//Group management
bool UserUtilities::CreateGroup(Group *group)
{
LOCALGROUP_INFO_1* grp = new LOCALGROUP_INFO_1();
grp->lgrpi1_name = group->m_StrGroupName.GetBuffer();
grp->lgrpi1_comment = group->m_StrDescription.GetBuffer();
int res = NetLocalGroupAdd(NULL, 1, (LPBYTE)grp, NULL);
if(res == 0)
return true;
return false;
}
UINT createAfsAdminGroup(void) {
LOCALGROUP_INFO_1 gInfo;
DWORD dwError;
NET_API_STATUS status;
gInfo.lgrpi1_name = AFSCLIENT_ADMIN_GROUPNAMEW;
gInfo.lgrpi1_comment = AFSCLIENT_ADMIN_COMMENTW;
status = NetLocalGroupAdd(NULL, 1, (LPBYTE) &gInfo, &dwError);
return status;
}
static VOID
GroupNew(HWND hwndDlg)
{
NET_API_STATUS status;
LOCALGROUP_INFO_1 group;
LV_ITEM lvi;
INT iItem;
HWND hwndLV;
ZeroMemory(&group, sizeof(LOCALGROUP_INFO_1));
if (DialogBoxParam(hApplet,
MAKEINTRESOURCE(IDD_GROUP_NEW),
hwndDlg,
NewGroupDlgProc,
(LPARAM)&group) == IDOK)
{
status = NetLocalGroupAdd(NULL,
1,
(LPBYTE)&group,
NULL);
if (status != NERR_Success)
{
TCHAR szText[256];
wsprintf(szText, TEXT("Error: %u"), status);
MessageBox(NULL, szText, TEXT("NetUserAdd"), MB_ICONERROR | MB_OK);
return;
}
hwndLV = GetDlgItem(hwndDlg, IDC_GROUPS_LIST);
ZeroMemory(&lvi, sizeof(lvi));
lvi.mask = LVIF_TEXT | LVIF_STATE | LVIF_IMAGE;
lvi.pszText = group.lgrpi1_name;
lvi.state = 0;
lvi.iImage = 0;
iItem = ListView_InsertItem(hwndLV, &lvi);
ListView_SetItemText(hwndLV, iItem, 1,
group.lgrpi1_comment);
}
if (group.lgrpi1_name)
HeapFree(GetProcessHeap(), 0, group.lgrpi1_name);
if (group.lgrpi1_comment)
HeapFree(GetProcessHeap(), 0, group.lgrpi1_comment);
}
/**
* Add AD local group with default properties.
*
* @param appContext Application context reference.
* @param aliasNameC Group name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetGroupAdd(
IN AppContextTP appContext,
IN PSTR aliasNameC
)
{
DWORD dwError = ERROR_SUCCESS;
LOCALGROUP_INFO_0 Info = { 0 };
DWORD parmError = 0;
PWSTR hostName = NULL;
PWSTR aliasName = NULL;
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) aliasNameC, &aliasName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
Info.lgrpi0_name = aliasName;
PrintStderr(appContext, LogLevelTrace, "%s: Adding group %s ...\n",
appContext->actionName, aliasNameC);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetLocalGroupAdd((PCWSTR) hostName, 0, (PVOID) &Info, &parmError);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done adding group %s\n",
appContext->actionName, aliasNameC);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(aliasName);
return dwError;
error:
goto cleanup;
}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT CACreateBOINCGroups::OnExecution()
{
NET_API_STATUS nasReturnValue;
DWORD dwParameterError;
UINT uiReturnValue = -1;
BOOL bBOINCAdminsCreated = FALSE;
BOOL bBOINCUsersCreated = FALSE;
BOOL bBOINCProjectsCreated = FALSE;
tstring strUserSID;
tstring strUsersGroupName;
tstring strBOINCMasterAccountUsername;
tstring strBOINCProjectAccountUsername;
tstring strEnableProtectedApplicationExecution;
PSID pAdminSID = NULL;
PSID pInstallingUserSID = NULL;
PSID pBOINCMasterSID = NULL;
PSID pBOINCProjectSID = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
uiReturnValue = GetProperty( _T("UserSID"), strUserSID );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("GROUPALIAS_USERS"), strUsersGroupName );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_MASTER_USERNAME"), strBOINCMasterAccountUsername );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_PROJECT_USERNAME"), strBOINCProjectAccountUsername );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("ENABLEPROTECTEDAPPLICATIONEXECUTION2"), strEnableProtectedApplicationExecution );
if ( uiReturnValue ) return uiReturnValue;
// Create a SID for the BUILTIN\Administrators group.
if(!AllocateAndInitializeSid(
&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pAdminSID))
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("AllocateAndInitializeSid Error for BUILTIN\\Administrators")
);
return ERROR_INSTALL_FAILURE;
}
// Create a SID for the current logged in user.
if(!ConvertStringSidToSid(strUserSID.c_str(), &pInstallingUserSID))
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("ConvertStringSidToSid Error for installing user")
);
return ERROR_INSTALL_FAILURE;
}
// Create a SID for the 'boinc_master' user account.
if (_T("1") == strEnableProtectedApplicationExecution) {
if(!GetAccountSid(NULL, strBOINCMasterAccountUsername.c_str(), &pBOINCMasterSID))
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("GetAccountSid Error for 'boinc_master' user account")
);
return ERROR_INSTALL_FAILURE;
}
}
// Create a SID for the 'boinc_project' user account.
if (_T("1") == strEnableProtectedApplicationExecution) {
if(!GetAccountSid(NULL, strBOINCProjectAccountUsername.c_str(), &pBOINCProjectSID))
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("GetAccountSid Error for 'boinc_master' user account")
);
return ERROR_INSTALL_FAILURE;
}
}
// Create the 'boinc_admins' group if needed
//
LOCALGROUP_INFO_1 lgrpiAdmins;
lgrpiAdmins.lgrpi1_name = _T("boinc_admins");
lgrpiAdmins.lgrpi1_comment = _T("Accounts in this group can control the BOINC client.");
nasReturnValue = NetLocalGroupAdd(
NULL,
1,
(LPBYTE)&lgrpiAdmins,
&dwParameterError
);
if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAdd retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to create the 'boinc_admins' group.")
);
return ERROR_INSTALL_FAILURE;
}
if (NERR_Success == nasReturnValue) {
bBOINCAdminsCreated = TRUE;
}
// If we just created the 'boinc_admins' local group then we need to populate
// it with the default accounts.
LOCALGROUP_MEMBERS_INFO_0 lgrmiAdmins;
lgrmiAdmins.lgrmi0_sid = pAdminSID;
nasReturnValue = NetLocalGroupAddMembers(
NULL,
_T("boinc_admins"),
0,
(LPBYTE)&lgrmiAdmins,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'boinc_admins' group (Administrator).")
);
return ERROR_INSTALL_FAILURE;
}
lgrmiAdmins.lgrmi0_sid = pInstallingUserSID;
nasReturnValue = NetLocalGroupAddMembers(
NULL,
_T("boinc_admins"),
0,
(LPBYTE)&lgrmiAdmins,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'boinc_admins' group (Installing User).")
);
return ERROR_INSTALL_FAILURE;
}
if (_T("1") == strEnableProtectedApplicationExecution) {
lgrmiAdmins.lgrmi0_sid = pBOINCMasterSID;
nasReturnValue = NetLocalGroupAddMembers(
NULL,
_T("boinc_admins"),
0,
(LPBYTE)&lgrmiAdmins,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'boinc_admins' group (BOINC Master).")
);
return ERROR_INSTALL_FAILURE;
}
}
// Create the 'boinc_users' group if needed
//
LOCALGROUP_INFO_1 lgrpiUsers;
lgrpiUsers.lgrpi1_name = _T("boinc_users");
lgrpiUsers.lgrpi1_comment = _T("Accounts in this group can monitor the BOINC client.");
nasReturnValue = NetLocalGroupAdd(
NULL,
1,
(LPBYTE)&lgrpiUsers,
&dwParameterError
);
if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAdd retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to create the 'boinc_users' group.")
);
return ERROR_INSTALL_FAILURE;
}
if (NERR_Success == nasReturnValue) {
bBOINCUsersCreated = TRUE;
}
// Create the 'boinc_project' group if needed
//
LOCALGROUP_INFO_1 lgrpiProjects;
lgrpiProjects.lgrpi1_name = _T("boinc_projects");
lgrpiProjects.lgrpi1_comment = _T("Accounts in this group are used to execute boinc applications.");
nasReturnValue = NetLocalGroupAdd(
NULL,
1,
(LPBYTE)&lgrpiProjects,
&dwParameterError
);
if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAdd retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to create the 'boinc_projects' group.")
);
return ERROR_INSTALL_FAILURE;
}
if (NERR_Success == nasReturnValue) {
bBOINCProjectsCreated = TRUE;
}
// If the user has enabled protected application execution then we need to add the 'boinc_project'
// account to the local group and the 'Users' local group. As an aside 'boinc_master' is also added
// to the 'Users' group.
if (_T("1") == strEnableProtectedApplicationExecution) {
LOCALGROUP_MEMBERS_INFO_0 lgrmiMembers;
lgrmiMembers.lgrmi0_sid = pBOINCProjectSID;
nasReturnValue = NetLocalGroupAddMembers(
NULL,
_T("boinc_projects"),
0,
(LPBYTE)&lgrmiMembers,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'boinc_projects' group (boinc_project).")
);
return ERROR_INSTALL_FAILURE;
}
nasReturnValue = NetLocalGroupAddMembers(
NULL,
strUsersGroupName.c_str(),
0,
(LPBYTE)&lgrmiMembers,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'Users' group (boinc_project).")
);
return ERROR_INSTALL_FAILURE;
}
lgrmiMembers.lgrmi0_sid = pBOINCMasterSID;
nasReturnValue = NetLocalGroupAddMembers(
NULL,
strUsersGroupName.c_str(),
0,
(LPBYTE)&lgrmiMembers,
1
);
if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) {
LogMessage(
INSTALLMESSAGE_INFO,
NULL,
NULL,
NULL,
nasReturnValue,
_T("NetLocalGroupAddMembers retval")
);
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
nasReturnValue,
_T("Failed to add user to the 'Users' group (boinc_master).")
);
return ERROR_INSTALL_FAILURE;
}
}
SetProperty( _T("BOINC_ADMINS_GROUPNAME"), _T("boinc_admins") );
SetProperty( _T("BOINC_USERS_GROUPNAME"), _T("boinc_users") );
SetProperty( _T("BOINC_PROJECTS_GROUPNAME"), _T("boinc_projects") );
if (bBOINCAdminsCreated || bBOINCUsersCreated || bBOINCProjectsCreated) {
RebootWhenFinished();
}
if(pAdminSID != NULL) FreeSid(pAdminSID);
if(pInstallingUserSID != NULL) FreeSid(pInstallingUserSID);
if(pBOINCMasterSID != NULL) FreeSid(pBOINCMasterSID);
if(pBOINCProjectSID != NULL) FreeSid(pBOINCProjectSID);
return ERROR_SUCCESS;
}
