1 files changed, 181 insertions, 159 deletions
diff --git a/sc-ap/manageUser.cpp b/sc-ap/manageUser.cpp
index 395bfae..017f355 100755
--- a/sc-ap/manageUser.cpp
+++ b/sc-ap/manageUser.cpp
@@ -1,159 +1,181 @@
-/*
-  $Id: manageUser.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
-
-  Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
-  o.flebbe@science-computing.de
-
-  This program is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
-  (at your option) any later version.
-
-  This program is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public License
-  along with this program; if not, write to the Free Software
-  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-#include <algorithm>
-#include "ldapuser.h"
-#include "netusergroup.h"
-#include "utility.h"
-#include "manageUser.h"
-#include "reg.h"
-
-#define SCAPKEY L"Software\\science + computing\\scap"
-
-
-
-
-void
-manageLocalAccount( const mystring& userName, FILE *fp) {
-
-  Registry reg( SCAPKEY);
-  // get LDAP Servers
-  std::list<mystring> ldapservers = reg.getValues( L"servers");
-  if (ldapservers.size() == 0) {
-    if (fp)
-      fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY);
-    return;
-  }
-  mystring binddn = reg.getValue( L"binddn");
-  mystring bindpasswd = reg.getValue( L"bindpasswd");
-
-  // make bind
-  LDAPUser ld( ldapservers, fp, binddn, bindpasswd);
-	
-  mystring basedn = reg.getValue( L"basedn");
-  if (basedn == L"") {
-    if (fp)
-      fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY);
-    return;
-  }
-  ld.setContext( basedn);
-
-  stringSet userAttrs;
-
-#define SAMBAHOMEPATH L"sambaHomePath"
-#define HOMEDIRECTORY L"homeDirectory"
-#define SAMBAHOMEDRIVE L"sambaHomeDrive"
-#define SAMBAPROFILEPATH L"sambaProfilePath"
-#define SAMBALOGONSCRIPT L"sambaLogonScript"
-
-  userAttrs.insert( SAMBAHOMEPATH);
-  userAttrs.insert( HOMEDIRECTORY);
-  userAttrs.insert( SAMBAHOMEDRIVE);
-  userAttrs.insert( SAMBAPROFILEPATH );
-  userAttrs.insert( SAMBALOGONSCRIPT);
-  userAttrs.insert( L"gidNumber");
-
-  stringMap userVals = ld.getAttribsByUserName( userName, userAttrs);
-
-  if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) {
-	  // nothing found
-    if (fp) {
-      fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
-      fflush( fp);
-    }
-    fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
-    // if local user exists and is disabled: delete!
-    if (isDisabledUser( userName) == 1)
-      delUser( userName);
-    return;
-  }
-  if (fp) {
-    fprintf( fp, "add user %S\n", userName.c_str());
-    fflush( fp);
-  }
-  mystring gid = userVals[ L"gid"];
-
-  // homepath
-  mystring homePath;
-  if (userVals.find( SAMBAHOMEPATH) != userVals.end()) {
-	homePath = userVals[ SAMBAHOMEPATH]; // use first Element
-  } else {
-	if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
-		homePath = userVals[ HOMEDIRECTORY];
-	} else {
-	    homePath =  reg.getValue( L"homepath");
-	}
-	// search and replace with registry keys
-	homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
-  }
-
-  // homedrive
-  mystring homeDrive;
-  if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
-	homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
-  } else {
-	homeDrive = reg.getValue( L"homedrive");
-  }
-
-  // profilePath
-  mystring profilePath;
-  if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) {
-	  profilePath = userVals[ SAMBAPROFILEPATH];
-  } else {
-	  if (homeDrive != L"") {
-		  profilePath= homeDrive + reg.getValue( L"profilepath");
-	  } else {
-		  profilePath = homePath + reg.getValue( L"profilepath");
-		  profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
-	  }
-  }
-  //logonscript
-  mystring logonScript;
-  if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
-	  logonScript = userVals[ SAMBALOGONSCRIPT];
-  } else {
-      logonScript = reg.getValue( L"logonscript");
-  }
-
-
-
-  // add user only if it does not exists before. 
-  // Do not clutter Event Log
-  if (-1 == isDisabledUser( userName))
-	addUser(  userName, homePath, homeDrive, profilePath, logonScript ); 
-  stringSet ldapList = ld.getGroupsByUserName( userName, gid);
-  stringSet ntList = listGroups( userName);
-  stringSet worker;
-  std::set_difference( ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
-  // worker is now Groups containe not in ntlist but ldapList -> add to user
-
-  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
-    fprintf( fp, "add to group %S\n", ptr->c_str());
-    addUserToGroup( userName, *ptr);
-  }
-  std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
-  // worker is now Groups containe not in ntlist but ldapList -> add to user
-  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
-    fprintf( fp, "remove from group %S\n", ptr->c_str());
-    delUserFromGroup( userName, *ptr);
-  }
-  fflush( fp);
-}
+/*
+  Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
+  o.flebbe@science-computing.de
+  Copyright (C) 2013 Timothy Pearson, Northern Illinois University
+  kb9vqf@pearsoncomputing.net
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+#include <algorithm>
+#include "ldapuser.h"
+#include "netusergroup.h"
+#include "utility.h"
+#include "manageUser.h"
+#include "reg.h"
+
+#define SCAPKEY L"Software\\science + computing\\scap"
+
+
+
+
+void
+manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {
+
+  Registry reg( SCAPKEY);
+  // get LDAP Servers
+  std::list<mystring> ldapservers = reg.getValues( L"servers");
+  if (ldapservers.size() == 0) {
+    if (fp)
+      fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY);
+    return;
+  }
+  mystring binddn = reg.getValue( L"binddn");
+  mystring bindpasswd = reg.getValue( L"bindpasswd");
+
+  // make bind
+  LDAPUser ld( ldapservers, fp, binddn, bindpasswd);
+	
+  mystring basedn = reg.getValue( L"basedn");
+  if (basedn == L"") {
+    if (fp)
+      fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY);
+    return;
+  }
+  ld.setContext( basedn);
+
+  stringSet userAttrs;
+
+#define SAMBAHOMEPATH L"sambaHomePath"
+#define HOMEDIRECTORY L"homeDirectory"
+#define SAMBAHOMEDRIVE L"sambaHomeDrive"
+#define SAMBAPROFILEPATH L"sambaProfilePath"
+#define SAMBALOGONSCRIPT L"sambaLogonScript"
+
+  userAttrs.insert( SAMBAHOMEPATH);
+  userAttrs.insert( HOMEDIRECTORY);
+  userAttrs.insert( SAMBAHOMEDRIVE);
+  userAttrs.insert( SAMBAPROFILEPATH );
+  userAttrs.insert( SAMBALOGONSCRIPT);
+  userAttrs.insert( L"gidNumber");
+
+  stringMap userVals = ld.getAttribsByUserName( userName, userAttrs);
+
+  if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) {
+	  // nothing found
+    if (fp) {
+      fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
+      fflush( fp);
+      fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
+	}
+    // if local user exists and is disabled: delete!
+    if (isDisabledUser( userName) == 1)
+      delUser( userName);
+    return;
+  }
+  if (fp) {
+    fprintf( fp, "add user %S\n", userName.c_str());
+    fflush( fp);
+  }
+  mystring gid = userVals[L"gidNumber"];
+  if (fp) {
+	fprintf( fp, "primary GID %S\n", gid.c_str());
+  }
+
+  // homepath
+  mystring homePath;
+  if (userVals.find( SAMBAHOMEPATH) != userVals.end()) {
+	homePath = userVals[ SAMBAHOMEPATH]; // use first Element
+  } else {
+	if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
+		homePath = userVals[ HOMEDIRECTORY];
+	} else {
+	    homePath =  reg.getValue(L"homepath");
+	}
+	// search and replace with registry keys
+	homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
+  }
+
+  // homedrive
+  mystring homeDrive;
+  if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
+	homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
+  } else {
+	homeDrive = reg.getValue(L"homedrive");
+  }
+
+  // profilePath
+  mystring profilePath;
+  if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) {
+	  profilePath = userVals[ SAMBAPROFILEPATH];
+  } else {
+	  if (homeDrive != L"") {
+		  profilePath= homeDrive + reg.getValue(L"profilepath");
+	  } else {
+		  profilePath = homePath + reg.getValue(L"profilepath");
+		  profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
+	  }
+  }
+  //logonscript
+  mystring logonScript;
+  if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
+	  logonScript = userVals[ SAMBALOGONSCRIPT];
+  } else {
+      logonScript = reg.getValue(L"logonscript");
+  }
+
+
+
+  // add user only if it does not exists before. 
+  // Do not clutter Event Log
+  if (-1 == isDisabledUser( userName))
+	addUser(  userName, password, homePath, homeDrive, profilePath, logonScript );
+  else
+	modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
+  resetAccountExpiry(userName, password, fp);
+  stringSet ldapList = ld.getGroupsByUserName(userName, gid);
+  stringSet ntList = listGroups(userName);
+  stringSet worker;
+
+  std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
+  for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
+	  if (ldapList.find(*machineadminptr) != ldapList.end()) {
+			ldapList.insert(L"Administrators");
+	  }
+  }
+
+  worker.clear();
+  std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
+  // worker is now Groups contained not in ntlist but ldapList -> add to user
+  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
+	if (fp) {
+		fprintf( fp, "add to group %S\n", ptr->c_str());
+	}
+	addUserToGroup(userName, *ptr);
+  }
+
+  worker.clear();
+  std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
+  // worker is now Groups contained not in ntlist but ldapList -> add to user
+  for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
+	if (fp) {
+		fprintf( fp, "remove from group %S\n", ptr->c_str());
+	}
+    delUserFromGroup(userName, *ptr);
+  }
+  if (fp) {
+	fflush(fp);
+  }
+}