NT permissions API?

Are there a set of classes/API's that I can use in order
to authenticate users.  I need to be able to
1.  Authenticate users
2.  Determine what groups they belong to.
I'm doing this in c++ using VC 5.0
imhendriAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

os012897Commented:
Hi there,

- You can use LogonUser (Win32 API function) to authenticate a
  user!
- Use NetUserGetGroups to retrieve a list of global groups a user
  belongs to

Hope that helps,

       os
0
os012897Commented:
If you want to check for local groupmembership, use NetUserGetLocalGroups!

Hope that helps,

       os
0
imhendriAuthor Commented:
Thanks for the info.  I looked it up and am a little
confused about the structures is uses.  Can you give me
and example of how to use it?
0
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

imhendriAuthor Commented:
More specific, can you give me an example of NetUserGetLocalGroups.
0
imhendriAuthor Commented:
I'm having difficulties getting it to work.  Please submit
example.  If a sucessfull example is received, then the
question submitted by malitia for same question will be
awarded as well (50 points).
0
os012897Commented:
Hi again,

Unfortunately I cannot provide you with a complete example, as I just do not have the time to write one. I am including the info from the MSVC++ 4.2 documentation.

It should basically work like this:

//Getting the groups a local user belongs to on the LOCAL // computer
LPBYTE *userinfo_array;
DWORD prefmaxlen;      
LPDWORD entriesread, totalentries;

NetUserGetLocalGroups(NULL, "Princess_Leia", 0, 0,
                      userinfo_array, prefmaxlen, entriesread,
                      totalentries)

If it does not work, tell me what your exact problem is!

The NetUserGetLocalGroups function retrieves a list of local groups to which a specified user belongs.
Security Requirements
Only members of the Administrators or Account Operators local group can successfully execute NetUserGetLocalGroups.
NET_API_STATUS NetUserGetLocalGroups(
    LPWSTR servername,      
    LPWSTR username,      
    DWORD level,      
    DWORD flags,      
    LPBYTE *bufptr,      
    DWORD prefmaxlen,      
    LPDWORD entriesread,      
    LPDWORD totalentries      
   );      
 
Parameters
servername
Pointer to a Unicode string containing the name of the remote server on which the function is to execute. A NULL pointer or string specifies the local computer.
username
Pointer to a Unicode string containing the name of the user for which to return global group membership. This parameter can be of the form <UserName>, in which case the username is expected to be found on servername. The user name can also be of the form <DomainName>\<UserName> in which case <DomainName> is associated with servername and <UserName> is expected to be to be found on that domain.
level
Level of information required. Only 0 is valid.
flags
Bitmask of flags. Currently, only LG_INCLUDE_INDIRECT is defined. If this bit is set, the function will also return the local groups of which the user is indirectly a member (that is, by the virtue of being in a global group that itself is a member of one or more local groups).
bufptr
On return a pointer to the return information structure is returned in the address pointed to by bufptr. The returned information is an array of LOCALGROUP_USERS_INFO_0 structures. The returned buffer should be deallocated using the NetApiBufferFree function.
prefmaxlen
Preferred maximum length, in 8-bit bytes of returned data.
entriesread
Pointer to a DWORD that contains the actual enumerated element count.
totalentries
Pointer to a DWORD that contains the total number of entries that could have been enumerated.
 
Return Values
If the function is successful, it returns NERR_SUCCESS.
If the function fails, the return value is one of the following error codes.
Value      Meaning
ERROR_ACCESS_DENIED      The user does not have access to the requested information.
NERR_InvalidComputer      The computer name is invalid.
NERR_UserNotFound      The user name could not be found.

Greetings,

           os

0
malitiaCommented:
Here is your example:

include <windows.h>
#include <lm.h>
#include <stdio.h>
#pragma hdrstop

int main( void );

int main( void )
{
        wchar_t *server = L"\\\\BABYA"; // DC name here
        wchar_t *user = L"felixk"; // user to ask for

        DWORD rc, pref, got, total;
        GROUP_USERS_INFO_0 *buf;

        pref = 16; // start low, get more later
        buf = NULL; // important!

        do
        {
                pref *= 2; // bump buffer size
                printf( "Trying with prefmaxlen == %lu bytes\n", pref );
                if ( buf != NULL )
                {
                        NetApiBufferFree( buf );
                        buf = NULL; // important!
                }

                rc = NetUserGetGroups( server, user, 0, (LPBYTE *) &buf,
pref, &got, &total );
        } while ( rc == NERR_BufTooSmall || rc == ERROR_MORE_DATA );

        if ( rc != 0 )
        {
                printf( "Duh! -- error %lu\n", rc );
                return 1;
        }

        for ( rc = 0; buf != NULL && rc < got; rc ++ )
        {
                printf( "%S\n", buf[rc].grui0_name ); // %S: cap-S
toggles Unicode/ANSI
        }

        if ( buf != NULL )
                NetApiBufferFree( buf );

        return 0;
}

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.