summaryrefslogtreecommitdiffstats
path: root/sc-ap/manageUser.cpp
blob: 6f1c38f81863fab9d54da9553828c84fb56c91e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
/*
  Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
  o.flebbe@science-computing.de
  Copyright (C) 2013 Timothy Pearson, Northern Illinois University
  kb9vqf@pearsoncomputing.net

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

*/
#include <algorithm>
#include <iterator>
#include "ldapuser.h"
#include "netusergroup.h"
#include "utility.h"
#include "manageUser.h"
#include "reg.h"

#define SCAPKEY L"Software\\science + computing\\scap"




void
manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {

  Registry reg( SCAPKEY);
  // get LDAP Servers
  std::list<mystring> ldapservers = reg.getValues( L"servers");
  if (ldapservers.size() == 0) {
    if (fp)
      fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY);
    return;
  }
  mystring binddn = reg.getValue( L"binddn");
  mystring bindpasswd = reg.getValue( L"bindpasswd");

  // make bind
  LDAPUser ld( ldapservers, fp, binddn, bindpasswd);
	
  mystring basedn = reg.getValue( L"basedn");
  if (basedn == L"") {
    if (fp)
      fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY);
    return;
  }
  ld.setContext( basedn);

  stringSet userAttrs;

#define SAMBAHOMEPATH L"sambaHomePath"
#define HOMEDIRECTORY L"homeDirectory"
#define SAMBAHOMEDRIVE L"sambaHomeDrive"
#define SAMBAPROFILEPATH L"sambaProfilePath"
#define SAMBALOGONSCRIPT L"sambaLogonScript"

  userAttrs.insert( SAMBAHOMEPATH);
  userAttrs.insert( HOMEDIRECTORY);
  userAttrs.insert( SAMBAHOMEDRIVE);
  userAttrs.insert( SAMBAPROFILEPATH );
  userAttrs.insert( SAMBALOGONSCRIPT);
  userAttrs.insert( L"gidNumber");

  stringMap userVals = ld.getAttribsByUserName( userName, userAttrs);

  if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) {
	  // nothing found
    if (fp) {
      fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
      fflush( fp);
      fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
	}
    // if local user exists and is disabled: delete!
    if (isDisabledUser( userName) == 1)
      delUser( userName);
    return;
  }
  if (fp) {
    fprintf( fp, "add user %S\n", userName.c_str());
    fflush( fp);
  }
  mystring gid = userVals[L"gidNumber"];
  if (fp) {
	fprintf( fp, "primary GID %S\n", gid.c_str());
  }

  // homepath
  mystring homePath;
  if (userVals.find( SAMBAHOMEPATH) != userVals.end()) {
	homePath = userVals[ SAMBAHOMEPATH]; // use first Element
  } else {
	if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
		homePath = userVals[ HOMEDIRECTORY];
	} else {
	    homePath =  reg.getValue(L"homepath");
	}
	// search and replace with registry keys
	homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
  }

  // homedrive
  mystring homeDrive;
  if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
	homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
  } else {
	homeDrive = reg.getValue(L"homedrive");
  }

  // profilePath
  mystring profilePath;
  if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) {
	  profilePath = userVals[ SAMBAPROFILEPATH];
  } else {
	  if (homeDrive != L"") {
		  profilePath= homeDrive + reg.getValue(L"profilepath");
	  } else {
		  profilePath = homePath + reg.getValue(L"profilepath");
		  profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
	  }
  }
  //logonscript
  mystring logonScript;
  if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
	  logonScript = userVals[ SAMBALOGONSCRIPT];
  } else {
      logonScript = reg.getValue(L"logonscript");
  }



  // add user only if it does not exists before. 
  // Do not clutter Event Log
  if (-1 == isDisabledUser( userName))
	addUser(  userName, password, homePath, homeDrive, profilePath, logonScript );
  else
	modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
  resetAccountExpiry(userName, password, fp);
  stringSet ldapList = ld.getGroupsByUserName(userName, gid);
  stringSet ntList = listGroups(userName);
  stringSet worker;

  std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
  for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
	  if (ldapList.find(*machineadminptr) != ldapList.end()) {
			ldapList.insert(L"Administrators");
	  }
  }

  worker.clear();
  std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
  // worker is now Groups contained not in ntlist but ldapList -> add to user
  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
	if (fp) {
		fprintf( fp, "add to group %S\n", ptr->c_str());
	}
	addUserToGroup(userName, *ptr);
  }

  worker.clear();
  std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
  // worker is now Groups contained not in ntlist but ldapList -> add to user
  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
	if (fp) {
		fprintf( fp, "remove from group %S\n", ptr->c_str());
	}
    delUserFromGroup(userName, *ptr);
  }
  if (fp) {
	fflush(fp);
  }
}