/* Copyright (C) 2003 Olaf Flebbe, Science and Computing AG o.flebbe@science-computing.de Copyright (C) 2013 Timothy Pearson, Northern Illinois University kb9vqf@pearsoncomputing.net This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include #include "ldapuser.h" #include "netusergroup.h" #include "utility.h" #include "manageUser.h" #include "reg.h" #define SCAPKEY L"Software\\science + computing\\scap" void manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) { Registry reg( SCAPKEY); // get LDAP Servers std::list ldapservers = reg.getValues( L"servers"); if (ldapservers.size() == 0) { if (fp) fprintf( fp, "ldapservers empty: Please set REG_MULTI_SZ value in HKLM\\%S\\servers", SCAPKEY); return; } mystring binddn = reg.getValue( L"binddn"); mystring bindpasswd = reg.getValue( L"bindpasswd"); // make bind LDAPUser ld( ldapservers, fp, binddn, bindpasswd); mystring basedn = reg.getValue( L"basedn"); if (basedn == L"") { if (fp) fprintf( fp, "basedn empty: Please set REG_SZ in HKLM\\%S\\basedn", SCAPKEY); return; } ld.setContext( basedn); stringSet userAttrs; #define SAMBAHOMEPATH L"sambaHomePath" #define HOMEDIRECTORY L"homeDirectory" #define SAMBAHOMEDRIVE L"sambaHomeDrive" #define SAMBAPROFILEPATH L"sambaProfilePath" #define SAMBALOGONSCRIPT L"sambaLogonScript" userAttrs.insert( SAMBAHOMEPATH); userAttrs.insert( HOMEDIRECTORY); userAttrs.insert( SAMBAHOMEDRIVE); userAttrs.insert( SAMBAPROFILEPATH ); userAttrs.insert( SAMBALOGONSCRIPT); userAttrs.insert( L"gidNumber"); stringMap userVals = ld.getAttribsByUserName( userName, userAttrs); if (userVals.size() == 0 || (userVals.find( L"gidNumber") == userVals.end())) { // nothing found if (fp) { fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str()); fflush( fp); fprintf( fp, "isdisabled %d\n", isDisabledUser( userName)); } // if local user exists and is disabled: delete! if (isDisabledUser( userName) == 1) delUser( userName); return; } if (fp) { fprintf( fp, "add user %S\n", userName.c_str()); fflush( fp); } mystring gid = userVals[L"gidNumber"]; if (fp) { fprintf( fp, "primary GID %S\n", gid.c_str()); } // homepath mystring homePath; if (userVals.find( SAMBAHOMEPATH) != userVals.end()) { homePath = userVals[ SAMBAHOMEPATH]; // use first Element } else { if (userVals.find( HOMEDIRECTORY) != userVals.end()) { homePath = userVals[ HOMEDIRECTORY]; } else { homePath = reg.getValue(L"homepath"); } // search and replace with registry keys homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp); } // homedrive mystring homeDrive; if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) { homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element } else { homeDrive = reg.getValue(L"homedrive"); } // profilePath mystring profilePath; if (userVals.find( SAMBAPROFILEPATH) != userVals.end()) { profilePath = userVals[ SAMBAPROFILEPATH]; } else { if (homeDrive != L"") { profilePath= homeDrive + reg.getValue(L"profilepath"); } else { profilePath = homePath + reg.getValue(L"profilepath"); profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp); } } //logonscript mystring logonScript; if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) { logonScript = userVals[ SAMBALOGONSCRIPT]; } else { logonScript = reg.getValue(L"logonscript"); } // add user only if it does not exists before. // Do not clutter Event Log if (-1 == isDisabledUser( userName)) addUser( userName, password, homePath, homeDrive, profilePath, logonScript ); else modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript ); resetAccountExpiry(userName, password, fp); stringSet ldapList = ld.getGroupsByUserName(userName, gid); stringSet ntList = listGroups(userName); stringSet worker; std::list machineadmingroups = reg.getValues(L"machineadmingroups"); for (std::list::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) { if (ldapList.find(*machineadminptr) != ldapList.end()) { ldapList.insert(L"Administrators"); } } worker.clear(); std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin())); // worker is now Groups contained not in ntlist but ldapList -> add to user for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) { if (fp) { fprintf( fp, "add to group %S\n", ptr->c_str()); } addUserToGroup(userName, *ptr); } worker.clear(); std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin())); // worker is now Groups contained not in ntlist but ldapList -> add to user for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) { if (fp) { fprintf( fp, "remove from group %S\n", ptr->c_str()); } delUserFromGroup(userName, *ptr); } if (fp) { fflush(fp); } }