1 /* 2 * ===================================================================================== 3 * Filename: userGroup.cpp 4 * Description: add user 5 * Created: 2014年11月22日15:27:18 6 * Author: wzy 7 * 8 * lpServerName: 传入参数, 域名, 不带双反斜杠 9 * lpUserName: 传入参数, 用户, 以杠零结束的字符串 10 * lpUserPwd: 传入参数, 密码, 以杠零结束的字符串 11 * other: 12 * ===================================================================================== 13 */ 14 CREATE_RETURN_RES createNewUser(LPTSTR lpServerName, LPTSTR lpUserName, LPTSTR lpUserPwd, BOOL bAdmin) 15 { 16 WriteLog("createNewUser: domain is %s, username is %s, userpwd is %s\n", WideCharToChar(lpServerName), WideCharToChar(lpUserName), WideCharToChar(lpUserPwd)); 17 USER_INFO_4 ui = {0}; 18 DWORD dwLevel = 4; 19 DWORD dwError = 0; 20 LPBYTE lpBuf = NULL; 21 LPTSTR pwServerName = NULL; 22 NET_API_STATUS nStatus; 23 int err = 0; 24 25 CREATE_RETURN_RES cRes = e_CREATE_FAILED; 26 27 do 28 { 29 30 if (NULL == lpUserName) 31 { 32 break ; 33 } 34 35 DWORD dwLen = _tcslen(lpServerName); 36 37 38 TCHAR buffer[256] = {0}; 39 DWORD dwSize = sizeof(buffer); 40 GetComputerNameEx(ComputerNameDnsDomain, buffer, &dwSize);// buffer本机所属域名 41 42 43 44 CString str; 45 str.SetString(buffer); 46 47 TCHAR chServerName[512] = _T("\\\\"); 48 pwServerName = lstrcat(chServerName, str.GetBuffer()); 49 50 do 51 { 52 if (0 == _tcscmp(lpServerName, _T("NULL")) || (NULL == lpServerName)) 53 { 54 pwServerName = NULL; 55 lpServerName = NULL; 56 WriteLog("域名字段填的为无,将创建本地用户\n"); 57 break ; 58 } 59 60 if (FALSE == IsDomainUser()) // 本地计算机名 == 本机所属域名 61 { 62 pwServerName = NULL; 63 WriteLog("本机不在域中,无法创建域用户,将创建本地用户\n"); 64 break ; 65 } 66 else // 在域中 67 { 68 if (0 != _tcscmp((buffer), lpServerName)) // 判断用户输入的域名是否合法 69 { 70 WriteLog("用户所输入的域名和本机所在的域不一致,将创建本地用户. 本机所属域名=%s, 用户输入的域名=%s\n", WideCharToChar(buffer), WideCharToChar(lpServerName)); 71 break; 72 } 73 } 74 } while (0); 75 76 ui.usri4_name = lpUserName; 77 ui.usri4_password = lpUserPwd; 78 ui.usri4_priv = USER_PRIV_USER; 79 ui.usri4_home_dir = NULL; 80 ui.usri4_comment = NULL; 81 ui.usri4_full_name = lpUserName; 82 ui.usri4_flags = UF_SCRIPT; 83 ui.usri4_profile = NULL; 84 85 nStatus = NetUserGetInfo(lpServerName, ui.usri4_name, 4, (LPBYTE *)&lpBuf); //If this parameter1 is NULL, then the local computer is used 86 DWORD asdf = nStatus; 87 88 if (ERROR_ACCESS_DENIED == nStatus) 89 { 90 MessageBox(NULL,_T("访问拒绝"),_T("错误"),MB_OK|MB_ICONERROR); 91 cRes = e_CREATE_ACCESS_DENIED; 92 break ; 93 } 94 else if (ERROR_BAD_NETPATH == nStatus) 95 { 96 MessageBox(NULL,_T("网络路径不可用"),_T("错误"),MB_OK|MB_ICONERROR); 97 cRes = e_CREATE_BAD_NETPATH; 98 break ; 99 } 100 else if (ERROR_INVALID_LEVEL == nStatus) 101 { 102 MessageBox(NULL,_T("无效的级别"),_T("错误"),MB_OK|MB_ICONERROR); 103 cRes = e_CREATE_INVALID_LEVEL; 104 break ; 105 } 106 else if (NERR_InvalidComputer == nStatus) 107 { 108 MessageBox(NULL,_T("无效的电脑"),_T("错误"),MB_OK|MB_ICONERROR); 109 cRes = e_CREATE_InvalidComputer; 110 break ; 111 } 112 else if (NERR_Success == nStatus) // 已存在 113 { 114 115 MessageBox(NULL,_T("用户已存在,请重新输入用户名"),_T("错误"),MB_OK|MB_ICONERROR); 116 cRes = e_CREATE_USER_EXIST; 117 break ; 118 } 119 else if (NERR_UserNotFound == nStatus) // 不存在,创建 120 { 121 ui.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS; 122 ui.usri4_flags = UF_DONT_EXPIRE_PASSWD; 123 ui.usri4_acct_expires = TIMEQ_FOREVER; 124 //ui.usri4_priv = USER_PRIV_USER; 125 ui.usri4_priv = USER_PRIV_ADMIN; 126 ui.usri4_logon_hours = NULL; 127 ui.usri4_script_path = NULL; 128 129 //int n = NetUserSetInfo(lpServerName, lpUserName, 4, (LPBYTE)&ui, &dwError); 130 131 nStatus = NetUserAdd(lpServerName, dwLevel, (LPBYTE)&ui, &dwError);//If this parameter1 is NULL, then the local computer is used 132 133 TakeOwnshipOfDiretory(ui.usri4_home_dir, ui.usri4_name, pwServerName); 134 135 if (NERR_Success == nStatus)// 创建成功,移入User和Remote Desktop Users组 136 { 137 cRes = e_CREATE_SUCCESS; 138 139 if (!SetUserToUserGroup(pwServerName, ui.usri4_name, bAdmin)) 140 { 141 ui.usri4_flags |= UF_DONT_EXPIRE_PASSWD; 142 break; 143 } 144 } 145 else if (NERR_Success != nStatus) // 创建失败 146 { 147 if (NERR_UserNotInGroup == nStatus) 148 { 149 150 } 151 if(NERR_PasswordTooShort == nStatus) 152 { 153 MessageBox(NULL,_T("Password Not Match Policy"),_T("错误"),MB_OK|MB_ICONERROR); 154 WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus); 155 cRes = e_CREATE_PasswordTooShort; 156 break ; 157 } 158 else if (NERR_UserNotInGroup == nStatus) 159 { 160 MessageBox(NULL,_T("UserNotInGroup"),_T("错误"),MB_OK|MB_ICONERROR); 161 WriteLog("Crate Failed Because UserNotInGroup, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus); 162 cRes = e_CREATE_UserNotInGroup; 163 break ; 164 } 165 else if (NERR_UserExists == nStatus) 166 { 167 MessageBox(NULL,_T("UserExists"),_T("错误"),MB_OK|MB_ICONERROR); 168 cRes = e_CREATE_USER_EXIST; 169 break ; 170 } 171 172 else if(NERR_GroupExists == nStatus) 173 { 174 MessageBox(NULL,_T("GroupExists"),_T("错误"),MB_OK|MB_ICONERROR); 175 cRes = e_CREATE_GroupExists; 176 } 177 else if (NERR_NotPrimary == nStatus) 178 { 179 MessageBox(NULL,_T("NotPrimary"),_T("错误"),MB_OK|MB_ICONERROR); 180 cRes = e_CREATE_NotPrimary; 181 break ; 182 } 183 else if (NERR_InvalidComputer == nStatus) 184 { 185 MessageBox(NULL,_T("InvalidComputer"),_T("错误"),MB_OK|MB_ICONERROR); 186 cRes = e_CREATE_InvalidComputer; 187 break ; 188 } 189 else if (ERROR_ACCESS_DENIED == nStatus) 190 { 191 MessageBox(NULL,_T("ACCESS_DENIED"),_T("错误"),MB_OK|MB_ICONERROR); 192 WriteLog("Crate Failed, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus); 193 cRes = e_CREATE_ACCESS_DENIED; 194 break ; 195 } 196 else 197 { 198 MessageBox(NULL,_T("创建用户失败"),_T("错误"),MB_OK|MB_ICONERROR); 199 WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus); 200 err = GetLastError(); 201 cRes = e_CREATE_FAILED; 202 break ; 203 } 204 } // endif 205 } 206 else 207 { 208 break ; 209 } 210 211 212 } while (0); 213 214 if (NULL != ui.usri4_name) 215 { 216 ui.usri4_name = NULL; 217 } 218 if (NULL != ui.usri4_password) 219 { 220 ui.usri4_password = NULL; 221 } 222 if (NULL != ui.usri4_home_dir) 223 { 224 ui.usri4_home_dir = NULL; 225 } 226 if(NULL != ui.usri4_comment) 227 { 228 ui.usri4_comment = NULL; 229 } 230 if (NULL != ui.usri4_full_name) 231 { 232 ui.usri4_full_name = NULL; 233 } 234 if (NULL != ui.usri4_profile) 235 { 236 ui.usri4_profile = NULL; 237 } 238 if (NULL != ui.usri4_script_path) 239 { 240 ui.usri4_script_path = NULL; 241 } 242 243 return cRes; 244 }
1 BOOL IsDomainUser() 2 { 3 TCHAR *pDomainName = NULL; 4 DWORD dwDomainNameSize = 0; 5 6 TCHAR compName[128] = {0}; 7 DWORD dwCompNameLen = 128; 8 do 9 { 10 //Minimum supported client: Windows Vista 11 //Minimum supported server: Windows Server 2003 12 BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSDomainName,&pDomainName,&dwDomainNameSize); 13 if (bRes == FALSE) 14 { 15 return FALSE; 16 } 17 GetComputerName(compName, &dwCompNameLen); 18 int ret = lstrcmpi(pDomainName,compName); 19 WTSFreeMemory(pDomainName); 20 21 if (0 != ret) 22 { 23 return TRUE; // 域名 != 计算机名, 在域中 24 } 25 26 } while (0); 27 28 return FALSE; // 域名 == 计算机名, 不在域中 29 }
1 BOOL TakeOwnshipOfDiretory(wchar_t *pwDir,wchar_t *pwUserName,wchar_t *pwServerName) 2 { 3 USER_INFO_4 *pUserInfo4 = NULL; 4 DWORD nStatus; 5 BOOL bRet = FALSE; 6 PSID pSIDAdmin = NULL; 7 SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY; 8 EXPLICIT_ACCESS ea[2] = {0}; 9 PACL pACL = NULL; 10 PSECURITY_DESCRIPTOR pSD = NULL; 11 12 do 13 { 14 nStatus = NetUserGetInfo(pwServerName, pwUserName, 4, (LPBYTE *)&pUserInfo4); 15 if(NERR_Success != nStatus) 16 { 17 printf("NetUserGetInfo failed\n"); 18 break; 19 } 20 nStatus = GetNamedSecurityInfoW(pwDir, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD); 21 if(NERR_Success != nStatus) 22 { 23 printf("GetNamedSecurityInfo Failed\n"); 24 break; 25 } 26 if(FALSE == SetSecurityDescriptorControl(pSD, SE_DACL_PROTECTED, SE_DACL_PROTECTED)) 27 { 28 printf("SetSecurityDescriptorControl failed\n"); 29 break; 30 } 31 if(FALSE == SetFileSecurityW(pwDir, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, pSD)) 32 { 33 printf("SetFileSecurity failed\n"); 34 break; 35 } 36 if(FALSE == AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSIDAdmin)) 37 { 38 printf("AllocataAndInitializeSid failed\n"); 39 break; 40 } 41 42 ea[0].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL; 43 ea[0].grfAccessMode = GRANT_ACCESS; 44 ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; 45 ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; 46 ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER; 47 ea[0].Trustee.ptstrName = (LPTSTR)pUserInfo4->usri4_user_sid; 48 49 // Set full control for Administrators. 50 ea[1].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL; 51 ea[1].grfAccessMode = GRANT_ACCESS; 52 ea[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; 53 ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; 54 ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; 55 ea[1].Trustee.ptstrName = (LPTSTR)pSIDAdmin; 56 57 if(NERR_Success != SetEntriesInAcl(2, ea, NULL, &pACL)) 58 { 59 printf("set entriesInAcl failed\n"); 60 break; 61 } 62 if(NERR_Success != SetNamedSecurityInfoW(pwDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION, NULL, pSIDAdmin,pACL,NULL)) 63 { 64 printf("SetNamedSecurityInfo FAILED\n"); 65 break; 66 } 67 bRet =TRUE; 68 69 } while (0); 70 71 if(NULL != pUserInfo4) 72 { 73 NetApiBufferFree(pUserInfo4); 74 } 75 if(NULL != pSD) 76 { 77 LocalFree(pSD); 78 } 79 if(NULL == pSIDAdmin) 80 { 81 FreeSid(pSIDAdmin); 82 } 83 if(NULL != pACL) 84 { 85 LocalFree(pACL); 86 } 87 88 return bRet; 89 } 90 91 // lpServerName 是带双斜杠的域名 92 BOOL SetUserToUserGroup(LPTSTR lpServerName,LPTSTR lpUserName, BOOL bAdmin) 93 { 94 NET_API_STATUS netStatus; 95 BOOL bOK = FALSE; 96 97 do 98 { 99 LOCALGROUP_MEMBERS_INFO_3 LGMInfo; 100 LGMInfo.lgrmi3_domainandname = lpUserName; 101 102 netStatus = NetLocalGroupAddMembers(lpServerName, _T("Users"), 3,(LPBYTE)&LGMInfo, 1); 103 if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus) 104 { 105 TCHAR chErr[32] = {0}; 106 wsprintf(chErr,_T("%s Users %s,%d"),_T("加入"), _T("失败"),GetLastError()); 107 MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR); 108 break; 109 } 110 111 netStatus = NetLocalGroupAddMembers(lpServerName,_T("Remote Desktop Users"), 3, (LPBYTE)&LGMInfo, 1); 112 if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus) 113 { 114 TCHAR chErr[32] = {0}; 115 wsprintf(chErr,_T("%s Remote Desktop Users %s,%d"),_T("加入"), _T("失败"),GetLastError()); 116 MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR); 117 break; 118 } 119 120 if (bAdmin) 121 { 122 netStatus = NetLocalGroupAddMembers(NULL,L"Administrators",3,(LPBYTE)&LGMInfo,1); 123 if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus) 124 { 125 TCHAR chErr[32] = {0}; 126 wsprintf(chErr,_T("%s Administrators s%s,%d"),_T("加入"), _T("失败"),GetLastError()); 127 MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR); 128 break; 129 } 130 } 131 bOK = TRUE; 132 133 } while (0); 134 135 return bOK; 136 }
