Solved

Create NT Accounts in Delphi CGI App

Posted on 2000-04-24
8
661 Views
Last Modified: 2012-06-27
I downloaded the API files for Lan Manager (from delphi-jedi.org) to try to find the calls to create NT Server logins from Delphi ver 4 or 5.  The APIs are very long and confusing.

My goal is simple, build a web based secutity system that uses the NT login.  That way, I can programmatically assign logins to groups of users with certain access rights.

I would need the calls to:
Create Login
Delete Login
Modify Login Password
Assign Group
Get Login Username
Get Login Groups.

Does anyone out there have an idea how to do this?

I will also accept links to point me in the direction of real world security layouts for web-sites that aren't all hype and talk.

Sincery,
TonyT_MTSH
0
Comment
Question by:tonyt_mtsh
8 Comments
 
LVL 3

Expert Comment

by:shenqw
ID: 2746137
listen
0
 

Expert Comment

by:HamidHossain
ID: 2746373
listening ...
0
 
LVL 1

Accepted Solution

by:
mscatena earned 500 total points
ID: 2746999
Here is a unit that does a lot of the things you asked. You can easilly extend it to do the rest.

===================

unit CriaNTUser;

{
Cria usuario de NT
Copyright 1997 por Mauro Sant' Anna
Todos os direitos reservados
}

interface

uses
  Windows;

// Create user
function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;

// Add to group
function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

// Remove from group
function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

function ErrToMsg(const Err: integer): string;

implementation

type
  T_USER_INFO_1 = record
    usri1_name: PWideChar;
    usri1_password: PWideChar;
    usri1_password_age: integer;
    usri1_priv: integer;
    usri1_home_dir: PWideChar;
    usri1_comment: PWideChar;
    usri1_flags: integer;
    usri1_script_path: PWideChar;
  end;
  PInteger = ^Integer;

function NetUserAdd(
    servername: PWideChar;
    level: integer;
    const buf: T_USER_INFO_1;
    parm_err: PInteger
   ): integer; stdcall; external 'netapi32.dll';

function NetGroupAddUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

function NetGroupDelUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

const
  USER_PRIV_USER = 1;
  UF_SCRIPT = 1;
  NERR_BASE = 2100;
  NERR_InvalidComputer = NERR_BASE + 251;
  NERR_NotPrimary = NERR_BASE + 126;
  NERR_GroupExists = NERR_BASE + 123;
  NERR_UserExists = NERR_BASE + 124;
  NERR_PasswordTooShort = NERR_BASE + 145;
  NERR_SpeGroupOp = NERR_BASE+134; // The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.
  NERR_UserNotFound = NERR_BASE+121;// The user name could not be found.
  NERR_GroupNotFound = NERR_BASE+120; // The group name could not be found.
  NERR_UserNotInGroup = NERR_BASE+137; // The user does not belong to this group.
 cTamStr = 256;

procedure StrToMB(const S: string; Buffer: PWideChar);
begin
  fillchar(Buffer^, cTamStr * 2, 0);
  MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Pointer(S), length(S), Buffer, cTamStr);
end;

function ErrToMsg(const Err: integer): string;
begin
  Result := 'Ok';
  case Err of
    ERROR_ACCESS_DENIED: Result := 'Access Denied';
    NERR_InvalidComputer: Result := 'InvalidComputer';
    NERR_NotPrimary: Result := 'NotPrimary';
    NERR_GroupExists: Result := 'GroupExists';
    NERR_UserExists: Result := 'UserExists';
    NERR_PasswordTooShort: Result := 'PasswordTooShort';
    NERR_SpeGroupOp: Result := 'The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.';
    NERR_UserNotFound: Result := 'The user name could not be found.';
    NERR_GroupNotFound: Result := 'The group name could not be found.';
    NERR_UserNotInGroup: Result := 'The user does not belong to this group.';
  end;
end;

function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;
var
  U: T_USER_INFO_1;
  Err, Ret: integer;
  Usuario, Senha, Comentario, Servidor: array[0..cTamStr] of widechar;

procedure Converte;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XSenha, Senha);
  StrToMB(XComentario, Comentario);
  StrToMB(XServidor, Servidor);
end;

begin
  Converte;
  with U do
  begin
    usri1_name := Usuario;
    usri1_password := Senha;
    usri1_priv := USER_PRIV_USER;
    usri1_home_dir := nil;
    usri1_comment := 'Teste de cadastramento';
    usri1_flags := UF_SCRIPT;
    usri1_script_path := NIL;
  end;
  Ret := NetUserAdd(Servidor, 1, U, @Err);
  Result := Ret;
end;

function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupAddUser(Servidor, Grupo, Usuario);
end;

function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupDelUser(Servidor, Grupo, Usuario);
end;

end.
0
 

Author Comment

by:tonyt_mtsh
ID: 2750002
THANK YOU!!!

I will convert some of the spanish to english to make sure I understand it.  I can probalby do that tomorrow.  If I get it to work (even a little), then you got the points.

Thanks,
TonyT.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:tonyt_mtsh
ID: 2756580
Thank you.  I can now add/delete, modify passwords, add users to groups and remove them from groups.

I wrote my own unit (in english) that is very similar to the one above, with the additional function calls and an expanded set of constants.

I now just have to figure out the whole security layout for my appserver.

Thanks again.
TonyT.
0
 
LVL 1

Expert Comment

by:mscatena
ID: 2757629
You are wellcome.

BTW, the names are in Portuguese.

Bye.
0
 

Author Comment

by:tonyt_mtsh
ID: 2757914
I ttok 3 years of Spanish in high school and could only remember some of the stuff the Taco bell dog says.

Once I saw the API calls, I knew where to go.  Now, all I have to do is figure out the Server Part.  (I am getting the "Not Primary" error.)  I didn't want to add the users to our entire domaine.  I was hoping that I could add them to just the one running the Internet Server.  I am not so good on the NT Security Stuff.

I think I have to create a new domain and make that new domain have it's own name service.  My network guy is supposed to figure it out, but he's backed up with a lot of other stuff.

Thanks.
0
 
LVL 1

Expert Comment

by:mscatena
ID: 2758997
Portuguese is quite similar to Spanish. I can understand it perfectly, though I cannot really speak it.

I tested this code creating accounts in the current domain, supplying the server name. I don’t know about creating accounts in a standalone server, though setting up another domain sounds fine to me. I can actually see some advantages in doing it, like if you end up needing more than one web server.

Bye.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now