/**
* Actions validate methods.
*/
DWORD ValidateAdtLookupObjectAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
PSTR cell = NULL;
dwError = OpenADSearchConnectionDN(action, &(action->lookupObject.dn));
ADT_BAIL_ON_ERROR_NP(dwError);
SwitchToSearchConnection(action);
if (!action->lookupObject.dn) {
dwError = ADT_ERR_ARG_MISSING_DN;
ADT_BAIL_ON_ERROR_NP(dwError);
}
if (!action->lookupObject.attr) {
action->lookupObject.isAll = 1;
}
dwError = ProcessDash(&(action->lookupObject.dn));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = ResolveDN(appContext, ObjectClassAny, action->lookupObject.dn, &cell);
ADT_BAIL_ON_ERROR_NP(dwError);
LW_SAFE_FREE_MEMORY(action->lookupObject.dn);
action->lookupObject.dn = cell;
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Delete a member from a local domain group.
*
* @param appContext Application context reference.
* @param aliasNameC Group name.
* @param memberNameC Member name.
* @return 0 on success; error code on failure.
*/
DWORD AdtNetLocalGroupDeleteMember(
IN AppContextTP appContext,
IN PSTR aliasNameC,
IN PSTR memberNameC
)
{
DWORD dwError = ERROR_SUCCESS;
LOCALGROUP_MEMBERS_INFO_3 memberinfo = {0};
PWSTR hostName = NULL;
PWSTR aliasName = NULL;
PWSTR memberName = NULL;
PSTR memberNameN = NULL;
dwError = NormalizeUserName(memberNameC, appContext->workConn->domainName, &memberNameN);
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) aliasNameC, &aliasName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) memberNameN, &memberName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
memberinfo.lgrmi3_domainandname = memberName;
PrintStderr(appContext, LogLevelTrace, "%s: Deleting member %s from group %s ...\n",
appContext->actionName, memberNameN, aliasNameC);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetLocalGroupDelMembers(hostName, aliasName, 3, &memberinfo, 1);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done deleting member %s from group %s ...\n",
appContext->actionName, memberNameN, aliasNameC);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(aliasName);
LW_SAFE_FREE_MEMORY(memberName);
LW_SAFE_FREE_MEMORY(memberNameN);
return dwError;
error:
goto cleanup;
}
/**
* Add AD user with default properties.
*
* @param appContext Application context reference.
* @param userNameC User name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserAdd(
IN AppContextTP appContext,
IN PSTR userNameC
)
{
DWORD dwError = ERROR_SUCCESS;
USER_INFO_0 Info = { 0 };
DWORD parmError = 0;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PSTR userNameN = NULL;
dwError = NormalizeUserName(userNameC, appContext->workConn->domainName, &userNameN);
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
Info.usri0_name = userName;
PrintStderr(appContext, LogLevelTrace, "%s: Adding user %s ...\n",
appContext->actionName, userNameN);
/* Perform the add operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetUserAdd((PCWSTR) hostName, 0, (PVOID) &Info, &parmError);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done adding user %s\n",
appContext->actionName, userNameN);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
/**
* Actions execute method.
*/
DWORD ExecuteAdtDeleteObjectAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
PrintStderr(appContext, LogLevelVerbose, "%s: Calling delete object operation ...\n",
appContext->actionName);
dwError = DeleteADObject(appContext, action->deleteObject.dn, action->deleteObject.isDeleteMembers);
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext, LogLevelVerbose, "%s: Calling delete object operation - done\n",
appContext->actionName);
if(appContext->gopts.isPrintDN) {
PrintResult(appContext, LogLevelNone, "%s\n", action->deleteObject.dn);
}
else {
PrintResult(appContext, LogLevelNone, "Object %s has been deleted.\n", action->deleteObject.dn);
}
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Delete AD user.
*
* @param appContext Application context reference.
* @param userNameC User name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserDelete(
IN AppContextTP appContext,
IN PSTR userNameC
)
{
DWORD dwError = ERROR_SUCCESS;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PSTR userNameN = NULL;
dwError = NormalizeUserName(userNameC, appContext->workConn->domainName, &userNameN);
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
PrintStderr(appContext, LogLevelTrace, "%s: Deleting user %s ...\n",
appContext->actionName, userNameN);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetUserDel((PCWSTR) hostName, (PCWSTR) userName);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done deleting user %s\n",
appContext->actionName, userNameN);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
/**
* Action validate method.
*/
DWORD ValidateAdtResetUserPasswordAction(IN AdtActionTP action)
{
DWORD dwError = 0;
if(action->newUser.isNoCanChangePasswd) {
action->newUser.isNoMustChangePasswd = 1;
}
if(action->newUser.isNoPasswdExpires) {
action->newUser.isNoMustChangePasswd = 1;
}
if (!action->resetUserPassword.name) {
dwError = ADT_ERR_ARG_MISSING_PASSWD;
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = ProcessDash(&(action->resetUserPassword.name));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = OpenADSearchConnectionDomain(action, &(action->resetUserPassword.name));
ADT_BAIL_ON_ERROR_NP(dwError);
SwitchToSearchConnection(action);
/*
if (!action->resetUserPassword.password) {
dwError = ADT_ERR_ARG_MISSING_PASSWD;
ADT_BAIL_ON_ERROR_NP(dwError);
}
*/
if (action->resetUserPassword.password) {
dwError = ProcessADUserPassword(&(action->resetUserPassword.name));
ADT_BAIL_ON_ERROR_NP(dwError);
}
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Set user account controls.
*
* @param appContext Application context reference.
* @param userNameC User name.
* @param flags Account controls.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserSetInfoFlags(
IN AppContextTP appContext,
IN PSTR userNameC,
IN DWORD flags
)
{
DWORD dwError = ERROR_SUCCESS;
DWORD parmErr = 0;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PSTR userNameN = NULL;
USER_INFO_1008 info1008;
userNameN = GetNameComp(userNameC);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
PrintStderr(appContext, LogLevelTrace, "%s: Changing control flags of user %s ...\n",
appContext->actionName, userNameN);
/* Perform the modify operation. */
if (!appContext->gopts.isReadOnly) {
info1008.usri1008_flags = flags;
dwError = NetUserSetInfo(hostName,
userName,
1008,
(PVOID) &info1008,
&parmErr);
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
}
PrintStderr(appContext, LogLevelTrace, "%s: Done changing control flags of user %s\n",
appContext->actionName, userNameN);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
DWORD ValidateAdtDisableUserAction(IN AdtActionTP action)
{
DWORD dwError = 0;
if (!action->disableUser.name) {
dwError = ADT_ERR_ARG_MISSING_NAME;
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = ProcessDash(&(action->disableUser.name));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = OpenADSearchConnectionDomain(action, &(action->disableUser.name));
ADT_BAIL_ON_ERROR_NP(dwError);
SwitchToSearchConnection(action);
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Get AD user account properties.
*
* @param appContext Application context reference.
* @param userNameC User name.
* @param level Info level.
* @param info Account information returned.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserGetInfo4(
IN AppContextTP appContext,
IN PSTR userNameC,
OUT PUSER_INFO_4 *info
)
{
DWORD dwError = ERROR_SUCCESS;
PVOID pBuffer = NULL;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PSTR userNameN = NULL;
userNameN = GetNameComp(userNameC);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
PrintStderr(appContext, LogLevelTrace, "%s: Reading properties of user %s ...\n",
appContext->actionName, userNameN);
PrintStderr(appContext, LogLevelTrace, "%s: Calling NetUserGetInfo(%s, %s, %d, %s)\n",
appContext->actionName, appContext->workConn->serverName, userNameN, 4, "&pBuffer");
dwError = NetUserGetInfo(hostName, userName, 4, &pBuffer);
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done reading properties of user %s\n",
appContext->actionName, userNameN);
*info = (PUSER_INFO_4) pBuffer;
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
/**
* Add AD local group with default properties.
*
* @param appContext Application context reference.
* @param aliasNameC Group name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetGroupAdd(
IN AppContextTP appContext,
IN PSTR aliasNameC
)
{
DWORD dwError = ERROR_SUCCESS;
LOCALGROUP_INFO_0 Info = { 0 };
DWORD parmError = 0;
PWSTR hostName = NULL;
PWSTR aliasName = NULL;
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) aliasNameC, &aliasName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
Info.lgrpi0_name = aliasName;
PrintStderr(appContext, LogLevelTrace, "%s: Adding group %s ...\n",
appContext->actionName, aliasNameC);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetLocalGroupAdd((PCWSTR) hostName, 0, (PVOID) &Info, &parmError);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done adding group %s\n",
appContext->actionName, aliasNameC);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(aliasName);
return dwError;
error:
goto cleanup;
}
/**
* Generate UID from SID.
*
* @param s SID bytes.
* @param out UID (dynamically allocated).
* @return 0 on success; error code on failure.
*/
DWORD Sid2Id(IN PVOID s, OUT PDWORD out)
{
DWORD dwError = 0;
size_t size = 0;
SidTP sid = (SidTP) s;
PDWORD subs = NULL;
*out = 0;
if (sid->Revision != 1)
{
dwError = ADT_ERR_INVALID_SID;
ADT_BAIL_ON_ERROR_NP(dwError);
}
size = sid->SubAuthorityCount * sizeof(DWORD);
dwError = LwAllocateMemory(size, OUT_PPVOID(&subs));
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
memcpy((PVOID)subs, (PVOID) sid->SubAuthority, size);
#if defined(WORDS_BIGENDIAN)
INT i;
for (i = 0; i < sid->SubAuthorityCount; i++)
{
subs[i] = LW_ENDIAN_SWAP32(subs[i]);
}
#endif
LwUidHashCalc(subs, sid->SubAuthorityCount, out);
cleanup:
LW_SAFE_FREE_MEMORY(subs);
return dwError;
error:
goto cleanup;
}
/**
* Actions execute method.
*/
DWORD ExecuteAdtMoveObjectAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
PrintStderr(appContext, LogLevelVerbose, "%s: Moving AD object %s to %s,%s ...\n",
appContext->actionName, action->moveObject.from,
appContext->oName, action->moveObject.to);
dwError = MoveADObject(appContext, action->moveObject.from, appContext->oName, action->moveObject.to);
if(dwError && IsMultiForestMode(action)) {
SwitchConnection(action);
dwError = MoveADObject(appContext, action->moveObject.from, appContext->oName, action->moveObject.to);
}
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext, LogLevelVerbose, "%s: Done moving AD object\n",
appContext->actionName);
if(appContext->gopts.isPrintDN) {
PrintResult(appContext, LogLevelNone, "%s,%s\n", appContext->oName, action->moveObject.to);
goto cleanup;
}
if(!appContext->gopts.isPrintDN) {
if(!appContext->gopts.isQuiet) {
PrintResult(appContext, LogLevelNone, "New DN: %s,%s", appContext->oName, action->moveObject.to);
}
}
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Action execute method.
*/
DWORD ExecuteAdtResetUserPasswordAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
INT i = 0;
INT j = 0;
PUSER_INFO_4 info = NULL;
AttrValsT *avp = NULL;
AttrValsT *avpTime = NULL;
dwError = LocateADUser(appContext, &(action->resetUserPassword.name));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwAllocateMemory(2 * sizeof(AttrValsT), OUT_PPVOID(&avp));
ADT_BAIL_ON_ALLOC_FAILURE(!dwError);
avp[0].attr = "samAccountName";
dwError = GetObjectAttrs(appContext, action->resetUserPassword.name, avp);
ADT_BAIL_ON_ERROR_NP(dwError);
if(!avp[0].vals || !avp[0].vals[0]) {
dwError = ADT_ERR_FAILED_AD_GET_ATTR;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext,
LogLevelVerbose,
"%s: Reading password properties of user %s ...\n",
appContext->actionName,
avp[0].vals[0]);
dwError = AdtNetUserGetInfo4(appContext, avp[0].vals[0], &info);
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext,
LogLevelVerbose,
"%s: Done reading password properties.\n",
appContext->actionName);
PrintStderr(appContext,
LogLevelVerbose,
"%s: Changing password properties of user %s ...\n",
appContext->actionName,
avp[0].vals[0]);
if (action->resetUserPassword.password) {
dwError = AdtNetUserSetPassword(appContext,
avp[0].vals[0],
action->resetUserPassword.password);
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = LwAllocateMemory(2 * sizeof(AttrValsT), OUT_PPVOID(&avpTime));
ADT_BAIL_ON_ALLOC_FAILURE(!dwError);
dwError = LwAllocateMemory(2 * sizeof(PSTR), OUT_PPVOID(&(avpTime[0].vals)));
ADT_BAIL_ON_ALLOC_FAILURE(!dwError);
avpTime[0].attr = "pwdLastSet";
if(action->resetUserPassword.isNoMustChangePasswd) {
avpTime[0].vals[0] = "-1";
}
else {
avpTime[0].vals[0] = "0";
}
dwError = ModifyADObject(appContext, action->resetUserPassword.name, avpTime, 2);
ADT_BAIL_ON_ERROR_NP(dwError);
if(action->resetUserPassword.isNoCanChangePasswd) {
info->usri4_flags |= UF_PASSWD_CANT_CHANGE;
}
if (action->resetUserPassword.isNoPasswdExpires) {
info->usri4_flags |= UF_DONT_EXPIRE_PASSWD;
}
else {
info->usri4_flags &= ~UF_DONT_EXPIRE_PASSWD;
}
info->usri4_flags &= ~UF_PASSWD_NOTREQD;
dwError = AdtNetUserSetInfoFlags(appContext,
avp[0].vals[0],
info->usri4_flags);
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext,
LogLevelVerbose,
"%s: Done changing password properties.\n",
appContext->actionName);
if(appContext->gopts.isPrintDN) {
if(!appContext->gopts.isQuiet) {
PrintResult(appContext, LogLevelNone, "%s\n", action->resetUserPassword.name);
}
}
else {
if (!appContext->gopts.isQuiet) {
PrintResult(appContext,
LogLevelNone,
"Password properties have been changed for user %s\n",
avp[0].vals[0]);
}
}
cleanup:
if (avpTime) {
for (i = 0; avpTime[i].vals; ++i) {
LW_SAFE_FREE_MEMORY(avpTime[i].vals);
}
LW_SAFE_FREE_MEMORY(avpTime);
}
if (avp) {
for (i = 0; avp[i].vals; ++i) {
for (j = 0; avp[i].vals[j]; ++j) {
LW_SAFE_FREE_MEMORY(avp[i].vals[j]);
}
LW_SAFE_FREE_MEMORY(avp[i].vals);
}
LW_SAFE_FREE_MEMORY(avp);
}
LW_SAFE_FREE_MEMORY(info);
return dwError;
error:
goto cleanup;
}
/**
* Actions execute method.
*/
DWORD ExecuteAdtLookupObjectAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
INT i, j;
AttrValsT *avp = NULL;
if(appContext->gopts.isPrintDN) {
PrintResult(appContext, LogLevelNone, "%s\n", action->lookupObject.dn);
goto cleanup;
}
PrintStderr(appContext, LogLevelVerbose, "%s: Looking up object attributes ...\n",
appContext->actionName);
if(action->lookupObject.attr) {
dwError = LwAllocateMemory(2 * sizeof(AttrValsT), OUT_PPVOID(&avp));
ADT_BAIL_ON_ALLOC_FAILURE(!dwError);
dwError = LwStrDupOrNull((PCSTR) action->lookupObject.attr, &(avp[0].attr));
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = GetObjectAttrs(appContext, action->lookupObject.dn, avp);
ADT_BAIL_ON_ERROR_NP(dwError);
}
else {
dwError = GetAllObjectAttrs(appContext, action->lookupObject.dn, &avp);
ADT_BAIL_ON_ERROR_NP(dwError);
}
if (!appContext->gopts.isQuiet) {
if (action->lookupObject.attr) {
for (j = 0; avp && avp[0].vals && avp[0].vals[j]; ++j) {
PrintResult(appContext, LogLevelNone, "%s\n",
(PSTR) avp[0].vals[j]);
}
}
else {
for (i = 0; avp && avp[i].attr; ++i) {
PrintResult(appContext, LogLevelNone, "%s: ",
(PSTR) avp[i].attr);
for (j = 0; avp[i].vals && avp[i].vals[j]; ++j) {
PrintResult(appContext, LogLevelNone, j ? ";%s" : "%s",
(PSTR) avp[i].vals[j]);
}
PrintResult(appContext, LogLevelNone, "\n");
}
}
}
PrintStderr(appContext, LogLevelVerbose, "%s: Looking up object attributes - done\n",
appContext->actionName);
cleanup:
if (avp) {
for (i = 0; avp[i].attr; ++i) {
LW_SAFE_FREE_MEMORY(avp[i].attr);
if(avp[i].vals) {
for (j = 0; avp[i].vals[j]; ++j) {
LW_SAFE_FREE_MEMORY(avp[i].vals[j]);
}
LW_SAFE_FREE_MEMORY(avp[i].vals);
}
}
LW_SAFE_FREE_MEMORY(avp);
}
return dwError;
error:
goto cleanup;
}
/**
* Get domain from DN. E.g. if passed OU=Users,DC=corpqa,DC=centeris,DC=com,
* it will return corpqa.centeris.com.
*
* @param dn Distinguished name.
* @param domain Domain
* @return 0 on success; error code on failure.
*/
DWORD GetDomainFromDN(IN PSTR dn, OUT PSTR *domain)
{
DWORD dwError = 0;
PSTR buf = NULL;
PSTR bufp = 0;
PSTR dcp = NULL;
PSTR commap = NULL;
PSTR ndn = NULL;
int len = 0;
dwError = LwStrDupOrNull(dn, &ndn);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
LwStrToLower(ndn);
dwError = LwAllocateMemory(sizeof(CHAR) * (strlen(ndn) + 1), OUT_PPVOID(&buf));
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
bufp = buf;
commap = ndn;
dcp = ndn;
while(dcp && (dcp = strstr((PCSTR) dcp, "dc="))) {
if(!dcp) {
break;
}
dcp += 3;
if(*dcp == '\0') {
break;
}
commap = strstr((PCSTR) dcp, ",");
if(commap == NULL) {
len = strlen(dcp);
}
else {
len = commap - dcp;
}
if(bufp != buf) {
strcpy(bufp, ".");
++bufp;
}
strncpy(bufp, (PCSTR) dcp, len);
bufp += len;
dcp += len;
}
if(bufp == buf) {
dwError = ADT_ERR_INVALID_ARG;
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = LwStrDupOrNull(buf, domain);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
cleanup:
LW_SAFE_FREE_MEMORY(buf);
LW_SAFE_FREE_MEMORY(ndn);
return dwError;
error:
goto cleanup;
}
/**
* Actions validate methods.
*/
DWORD ValidateAdtMoveObjectAction(IN AdtActionTP action)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
PSTR dn = NULL;
dwError = OpenADSearchConnectionDN(action, &(action->moveObject.from));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = OpenADSearchConnectionDN(action, &(action->moveObject.to));
ADT_BAIL_ON_ERROR_NP(dwError);
SwitchToSearchConnection(action);
if (!action->moveObject.from) {
dwError = ADT_ERR_ARG_MISSING_FROM;
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = ProcessDash(&(action->moveObject.from));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = ResolveDN(appContext, ObjectClassAny, action->moveObject.from, &dn);
if(dwError && IsMultiForestMode(action)) {
SwitchConnection(action);
dwError = ResolveDN(appContext, ObjectClassAny, action->moveObject.from, &dn);
}
ADT_BAIL_ON_ERROR_NP(dwError);
LW_SAFE_FREE_MEMORY(action->moveObject.from);
action->moveObject.from = dn;
if (!action->moveObject.to) {
dwError = ADT_ERR_ARG_MISSING_FROM;
ADT_BAIL_ON_ERROR_NP(dwError);
}
dwError = ProcessDash(&(action->moveObject.to));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = GetRDN(action->moveObject.to, &(appContext->oName));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = GetParentDN(action->moveObject.to, &dn);
ADT_BAIL_ON_ERROR_NP(dwError);
LW_SAFE_FREE_MEMORY(action->moveObject.to);
action->moveObject.to = dn;
dwError = ResolveDN(appContext, ObjectClassAny, action->moveObject.to, &dn);
if(dwError && IsMultiForestMode(action)) {
SwitchConnection(action);
dwError = ResolveDN(appContext, ObjectClassAny, action->moveObject.to, &dn);
}
ADT_BAIL_ON_ERROR_NP(dwError);
LW_SAFE_FREE_MEMORY(action->moveObject.to);
action->moveObject.to = dn;
cleanup:
return dwError;
error:
goto cleanup;
}
/**
* Modify AD user account.
*
* @param appContext Application context reference.
* @param info User information.
* @param userNameC User name.
* @param password Password; must be NULL if we do not want to change it.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserSetInfo4(
IN AppContextTP appContext,
IN PUSER_INFO_4 info,
IN PSTR userNameC,
IN PSTR passwordC
)
{
DWORD dwError = ERROR_SUCCESS;
DWORD parmErr = 0;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PWSTR password = NULL;
PSTR userNameN = NULL;
userNameN = GetNameComp(userNameC);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
if (passwordC) {
dwError = LwMbsToWc16s((PCSTR) passwordC, &password);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
LW_SAFE_FREE_MEMORY(info->usri4_password);
info->usri4_password = password;
password = NULL;
}
else {
info->usri4_password = NULL;
}
PrintStderr(appContext, LogLevelTrace, "%s: Changing properties of user %s ...\n",
appContext->actionName, userNameN);
/* Perform the modify operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetUserSetInfo(hostName, userName, 4, (PVOID) &info, &parmErr);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done changing properties of user %s\n",
appContext->actionName, userNameN);
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(password);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
/**
* Enable/disable user account.
* @param action Action reference.
* @param isEnable Enable user if TRUE; disable otherwise.
*/
static DWORD ExecuteAdtEnableDisableUser(IN AdtActionTP action, IN BOOL isEnabled)
{
DWORD dwError = 0;
AppContextTP appContext = (AppContextTP) ((AdtActionBaseTP) action)->opaque;
INT i = 0;
INT j = 0;
PUSER_INFO_4 info = NULL;
AttrValsT *avp = NULL;
dwError = LocateADUser(appContext, &(action->disableUser.name));
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwAllocateMemory(2 * sizeof(AttrValsT), OUT_PPVOID(&avp));
ADT_BAIL_ON_ALLOC_FAILURE(!dwError);
avp[0].attr = "samAccountName";
dwError = GetObjectAttrs(appContext, action->disableUser.name, avp);
ADT_BAIL_ON_ERROR_NP(dwError);
if(!avp[0].vals || !avp[0].vals[0]) {
dwError = ADT_ERR_FAILED_AD_GET_ATTR;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext,
LogLevelVerbose,
"%s: Reading account properties of user %s ...\n",
appContext->actionName,
avp[0].vals[0]);
dwError = AdtNetUserGetInfo4(appContext, avp[0].vals[0], &info);
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext,
LogLevelVerbose,
"%s: Done reading account properties.\n",
appContext->actionName);
if(isEnabled) {
info->usri4_flags &= ~UF_ACCOUNTDISABLE;
}
else {
info->usri4_flags |= UF_ACCOUNTDISABLE;
}
PrintStderr(appContext,
LogLevelVerbose,
"%s: Changing account properties of user %s ...\n",
appContext->actionName,
avp[0].vals[0]);
dwError = AdtNetUserSetInfoFlags(appContext,
avp[0].vals[0],
info->usri4_flags);
ADT_BAIL_ON_ERROR_NP(dwError);
PrintStderr(appContext,
LogLevelVerbose,
"%s: Done changing account properties.\n",
appContext->actionName);
if(appContext->gopts.isPrintDN) {
if(!appContext->gopts.isQuiet) {
PrintResult(appContext, LogLevelNone, "%s\n", action->disableUser.name);
}
}
else {
if (!appContext->gopts.isQuiet) {
PrintResult(appContext,
LogLevelNone,
"Account of user %s has been %s\n",
avp[0].vals[0], isEnabled ? "enabled" : "disabled");
}
}
cleanup:
if (avp) {
for (i = 0; avp[i].vals; ++i) {
for (j = 0; avp[i].vals[j]; ++j) {
LW_SAFE_FREE_MEMORY(avp[i].vals[j]);
}
LW_SAFE_FREE_MEMORY(avp[i].vals);
}
LW_SAFE_FREE_MEMORY(avp);
}
LW_SAFE_FREE_MEMORY(info);
return dwError;
error:
goto cleanup;
}
/**
* Modify AD user account.
*
* @param appContext Application context reference.
* @param level Info level.
* @param userNameC User name.
* @param fullNameC Full user name.
* @param commentC Comments.
* @param homeDirC User's home directory
* @param scriptPathC Full path to executable logon script
* @param passwordC Password
* @param flags Account controls
* @param isRenamed Will be set to true is the accont has been renamed.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserSetInfoFromParams(
IN AppContextTP appContext,
IN DWORD level,
IN PSTR userNameC,
IN PSTR changedUserNameC,
IN PSTR fullNameC,
IN PSTR commentC,
IN PSTR homeDirC,
IN PSTR scriptPathC,
IN PSTR passwordC,
IN DWORD flags,
IN PBOOL isRenamed
)
{
DWORD dwError = ERROR_SUCCESS;
PVOID pBuffer = NULL;
USER_INFO_0 Info0 = {0};
USER_INFO_1 Info1 = {0};
USER_INFO_2 Info2 = {0};
USER_INFO_3 Info3 = {0};
USER_INFO_4 Info4 = {0};
USER_INFO_1003 Info1003 = {0};
USER_INFO_1007 Info1007 = {0};
USER_INFO_1008 Info1008 = {0};
USER_INFO_1011 Info1011 = {0};
DWORD parmErr = 0;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PWSTR changedUserName = NULL;
PWSTR fullName = NULL;
PWSTR comment = NULL;
PWSTR homeDir = NULL;
PWSTR scriptPath = NULL;
PWSTR password = NULL;
PSTR userNameN = NULL;
userNameN = GetNameComp(userNameC);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverAddress), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
if(changedUserNameC) {
dwError = LwMbsToWc16s((PCSTR) changedUserNameC, &changedUserName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
if (fullNameC) {
dwError = LwMbsToWc16s((PCSTR) fullNameC, &fullName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
if (commentC) {
dwError = LwMbsToWc16s((PCSTR) commentC, &comment);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
if (homeDirC) {
dwError = LwMbsToWc16s((PCSTR) homeDirC, &homeDir);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
if (scriptPathC) {
dwError = LwMbsToWc16s((PCSTR) scriptPathC, &scriptPath);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
if (passwordC) {
dwError = LwMbsToWc16s((PCSTR) passwordC, &password);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
}
switch (level)
{
case 0:
Info0.usri0_name = changedUserName;
pBuffer = (PVOID)&Info0;
break;
case 1:
Info1.usri1_name = userName;
Info1.usri1_password = password;
Info1.usri1_priv = USER_PRIV_USER;
Info1.usri1_home_dir = homeDir;
Info1.usri1_comment = comment;
Info1.usri1_flags = flags;
Info1.usri1_script_path = scriptPath;
pBuffer = (PVOID)&Info1;
break;
case 2:
Info2.usri2_name = userName;
Info2.usri2_password = password;
Info2.usri2_priv = USER_PRIV_USER;
Info2.usri2_home_dir = homeDir;
Info2.usri2_comment = comment;
Info2.usri2_flags = flags;
Info2.usri2_script_path = scriptPath;
pBuffer = (PVOID)&Info2;
break;
case 3:
Info3.usri3_name = userName;
Info3.usri3_password = password;
Info3.usri3_priv = USER_PRIV_USER;
Info3.usri3_home_dir = homeDir;
Info3.usri3_comment = comment;
Info3.usri3_flags = flags;
Info3.usri3_script_path = scriptPath;
pBuffer = (PVOID)&Info3;
break;
case 4:
Info4.usri4_name = userName;
Info4.usri4_password = password;
Info4.usri4_priv = USER_PRIV_USER;
Info4.usri4_home_dir = homeDir;
Info4.usri4_comment = comment;
Info4.usri4_flags = flags;
Info4.usri4_script_path = scriptPath;
pBuffer = (PVOID)&Info4;
break;
case 1003:
Info1003.usri1003_password = password;
pBuffer = (PVOID)&Info1003;
break;
case 1007:
Info1007.usri1007_comment = comment;
pBuffer = (PVOID)&Info1007;
break;
case 1008:
Info1008.usri1008_flags = flags;
pBuffer = (PVOID)&Info1008;
break;
case 1011:
Info1011.usri1011_full_name = fullName;
pBuffer = (PVOID)&Info1011;
break;
}
PrintStderr(appContext, LogLevelTrace, "%s: Changing properties of user %s ...\n",
appContext->actionName, userNameN);
/* Perform the modify operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetUserSetInfo(hostName, userName, level, pBuffer, &parmErr);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done changing properties of user %s\n",
appContext->actionName, userNameN);
if (level == 0 && isRenamed) {
*isRenamed = TRUE;
}
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(changedUserName);
LW_SAFE_FREE_MEMORY(fullName);
LW_SAFE_FREE_MEMORY(comment);
LW_SAFE_FREE_MEMORY(homeDir);
LW_SAFE_FREE_MEMORY(scriptPath);
LW_SAFE_FREE_MEMORY(password);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
