//Group management bool UserUtilities::CreateGroup(Group *group) { LOCALGROUP_INFO_1* grp = new LOCALGROUP_INFO_1(); grp->lgrpi1_name = group->m_StrGroupName.GetBuffer(); grp->lgrpi1_comment = group->m_StrDescription.GetBuffer(); int res = NetLocalGroupAdd(NULL, 1, (LPBYTE)grp, NULL); if(res == 0) return true; return false; }
UINT createAfsAdminGroup(void) { LOCALGROUP_INFO_1 gInfo; DWORD dwError; NET_API_STATUS status; gInfo.lgrpi1_name = AFSCLIENT_ADMIN_GROUPNAMEW; gInfo.lgrpi1_comment = AFSCLIENT_ADMIN_COMMENTW; status = NetLocalGroupAdd(NULL, 1, (LPBYTE) &gInfo, &dwError); return status; }
static VOID GroupNew(HWND hwndDlg) { NET_API_STATUS status; LOCALGROUP_INFO_1 group; LV_ITEM lvi; INT iItem; HWND hwndLV; ZeroMemory(&group, sizeof(LOCALGROUP_INFO_1)); if (DialogBoxParam(hApplet, MAKEINTRESOURCE(IDD_GROUP_NEW), hwndDlg, NewGroupDlgProc, (LPARAM)&group) == IDOK) { status = NetLocalGroupAdd(NULL, 1, (LPBYTE)&group, NULL); if (status != NERR_Success) { TCHAR szText[256]; wsprintf(szText, TEXT("Error: %u"), status); MessageBox(NULL, szText, TEXT("NetUserAdd"), MB_ICONERROR | MB_OK); return; } hwndLV = GetDlgItem(hwndDlg, IDC_GROUPS_LIST); ZeroMemory(&lvi, sizeof(lvi)); lvi.mask = LVIF_TEXT | LVIF_STATE | LVIF_IMAGE; lvi.pszText = group.lgrpi1_name; lvi.state = 0; lvi.iImage = 0; iItem = ListView_InsertItem(hwndLV, &lvi); ListView_SetItemText(hwndLV, iItem, 1, group.lgrpi1_comment); } if (group.lgrpi1_name) HeapFree(GetProcessHeap(), 0, group.lgrpi1_name); if (group.lgrpi1_comment) HeapFree(GetProcessHeap(), 0, group.lgrpi1_comment); }
/** * Add AD local group with default properties. * * @param appContext Application context reference. * @param aliasNameC Group name. * @return 0 on success; error code on failure. */ DWORD AdtNetGroupAdd( IN AppContextTP appContext, IN PSTR aliasNameC ) { DWORD dwError = ERROR_SUCCESS; LOCALGROUP_INFO_0 Info = { 0 }; DWORD parmError = 0; PWSTR hostName = NULL; PWSTR aliasName = NULL; dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName); ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError); dwError = LwMbsToWc16s((PCSTR) aliasNameC, &aliasName); ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError); Info.lgrpi0_name = aliasName; PrintStderr(appContext, LogLevelTrace, "%s: Adding group %s ...\n", appContext->actionName, aliasNameC); /* Perform the delete operation. */ if(!appContext->gopts.isReadOnly) { dwError = NetLocalGroupAdd((PCWSTR) hostName, 0, (PVOID) &Info, &parmError); } if (dwError) { dwError += ADT_WIN_ERR_BASE; ADT_BAIL_ON_ERROR_NP(dwError); } PrintStderr(appContext, LogLevelTrace, "%s: Done adding group %s\n", appContext->actionName, aliasNameC); cleanup: LW_SAFE_FREE_MEMORY(hostName); LW_SAFE_FREE_MEMORY(aliasName); return dwError; error: goto cleanup; }
///////////////////////////////////////////////////////////////////// // // Function: // // Description: // ///////////////////////////////////////////////////////////////////// UINT CACreateBOINCGroups::OnExecution() { NET_API_STATUS nasReturnValue; DWORD dwParameterError; UINT uiReturnValue = -1; BOOL bBOINCAdminsCreated = FALSE; BOOL bBOINCUsersCreated = FALSE; BOOL bBOINCProjectsCreated = FALSE; tstring strUserSID; tstring strUsersGroupName; tstring strBOINCMasterAccountUsername; tstring strBOINCProjectAccountUsername; tstring strEnableProtectedApplicationExecution; PSID pAdminSID = NULL; PSID pInstallingUserSID = NULL; PSID pBOINCMasterSID = NULL; PSID pBOINCProjectSID = NULL; SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY; uiReturnValue = GetProperty( _T("UserSID"), strUserSID ); if ( uiReturnValue ) return uiReturnValue; uiReturnValue = GetProperty( _T("GROUPALIAS_USERS"), strUsersGroupName ); if ( uiReturnValue ) return uiReturnValue; uiReturnValue = GetProperty( _T("BOINC_MASTER_USERNAME"), strBOINCMasterAccountUsername ); if ( uiReturnValue ) return uiReturnValue; uiReturnValue = GetProperty( _T("BOINC_PROJECT_USERNAME"), strBOINCProjectAccountUsername ); if ( uiReturnValue ) return uiReturnValue; uiReturnValue = GetProperty( _T("ENABLEPROTECTEDAPPLICATIONEXECUTION2"), strEnableProtectedApplicationExecution ); if ( uiReturnValue ) return uiReturnValue; // Create a SID for the BUILTIN\Administrators group. if(!AllocateAndInitializeSid( &SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pAdminSID)) { LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, GetLastError(), _T("AllocateAndInitializeSid Error for BUILTIN\\Administrators") ); return ERROR_INSTALL_FAILURE; } // Create a SID for the current logged in user. if(!ConvertStringSidToSid(strUserSID.c_str(), &pInstallingUserSID)) { LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, GetLastError(), _T("ConvertStringSidToSid Error for installing user") ); return ERROR_INSTALL_FAILURE; } // Create a SID for the 'boinc_master' user account. if (_T("1") == strEnableProtectedApplicationExecution) { if(!GetAccountSid(NULL, strBOINCMasterAccountUsername.c_str(), &pBOINCMasterSID)) { LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, GetLastError(), _T("GetAccountSid Error for 'boinc_master' user account") ); return ERROR_INSTALL_FAILURE; } } // Create a SID for the 'boinc_project' user account. if (_T("1") == strEnableProtectedApplicationExecution) { if(!GetAccountSid(NULL, strBOINCProjectAccountUsername.c_str(), &pBOINCProjectSID)) { LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, GetLastError(), _T("GetAccountSid Error for 'boinc_master' user account") ); return ERROR_INSTALL_FAILURE; } } // Create the 'boinc_admins' group if needed // LOCALGROUP_INFO_1 lgrpiAdmins; lgrpiAdmins.lgrpi1_name = _T("boinc_admins"); lgrpiAdmins.lgrpi1_comment = _T("Accounts in this group can control the BOINC client."); nasReturnValue = NetLocalGroupAdd( NULL, 1, (LPBYTE)&lgrpiAdmins, &dwParameterError ); if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAdd retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to create the 'boinc_admins' group.") ); return ERROR_INSTALL_FAILURE; } if (NERR_Success == nasReturnValue) { bBOINCAdminsCreated = TRUE; } // If we just created the 'boinc_admins' local group then we need to populate // it with the default accounts. LOCALGROUP_MEMBERS_INFO_0 lgrmiAdmins; lgrmiAdmins.lgrmi0_sid = pAdminSID; nasReturnValue = NetLocalGroupAddMembers( NULL, _T("boinc_admins"), 0, (LPBYTE)&lgrmiAdmins, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'boinc_admins' group (Administrator).") ); return ERROR_INSTALL_FAILURE; } lgrmiAdmins.lgrmi0_sid = pInstallingUserSID; nasReturnValue = NetLocalGroupAddMembers( NULL, _T("boinc_admins"), 0, (LPBYTE)&lgrmiAdmins, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'boinc_admins' group (Installing User).") ); return ERROR_INSTALL_FAILURE; } if (_T("1") == strEnableProtectedApplicationExecution) { lgrmiAdmins.lgrmi0_sid = pBOINCMasterSID; nasReturnValue = NetLocalGroupAddMembers( NULL, _T("boinc_admins"), 0, (LPBYTE)&lgrmiAdmins, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'boinc_admins' group (BOINC Master).") ); return ERROR_INSTALL_FAILURE; } } // Create the 'boinc_users' group if needed // LOCALGROUP_INFO_1 lgrpiUsers; lgrpiUsers.lgrpi1_name = _T("boinc_users"); lgrpiUsers.lgrpi1_comment = _T("Accounts in this group can monitor the BOINC client."); nasReturnValue = NetLocalGroupAdd( NULL, 1, (LPBYTE)&lgrpiUsers, &dwParameterError ); if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAdd retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to create the 'boinc_users' group.") ); return ERROR_INSTALL_FAILURE; } if (NERR_Success == nasReturnValue) { bBOINCUsersCreated = TRUE; } // Create the 'boinc_project' group if needed // LOCALGROUP_INFO_1 lgrpiProjects; lgrpiProjects.lgrpi1_name = _T("boinc_projects"); lgrpiProjects.lgrpi1_comment = _T("Accounts in this group are used to execute boinc applications."); nasReturnValue = NetLocalGroupAdd( NULL, 1, (LPBYTE)&lgrpiProjects, &dwParameterError ); if ((NERR_Success != nasReturnValue) && (ERROR_ALIAS_EXISTS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAdd retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to create the 'boinc_projects' group.") ); return ERROR_INSTALL_FAILURE; } if (NERR_Success == nasReturnValue) { bBOINCProjectsCreated = TRUE; } // If the user has enabled protected application execution then we need to add the 'boinc_project' // account to the local group and the 'Users' local group. As an aside 'boinc_master' is also added // to the 'Users' group. if (_T("1") == strEnableProtectedApplicationExecution) { LOCALGROUP_MEMBERS_INFO_0 lgrmiMembers; lgrmiMembers.lgrmi0_sid = pBOINCProjectSID; nasReturnValue = NetLocalGroupAddMembers( NULL, _T("boinc_projects"), 0, (LPBYTE)&lgrmiMembers, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'boinc_projects' group (boinc_project).") ); return ERROR_INSTALL_FAILURE; } nasReturnValue = NetLocalGroupAddMembers( NULL, strUsersGroupName.c_str(), 0, (LPBYTE)&lgrmiMembers, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'Users' group (boinc_project).") ); return ERROR_INSTALL_FAILURE; } lgrmiMembers.lgrmi0_sid = pBOINCMasterSID; nasReturnValue = NetLocalGroupAddMembers( NULL, strUsersGroupName.c_str(), 0, (LPBYTE)&lgrmiMembers, 1 ); if ((NERR_Success != nasReturnValue) && (ERROR_MEMBER_IN_ALIAS != nasReturnValue)) { LogMessage( INSTALLMESSAGE_INFO, NULL, NULL, NULL, nasReturnValue, _T("NetLocalGroupAddMembers retval") ); LogMessage( INSTALLMESSAGE_ERROR, NULL, NULL, NULL, nasReturnValue, _T("Failed to add user to the 'Users' group (boinc_master).") ); return ERROR_INSTALL_FAILURE; } } SetProperty( _T("BOINC_ADMINS_GROUPNAME"), _T("boinc_admins") ); SetProperty( _T("BOINC_USERS_GROUPNAME"), _T("boinc_users") ); SetProperty( _T("BOINC_PROJECTS_GROUPNAME"), _T("boinc_projects") ); if (bBOINCAdminsCreated || bBOINCUsersCreated || bBOINCProjectsCreated) { RebootWhenFinished(); } if(pAdminSID != NULL) FreeSid(pAdminSID); if(pInstallingUserSID != NULL) FreeSid(pInstallingUserSID); if(pBOINCMasterSID != NULL) FreeSid(pBOINCMasterSID); if(pBOINCProjectSID != NULL) FreeSid(pBOINCProjectSID); return ERROR_SUCCESS; }