Solved

NT permissions API?

Posted on 1998-01-22
7
248 Views
Last Modified: 2012-05-04
Are there a set of classes/API's that I can use in order
to authenticate users.  I need to be able to
1.  Authenticate users
2.  Determine what groups they belong to.
I'm doing this in c++ using VC 5.0
0
Comment
Question by:imhendri
  • 3
  • 3
7 Comments
 
LVL 3

Expert Comment

by:os012897
ID: 1178717
Hi there,

- You can use LogonUser (Win32 API function) to authenticate a
  user!
- Use NetUserGetGroups to retrieve a list of global groups a user
  belongs to

Hope that helps,

       os
0
 
LVL 3

Expert Comment

by:os012897
ID: 1178718
If you want to check for local groupmembership, use NetUserGetLocalGroups!

Hope that helps,

       os
0
 

Author Comment

by:imhendri
ID: 1178719
Thanks for the info.  I looked it up and am a little
confused about the structures is uses.  Can you give me
and example of how to use it?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:imhendri
ID: 1178720
More specific, can you give me an example of NetUserGetLocalGroups.
0
 

Author Comment

by:imhendri
ID: 1178721
I'm having difficulties getting it to work.  Please submit
example.  If a sucessfull example is received, then the
question submitted by malitia for same question will be
awarded as well (50 points).
0
 
LVL 3

Expert Comment

by:os012897
ID: 1178722
Hi again,

Unfortunately I cannot provide you with a complete example, as I just do not have the time to write one. I am including the info from the MSVC++ 4.2 documentation.

It should basically work like this:

//Getting the groups a local user belongs to on the LOCAL // computer
LPBYTE *userinfo_array;
DWORD prefmaxlen;      
LPDWORD entriesread, totalentries;

NetUserGetLocalGroups(NULL, "Princess_Leia", 0, 0,
                      userinfo_array, prefmaxlen, entriesread,
                      totalentries)

If it does not work, tell me what your exact problem is!

The NetUserGetLocalGroups function retrieves a list of local groups to which a specified user belongs.
Security Requirements
Only members of the Administrators or Account Operators local group can successfully execute NetUserGetLocalGroups.
NET_API_STATUS NetUserGetLocalGroups(
    LPWSTR servername,      
    LPWSTR username,      
    DWORD level,      
    DWORD flags,      
    LPBYTE *bufptr,      
    DWORD prefmaxlen,      
    LPDWORD entriesread,      
    LPDWORD totalentries      
   );      
 
Parameters
servername
Pointer to a Unicode string containing the name of the remote server on which the function is to execute. A NULL pointer or string specifies the local computer.
username
Pointer to a Unicode string containing the name of the user for which to return global group membership. This parameter can be of the form <UserName>, in which case the username is expected to be found on servername. The user name can also be of the form <DomainName>\<UserName> in which case <DomainName> is associated with servername and <UserName> is expected to be to be found on that domain.
level
Level of information required. Only 0 is valid.
flags
Bitmask of flags. Currently, only LG_INCLUDE_INDIRECT is defined. If this bit is set, the function will also return the local groups of which the user is indirectly a member (that is, by the virtue of being in a global group that itself is a member of one or more local groups).
bufptr
On return a pointer to the return information structure is returned in the address pointed to by bufptr. The returned information is an array of LOCALGROUP_USERS_INFO_0 structures. The returned buffer should be deallocated using the NetApiBufferFree function.
prefmaxlen
Preferred maximum length, in 8-bit bytes of returned data.
entriesread
Pointer to a DWORD that contains the actual enumerated element count.
totalentries
Pointer to a DWORD that contains the total number of entries that could have been enumerated.
 
Return Values
If the function is successful, it returns NERR_SUCCESS.
If the function fails, the return value is one of the following error codes.
Value      Meaning
ERROR_ACCESS_DENIED      The user does not have access to the requested information.
NERR_InvalidComputer      The computer name is invalid.
NERR_UserNotFound      The user name could not be found.

Greetings,

           os

0
 

Accepted Solution

by:
malitia earned 150 total points
ID: 1178723
Here is your example:

include <windows.h>
#include <lm.h>
#include <stdio.h>
#pragma hdrstop

int main( void );

int main( void )
{
        wchar_t *server = L"\\\\BABYA"; // DC name here
        wchar_t *user = L"felixk"; // user to ask for

        DWORD rc, pref, got, total;
        GROUP_USERS_INFO_0 *buf;

        pref = 16; // start low, get more later
        buf = NULL; // important!

        do
        {
                pref *= 2; // bump buffer size
                printf( "Trying with prefmaxlen == %lu bytes\n", pref );
                if ( buf != NULL )
                {
                        NetApiBufferFree( buf );
                        buf = NULL; // important!
                }

                rc = NetUserGetGroups( server, user, 0, (LPBYTE *) &buf,
pref, &got, &total );
        } while ( rc == NERR_BufTooSmall || rc == ERROR_MORE_DATA );

        if ( rc != 0 )
        {
                printf( "Duh! -- error %lu\n", rc );
                return 1;
        }

        for ( rc = 0; buf != NULL && rc < got; rc ++ )
        {
                printf( "%S\n", buf[rc].grui0_name ); // %S: cap-S
toggles Unicode/ANSI
        }

        if ( buf != NULL )
                NetApiBufferFree( buf );

        return 0;
}

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now