#ifndef __USERCOPY_HPP__ #define __USERCOPY_HPP__ //#pragma title("usercopy.hpp- class definitions for usercopy") /* ================================================================================ (c) Copyright 1995-1998, Mission Critical Software, Inc., All Rights Reserved Proprietary and confidential to Mission Critical Software, Inc. Program - usercopy Class - LAN Manager Utilities Author - Christy Boles Created - 09/04/97 Description- class definitions to allow usercopy to process subsets of accounts. The list of accounts will be generated by the GUI, and will consist of a TNodeList of TAcctNodes. Users will be added from the front of the list, and groups will be added at the end. Updates - 01/30/98 CAB Added strong password generation ================================================================================ */ #include #include "TNode.hpp" #include // for _SH_DENYNO #include "EaLen.hpp" #include "Common.hpp" #include "Err.hpp" #include "UString.hpp" #include "CommaLog.hpp" #include "TARNode.hpp" #include "WorkObj.h" #include "ProcExts.h" //#import "\bin\DBManager.tlb" no_namespace, named_guids //#import "\bin\McsDctWorkerObjects.tlb" #import "DBMgr.tlb" no_namespace, named_guids #import "WorkObj.tlb" #define AR_BUFSIZE ((size_t)16000) #define AR_NUM_IN_BUF 5000 #define F_REPLACE 0x00000001 // replace account info #define F_GROUP 0x00000002 // copy global groups #define F_LGROUP 0x00000004 // copy local groups #define F_USERS 0x00000008 // copy users #define F_DISABLE_ALL 0x00000010 // disable all accounts #define F_DISABLE_SPECIAL 0x00000020 // disable Account Ops, Backup Ops, Administrators, Domain Admins #define F_STRONGPW_ALL 0x00000040 // generate strong passwords for all accounts #define F_STRONGPW_SPECIAL 0x00000080 // generate strong passwords for Account Ops, Backup Ops, Admins, and Domain Admins #define F_MACHINE 0x00000100 // copy computer accounts #define F_REMOVE_OLD_MEMBERS 0x00000200 // remove old members from replaced groups #define F_DISABLESOURCE 0x00000400 // disable copied user accounts on source domain #define F_AddToSrcGroupLocal 0x00000800 // indicates that the add-to group is on the target domain #define F_AddToGroupLocal 0x00001000 // add to group is a local group #define F_INTERACT 0x00002000 // use command-line parms to initiate interactive gui session #define F_WARN_FULLNAME 0x00004000 // warn before replacing accounts w/different fullname #define F_WARN_COMMENT 0x00008000 // warn before replacing accounts w/different comment #define F_CopyPasswords 0x00010000 // copy passwords #define F_RevokeOldRights 0x00020000 // removes old user rights from copied accounts #define F_AddSidHistory 0x00040000 // Add SID of source account to the SID history of the target account. #define F_TranslateProfiles 0x00080000 // Translate roaming profiles #define F_OUS 0x00100000 // Process the organizational units. #define F_COMPUTERS 0x00200000 // Process the computer accounts in Acct replication #define F_COPY_CONT_CONTENT 0x00400000 // Copy the container contents along with the container when copying accounts. #define F_COPY_MIGRATED_ACCT 0x00800000 // When expanding containers/membership include accounts that have already been migrated. #define F_MOVE_REPLACED_ACCT 0x01000000 // move a replaces account to the user-specified OU. #define AR_AccountComputer (0x80000000) #define AR_AccountComputerPdc (0x40000000) #define ADMINISTRATORS 1 #define ACCOUNT_OPERATORS 2 #define BACKUP_OPERATORS 3 #define DOMAIN_ADMINS 4 #define CREATOR_OWNER 5 #define DOMAIN_USERS 6 #define DOMAIN_CONTROLLERS 7 #define DOMAIN_COMPUTERS 8 struct AccountStats { long users; long globals; long locals; long computers; long generic; }; class TANode:public TNode { BOOL bMarked; PSID pSid; WCHAR name[LEN_Account]; public: TANode() { name[0] = 0; bMarked = FALSE; pSid = NULL;} TANode(WCHAR const * n) { safecopy(name,n); bMarked = FALSE; pSid = NULL; } ~TANode() { if ( pSid ) delete pSid; } BOOL Marked() { return bMarked; } void Mark() { bMarked = TRUE; } void SetSid(PSID p) { pSid = p; } void SetName(WCHAR const * n){ safecopy(name,n); } WCHAR * GetName() { return name; } PSID GetSid() { return pSid;} }; // Password generation service #define PWGEN_MIN_LENGTH 8 // enforced minimum password length #define PWGEN_MAX_LENGTH 14 // enforced maximum password length struct EaPwdFilterInfo { DWORD bEnforce; DWORD bAllowName; DWORD minLower; DWORD minUpper; DWORD minDigits; DWORD minSpecial; DWORD maxConsecutiveAlpha; }; struct Options { WCHAR srcDomain[LEN_Domain]; WCHAR srcDomainDns[LEN_Domain]; WCHAR srcDomainFlat[LEN_Domain]; WCHAR tgtDomain[LEN_Domain]; WCHAR tgtDomainDns[LEN_Domain]; WCHAR tgtDomainFlat[LEN_Domain]; WCHAR srcComp[LEN_Account]; // source computername WCHAR srcCompDns[LEN_Account]; // DNS source computername WCHAR srcCompFlat[LEN_Account]; // flat source computername WCHAR tgtComp[LEN_Account]; // target computername WCHAR tgtCompDns[LEN_Account]; // DNS target computername WCHAR tgtCompFlat[LEN_Account]; // flat target computername PSID srcSid; PSID tgtSid; DWORD srcDomainVer; DWORD srcDomainVerMinor; DWORD tgtDomainVer; DWORD tgtDomainVerMinor; WCHAR prefix[UNLEN]; // prefix for added users WCHAR suffix[UNLEN]; // suffix for added users WCHAR globalPrefix[UNLEN]; WCHAR globalSuffix[UNLEN]; WCHAR addToGroup[GNLEN+1]; // optional group name to add new users to WCHAR addToGroupSource[GNLEN+1]; // optional group name to add source users to WCHAR logFile[MAX_PATH+1]; EaPwdFilterInfo policyInfo; DWORD minPwdLength; CommaDelimitedLog passwordLog; DWORD flags; // operation flags BOOL nochange; WCHAR authUser[UNLEN+1]; //User name for source authentication WCHAR authPassword[UNLEN+1]; //Password for Authentication. WCHAR authDomain[LEN_Domain+1]; // Domain for the user passed for authentication HANDLE dsBindHandle; // Handle to the directory service. Should be init by DsBind. WCHAR srcNamingContext[LEN_Path]; // Naming context for the Adsi path WCHAR tgtNamingContext[LEN_Path]; // Naming context for the Target domain WCHAR tgtOUPath[LEN_Path]; // path for the OU container that is to be used to create objects in BOOL expandContainers; // Whether or not we want to expand the containers. BOOL expandMemberOf; BOOL fixMembership; IIManageDB * pDb; HRESULT openDBResult; BOOL bUndo; BOOL bSameForest; long lActionID; long lUndoActionID; MCSDCTWORKEROBJECTSLib::IStatusObjPtr pStatus; WCHAR sDomUsers[UNLEN+1]; // Name of the domain users group in the source domain _bstr_t sExcSystemProps; // system properties to exclude from migration _bstr_t sExcUserProps; // user properties to exclude from migration _bstr_t sExcInetOrgPersonProps; // InetOrgPerson properties to exclude from migration _bstr_t sExcGroupProps; // group properties to exclude from migration _bstr_t sExcCmpProps; // computer properties to exclude from migration BOOL bExcludeProps; _bstr_t sWizard; Options() { srcDomain[0] = 0; srcDomainDns[0] = 0; srcDomainFlat[0] = 0; tgtDomain[0] = 0; tgtDomainDns[0] = 0; tgtDomainFlat[0] = 0; srcComp[0] = 0; srcCompDns[0] = 0; srcCompFlat[0] = 0; tgtComp[0] = 0; tgtCompDns[0] = 0; tgtCompFlat[0] = 0; prefix[0] = 0; suffix[0] = 0; globalPrefix[0] = 0; globalSuffix[0] = 0; addToGroup[0] = 0; addToGroupSource[0] = 0; logFile[0] = 0; minPwdLength = 0; flags = 0; nochange = TRUE; authUser[0] = 0; authPassword[0] = 0; authDomain[0] = 0; srcNamingContext[0] = 0; tgtNamingContext[0] = 0; tgtOUPath[0] = 0; expandContainers = FALSE; fixMembership = TRUE; pDb = NULL; openDBResult = CoCreateInstance(CLSID_IManageDB,NULL,CLSCTX_ALL,IID_IIManageDB,(void**)&pDb); bUndo = FALSE; srcDomainVer = -1; srcDomainVerMinor = -1; tgtDomainVer = -1; tgtDomainVerMinor = -1; srcSid = NULL; tgtSid = NULL; lUndoActionID = 0; pStatus = NULL; bSameForest = FALSE; sDomUsers[0] = 0; bExcludeProps = FALSE; } ~Options() { if( pDb ) { pDb->Release(); } if ( srcSid ) FreeSid(srcSid); if ( tgtSid ) FreeSid(tgtSid); } }; typedef void ProgressFn(WCHAR const * mesg); int UserCopy( Options * options, // in - options TNodeListSortable * acctlist, // in - list of accounts to process ProgressFn * progress, // in - function called to log current progress TError & error, // in - TError to write messages to IStatusObj * pStatus, // in -status object to support cancellation void fn (void ), // in - window update function CProcessExtensions * pExts // in - pointer to extensions ); int UserRename( Options * options, // in -options TNodeListSortable * acctlist, // in -list of accounts to process ProgressFn * progress, // in -window to write progress messages to TError & error, // in -window to write error messages to IStatusObj * pStatus, // in -status object to support cancellation void WindowUpdate (void ) // in - window update function ); bool AddSidHistory( const Options * pOptions, const WCHAR * strSrcPrincipal, const WCHAR * strDestPrincipal, IStatusObj * pStatus = NULL, BOOL isFatal = TRUE ); bool BindToDS( Options * pOpt ); bool AddToOU ( Options * options, // in -options TNodeListSortable * acctlist // in -list of accounts to process ); void MakeFullyQualifiedAdsPath( WCHAR * sPath, //out- Fully qulified LDAP path to the object DWORD nPathLen, //in - MAX size, in characters, of the sPath buffer WCHAR * sSubPath, //in- LDAP subpath of the object WCHAR * tgtDomain, //in- Domain name where object exists. WCHAR * sDN //in- Deafault naming context for the Domain ); void FillupNamingContext(Options * options); bool IsAccountMigrated( TAcctReplNode * pNode, //in -Account node that contains the Account info Options * pOptions, //in -Options as specified by the user. IIManageDBPtr pDb, //in -Pointer to DB manager. We dont want to create this object for every account we process WCHAR * sTgtSam //in,out - Name of the target object that was copied if any. ); bool CheckifAccountExists( Options const* options, //in-Options as set by the user WCHAR * acctName //in-Name of the account to look for ); bool CallExtensions( CProcessExtensions * pExt, // in - Extension handler. Options * options, // in -options TNodeListSortable * acctlist, //in -Accounts to be copied. IStatusObj * pStatus, // in -status object to support cancellation ProgressFn * progress //in- Progress function. ); void CopyGlobalGroupMembers( Options const * options ,// in -options TAcctReplNode * acct ,// in -account to copy TNodeListSortable * acctlist ,// in -list of accounts being copied void WindowUpdate (void ) // in - window update function ); void CopyLocalGroupMembers( Options const * options ,// in -options TAcctReplNode * acct ,// in -account to copy TNodeListSortable * acctlist ,// in -list of accounts being copied void WindowUpdate (void ) // in - window update function ); HRESULT CopySidHistoryProperty( Options * pOptions, TAcctReplNode * pNode, IStatusObj * pStatus ); HRESULT __stdcall GetRidPoolAllocator( Options * pOptions ); void Mark( _bstr_t sMark, _bstr_t sObj); void BatchMark(const EAMAccountStats& stats); DWORD GetName(PSID pObjectSID, WCHAR * sNameAccount, WCHAR * sDomain); typedef HRESULT (CALLBACK * ADSGETOBJECT)(LPWSTR, REFIID, void**); extern ADSGETOBJECT ADsGetObject; #endif //__USERCOPY_HPP__