zhiye_wang

向星空仰望的越深,越发现自己的渺小

博客园 首页 新随笔 联系 订阅 管理
  1 /* 
  2  * =====================================================================================
  3  *           Filename:  userGroup.cpp 
  4  *        Description:  add user 
  5  *            Created:  2014年11月22日15:27:18
  6  *             Author:  wzy
  7  *
  8  *       lpServerName:  传入参数, 域名, 不带双反斜杠
  9  *         lpUserName:  传入参数, 用户, 以杠零结束的字符串
 10  *          lpUserPwd:  传入参数, 密码, 以杠零结束的字符串
 11  *                other:  
 12  * =====================================================================================
 13  */ 
 14 CREATE_RETURN_RES createNewUser(LPTSTR lpServerName, LPTSTR lpUserName, LPTSTR lpUserPwd, BOOL bAdmin)
 15 {
 16     WriteLog("createNewUser: domain is %s, username is %s, userpwd is %s\n", WideCharToChar(lpServerName), WideCharToChar(lpUserName), WideCharToChar(lpUserPwd));
 17     USER_INFO_4 ui      = {0};
 18     DWORD dwLevel       = 4;
 19     DWORD dwError       = 0;
 20     LPBYTE lpBuf        = NULL;
 21     LPTSTR pwServerName = NULL;
 22     NET_API_STATUS      nStatus;
 23     int err                = 0;
 24     
 25     CREATE_RETURN_RES cRes = e_CREATE_FAILED;
 26     
 27     do 
 28     {
 29         
 30         if (NULL == lpUserName)
 31         {
 32             break ;
 33         }
 34 
 35         DWORD dwLen = _tcslen(lpServerName);
 36         
 37         
 38         TCHAR buffer[256] = {0};
 39         DWORD dwSize = sizeof(buffer);
 40         GetComputerNameEx(ComputerNameDnsDomain, buffer, &dwSize);// buffer本机所属域名
 41         
 42 
 43 
 44         CString str;
 45         str.SetString(buffer);
 46         
 47         TCHAR chServerName[512] = _T("\\\\");
 48         pwServerName = lstrcat(chServerName, str.GetBuffer());
 49         
 50         do 
 51         {
 52             if (0 == _tcscmp(lpServerName, _T("NULL")) || (NULL == lpServerName))
 53             {
 54                 pwServerName = NULL;
 55                 lpServerName = NULL;
 56                 WriteLog("域名字段填的为无,将创建本地用户\n");
 57                 break ;
 58             }
 59 
 60             if (FALSE == IsDomainUser()) // 本地计算机名 == 本机所属域名
 61             {
 62                 pwServerName = NULL;
 63                 WriteLog("本机不在域中,无法创建域用户,将创建本地用户\n");
 64                 break ;
 65             }
 66             else // 在域中 
 67             {
 68                 if (0 != _tcscmp((buffer), lpServerName)) // 判断用户输入的域名是否合法
 69                 {
 70                     WriteLog("用户所输入的域名和本机所在的域不一致,将创建本地用户. 本机所属域名=%s, 用户输入的域名=%s\n", WideCharToChar(buffer), WideCharToChar(lpServerName));
 71                     break;
 72                 }
 73             }
 74         } while (0);        
 75 
 76         ui.usri4_name = lpUserName;
 77         ui.usri4_password = lpUserPwd;
 78         ui.usri4_priv = USER_PRIV_USER;
 79         ui.usri4_home_dir = NULL;
 80         ui.usri4_comment = NULL;
 81         ui.usri4_full_name = lpUserName;
 82         ui.usri4_flags = UF_SCRIPT;
 83         ui.usri4_profile = NULL;
 84         
 85         nStatus = NetUserGetInfo(lpServerName, ui.usri4_name, 4, (LPBYTE *)&lpBuf); //If this parameter1 is NULL, then the local computer is used
 86         DWORD asdf = nStatus;
 87         
 88         if (ERROR_ACCESS_DENIED == nStatus)
 89         {
 90             MessageBox(NULL,_T("访问拒绝"),_T("错误"),MB_OK|MB_ICONERROR);
 91             cRes = e_CREATE_ACCESS_DENIED;
 92             break ;
 93         }
 94         else if (ERROR_BAD_NETPATH == nStatus)
 95         {
 96             MessageBox(NULL,_T("网络路径不可用"),_T("错误"),MB_OK|MB_ICONERROR);
 97             cRes = e_CREATE_BAD_NETPATH;
 98             break ;
 99         }
100         else if (ERROR_INVALID_LEVEL == nStatus)
101         {
102             MessageBox(NULL,_T("无效的级别"),_T("错误"),MB_OK|MB_ICONERROR);
103             cRes = e_CREATE_INVALID_LEVEL;           
104             break ;
105         }
106         else if (NERR_InvalidComputer == nStatus)
107         {
108             MessageBox(NULL,_T("无效的电脑"),_T("错误"),MB_OK|MB_ICONERROR);
109             cRes = e_CREATE_InvalidComputer;
110             break ;
111         }
112         else if (NERR_Success == nStatus) // 已存在
113         {
114             
115             MessageBox(NULL,_T("用户已存在,请重新输入用户名"),_T("错误"),MB_OK|MB_ICONERROR);
116             cRes = e_CREATE_USER_EXIST;
117             break ;
118         }
119         else if (NERR_UserNotFound == nStatus) // 不存在,创建 
120         {
121             ui.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS;
122             ui.usri4_flags = UF_DONT_EXPIRE_PASSWD;
123             ui.usri4_acct_expires = TIMEQ_FOREVER;
124             //ui.usri4_priv = USER_PRIV_USER;
125             ui.usri4_priv = USER_PRIV_ADMIN;
126             ui.usri4_logon_hours = NULL;    
127             ui.usri4_script_path = NULL;
128             
129             //int n = NetUserSetInfo(lpServerName, lpUserName, 4, (LPBYTE)&ui, &dwError);
130             
131             nStatus = NetUserAdd(lpServerName, dwLevel, (LPBYTE)&ui, &dwError);//If this parameter1 is NULL, then the local computer is used
132             
133             TakeOwnshipOfDiretory(ui.usri4_home_dir, ui.usri4_name, pwServerName);
134             
135             if (NERR_Success == nStatus)// 创建成功,移入User和Remote Desktop Users组
136             {
137                  cRes = e_CREATE_SUCCESS;
138                  
139                  if (!SetUserToUserGroup(pwServerName, ui.usri4_name, bAdmin))
140                  {
141                      ui.usri4_flags |= UF_DONT_EXPIRE_PASSWD;
142                      break;
143                  }
144             }
145             else if (NERR_Success != nStatus) // 创建失败
146             {
147                 if (NERR_UserNotInGroup == nStatus)
148                 {
149                     
150                 }
151                 if(NERR_PasswordTooShort == nStatus)
152                 {
153                     MessageBox(NULL,_T("Password Not Match Policy"),_T("错误"),MB_OK|MB_ICONERROR);
154                     WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
155                     cRes = e_CREATE_PasswordTooShort;
156                     break ;
157                 }
158                 else if (NERR_UserNotInGroup == nStatus)
159                 {
160                     MessageBox(NULL,_T("UserNotInGroup"),_T("错误"),MB_OK|MB_ICONERROR);
161                     WriteLog("Crate Failed Because UserNotInGroup, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
162                     cRes = e_CREATE_UserNotInGroup;
163                     break ;
164                 }
165                 else if (NERR_UserExists == nStatus)
166                 {
167                     MessageBox(NULL,_T("UserExists"),_T("错误"),MB_OK|MB_ICONERROR);
168                     cRes = e_CREATE_USER_EXIST;
169                     break ;
170                 }
171 
172                 else if(NERR_GroupExists == nStatus)
173                 {
174                     MessageBox(NULL,_T("GroupExists"),_T("错误"),MB_OK|MB_ICONERROR);
175                     cRes = e_CREATE_GroupExists;
176                 }
177                 else if (NERR_NotPrimary == nStatus)
178                 {
179                     MessageBox(NULL,_T("NotPrimary"),_T("错误"),MB_OK|MB_ICONERROR);
180                     cRes = e_CREATE_NotPrimary;
181                     break ;
182                 }
183                 else if (NERR_InvalidComputer == nStatus)
184                 {
185                     MessageBox(NULL,_T("InvalidComputer"),_T("错误"),MB_OK|MB_ICONERROR);
186                     cRes = e_CREATE_InvalidComputer;
187                     break ;
188                 }
189                 else if (ERROR_ACCESS_DENIED == nStatus)
190                 {
191                     MessageBox(NULL,_T("ACCESS_DENIED"),_T("错误"),MB_OK|MB_ICONERROR);
192                     WriteLog("Crate Failed, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
193                     cRes = e_CREATE_ACCESS_DENIED;
194                     break ;
195                 }
196                 else
197                 {
198                     MessageBox(NULL,_T("创建用户失败"),_T("错误"),MB_OK|MB_ICONERROR);
199                     WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
200                     err = GetLastError();
201                     cRes = e_CREATE_FAILED;
202                     break ;
203                 }
204             } // endif
205         }
206         else
207         {
208             break ;
209         }
210         
211 
212     } while (0);
213     
214     if (NULL != ui.usri4_name)
215     {
216         ui.usri4_name = NULL;
217     }
218     if (NULL != ui.usri4_password)
219     {
220         ui.usri4_password = NULL;
221     } 
222     if (NULL != ui.usri4_home_dir)
223     {
224         ui.usri4_home_dir = NULL;
225     }
226     if(NULL != ui.usri4_comment)
227     {
228         ui.usri4_comment = NULL;
229     }
230     if (NULL != ui.usri4_full_name)
231     {
232         ui.usri4_full_name = NULL;
233     }
234     if (NULL != ui.usri4_profile)
235     {
236         ui.usri4_profile = NULL;
237     }
238     if (NULL != ui.usri4_script_path)
239     {
240         ui.usri4_script_path = NULL;
241     }
242     
243     return cRes;
244 }
 1 BOOL IsDomainUser()
 2 {
 3     TCHAR *pDomainName = NULL;
 4     DWORD dwDomainNameSize = 0;
 5 
 6     TCHAR compName[128] = {0};
 7     DWORD dwCompNameLen = 128;
 8     do 
 9     {
10         //Minimum supported client: Windows Vista 
11         //Minimum supported server: Windows Server 2003 
12         BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSDomainName,&pDomainName,&dwDomainNameSize);
13         if (bRes == FALSE)
14         {
15             return FALSE;
16         }
17         GetComputerName(compName, &dwCompNameLen);
18         int ret = lstrcmpi(pDomainName,compName);
19         WTSFreeMemory(pDomainName);
20 
21         if (0 != ret)
22         {
23             return TRUE; // 域名 != 计算机名, 在域中
24         }
25         
26     } while (0);
27         
28     return FALSE; // 域名 == 计算机名, 不在域中
29 }
  1 BOOL TakeOwnshipOfDiretory(wchar_t *pwDir,wchar_t *pwUserName,wchar_t *pwServerName)
  2 {
  3     USER_INFO_4 *pUserInfo4 = NULL;
  4     DWORD nStatus;
  5     BOOL bRet = FALSE;
  6     PSID pSIDAdmin = NULL;
  7     SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
  8     EXPLICIT_ACCESS ea[2] = {0};
  9     PACL pACL = NULL;
 10     PSECURITY_DESCRIPTOR pSD = NULL;
 11 
 12     do 
 13     {
 14         nStatus = NetUserGetInfo(pwServerName, pwUserName, 4, (LPBYTE *)&pUserInfo4);
 15         if(NERR_Success != nStatus)
 16         {
 17             printf("NetUserGetInfo failed\n");
 18             break;
 19         }
 20         nStatus = GetNamedSecurityInfoW(pwDir, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
 21         if(NERR_Success != nStatus)
 22         {
 23             printf("GetNamedSecurityInfo Failed\n"); 
 24             break;
 25         }
 26         if(FALSE == SetSecurityDescriptorControl(pSD, SE_DACL_PROTECTED, SE_DACL_PROTECTED))
 27         {
 28             printf("SetSecurityDescriptorControl failed\n");
 29             break;
 30         }
 31         if(FALSE == SetFileSecurityW(pwDir, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, pSD))
 32         {
 33             printf("SetFileSecurity failed\n");
 34             break;
 35         }
 36         if(FALSE == AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSIDAdmin))
 37         {
 38             printf("AllocataAndInitializeSid failed\n");
 39             break;
 40         }
 41 
 42         ea[0].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
 43         ea[0].grfAccessMode = GRANT_ACCESS;
 44         ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
 45         ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
 46         ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
 47         ea[0].Trustee.ptstrName = (LPTSTR)pUserInfo4->usri4_user_sid;
 48 
 49         // Set full control for Administrators.
 50         ea[1].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
 51         ea[1].grfAccessMode = GRANT_ACCESS;
 52         ea[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
 53         ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
 54         ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
 55         ea[1].Trustee.ptstrName = (LPTSTR)pSIDAdmin;
 56 
 57         if(NERR_Success != SetEntriesInAcl(2, ea, NULL, &pACL))
 58         {
 59             printf("set entriesInAcl failed\n");
 60             break;
 61         }
 62         if(NERR_Success != SetNamedSecurityInfoW(pwDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION, NULL, pSIDAdmin,pACL,NULL))
 63         {
 64             printf("SetNamedSecurityInfo FAILED\n");
 65             break;
 66         }
 67         bRet =TRUE;
 68 
 69     } while (0);
 70 
 71     if(NULL != pUserInfo4)
 72     {
 73         NetApiBufferFree(pUserInfo4);
 74     }
 75     if(NULL != pSD)
 76     {
 77         LocalFree(pSD);
 78     }
 79     if(NULL == pSIDAdmin)
 80     {
 81         FreeSid(pSIDAdmin);
 82     }
 83     if(NULL != pACL)
 84     {
 85         LocalFree(pACL);
 86     }
 87 
 88     return bRet;
 89 }
 90  
 91 // lpServerName 是带双斜杠的域名
 92 BOOL SetUserToUserGroup(LPTSTR lpServerName,LPTSTR lpUserName, BOOL bAdmin)
 93 {
 94     NET_API_STATUS netStatus;
 95     BOOL bOK = FALSE;
 96 
 97     do 
 98     {
 99         LOCALGROUP_MEMBERS_INFO_3 LGMInfo;
100         LGMInfo.lgrmi3_domainandname = lpUserName;
101 
102         netStatus = NetLocalGroupAddMembers(lpServerName, _T("Users"), 3,(LPBYTE)&LGMInfo, 1);
103         if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
104         {
105             TCHAR chErr[32] = {0};
106             wsprintf(chErr,_T("%s Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
107             MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
108             break;
109         }
110 
111         netStatus = NetLocalGroupAddMembers(lpServerName,_T("Remote Desktop Users"), 3, (LPBYTE)&LGMInfo, 1);
112         if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
113         {
114             TCHAR chErr[32] = {0};
115             wsprintf(chErr,_T("%s Remote Desktop Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
116             MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
117             break;
118         }
119         
120         if (bAdmin)
121         {
122             netStatus = NetLocalGroupAddMembers(NULL,L"Administrators",3,(LPBYTE)&LGMInfo,1);
123             if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
124             {
125                 TCHAR chErr[32] = {0};
126                 wsprintf(chErr,_T("%s Administrators s%s,%d"),_T("加入"), _T("失败"),GetLastError());
127                 MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
128                 break;
129             }
130         }
131         bOK = TRUE;
132 
133     } while (0);
134 
135     return bOK;
136 }

 

posted on 2016-02-23 10:23  zhiye_wang  阅读(986)  评论(0编辑  收藏  举报