Solved

NT permissions API?

Posted on 1998-01-22
7
249 Views
Last Modified: 2012-05-04
Are there a set of classes/API's that I can use in order
to authenticate users.  I need to be able to
1.  Authenticate users
2.  Determine what groups they belong to.
I'm doing this in c++ using VC 5.0
0
Comment
Question by:imhendri
  • 3
  • 3
7 Comments
 
LVL 3

Expert Comment

by:os012897
ID: 1178717
Hi there,

- You can use LogonUser (Win32 API function) to authenticate a
  user!
- Use NetUserGetGroups to retrieve a list of global groups a user
  belongs to

Hope that helps,

       os
0
 
LVL 3

Expert Comment

by:os012897
ID: 1178718
If you want to check for local groupmembership, use NetUserGetLocalGroups!

Hope that helps,

       os
0
 

Author Comment

by:imhendri
ID: 1178719
Thanks for the info.  I looked it up and am a little
confused about the structures is uses.  Can you give me
and example of how to use it?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:imhendri
ID: 1178720
More specific, can you give me an example of NetUserGetLocalGroups.
0
 

Author Comment

by:imhendri
ID: 1178721
I'm having difficulties getting it to work.  Please submit
example.  If a sucessfull example is received, then the
question submitted by malitia for same question will be
awarded as well (50 points).
0
 
LVL 3

Expert Comment

by:os012897
ID: 1178722
Hi again,

Unfortunately I cannot provide you with a complete example, as I just do not have the time to write one. I am including the info from the MSVC++ 4.2 documentation.

It should basically work like this:

//Getting the groups a local user belongs to on the LOCAL // computer
LPBYTE *userinfo_array;
DWORD prefmaxlen;      
LPDWORD entriesread, totalentries;

NetUserGetLocalGroups(NULL, "Princess_Leia", 0, 0,
                      userinfo_array, prefmaxlen, entriesread,
                      totalentries)

If it does not work, tell me what your exact problem is!

The NetUserGetLocalGroups function retrieves a list of local groups to which a specified user belongs.
Security Requirements
Only members of the Administrators or Account Operators local group can successfully execute NetUserGetLocalGroups.
NET_API_STATUS NetUserGetLocalGroups(
    LPWSTR servername,      
    LPWSTR username,      
    DWORD level,      
    DWORD flags,      
    LPBYTE *bufptr,      
    DWORD prefmaxlen,      
    LPDWORD entriesread,      
    LPDWORD totalentries      
   );      
 
Parameters
servername
Pointer to a Unicode string containing the name of the remote server on which the function is to execute. A NULL pointer or string specifies the local computer.
username
Pointer to a Unicode string containing the name of the user for which to return global group membership. This parameter can be of the form <UserName>, in which case the username is expected to be found on servername. The user name can also be of the form <DomainName>\<UserName> in which case <DomainName> is associated with servername and <UserName> is expected to be to be found on that domain.
level
Level of information required. Only 0 is valid.
flags
Bitmask of flags. Currently, only LG_INCLUDE_INDIRECT is defined. If this bit is set, the function will also return the local groups of which the user is indirectly a member (that is, by the virtue of being in a global group that itself is a member of one or more local groups).
bufptr
On return a pointer to the return information structure is returned in the address pointed to by bufptr. The returned information is an array of LOCALGROUP_USERS_INFO_0 structures. The returned buffer should be deallocated using the NetApiBufferFree function.
prefmaxlen
Preferred maximum length, in 8-bit bytes of returned data.
entriesread
Pointer to a DWORD that contains the actual enumerated element count.
totalentries
Pointer to a DWORD that contains the total number of entries that could have been enumerated.
 
Return Values
If the function is successful, it returns NERR_SUCCESS.
If the function fails, the return value is one of the following error codes.
Value      Meaning
ERROR_ACCESS_DENIED      The user does not have access to the requested information.
NERR_InvalidComputer      The computer name is invalid.
NERR_UserNotFound      The user name could not be found.

Greetings,

           os

0
 

Accepted Solution

by:
malitia earned 150 total points
ID: 1178723
Here is your example:

include <windows.h>
#include <lm.h>
#include <stdio.h>
#pragma hdrstop

int main( void );

int main( void )
{
        wchar_t *server = L"\\\\BABYA"; // DC name here
        wchar_t *user = L"felixk"; // user to ask for

        DWORD rc, pref, got, total;
        GROUP_USERS_INFO_0 *buf;

        pref = 16; // start low, get more later
        buf = NULL; // important!

        do
        {
                pref *= 2; // bump buffer size
                printf( "Trying with prefmaxlen == %lu bytes\n", pref );
                if ( buf != NULL )
                {
                        NetApiBufferFree( buf );
                        buf = NULL; // important!
                }

                rc = NetUserGetGroups( server, user, 0, (LPBYTE *) &buf,
pref, &got, &total );
        } while ( rc == NERR_BufTooSmall || rc == ERROR_MORE_DATA );

        if ( rc != 0 )
        {
                printf( "Duh! -- error %lu\n", rc );
                return 1;
        }

        for ( rc = 0; buf != NULL && rc < got; rc ++ )
        {
                printf( "%S\n", buf[rc].grui0_name ); // %S: cap-S
toggles Unicode/ANSI
        }

        if ( buf != NULL )
                NetApiBufferFree( buf );

        return 0;
}

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Often, when implementing a feature, you won't know how certain events should be handled at the point where they occur and you'd rather defer to the user of your function or class. For example, a XML parser will extract a tag from the source code, wh…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now