pcacc
/
myvtm


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
							#include "stdafx.h"
#include "SpBase.h"
#include <Windows.h>
#include <LMACCESS.H>
#include <LMERR.H>
#include <LMAPIBUF.H>
#include <string>
#include <vector>

#include <boost\format.hpp>

#include <sddl.h>               /* for ConvertSidToStringSid function */
#include "AccountManage.h"
#define SYSTEM_ON(a,b) system(a)

#pragma comment(lib,"netapi32.lib")
using namespace std;

namespace AccountManage {
	string convertwStr2str(wstring wstr)
	{
		size_t size;
		char *psMultiByte;
		size = WideCharToMultiByte(CP_ACP,0,wstr.c_str(),-1,NULL,0,NULL,NULL);
		psMultiByte = new char[size + 1];
		WideCharToMultiByte(CP_ACP,0,wstr.c_str(),-1,psMultiByte,size,NULL,NULL);
		return psMultiByte;
	}
	wstring convertStr2wStr(string str)
	{
		size_t size;
		size = MultiByteToWideChar(CP_ACP,0,str.c_str(),-1,NULL,0);
		wchar_t *pwsWideChar = new wchar_t[size + 1];
		MultiByteToWideChar(CP_ACP,0,str.c_str(),-1,pwsWideChar,size);
		return pwsWideChar;
	}
	int AdjustACL(LPCWSTR pUserName,LPCWSTR pFile,DWORD dwAccassRights,ACCESS_MODE accessMode)
	{
		DWORD dwRes = 0;
		PACL pOldDACL =NULL,pNewDACL=NULL;
		PSECURITY_DESCRIPTOR pSD = NULL;
		EXPLICIT_ACCESS_W ea;
		dwRes = GetNamedSecurityInfoW(pFile,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&pOldDACL,NULL,&pSD);
		if(dwRes != ERROR_SUCCESS){
			Dbg("get named SecurityInfo FAIL!");
			goto ret;
		}

		ZeroMemory(&ea,sizeof(EXPLICIT_ACCESS));
		ea.grfAccessPermissions = dwAccassRights;
		ea.grfAccessMode = accessMode;
		ea.grfInheritance = NO_INHERITANCE;
		ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
		ea.Trustee.ptstrName = const_cast<LPWSTR>(pUserName);


		dwRes = SetEntriesInAclW(1,&ea,NULL,&pNewDACL);
		if(dwRes != ERROR_SUCCESS){
			Dbg("set entries ACL FAIL!");
			goto ret;
		}

		dwRes = SetNamedSecurityInfoW(const_cast<LPWSTR>(pFile),SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDACL,NULL);
		if(dwRes != ERROR_SUCCESS){
			Dbg("set named SecurityInfo FAIL!");
			goto ret;
		}
		Dbg("%s adjust ACL SUSS!",convertwStr2str(pUserName).c_str());
		return 0;
ret:
		if (pSD!=NULL)
		{
			LocalFree((HLOCAL) pSD);
		}
		if(pNewDACL != NULL)
		{
			LocalFree((HLOCAL) pNewDACL);
		}
		return -1;
	}

	bool ComfirmUserPropertiy(LPCWSTR pUserName)
	{
		PUSER_INFO_1 pUsr = NULL;
		NET_API_STATUS netRet = 0;
		DWORD dwParamError = 0;

		netRet = NetUserGetInfo(NULL, pUserName, 1, (LPBYTE*)&pUsr);
		if(netRet == NERR_Success)
		{
			pUsr->usri1_flags = (pUsr->usri1_flags | UF_DONT_EXPIRE_PASSWD);
			pUsr->usri1_flags = (pUsr->usri1_flags & ((DWORD)(~UF_PASSWD_CANT_CHANGE)));
			netRet = NetUserSetInfo(NULL, pUserName, 1, (LPBYTE)pUsr, &dwParamError);
			NetApiBufferFree(pUsr);
			if(netRet == NERR_Success)
			{
				Dbg("Set user flag succeed.");
				return true;
			} else {
				Dbg("NetUserSetInfo failed: %d", netRet);
			}
		} else {
			Dbg("NetUserGetInfo failed: %d", netRet);
		}

		return false;
	}

	bool CheckAccount(const std::string accountName)
	{
		vector<string> sysAccounts;
		int errCode;
		string errStr;
		if (!AccountManage::GetAllAccount(sysAccounts, errCode))
		{
			Dbg("GetAllAccount errCode=%d",errCode);
			return false;
		}
		
		Dbg("sysAccounts.sizesize=%d", sysAccounts.size());
		for (int i=0;i<sysAccounts.size();i++)
		{
			Dbg("sysAccounts [%d]=%s", i,sysAccounts[i].c_str());
			if (accountName == sysAccounts[i])
				return true;
		}
		return false;
	}
	bool EnableAdministrator()
	{
		return (ERROR_SUCCESS == SYSTEM_ON("net user administrator /active:yes", true) && (ERROR_SUCCESS == SYSTEM_ON("net user administrator 11111111", true)));
	}
	bool GetAllAccount(vector<string> &AccountArr,int& errCode)
	{
		LPUSER_INFO_1 pBuf = NULL;
		LPUSER_INFO_1 pTmpBuf;
		DWORD dwLevel = 1;
		DWORD dwPrefMaxLen = -1;
		DWORD dwEntriesRead = 0;
		DWORD dwTotalEntries = 0;
		DWORD dwResumeHandle = 0;
		NET_API_STATUS nStatus;
		LPCWSTR pszServerName = NULL;
		nStatus = NetUserEnum((LPCWSTR)pszServerName, dwLevel, FILTER_NORMAL_ACCOUNT,
			(LPBYTE*)& pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle);
		if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
		{
			if ((pTmpBuf = pBuf) != NULL)
			{
				for (DWORD i = 0; i < dwEntriesRead; ++i)
				{
					string csFlag = (boost::format("%s,%ld") % pTmpBuf->usri1_name % pBuf->usri1_priv).str();
					//if (pTmpBuf->usri1_priv == USER_PRIV_ADMIN || pTmpBuf->usri1_priv == USER_PRIV_USER && (wstring(pTmpBuf->usri1_name) != L"ASPNET"))
						AccountArr.push_back(convertwStr2str(pTmpBuf->usri1_name));
					pTmpBuf++;
					
				}
			}
		}
		else
		{
			errCode = nStatus;
			return false;
		}
		if (pBuf != NULL)
		{
			NetApiBufferFree(pBuf);
			pBuf = NULL;
		}
		if (pBuf != NULL)
			NetApiBufferFree(pBuf);
		return TRUE;
	}

	bool GetAccountSid(const std::string accountName, std::string& accountSid)
	{
		LPUSER_INFO_4 pBuf = NULL;
		LPTSTR sStringSid = NULL;
		std::wstring t_accountName = convertStr2wStr(accountName);
		if (NERR_Success == NetUserGetInfo(NULL, t_accountName.c_str(), 4, (LPBYTE*)& pBuf))
		{
			if (ConvertSidToStringSid(pBuf->usri4_user_sid, &sStringSid))
			{
				accountSid = convertwStr2str(reinterpret_cast<wchar_t *>(sStringSid));
				LocalFree(sStringSid);
			}
			else
				wprintf(L"ConvertSidToSTringSid failed with error %d\n", GetLastError());
		}

		if (pBuf != NULL)
			NetApiBufferFree(pBuf);
		if (accountSid.length() > 0)
			return TRUE;
		else
			return FALSE;
	}

	bool AddNewAccount(std::string AccountName, std::string AccountPsw, int& errCode)
	{
		USER_INFO_1 ui;
		DWORD dwError = 0;
		wstring tempName = convertStr2wStr(AccountName), tempPwd = convertStr2wStr(AccountPsw);
		WCHAR comment[MAX_PATH] = L"";

		ui.usri1_name = const_cast<WCHAR*>(tempName.c_str());
		ui.usri1_password = const_cast<WCHAR*>(tempPwd.c_str());
		ui.usri1_priv = USER_PRIV_USER;
		ui.usri1_home_dir = NULL;
		ui.usri1_comment = comment;
		ui.usri1_flags = UF_SCRIPT | UF_DONT_EXPIRE_PASSWD;
		ui.usri1_script_path = NULL;

		NET_API_STATUS re = NetUserAdd(NULL, 1, (LPBYTE)& ui, &dwError);
		errCode = re;
		//if (re != NERR_Success && re != NERR_UserExists)
		if(re != NERR_Success)
			return FALSE;
		LOCALGROUP_MEMBERS_INFO_3 account;
		account.lgrmi3_domainandname = const_cast<WCHAR*>(tempName.c_str());

		re = NetLocalGroupAddMembers(NULL, L"Users", 3, (LPBYTE)& account, 1);
		if (re == NERR_Success || re == ERROR_MEMBER_IN_ALIAS)
			return TRUE;
		else
			return FALSE;
	}

	bool ExtendGroupAdd(std::string accountName, std::string groupName)
	{
		LOCALGROUP_MEMBERS_INFO_3 account;
		wstring tempName = convertStr2wStr(accountName), tempGroup = convertStr2wStr(groupName);
		account.lgrmi3_domainandname = const_cast<WCHAR*>(tempName.c_str());
		NET_API_STATUS re = NetLocalGroupAddMembers(NULL, tempGroup.c_str(), 3, (LPBYTE)& account, 1);
		if (re == NERR_Success || re == ERROR_MEMBER_IN_ALIAS)
			return TRUE;
		else
			return FALSE;
	}

	bool AddCmbUser()
	{
		int errCode;
		return AddNewAccount(CMBUSER_NAME, CMBUSER_TEMP_PSW, errCode);
	}

	bool AddClientUser()
	{
		int errCode;
		return AddNewAccount(CLIENTUSER_NAME, CLIENTUSER_TEMP_PSW, errCode);
	}

	bool RmAccount(std::string AccountName, int& errCode)
	{
		wstring tempName = convertStr2wStr(AccountName);
		errCode = NetUserDel(NULL, tempName.c_str());
		if (errCode == NERR_Success)
			return TRUE;
		else
			return FALSE;
	}

	bool InitUser(std::string AccountName, std::string AccountPwd, std::string processPath)
	{
		if (!startProcess(AccountName, "", AccountPwd, "c:\\windows\\explorer.exe"))
			return FALSE;

		if (0 == processPath.length())
			return TRUE;

		std::string  exePath = (boost::format("%s\\%s") % processPath % INIT_PROCESS).str();
		if (!startProcess(AccountName, "", AccountPwd, exePath))
			return FALSE;
		return TRUE;

	}

	bool ModefyUserPsw(std::string AccountName, std::string oldPwd, std::string newPwd)
	{
		wstring newAccountName = convertStr2wStr(AccountName), oldAccountPwd = convertStr2wStr(oldPwd), newAccountPwd = convertStr2wStr(newPwd);
		int res= NetUserChangePassword(NULL, newAccountName.c_str(), oldAccountPwd.c_str(), newAccountPwd.c_str());
		Dbg("ModefyUserPsw res %d",res);
		if(res == ERROR_ACCESS_DENIED) {
			ComfirmUserPropertiy(newAccountName.c_str());
		}
		return NERR_Success == res;
	}

	bool startProcess(std::string userName, std::string domain, std::string password, std::string commandLine)
	{
		PROCESS_INFORMATION processInfo;
		STARTUPINFOW startupInfo;
		ZeroMemory(&processInfo, sizeof(processInfo));
		ZeroMemory(&startupInfo, sizeof(startupInfo));
		startupInfo.cb = sizeof(STARTUPINFO);
		startupInfo.lpTitle = NULL;
		startupInfo.dwFlags = STARTF_USECOUNTCHARS;
		startupInfo.dwYCountChars = 50;
		wstring cmdLine = convertStr2wStr(commandLine);
		BOOL retval = CreateProcessWithLogonW(convertStr2wStr(userName).c_str(), NULL, convertStr2wStr(password).c_str(),
			LOGON_WITH_PROFILE, NULL, const_cast<WCHAR*>(cmdLine.c_str()), CREATE_NEW_CONSOLE, NULL,
			NULL, &startupInfo, &processInfo);
		if (retval)
		{
			CloseHandle(processInfo.hProcess);
			CloseHandle(processInfo.hThread);
			return TRUE;
		}
		return FALSE;
	}

}