2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 #include <afs/param.h>
15 #include "TaAfsAdmSvrInternal.h"
19 * ROUTINES ___________________________________________________________________
24 // AfsAdmSvr_ChangeUser
25 // ...changes a user account's properties.
27 extern "C" int AfsAdmSvr_ChangeUser (DWORD idClient, ASID idCell, ASID idUser, LPAFSADMSVR_CHANGEUSER_PARAMS pChange, ULONG *pStatus)
30 Action.Action = ACTION_USER_CHANGE;
31 Action.idClient = idClient;
32 Action.idCell = idCell;
33 Action.u.User_Change.idUser = idUser;
34 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
36 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser (idUser=0x%08lX)"), idClient, idUser);
38 if (!AfsAdmSvr_fIsValidClient (idClient))
39 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
41 // Find this user's current properties
43 LPASOBJPROP pCurrentProperties;
44 if ((pCurrentProperties = AfsAdmSvr_GetCurrentProperties (idUser, pStatus)) == NULL)
46 Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; no properties"), idClient);
47 AfsAdmSvr_EndOperation (iOp);
51 // Build an AFSCLASS-style USERPROPERTIES structure that reflects the
52 // new properties for the user; mark the structure's dwMask bit to indicate
53 // what we're changing.
55 USERPROPERTIES NewProperties;
56 memset (&NewProperties, 0x00, sizeof(NewProperties));
58 if ((NewProperties.fAdmin = pChange->fIsAdmin) != pCurrentProperties->u.UserProperties.KASINFO.fIsAdmin)
59 NewProperties.dwMask |= MASK_USERPROP_fAdmin;
60 if ((NewProperties.fGrantTickets = pChange->fCanGetTickets) != pCurrentProperties->u.UserProperties.KASINFO.fCanGetTickets)
61 NewProperties.dwMask |= MASK_USERPROP_fGrantTickets;
62 if ((NewProperties.fCanEncrypt = pChange->fEncrypt) != pCurrentProperties->u.UserProperties.KASINFO.fEncrypt)
63 NewProperties.dwMask |= MASK_USERPROP_fCanEncrypt;
64 if ((NewProperties.fCanChangePassword = pChange->fCanChangePassword) != pCurrentProperties->u.UserProperties.KASINFO.fCanChangePassword)
65 NewProperties.dwMask |= MASK_USERPROP_fCanChangePassword;
66 if ((NewProperties.fCanReusePasswords = pChange->fCanReusePasswords) != pCurrentProperties->u.UserProperties.KASINFO.fCanReusePasswords)
67 NewProperties.dwMask |= MASK_USERPROP_fCanReusePasswords;
68 if ((NewProperties.cdayPwExpires = pChange->cdayPwExpire) != pCurrentProperties->u.UserProperties.KASINFO.cdayPwExpire)
69 NewProperties.dwMask |= MASK_USERPROP_cdayPwExpires;
70 if ((NewProperties.csecTicketLifetime = pChange->csecTicketLifetime) != pCurrentProperties->u.UserProperties.KASINFO.csecTicketLifetime)
71 NewProperties.dwMask |= MASK_USERPROP_csecTicketLifetime;
72 if ((NewProperties.nFailureAttempts = pChange->cFailLogin) != pCurrentProperties->u.UserProperties.KASINFO.cFailLogin)
73 NewProperties.dwMask |= MASK_USERPROP_nFailureAttempts;
74 if ((NewProperties.csecFailedLoginLockTime = pChange->csecFailLoginLock) != pCurrentProperties->u.UserProperties.KASINFO.csecFailLoginLock)
75 NewProperties.dwMask |= MASK_USERPROP_csecFailedLoginLockTime;
76 if ((NewProperties.cGroupCreationQuota = pChange->cgroupCreationQuota) != pCurrentProperties->u.UserProperties.PTSINFO.cgroupCreationQuota)
77 NewProperties.dwMask |= MASK_USERPROP_cGroupCreationQuota;
78 if ((NewProperties.aaListStatus = pChange->aaListStatus) != pCurrentProperties->u.UserProperties.PTSINFO.aaListStatus)
79 NewProperties.dwMask |= MASK_USERPROP_aaListStatus;
80 if ((NewProperties.aaGroupsOwned = pChange->aaGroupsOwned) != pCurrentProperties->u.UserProperties.PTSINFO.aaGroupsOwned)
81 NewProperties.dwMask |= MASK_USERPROP_aaGroupsOwned;
82 if ((NewProperties.aaMembership = pChange->aaMembership) != pCurrentProperties->u.UserProperties.PTSINFO.aaMembership)
83 NewProperties.dwMask |= MASK_USERPROP_aaMembership;
84 memcpy (&NewProperties.timeAccountExpires, &pChange->timeExpires, sizeof(SYSTEMTIME));
85 if (memcmp (&NewProperties.timeAccountExpires, &pCurrentProperties->u.UserProperties.KASINFO.timeExpires, sizeof(SYSTEMTIME)))
86 NewProperties.dwMask |= MASK_USERPROP_timeAccountExpires;
88 // If we've decided to change anything, call AfsClass to actually do it
90 if (NewProperties.dwMask == 0)
92 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded (nothing to do)"), idClient);
97 if (!AfsClass_SetUserProperties ((LPIDENT)idUser, &NewProperties, &status))
99 Print (dlERROR, TEXT("Client 0x%08lX: ChangeUser failed; error 0x%08lX"), idClient, status);
100 return FALSE_(status,pStatus,iOp);
103 Print (dlDETAIL, TEXT("Client 0x%08lX: ChangeUser succeeded"), idClient);
106 AfsAdmSvr_EndOperation (iOp);
111 // AfsAdmSvr_SetUserPassword
112 // ...changes the password for the specified user account. Pass a non-empty
113 // string in {keyString} to encrypt the specified string; otherwise,
114 // pass a valid encryption key in {keyData}.
116 extern "C" int AfsAdmSvr_SetUserPassword (DWORD idClient, ASID idCell, ASID idUser, int keyVersion, STRING keyString, BYTE keyData[ ENCRYPTIONKEYLENGTH ], ULONG *pStatus)
122 Action.Action = ACTION_USER_PW_CHANGE;
123 Action.idClient = idClient;
124 Action.idCell = idCell;
125 Action.u.User_Pw_Change.idUser = idUser;
126 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
128 Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword (idUser=0x%08lX)"), idClient, idUser);
130 if (!AfsAdmSvr_fIsValidClient (idClient))
131 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
133 // Change the user's password
135 if (keyString && keyString[0])
137 rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, keyString, &status);
139 else // (!keyString || !keyString[0])
141 rc = AfsClass_SetUserPassword ((LPIDENT)idUser, keyVersion, (LPENCRYPTIONKEY)keyData, &status);
145 return FALSE_(status,pStatus,iOp);
147 Print (dlDETAIL, TEXT("Client 0x%08lX: SetUserPassword succeeded"), idClient);
148 AfsAdmSvr_EndOperation (iOp);
153 // AfsAdmSvr_UnlockUser
154 // ...unlocks a user's account
156 extern "C" int AfsAdmSvr_UnlockUser (DWORD idClient, ASID idCell, ASID idUser, ULONG *pStatus)
159 Action.Action = ACTION_USER_UNLOCK;
160 Action.idClient = idClient;
161 Action.idCell = idCell;
162 Action.u.User_Unlock.idUser = idUser;
163 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
165 Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser (idUser=0x%08lX)"), idClient, idUser);
167 if (!AfsAdmSvr_fIsValidClient (idClient))
168 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
170 // Unlock the user's account
173 if (!AfsClass_UnlockUser ((LPIDENT)idUser, &status))
174 return FALSE_(status,pStatus,iOp);
176 Print (dlDETAIL, TEXT("Client 0x%08lX: UnlockUser succeeded"), idClient);
177 AfsAdmSvr_EndOperation (iOp);
182 // AfsAdmSvr_CreateUser
183 // ...creates a new user account
185 extern "C" int AfsAdmSvr_CreateUser (DWORD idClient, ASID idCell, LPAFSADMSVR_CREATEUSER_PARAMS pCreate, ASID *pidUser, ULONG *pStatus)
188 Action.Action = ACTION_USER_CREATE;
189 Action.idClient = idClient;
190 Action.idCell = idCell;
191 lstrcpy (Action.u.User_Create.szUser, pCreate->szName);
192 lstrcpy (Action.u.User_Create.szInstance, pCreate->szInstance);
193 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
195 Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser (szUser=%s)"), idClient, pCreate->szName);
197 if (!AfsAdmSvr_fIsValidClient (idClient))
198 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
200 // Create the user account
204 if ((lpiUser = AfsClass_CreateUser ((LPIDENT)idCell, pCreate->szName, pCreate->szInstance, pCreate->szPassword, pCreate->idUser, pCreate->fCreateKAS, pCreate->fCreatePTS, &status)) == NULL)
206 Print (dlERROR, TEXT("Client 0x%08lX: CreateUser failed; error 0x%08lX"), idClient, status);
207 return FALSE_(status,pStatus,iOp);
211 *pidUser = (ASID)lpiUser;
213 // Creating a user account may change the max user ID
214 AfsAdmSvr_TestProperties (idCell);
216 Print (dlDETAIL, TEXT("Client 0x%08lX: CreateUser succeeded"), idClient);
217 AfsAdmSvr_EndOperation (iOp);
222 // AfsAdmSvr_DeleteUser
223 // ...deletes a user's account
225 extern "C" int AfsAdmSvr_DeleteUser (DWORD idClient, ASID idCell, ASID idUser, LPAFSADMSVR_DELETEUSER_PARAMS pDelete, ULONG *pStatus)
228 Action.Action = ACTION_USER_DELETE;
229 Action.idClient = idClient;
230 Action.idCell = idCell;
231 Action.u.User_Delete.idUser = idUser;
232 size_t iOp = AfsAdmSvr_BeginOperation (idClient, &Action);
234 Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser (idUser=0x%08lX)"), idClient, idUser);
236 if (!AfsAdmSvr_fIsValidClient (idClient))
237 return FALSE_(ERROR_INVALID_PARAMETER,pStatus,iOp);
239 // Delete the user's accounts
242 if (!AfsClass_DeleteUser ((LPIDENT)idUser, pDelete->fDeleteKAS, pDelete->fDeletePTS, &status))
244 Print (dlERROR, TEXT("Client 0x%08lX: DeleteUser failed; error 0x%08lX"), idClient, status);
245 return FALSE_(status,pStatus,iOp);
248 Print (dlDETAIL, TEXT("Client 0x%08lX: DeleteUser succeeded"), idClient);
249 AfsAdmSvr_EndOperation (iOp);