mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
440 lines
17 KiB
440 lines
17 KiB
//---------------------------------------------------------------------------
|
|
// DisableTarget.cpp
|
|
//
|
|
// Comment: This is a COM object extension for the MCS DCTAccountReplicator.
|
|
// This object implements the IExtendAccountMigration interface. In
|
|
// the process method this object disables the Source and the Target
|
|
// accounts depending on the settings in the VarSet.
|
|
//
|
|
// (c) Copyright 1995-1998, Mission Critical Software, Inc., All Rights Reserved
|
|
//
|
|
// Proprietary and confidential to Mission Critical Software, Inc.
|
|
//---------------------------------------------------------------------------
|
|
|
|
#include "stdafx.h"
|
|
#include "ResStr.h"
|
|
#include <lm.h>
|
|
#include <activeds.h>
|
|
#include "AcctDis.h"
|
|
#include "DisAcct.h"
|
|
#include "ARExt.h"
|
|
#include "ARExt_i.c"
|
|
#include "ErrDCT.hpp"
|
|
//#import "\bin\McsVarSetMin.tlb" no_namespace
|
|
//#import "\bin\DBManager.tlb" no_namespace
|
|
#import "VarSet.tlb" no_namespace rename("property", "aproperty")
|
|
#import "DBMgr.tlb" no_namespace
|
|
|
|
const int LEN_Path = 255;
|
|
StringLoader gString;
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// CDisableTarget
|
|
|
|
//---------------------------------------------------------------------------
|
|
// Get and set methods for the properties.
|
|
//---------------------------------------------------------------------------
|
|
STDMETHODIMP CDisableTarget::get_sName(BSTR *pVal)
|
|
{
|
|
*pVal = m_sName;
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CDisableTarget::put_sName(BSTR newVal)
|
|
{
|
|
m_sName = newVal;
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CDisableTarget::get_sDesc(BSTR *pVal)
|
|
{
|
|
*pVal = m_sDesc;
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CDisableTarget::put_sDesc(BSTR newVal)
|
|
{
|
|
m_sDesc = newVal;
|
|
return S_OK;
|
|
}
|
|
|
|
|
|
//---------------------------------------------------------------------------
|
|
// ProcessObject : This method doesn't do anything.
|
|
//---------------------------------------------------------------------------
|
|
STDMETHODIMP CDisableTarget::PreProcessObject(
|
|
IUnknown *pSource, //in- Pointer to the source AD object
|
|
IUnknown *pTarget, //in- Pointer to the target AD object
|
|
IUnknown *pMainSettings, //in- Varset filled with the settings supplied by user
|
|
IUnknown **ppPropsToSet //in,out - Varset filled with Prop-Value pairs that will be set
|
|
// once all extension objects are executed.
|
|
)
|
|
{
|
|
// Check if the object is of user type. if not then there is no point in disabling that account.
|
|
IVarSetPtr pVs = pMainSettings;
|
|
_bstr_t sType = pVs->get(GET_BSTR(DCTVS_CopiedAccount_Type));
|
|
if (!sType.length())
|
|
return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
|
|
if (UStrICmp((WCHAR*)sType,L"user"))
|
|
return S_OK;
|
|
|
|
if ( pSource )
|
|
{
|
|
// HRESULT hr = S_OK;
|
|
_variant_t vtExp;
|
|
_variant_t vtFlag;
|
|
_bstr_t sSourceType;
|
|
IIManageDBPtr pDb = pVs->get(GET_BSTR(DCTVS_DBManager));
|
|
|
|
sSourceType = pVs->get(GET_BSTR(DCTVS_CopiedAccount_Type));
|
|
|
|
if ( !_wcsicmp((WCHAR*) sSourceType, L"user") )
|
|
{
|
|
// Get the expiration date and put it into the AR Node.
|
|
_bstr_t sSam = pVs->get(GET_BSTR(DCTVS_CopiedAccount_SourceSam));
|
|
_bstr_t sComp = pVs->get(GET_BSTR(DCTVS_Options_SourceServer));
|
|
USER_INFO_3 * pInfo = NULL;
|
|
DWORD rc = NetUserGetInfo((WCHAR*) sComp, (WCHAR*)sSam, 3, (LPBYTE*)&pInfo);
|
|
|
|
if ( !rc )
|
|
{
|
|
vtExp = (long)pInfo->usri3_acct_expires;
|
|
pVs->put(GET_BSTR(DCTVS_CopiedAccount_ExpDate), vtExp);
|
|
|
|
// Get the ControlFlag and store it into the AR Node.
|
|
vtFlag = (long)pInfo->usri3_flags;
|
|
pVs->put(GET_BSTR(DCTVS_CopiedAccount_UserFlags), vtFlag);
|
|
if ( pInfo ) NetApiBufferFree(pInfo);
|
|
}
|
|
}
|
|
pDb->raw_SaveUserProps(pMainSettings);
|
|
}
|
|
return S_OK;
|
|
}
|
|
//---------------------------------------------------------------------------
|
|
// ProcessObject : This method checks in varset if it needs to disable any
|
|
// accounts. If it does then it disables those accounts.
|
|
//---------------------------------------------------------------------------
|
|
STDMETHODIMP CDisableTarget::ProcessObject(
|
|
IUnknown *pSource, //in- Pointer to the source AD object
|
|
IUnknown *pTarget, //in- Pointer to the target AD object
|
|
IUnknown *pMainSettings, //in- Varset filled with the settings supplied by user
|
|
IUnknown **ppPropsToSet //in,out - Varset filled with Prop-Value pairs that will be set
|
|
// once all extension objects are executed.
|
|
)
|
|
{
|
|
IVarSetPtr pVarSet = pMainSettings;
|
|
_variant_t var;
|
|
DWORD paramErr;
|
|
USER_INFO_3 * info = NULL;
|
|
long rc;
|
|
WCHAR strDomain[LEN_Path];
|
|
WCHAR strAcct[LEN_Path];
|
|
HRESULT hr = S_OK;
|
|
TErrorDct err;
|
|
WCHAR fileName[LEN_Path];
|
|
BOOL bDisableSource = FALSE;
|
|
BOOL bExpireSource = FALSE;
|
|
_bstr_t temp;
|
|
time_t expireTime = 0;
|
|
_bstr_t bstrSameForest;
|
|
BOOL bSameAsSource = FALSE;
|
|
BOOL bDisableTarget = FALSE;
|
|
BOOL bGotSrcState = FALSE;
|
|
BOOL bSrcDisabled = FALSE;
|
|
|
|
bstrSameForest = pVarSet->get(GET_BSTR(DCTVS_Options_IsIntraforest));
|
|
|
|
if (! UStrICmp((WCHAR*)bstrSameForest,GET_STRING(IDS_YES)) )
|
|
{
|
|
// in the intra-forest case, we are moving the user accounts, not
|
|
// copying them, so these disabling/expiring options don't make any sense
|
|
return S_OK;
|
|
}
|
|
// Get the Error log filename from the Varset
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_Logfile));
|
|
wcscpy(fileName, (WCHAR*)V_BSTR(&var));
|
|
VariantInit(&var);
|
|
// Open the error log
|
|
err.LogOpen(fileName, 1);
|
|
|
|
// Check if the object is of user type. if not then there is no point in disabling that account.
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_Type));
|
|
if ( UStrICmp(var.bstrVal,L"user"))
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
//set flags based on user selections
|
|
temp = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableSourceAccounts));
|
|
if ( ! UStrICmp(temp,GET_STRING(IDS_YES)) )
|
|
{
|
|
bDisableSource = TRUE;
|
|
}
|
|
temp = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableCopiedAccounts));
|
|
if ( ! UStrICmp(temp,GET_STRING(IDS_YES)) )
|
|
{
|
|
bDisableTarget = TRUE;
|
|
}
|
|
temp = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_TgtStateSameAsSrc));
|
|
if ( ! UStrICmp(temp,GET_STRING(IDS_YES)) )
|
|
{
|
|
bSameAsSource = TRUE;
|
|
}
|
|
|
|
/* process the source account */
|
|
//if expire source accounts was set, retrieve the expire time, now given to us in
|
|
//number of days from now
|
|
temp = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExpireSourceAccounts));
|
|
if ( temp.length() )
|
|
{
|
|
long oneDay = 24 * 60 * 60; // number of seconds in 1 day
|
|
|
|
//get days until expire
|
|
long lExpireDays = _wtol(temp);
|
|
//get the current time
|
|
time_t currentTime = time(NULL);
|
|
//convert current time to local time
|
|
struct tm * convtm;
|
|
convtm = localtime(¤tTime);
|
|
//rollback to this morning
|
|
convtm->tm_hour = 0;
|
|
convtm->tm_min = 0;
|
|
convtm->tm_sec = 0;
|
|
|
|
//convert this time back to GMT
|
|
expireTime = mktime(convtm);
|
|
//move forward to tonight at midnight
|
|
expireTime += oneDay;
|
|
|
|
//now add the desired number of days
|
|
expireTime += lExpireDays * oneDay;
|
|
|
|
bExpireSource = TRUE;
|
|
}
|
|
|
|
//get source account state
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_SourceSam));
|
|
wcscpy(strAcct, (WCHAR*)V_BSTR(&var));
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_SourceServer));
|
|
wcscpy(strDomain, (WCHAR*)V_BSTR(&var));
|
|
// we will use the net APIs to disable the source account
|
|
rc = NetUserGetInfo(strDomain, strAcct, 3, (LPBYTE *)&info);
|
|
if (rc != 0)
|
|
{
|
|
hr = S_FALSE;
|
|
err.SysMsgWrite(ErrW, rc, DCT_MSG_DISABLE_SOURCE_FAILED_SD, strAcct, rc);
|
|
}
|
|
else
|
|
{
|
|
//set current source account state
|
|
if (info->usri3_flags & UF_ACCOUNTDISABLE)
|
|
bSrcDisabled = TRUE;
|
|
//also save the flags in the varset to be used in setpass ARExt
|
|
_variant_t vtFlag = (long)info->usri3_flags;
|
|
pVarSet->put(GET_BSTR(DCTVS_CopiedAccount_UserFlags), vtFlag);
|
|
|
|
//disable the source account if requested
|
|
if (bDisableSource)
|
|
{
|
|
// Set the disable flag
|
|
info->usri3_flags |= UF_ACCOUNTDISABLE;
|
|
err.MsgWrite(0,DCT_MSG_SOURCE_DISABLED_S, strAcct);
|
|
}
|
|
|
|
//expire the account in given timeframe, if requested
|
|
if ( bExpireSource )
|
|
{
|
|
if (((time_t)info->usri3_acct_expires == TIMEQ_FOREVER)
|
|
|| ((time_t)info->usri3_acct_expires > expireTime))
|
|
{
|
|
info->usri3_acct_expires = (DWORD)expireTime;
|
|
err.MsgWrite(0,DCT_MSG_SOURCE_EXPIRED_S,strAcct);
|
|
}
|
|
else
|
|
err.MsgWrite(0, DCT_MSG_SOURCE_EXPIRATION_EARLY_S, strAcct);
|
|
}
|
|
|
|
//if changed, set the source information into the Domain.
|
|
if (bDisableSource || bExpireSource)
|
|
{
|
|
rc = NetUserSetInfo(strDomain,strAcct, 3, (LPBYTE)info, ¶mErr);
|
|
if ( rc )
|
|
err.SysMsgWrite(0,rc,DCT_MSG_ACCOUNT_DISABLE_OR_EXPIRE_FAILED_SD,strAcct,rc);
|
|
}
|
|
NetApiBufferFree((LPVOID) info);
|
|
}//if got current src account state
|
|
|
|
|
|
/* process the target account */
|
|
//get the target state
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_TargetSam));
|
|
wcscpy(strAcct, (WCHAR*)V_BSTR(&var));
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_TargetServer));
|
|
wcscpy(strDomain, (WCHAR*)V_BSTR(&var));
|
|
// we will use the net APIs to disable the target account
|
|
rc = NetUserGetInfo(strDomain, strAcct, 3, (LPBYTE *)&info);
|
|
if (rc != 0)
|
|
{
|
|
hr = S_FALSE;
|
|
err.SysMsgWrite(ErrW, rc, DCT_MSG_DISABLE_TARGET_FAILED_SD, strAcct, rc);
|
|
}
|
|
else
|
|
{
|
|
//disable the target if requested
|
|
if (bDisableTarget)
|
|
{
|
|
// Set the disable flag
|
|
info->usri3_flags |= UF_ACCOUNTDISABLE;
|
|
// Set the information into the Domain.
|
|
rc = NetUserSetInfo(strDomain, strAcct, 3, (LPBYTE)info, ¶mErr);
|
|
err.MsgWrite(0,DCT_MSG_TARGET_DISABLED_S, strAcct);
|
|
}
|
|
//else make target same state as source was
|
|
else if (bSameAsSource)
|
|
{
|
|
//if the source was disabled, disable the target
|
|
if (bSrcDisabled)
|
|
{
|
|
//disable the target
|
|
info->usri3_flags |= UF_ACCOUNTDISABLE;
|
|
// Set the information into the Domain.
|
|
rc = NetUserSetInfo( strDomain, strAcct, 3, (LPBYTE)info, ¶mErr);
|
|
err.MsgWrite(0,DCT_MSG_TARGET_DISABLED_S, strAcct);
|
|
}
|
|
else //else make sure target is enabled and not set to expire
|
|
{
|
|
info->usri3_flags &= ~UF_ACCOUNTDISABLE;
|
|
rc = NetUserSetInfo(strDomain,strAcct,3,(LPBYTE)info,¶mErr);
|
|
}
|
|
}
|
|
else //else make sure target is enabled and not set to expire
|
|
{
|
|
info->usri3_flags &= ~UF_ACCOUNTDISABLE;
|
|
rc = NetUserSetInfo(strDomain,strAcct,3,(LPBYTE)info,¶mErr);
|
|
}
|
|
NetApiBufferFree((LPVOID) info);
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
//---------------------------------------------------------------------------
|
|
// ProcessUndo : This function Enables the accounts that were previously
|
|
// disabled..
|
|
//---------------------------------------------------------------------------
|
|
STDMETHODIMP CDisableTarget::ProcessUndo(
|
|
IUnknown *pSource, //in- Pointer to the source AD object
|
|
IUnknown *pTarget, //in- Pointer to the target AD object
|
|
IUnknown *pMainSettings, //in- Varset filled with the settings supplied by user
|
|
IUnknown **ppPropsToSet //in,out - Varset filled with Prop-Value pairs that will be set
|
|
// once all extension objects are executed.
|
|
)
|
|
{
|
|
IVarSetPtr pVarSet = pMainSettings;
|
|
IIManageDBPtr pDb = pVarSet->get(GET_BSTR(DCTVS_DBManager));
|
|
_variant_t var;
|
|
DWORD paramErr;
|
|
USER_INFO_3 * info;
|
|
long rc;
|
|
WCHAR strDomain[LEN_Path];
|
|
WCHAR strAcct[LEN_Path];
|
|
HRESULT hr = S_OK;
|
|
TErrorDct err;
|
|
IUnknown * pUnk = NULL;
|
|
_bstr_t sSourceName, sSourceDomain, sTgtDomain;
|
|
WCHAR fileName[LEN_Path];
|
|
IVarSetPtr pVs(__uuidof(VarSet));
|
|
_variant_t vtExp, vtFlag;
|
|
_bstr_t sDomainName = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomain));
|
|
|
|
pVs->QueryInterface(IID_IUnknown, (void**)&pUnk);
|
|
|
|
sSourceName = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_SourceSam));
|
|
sSourceDomain = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomain));
|
|
sTgtDomain = pVarSet->get(GET_BSTR(DCTVS_Options_TargetDomain));
|
|
|
|
hr = pDb->raw_GetUserProps(sSourceDomain, sSourceName, &pUnk);
|
|
if ( pUnk ) pUnk->Release();
|
|
|
|
if ( hr == S_OK )
|
|
{
|
|
vtExp = pVs->get(GET_BSTR(DCTVS_CopiedAccount_ExpDate));
|
|
vtFlag = pVs->get(GET_BSTR(DCTVS_CopiedAccount_UserFlags));
|
|
}
|
|
|
|
// Get the Error log filename from the Varset
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_Logfile));
|
|
wcscpy(fileName, (WCHAR*)V_BSTR(&var));
|
|
VariantInit(&var);
|
|
// Open the error log
|
|
err.LogOpen(fileName, 1);
|
|
|
|
// Check if the object is of user type. if not then there is no point in disabling that account.
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_Type));
|
|
if ( _wcsicmp((WCHAR*)V_BSTR(&var),L"user") != 0 )
|
|
return S_OK;
|
|
|
|
_bstr_t sDis = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableSourceAccounts));
|
|
_bstr_t sExp = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_ExpireSourceAccounts));
|
|
|
|
|
|
if ( !wcscmp((WCHAR*)sDis,GET_STRING(IDS_YES)) || sExp.length() )
|
|
{
|
|
// Reset the flag and the expiration date for the source account.
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_SourceSam));
|
|
wcscpy(strAcct, (WCHAR*)V_BSTR(&var));
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_SourceServer));
|
|
wcscpy(strDomain, (WCHAR*)V_BSTR(&var));
|
|
// we will use the net APIs to disable the source account
|
|
rc = NetUserGetInfo( strDomain, strAcct, 3, (LPBYTE *)&info);
|
|
if (rc != 0)
|
|
{
|
|
hr = S_FALSE;
|
|
err.SysMsgWrite(ErrW, rc, DCT_MSG_ENABLE_SOURCE_FAILED_SD, strAcct, rc);
|
|
}
|
|
else
|
|
{
|
|
// Set the disable flag
|
|
info->usri3_flags = vtFlag.lVal;
|
|
info->usri3_acct_expires = vtExp.lVal;
|
|
// Set the information into the Domain.
|
|
rc = NetUserSetInfo(strDomain,strAcct, 3, (LPBYTE)info, ¶mErr);
|
|
NetApiBufferFree((LPVOID) info);
|
|
err.MsgWrite(0,DCT_MSG_SOURCE_ENABLED_S, (WCHAR*)strAcct);
|
|
}
|
|
}
|
|
|
|
// Process the target account if the Varset is set
|
|
var = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_DisableCopiedAccounts));
|
|
if ( (var.vt == VT_BSTR) && (_wcsicmp((WCHAR*)V_BSTR(&var),GET_STRING(IDS_YES)) == 0) )
|
|
{
|
|
var = pVarSet->get(GET_BSTR(DCTVS_CopiedAccount_TargetSam));
|
|
wcscpy(strAcct, (WCHAR*)V_BSTR(&var));
|
|
var = pVarSet->get(GET_BSTR(DCTVS_Options_TargetServer));
|
|
wcscpy(strDomain, (WCHAR*)V_BSTR(&var));
|
|
// we will use the net APIs to disable the target account
|
|
rc = NetUserGetInfo( strDomain, strAcct, 3, (LPBYTE *)&info);
|
|
if (rc != 0)
|
|
{
|
|
hr = S_FALSE;
|
|
err.SysMsgWrite(ErrW, rc, DCT_MSG_ENABLE_TARGET_FAILED_SD, strAcct, rc);
|
|
}
|
|
else
|
|
{
|
|
// Set the disable flag
|
|
info->usri3_flags &= !(UF_ACCOUNTDISABLE);
|
|
// Set the information into the Domain.
|
|
rc = NetUserSetInfo( strDomain, strAcct, 3, (LPBYTE)info, ¶mErr);
|
|
NetApiBufferFree((LPVOID) info);
|
|
err.MsgWrite(0,DCT_MSG_TARGET_ENABLED_S, strAcct);
|
|
}
|
|
}
|
|
WCHAR sFilter[5000];
|
|
wsprintf(sFilter, L"SourceDomain='%s' and SourceSam='%s'", (WCHAR*)sDomainName, strAcct);
|
|
_variant_t Filter = sFilter;
|
|
pDb->raw_ClearTable(L"UserProps", Filter);
|
|
|
|
err.LogClose();
|
|
return hr;
|
|
}
|