Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <SDKDDKVer.h>
- #include <stdio.h>
- #include <tchar.h>
- #include <windows.h>
- #include <lm.h>
- #include <sddl.h>
- #include <iostream>
- #include <Ntsecapi.h>
- #include <ntstatus.h>
- #include <lmcons.h>
- #include <lmaccess.h>
- #include <lmerr.h>
- #include <lmapibuf.h>
- #include <ntsecapi.h>
- using namespace std;
- typedef NET_API_STATUS(_stdcall *_NetUserEnumT)(
- _In_ LPCWSTR servername,
- _In_ DWORD level,
- _In_ DWORD filter,
- _Out_ LPBYTE *bufptr,
- _In_ DWORD prefmaxlen,
- _Out_ LPDWORD entriesread,
- _Out_ LPDWORD totalentries,
- _Inout_ LPDWORD resume_handle
- );
- typedef NET_API_STATUS(_stdcall *_NetApiBufferFreeT)(
- _In_ LPVOID Buffer
- );
- typedef NET_API_STATUS(_stdcall *_NetUserGetLocalGroupsT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR username,
- _In_ DWORD level,
- _In_ DWORD flags,
- _Out_ LPBYTE *bufptr,
- _In_ DWORD prefmaxlen,
- _Out_ LPDWORD entriesread,
- _Out_ LPDWORD totalentries
- );
- typedef NET_API_STATUS(_stdcall *_NetUserGetGroupsT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR username,
- _In_ DWORD level,
- _Out_ LPBYTE *bufptr,
- _In_ DWORD prefmaxlen,
- _Out_ LPDWORD entriesread,
- _Out_ LPDWORD totalentries
- );
- typedef NET_API_STATUS(_stdcall *_NetUserAddT)(
- _In_ LMSTR servername,
- _In_ DWORD level,
- _In_ LPBYTE buf,
- _Out_ LPDWORD parm_err
- );
- typedef NET_API_STATUS(_stdcall *_NetUserDelT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR username
- );
- typedef NET_API_STATUS(_stdcall *_NetLocalGroupAddMembersT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR groupname,
- _In_ DWORD level,
- _In_ LPBYTE buf,
- _In_ DWORD totalentries
- );
- typedef NET_API_STATUS(_stdcall *_NetLocalGroupDelMembersT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR groupname,
- _In_ DWORD level,
- _In_ LPBYTE buf,
- _In_ DWORD totalentries
- );
- typedef NET_API_STATUS(_stdcall *_NetLocalGroupAddT)(
- _In_ LPCWSTR servername,
- _In_ DWORD level,
- _In_ LPBYTE buf,
- _Out_ LPDWORD parm_err
- );
- typedef NET_API_STATUS(_stdcall *_NetLocalGroupDelT)(
- _In_ LPCWSTR servername,
- _In_ LPCWSTR groupname
- );
- typedef NET_API_STATUS(NET_API_FUNCTION *_NetUserSetInfoT)(
- LPCWSTR servername,
- LPCWSTR username,
- DWORD level,
- LPBYTE buf,
- LPDWORD parm_err
- );
- typedef BOOL(WINAPI *_ConvertSidToStringSidT)(
- _In_ PSID Sid,
- _Out_ LPTSTR *StringSid
- );
- typedef BOOL(WINAPI *_LookupAccountNameT)(
- _In_opt_ LPCTSTR lpSystemName,
- _In_ LPCTSTR lpAccountName,
- _Out_opt_ PSID Sid,
- _Inout_ LPDWORD cbSid,
- _Out_opt_ LPTSTR ReferencedDomainName,
- _Inout_ LPDWORD cchReferencedDomainName,
- _Out_ PSID_NAME_USE peUse
- );
- typedef BOOL(WINAPI *_AdjustTokenPrivilegesT)(
- _In_ HANDLE TokenHandle,
- _In_ BOOL DisableAllPrivileges,
- _In_opt_ PTOKEN_PRIVILEGES NewState,
- _In_ DWORD BufferLength,
- _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
- _Out_opt_ PDWORD ReturnLength
- );
- typedef NTSTATUS(_stdcall *_LsaAddAccountRightsT)(
- _In_ LSA_HANDLE PolicyHandle,
- _In_ PSID AccountSid,
- _In_ PLSA_UNICODE_STRING UserRights,
- _In_ ULONG CountOfRights
- );
- typedef NTSTATUS(_stdcall *_LsaRemoveAccountRightsT)(
- _In_ LSA_HANDLE PolicyHandle,
- _In_ PSID AccountSid,
- _In_ BOOLEAN AllRights,
- _In_ PLSA_UNICODE_STRING UserRights,
- _In_ ULONG CountOfRights
- );
- typedef ULONG(_stdcall *_LsaNtStatusToWinErrorT)(
- _In_ NTSTATUS Status
- );
- typedef NTSTATUS(_stdcall *_LsaOpenPolicyT)(
- _In_ PLSA_UNICODE_STRING SystemName,
- _In_ PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ACCESS_MASK DesiredAccess,
- _Inout_ PLSA_HANDLE PolicyHandle
- );
- typedef NTSTATUS(_stdcall *_LsaEnumerateAccountRightsT)(
- _In_ LSA_HANDLE PolicyHandle,
- _In_ PSID AccountSid,
- _Out_ PLSA_UNICODE_STRING *UserRights,
- _Out_ PULONG CountOfRights
- );
- HINSTANCE hNetapi32Dll = NULL;
- HINSTANCE hAdvapi32Dll = NULL;
- _NetUserEnumT NetUserEnumPtr;
- _NetApiBufferFreeT NetApiBufferFreePtr;
- _NetUserGetLocalGroupsT NetUserGetLocalGroupsPtr;
- _NetUserGetGroupsT NetUserGetGroupsPtr;
- _NetUserAddT NetUserAddPtr;
- _NetUserDelT NetUserDelPtr;
- _NetLocalGroupAddMembersT NetLocalGroupAddMembersPtr;
- _NetLocalGroupDelMembersT NetLocalGroupDelMembersPtr;
- _NetLocalGroupAddT NetLocalGroupAddPtr;
- _NetLocalGroupDelT NetLocalGroupDelPtr;
- _NetUserSetInfoT NetUserSetInfoPtr;
- _ConvertSidToStringSidT ConvertSidToStringSidPtr;
- _LookupAccountNameT LookupAccountNamePtr;
- _AdjustTokenPrivilegesT AdjustTokenPrivilegesPtr;
- _LsaAddAccountRightsT LsaAddAccountRightsPtr;
- _LsaRemoveAccountRightsT LsaRemoveAccountRightsPtr;
- _LsaNtStatusToWinErrorT LsaNtStatusToWinErrorPtr;
- _LsaOpenPolicyT LsaOpenPolicyPtr;
- _LsaEnumerateAccountRightsT LsaEnumerateAccountRightsPtr;
- void Load_Dll(void)
- {
- hNetapi32Dll = LoadLibrary(TEXT("netapi32.dll"));
- NetUserEnumPtr = (_NetUserEnumT)GetProcAddress(hNetapi32Dll, "NetUserEnum");
- NetApiBufferFreePtr = (_NetApiBufferFreeT)GetProcAddress(hNetapi32Dll, "NetApiBufferFree");
- NetUserGetLocalGroupsPtr = (_NetUserGetLocalGroupsT)GetProcAddress(hNetapi32Dll, "NetUserGetLocalGroups");
- NetUserGetGroupsPtr = (_NetUserGetGroupsT)GetProcAddress(hNetapi32Dll, "NetUserGetGroups");
- NetUserAddPtr = (_NetUserAddT)GetProcAddress(hNetapi32Dll, "NetUserAdd");
- NetUserDelPtr = (_NetUserDelT)GetProcAddress(hNetapi32Dll, "NetUserDel");
- NetLocalGroupAddMembersPtr = (_NetLocalGroupAddMembersT)GetProcAddress(hNetapi32Dll, "NetLocalGroupAddMembers");
- NetLocalGroupDelMembersPtr = (_NetLocalGroupDelMembersT)GetProcAddress(hNetapi32Dll, "NetLocalGroupDelMembers");
- NetLocalGroupAddPtr = (_NetLocalGroupAddT)GetProcAddress(hNetapi32Dll, "NetLocalGroupAdd");
- NetLocalGroupDelPtr = (_NetLocalGroupDelT)GetProcAddress(hNetapi32Dll, "NetLocalGroupDel");
- NetUserSetInfoPtr = (_NetUserSetInfoT)GetProcAddress(hNetapi32Dll, "NetUserSetInfo");
- hAdvapi32Dll = LoadLibrary(TEXT("Advapi32.dll"));
- ConvertSidToStringSidPtr = (_ConvertSidToStringSidT)GetProcAddress(hAdvapi32Dll, "ConvertSidToStringSidW");
- LookupAccountNamePtr = (_LookupAccountNameT)GetProcAddress(hAdvapi32Dll, "LookupAccountNameW");
- AdjustTokenPrivilegesPtr = (_AdjustTokenPrivilegesT)GetProcAddress(hAdvapi32Dll, "AdjustTokenPrivileges");
- LsaAddAccountRightsPtr = (_LsaAddAccountRightsT)GetProcAddress(hAdvapi32Dll, "LsaAddAccountRights");
- LsaRemoveAccountRightsPtr = (_LsaRemoveAccountRightsT)GetProcAddress(hAdvapi32Dll, "LsaRemoveAccountRights");
- LsaNtStatusToWinErrorPtr = (_LsaNtStatusToWinErrorT)GetProcAddress(hAdvapi32Dll, "LsaNtStatusToWinError");
- LsaOpenPolicyPtr = (_LsaOpenPolicyT)GetProcAddress(hAdvapi32Dll, "LsaOpenPolicy");
- LsaEnumerateAccountRightsPtr = (_LsaEnumerateAccountRightsT)GetProcAddress(hAdvapi32Dll, "LsaEnumerateAccountRights");
- }
- void Unload_Dll(void)
- {
- FreeLibrary(hNetapi32Dll);
- FreeLibrary(hAdvapi32Dll);
- }
- LSA_HANDLE GetPolicyHandle()
- {
- LSA_OBJECT_ATTRIBUTES ObjectAttributes;
- NTSTATUS ntsResult;
- LSA_HANDLE lsahPolicyHandle;
- ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
- ntsResult = LsaOpenPolicyPtr(
- NULL,
- &ObjectAttributes,
- POLICY_ALL_ACCESS | POLICY_LOOKUP_NAMES | POLICY_CREATE_ACCOUNT,
- &lsahPolicyHandle
- );
- if (ntsResult != STATUS_SUCCESS)
- {
- wprintf(L"OpenPolicy returned %lu\n", LsaNtStatusToWinErrorPtr(ntsResult));
- return NULL;
- }
- return lsahPolicyHandle;
- }
- void Show_Privileges(LPTSTR _user_name)
- {
- DWORD dwUserBuf = 256;
- PSID userSID = NULL;
- DWORD dwSID, dwDomainNameSize = 0;
- BYTE bySidBuffer[1024];
- LPTSTR chSID = NULL;
- TCHAR chDomainName[256];
- SID_NAME_USE snu;
- LSA_HANDLE policy_handle = NULL;
- PLSA_UNICODE_STRING pp_user_rights;
- ULONG count_of_rights = 0;
- userSID = (PSID)bySidBuffer;
- dwSID = sizeof(bySidBuffer);
- dwDomainNameSize = sizeof(chDomainName);
- if (!LookupAccountNamePtr(NULL, (LPWSTR)_user_name, (PSID)userSID, (LPDWORD)&dwSID, (LPTSTR)chDomainName, (LPDWORD)&dwDomainNameSize, (PSID_NAME_USE)&snu))
- {
- wprintf(L"can't LookupAccountName\n");
- return;
- }
- policy_handle = GetPolicyHandle();
- if (!policy_handle)
- {
- wprintf(L"err\n");
- return;
- }
- LsaEnumerateAccountRightsPtr(policy_handle, userSID, &pp_user_rights, &count_of_rights);
- wprintf(L" Privileges:\n");
- for (size_t i = 0; i < count_of_rights; i++)
- {
- wprintf(L" %s\n", pp_user_rights[i].Buffer);
- }
- }
- void Get_User_Sid(LPTSTR _user_name)
- {
- DWORD dwUserBuf = 256;
- PSID userSID = NULL;
- DWORD dwSID, dwDomainNameSize = 0;
- BYTE bySidBuffer[1024];
- LPTSTR chSID = NULL;
- TCHAR chDomainName[256];
- SID_NAME_USE snu;
- userSID = (PSID)bySidBuffer;
- dwSID = sizeof(bySidBuffer);
- dwDomainNameSize = sizeof(chDomainName);
- if (!LookupAccountNamePtr(NULL, (LPWSTR)_user_name, (PSID)userSID, (LPDWORD)&dwSID, (LPTSTR)chDomainName, (LPDWORD)&dwDomainNameSize, (PSID_NAME_USE)&snu))
- {
- wprintf(L"can't LookupAccountName\n");
- }
- ConvertSidToStringSidPtr(userSID, &chSID);
- wprintf(L" SID: %s\n", chSID);
- LocalFree((HLOCAL)chSID);
- }
- void Show_Users(LPTSTR _server_name)
- {
- LPUSER_INFO_0 pBuf = NULL;
- LPUSER_INFO_0 pTmpBuf;
- DWORD dwLevel = 0;
- DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
- DWORD dwEntriesRead = 0;
- DWORD dwTotalEntries = 0;
- DWORD dwResumeHandle = 0;
- DWORD i;
- DWORD dwTotalCount = 0;
- NET_API_STATUS nStatus;
- LPTSTR pszServerName = _server_name;
- do
- {
- nStatus = NetUserEnumPtr((LPCWSTR)pszServerName,
- dwLevel,
- FILTER_NORMAL_ACCOUNT,
- (LPBYTE*)&pBuf,
- dwPrefMaxLen,
- &dwEntriesRead,
- &dwTotalEntries,
- &dwResumeHandle);
- if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
- {
- if ((pTmpBuf = pBuf) != NULL)
- {
- for (i = 0; (i < dwEntriesRead); i++)
- {
- wprintf(L"\nUsername: %s\n", pTmpBuf->usri0_name);
- Get_User_Sid(pTmpBuf->usri0_name);
- Show_Groups(pTmpBuf->usri0_name);
- Show_Privileges(pTmpBuf->usri0_name);
- pTmpBuf++;
- dwTotalCount++;
- }
- }
- }
- else printf("err1: %d\n", nStatus);
- if (pBuf != NULL)
- {
- NetApiBufferFreePtr(pBuf);
- pBuf = NULL;
- }
- } while (nStatus == ERROR_MORE_DATA);
- if (pBuf != NULL) NetApiBufferFreePtr(pBuf);
- }
- void Show_Groups(LPWSTR _user_name)
- {
- LPBYTE buffer;
- DWORD entries;
- DWORD total_entries;
- LOCALGROUP_USERS_INFO_0 *groups;
- printf(" local groups: \n");
- NetUserGetLocalGroupsPtr(NULL, _user_name, 0, LG_INCLUDE_INDIRECT, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries);
- groups = (LOCALGROUP_USERS_INFO_0*)buffer;
- for (int i = 0; i < entries; i++)
- {
- printf(" %S\n", groups[i].lgrui0_name);
- }
- NetApiBufferFreePtr(buffer);
- printf(" global groups: \n");
- NetUserGetGroupsPtr(NULL, _user_name, 0, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries);
- GROUP_USERS_INFO_0 *ggroups = (GROUP_USERS_INFO_0*)buffer;
- for (int i = 0; i < entries; i++)
- {
- printf(" %S\n", ggroups[i].grui0_name);
- }
- NetApiBufferFreePtr(buffer);
- }
- extern HINSTANCE hNetapi32Dll;
- extern HINSTANCE hAdvapi32Dll;
- extern _NetUserEnumT NetUserEnumPtr;
- extern _NetApiBufferFreeT NetApiBufferFreePtr;
- extern _NetUserGetLocalGroupsT NetUserGetLocalGroupsPtr;
- extern _NetUserGetGroupsT NetUserGetGroupsPtr;
- extern _NetUserAddT NetUserAddPtr;
- extern _NetUserDelT NetUserDelPtr;
- extern _NetLocalGroupAddMembersT NetLocalGroupAddMembersPtr;
- extern _NetLocalGroupDelMembersT NetLocalGroupDelMembersPtr;
- extern _NetLocalGroupAddT NetLocalGroupAddPtr;
- extern _NetLocalGroupDelT NetLocalGroupDelPtr;
- extern _NetUserSetInfoT NetUserSetInfoPtr;
- extern _ConvertSidToStringSidT ConvertSidToStringSidPtr;
- extern _LookupAccountNameT LookupAccountNamePtr;
- extern _AdjustTokenPrivilegesT AdjustTokenPrivilegesPtr;
- extern _LsaAddAccountRightsT LsaAddAccountRightsPtr;
- extern _LsaRemoveAccountRightsT LsaRemoveAccountRightsPtr;
- extern _LsaNtStatusToWinErrorT LsaNtStatusToWinErrorPtr;
- extern _LsaOpenPolicyT LsaOpenPolicyPtr;
- extern _LsaEnumerateAccountRightsT LsaEnumerateAccountRightsPtr;
- struct PrivilegeConststruct
- {
- LPWSTR PrivilegeStr;
- };
- PrivilegeConststruct _privileges__lpwstr_array[] =
- {
- {(LPWSTR)L"SeAssignPrimaryTokenPrivilege"},
- {(LPWSTR)L"SeAuditPrivilege"},
- {(LPWSTR)L"SeBackupPrivilege"},
- {(LPWSTR)L"SeChangeNotifyPrivilege"},
- {(LPWSTR)L"SeCreateGlobalPrivilege"},
- {(LPWSTR)L"SeCreatePagefilePrivilege"},
- {(LPWSTR)L"SeCreatePermanentPrivilege"},
- {(LPWSTR)L"SeCreateSymbolicLinkPrivilege"},
- {(LPWSTR)L"SeCreateTokenPrivilege"},
- {(LPWSTR)L"SeDebugPrivilege"},
- {(LPWSTR)L"SeEnableDelegationPrivilege"},
- {(LPWSTR)L"SeImpersonatePrivilege"},
- {(LPWSTR)L"SeIncreaseBasePriorityPrivilege"},
- {(LPWSTR)L"SeIncreaseQuotaPrivilege"},
- {(LPWSTR)L"SeIncreaseWorkingSetPrivilege"},
- {(LPWSTR)L"SeLoadDriverPrivilege"},
- {(LPWSTR)L"SeLockMemoryPrivilege"},
- {(LPWSTR)L"SeMachineAccountPrivilege"},
- {(LPWSTR)L"SeManageVolumePrivilege"},
- {(LPWSTR)L"SeProfileSingleProcessPrivilege"},
- {(LPWSTR)L"SeRelabelPrivilege"},
- {(LPWSTR)L"SeRemoteShutdownPrivilege"},
- {(LPWSTR)L"SeRestorePrivilege"},
- {(LPWSTR)L"SeSecurityPrivilege"},
- {(LPWSTR)L"SeShutdownPrivilege"},
- {(LPWSTR)L"SeSyncAgentPrivilege"},
- {(LPWSTR)L"SeSystemEnvironmentPrivilege"},
- {(LPWSTR)L"SeSystemProfilePrivilege"},
- {(LPWSTR)L"SeSystemtimePrivilege"},
- {(LPWSTR)L"SeTakeOwnershipPrivilege"},
- {(LPWSTR)L"SeTcbPrivilege"},
- {(LPWSTR)L"SeTimeZonePrivilege"},
- {(LPWSTR)L"SeTrustedCredManAccessPrivilege"},
- {(LPWSTR)L"SeUndockPrivilege"}
- };
- int Add_User(LPWSTR lpszUser, LPWSTR lpszPassword)
- {
- USER_INFO_1 user_info;
- LOCALGROUP_MEMBERS_INFO_3 localgroup_members;
- NET_API_STATUS nStatus = 0;
- DWORD parm_err = 0;
- user_info.usri1_name = lpszUser;
- user_info.usri1_password = lpszPassword;
- user_info.usri1_priv = USER_PRIV_USER;
- user_info.usri1_home_dir = (LPWSTR)TEXT("");
- user_info.usri1_comment = (LPWSTR)TEXT("Sample User");
- user_info.usri1_flags = UF_SCRIPT;
- user_info.usri1_script_path = (LPWSTR)TEXT("");
- nStatus = NetUserAddPtr(NULL,
- 1,
- (LPBYTE)&user_info,
- &parm_err);
- switch (nStatus)
- {
- case 0:
- printf("Success\n");
- break;
- case NERR_UserExists:
- printf("User already exists.\n");
- nStatus = 0;
- break;
- case ERROR_INVALID_PARAMETER:
- printf("err1 : %d\n", nStatus);
- return(nStatus);
- default:
- printf("err2: %d\n", nStatus);
- return(nStatus);
- }
- return(nStatus);
- }
- BOOL SetPrivilege(
- HANDLE hToken,
- LPCTSTR lpszPrivilege,
- BOOL bEnablePrivilege
- )
- {
- TOKEN_PRIVILEGES tp;
- LUID luid;
- if (!LookupPrivilegeValue(
- NULL,
- lpszPrivilege,
- &luid))
- {
- printf("LookupPrivilegeValue error: %u\n", GetLastError());
- return FALSE;
- }
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Luid = luid;
- if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
- else tp.Privileges[0].Attributes = 0;
- if (!AdjustTokenPrivilegesPtr(
- hToken,
- FALSE,
- &tp,
- sizeof(TOKEN_PRIVILEGES),
- (PTOKEN_PRIVILEGES)NULL,
- (PDWORD)NULL))
- {
- printf("AdjustTokenPrivileges error: %u\n", GetLastError());
- return 0;
- }
- if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
- {
- printf("The token does not have the specified privilege. \n");
- return 0;
- }
- return 1;
- }
- bool InitLsaString(
- PLSA_UNICODE_STRING pLsaString,
- LPCWSTR pwszString
- )
- {
- DWORD dwLen = 0;
- if (NULL == pLsaString)
- return 0;
- if (NULL != pwszString)
- {
- dwLen = wcslen(pwszString);
- if (dwLen > 0x7ffe)
- return 0;
- }
- pLsaString->Buffer = (WCHAR *)pwszString;
- pLsaString->Length = (USHORT)dwLen * sizeof(WCHAR);
- pLsaString->MaximumLength = (USHORT)(dwLen + 1) * sizeof(WCHAR);
- return 1;
- }
- int Set_User_Privileges(LPWSTR lpszUser, DWORD _privilege_index)
- {
- DWORD dwUserBuf = 256;
- PSID userSID = NULL;
- DWORD dwSID, dwDomainNameSize = 0;
- BYTE bySidBuffer[1024];
- LPTSTR chSID = NULL;
- TCHAR chDomainName[256];
- SID_NAME_USE snu;
- LSA_HANDLE policy_handle = NULL;
- PLSA_UNICODE_STRING pp_user_rights;
- ULONG count_of_rights = 0;
- NET_API_STATUS nStatus = 0;
- userSID = (PSID)bySidBuffer;
- dwSID = sizeof(bySidBuffer);
- dwDomainNameSize = sizeof(chDomainName);
- if (!LookupAccountNamePtr(NULL, (LPWSTR)lpszUser, (PSID)userSID, (LPDWORD)&dwSID, (LPTSTR)chDomainName, (LPDWORD)&dwDomainNameSize, (PSID_NAME_USE)&snu))
- {
- wprintf(L"can't LookupAccountName\n");
- return 0;
- }
- policy_handle = GetPolicyHandle();
- if (!policy_handle)
- {
- wprintf(L"err\n");
- return 0;
- }
- LSA_UNICODE_STRING UserRights;
- InitLsaString(&UserRights, _privileges__lpwstr_array[_privilege_index].PrivilegeStr);
- nStatus = LsaAddAccountRightsPtr(policy_handle, userSID, &UserRights, 1);
- DWORD err = LsaNtStatusToWinErrorPtr(nStatus);
- return 0;
- }
- int Clear_User_Privileges(LPWSTR lpszUser, DWORD _privilege_index)
- {
- DWORD dwUserBuf = 256;
- PSID userSID = NULL;
- DWORD dwSID, dwDomainNameSize = 0;
- BYTE bySidBuffer[1024];
- LPTSTR chSID = NULL;
- TCHAR chDomainName[256];
- SID_NAME_USE snu;
- LSA_HANDLE policy_handle = NULL;
- PLSA_UNICODE_STRING pp_user_rights;
- ULONG count_of_rights = 0;
- NET_API_STATUS nStatus = 0;
- userSID = (PSID)bySidBuffer;
- dwSID = sizeof(bySidBuffer);
- dwDomainNameSize = sizeof(chDomainName);
- if (!LookupAccountNamePtr(NULL, (LPWSTR)lpszUser, (PSID)userSID, (LPDWORD)&dwSID, (LPTSTR)chDomainName, (LPDWORD)&dwDomainNameSize, (PSID_NAME_USE)&snu))
- {
- wprintf(L"can't LookupAccountName\n");
- return 0;
- }
- policy_handle = GetPolicyHandle();
- if (!policy_handle)
- {
- wprintf(L"err\n");
- return 0;
- }
- LSA_UNICODE_STRING UserRights;
- InitLsaString(&UserRights, _privileges__lpwstr_array[_privilege_index].PrivilegeStr);
- LsaRemoveAccountRightsPtr(policy_handle, userSID, FALSE, &UserRights, 1);
- DWORD err = LsaNtStatusToWinErrorPtr(nStatus);
- return 0;
- }
- int Assign_User_To_Group(LPWSTR lpszUser, LPWSTR lpszLocalGroup)
- {
- LOCALGROUP_MEMBERS_INFO_3 localgroup_members;
- NET_API_STATUS nStatus = 0;
- DWORD parm_err = 0;
- localgroup_members.lgrmi3_domainandname = lpszUser;
- nStatus = NetLocalGroupAddMembersPtr(NULL,
- lpszLocalGroup,
- 3,
- (LPBYTE)&localgroup_members,
- 1);
- switch (nStatus)
- {
- case 0:
- printf("Success\n");
- break;
- case ERROR_MEMBER_IN_ALIAS:
- printf("User already in local group.\n");
- nStatus = 0;
- break;
- default:
- printf("err1: %d\n", nStatus);
- break;
- }
- return(nStatus);
- }
- int Exclude_User_From_Group(LPWSTR lpszUser, LPWSTR lpszLocalGroup)
- {
- LOCALGROUP_MEMBERS_INFO_3 localgroup_members;
- NET_API_STATUS nStatus = 0;
- DWORD parm_err = 0;
- localgroup_members.lgrmi3_domainandname = lpszUser;
- nStatus = NetLocalGroupDelMembersPtr(NULL,
- lpszLocalGroup,
- 3,
- (LPBYTE)&localgroup_members,
- 1);
- switch (nStatus)
- {
- case 0:
- printf("Success\n");
- break;
- case ERROR_MEMBER_IN_ALIAS:
- printf("err1\n");
- nStatus = 0;
- break;
- default:
- printf("err2: %d\n", nStatus);
- break;
- }
- return(nStatus);
- }
- int Add_Group(LPWSTR lpszLocalGroup)
- {
- NET_API_STATUS nStatus = 0;
- DWORD parm_err = 0;
- LOCALGROUP_INFO_1 localgroup_info;
- localgroup_info.lgrpi1_name = lpszLocalGroup;
- localgroup_info.lgrpi1_comment = (LPWSTR)TEXT("Sample local group.");
- nStatus = NetLocalGroupAddPtr(NULL, 1, (LPBYTE)&localgroup_info, &parm_err);
- switch (nStatus)
- {
- case 0:
- printf("Success\n");
- break;
- case ERROR_ALIAS_EXISTS:
- printf("Local group already exists.\n");
- nStatus = 0;
- break;
- case ERROR_INVALID_PARAMETER:
- printf("err1: %d\n", nStatus);
- return(nStatus);
- default:
- printf("err2: %d\n", nStatus);
- return(nStatus);
- }
- return(nStatus);
- }
- BOOL Change_Username(LPWSTR wName, LPWSTR wNewName, LPWSTR wPassword)
- {
- DWORD len = MAX_COMPUTERNAME_LENGTH;
- TCHAR pszServerName[MAX_COMPUTERNAME_LENGTH];
- GetComputerName(pszServerName, &len);
- LPUSER_INFO_0 uiName = new USER_INFO_0;
- LPUSER_INFO_1003 uiPass = new USER_INFO_1003;
- uiName->usri0_name = wNewName;
- uiPass->usri1003_password = wPassword;
- NET_API_STATUS nStatus;
- nStatus = NetUserSetInfoPtr(0, wName, 0, (LPBYTE)uiName, 0);
- if (nStatus != NERR_Success)
- {
- printf("err1: %i", nStatus);
- SetLastError(nStatus);
- return 0;
- }
- nStatus = NetUserSetInfoPtr(0, wNewName, 1003, (LPBYTE)uiPass, 0);
- if (nStatus != NERR_Success)
- {
- printf("err2: %i", nStatus);
- SetLastError(nStatus);
- return 0;
- }
- return 1;
- }
- int wmain()
- {
- setlocale(LC_ALL, "Russian");
- Load_Dll();
- TCHAR user_name[100] = { 0 };
- TCHAR group_name[100] = { 0 };
- TCHAR user_password[100] = { 0 };
- DWORD privilege_index = 0;
- int comand;
- while (1)
- {
- wprintf((LPWSTR)L"\n"
- "1: show users\n"
- "2: add user\n"
- "3: change user\n"
- "4: remove user\n"
- "5: add group\n"
- "6: remove group\n"
- "7: add privilege to user\n"
- "8: remove user privilege\n"
- "9: join to group\n"
- "10: leave group\n"
- "0: exit\n"
- "\n";);
- wcout << "Please, enter num of comand: ";
- cin >> comand;
- if (comand == 0) // выйти из программы
- {
- break;
- }
- else if (comand == 1) // показать список
- {
- Show_Users(NULL);
- }
- else if (comand == 2) // добавить пользователя
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- wcout << "Please, enter password: ";
- wcin >> user_password;
- Add_User((LPWSTR)user_name, (LPWSTR)user_password);
- }
- else if (comand == 3) // изменить пользователя
- {
- cout << "Please, enter username: ";
- wcin >> user_name;
- WCHAR newusername[32];
- cout << "Please, enter new username: ";
- wcin >> newusername;
- WCHAR newpassword[32];
- cout << "Please, enter new password: ";
- wcin >> newpassword;
- if (Change_Username(user_name, newusername, newpassword) == TRUE)
- {
- cout << "Success\n";
- }
- }
- else if (comand == 4) // удалить пользователя
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- NetUserDelPtr(NULL, (LPWSTR)user_name);
- }
- else if (comand == 5) // добавить группу
- {
- wcout << "Please, enter group name: ";
- wcin >> group_name;
- Add_Group((LPWSTR)group_name);
- }
- else if (comand == 6) // удалить группу
- {
- wcout << "Please, enter group name: ";
- wcin >> group_name;
- NetLocalGroupDelPtr(NULL, (LPWSTR)group_name);
- }
- else if (comand == 7) // добавить привилегию пользователю (включить)
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- for (size_t i = 0; i < sizeof(_privileges__lpwstr_array) / sizeof(PrivilegeConststruct); i++) wprintf(L"%d: %s\n", i, _privileges__lpwstr_array[i].PrivilegeStr);
- wcout << "Please, enter privilege index: ";
- wcin >> privilege_index;
- Set_User_Privileges((LPWSTR)user_name, privilege_index);
- }
- else if (comand == 8) // удалить привилегию пользователя (выключить)
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- for (size_t i = 0; i < sizeof(_privileges__lpwstr_array) / sizeof(PrivilegeConststruct); i++) wprintf(L"%d: %s\n", i, _privileges__lpwstr_array[i].PrivilegeStr);
- wcout << "Please, enter privilege index: ";
- wcin >> privilege_index;
- Clear_User_Privileges((LPWSTR)user_name, privilege_index);
- }
- else if (comand == 9) // добавить пользователя в группу
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- wcout << "Please, enter group name: ";
- wcin >> group_name;
- Assign_User_To_Group((LPWSTR)user_name, (LPWSTR)group_name);
- }
- else if (comand == 10) // удалить пользователя из группы
- {
- wcout << "Please, enter username: ";
- wcin >> user_name;
- wcout << "Please, enter group name: ";
- wcin >> group_name;
- Exclude_User_From_Group((LPWSTR)user_name, (LPWSTR)group_name);
- }
- else
- {
- cout << "Sorry, incorrect enter.";
- }
- }
- Unload_Dll();
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement