2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
14 #include <afsconfig.h>
15 #include <afs/param.h>
20 #include "TaAfsAdmSvrInternal.h"
24 * ROUTINES ___________________________________________________________________
29 // AfsAdmSvr_ChangeUser
30 // ...changes a user account's properties.
32 extern "C" int AfsAdmSvr_ChangeUser (UINT_PTR idClient, ASID idCell, ASID idUser, LPAFSADMSVR_CHANGEUSER_PARAMS pChange, ULONG *pStatus)
35 Action.Action = ACTION_USER_CHANGE;
36 Action.idClient = idClient;
37 Action.idCell = idCell;
38 Action.u.User_Change.idUser = idUser;
39 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
41 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser (idUser=0x%08lX)"), idClient, idUser);
43 if (!AfsAdmSvr_fIsValidClient (idClient))
44 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
46 // Find this user's current properties
48 LPASOBJPROP pCurrentProperties;
49 if ((pCurrentProperties = AfsAdmSvr_GetCurrentProperties (idUser, pStatus)) == NULL)
51 Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; no properties"), idClient);
52 AfsAdmSvr_EndOperation (iOp);
56 // Build an AFSCLASS-style USERPROPERTIES structure that reflects the
57 // new properties for the user; mark the structure's dwMask bit to indicate
58 // what we're changing.
60 USERPROPERTIES NewProperties;
61 memset (&NewProperties, 0x00, sizeof(NewProperties));
63 if ((NewProperties.fAdmin = pChange->fIsAdmin) != pCurrentProperties->u.UserProperties.KASINFO.fIsAdmin)
64 NewProperties.dwMask |= MASK_USERPROP_fAdmin;
65 if ((NewProperties.fGrantTickets = pChange->fCanGetTickets) != pCurrentProperties->u.UserProperties.KASINFO.fCanGetTickets)
66 NewProperties.dwMask |= MASK_USERPROP_fGrantTickets;
67 if ((NewProperties.fCanEncrypt = pChange->fEncrypt) != pCurrentProperties->u.UserProperties.KASINFO.fEncrypt)
68 NewProperties.dwMask |= MASK_USERPROP_fCanEncrypt;
69 if ((NewProperties.fCanChangePassword = pChange->fCanChangePassword) != pCurrentProperties->u.UserProperties.KASINFO.fCanChangePassword)
70 NewProperties.dwMask |= MASK_USERPROP_fCanChangePassword;
71 if ((NewProperties.fCanReusePasswords = pChange->fCanReusePasswords) != pCurrentProperties->u.UserProperties.KASINFO.fCanReusePasswords)
72 NewProperties.dwMask |= MASK_USERPROP_fCanReusePasswords;
73 if ((NewProperties.cdayPwExpires = pChange->cdayPwExpire) != pCurrentProperties->u.UserProperties.KASINFO.cdayPwExpire)
74 NewProperties.dwMask |= MASK_USERPROP_cdayPwExpires;
75 if ((NewProperties.csecTicketLifetime = pChange->csecTicketLifetime) != pCurrentProperties->u.UserProperties.KASINFO.csecTicketLifetime)
76 NewProperties.dwMask |= MASK_USERPROP_csecTicketLifetime;
77 if ((NewProperties.nFailureAttempts = pChange->cFailLogin) != pCurrentProperties->u.UserProperties.KASINFO.cFailLogin)
78 NewProperties.dwMask |= MASK_USERPROP_nFailureAttempts;
79 if ((NewProperties.csecFailedLoginLockTime = pChange->csecFailLoginLock) != pCurrentProperties->u.UserProperties.KASINFO.csecFailLoginLock)
80 NewProperties.dwMask |= MASK_USERPROP_csecFailedLoginLockTime;
81 if ((NewProperties.cGroupCreationQuota = pChange->cgroupCreationQuota) != pCurrentProperties->u.UserProperties.PTSINFO.cgroupCreationQuota)
82 NewProperties.dwMask |= MASK_USERPROP_cGroupCreationQuota;
83 if ((NewProperties.aaListStatus = pChange->aaListStatus) != pCurrentProperties->u.UserProperties.PTSINFO.aaListStatus)
84 NewProperties.dwMask |= MASK_USERPROP_aaListStatus;
85 if ((NewProperties.aaGroupsOwned = pChange->aaGroupsOwned) != pCurrentProperties->u.UserProperties.PTSINFO.aaGroupsOwned)
86 NewProperties.dwMask |= MASK_USERPROP_aaGroupsOwned;
87 if ((NewProperties.aaMembership = pChange->aaMembership) != pCurrentProperties->u.UserProperties.PTSINFO.aaMembership)
88 NewProperties.dwMask |= MASK_USERPROP_aaMembership;
89 memcpy (&NewProperties.timeAccountExpires, &pChange->timeExpires, sizeof(SYSTEMTIME));
90 if (memcmp (&NewProperties.timeAccountExpires, &pCurrentProperties->u.UserProperties.KASINFO.timeExpires, sizeof(SYSTEMTIME)))
91 NewProperties.dwMask |= MASK_USERPROP_timeAccountExpires;
93 // If we've decided to change anything, call AfsClass to actually do it
95 if (NewProperties.dwMask == 0)
97 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded (nothing to do)"), idClient);
102 if (!AfsClass_SetUserProperties ((LPIDENT)idUser, &NewProperties, &status))
104 Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; error 0x%08lX"), idClient, status);
105 return FALSE_(status,pStatus,iOp);
108 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded"), idClient);
111 AfsAdmSvr_EndOperation (iOp);
116 // AfsAdmSvr_SetUserPassword
117 // ...changes the password for the specified user account. Pass a non-empty
118 // string in {keyString} to encrypt the specified string; otherwise,
119 // pass a valid encryption key in {keyData}.
121 extern "C" int AfsAdmSvr_SetUserPassword (UINT_PTR idClient, ASID idCell, ASID idUser, int keyVersion, STRING keyString, BYTE keyData[ ENCRYPTIONKEYLENGTH ], ULONG *pStatus)
127 Action.Action = ACTION_USER_PW_CHANGE;
128 Action.idClient = idClient;
129 Action.idCell = idCell;
130 Action.u.User_Pw_Change.idUser = idUser;
131 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
133 Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword (idUser=0x%08lX)"), idClient, idUser);
135 if (!AfsAdmSvr_fIsValidClient (idClient))
136 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
138 // Change the user's password
140 if (keyString && keyString[0])
142 rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, keyString, &status);
144 else // (!keyString || !keyString[0])
146 rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, (LPENCRYPTIONKEY)keyData, &status);
150 return FALSE_(status,pStatus,iOp);
152 Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword succeeded"), idClient);
153 AfsAdmSvr_EndOperation (iOp);
158 // AfsAdmSvr_UnlockUser
159 // ...unlocks a user's account
161 extern "C" int AfsAdmSvr_UnlockUser (UINT_PTR idClient, ASID idCell, ASID idUser, ULONG *pStatus)
164 Action.Action = ACTION_USER_UNLOCK;
165 Action.idClient = idClient;
166 Action.idCell = idCell;
167 Action.u.User_Unlock.idUser = idUser;
168 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
170 Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser (idUser=0x%08lX)"), idClient, idUser);
172 if (!AfsAdmSvr_fIsValidClient (idClient))
173 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
175 // Unlock the user's account
178 if (!AfsClass_UnlockUser ((LPIDENT)idUser, &status))
179 return FALSE_(status,pStatus,iOp);
181 Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser succeeded"), idClient);
182 AfsAdmSvr_EndOperation (iOp);
187 // AfsAdmSvr_CreateUser
188 // ...creates a new user account
190 extern "C" int AfsAdmSvr_CreateUser (UINT_PTR idClient, ASID idCell, LPAFSADMSVR_CREATEUSER_PARAMS pCreate, ASID *pidUser, ULONG *pStatus)
193 Action.Action = ACTION_USER_CREATE;
194 Action.idClient = idClient;
195 Action.idCell = idCell;
196 lstrcpy (Action.u.User_Create.szUser, pCreate->szName);
197 lstrcpy (Action.u.User_Create.szInstance, pCreate->szInstance);
198 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
200 Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser (szUser=%s)"), idClient, pCreate->szName);
202 if (!AfsAdmSvr_fIsValidClient (idClient))
203 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
205 // Create the user account
209 if ((lpiUser = AfsClass_CreateUser ((LPIDENT)idCell, pCreate->szName, pCreate->szInstance, pCreate->szPassword, pCreate->idUser, pCreate->fCreateKAS, pCreate->fCreatePTS, &status)) == NULL)
211 Print (dlERROR, TEXT("Client 0x%08lX: CreateUser failed; error 0x%08lX"), idClient, status);
212 return FALSE_(status,pStatus,iOp);
216 *pidUser = (ASID)lpiUser;
218 // Creating a user account may change the max user ID
219 AfsAdmSvr_TestProperties (idCell);
221 Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser succeeded"), idClient);
222 AfsAdmSvr_EndOperation (iOp);
227 // AfsAdmSvr_DeleteUser
228 // ...deletes a user's account
230 extern "C" int AfsAdmSvr_DeleteUser (UINT_PTR idClient, ASID idCell, ASID idUser, LPAFSADMSVR_DELETEUSER_PARAMS pDelete, ULONG *pStatus)
233 Action.Action = ACTION_USER_DELETE;
234 Action.idClient = idClient;
235 Action.idCell = idCell;
236 Action.u.User_Delete.idUser = idUser;
237 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
239 Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser (idUser=0x%08lX)"), idClient, idUser);
241 if (!AfsAdmSvr_fIsValidClient (idClient))
242 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
244 // Delete the user's accounts
247 if (!AfsClass_DeleteUser ((LPIDENT)idUser, pDelete->fDeleteKAS, pDelete->fDeletePTS, &status))
249 Print (dlERROR, TEXT("Client 0x%08lX: DeleteUser failed; error 0x%08lX"), idClient, status);
250 return FALSE_(status,pStatus,iOp);
253 Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser succeeded"), idClient);
254 AfsAdmSvr_EndOperation (iOp);