You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
183 lines
6.0 KiB
183 lines
6.0 KiB
/*
|
|
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
|
|
o.flebbe@science-computing.de
|
|
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
|
|
kb9vqf@pearsoncomputing.net
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
*/
|
|
#include <algorithm>
|
|
#include <iterator>
|
|
#include "ldapuser.h"
|
|
#include "netusergroup.h"
|
|
#include "utility.h"
|
|
#include "manageUser.h"
|
|
#include "reg.h"
|
|
|
|
#define SCAPKEY L"Software\\science + computing\\scap"
|
|
|
|
|
|
|
|
|
|
void
|
|
manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {
|
|
|
|
Registry reg( SCAPKEY);
|
|
// get LDAP Servers
|
|
std::list<mystring> ldapservers = reg.getValues( L"servers");
|
|
if (ldapservers.size() == 0) {
|
|
if (fp)
|
|
fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY);
|
|
return;
|
|
}
|
|
mystring binddn = reg.getValue( L"binddn");
|
|
mystring bindpasswd = reg.getValue( L"bindpasswd");
|
|
|
|
// make bind
|
|
LDAPUser ld( ldapservers, fp, binddn, bindpasswd);
|
|
|
|
mystring basedn = reg.getValue( L"basedn");
|
|
if (basedn == L"") {
|
|
if (fp)
|
|
fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY);
|
|
return;
|
|
}
|
|
ld.setContext( basedn);
|
|
|
|
stringSet userAttrs;
|
|
|
|
#define SAMBAHOMEPATH L"sambaHomePath"
|
|
#define HOMEDIRECTORY L"homeDirectory"
|
|
#define SAMBAHOMEDRIVE L"sambaHomeDrive"
|
|
#define SAMBAPROFILEPATH L"sambaProfilePath"
|
|
#define SAMBALOGONSCRIPT L"sambaLogonScript"
|
|
|
|
userAttrs.insert( SAMBAHOMEPATH);
|
|
userAttrs.insert( HOMEDIRECTORY);
|
|
userAttrs.insert( SAMBAHOMEDRIVE);
|
|
userAttrs.insert( SAMBAPROFILEPATH );
|
|
userAttrs.insert( SAMBALOGONSCRIPT);
|
|
userAttrs.insert( L"gidNumber");
|
|
|
|
stringMap userVals = ld.getAttribsByUserName( userName, userAttrs);
|
|
|
|
if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) {
|
|
// nothing found
|
|
if (fp) {
|
|
fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
|
|
fflush( fp);
|
|
fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
|
|
}
|
|
// if local user exists and is disabled: delete!
|
|
if (isDisabledUser( userName) == 1)
|
|
delUser( userName);
|
|
return;
|
|
}
|
|
if (fp) {
|
|
fprintf( fp, "add user %S\n", userName.c_str());
|
|
fflush( fp);
|
|
}
|
|
mystring gid = userVals[L"gidNumber"];
|
|
if (fp) {
|
|
fprintf( fp, "primary GID %S\n", gid.c_str());
|
|
}
|
|
|
|
// homepath
|
|
mystring homePath;
|
|
if (userVals.find( SAMBAHOMEPATH) != userVals.end()) {
|
|
homePath = userVals[ SAMBAHOMEPATH]; // use first Element
|
|
} else {
|
|
if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
|
|
homePath = userVals[ HOMEDIRECTORY];
|
|
} else {
|
|
homePath = reg.getValue(L"homepath");
|
|
}
|
|
// search and replace with registry keys
|
|
homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
|
|
}
|
|
|
|
// homedrive
|
|
mystring homeDrive;
|
|
if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
|
|
homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
|
|
} else {
|
|
homeDrive = reg.getValue(L"homedrive");
|
|
}
|
|
|
|
// profilePath
|
|
mystring profilePath;
|
|
if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) {
|
|
profilePath = userVals[ SAMBAPROFILEPATH];
|
|
} else {
|
|
if (homeDrive != L"") {
|
|
profilePath= homeDrive + reg.getValue(L"profilepath");
|
|
} else {
|
|
profilePath = homePath + reg.getValue(L"profilepath");
|
|
profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
|
|
}
|
|
}
|
|
//logonscript
|
|
mystring logonScript;
|
|
if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
|
|
logonScript = userVals[ SAMBALOGONSCRIPT];
|
|
} else {
|
|
logonScript = reg.getValue(L"logonscript");
|
|
}
|
|
|
|
|
|
|
|
// add user only if it does not exists before.
|
|
// Do not clutter Event Log
|
|
if (-1 == isDisabledUser( userName))
|
|
addUser( userName, password, homePath, homeDrive, profilePath, logonScript );
|
|
else
|
|
modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
|
|
resetAccountExpiry(userName, password, fp);
|
|
stringSet ldapList = ld.getGroupsByUserName(userName, gid);
|
|
stringSet ntList = listGroups(userName);
|
|
stringSet worker;
|
|
|
|
std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
|
|
for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
|
|
if (ldapList.find(*machineadminptr) != ldapList.end()) {
|
|
ldapList.insert(L"Administrators");
|
|
}
|
|
}
|
|
|
|
worker.clear();
|
|
std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
|
|
// worker is now Groups contained not in ntlist but ldapList -> add to user
|
|
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
|
|
if (fp) {
|
|
fprintf( fp, "add to group %S\n", ptr->c_str());
|
|
}
|
|
addUserToGroup(userName, *ptr);
|
|
}
|
|
|
|
worker.clear();
|
|
std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
|
|
// worker is now Groups contained not in ntlist but ldapList -> add to user
|
|
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
|
|
if (fp) {
|
|
fprintf( fp, "remove from group %S\n", ptr->c_str());
|
|
}
|
|
delUserFromGroup(userName, *ptr);
|
|
}
|
|
if (fp) {
|
|
fflush(fp);
|
|
}
|
|
}
|