSecurityInfoW(pwDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION, NULL, pSIDAdmin,pACL,NULL))
{
printf("SetNamedSecurityInfo FAILED\n");
break;
}
bRet =TRUE; } while (); if(NULL != pUserInfo4)
{
NetApiBufferFree(pUserInfo4);
}
if(NULL != pSD)
{
LocalFree(pSD);
}
if(NULL == pSIDAdmin)
{
FreeSid(pSIDAdmin);
}
if(NULL != pACL)
{
LocalFree(pACL);
} return bRet;
} // lpServerName 是带双斜杠的域名
BOOL SetUserToUserGroup(LPTSTR lpServerName,LPTSTR lpUserName, BOOL bAdmin)
{
NET_API_STATUS netStatus;
BOOL bOK = FALSE; do
{
LOCALGROUP_MEMBERS_INFO_3 LGMInfo;
LGMInfo.lgrmi3_domainandname = lpUserName; netStatus = NetLocalGroupAddMembers(lpServerName, _T("Users"), ,(LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} netStatus = NetLocalGroupAddMembers(lpServerName,_T("Remote Desktop Users"), , (LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Remote Desktop Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} if (bAdmin)
{
netStatus = NetLocalGroupAddMembers(NULL,L"Administrators",,(LPBYTE)&LGMInfo,);
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Administrators s%s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
}
}
bOK = TRUE; } while (); return bOK;
}