Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 678
  • Last Modified:

Create NT Accounts in Delphi CGI App

I downloaded the API files for Lan Manager (from delphi-jedi.org) to try to find the calls to create NT Server logins from Delphi ver 4 or 5.  The APIs are very long and confusing.

My goal is simple, build a web based secutity system that uses the NT login.  That way, I can programmatically assign logins to groups of users with certain access rights.

I would need the calls to:
Create Login
Delete Login
Modify Login Password
Assign Group
Get Login Username
Get Login Groups.

Does anyone out there have an idea how to do this?

I will also accept links to point me in the direction of real world security layouts for web-sites that aren't all hype and talk.

Sincery,
TonyT_MTSH
0
tonyt_mtsh
Asked:
tonyt_mtsh
1 Solution
 
shenqwCommented:
listen
0
 
HamidHossainCommented:
listening ...
0
 
mscatenaCommented:
Here is a unit that does a lot of the things you asked. You can easilly extend it to do the rest.

===================

unit CriaNTUser;

{
Cria usuario de NT
Copyright 1997 por Mauro Sant' Anna
Todos os direitos reservados
}

interface

uses
  Windows;

// Create user
function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;

// Add to group
function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

// Remove from group
function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;

function ErrToMsg(const Err: integer): string;

implementation

type
  T_USER_INFO_1 = record
    usri1_name: PWideChar;
    usri1_password: PWideChar;
    usri1_password_age: integer;
    usri1_priv: integer;
    usri1_home_dir: PWideChar;
    usri1_comment: PWideChar;
    usri1_flags: integer;
    usri1_script_path: PWideChar;
  end;
  PInteger = ^Integer;

function NetUserAdd(
    servername: PWideChar;
    level: integer;
    const buf: T_USER_INFO_1;
    parm_err: PInteger
   ): integer; stdcall; external 'netapi32.dll';

function NetGroupAddUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

function NetGroupDelUser(servername: PWideChar;
                         GroupName: PWideChar;
                         username: PWideChar): integer; stdcall; external 'netapi32.dll';

const
  USER_PRIV_USER = 1;
  UF_SCRIPT = 1;
  NERR_BASE = 2100;
  NERR_InvalidComputer = NERR_BASE + 251;
  NERR_NotPrimary = NERR_BASE + 126;
  NERR_GroupExists = NERR_BASE + 123;
  NERR_UserExists = NERR_BASE + 124;
  NERR_PasswordTooShort = NERR_BASE + 145;
  NERR_SpeGroupOp = NERR_BASE+134; // The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.
  NERR_UserNotFound = NERR_BASE+121;// The user name could not be found.
  NERR_GroupNotFound = NERR_BASE+120; // The group name could not be found.
  NERR_UserNotInGroup = NERR_BASE+137; // The user does not belong to this group.
 cTamStr = 256;

procedure StrToMB(const S: string; Buffer: PWideChar);
begin
  fillchar(Buffer^, cTamStr * 2, 0);
  MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Pointer(S), length(S), Buffer, cTamStr);
end;

function ErrToMsg(const Err: integer): string;
begin
  Result := 'Ok';
  case Err of
    ERROR_ACCESS_DENIED: Result := 'Access Denied';
    NERR_InvalidComputer: Result := 'InvalidComputer';
    NERR_NotPrimary: Result := 'NotPrimary';
    NERR_GroupExists: Result := 'GroupExists';
    NERR_UserExists: Result := 'UserExists';
    NERR_PasswordTooShort: Result := 'PasswordTooShort';
    NERR_SpeGroupOp: Result := 'The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.';
    NERR_UserNotFound: Result := 'The user name could not be found.';
    NERR_GroupNotFound: Result := 'The group name could not be found.';
    NERR_UserNotInGroup: Result := 'The user does not belong to this group.';
  end;
end;

function CriaUsuario(
  const XUsuario, XSenha, XComentario, XServidor: string): integer;
var
  U: T_USER_INFO_1;
  Err, Ret: integer;
  Usuario, Senha, Comentario, Servidor: array[0..cTamStr] of widechar;

procedure Converte;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XSenha, Senha);
  StrToMB(XComentario, Comentario);
  StrToMB(XServidor, Servidor);
end;

begin
  Converte;
  with U do
  begin
    usri1_name := Usuario;
    usri1_password := Senha;
    usri1_priv := USER_PRIV_USER;
    usri1_home_dir := nil;
    usri1_comment := 'Teste de cadastramento';
    usri1_flags := UF_SCRIPT;
    usri1_script_path := NIL;
  end;
  Ret := NetUserAdd(Servidor, 1, U, @Err);
  Result := Ret;
end;

function AdicionaAoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupAddUser(Servidor, Grupo, Usuario);
end;

function EliminaDoGrupo(const XServidor, XUsuario, XGrupo: string): integer;
var
  Usuario, Servidor, Grupo: array[0..cTamStr] of widechar;
begin
  StrToMB(XUsuario, Usuario);
  StrToMB(XServidor, Servidor);
  StrToMB(XGrupo, Grupo);
  Result := NetGroupDelUser(Servidor, Grupo, Usuario);
end;

end.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
tonyt_mtshAuthor Commented:
THANK YOU!!!

I will convert some of the spanish to english to make sure I understand it.  I can probalby do that tomorrow.  If I get it to work (even a little), then you got the points.

Thanks,
TonyT.
0
 
tonyt_mtshAuthor Commented:
Thank you.  I can now add/delete, modify passwords, add users to groups and remove them from groups.

I wrote my own unit (in english) that is very similar to the one above, with the additional function calls and an expanded set of constants.

I now just have to figure out the whole security layout for my appserver.

Thanks again.
TonyT.
0
 
mscatenaCommented:
You are wellcome.

BTW, the names are in Portuguese.

Bye.
0
 
tonyt_mtshAuthor Commented:
I ttok 3 years of Spanish in high school and could only remember some of the stuff the Taco bell dog says.

Once I saw the API calls, I knew where to go.  Now, all I have to do is figure out the Server Part.  (I am getting the "Not Primary" error.)  I didn't want to add the users to our entire domaine.  I was hoping that I could add them to just the one running the Internet Server.  I am not so good on the NT Security Stuff.

I think I have to create a new domain and make that new domain have it's own name service.  My network guy is supposed to figure it out, but he's backed up with a lot of other stuff.

Thanks.
0
 
mscatenaCommented:
Portuguese is quite similar to Spanish. I can understand it perfectly, though I cannot really speak it.

I tested this code creating accounts in the current domain, supplying the server name. I don’t know about creating accounts in a standalone server, though setting up another domain sounds fine to me. I can actually see some advantages in doing it, like if you end up needing more than one web server.

Bye.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now