?
Solved

Create NT Accounts in Delphi CGI App

Posted on 2000-04-24
8
Medium Priority
?
678 Views
Last Modified: 2012-06-27
I downloaded the API files for Lan Manager (from delphi-jedi.org) to try to find the calls to create NT Server logins from Delphi ver 4 or 5.  The APIs are very long and confusing.

My goal is simple, build a web based secutity system that uses the NT login.  That way, I can programmatically assign logins to groups of users with certain access rights.

I would need the calls to:
Create Login
Delete Login
Modify Login Password
Assign Group
Get Login Username
Get Login Groups.

Does anyone out there have an idea how to do this?

I will also accept links to point me in the direction of real world security layouts for web-sites that aren't all hype and talk.

Sincery,
TonyT_MTSH
0
Comment
Question by:tonyt_mtsh
8 Comments
 
LVL 3

Expert Comment

by:shenqw
ID: 2746137
listen
0
 

Expert Comment

by:HamidHossain
ID: 2746373
listening ...
0
 
LVL 1

Accepted Solution

by:
mscatena earned 2000 total points
ID: 2746999
Here is a unit that does a lot of the things you asked. You can easilly extend it to do the rest.

===================

unit CriaNTUser;

{
Cria usuario de NT
Copyright 1997 por Mauro Sant' Anna
Todos os direitos reservados
}

interface

uses
  Windows;

// Create user
function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;

// Add to group
function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

// Remove from group
function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

function ErrToMsg(const Err: integer): string;

implementation

type
  T_USER_INFO_1 = record
    usri1_name: PWideChar;
    usri1_password: PWideChar;
    usri1_password_age: integer;
    usri1_priv: integer;
    usri1_home_dir: PWideChar;
    usri1_comment: PWideChar;
    usri1_flags: integer;
    usri1_script_path: PWideChar;
  end;
  PInteger = ^Integer;

function NetUserAdd(
    servername: PWideChar;
    level: integer;
    const buf: T_USER_INFO_1;
    parm_err: PInteger
   ): integer; stdcall; external 'netapi32.dll';

function NetGroupAddUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

function NetGroupDelUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

const
  USER_PRIV_USER = 1;
  UF_SCRIPT = 1;
  NERR_BASE = 2100;
  NERR_InvalidComputer = NERR_BASE + 251;
  NERR_NotPrimary = NERR_BASE + 126;
  NERR_GroupExists = NERR_BASE + 123;
  NERR_UserExists = NERR_BASE + 124;
  NERR_PasswordTooShort = NERR_BASE + 145;
  NERR_SpeGroupOp = NERR_BASE+134; // The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.
  NERR_UserNotFound = NERR_BASE+121;// The user name could not be found.
  NERR_GroupNotFound = NERR_BASE+120; // The group name could not be found.
  NERR_UserNotInGroup = NERR_BASE+137; // The user does not belong to this group.
 cTamStr = 256;

procedure StrToMB(const S: string; Buffer: PWideChar);
begin
  fillchar(Buffer^, cTamStr * 2, 0);
  MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Pointer(S), length(S), Buffer, cTamStr);
end;

function ErrToMsg(const Err: integer): string;
begin
  Result := 'Ok';
  case Err of
    ERROR_ACCESS_DENIED: Result := 'Access Denied';
    NERR_InvalidComputer: Result := 'InvalidComputer';
    NERR_NotPrimary: Result := 'NotPrimary';
    NERR_GroupExists: Result := 'GroupExists';
    NERR_UserExists: Result := 'UserExists';
    NERR_PasswordTooShort: Result := 'PasswordTooShort';
    NERR_SpeGroupOp: Result := 'The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.';
    NERR_UserNotFound: Result := 'The user name could not be found.';
    NERR_GroupNotFound: Result := 'The group name could not be found.';
    NERR_UserNotInGroup: Result := 'The user does not belong to this group.';
  end;
end;

function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;
var
  U: T_USER_INFO_1;
  Err, Ret: integer;
  Usuario, Senha, Comentario, Servidor: array[0..cTamStr] of widechar;

procedure Converte;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XSenha, Senha);
  StrToMB(XComentario, Comentario);
  StrToMB(XServidor, Servidor);
end;

begin
  Converte;
  with U do
  begin
    usri1_name := Usuario;
    usri1_password := Senha;
    usri1_priv := USER_PRIV_USER;
    usri1_home_dir := nil;
    usri1_comment := 'Teste de cadastramento';
    usri1_flags := UF_SCRIPT;
    usri1_script_path := NIL;
  end;
  Ret := NetUserAdd(Servidor, 1, U, @Err);
  Result := Ret;
end;

function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupAddUser(Servidor, Grupo, Usuario);
end;

function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupDelUser(Servidor, Grupo, Usuario);
end;

end.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:tonyt_mtsh
ID: 2750002
THANK YOU!!!

I will convert some of the spanish to english to make sure I understand it.  I can probalby do that tomorrow.  If I get it to work (even a little), then you got the points.

Thanks,
TonyT.
0
 

Author Comment

by:tonyt_mtsh
ID: 2756580
Thank you.  I can now add/delete, modify passwords, add users to groups and remove them from groups.

I wrote my own unit (in english) that is very similar to the one above, with the additional function calls and an expanded set of constants.

I now just have to figure out the whole security layout for my appserver.

Thanks again.
TonyT.
0
 
LVL 1

Expert Comment

by:mscatena
ID: 2757629
You are wellcome.

BTW, the names are in Portuguese.

Bye.
0
 

Author Comment

by:tonyt_mtsh
ID: 2757914
I ttok 3 years of Spanish in high school and could only remember some of the stuff the Taco bell dog says.

Once I saw the API calls, I knew where to go.  Now, all I have to do is figure out the Server Part.  (I am getting the "Not Primary" error.)  I didn't want to add the users to our entire domaine.  I was hoping that I could add them to just the one running the Internet Server.  I am not so good on the NT Security Stuff.

I think I have to create a new domain and make that new domain have it's own name service.  My network guy is supposed to figure it out, but he's backed up with a lot of other stuff.

Thanks.
0
 
LVL 1

Expert Comment

by:mscatena
ID: 2758997
Portuguese is quite similar to Spanish. I can understand it perfectly, though I cannot really speak it.

I tested this code creating accounts in the current domain, supplying the server name. I don’t know about creating accounts in a standalone server, though setting up another domain sounds fine to me. I can actually see some advantages in doing it, like if you end up needing more than one web server.

Bye.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question