29 #ifndef STATUS_SUCCESS
30 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
33 nt_security::nt_security()
39 m_sDirServiceProvider =
new astring(
"WinNT://");
44 nt_security::~nt_security()
46 if (m_sDirServiceProvider)
47 delete m_sDirServiceProvider;
53 bool nt_security::iequalsUsername(astring name1, astring name2)
55 return normalizeUsername(name1) == normalizeUsername(name2);
58 const astring &nt_security::normalizeUsername(astring &username)
60 username.replace_all(
'/',
'\\');
61 username.replace_all(
'|',
':');
68 astring nt_security::DomainBinding(
const astring &domain)
70 astring tempstring = *m_sDirServiceProvider + domain;
76 astring nt_security::DomainUserBinding(
const astring &domain,
const astring &user_name)
78 astring tempstring = *m_sDirServiceProvider + domain + astring(
"/") + user_name;
88 bool nt_security::GetUserAndDomainName(astring &UserName, astring &DomainName)
90 return win32_security::GetUserAndDomainName(UserName, DomainName);
115 PSID nt_security::GetUserSID(
const astring &user_name)
118 char * ReferencedDomain = NULL;
120 DWORD cchReferencedDomain = 16;
122 bool bSuccess =
false;
128 psid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
131 ReferencedDomain = (
char *)HeapAlloc(GetProcessHeap(), 0, cchReferencedDomain *
sizeof(TCHAR));
132 if (ReferencedDomain != NULL)
137 while (!LookupAccountName(NULL,
138 to_unicode_temp(user_name),
141 to_unicode_temp(ReferencedDomain),
142 &cchReferencedDomain,
145 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
149 psid = (PSID)HeapReAlloc(GetProcessHeap(), 0, psid, cbSid);
152 ReferencedDomain = (
char *)HeapReAlloc(GetProcessHeap(), 0,
154 cchReferencedDomain *
sizeof(TCHAR));
155 if (ReferencedDomain == NULL)
183 if (ReferencedDomain != NULL)
184 HeapFree(GetProcessHeap(), 0, ReferencedDomain);
190 HeapFree(GetProcessHeap(), 0, psid);
200 DWORD nt_security::OpenPolicy(
const astring &serverName,
DWORD DesiredAccess, PLSA_HANDLE pPolicyHandle)
202 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
208 ZeroMemory(&ObjectAttributes,
sizeof(ObjectAttributes));
210 transcode_to_utf16 temp_server(serverName);
211 LSA_UNICODE_STRING server;
212 server.Buffer = (PWSTR)(
UTF16 *)temp_server;
213 server.Length = serverName.length() * (int)
sizeof(
UTF16);
214 server.MaximumLength = (serverName.length() +1) * (
int)
sizeof(
UTF16);
217 Status = LsaOpenPolicy(&server, &ObjectAttributes, DesiredAccess, pPolicyHandle);
218 if (STATUS_SUCCESS != Status)
220 winerror = LsaNtStatusToWinError(Status);
221 ClosePolicy(pPolicyHandle);
230 void nt_security::ClosePolicy(PLSA_HANDLE policyHandle)
232 if (policyHandle != NULL)
233 LsaClose(policyHandle);
260 DWORD nt_security::SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle,
262 const astring &PrivilegeName,
270 transcode_to_utf16 temp_priv(PrivilegeName);
271 LSA_UNICODE_STRING privs;
272 privs.Buffer = (PWSTR)(
UTF16 *)temp_priv;
273 privs.Length = PrivilegeName.length() * (int)
sizeof(
UTF16);
274 privs.MaximumLength = (PrivilegeName.length() +1) * (
int)
sizeof(
UTF16);
280 Status = LsaAddAccountRights(PolicyHandle,
287 Status = LsaRemoveAccountRights(PolicyHandle,
294 if (Status == STATUS_SUCCESS)
298 winerror = LsaNtStatusToWinError(Status);
305 DWORD nt_security::SetPrivilegeOnUser(
const astring &domain,
307 const astring &privilege,
310 LSA_HANDLE policyHandle;
316 winerror = OpenPolicy(domain, (POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES), &policyHandle);
326 psid = GetUserSID(user);
329 ClosePolicy(&policyHandle);
330 return ERROR_NO_SUCH_USER;
335 winerror = SetPrivilegeOnAccount(policyHandle, psid, privilege, bEnable);
339 ClosePolicy(&policyHandle);
345 HeapFree(GetProcessHeap(), 0, psid);
350 DWORD nt_security::AddUserToGroup(
const astring &user_name,
const astring &group_name)
352 LOCALGROUP_MEMBERS_INFO_3 lgmi3;
354 DWORD totalEntries = 1;
355 NET_API_STATUS nStatus;
361 transcode_to_utf16 temp_user(user_name);
362 lgmi3.lgrmi3_domainandname = (LPWSTR)(
UTF16 *)temp_user;
366 transcode_to_utf16 temp_group(group_name);
367 nStatus = NetLocalGroupAddMembers(L
"", (LPWSTR)(
UTF16 *)temp_group, dwLevel,
368 (LPBYTE)&lgmi3, totalEntries);
372 if (nStatus == ERROR_MEMBER_IN_ALIAS) nStatus = 0;
#define NULL_POINTER
The value representing a pointer to nothing.