windows-ldap-integration/sc-ap/manageUser.cpp

/*
  Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
  o.flebbe@science-computing.de
  Copyright (C) 2013 Timothy Pearson, Northern Illinois University
  kb9vqf@pearsoncomputing.net

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

*/
#include <algorithm>
#include <iterator>
#include "ldapuser.h"
#include "netusergroup.h"
#include "utility.h"
#include "manageUser.h"
#include "reg.h"

#define SCAPKEY L"Software\\science + computing\\scap"




void
manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {

  Registry reg( SCAPKEY);
  // get LDAP Servers
  std::list<mystring> ldapservers = reg.getValues( L"servers");
  if (ldapservers.size() == 0) {
    if (fp)
      fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY);
    return;
  }
  mystring binddn = reg.getValue( L"binddn");
  mystring bindpasswd = reg.getValue( L"bindpasswd");

  // make bind
  LDAPUser ld( ldapservers, fp, binddn, bindpasswd);
	
  mystring basedn = reg.getValue( L"basedn");
  if (basedn == L"") {
    if (fp)
      fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY);
    return;
  }
  ld.setContext( basedn);

  stringSet userAttrs;

#define SAMBAHOMEPATH L"sambaHomePath"
#define HOMEDIRECTORY L"homeDirectory"
#define SAMBAHOMEDRIVE L"sambaHomeDrive"
#define SAMBAPROFILEPATH L"sambaProfilePath"
#define SAMBALOGONSCRIPT L"sambaLogonScript"

  userAttrs.insert( SAMBAHOMEPATH);
  userAttrs.insert( HOMEDIRECTORY);
  userAttrs.insert( SAMBAHOMEDRIVE);
  userAttrs.insert( SAMBAPROFILEPATH );
  userAttrs.insert( SAMBALOGONSCRIPT);
  userAttrs.insert( L"gidNumber");

  stringMap userVals = ld.getAttribsByUserName( userName, userAttrs);

  if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) {
	  // nothing found
    if (fp) {
      fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
      fflush( fp);
      fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
	}
    // if local user exists and is disabled: delete!
    if (isDisabledUser( userName) == 1)
      delUser( userName);
    return;
  }
  if (fp) {
    fprintf( fp, "add user %S\n", userName.c_str());
    fflush( fp);
  }
  mystring gid = userVals[L"gidNumber"];
  if (fp) {
	fprintf( fp, "primary GID %S\n", gid.c_str());
  }

  // homepath
  mystring homePath;
  if (userVals.find( SAMBAHOMEPATH) != userVals.end()) {
	homePath = userVals[ SAMBAHOMEPATH]; // use first Element
  } else {
	if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
		homePath = userVals[ HOMEDIRECTORY];
	} else {
	    homePath =  reg.getValue(L"homepath");
	}
	// search and replace with registry keys
	homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
  }

  // homedrive
  mystring homeDrive;
  if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
	homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
  } else {
	homeDrive = reg.getValue(L"homedrive");
  }

  // profilePath
  mystring profilePath;
  if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) {
	  profilePath = userVals[ SAMBAPROFILEPATH];
  } else {
	  if (homeDrive != L"") {
		  profilePath= homeDrive + reg.getValue(L"profilepath");
	  } else {
		  profilePath = homePath + reg.getValue(L"profilepath");
		  profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
	  }
  }
  //logonscript
  mystring logonScript;
  if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
	  logonScript = userVals[ SAMBALOGONSCRIPT];
  } else {
      logonScript = reg.getValue(L"logonscript");
  }



  // add user only if it does not exists before. 
  // Do not clutter Event Log
  if (-1 == isDisabledUser( userName))
	addUser(  userName, password, homePath, homeDrive, profilePath, logonScript );
  else
	modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
  resetAccountExpiry(userName, password, fp);
  stringSet ldapList = ld.getGroupsByUserName(userName, gid);
  stringSet ntList = listGroups(userName);
  stringSet worker;

  std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
  for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
	  if (ldapList.find(*machineadminptr) != ldapList.end()) {
			ldapList.insert(L"Administrators");
	  }
  }

  worker.clear();
  std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
  // worker is now Groups contained not in ntlist but ldapList -> add to user
  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
	if (fp) {
		fprintf( fp, "add to group %S\n", ptr->c_str());
	}
	addUserToGroup(userName, *ptr);
  }

  worker.clear();
  std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
  // worker is now Groups contained not in ntlist but ldapList -> add to user
  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
	if (fp) {
		fprintf( fp, "remove from group %S\n", ptr->c_str());
	}
    delUserFromGroup(userName, *ptr);
  }
  if (fp) {
	fflush(fp);
  }
}