src/WINNT/afsadmsvr/TaAfsAdmSvrUser.cpp

   1 /*
   2  * Copyright 2000, International Business Machines Corporation and others.
   3  * All Rights Reserved.
   4  *
   5  * This software has been released under the terms of the IBM Public
   6  * License.  For details, see the LICENSE file in the top-level source
   7  * directory or online at http://www.openafs.org/dl/license10.html
   8  */
   9
  10 #include <winsock2.h>
  11 #include <ws2tcpip.h>
  12
  13 extern "C" {
  14 #include <afs/param.h>
  15 #include <afs/stds.h>
  16 }
  17
  18 #include "TaAfsAdmSvrInternal.h"
  19
  20
  21 /*
  22  * ROUTINES ___________________________________________________________________
  23  *
  24  */
  25
  26
  27       // AfsAdmSvr_ChangeUser
  28       // ...changes a user account's properties.
  29       //
  30 extern "C" int AfsAdmSvr_ChangeUser (UINT_PTR idClient, ASID idCell, ASID idUser, LPAFSADMSVR_CHANGEUSER_PARAMS pChange, ULONG *pStatus)
  31 {
  32    ASACTION Action;
  33    Action.Action = ACTION_USER_CHANGE;
  34    Action.idClient = idClient;
  35    Action.idCell = idCell;
  36    Action.u.User_Change.idUser = idUser;
  37    size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
  38
  39    Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser (idUser=0x%08lX)"), idClient, idUser);
  40
  41    if (!AfsAdmSvr_fIsValidClient (idClient))
  42       return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
  43
  44    // Find this user's current properties
  45    //
  46    LPASOBJPROP pCurrentProperties;
  47    if ((pCurrentProperties = AfsAdmSvr_GetCurrentProperties (idUser, pStatus)) == NULL)
  48       {
  49       Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; no properties"), idClient);
  50       AfsAdmSvr_EndOperation (iOp);
  51       return FALSE;
  52       }
  53
  54    // Build an AFSCLASS-style USERPROPERTIES structure that reflects the
  55    // new properties for the user; mark the structure's dwMask bit to indicate
  56    // what we're changing.
  57    //
  58    USERPROPERTIES NewProperties;
  59    memset (&NewProperties, 0x00, sizeof(NewProperties));
  60
  61    if ((NewProperties.fAdmin = pChange->fIsAdmin) != pCurrentProperties->u.UserProperties.KASINFO.fIsAdmin)
  62       NewProperties.dwMask |= MASK_USERPROP_fAdmin;
  63    if ((NewProperties.fGrantTickets = pChange->fCanGetTickets) != pCurrentProperties->u.UserProperties.KASINFO.fCanGetTickets)
  64       NewProperties.dwMask |= MASK_USERPROP_fGrantTickets;
  65    if ((NewProperties.fCanEncrypt = pChange->fEncrypt) != pCurrentProperties->u.UserProperties.KASINFO.fEncrypt)
  66       NewProperties.dwMask |= MASK_USERPROP_fCanEncrypt;
  67    if ((NewProperties.fCanChangePassword = pChange->fCanChangePassword) != pCurrentProperties->u.UserProperties.KASINFO.fCanChangePassword)
  68       NewProperties.dwMask |= MASK_USERPROP_fCanChangePassword;
  69    if ((NewProperties.fCanReusePasswords = pChange->fCanReusePasswords) != pCurrentProperties->u.UserProperties.KASINFO.fCanReusePasswords)
  70       NewProperties.dwMask |= MASK_USERPROP_fCanReusePasswords;
  71    if ((NewProperties.cdayPwExpires = pChange->cdayPwExpire) != pCurrentProperties->u.UserProperties.KASINFO.cdayPwExpire)
  72       NewProperties.dwMask |= MASK_USERPROP_cdayPwExpires;
  73    if ((NewProperties.csecTicketLifetime = pChange->csecTicketLifetime) != pCurrentProperties->u.UserProperties.KASINFO.csecTicketLifetime)
  74       NewProperties.dwMask |= MASK_USERPROP_csecTicketLifetime;
  75    if ((NewProperties.nFailureAttempts = pChange->cFailLogin) != pCurrentProperties->u.UserProperties.KASINFO.cFailLogin)
  76       NewProperties.dwMask |= MASK_USERPROP_nFailureAttempts;
  77    if ((NewProperties.csecFailedLoginLockTime = pChange->csecFailLoginLock) != pCurrentProperties->u.UserProperties.KASINFO.csecFailLoginLock)
  78       NewProperties.dwMask |= MASK_USERPROP_csecFailedLoginLockTime;
  79    if ((NewProperties.cGroupCreationQuota = pChange->cgroupCreationQuota) != pCurrentProperties->u.UserProperties.PTSINFO.cgroupCreationQuota)
  80       NewProperties.dwMask |= MASK_USERPROP_cGroupCreationQuota;
  81    if ((NewProperties.aaListStatus = pChange->aaListStatus) != pCurrentProperties->u.UserProperties.PTSINFO.aaListStatus)
  82       NewProperties.dwMask |= MASK_USERPROP_aaListStatus;
  83    if ((NewProperties.aaGroupsOwned = pChange->aaGroupsOwned) != pCurrentProperties->u.UserProperties.PTSINFO.aaGroupsOwned)
  84       NewProperties.dwMask |= MASK_USERPROP_aaGroupsOwned;
  85    if ((NewProperties.aaMembership = pChange->aaMembership) != pCurrentProperties->u.UserProperties.PTSINFO.aaMembership)
  86       NewProperties.dwMask |= MASK_USERPROP_aaMembership;
  87    memcpy (&NewProperties.timeAccountExpires, &pChange->timeExpires, sizeof(SYSTEMTIME));
  88    if (memcmp (&NewProperties.timeAccountExpires, &pCurrentProperties->u.UserProperties.KASINFO.timeExpires, sizeof(SYSTEMTIME)))
  89       NewProperties.dwMask |= MASK_USERPROP_timeAccountExpires;
  90
  91    // If we've decided to change anything, call AfsClass to actually do it
  92    //
  93    if (NewProperties.dwMask == 0)
  94       {
  95       Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded (nothing to do)"), idClient);
  96       }
  97    else
  98       {
  99       ULONG status;
 100       if (!AfsClass_SetUserProperties ((LPIDENT)idUser, &NewProperties, &status))
 101          {
 102          Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; error 0x%08lX"), idClient, status);
 103          return FALSE_(status,pStatus,iOp);
 104          }
 105
 106       Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded"), idClient);
 107       }
 108
 109    AfsAdmSvr_EndOperation (iOp);
 110    return TRUE;
 111 }
 112
 113
 114       // AfsAdmSvr_SetUserPassword
 115       // ...changes the password for the specified user account. Pass a non-empty
 116       //    string in {keyString} to encrypt the specified string; otherwise,
 117       //    pass a valid encryption key in {keyData}.
 118       //
 119 extern "C" int AfsAdmSvr_SetUserPassword (UINT_PTR idClient, ASID idCell, ASID idUser, int keyVersion, STRING keyString, BYTE keyData[ ENCRYPTIONKEYLENGTH ], ULONG *pStatus)
 120 {
 121    BOOL rc = TRUE;
 122    ULONG status = 0;
 123
 124    ASACTION Action;
 125    Action.Action = ACTION_USER_PW_CHANGE;
 126    Action.idClient = idClient;
 127    Action.idCell = idCell;
 128    Action.u.User_Pw_Change.idUser = idUser;
 129    size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
 130
 131    Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword (idUser=0x%08lX)"), idClient, idUser);
 132
 133    if (!AfsAdmSvr_fIsValidClient (idClient))
 134       return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
 135
 136    // Change the user's password
 137    //
 138    if (keyString && keyString[0])
 139       {
 140       rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, keyString, &status);
 141       }
 142    else // (!keyString || !keyString[0])
 143       {
 144       rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, (LPENCRYPTIONKEY)keyData, &status);
 145       }
 146
 147    if (!rc)
 148       return FALSE_(status,pStatus,iOp);
 149
 150    Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword succeeded"), idClient);
 151    AfsAdmSvr_EndOperation (iOp);
 152    return TRUE;
 153 }
 154
 155
 156       // AfsAdmSvr_UnlockUser
 157       // ...unlocks a user's account
 158       //
 159 extern "C" int AfsAdmSvr_UnlockUser (UINT_PTR idClient, ASID idCell, ASID idUser, ULONG *pStatus)
 160 {
 161    ASACTION Action;
 162    Action.Action = ACTION_USER_UNLOCK;
 163    Action.idClient = idClient;
 164    Action.idCell = idCell;
 165    Action.u.User_Unlock.idUser = idUser;
 166    size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
 167
 168    Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser (idUser=0x%08lX)"), idClient, idUser);
 169
 170    if (!AfsAdmSvr_fIsValidClient (idClient))
 171       return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
 172
 173    // Unlock the user's account
 174    //
 175    ULONG status;
 176    if (!AfsClass_UnlockUser ((LPIDENT)idUser, &status))
 177       return FALSE_(status,pStatus,iOp);
 178
 179    Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser succeeded"), idClient);
 180    AfsAdmSvr_EndOperation (iOp);
 181    return TRUE;
 182 }
 183
 184
 185       // AfsAdmSvr_CreateUser
 186       // ...creates a new user account
 187       //
 188 extern "C" int AfsAdmSvr_CreateUser (UINT_PTR idClient, ASID idCell, LPAFSADMSVR_CREATEUSER_PARAMS pCreate, ASID *pidUser, ULONG *pStatus)
 189 {
 190    ASACTION Action;
 191    Action.Action = ACTION_USER_CREATE;
 192    Action.idClient = idClient;
 193    Action.idCell = idCell;
 194    lstrcpy (Action.u.User_Create.szUser, pCreate->szName);
 195    lstrcpy (Action.u.User_Create.szInstance, pCreate->szInstance);
 196    size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
 197
 198    Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser (szUser=%s)"), idClient, pCreate->szName);
 199
 200    if (!AfsAdmSvr_fIsValidClient (idClient))
 201       return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
 202
 203    // Create the user account
 204    //
 205    ULONG status;
 206    LPIDENT lpiUser;
 207    if ((lpiUser = AfsClass_CreateUser ((LPIDENT)idCell, pCreate->szName, pCreate->szInstance, pCreate->szPassword, pCreate->idUser, pCreate->fCreateKAS, pCreate->fCreatePTS, &status)) == NULL)
 208       {
 209       Print (dlERROR, TEXT("Client 0x%08lX: CreateUser failed; error 0x%08lX"), idClient, status);
 210       return FALSE_(status,pStatus,iOp);
 211       }
 212
 213    if (pidUser)
 214       *pidUser = (ASID)lpiUser;
 215
 216    // Creating a user account may change the max user ID
 217    AfsAdmSvr_TestProperties (idCell);
 218
 219    Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser succeeded"), idClient);
 220    AfsAdmSvr_EndOperation (iOp);
 221    return TRUE;
 222 }
 223
 224
 225       // AfsAdmSvr_DeleteUser
 226       // ...deletes a user's account
 227       //
 228 extern "C" int AfsAdmSvr_DeleteUser (UINT_PTR idClient, ASID idCell, ASID idUser, LPAFSADMSVR_DELETEUSER_PARAMS pDelete, ULONG *pStatus)
 229 {
 230    ASACTION Action;
 231    Action.Action = ACTION_USER_DELETE;
 232    Action.idClient = idClient;
 233    Action.idCell = idCell;
 234    Action.u.User_Delete.idUser = idUser;
 235    size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
 236
 237    Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser (idUser=0x%08lX)"), idClient, idUser);
 238
 239    if (!AfsAdmSvr_fIsValidClient (idClient))
 240       return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
 241
 242    // Delete the user's accounts
 243    //
 244    ULONG status;
 245    if (!AfsClass_DeleteUser ((LPIDENT)idUser, pDelete->fDeleteKAS, pDelete->fDeletePTS, &status))
 246       {
 247       Print (dlERROR, TEXT("Client 0x%08lX: DeleteUser failed; error 0x%08lX"), idClient, status);
 248       return FALSE_(status,pStatus,iOp);
 249       }
 250
 251    Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser succeeded"), idClient);
 252    AfsAdmSvr_EndOperation (iOp);
 253    return TRUE;
 254 }
 255