我需要能够从Go应用程序中管理Windows本地用户帐户,并且似乎没有使用CGo,就没有本机绑定。
我的最初搜索使人们说,最好使用“ exec.Command”运行“ net user”命令,但是在解析响应代码时,这似乎很混乱且不可靠。
我发现可以在netapi32.dll库中找到处理此类事件的函数,但是由于Go本身不支持Windows头文件,因此调用这些函数似乎并不容易。
以https://github.com/golang/sys/tree/master/windows中的示例为例,看来Go团队一直在重新定义其代码中的所有内容,然后调用DLL函数。
我很难将其包装在一起,但是我已经获得了我所针对的低级API模板,然后在其之上包装了一个高级API,就像Go运行时的核心一样。
type LMSTR ???? type DWORD ???? type LPBYTE ???? type LPDWORD ???? type LPWSTR ???? type NET_API_STATUS DWORD; type USER_INFO_1 struct { usri1_name LPWSTR usri1_password LPWSTR usri1_password_age DWORD usri1_priv DWORD usri1_home_dir LPWSTR usri1_comment LPWSTR usri1_flags DWORD usri1_script_path LPWSTR } type GROUP_USERS_INFO_0 struct { grui0_name LPWSTR } type USER_INFO_1003 struct { usri1003_password LPWSTR } const ( USER_PRIV_GUEST = ???? USER_PRIV_USER = ???? USER_PRIV_ADMIN = ???? UF_SCRIPT = ???? UF_ACCOUNTDISABLE = ???? UF_HOMEDIR_REQUIRED = ???? UF_PASSWD_NOTREQD = ???? UF_PASSWD_CANT_CHANGE = ???? UF_LOCKOUT = ???? UF_DONT_EXPIRE_PASSWD = ???? UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = ???? UF_NOT_DELEGATED = ???? UF_SMARTCARD_REQUIRED = ???? UF_USE_DES_KEY_ONLY = ???? UF_DONT_REQUIRE_PREAUTH = ???? UF_TRUSTED_FOR_DELEGATION = ???? UF_PASSWORD_EXPIRED = ???? UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = ???? UF_NORMAL_ACCOUNT = ???? UF_TEMP_DUPLICATE_ACCOUNT = ???? UF_WORKSTATION_TRUST_ACCOUNT = ???? UF_SERVER_TRUST_ACCOUNT = ???? UF_INTERDOMAIN_TRUST_ACCOUNT = ???? NERR_Success = ???? NERR_InvalidComputer = ???? NERR_NotPrimary = ???? NERR_GroupExists = ???? NERR_UserExists = ???? NERR_PasswordTooShort = ???? NERR_UserNotFound = ???? NERR_BufTooSmall = ???? NERR_InternalError = ???? NERR_GroupNotFound = ???? NERR_BadPassword = ???? NERR_SpeGroupOp = ???? NERR_LastAdmin = ???? ERROR_ACCESS_DENIED = ???? ERROR_INVALID_PASSWORD = ???? ERROR_INVALID_LEVEL = ???? ERROR_MORE_DATA = ???? ERROR_BAD_NETPATH = ???? ERROR_INVALID_NAME = ???? ERROR_NOT_ENOUGH_MEMORY = ???? ERROR_INVALID_PARAMETER = ???? FILTER_TEMP_DUPLICATE_ACCOUNT = ???? FILTER_NORMAL_ACCOUNT = ???? FILTER_INTERDOMAIN_TRUST_ACCOUNT = ???? FILTER_WORKSTATION_TRUST_ACCOUNT = ???? FILTER_SERVER_TRUST_ACCOUNT = ???? ) func NetApiBufferFree(Buffer LPVOID) (NET_API_STATUS); func NetUserAdd(servername LMSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (NET_API_STATUS); func NetUserChangePassword(domainname LPCWSTR, username LPCWSTR, oldpassword LPCWSTR, newpassword LPCWSTR) (NET_API_STATUS); func NetUserDel(servername LPCWSTR, username LPCWSTR) (NET_API_STATUS); func NetUserEnum(servername LPCWSTR, level DWORD, filter DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD, resume_handle LPDWORD) (NET_API_STATUS); func NetUserGetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD) (NET_API_STATUS); func NetUserSetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, num_entries DWORD) (NET_API_STATUS); func NetUserSetInfo(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (NET_API_STATUS);
将它们包装在一起的最佳方法是什么?
如果查看src/syscallGo安装目录,则可以找到名为mksyscall_windows.go的文件。Go团队似乎就是这样来管理所有DLL包装器的。
src/syscall
go generate
看一下syscall_windows.go如何使用它。具体来说,它具有以下go generate命令:
// go:generate go run mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go security_windows.go
然后,他们定义自己的类型。您将需要自己手动执行此操作。
有时这是一个挑战,因为保留结构字段的大小和对齐方式至关重要。我使用Visual Studio Community Edition在Microsoft定义的众多基本类型中四处寻找,以便确定它们的Go等效项。
Windows使用UTF16作为字符串。因此,您将把它们表示为*uint16。用于syscall.UTF16PtrFromString从Go字符串生成一个。
*uint16
syscall.UTF16PtrFromString
整个过程的重点mksyscall_windows.go是生成所有样板代码,因此您最终得到一个Go函数,该函数为您调用DLL。
mksyscall_windows.go
这可以通过添加注释(转到注释)来完成。
例如,syscall_windows.go您具有以下注释:
syscall_windows.go
//sys GetLastError() (lasterr error) //... //sys CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) [failretval&0xff==0] = CreateHardLinkW
mksyscall_windows.go有文档注释可帮助您了解其工作原理。您还可以在zsyscall_windows.go中查看生成的代码。
它很容易,只需运行:
对于您的示例,创建一个名为的文件win32_windows.go:
win32_windows.go
package win32 //go generate go run mksyscall_windows.go -output zwin32_windows.go win32_windows.go type ( LPVOID uintptr LMSTR *uint16 DWORD uint32 LPBYTE *byte LPDWORD *uint32 LPWSTR *uint16 NET_API_STATUS DWORD USER_INFO_1 struct { Usri1_name LPWSTR Usri1_password LPWSTR Usri1_password_age DWORD Usri1_priv DWORD Usri1_home_dir LPWSTR Usri1_comment LPWSTR Usri1_flags DWORD Usri1_script_path LPWSTR } GROUP_USERS_INFO_0 struct { Grui0_name LPWSTR } USER_INFO_1003 struct { Usri1003_password LPWSTR } ) const ( // from LMaccess.h USER_PRIV_GUEST = 0 USER_PRIV_USER = 1 USER_PRIV_ADMIN = 2 UF_SCRIPT = 0x0001 UF_ACCOUNTDISABLE = 0x0002 UF_HOMEDIR_REQUIRED = 0x0008 UF_LOCKOUT = 0x0010 UF_PASSWD_NOTREQD = 0x0020 UF_PASSWD_CANT_CHANGE = 0x0040 UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x0080 UF_TEMP_DUPLICATE_ACCOUNT = 0x0100 UF_NORMAL_ACCOUNT = 0x0200 UF_INTERDOMAIN_TRUST_ACCOUNT = 0x0800 UF_WORKSTATION_TRUST_ACCOUNT = 0x1000 UF_SERVER_TRUST_ACCOUNT = 0x2000 UF_ACCOUNT_TYPE_MASK = UF_TEMP_DUPLICATE_ACCOUNT | UF_NORMAL_ACCOUNT | UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT UF_DONT_EXPIRE_PASSWD = 0x10000 UF_MNS_LOGON_ACCOUNT = 0x20000 UF_SMARTCARD_REQUIRED = 0x40000 UF_TRUSTED_FOR_DELEGATION = 0x80000 UF_NOT_DELEGATED = 0x100000 UF_USE_DES_KEY_ONLY = 0x200000 UF_DONT_REQUIRE_PREAUTH = 0x400000 UF_PASSWORD_EXPIRED = 0x800000 UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000 UF_NO_AUTH_DATA_REQUIRED = 0x2000000 UF_PARTIAL_SECRETS_ACCOUNT = 0x4000000 UF_USE_AES_KEYS = 0x8000000 UF_SETTABLE_BITS = UF_SCRIPT | UF_ACCOUNTDISABLE | UF_LOCKOUT | UF_HOMEDIR_REQUIRED | UF_PASSWD_NOTREQD | UF_PASSWD_CANT_CHANGE | UF_ACCOUNT_TYPE_MASK | UF_DONT_EXPIRE_PASSWD | UF_MNS_LOGON_ACCOUNT | UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED | UF_SMARTCARD_REQUIRED | UF_TRUSTED_FOR_DELEGATION | UF_NOT_DELEGATED | UF_USE_DES_KEY_ONLY | UF_DONT_REQUIRE_PREAUTH | UF_PASSWORD_EXPIRED | UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION | UF_NO_AUTH_DATA_REQUIRED | UF_USE_AES_KEYS | UF_PARTIAL_SECRETS_ACCOUNT FILTER_TEMP_DUPLICATE_ACCOUNT = (0x0001) FILTER_NORMAL_ACCOUNT = (0x0002) FILTER_INTERDOMAIN_TRUST_ACCOUNT = (0x0008) FILTER_WORKSTATION_TRUST_ACCOUNT = (0x0010) FILTER_SERVER_TRUST_ACCOUNT = (0x0020) LG_INCLUDE_INDIRECT = (0x0001) // etc... ) //sys NetApiBufferFree(Buffer LPVOID) (status NET_API_STATUS) = netapi32.NetApiBufferFree //sys NetUserAdd(servername LMSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (status NET_API_STATUS) = netapi32.NetUserAdd //sys NetUserChangePassword(domainname LPCWSTR, username LPCWSTR, oldpassword LPCWSTR, newpassword LPCWSTR) (status NET_API_STATUS) = netapi32.NetUserChangePassword //sys NetUserDel(servername LPCWSTR, username LPCWSTR) (status NET_API_STATUS) = netapi32.NetUserDel //sys NetUserEnum(servername LPCWSTR, level DWORD, filter DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD, resume_handle LPDWORD) (status NET_API_STATUS) = netapi32.NetUserEnum //sys NetUserGetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD) (status NET_API_STATUS) = netapi32.NetUserGetGroups //sys NetUserSetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, num_entries DWORD) (status NET_API_STATUS) = netapi32.NetUserSetGroups //sys NetUserSetInfo(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (status NET_API_STATUS) = netapi32.NetUserSetInfo
运行后go generate(只要您复制mksyscall_windows.go到同一目录),您将拥有一个名为“ zwin32_windows.go”的文件(类似这样):
// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT package win32 import "unsafe" import "syscall" var _ unsafe.Pointer var ( modnetapi32 = syscall.NewLazyDLL("netapi32.dll") procNetApiBufferFree = modnetapi32.NewProc("NetApiBufferFree") procNetUserAdd = modnetapi32.NewProc("NetUserAdd") procNetUserChangePassword = modnetapi32.NewProc("NetUserChangePassword") procNetUserDel = modnetapi32.NewProc("NetUserDel") procNetUserEnum = modnetapi32.NewProc("NetUserEnum") procNetUserGetGroups = modnetapi32.NewProc("NetUserGetGroups") procNetUserSetGroups = modnetapi32.NewProc("NetUserSetGroups") procNetUserSetInfo = modnetapi32.NewProc("NetUserSetInfo") ) func NetApiBufferFree(Buffer LPVOID) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall(procNetApiBufferFree.Addr(), 1, uintptr(Buffer), 0, 0) status = NET_API_STATUS(r0) return } func NetUserAdd(servername LMSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall6(procNetUserAdd.Addr(), 4, uintptr(servername), uintptr(level), uintptr(buf), uintptr(parm_err), 0, 0) status = NET_API_STATUS(r0) return } func NetUserChangePassword(domainname LPCWSTR, username LPCWSTR, oldpassword LPCWSTR, newpassword LPCWSTR) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall6(procNetUserChangePassword.Addr(), 4, uintptr(domainname), uintptr(username), uintptr(oldpassword), uintptr(newpassword), 0, 0) status = NET_API_STATUS(r0) return } func NetUserDel(servername LPCWSTR, username LPCWSTR) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall(procNetUserDel.Addr(), 2, uintptr(servername), uintptr(username), 0) status = NET_API_STATUS(r0) return } func NetUserEnum(servername LPCWSTR, level DWORD, filter DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD, resume_handle LPDWORD) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(servername), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(bufptr)), uintptr(prefmaxlen), uintptr(entriesread), uintptr(totalentries), uintptr(resume_handle), 0) status = NET_API_STATUS(r0) return } func NetUserGetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, bufptr *LPBYTE, prefmaxlen DWORD, entriesread LPDWORD, totalentries LPDWORD) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall9(procNetUserGetGroups.Addr(), 7, uintptr(servername), uintptr(username), uintptr(level), uintptr(unsafe.Pointer(bufptr)), uintptr(prefmaxlen), uintptr(entriesread), uintptr(totalentries), 0, 0) status = NET_API_STATUS(r0) return } func NetUserSetGroups(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, num_entries DWORD) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall6(procNetUserSetGroups.Addr(), 5, uintptr(servername), uintptr(username), uintptr(level), uintptr(buf), uintptr(num_entries), 0) status = NET_API_STATUS(r0) return } func NetUserSetInfo(servername LPCWSTR, username LPCWSTR, level DWORD, buf LPBYTE, parm_err LPDWORD) (status NET_API_STATUS) { r0, _, _ := syscall.Syscall6(procNetUserSetInfo.Addr(), 5, uintptr(servername), uintptr(username), uintptr(level), uintptr(buf), uintptr(parm_err), 0) status = NET_API_STATUS(r0) return }
显然,大多数工作是将Win32类型转换为它们的Go等效项。
随意浏览syscall包装-它们通常已经定义了您可能感兴趣的结构。
syscall
比手动编写代码要好。而且不需要CGo!
声明: 我还没有测试上面的代码来验证它是否确实满足您的要求。使用Win32 API本身就是一件很有趣的事情。
