]>
Commit | Line | Data |
---|---|---|
5d0a7127 | 1 | /* $Header$ |
984c91b7 | 2 | /* test parameters for creating a user account - done |
bcf1ed58 | 3 | * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF |
4 | * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF | |
984c91b7 | 5 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type |
5d0a7127 | 6 | * |
9db0b148 | 7 | * test parameters for deactivating/deleting a user account - done |
984c91b7 | 8 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF |
9 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF | |
10 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type | |
11 | * comment: clearid is the MIT ID | |
cd9e6b16 | 12 | * |
984c91b7 | 13 | * test parameters for reactivating a user account - done |
14 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF | |
15 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type | |
cd9e6b16 | 16 | * |
984c91b7 | 17 | * test parameters for updating user account info - done |
18 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF | |
19 | * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF | |
20 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type | |
21 | * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated | |
78af4e6e | 22 | * |
984c91b7 | 23 | * test parameters for changing user name - testing |
24 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF | |
25 | * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF | |
26 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type | |
cd9e6b16 | 27 | * |
984c91b7 | 28 | * test parameters for add member to group/list - done |
29 | * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1 | |
30 | * imembers 0 9 pismere-team STRING hope@ful.net 1 1 0 1 1 -1 | |
31 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid | |
cd9e6b16 | 32 | * |
984c91b7 | 33 | * test parameters for remove member from group/list - done |
34 | * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1 | |
35 | * imembers 9 0 pismere-team STRING hope@ful.net 1 1 0 1 1 -1 | |
36 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid | |
cd9e6b16 | 37 | * |
9db0b148 | 38 | * test parameters for creating and/or populating a group/list - done |
984c91b7 | 39 | * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description |
40 | * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description | |
9db0b148 | 41 | * |
42 | * test parameters for deleting a group/list - done | |
984c91b7 | 43 | * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description |
44 | * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description | |
9db0b148 | 45 | * |
984c91b7 | 46 | * test parameters for renaming a group/list - done |
47 | * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description | |
48 | * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description | |
49 | * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description | |
cd9e6b16 | 50 | */ |
5d0a7127 | 51 | #include <mit-copyright.h> |
52 | #ifdef _WIN32 | |
53 | #include <windows.h> | |
54 | #include <stdlib.h> | |
55 | #include <malloc.h> | |
56 | #include <lmaccess.h> | |
57 | #endif | |
cd9e6b16 | 58 | |
59 | #include <string.h> | |
5d0a7127 | 60 | #include <ldap.h> |
61 | #include <stdio.h> | |
62 | #include <moira.h> | |
63 | #include <moira_site.h> | |
cd9e6b16 | 64 | #include <mrclient.h> |
5d0a7127 | 65 | #include <krb5.h> |
66 | #include <krb.h> | |
67 | #include <gsssasl.h> | |
68 | #include <gssldap.h> | |
cd9e6b16 | 69 | #include "kpasswd.h" |
70 | ||
71 | #ifdef _WIN32 | |
72 | #ifndef ECONNABORTED | |
73 | #define ECONNABORTED WSAECONNABORTED | |
74 | #endif | |
75 | #ifndef ECONNREFUSED | |
76 | #define ECONNREFUSED WSAECONNREFUSED | |
77 | #endif | |
78 | #ifndef EHOSTUNREACH | |
79 | #define EHOSTUNREACH WSAEHOSTUNREACH | |
80 | #endif | |
81 | #define krb5_xfree free | |
0d958b3c | 82 | #define F_OK 0 |
83 | #define sleep(A) Sleep(A * 1000); | |
cd9e6b16 | 84 | #endif /* _WIN32 */ |
5d0a7127 | 85 | |
86 | #ifndef _WIN32 | |
87 | #include <sys/utsname.h> | |
0d958b3c | 88 | #include <unistd.h> |
5d0a7127 | 89 | |
cd9e6b16 | 90 | #define UCHAR unsigned char |
91 | ||
5d0a7127 | 92 | #define UF_SCRIPT 0x0001 |
93 | #define UF_ACCOUNTDISABLE 0x0002 | |
94 | #define UF_HOMEDIR_REQUIRED 0x0008 | |
95 | #define UF_LOCKOUT 0x0010 | |
96 | #define UF_PASSWD_NOTREQD 0x0020 | |
97 | #define UF_PASSWD_CANT_CHANGE 0x0040 | |
cd9e6b16 | 98 | #define UF_DONT_EXPIRE_PASSWD 0x10000 |
5d0a7127 | 99 | |
100 | #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100 | |
101 | #define UF_NORMAL_ACCOUNT 0x0200 | |
102 | #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800 | |
103 | #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000 | |
104 | #define UF_SERVER_TRUST_ACCOUNT 0x2000 | |
105 | ||
106 | #ifndef BYTE | |
107 | #define BYTE unsigned char | |
108 | #endif | |
109 | typedef unsigned int DWORD; | |
110 | typedef unsigned long ULONG; | |
111 | ||
112 | typedef struct _GUID | |
113 | { | |
114 | unsigned long Data1; | |
115 | unsigned short Data2; | |
116 | unsigned short Data3; | |
117 | unsigned char Data4[8]; | |
118 | } GUID; | |
119 | ||
120 | typedef struct _SID_IDENTIFIER_AUTHORITY { | |
121 | BYTE Value[6]; | |
122 | } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; | |
123 | ||
124 | typedef struct _SID { | |
125 | BYTE Revision; | |
126 | BYTE SubAuthorityCount; | |
127 | SID_IDENTIFIER_AUTHORITY IdentifierAuthority; | |
128 | DWORD SubAuthority[512]; | |
129 | } SID; | |
130 | #endif/*!WIN32*/ | |
131 | ||
cd9e6b16 | 132 | #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002 |
133 | #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004 | |
134 | #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004 | |
135 | #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 | |
136 | #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000 | |
137 | ||
138 | #define QUERY_VERSION -1 | |
139 | #define PRIMARY_REALM "ATHENA.MIT.EDU" | |
140 | ||
5d0a7127 | 141 | #define SUBSTITUTE 1 |
142 | #define REPLACE 2 | |
143 | ||
cd9e6b16 | 144 | #define USERS 0 |
145 | #define GROUPS 1 | |
146 | ||
5d0a7127 | 147 | #define MEMBER_ADD 1 |
148 | #define MEMBER_REMOVE 2 | |
149 | #define MEMBER_CHANGE_NAME 3 | |
150 | #define MEMBER_ACTIVATE 4 | |
151 | #define MEMBER_DEACTIVATE 5 | |
cd9e6b16 | 152 | #define MEMBER_CREATE 6 |
5d0a7127 | 153 | |
5d0a7127 | 154 | typedef struct lk_entry { |
155 | int op; | |
156 | int length; | |
157 | int ber_value; | |
158 | char *dn; | |
159 | char *attribute; | |
160 | char *value; | |
161 | char *member; | |
162 | char *type; | |
163 | char *list; | |
164 | struct lk_entry *next; | |
165 | } LK_ENTRY; | |
166 | ||
0d958b3c | 167 | #define STOP_FILE "/moira/winad/nowinad" |
168 | #define file_exists(file) (access((file), F_OK) == 0) | |
169 | ||
5d0a7127 | 170 | #define LDAP_BERVAL struct berval |
cd9e6b16 | 171 | #define MAX_SERVER_NAMES 32 |
172 | ||
173 | #define ADD_ATTR(t, v, o) \ | |
174 | mods[n] = malloc(sizeof(LDAPMod)); \ | |
175 | mods[n]->mod_op = o; \ | |
176 | mods[n]->mod_type = t; \ | |
177 | mods[n++]->mod_values = v | |
5d0a7127 | 178 | |
179 | LK_ENTRY *member_base = NULL; | |
cd9e6b16 | 180 | LK_ENTRY *sid_base = NULL; |
181 | LK_ENTRY **sid_ptr = NULL; | |
0d958b3c | 182 | static char tbl_buf[1024]; |
cd9e6b16 | 183 | char kerberos_ou[] = "OU=kerberos, OU=moira, OU=athena"; |
184 | char contact_ou[] = "OU=strings, OU=moira, OU=athena"; | |
185 | char user_ou[] = "OU=users, OU=moira, OU=athena"; | |
186 | char group_ou_distribution[] = "OU=distribution, OU=lists, OU=moira, OU=athena"; | |
187 | char group_ou_security[] = "OU=security, OU=lists, OU=moira, OU=athena"; | |
188 | char group_ou_neither[] = "OU=neither, OU=lists, OU=moira, OU=athena"; | |
189 | char group_ou_both[] = "OU=both, OU=lists, OU=moira, OU=athena"; | |
190 | char group_ou_root[] = "OU=lists, OU=moira, OU=athena"; | |
5d0a7127 | 191 | char *whoami; |
cd9e6b16 | 192 | char group_manager[64]; |
193 | char ldap_domain[256]; | |
194 | char list_type[32]; | |
195 | char GroupType[2]; | |
196 | int maillist_flag; | |
197 | int group_flag; | |
198 | int mr_connections = 0; | |
78af4e6e | 199 | int callback_rc; |
cd9e6b16 | 200 | |
201 | extern int locate_ldap_server(char *domain, char *server_name[]); | |
202 | extern int set_password(char *user, char *domain); | |
203 | ||
0d958b3c | 204 | void check_winad(void); |
cd9e6b16 | 205 | int user_create(int ac, char **av, void *ptr); |
9db0b148 | 206 | int user_change_status(int ac, char **av, void *ptr); |
cd9e6b16 | 207 | int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name); |
9db0b148 | 208 | int user_rename(int ac, char **av, void *ptr); |
78af4e6e | 209 | int user_update(int ac, char **av, void *ptr); |
cd9e6b16 | 210 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou); |
211 | int get_group_info(int ac, char**av, void *ptr); | |
212 | int group_create(int ac, char **av, void *ptr); | |
213 | int group_delete(int ac, char **av, void *ptr); | |
78af4e6e | 214 | int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name); |
cd9e6b16 | 215 | int group_list_build(int ac, char **av, void *ptr); |
9db0b148 | 216 | int group_rename(int ac, char **av, void *ptr); |
cd9e6b16 | 217 | int member_list_build(int ac, char **av, void *ptr); |
9db0b148 | 218 | int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name, |
219 | char *group_ou, char *group_membership, char *group_gid); | |
78af4e6e | 220 | int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, |
221 | char *group_ou, char *group_membership, char *group_gid); | |
cd9e6b16 | 222 | int sid_update(LDAP *ldap_handle, char *dn_path); |
223 | int check_string(char *s); | |
224 | void convert_b_to_a(char *string, UCHAR *binary, int length); | |
225 | int mr_connect_cl(char *server, char *client, int version, int auth); | |
226 | ||
5d0a7127 | 227 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 228 | char **before, int beforec, char **after, int afterc); |
5d0a7127 | 229 | void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname, |
cd9e6b16 | 230 | char *dn_path, char **before, int beforec, char **after, |
231 | int afterc); | |
5d0a7127 | 232 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 233 | char **before, int beforec, char **after, int afterc); |
234 | int linklist_create_entry(char *attribute, char *value, | |
235 | LK_ENTRY **linklist_entry); | |
5d0a7127 | 236 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 237 | char **attr_array, LK_ENTRY **linklist_base, |
238 | int *linklist_count); | |
5d0a7127 | 239 | void linklist_free(LK_ENTRY *linklist_base); |
cd9e6b16 | 240 | |
241 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
242 | char *distinguished_name, LK_ENTRY **linklist_current); | |
243 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
244 | LK_ENTRY **linklist_base, int *linklist_count); | |
245 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
246 | char *Attribute, char *distinguished_name, | |
247 | LK_ENTRY **linklist_current); | |
248 | ||
249 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
250 | char *oldValue, char *newValue, | |
251 | char ***modvalues, int type); | |
252 | void free_values(char **modvalues); | |
253 | ||
254 | int convert_domain_to_dn(char *domain, char **bind_path); | |
5d0a7127 | 255 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 256 | char *distinguished_name); |
5d0a7127 | 257 | int moira_disconnect(void); |
258 | int moira_connect(void); | |
259 | void print_to_screen(const char *fmt, ...); | |
5d0a7127 | 260 | |
261 | int main(int argc, char **argv) | |
262 | { | |
cd9e6b16 | 263 | unsigned long rc; |
264 | int beforec; | |
265 | int afterc; | |
266 | int Max_wait_time = 500; | |
267 | int Max_size_limit = LDAP_NO_LIMIT; | |
268 | int i; | |
269 | char *dn_path; | |
270 | char *table; | |
271 | char **before; | |
272 | char **after; | |
273 | char search_exp[1024]; | |
274 | char *server_name[MAX_SERVER_NAMES]; | |
275 | ULONG version = LDAP_VERSION3; | |
276 | LDAP *ldap_handle; | |
277 | LDAPMessage *ldap_entry; | |
5d0a7127 | 278 | FILE *fptr; |
cd9e6b16 | 279 | |
5d0a7127 | 280 | whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]); |
cd9e6b16 | 281 | |
282 | if (argc < 4) | |
283 | { | |
284 | com_err(whoami, 0, "%s", "argc < 4"); | |
285 | exit(1); | |
286 | } | |
287 | beforec = atoi(argv[2]); | |
288 | afterc = atoi(argv[3]); | |
289 | ||
290 | if (argc < (4 + beforec + afterc)) | |
291 | { | |
292 | com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)"); | |
293 | exit(1); | |
294 | } | |
295 | ||
296 | table = argv[1]; | |
297 | before = &argv[4]; | |
298 | after = &argv[4 + beforec]; | |
299 | ||
0d958b3c | 300 | strcpy(tbl_buf, table); |
301 | strcat(tbl_buf, " ("); | |
302 | for (i = 0; i < beforec; i++) | |
303 | { | |
304 | if (i > 0) | |
305 | strcat(tbl_buf, ","); | |
306 | strcat(tbl_buf, before[i]); | |
307 | } | |
308 | strcat(tbl_buf, ")->("); | |
309 | for (i = 0; i < afterc; i++) | |
310 | { | |
311 | if (i > 0) | |
312 | strcat(tbl_buf, ","); | |
313 | strcat(tbl_buf, after[i]); | |
314 | } | |
315 | strcat(tbl_buf, ")"); | |
316 | check_winad(); | |
317 | ||
cd9e6b16 | 318 | memset(ldap_domain, '\0', sizeof(ldap_domain)); |
5d0a7127 | 319 | if ((fptr = fopen("winad.cfg", "r")) != NULL) |
320 | { | |
cd9e6b16 | 321 | fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr); |
5d0a7127 | 322 | fclose(fptr); |
323 | } | |
cd9e6b16 | 324 | if (strlen(ldap_domain) == 0) |
9db0b148 | 325 | strcpy(ldap_domain, "win.mit.edu"); |
5d0a7127 | 326 | initialize_sms_error_table(); |
327 | initialize_krb_error_table(); | |
cd9e6b16 | 328 | |
5d0a7127 | 329 | memset(search_exp, '\0', sizeof(search_exp)); |
330 | ldap_entry = NULL; | |
331 | dn_path = NULL; | |
cd9e6b16 | 332 | convert_domain_to_dn(ldap_domain, &dn_path); |
5d0a7127 | 333 | if (dn_path == NULL) |
cd9e6b16 | 334 | { |
335 | com_err(whoami, 0, "%s", "cannot create AD path"); | |
336 | exit(1); | |
337 | } | |
338 | memset(server_name, '\0', sizeof(server_name[0]) * MAX_SERVER_NAMES); | |
339 | if (locate_ldap_server(ldap_domain, server_name) == -1) | |
340 | { | |
341 | com_err(whoami, 0, "%s %s", "cannot locate any server in domain ", | |
342 | ldap_domain); | |
343 | exit(1); | |
344 | } | |
345 | ||
346 | for (i = 0; i < MAX_SERVER_NAMES; i++) | |
347 | { | |
348 | if (server_name[i] != NULL) | |
349 | { | |
350 | if ((ldap_handle = ldap_open(server_name[i], LDAP_PORT)) != NULL) | |
351 | { | |
352 | break; | |
353 | } | |
354 | } | |
355 | } | |
356 | if (i >= MAX_SERVER_NAMES) | |
357 | { | |
358 | com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ", | |
359 | ldap_domain); | |
360 | exit(1); | |
361 | } | |
362 | for (i = 0; i < MAX_SERVER_NAMES; i++) | |
363 | { | |
364 | if (server_name[i] != NULL) | |
365 | free(server_name[i]); | |
366 | } | |
5d0a7127 | 367 | rc = ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &version); |
368 | rc = ldap_set_option(ldap_handle, LDAP_OPT_TIMELIMIT, | |
369 | (void *)&Max_wait_time); | |
370 | rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, | |
371 | (void *)&Max_size_limit); | |
372 | rc = ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); | |
cd9e6b16 | 373 | rc = ldap_adgssapi_bind(ldap_handle, dn_path, GSSSASL_PRIVACY_PROTECTION); |
5d0a7127 | 374 | if (rc != LDAP_SUCCESS) |
cd9e6b16 | 375 | exit(1); |
376 | ||
9db0b148 | 377 | for (i = 0; i < (int)strlen(table); i++) |
378 | table[i] = tolower(table[i]); | |
5d0a7127 | 379 | if (!strcmp(table, "users")) |
cd9e6b16 | 380 | do_user(ldap_handle, ldap_entry, ldap_domain, dn_path, before, beforec, |
381 | after, afterc); | |
5d0a7127 | 382 | else if (!strcmp(table, "list")) |
cd9e6b16 | 383 | do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
384 | afterc); | |
5d0a7127 | 385 | else if (!strcmp(table, "imembers")) |
cd9e6b16 | 386 | do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
387 | afterc); | |
388 | /* | |
389 | else if (!strcmp(table, "filesys")) | |
390 | do_filesys(before, beforec, after, afterc); | |
391 | else if (!strcmp(table, "quota")) | |
392 | do_quota(before, beforec, after, afterc); | |
393 | */ | |
5d0a7127 | 394 | rc = ldap_unbind_s(ldap_handle); |
395 | free(dn_path); | |
5d0a7127 | 396 | exit(0); |
397 | } | |
398 | ||
cd9e6b16 | 399 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
400 | char **before, int beforec, char **after, int afterc) | |
5d0a7127 | 401 | { |
cd9e6b16 | 402 | int ahide; |
403 | int bhide; | |
9db0b148 | 404 | int apublic; |
405 | int bpublic; | |
78af4e6e | 406 | int bgroup; |
407 | int agroup; | |
9db0b148 | 408 | int amaillist; |
984c91b7 | 409 | int bmaillist; |
410 | int bstatus; | |
411 | int astatus; | |
cd9e6b16 | 412 | long rc; |
413 | char *av[3]; | |
414 | char *call_args[6]; | |
415 | ||
9db0b148 | 416 | |
417 | if (beforec == 0 && afterc == 0) | |
418 | return; | |
419 | ||
984c91b7 | 420 | astatus = bstatus = 0; |
9db0b148 | 421 | ahide = bhide = 0; |
422 | apublic = bpublic = 0; | |
984c91b7 | 423 | amaillist = bmaillist = 0; |
424 | if (beforec != 0) | |
5d0a7127 | 425 | { |
984c91b7 | 426 | if (atoi(before[L_ACTIVE])) |
427 | { | |
428 | bstatus = atoi(before[L_ACTIVE]); | |
429 | bhide = atoi(before[L_HIDDEN]); | |
430 | bpublic = atoi(before[L_PUBLIC]); | |
431 | bmaillist = atoi(before[L_MAILLIST]); | |
432 | bgroup = atoi(before[L_GROUP]); | |
433 | } | |
434 | } | |
435 | if (afterc != 0) | |
5d0a7127 | 436 | { |
984c91b7 | 437 | if (atoi(after[L_ACTIVE])) |
438 | { | |
439 | astatus = atoi(after[L_ACTIVE]); | |
440 | ahide = atoi(after[L_HIDDEN]); | |
441 | apublic = atoi(after[L_PUBLIC]); | |
442 | amaillist = atoi(after[L_MAILLIST]); | |
443 | agroup = atoi(after[L_GROUP]); | |
444 | } | |
5d0a7127 | 445 | } |
cd9e6b16 | 446 | |
cd9e6b16 | 447 | if (rc = moira_connect()) |
448 | { | |
449 | critical_alert("AD incremental", | |
78af4e6e | 450 | "Error contacting Moira server : %s", |
cd9e6b16 | 451 | error_message(rc)); |
452 | return; | |
453 | } | |
454 | ||
984c91b7 | 455 | if (astatus && bstatus) |
456 | { | |
457 | if ((bmaillist == amaillist) && (bgroup == agroup) && | |
458 | (!strcmp(before[L_NAME], after[L_NAME]))) | |
459 | return; | |
460 | com_err(whoami, 0, "Changing group %s to %s", | |
461 | before[L_NAME], after[L_NAME]); | |
462 | ||
463 | av[0] = after[L_NAME]; | |
464 | call_args[0] = (char *)ldap_handle; | |
465 | call_args[1] = dn_path; | |
466 | call_args[2] = before[L_NAME]; | |
467 | call_args[3] = before[L_MAILLIST]; | |
468 | call_args[4] = before[L_GROUP]; | |
469 | call_args[5] = NULL; | |
470 | callback_rc = 0; | |
471 | if (rc = mr_query("get_list_info", 1, av, group_rename, call_args)) | |
472 | { | |
bcf1ed58 | 473 | if (callback_rc != LDAP_NO_SUCH_OBJECT) |
984c91b7 | 474 | { |
475 | critical_alert("AD incremental", | |
476 | "Could not change list %s to %s : %s", | |
477 | before[L_NAME], | |
478 | after[L_NAME], error_message(rc)); | |
479 | goto cleanup; | |
480 | } | |
481 | callback_rc = LDAP_NO_SUCH_OBJECT; | |
482 | } | |
483 | if (callback_rc != LDAP_NO_SUCH_OBJECT) | |
484 | goto cleanup; | |
485 | bstatus = 0; | |
486 | } | |
487 | if (bstatus) | |
488 | { | |
489 | com_err(whoami, 0, "Deleting group %s", before[L_NAME]); | |
490 | rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME]); | |
cd9e6b16 | 491 | goto cleanup; |
5d0a7127 | 492 | } |
984c91b7 | 493 | if (astatus) |
5d0a7127 | 494 | { |
984c91b7 | 495 | com_err(whoami, 0, "Creating group %s", after[L_NAME]); |
cd9e6b16 | 496 | |
984c91b7 | 497 | av[0] = after[L_NAME]; |
cd9e6b16 | 498 | call_args[0] = (char *)ldap_handle; |
499 | call_args[1] = dn_path; | |
984c91b7 | 500 | call_args[2] = after[L_NAME]; |
cd9e6b16 | 501 | call_args[3] = NULL; |
502 | call_args[4] = NULL; | |
9db0b148 | 503 | call_args[5] = NULL; |
cd9e6b16 | 504 | sid_base = NULL; |
505 | sid_ptr = &sid_base; | |
78af4e6e | 506 | if (rc = mr_query("get_list_info", 1, av, group_create, call_args)) |
cd9e6b16 | 507 | { |
78af4e6e | 508 | critical_alert("AD incremental", "Couldn't create list %s : %s", |
984c91b7 | 509 | after[L_NAME], error_message(rc)); |
cd9e6b16 | 510 | goto cleanup; |
511 | } | |
512 | if (sid_base != NULL) | |
513 | { | |
514 | sid_update(ldap_handle, dn_path); | |
515 | linklist_free(sid_base); | |
516 | } | |
517 | ||
9db0b148 | 518 | if (afterc == 0) |
cd9e6b16 | 519 | goto cleanup; |
78af4e6e | 520 | member_base = NULL; |
cd9e6b16 | 521 | if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build, |
522 | call_args))) | |
523 | { | |
78af4e6e | 524 | if (member_base != NULL) |
984c91b7 | 525 | rc = member_list_process(ldap_handle, dn_path, after[L_NAME], |
78af4e6e | 526 | call_args[3], call_args[4], call_args[5]); |
cd9e6b16 | 527 | } |
78af4e6e | 528 | else |
cd9e6b16 | 529 | { |
530 | critical_alert("AD incremental", | |
78af4e6e | 531 | "Error contacting Moira server to resolve %s : %s", |
984c91b7 | 532 | after[L_NAME], error_message(rc)); |
cd9e6b16 | 533 | } |
5d0a7127 | 534 | linklist_free(member_base); |
cd9e6b16 | 535 | goto cleanup; |
5d0a7127 | 536 | } |
cd9e6b16 | 537 | cleanup: |
538 | moira_disconnect(); | |
5d0a7127 | 539 | } |
540 | ||
984c91b7 | 541 | #define LM_EXTRA_ACTIVE (LM_END) |
542 | ||
5d0a7127 | 543 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 544 | char **before, int beforec, char **after, int afterc) |
5d0a7127 | 545 | { |
cd9e6b16 | 546 | char *call_args[6]; |
547 | char *av[2]; | |
548 | char group_name[128]; | |
549 | char user_name[128]; | |
9db0b148 | 550 | char user_type[128]; |
cd9e6b16 | 551 | int rc; |
552 | ||
5d0a7127 | 553 | if (afterc) |
554 | { | |
984c91b7 | 555 | if (!atoi(after[LM_EXTRA_ACTIVE])) |
cd9e6b16 | 556 | return; |
984c91b7 | 557 | strcpy(user_name, after[LM_MEMBER]); |
558 | strcpy(group_name, after[LM_LIST]); | |
559 | strcpy(user_type, after[LM_TYPE]); | |
9db0b148 | 560 | |
5d0a7127 | 561 | } |
562 | else if (beforec) | |
563 | { | |
984c91b7 | 564 | if (!atoi(before[LM_EXTRA_ACTIVE])) |
9db0b148 | 565 | return; |
984c91b7 | 566 | strcpy(user_name, before[LM_MEMBER]); |
567 | strcpy(group_name, before[LM_LIST]); | |
568 | strcpy(user_type, before[LM_TYPE]); | |
5d0a7127 | 569 | } |
cd9e6b16 | 570 | |
571 | if (rc = moira_connect()) | |
572 | { | |
573 | critical_alert("AD incremental", | |
78af4e6e | 574 | "Moira error retrieving grouplist of user %s : %s", |
cd9e6b16 | 575 | user_name, error_message(rc)); |
576 | return; | |
577 | } | |
578 | av[0] = group_name; | |
579 | call_args[0] = (char *)ldap_handle; | |
580 | call_args[1] = dn_path; | |
581 | call_args[2] = group_name; | |
582 | call_args[3] = NULL; | |
583 | call_args[4] = NULL; | |
9db0b148 | 584 | call_args[5] = NULL; |
cd9e6b16 | 585 | member_base = NULL; |
586 | sid_base = NULL; | |
587 | sid_ptr = &sid_base; | |
588 | if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args))) | |
589 | { | |
590 | if (sid_base != NULL) | |
591 | { | |
592 | sid_update(ldap_handle, dn_path); | |
593 | linklist_free(sid_base); | |
594 | } | |
78af4e6e | 595 | member_base = NULL; |
cd9e6b16 | 596 | if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build, |
597 | call_args))) | |
598 | { | |
78af4e6e | 599 | if (member_base == NULL) |
600 | { | |
601 | member_remove(ldap_handle, dn_path, group_name, | |
602 | call_args[3], call_args[4], call_args[5]); | |
603 | } | |
604 | else | |
605 | { | |
606 | rc = member_list_process(ldap_handle, dn_path, group_name, | |
607 | call_args[3], call_args[4], call_args[5]); | |
608 | } | |
cd9e6b16 | 609 | } |
610 | } | |
611 | if (rc) | |
612 | { | |
613 | if (afterc) | |
614 | critical_alert("AD incremental", "Couldn't add %s to group %s ", | |
615 | user_name, group_name); | |
616 | else | |
617 | critical_alert("AD incremental", "Couldn't remove %s from group %s ", | |
618 | user_name, group_name); | |
619 | } | |
620 | linklist_free(member_base); | |
621 | if (call_args[3] != NULL) | |
622 | free(call_args[3]); | |
623 | if (call_args[4] != NULL) | |
624 | free(call_args[4]); | |
625 | moira_disconnect(); | |
5d0a7127 | 626 | } |
627 | ||
cd9e6b16 | 628 | |
5d0a7127 | 629 | void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname, |
cd9e6b16 | 630 | char *dn_path, char **before, int beforec, char **after, |
631 | int afterc) | |
5d0a7127 | 632 | { |
984c91b7 | 633 | int rc; |
634 | char *av[2]; | |
635 | char *call_args[6]; | |
636 | int astate; | |
637 | int bstate; | |
638 | ||
639 | ||
640 | if ((beforec == 0) || (afterc == 0)) | |
641 | return; | |
642 | ||
643 | astate = 0; | |
644 | bstate = 0; | |
645 | if (afterc > U_STATE) | |
646 | astate = atoi(after[U_STATE]); | |
647 | if (beforec > U_STATE) | |
648 | bstate = atoi(before[U_STATE]); | |
649 | ||
650 | if (astate == 2) | |
651 | astate = 1; | |
652 | if (bstate == 2) | |
653 | bstate = 1; | |
654 | ||
655 | if ((bstate == 0) && (astate == 0)) | |
656 | return; | |
cd9e6b16 | 657 | |
cd9e6b16 | 658 | if (rc = moira_connect()) |
5d0a7127 | 659 | { |
cd9e6b16 | 660 | critical_alert("AD incremental", |
78af4e6e | 661 | "Error connection to Moira : %s", |
cd9e6b16 | 662 | error_message(rc)); |
5d0a7127 | 663 | return; |
664 | } | |
5d0a7127 | 665 | |
984c91b7 | 666 | if (astate == bstate) |
78af4e6e | 667 | { |
984c91b7 | 668 | if (!strcmp(before[U_NAME], after[U_NAME])) |
78af4e6e | 669 | { |
984c91b7 | 670 | com_err(whoami, 0, "Updating user %s info", before[U_NAME]); |
671 | av[0] = before[U_NAME]; | |
672 | call_args[0] = (char *)ldap_handle; | |
673 | call_args[1] = dn_path; | |
674 | sid_base = NULL; | |
675 | sid_ptr = &sid_base; | |
676 | callback_rc = 0; | |
677 | if (rc = mr_query("get_user_account_by_login", 1, av, user_update, | |
678 | call_args)) | |
679 | { | |
bcf1ed58 | 680 | if (callback_rc != LDAP_NO_SUCH_OBJECT) |
681 | { | |
682 | critical_alert("AD incremental", | |
683 | "Could not update user %s info : %s", | |
684 | before[U_NAME], | |
685 | error_message(rc)); | |
686 | goto cleanup; | |
687 | } | |
984c91b7 | 688 | } |
78af4e6e | 689 | } |
bcf1ed58 | 690 | else |
cd9e6b16 | 691 | { |
bcf1ed58 | 692 | com_err(whoami, 0, "Changing user %s to %s", before[U_NAME], |
693 | after[U_NAME]); | |
694 | av[0] = after[U_NAME]; | |
695 | call_args[0] = (char *)ldap_handle; | |
696 | call_args[1] = dn_path; | |
697 | call_args[2] = (char *)MEMBER_ACTIVATE; | |
698 | call_args[3] = before[U_NAME]; | |
699 | sid_base = NULL; | |
700 | sid_ptr = &sid_base; | |
701 | callback_rc = 0; | |
702 | if (rc = mr_query("get_user_account_by_login", 1, av, user_rename, | |
703 | call_args)) | |
78af4e6e | 704 | { |
bcf1ed58 | 705 | if (callback_rc != LDAP_NO_SUCH_OBJECT) |
706 | { | |
707 | critical_alert("AD incremental", | |
708 | "Could not change user %s to %s : %s", | |
709 | before[U_NAME], | |
710 | after[U_NAME], error_message(rc)); | |
711 | goto cleanup; | |
712 | } | |
78af4e6e | 713 | } |
cd9e6b16 | 714 | } |
78af4e6e | 715 | if (callback_rc != LDAP_NO_SUCH_OBJECT) |
716 | goto cleanup; | |
984c91b7 | 717 | bstate = 0; |
5d0a7127 | 718 | } |
984c91b7 | 719 | if (bstate == 1) |
5d0a7127 | 720 | { |
984c91b7 | 721 | com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]); |
722 | av[0] = before[U_NAME]; | |
9db0b148 | 723 | call_args[0] = (char *)ldap_handle; |
724 | call_args[1] = dn_path; | |
725 | call_args[2] = (char *)MEMBER_DEACTIVATE; | |
726 | if (rc = mr_query("get_user_account_by_login", 1, av, user_change_status, | |
727 | call_args)) | |
cd9e6b16 | 728 | { |
729 | critical_alert("AD incremental", | |
78af4e6e | 730 | "Couldn't deactivate user %s in the AD : %s", |
984c91b7 | 731 | before[U_NAME], error_message(rc)); |
cd9e6b16 | 732 | } |
5d0a7127 | 733 | goto cleanup; |
734 | } | |
984c91b7 | 735 | if (astate == 1) |
5d0a7127 | 736 | { |
9db0b148 | 737 | com_err(whoami, 0, "%s user %s", "Creating/Reactivating", |
984c91b7 | 738 | after[U_NAME]); |
5d0a7127 | 739 | |
984c91b7 | 740 | av[0] = after[U_NAME]; |
cd9e6b16 | 741 | call_args[0] = (char *)ldap_handle; |
742 | call_args[1] = dn_path; | |
9db0b148 | 743 | call_args[2] = (char *)MEMBER_ACTIVATE; |
744 | call_args[3] = NULL; | |
cd9e6b16 | 745 | sid_base = NULL; |
746 | sid_ptr = &sid_base; | |
747 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, | |
748 | call_args)) | |
749 | { | |
78af4e6e | 750 | critical_alert("AD incremental", "Couldn't create/activate user %s : %s", |
984c91b7 | 751 | after[U_NAME], error_message(rc)); |
cd9e6b16 | 752 | goto cleanup; |
753 | } | |
754 | if (sid_base != NULL) | |
755 | { | |
756 | sid_update(ldap_handle, dn_path); | |
757 | linklist_free(sid_base); | |
758 | } | |
cd9e6b16 | 759 | } |
760 | cleanup: | |
761 | moira_disconnect(); | |
5d0a7127 | 762 | } |
763 | ||
764 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
cd9e6b16 | 765 | char *oldValue, char *newValue, |
766 | char ***modvalues, int type) | |
5d0a7127 | 767 | { |
cd9e6b16 | 768 | LK_ENTRY *linklist_ptr; |
769 | int i; | |
770 | char *cPtr; | |
5d0a7127 | 771 | |
cd9e6b16 | 772 | if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *))) |
773 | == NULL) | |
774 | { | |
775 | return(1); | |
776 | } | |
5d0a7127 | 777 | for (i = 0; i < (modvalue_count + 1); i++) |
cd9e6b16 | 778 | (*modvalues)[i] = NULL; |
5d0a7127 | 779 | if (modvalue_count != 0) |
780 | { | |
781 | linklist_ptr = linklist_base; | |
782 | for (i = 0; i < modvalue_count; i++) | |
cd9e6b16 | 783 | { |
784 | if ((oldValue != NULL) && (newValue != NULL)) | |
785 | { | |
786 | if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue)) | |
787 | != (char *)NULL) | |
788 | { | |
789 | if (type == REPLACE) | |
790 | { | |
791 | if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1)) | |
792 | == NULL) | |
793 | return(1); | |
794 | memset((*modvalues)[i], '\0', strlen(newValue) + 1); | |
795 | strcpy((*modvalues)[i], newValue); | |
796 | } | |
797 | else | |
798 | { | |
799 | if (((*modvalues)[i] = calloc(1, | |
800 | (int)(cPtr - linklist_ptr->value) + | |
801 | (linklist_ptr->length - strlen(oldValue)) + | |
802 | strlen(newValue) + 1)) == NULL) | |
803 | return(1); | |
804 | memset((*modvalues)[i], '\0', | |
805 | (int)(cPtr - linklist_ptr->value) + | |
806 | (linklist_ptr->length - strlen(oldValue)) + | |
807 | strlen(newValue) + 1); | |
808 | memcpy((*modvalues)[i], linklist_ptr->value, | |
809 | (int)(cPtr - linklist_ptr->value)); | |
810 | strcat((*modvalues)[i], newValue); | |
811 | strcat((*modvalues)[i], | |
812 | &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]); | |
813 | } | |
814 | } | |
815 | else | |
816 | { | |
817 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
818 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
819 | memcpy((*modvalues)[i], linklist_ptr->value, | |
820 | linklist_ptr->length); | |
821 | } | |
822 | } | |
823 | else | |
824 | { | |
825 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
826 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
827 | memcpy((*modvalues)[i], linklist_ptr->value, | |
828 | linklist_ptr->length); | |
829 | } | |
830 | linklist_ptr = linklist_ptr->next; | |
831 | } | |
832 | (*modvalues)[i] = NULL; | |
5d0a7127 | 833 | } |
834 | return(0); | |
835 | } | |
836 | ||
cd9e6b16 | 837 | |
5d0a7127 | 838 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 839 | char **attr_array, LK_ENTRY **linklist_base, |
840 | int *linklist_count) | |
5d0a7127 | 841 | { |
cd9e6b16 | 842 | ULONG rc; |
5d0a7127 | 843 | LDAPMessage *ldap_entry; |
cd9e6b16 | 844 | |
845 | rc = 0; | |
5d0a7127 | 846 | ldap_entry = NULL; |
847 | (*linklist_base) = NULL; | |
848 | (*linklist_count) = 0; | |
849 | if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE, | |
cd9e6b16 | 850 | search_exp, attr_array, 0, &ldap_entry)) |
5d0a7127 | 851 | != LDAP_SUCCESS) |
852 | return(0); | |
cd9e6b16 | 853 | rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count); |
854 | ||
5d0a7127 | 855 | ldap_msgfree(ldap_entry); |
856 | return(rc); | |
857 | } | |
858 | ||
cd9e6b16 | 859 | |
5d0a7127 | 860 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 861 | LK_ENTRY **linklist_base, int *linklist_count) |
5d0a7127 | 862 | { |
cd9e6b16 | 863 | char distinguished_name[1024]; |
864 | LK_ENTRY *linklist_ptr; | |
865 | int rc; | |
866 | ||
5d0a7127 | 867 | if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL) |
868 | return(0); | |
cd9e6b16 | 869 | |
870 | memset(distinguished_name, '\0', sizeof(distinguished_name)); | |
871 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
872 | ||
873 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
874 | linklist_base)) != 0) | |
5d0a7127 | 875 | return(rc); |
cd9e6b16 | 876 | |
5d0a7127 | 877 | while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL) |
878 | { | |
cd9e6b16 | 879 | memset(distinguished_name, '\0', sizeof(distinguished_name)); |
880 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
881 | ||
882 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
883 | linklist_base)) != 0) | |
884 | return(rc); | |
5d0a7127 | 885 | } |
cd9e6b16 | 886 | |
5d0a7127 | 887 | linklist_ptr = (*linklist_base); |
888 | (*linklist_count) = 0; | |
889 | while (linklist_ptr != NULL) | |
890 | { | |
891 | ++(*linklist_count); | |
892 | linklist_ptr = linklist_ptr->next; | |
893 | } | |
894 | return(0); | |
895 | } | |
896 | ||
897 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
cd9e6b16 | 898 | char *distinguished_name, LK_ENTRY **linklist_current) |
5d0a7127 | 899 | { |
cd9e6b16 | 900 | char *Attribute; |
901 | BerElement *ptr; | |
902 | ||
5d0a7127 | 903 | ptr = NULL; |
cd9e6b16 | 904 | if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL) |
5d0a7127 | 905 | { |
cd9e6b16 | 906 | retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name, |
907 | linklist_current); | |
5d0a7127 | 908 | ldap_memfree(Attribute); |
cd9e6b16 | 909 | while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry, |
910 | ptr)) != NULL) | |
911 | { | |
912 | retrieve_values(ldap_handle, ldap_entry, Attribute, | |
913 | distinguished_name, linklist_current); | |
914 | ldap_memfree(Attribute); | |
915 | } | |
5d0a7127 | 916 | } |
cd9e6b16 | 917 | ldap_ber_free(ptr, 0); |
5d0a7127 | 918 | return(0); |
919 | } | |
920 | ||
cd9e6b16 | 921 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
922 | char *Attribute, char *distinguished_name, | |
923 | LK_ENTRY **linklist_current) | |
5d0a7127 | 924 | { |
cd9e6b16 | 925 | char **str_value; |
926 | char temp[256]; | |
927 | void **Ptr; | |
928 | int use_bervalue; | |
929 | LK_ENTRY *linklist_previous; | |
5d0a7127 | 930 | LDAP_BERVAL **ber_value; |
cd9e6b16 | 931 | DWORD ber_length; |
5d0a7127 | 932 | #ifdef LDAP_DEBUG |
cd9e6b16 | 933 | SID *sid; |
934 | GUID *guid; | |
935 | int i; | |
936 | int intValue; | |
937 | DWORD *subauth; | |
938 | SID_IDENTIFIER_AUTHORITY *sid_auth; | |
939 | unsigned char *subauth_count; | |
940 | #endif /*LDAP_BEGUG*/ | |
5d0a7127 | 941 | |
942 | use_bervalue = 0; | |
943 | memset(temp, '\0', sizeof(temp)); | |
944 | if ((!strcmp(Attribute, "objectSid")) || | |
945 | (!strcmp(Attribute, "objectGUID"))) | |
946 | use_bervalue = 1; | |
cd9e6b16 | 947 | |
5d0a7127 | 948 | if (use_bervalue) |
949 | { | |
950 | ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute); | |
951 | Ptr = (void **)ber_value; | |
952 | str_value = NULL; | |
cd9e6b16 | 953 | } |
5d0a7127 | 954 | else |
955 | { | |
956 | str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute); | |
957 | Ptr = (void **)str_value; | |
958 | ber_value = NULL; | |
959 | } | |
960 | if (Ptr != NULL) | |
961 | { | |
962 | for (; *Ptr; Ptr++) | |
cd9e6b16 | 963 | { |
964 | if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL) | |
965 | return(1); | |
966 | memset(linklist_previous, '\0', sizeof(LK_ENTRY)); | |
967 | linklist_previous->next = (*linklist_current); | |
968 | (*linklist_current) = linklist_previous; | |
969 | ||
970 | if (((*linklist_current)->attribute = calloc(1, | |
971 | strlen(Attribute) + 1)) == NULL) | |
972 | return(1); | |
973 | memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1); | |
974 | strcpy((*linklist_current)->attribute, Attribute); | |
975 | if (use_bervalue) | |
976 | { | |
977 | ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len; | |
978 | if (((*linklist_current)->value = calloc(1, ber_length)) == NULL) | |
979 | return(1); | |
980 | memset((*linklist_current)->value, '\0', ber_length); | |
981 | memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val, | |
982 | ber_length); | |
983 | (*linklist_current)->length = ber_length; | |
984 | } | |
985 | else | |
986 | { | |
987 | if (((*linklist_current)->value = calloc(1, | |
988 | strlen(*Ptr) + 1)) == NULL) | |
989 | return(1); | |
990 | memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1); | |
991 | (*linklist_current)->length = strlen(*Ptr); | |
992 | strcpy((*linklist_current)->value, *Ptr); | |
993 | } | |
994 | (*linklist_current)->ber_value = use_bervalue; | |
995 | if (((*linklist_current)->dn = calloc(1, | |
996 | strlen(distinguished_name) + 1)) == NULL) | |
997 | return(1); | |
998 | memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1); | |
999 | strcpy((*linklist_current)->dn, distinguished_name); | |
1000 | ||
5d0a7127 | 1001 | #ifdef LDAP_DEBUG |
cd9e6b16 | 1002 | if (!strcmp(Attribute, "objectGUID")) |
1003 | { | |
1004 | guid = (GUID *)((*linklist_current)->value); | |
1005 | sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", | |
1006 | guid->Data1, guid->Data2, guid->Data3, | |
1007 | guid->Data4[0], guid->Data4[1], guid->Data4[2], | |
1008 | guid->Data4[3], guid->Data4[4], guid->Data4[5], | |
1009 | guid->Data4[6], guid->Data4[7]); | |
1010 | print_to_screen(" %20s : {%s}\n", Attribute, temp); | |
1011 | } | |
1012 | else if (!strcmp(Attribute, "objectSid")) | |
1013 | { | |
1014 | sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val); | |
5d0a7127 | 1015 | #ifdef _WIN32 |
cd9e6b16 | 1016 | print_to_screen(" Revision = %d\n", sid->Revision); |
1017 | print_to_screen(" SID Identifier Authority:\n"); | |
1018 | sid_auth = &sid->IdentifierAuthority; | |
1019 | if (sid_auth->Value[0]) | |
1020 | print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n"); | |
1021 | else if (sid_auth->Value[1]) | |
1022 | print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n"); | |
1023 | else if (sid_auth->Value[2]) | |
1024 | print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n"); | |
1025 | else if (sid_auth->Value[3]) | |
1026 | print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n"); | |
1027 | else if (sid_auth->Value[5]) | |
1028 | print_to_screen(" SECURITY_NT_AUTHORITY\n"); | |
1029 | else | |
1030 | print_to_screen(" UNKNOWN SID AUTHORITY\n"); | |
1031 | subauth_count = GetSidSubAuthorityCount(sid); | |
1032 | print_to_screen(" SidSubAuthorityCount = %d\n", | |
1033 | *subauth_count); | |
1034 | print_to_screen(" SidSubAuthority:\n"); | |
1035 | for (i = 0; i < *subauth_count; i++) | |
1036 | { | |
1037 | if ((subauth = GetSidSubAuthority(sid, i)) != NULL) | |
1038 | print_to_screen(" %u\n", *subauth); | |
1039 | } | |
5d0a7127 | 1040 | #endif |
cd9e6b16 | 1041 | } |
1042 | else if ((!memcmp(Attribute, "userAccountControl", | |
1043 | strlen("userAccountControl"))) || | |
1044 | (!memcmp(Attribute, "sAMAccountType", | |
1045 | strlen("sAmAccountType")))) | |
1046 | { | |
1047 | intValue = atoi(*Ptr); | |
1048 | print_to_screen(" %20s : %ld\n",Attribute, intValue); | |
1049 | if (!memcmp(Attribute, "userAccountControl", | |
1050 | strlen("userAccountControl"))) | |
1051 | { | |
1052 | if (intValue & UF_ACCOUNTDISABLE) | |
1053 | print_to_screen(" %20s : %s\n", | |
1054 | "", "Account disabled"); | |
1055 | else | |
1056 | print_to_screen(" %20s : %s\n", | |
1057 | "", "Account active"); | |
1058 | if (intValue & UF_HOMEDIR_REQUIRED) | |
1059 | print_to_screen(" %20s : %s\n", | |
1060 | "", "Home directory required"); | |
1061 | if (intValue & UF_LOCKOUT) | |
1062 | print_to_screen(" %20s : %s\n", | |
1063 | "", "Account locked out"); | |
1064 | if (intValue & UF_PASSWD_NOTREQD) | |
1065 | print_to_screen(" %20s : %s\n", | |
1066 | "", "No password required"); | |
1067 | if (intValue & UF_PASSWD_CANT_CHANGE) | |
1068 | print_to_screen(" %20s : %s\n", | |
1069 | "", "Cannot change password"); | |
1070 | if (intValue & UF_TEMP_DUPLICATE_ACCOUNT) | |
1071 | print_to_screen(" %20s : %s\n", | |
1072 | "", "Temp duplicate account"); | |
1073 | if (intValue & UF_NORMAL_ACCOUNT) | |
1074 | print_to_screen(" %20s : %s\n", | |
1075 | "", "Normal account"); | |
1076 | if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT) | |
1077 | print_to_screen(" %20s : %s\n", | |
1078 | "", "Interdomain trust account"); | |
1079 | if (intValue & UF_WORKSTATION_TRUST_ACCOUNT) | |
1080 | print_to_screen(" %20s : %s\n", | |
1081 | "", "Workstation trust account"); | |
1082 | if (intValue & UF_SERVER_TRUST_ACCOUNT) | |
1083 | print_to_screen(" %20s : %s\n", | |
1084 | "", "Server trust account"); | |
1085 | } | |
1086 | } | |
1087 | else | |
1088 | { | |
1089 | print_to_screen(" %20s : %s\n",Attribute, *Ptr); | |
1090 | } | |
5d0a7127 | 1091 | #endif /*LDAP_DEBUG*/ |
cd9e6b16 | 1092 | } |
5d0a7127 | 1093 | if (str_value != NULL) |
cd9e6b16 | 1094 | ldap_value_free(str_value); |
5d0a7127 | 1095 | if (ber_value != NULL) |
cd9e6b16 | 1096 | ldap_value_free_len(ber_value); |
5d0a7127 | 1097 | } |
1098 | (*linklist_current) = linklist_previous; | |
1099 | return(0); | |
1100 | } | |
1101 | ||
5d0a7127 | 1102 | int moira_connect(void) |
1103 | { | |
cd9e6b16 | 1104 | long rc; |
1105 | char HostName[64]; | |
1106 | ||
5d0a7127 | 1107 | if (!mr_connections++) |
1108 | { | |
1109 | #ifdef _WIN32 | |
1110 | memset(HostName, '\0', sizeof(HostName)); | |
1111 | strcpy(HostName, "ttsp"); | |
cd9e6b16 | 1112 | rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1); |
1113 | /*det | |
5d0a7127 | 1114 | rc = mr_connect(HostName); |
cd9e6b16 | 1115 | */ |
5d0a7127 | 1116 | #else |
1117 | struct utsname uts; | |
1118 | uname(&uts); | |
cd9e6b16 | 1119 | rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1); |
1120 | /* | |
5d0a7127 | 1121 | rc = mr_connect(uts.nodename); |
cd9e6b16 | 1122 | */ |
5d0a7127 | 1123 | #endif /*WIN32*/ |
cd9e6b16 | 1124 | /*det |
5d0a7127 | 1125 | if (!rc) |
cd9e6b16 | 1126 | rc = mr_auth("winad.incr"); |
1127 | */ | |
5d0a7127 | 1128 | return rc; |
1129 | } | |
1130 | return 0; | |
1131 | } | |
1132 | ||
0d958b3c | 1133 | void check_winad(void) |
1134 | { | |
1135 | int i; | |
1136 | ||
1137 | for (i = 0; file_exists(STOP_FILE); i++) | |
1138 | { | |
1139 | if (i > 30) | |
1140 | { | |
1141 | critical_alert("incremental", | |
1142 | "WINAD incremental failed (%s exists): %s", | |
1143 | STOP_FILE, tbl_buf); | |
1144 | exit(1); | |
1145 | } | |
1146 | sleep(60); | |
1147 | } | |
1148 | } | |
1149 | ||
5d0a7127 | 1150 | int moira_disconnect(void) |
1151 | { | |
5d0a7127 | 1152 | |
cd9e6b16 | 1153 | if (!--mr_connections) |
5d0a7127 | 1154 | { |
cd9e6b16 | 1155 | mr_disconnect(); |
5d0a7127 | 1156 | } |
cd9e6b16 | 1157 | return 0; |
5d0a7127 | 1158 | } |
1159 | ||
1160 | int convert_domain_to_dn(char *domain, char **dnp) | |
1161 | { | |
cd9e6b16 | 1162 | char *fp; |
1163 | char *dp; | |
1164 | char dn[1024]; | |
1165 | int dnlen = 1; | |
1166 | ||
5d0a7127 | 1167 | memset(dn, 0, sizeof(dn)); |
1168 | strcpy(dn, "dc="); | |
1169 | dp = dn+3; | |
1170 | for (fp = domain; *fp; fp++) | |
1171 | { | |
1172 | if (*fp == '.') | |
cd9e6b16 | 1173 | { |
1174 | strcpy(dp, ",dc="); | |
1175 | dp += 4; | |
1176 | } | |
5d0a7127 | 1177 | else |
cd9e6b16 | 1178 | *dp++ = *fp; |
5d0a7127 | 1179 | } |
cd9e6b16 | 1180 | |
5d0a7127 | 1181 | *dnp = (char *)strdup(dn); |
1182 | return 0; | |
1183 | } | |
1184 | ||
1185 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
cd9e6b16 | 1186 | char *distinguished_name) |
5d0a7127 | 1187 | { |
cd9e6b16 | 1188 | char *CName; |
1189 | ||
5d0a7127 | 1190 | CName = ldap_get_dn(ldap_handle, ldap_entry); |
1191 | if (CName == NULL) | |
1192 | return; | |
1193 | strcpy(distinguished_name, CName); | |
1194 | ldap_memfree(CName); | |
1195 | } | |
1196 | ||
1197 | int linklist_create_entry(char *attribute, char *value, | |
cd9e6b16 | 1198 | LK_ENTRY **linklist_entry) |
5d0a7127 | 1199 | { |
1200 | (*linklist_entry) = calloc(1, sizeof(LK_ENTRY)); | |
1201 | if (!(*linklist_entry)) | |
1202 | { | |
1203 | return(1); | |
1204 | } | |
1205 | memset((*linklist_entry), '\0', sizeof(LK_ENTRY)); | |
1206 | (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1); | |
1207 | memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1); | |
1208 | strcpy((*linklist_entry)->attribute, attribute); | |
1209 | (*linklist_entry)->value = calloc(1, strlen(value) + 1); | |
1210 | memset((*linklist_entry)->value, '\0', strlen(value) + 1); | |
1211 | strcpy((*linklist_entry)->value, value); | |
1212 | (*linklist_entry)->length = strlen(value); | |
1213 | (*linklist_entry)->next = NULL; | |
1214 | return(0); | |
1215 | } | |
1216 | ||
1217 | void print_to_screen(const char *fmt, ...) | |
1218 | { | |
1219 | va_list pvar; | |
cd9e6b16 | 1220 | |
5d0a7127 | 1221 | va_start(pvar, fmt); |
1222 | vfprintf(stderr, fmt, pvar); | |
1223 | fflush(stderr); | |
1224 | va_end(pvar); | |
1225 | } | |
cd9e6b16 | 1226 | |
1227 | int get_group_membership(char *group_membership, char *group_ou, | |
1228 | int *security_flag, char **av) | |
1229 | { | |
1230 | int maillist_flag; | |
1231 | int group_flag; | |
1232 | ||
1233 | maillist_flag = atoi(av[L_MAILLIST]); | |
1234 | group_flag = atoi(av[L_GROUP]); | |
1235 | if (security_flag != NULL) | |
1236 | (*security_flag) = 0; | |
1237 | ||
1238 | if ((maillist_flag) && (group_flag)) | |
1239 | { | |
1240 | if (group_membership != NULL) | |
1241 | group_membership[0] = 'B'; | |
1242 | if (security_flag != NULL) | |
1243 | (*security_flag) = 1; | |
1244 | if (group_ou != NULL) | |
1245 | strcpy(group_ou, group_ou_both); | |
1246 | } | |
1247 | else if ((!maillist_flag) && (group_flag)) | |
1248 | { | |
1249 | if (group_membership != NULL) | |
1250 | group_membership[0] = 'S'; | |
1251 | if (security_flag != NULL) | |
1252 | (*security_flag) = 1; | |
1253 | if (group_ou != NULL) | |
1254 | strcpy(group_ou, group_ou_security); | |
1255 | } | |
1256 | else if ((maillist_flag) && (!group_flag)) | |
1257 | { | |
1258 | if (group_membership != NULL) | |
1259 | group_membership[0] = 'D'; | |
1260 | if (group_ou != NULL) | |
1261 | strcpy(group_ou, group_ou_distribution); | |
1262 | } | |
1263 | else | |
1264 | { | |
1265 | if (group_membership != NULL) | |
1266 | group_membership[0] = 'N'; | |
1267 | if (group_ou != NULL) | |
1268 | strcpy(group_ou, group_ou_neither); | |
1269 | } | |
1270 | return(0); | |
1271 | } | |
1272 | ||
1273 | int get_group_info(int ac, char**av, void *ptr) | |
1274 | { | |
1275 | char **call_args; | |
1276 | ||
1277 | call_args = ptr; | |
1278 | ||
1279 | if (!atoi(av[L_ACTIVE])) | |
1280 | return(0); | |
1281 | if (ptr == NULL) | |
9db0b148 | 1282 | { |
78af4e6e | 1283 | get_group_membership(GroupType, NULL, NULL, av); |
9db0b148 | 1284 | } |
cd9e6b16 | 1285 | else |
9db0b148 | 1286 | { |
1287 | call_args[5] = av[L_NAME]; | |
cd9e6b16 | 1288 | get_group_membership(call_args[4], call_args[3], NULL, av); |
9db0b148 | 1289 | } |
cd9e6b16 | 1290 | |
1291 | return(0); | |
1292 | } | |
1293 | ||
9db0b148 | 1294 | int group_rename(int ac, char **av, void *ptr) |
1295 | { | |
1296 | LDAPMod *mods[20]; | |
1297 | char old_dn[512]; | |
1298 | char new_dn[512]; | |
78af4e6e | 1299 | char new_dn_path[512]; |
9db0b148 | 1300 | char group_ou[256]; |
78af4e6e | 1301 | char sam_name[256]; |
9db0b148 | 1302 | char group_membership[2]; |
1303 | char filter_exp[4096]; | |
1304 | char *attr_array[3]; | |
1305 | char *name_v[] = {NULL, NULL}; | |
78af4e6e | 1306 | char *samAccountName_v[] = {NULL, NULL}; |
9db0b148 | 1307 | int n; |
1308 | int i; | |
1309 | int rc; | |
1310 | int security_flag; | |
1311 | LK_ENTRY *group_base; | |
1312 | int group_count; | |
1313 | char **call_args; | |
78af4e6e | 1314 | char *maillist_flag = NULL; |
1315 | char *group_flag = NULL; | |
9db0b148 | 1316 | |
1317 | call_args = ptr; | |
1318 | ||
78af4e6e | 1319 | if (!check_string(call_args[2])) |
1320 | { | |
1321 | callback_rc = LDAP_NO_SUCH_OBJECT; | |
1322 | return(0); | |
1323 | } | |
1324 | if (!check_string(av[L_NAME])) | |
1325 | { | |
1326 | critical_alert("AD incremental - list rename", | |
1327 | "invalid LDAP list name %s", | |
1328 | av[L_NAME]); | |
1329 | return(0); | |
1330 | } | |
1331 | ||
9db0b148 | 1332 | memset(group_ou, 0, sizeof(group_ou)); |
1333 | memset(group_membership, 0, sizeof(group_membership)); | |
1334 | security_flag = 0; | |
9db0b148 | 1335 | |
78af4e6e | 1336 | maillist_flag = av[L_MAILLIST]; |
1337 | group_flag = av[L_GROUP]; | |
1338 | av[L_MAILLIST] = call_args[3]; | |
1339 | av[L_GROUP] = call_args[4]; | |
1340 | get_group_membership(group_membership, NULL, NULL, av); | |
1341 | av[L_MAILLIST] = maillist_flag; | |
1342 | av[L_GROUP] = group_flag; | |
9db0b148 | 1343 | |
78af4e6e | 1344 | sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", call_args[2], group_membership[0]); |
9db0b148 | 1345 | attr_array[0] = "distinguishedName"; |
1346 | attr_array[1] = NULL; | |
1347 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
1348 | &group_base, &group_count)) != 0) | |
1349 | { | |
78af4e6e | 1350 | critical_alert("AD incremental - list rename", |
1351 | "LDAP server unable to get list %s dn : %s", | |
1352 | call_args[2], ldap_err2string(rc)); | |
9db0b148 | 1353 | return(0); |
1354 | } | |
1355 | if (group_count != 1) | |
1356 | { | |
78af4e6e | 1357 | critical_alert("AD incremental - list rename", |
1358 | "LDAP server unable to find list %s in AD.", | |
1359 | call_args[2]); | |
1360 | callback_rc = LDAP_NO_SUCH_OBJECT; | |
9db0b148 | 1361 | return(0); |
1362 | } | |
1363 | strcpy(old_dn, group_base->value); | |
1364 | linklist_free(group_base); | |
1365 | group_base = NULL; | |
1366 | group_count = 0; | |
1367 | ||
78af4e6e | 1368 | get_group_membership(group_membership, group_ou, &security_flag, av); |
1369 | sprintf(sam_name, "%s_zZx%c", av[L_NAME], group_membership[0]); | |
1370 | sprintf(new_dn_path, "%s,%s", group_ou, call_args[1]); | |
1371 | sprintf(new_dn, "cn=%s", av[L_NAME]); | |
1372 | if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, new_dn_path, | |
1373 | TRUE, NULL, NULL)) != LDAP_SUCCESS) | |
1374 | { | |
1375 | critical_alert("AD incremental - list rename", | |
1376 | "Couldn't rename list from %s to %s : %s", | |
1377 | call_args[2], av[L_NAME], ldap_err2string(rc)); | |
1378 | return(0); | |
1379 | } | |
9db0b148 | 1380 | |
78af4e6e | 1381 | name_v[0] = av[L_NAME]; |
1382 | samAccountName_v[0] = sam_name; | |
9db0b148 | 1383 | n = 0; |
1384 | ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE); | |
78af4e6e | 1385 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE); |
9db0b148 | 1386 | mods[n] = NULL; |
78af4e6e | 1387 | sprintf(new_dn, "cn=%s,%s,%s", av[L_NAME], group_ou, call_args[1]); |
1388 | if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS) | |
1389 | { | |
1390 | critical_alert("AD incremental - list rename", | |
1391 | "After renaming, couldn't modify list data for %s : %s", | |
1392 | av[L_NAME], ldap_err2string(rc)); | |
1393 | } | |
9db0b148 | 1394 | for (i = 0; i < n; i++) |
1395 | free(mods[i]); | |
78af4e6e | 1396 | return(0); |
9db0b148 | 1397 | } |
1398 | ||
cd9e6b16 | 1399 | int group_create(int ac, char **av, void *ptr) |
1400 | { | |
1401 | LDAPMod *mods[20]; | |
1402 | char new_dn[256]; | |
1403 | char group_ou[256]; | |
1404 | char new_group_name[256]; | |
1405 | char sam_group_name[256]; | |
1406 | char cn_group_name[256]; | |
1407 | char *cn_v[] = {NULL, NULL}; | |
1408 | char *objectClass_v[] = {"top", "group", NULL}; | |
1409 | char info[256]; | |
1410 | char *samAccountName_v[] = {NULL, NULL}; | |
1411 | char *managedBy_v[] = {NULL, NULL}; | |
1412 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
1413 | char *name_v[] = {NULL, NULL}; | |
1414 | char *desc_v[] = {NULL, NULL}; | |
1415 | char *info_v[] = {NULL, NULL}; | |
1416 | char *groupTypeControl_v[] = {NULL, NULL}; | |
1417 | char groupTypeControlStr[80]; | |
1418 | char group_membership[1]; | |
1419 | int i; | |
1420 | int security_flag; | |
1421 | u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP; | |
1422 | int n; | |
1423 | int rc; | |
1424 | int sid_count; | |
1425 | char filter_exp[256]; | |
1426 | char *attr_array[3]; | |
1427 | char **call_args; | |
1428 | ||
1429 | call_args = ptr; | |
1430 | ||
1431 | if (!atoi(av[L_ACTIVE])) | |
1432 | return(0); | |
1433 | if (!check_string(av[L_NAME])) | |
78af4e6e | 1434 | { |
1435 | critical_alert("AD incremental - list create", | |
1436 | "invalid LDAP list name %s", | |
1437 | av[L_NAME]); | |
1438 | return(0); | |
1439 | } | |
cd9e6b16 | 1440 | memset(group_ou, 0, sizeof(group_ou)); |
1441 | memset(group_membership, 0, sizeof(group_membership)); | |
1442 | security_flag = 0; | |
1443 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
1444 | call_args[3] = strdup(group_ou); | |
1445 | call_args[4] = strdup(group_membership); | |
9db0b148 | 1446 | call_args[5] = strdup(av[L_NAME]); |
cd9e6b16 | 1447 | |
1448 | if (security_flag) | |
1449 | groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED; | |
1450 | sprintf(groupTypeControlStr, "%ld", groupTypeControl); | |
1451 | groupTypeControl_v[0] = groupTypeControlStr; | |
1452 | ||
1453 | strcpy(new_group_name, av[L_NAME]); | |
1454 | strcpy(sam_group_name, av[L_NAME]); | |
1455 | strcpy(cn_group_name, av[L_NAME]); | |
1456 | sprintf(&sam_group_name[strlen(sam_group_name)], | |
1457 | "_zZx%c", group_membership[0]); | |
1458 | ||
1459 | samAccountName_v[0] = sam_group_name; | |
1460 | name_v[0] = new_group_name; | |
9db0b148 | 1461 | cn_v[0] = new_group_name; |
cd9e6b16 | 1462 | |
9db0b148 | 1463 | sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]); |
cd9e6b16 | 1464 | n = 0; |
1465 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
1466 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1467 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
1468 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1469 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1470 | if (strlen(av[L_DESC]) != 0) | |
1471 | { | |
1472 | desc_v[0] = av[L_DESC]; | |
1473 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1474 | } | |
1475 | ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD); | |
78af4e6e | 1476 | if (strlen(av[L_ACE_NAME]) != 0) |
cd9e6b16 | 1477 | { |
1478 | sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]); | |
1479 | info_v[0] = info; | |
1480 | ADD_ATTR("info", info_v, LDAP_MOD_ADD); | |
1481 | } | |
1482 | mods[n] = NULL; | |
1483 | ||
1484 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
1485 | ||
1486 | for (i = 0; i < n; i++) | |
1487 | free(mods[i]); | |
1488 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
78af4e6e | 1489 | { |
1490 | critical_alert("AD incremental - list rename", | |
1491 | "Unable to create list %s in AD : %s", | |
1492 | av[L_NAME], ldap_err2string(rc)); | |
1493 | return(0); | |
1494 | } | |
cd9e6b16 | 1495 | sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name); |
1496 | attr_array[0] = "objectSid"; | |
1497 | attr_array[1] = NULL; | |
1498 | sid_count = 0; | |
1499 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
1500 | sid_ptr, &sid_count)) == LDAP_SUCCESS) | |
1501 | { | |
1502 | if (sid_count == 1) | |
1503 | { | |
1504 | (*sid_ptr)->member = strdup(av[L_NAME]); | |
1505 | (*sid_ptr)->type = (char *)GROUPS; | |
1506 | sid_ptr = &(*sid_ptr)->next; | |
1507 | } | |
1508 | } | |
78af4e6e | 1509 | return(0); |
cd9e6b16 | 1510 | } |
1511 | ||
1512 | int group_delete(int ac, char **av, void *ptr) | |
1513 | { | |
1514 | LK_ENTRY *group_base; | |
1515 | char **call_args; | |
1516 | char *attr_array[3]; | |
1517 | char filter_exp[1024]; | |
1518 | char group_membership[1]; | |
1519 | char group_ou[256]; | |
1520 | char sam_group_name[256]; | |
1521 | int security_flag; | |
1522 | int group_count; | |
1523 | int rc; | |
1524 | ||
1525 | call_args = ptr; | |
1526 | ||
1527 | if (!check_string(av[L_NAME])) | |
78af4e6e | 1528 | { |
1529 | critical_alert("AD incremental - list delete", | |
1530 | "invalid LDAP list name %s", | |
1531 | av[L_NAME]); | |
1532 | return(0); | |
1533 | } | |
cd9e6b16 | 1534 | memset(group_ou, 0, sizeof(group_ou)); |
1535 | memset(group_membership, 0, sizeof(group_membership)); | |
1536 | security_flag = 0; | |
1537 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
1538 | ||
1539 | group_count = 0; | |
1540 | group_base = NULL; | |
1541 | attr_array[0] = "distinguishedName"; | |
1542 | attr_array[1] = NULL; | |
1543 | strcpy(sam_group_name, av[L_NAME]); | |
1544 | sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c", | |
1545 | group_membership[0]); | |
1546 | sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name); | |
1547 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, | |
1548 | attr_array, &group_base, &group_count)) != 0) | |
1549 | goto cleanup; | |
1550 | if (group_count == 1) | |
cd9e6b16 | 1551 | { |
78af4e6e | 1552 | if ((rc = ldap_delete_s((LDAP *)call_args[0], group_base->value)) != LDAP_SUCCESS) |
1553 | { | |
1554 | critical_alert("AD incremental - list delete", | |
1555 | "Couldn't delete group %s : %s", | |
1556 | av[L_NAME], ldap_err2string(rc)); | |
1557 | } | |
1558 | } | |
1559 | else | |
1560 | { | |
1561 | critical_alert("AD incremental - list delete", | |
1562 | "Unable to find list %s in AD.", | |
1563 | av[L_NAME]); | |
cd9e6b16 | 1564 | } |
1565 | cleanup: | |
1566 | linklist_free(group_base); | |
78af4e6e | 1567 | return(0); |
cd9e6b16 | 1568 | } |
1569 | ||
78af4e6e | 1570 | int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name) |
cd9e6b16 | 1571 | { |
1572 | LK_ENTRY *group_base; | |
1573 | char *attr_array[3]; | |
1574 | char filter_exp[1024]; | |
1575 | char sam_group_name[256]; | |
1576 | char temp[512]; | |
1577 | int group_count; | |
1578 | int rc; | |
1579 | ||
78af4e6e | 1580 | if (!check_string(group_name)) |
1581 | { | |
1582 | critical_alert("AD incremental - list AD delete", | |
1583 | "invalid LDAP list name %s", | |
1584 | group_name); | |
1585 | return(0); | |
1586 | } | |
cd9e6b16 | 1587 | rc = 1; |
1588 | group_count = 0; | |
1589 | group_base = NULL; | |
1590 | attr_array[0] = "distinguishedName"; | |
1591 | attr_array[1] = NULL; | |
78af4e6e | 1592 | strcpy(sam_group_name, group_name); |
cd9e6b16 | 1593 | sprintf(temp, "%s,%s", group_ou_root, dn_path); |
1594 | sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name); | |
1595 | if (linklist_build(ldap_handle, temp, filter_exp, attr_array, | |
1596 | &group_base, &group_count) != 0) | |
1597 | goto cleanup; | |
1598 | if (group_count == 1) | |
78af4e6e | 1599 | { |
1600 | if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS) | |
1601 | { | |
1602 | critical_alert("AD incremental - list AD delete", | |
1603 | "Unable to delete list %s from AD : %s", | |
1604 | group_name, ldap_err2string(rc)); | |
1605 | return(0); | |
1606 | } | |
1607 | } | |
1608 | else | |
1609 | { | |
1610 | critical_alert("AD incremental - list AD delete", | |
1611 | "Unable to find list %s in AD.", | |
1612 | group_name); | |
1613 | } | |
cd9e6b16 | 1614 | cleanup: |
1615 | linklist_free(group_base); | |
78af4e6e | 1616 | return(0); |
cd9e6b16 | 1617 | } |
1618 | ||
1619 | int group_list_build(int ac, char **av, void *ptr) | |
1620 | { | |
1621 | LK_ENTRY *linklist; | |
1622 | char **call_args; | |
1623 | ||
1624 | call_args = ptr; | |
1625 | ||
1626 | if (!atoi(av[L_ACTIVE])) | |
1627 | return(0); | |
1628 | if (!check_string(av[L_NAME])) | |
1629 | return(0); | |
1630 | linklist = calloc(1, sizeof(LK_ENTRY)); | |
1631 | if (!linklist) | |
1632 | { | |
1633 | critical_alert("AD incremental", "Out of memory"); | |
1634 | exit(1); | |
1635 | } | |
1636 | memset(linklist, '\0', sizeof(LK_ENTRY)); | |
1637 | linklist->op = 1; | |
1638 | linklist->dn = NULL; | |
1639 | linklist->list = calloc(1, strlen(av[L_NAME]) + 1); | |
1640 | strcpy(linklist->list, av[L_NAME]); | |
1641 | linklist->type = calloc(1, strlen("USER") + 1); | |
1642 | strcpy(linklist->type, "USER"); | |
1643 | linklist->member = calloc(1, strlen(call_args[0]) + 1); | |
1644 | strcpy(linklist->member, call_args[0]); | |
1645 | linklist->next = member_base; | |
1646 | member_base = linklist; | |
1647 | return(0); | |
1648 | } | |
1649 | ||
1650 | int member_list_build(int ac, char **av, void *ptr) | |
1651 | { | |
1652 | LK_ENTRY *linklist; | |
78af4e6e | 1653 | char temp[1024]; |
cd9e6b16 | 1654 | char **call_args; |
1655 | ||
1656 | call_args = ptr; | |
1657 | ||
1658 | strcpy(temp, av[ACE_NAME]); | |
1659 | if (!check_string(temp)) | |
1660 | return(0); | |
1661 | if (!strcmp(av[ACE_TYPE], "STRING")) | |
1662 | { | |
78af4e6e | 1663 | if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou)) |
1664 | return(0); | |
cd9e6b16 | 1665 | } |
1666 | else if (!strcmp(av[ACE_TYPE], "LIST")) | |
1667 | { | |
1668 | strcpy(temp, av[ACE_NAME]); | |
1669 | } | |
1670 | else if (strcmp(av[ACE_TYPE], "USER")) | |
1671 | { | |
78af4e6e | 1672 | if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou)) |
1673 | return(0); | |
cd9e6b16 | 1674 | } |
1675 | linklist = member_base; | |
1676 | while (linklist) | |
1677 | { | |
1678 | if (!strcasecmp(temp, linklist->member)) | |
1679 | return(0); | |
1680 | linklist = linklist->next; | |
1681 | } | |
1682 | linklist = calloc(1, sizeof(LK_ENTRY)); | |
1683 | linklist->op = 1; | |
1684 | linklist->dn = NULL; | |
1685 | linklist->list = calloc(1, strlen(call_args[2]) + 1); | |
1686 | strcpy(linklist->list, call_args[2]); | |
1687 | linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1); | |
1688 | strcpy(linklist->type, av[ACE_TYPE]); | |
1689 | linklist->member = calloc(1, strlen(temp) + 1); | |
1690 | strcpy(linklist->member, temp); | |
1691 | linklist->next = member_base; | |
1692 | member_base = linklist; | |
1693 | return(0); | |
1694 | } | |
1695 | ||
78af4e6e | 1696 | int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, |
1697 | char *group_ou, char *group_membership, char *group_gid) | |
1698 | { | |
1699 | char distinguished_name[1024]; | |
1700 | char **modvalues; | |
1701 | char filter_exp[4096]; | |
1702 | char *attr_array[3]; | |
1703 | char temp[256]; | |
1704 | int group_count; | |
1705 | int i; | |
1706 | int n; | |
1707 | LDAPMod *mods[20]; | |
1708 | LK_ENTRY *group_base; | |
1709 | ULONG rc; | |
1710 | ||
1711 | if (!check_string(group_name)) | |
1712 | return(0); | |
1713 | strcpy(temp, group_name); | |
1714 | sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]); | |
1715 | attr_array[0] = "distinguishedName"; | |
1716 | attr_array[1] = NULL; | |
1717 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1718 | &group_base, &group_count)) != 0) | |
1719 | { | |
1720 | critical_alert("AD incremental - member remove", | |
1721 | "LDAP server unable to get list %s info : %s", | |
1722 | group_name, ldap_err2string(rc)); | |
1723 | goto cleanup; | |
1724 | } | |
1725 | if (group_count != 1) | |
1726 | { | |
1727 | critical_alert("AD incremental - member remove", | |
1728 | "LDAP server unable to find list %s in AD.", | |
1729 | group_name); | |
1730 | goto cleanup; | |
1731 | } | |
1732 | strcpy(distinguished_name, group_base->value); | |
1733 | linklist_free(group_base); | |
1734 | group_base = NULL; | |
1735 | group_count = 0; | |
1736 | attr_array[0] = "member"; | |
1737 | attr_array[1] = NULL; | |
1738 | if ((rc = linklist_build(ldap_handle, distinguished_name, filter_exp, attr_array, | |
1739 | &group_base, &group_count)) != 0) | |
1740 | { | |
1741 | critical_alert("AD incremental - member remove", | |
1742 | "LDAP server unable to get list %s info : %s", | |
1743 | group_name, ldap_err2string(rc)); | |
1744 | goto cleanup; | |
1745 | } | |
1746 | ||
1747 | modvalues = NULL; | |
1748 | if (group_count != 0) | |
1749 | { | |
1750 | if ((rc = construct_newvalues(group_base, group_count, NULL, NULL, | |
1751 | &modvalues, REPLACE)) == 1) | |
1752 | goto cleanup; | |
1753 | n = 0; | |
1754 | ADD_ATTR("member", modvalues, LDAP_MOD_DELETE); | |
1755 | mods[n] = NULL; | |
1756 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
1757 | for (i = 0; i < n; i++) | |
1758 | free(mods[i]); | |
1759 | if (rc != LDAP_SUCCESS) | |
1760 | { | |
1761 | critical_alert("AD incremental - member remove", | |
1762 | "LDAP server unable to modify list %s members : %s", | |
1763 | group_name, ldap_err2string(rc)); | |
1764 | goto cleanup; | |
1765 | } | |
1766 | linklist_free(group_base); | |
1767 | group_count = 0; | |
1768 | group_base = NULL; | |
1769 | } | |
1770 | ||
1771 | cleanup: | |
1772 | free_values(modvalues); | |
1773 | linklist_free(group_base); | |
1774 | return(rc); | |
1775 | } | |
1776 | ||
cd9e6b16 | 1777 | #define USER_COUNT 5 |
1778 | ||
1779 | int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name, | |
9db0b148 | 1780 | char *group_ou, char *group_membership, char *group_gid) |
cd9e6b16 | 1781 | { |
1782 | char distinguished_name[1024]; | |
1783 | char **modvalues; | |
1784 | char filter_exp[4096]; | |
1785 | char *attr_array[3]; | |
1786 | char temp[256]; | |
1787 | char group_member[256]; | |
1788 | char *args[2]; | |
1789 | int group_count; | |
1790 | int new_list_count; | |
1791 | int i; | |
1792 | int j; | |
1793 | int k; | |
1794 | int n; | |
1795 | int filter_count; | |
1796 | LDAPMod *mods[20]; | |
1797 | LK_ENTRY *group_base; | |
1798 | LK_ENTRY *new_list; | |
1799 | LK_ENTRY *sPtr; | |
1800 | LK_ENTRY *pPtr; | |
1801 | ULONG rc; | |
1802 | ||
1803 | rc = 0; | |
1804 | group_base = NULL; | |
1805 | group_count = 0; | |
1806 | modvalues = NULL; | |
1807 | ||
1808 | pPtr = member_base; | |
1809 | while (pPtr) | |
1810 | { | |
1811 | ++group_count; | |
1812 | pPtr = pPtr->next; | |
1813 | } | |
1814 | j = group_count/USER_COUNT; | |
1815 | ++j; | |
1816 | ||
1817 | if (!check_string(group_name)) | |
1818 | return(0); | |
1819 | strcpy(temp, group_name); | |
9db0b148 | 1820 | sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]); |
cd9e6b16 | 1821 | attr_array[0] = "distinguishedName"; |
1822 | attr_array[1] = NULL; | |
1823 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1824 | &group_base, &group_count)) != 0) | |
1825 | { | |
78af4e6e | 1826 | critical_alert("AD incremental - member list process", |
1827 | "LDAP server unable to get list %s info : %s", | |
1828 | group_name, ldap_err2string(rc)); | |
cd9e6b16 | 1829 | goto cleanup; |
1830 | } | |
1831 | if (group_count != 1) | |
1832 | { | |
78af4e6e | 1833 | critical_alert("AD incremental - member list process", |
1834 | "LDAP server unable to find list %s in AD.", | |
cd9e6b16 | 1835 | group_name); |
cd9e6b16 | 1836 | goto cleanup; |
1837 | } | |
1838 | strcpy(distinguished_name, group_base->value); | |
1839 | linklist_free(group_base); | |
1840 | group_base = NULL; | |
1841 | group_count = 0; | |
1842 | ||
1843 | pPtr = member_base; | |
1844 | for (i = 0; i < j; i++) | |
1845 | { | |
1846 | if (pPtr == NULL) | |
1847 | break; | |
1848 | memset(filter_exp, 0, sizeof(filter_exp)); | |
1849 | strcpy(filter_exp, "(|"); | |
1850 | filter_count = 0; | |
1851 | for (k = 0; k < USER_COUNT; k++) | |
1852 | { | |
1853 | strcpy(group_member, pPtr->member); | |
1854 | if (!check_string(group_member)) | |
1855 | { | |
1856 | pPtr = pPtr->next; | |
1857 | if (pPtr == NULL) | |
1858 | break; | |
1859 | continue; | |
1860 | } | |
1861 | if (!strcmp(pPtr->type, "LIST")) | |
1862 | { | |
1863 | args[0] = pPtr->member; | |
1864 | rc = mr_query("get_list_info", 1, args, get_group_info, NULL); | |
78af4e6e | 1865 | sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, GroupType[0]); |
cd9e6b16 | 1866 | } |
1867 | else if (!strcmp(pPtr->type, "USER")) | |
1868 | { | |
9db0b148 | 1869 | sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, user_ou, dn_path); |
cd9e6b16 | 1870 | } |
1871 | else if (!strcmp(pPtr->type, "STRING")) | |
1872 | { | |
9db0b148 | 1873 | sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, contact_ou, dn_path); |
cd9e6b16 | 1874 | } |
1875 | else | |
1876 | { | |
9db0b148 | 1877 | sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, kerberos_ou, dn_path); |
cd9e6b16 | 1878 | } |
1879 | strcat(filter_exp, temp); | |
1880 | ++filter_count; | |
1881 | pPtr = pPtr->next; | |
1882 | if (pPtr == NULL) | |
1883 | break; | |
1884 | } | |
1885 | if (filter_count == 0) | |
1886 | continue; | |
1887 | strcat(filter_exp, ")"); | |
1888 | attr_array[0] = "distinguishedName"; | |
1889 | attr_array[1] = NULL; | |
1890 | new_list = NULL; | |
1891 | new_list_count = 0; | |
1892 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1893 | &new_list, &new_list_count)) != 0) | |
1894 | { | |
78af4e6e | 1895 | critical_alert("AD incremental - member list process", |
1896 | "LDAP server unable to get list %s members from AD : %s", | |
1897 | group_name, ldap_err2string(rc)); | |
cd9e6b16 | 1898 | goto cleanup; |
1899 | } | |
1900 | group_count += new_list_count; | |
1901 | if (group_base == NULL) | |
1902 | group_base = new_list; | |
1903 | else | |
1904 | { | |
1905 | sPtr = group_base; | |
1906 | while (sPtr) | |
1907 | { | |
1908 | if (sPtr->next != NULL) | |
1909 | { | |
1910 | sPtr = sPtr->next; | |
1911 | continue; | |
1912 | } | |
1913 | sPtr->next = new_list; | |
1914 | break; | |
1915 | } | |
1916 | } | |
1917 | } | |
1918 | ||
1919 | modvalues = NULL; | |
1920 | if (group_count != 0) | |
1921 | { | |
1922 | if ((rc = construct_newvalues(group_base, group_count, NULL, NULL, | |
1923 | &modvalues, REPLACE)) == 1) | |
1924 | goto cleanup; | |
1925 | n = 0; | |
1926 | ADD_ATTR("member", modvalues, LDAP_MOD_ADD); | |
1927 | mods[n] = NULL; | |
1928 | if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) | |
1929 | != LDAP_SUCCESS) | |
1930 | { | |
1931 | mods[0]->mod_op = LDAP_MOD_REPLACE; | |
1932 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
1933 | } | |
1934 | if (rc == LDAP_ALREADY_EXISTS) | |
1935 | rc = LDAP_SUCCESS; | |
1936 | for (i = 0; i < n; i++) | |
1937 | free(mods[i]); | |
1938 | linklist_free(group_base); | |
1939 | group_count = 0; | |
1940 | group_base = NULL; | |
78af4e6e | 1941 | if (rc != LDAP_SUCCESS) |
1942 | { | |
1943 | critical_alert("AD incremental - member list process", | |
1944 | "LDAP server unable to modify list %s members in AD : %s", | |
1945 | group_name, ldap_err2string(rc)); | |
1946 | goto cleanup; | |
1947 | } | |
cd9e6b16 | 1948 | } |
1949 | ||
1950 | cleanup: | |
1951 | free_values(modvalues); | |
1952 | linklist_free(group_base); | |
78af4e6e | 1953 | return(0); |
cd9e6b16 | 1954 | } |
1955 | ||
1956 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou) | |
1957 | { | |
1958 | LDAPMod *mods[20]; | |
1959 | char new_dn[256]; | |
1960 | char cn_user_name[256]; | |
1961 | char contact_name[256]; | |
1962 | char *cn_v[] = {NULL, NULL}; | |
1963 | char *contact_v[] = {NULL, NULL}; | |
1964 | char *objectClass_v[] = {"top", "person", | |
1965 | "organizationalPerson", | |
1966 | "contact", NULL}; | |
1967 | char *name_v[] = {NULL, NULL}; | |
1968 | char *desc_v[] = {NULL, NULL}; | |
1969 | int n; | |
1970 | int rc; | |
1971 | int i; | |
1972 | ||
1973 | if (!check_string(user)) | |
78af4e6e | 1974 | { |
1975 | critical_alert("AD incremental - contact create", | |
1976 | "invalid LDAP name %s", | |
1977 | user); | |
1978 | return(1); | |
1979 | } | |
cd9e6b16 | 1980 | strcpy(contact_name, user); |
1981 | sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path); | |
1982 | cn_v[0] = cn_user_name; | |
1983 | contact_v[0] = contact_name; | |
1984 | name_v[0] = user; | |
1985 | desc_v[0] = "Auto account created by Moira"; | |
1986 | ||
1987 | strcpy(new_dn, cn_user_name); | |
1988 | n = 0; | |
1989 | ADD_ATTR("cn", contact_v, LDAP_MOD_ADD); | |
1990 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1991 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1992 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1993 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1994 | mods[n] = NULL; | |
1995 | ||
1996 | rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL); | |
1997 | for (i = 0; i < n; i++) | |
1998 | free(mods[i]); | |
1999 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
78af4e6e | 2000 | { |
2001 | critical_alert("AD incremental - contact create", | |
2002 | "could not create contact %s : %s", | |
2003 | user, ldap_err2string(rc)); | |
2004 | return(1); | |
2005 | } | |
2006 | return(0); | |
2007 | } | |
2008 | ||
2009 | int user_update(int ac, char **av, void *ptr) | |
2010 | { | |
2011 | LDAPMod *mods[20]; | |
2012 | LK_ENTRY *group_base; | |
2013 | int group_count; | |
2014 | char distinguished_name[256]; | |
2015 | char user_name[256]; | |
2016 | char *uid_v[] = {NULL, NULL}; | |
2017 | char *mitid_v[] = {NULL, NULL}; | |
2018 | int n; | |
2019 | int rc; | |
2020 | int i; | |
2021 | char **call_args; | |
2022 | char filter_exp[256]; | |
2023 | char *attr_array[3]; | |
2024 | ||
2025 | call_args = ptr; | |
2026 | ||
2027 | if (!check_string(av[U_NAME])) | |
2028 | { | |
2029 | critical_alert("AD incremental - user update", | |
2030 | "invalid LDAP user name %s", | |
2031 | av[U_NAME]); | |
2032 | return(0); | |
2033 | } | |
2034 | ||
2035 | strcpy(user_name, av[U_NAME]); | |
2036 | group_count = 0; | |
2037 | group_base = NULL; | |
2038 | sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]); | |
2039 | attr_array[0] = "cn"; | |
2040 | attr_array[1] = NULL; | |
2041 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
2042 | &group_base, &group_count)) != 0) | |
2043 | { | |
2044 | critical_alert("AD incremental - user update", | |
2045 | "LDAP server couldn't process user %s : %s", | |
2046 | user_name, ldap_err2string(rc)); | |
2047 | goto cleanup; | |
2048 | } | |
2049 | ||
2050 | if (group_count != 1) | |
2051 | { | |
2052 | critical_alert("AD incremental - user update", | |
2053 | "LDAP server unable to find user %s in AD.", | |
2054 | user_name); | |
bcf1ed58 | 2055 | callback_rc = LDAP_NO_SUCH_OBJECT; |
78af4e6e | 2056 | goto cleanup; |
2057 | } | |
2058 | strcpy(distinguished_name, group_base->dn); | |
2059 | ||
2060 | n = 0; | |
2061 | if (strlen(av[U_UID]) != 0) | |
2062 | { | |
2063 | uid_v[0] = av[U_UID]; | |
2064 | ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE); | |
2065 | ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE); | |
2066 | } | |
2067 | if (strlen(av[U_MITID]) != 0) | |
2068 | { | |
2069 | mitid_v[0] = av[U_MITID]; | |
2070 | ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE); | |
2071 | } | |
2072 | mods[n] = NULL; | |
2073 | if (n != 0) | |
2074 | { | |
2075 | if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) != LDAP_SUCCESS) | |
2076 | { | |
2077 | critical_alert("AD incremental - user update", | |
2078 | "Couldn't modify user data for %s : %s", | |
2079 | user_name, ldap_err2string(rc)); | |
2080 | } | |
2081 | for (i = 0; i < n; i++) | |
2082 | free(mods[i]); | |
2083 | } | |
2084 | ||
2085 | cleanup: | |
2086 | linklist_free(group_base); | |
2087 | return(0); | |
cd9e6b16 | 2088 | } |
2089 | ||
9db0b148 | 2090 | int user_rename(int ac, char **av, void *ptr) |
2091 | { | |
2092 | LDAPMod *mods[20]; | |
2093 | char new_dn[256]; | |
2094 | char old_dn[256]; | |
2095 | char user_name[256]; | |
2096 | char upn[256]; | |
2097 | char temp[128]; | |
2098 | char *userPrincipalName_v[] = {NULL, NULL}; | |
2099 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
2100 | char *name_v[] = {NULL, NULL}; | |
78af4e6e | 2101 | char *samAccountName_v[] = {NULL, NULL}; |
2102 | char *uid_v[] = {NULL, NULL}; | |
2103 | char *mitid_v[] = {NULL, NULL}; | |
9db0b148 | 2104 | int n; |
2105 | int rc; | |
2106 | int i; | |
2107 | char **call_args; | |
2108 | ||
2109 | call_args = ptr; | |
2110 | ||
9db0b148 | 2111 | if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) && |
2112 | (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED)) | |
78af4e6e | 2113 | return(0); |
9db0b148 | 2114 | if (!strncmp(av[U_NAME], "#", 1)) |
2115 | return(0); | |
78af4e6e | 2116 | if (!check_string(call_args[3])) |
2117 | { | |
2118 | callback_rc = LDAP_NO_SUCH_OBJECT; | |
2119 | return(0); | |
2120 | } | |
2121 | if (!check_string(av[U_NAME])) | |
2122 | { | |
2123 | critical_alert("AD incremental - user rename", | |
2124 | "invalid LDAP user name %s", | |
2125 | av[U_NAME]); | |
2126 | return(0); | |
2127 | } | |
9db0b148 | 2128 | |
2129 | strcpy(user_name, av[U_NAME]); | |
2130 | sprintf(old_dn, "cn=%s,%s,%s", call_args[3], user_ou, call_args[1]); | |
2131 | sprintf(new_dn, "cn=%s", user_name); | |
2132 | ||
2133 | if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, NULL, TRUE, | |
2134 | NULL, NULL)) != LDAP_SUCCESS) | |
2135 | { | |
78af4e6e | 2136 | if (rc == LDAP_NO_SUCH_OBJECT) |
2137 | { | |
2138 | callback_rc = LDAP_NO_SUCH_OBJECT; | |
2139 | return(0); | |
2140 | } | |
2141 | critical_alert("AD incremental - user rename", | |
2142 | "Couldn't rename user from %s to %s : %s", | |
2143 | call_args[3], user_name, ldap_err2string(rc)); | |
2144 | return(0); | |
9db0b148 | 2145 | } |
2146 | ||
2147 | name_v[0] = user_name; | |
2148 | sprintf(upn, "%s@%s", user_name, ldap_domain); | |
2149 | userPrincipalName_v[0] = upn; | |
2150 | sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM); | |
2151 | altSecurityIdentities_v[0] = temp; | |
78af4e6e | 2152 | samAccountName_v[0] = user_name; |
9db0b148 | 2153 | |
2154 | n = 0; | |
2155 | ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE); | |
2156 | ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE); | |
2157 | ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE); | |
78af4e6e | 2158 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE); |
2159 | if (strlen(av[U_UID]) != 0) | |
2160 | { | |
2161 | uid_v[0] = av[U_UID]; | |
2162 | ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE); | |
2163 | ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE); | |
2164 | } | |
2165 | if (strlen(av[U_MITID]) != 0) | |
2166 | { | |
2167 | mitid_v[0] = av[U_MITID]; | |
2168 | ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE); | |
2169 | } | |
9db0b148 | 2170 | mods[n] = NULL; |
2171 | sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]); | |
2172 | if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS) | |
2173 | { | |
78af4e6e | 2174 | critical_alert("AD incremental - user rename", |
2175 | "After renaming, couldn't modify user data for %s : %s", | |
2176 | user_name, ldap_err2string(rc)); | |
9db0b148 | 2177 | } |
2178 | for (i = 0; i < n; i++) | |
2179 | free(mods[i]); | |
78af4e6e | 2180 | return(0); |
9db0b148 | 2181 | } |
2182 | ||
cd9e6b16 | 2183 | int user_create(int ac, char **av, void *ptr) |
2184 | { | |
2185 | LDAPMod *mods[20]; | |
2186 | char new_dn[256]; | |
2187 | char user_name[256]; | |
9db0b148 | 2188 | char sam_name[256]; |
cd9e6b16 | 2189 | char *cn_v[] = {NULL, NULL}; |
2190 | char *objectClass_v[] = {"top", "person", | |
2191 | "organizationalPerson", | |
2192 | "user", NULL}; | |
2193 | ||
2194 | char *samAccountName_v[] = {NULL, NULL}; | |
2195 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
2196 | char *name_v[] = {NULL, NULL}; | |
2197 | char *desc_v[] = {NULL, NULL}; | |
2198 | char upn[256]; | |
2199 | char *userPrincipalName_v[] = {NULL, NULL}; | |
2200 | char *userAccountControl_v[] = {NULL, NULL}; | |
78af4e6e | 2201 | char *uid_v[] = {NULL, NULL}; |
2202 | char *mitid_v[] = {NULL, NULL}; | |
cd9e6b16 | 2203 | char userAccountControlStr[80]; |
2204 | char temp[128]; | |
2205 | u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE; | |
2206 | int n; | |
2207 | int rc; | |
2208 | int i; | |
2209 | int sid_count; | |
2210 | char filter_exp[256]; | |
2211 | char *attr_array[3]; | |
2212 | char **call_args; | |
2213 | ||
2214 | call_args = ptr; | |
2215 | ||
cd9e6b16 | 2216 | if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) && |
2217 | (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED)) | |
78af4e6e | 2218 | return(0); |
cd9e6b16 | 2219 | if (!strncmp(av[U_NAME], "#", 1)) |
2220 | return(0); | |
78af4e6e | 2221 | if (!check_string(av[U_NAME])) |
2222 | { | |
2223 | critical_alert("AD incremental - user create", | |
2224 | "invalid LDAP user name %s", | |
2225 | av[U_NAME]); | |
2226 | return(0); | |
2227 | } | |
9db0b148 | 2228 | |
cd9e6b16 | 2229 | strcpy(user_name, av[U_NAME]); |
2230 | sprintf(upn, "%s@%s", user_name, ldap_domain); | |
78af4e6e | 2231 | sprintf(sam_name, "%s", av[U_NAME]); |
9db0b148 | 2232 | samAccountName_v[0] = sam_name; |
cd9e6b16 | 2233 | if (atoi(av[U_STATE]) == US_DELETED) |
2234 | userAccountControl |= UF_ACCOUNTDISABLE; | |
2235 | sprintf(userAccountControlStr, "%ld", userAccountControl); | |
2236 | userAccountControl_v[0] = userAccountControlStr; | |
2237 | userPrincipalName_v[0] = upn; | |
2238 | ||
2239 | cn_v[0] = user_name; | |
2240 | name_v[0] = user_name; | |
2241 | desc_v[0] = "Auto account created by Moira"; | |
2242 | sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM); | |
2243 | altSecurityIdentities_v[0] = temp; | |
2244 | sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]); | |
2245 | ||
2246 | n = 0; | |
2247 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
2248 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
2249 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
2250 | ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD); | |
2251 | ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD); | |
2252 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
2253 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
2254 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
2255 | ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD); | |
78af4e6e | 2256 | if (strlen(av[U_UID]) != 0) |
2257 | { | |
2258 | uid_v[0] = av[U_UID]; | |
2259 | ADD_ATTR("uid", uid_v, LDAP_MOD_ADD); | |
2260 | ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD); | |
2261 | } | |
2262 | if (strlen(av[U_MITID]) != 0) | |
2263 | mitid_v[0] = av[U_MITID]; | |
2264 | else | |
2265 | mitid_v[0] = "none"; | |
2266 | ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD); | |
cd9e6b16 | 2267 | mods[n] = NULL; |
2268 | ||
2269 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
78af4e6e | 2270 | for (i = 0; i < n; i++) |
2271 | free(mods[i]); | |
9db0b148 | 2272 | if (rc == LDAP_ALREADY_EXISTS) |
2273 | { | |
2274 | rc = user_change_status(ac, av, ptr); | |
78af4e6e | 2275 | return(0); |
9db0b148 | 2276 | } |
cd9e6b16 | 2277 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) |
78af4e6e | 2278 | { |
2279 | critical_alert("AD incremental - user create", | |
2280 | "could not create user %s : %s", | |
2281 | user_name, ldap_err2string(rc)); | |
2282 | return(0); | |
2283 | } | |
cd9e6b16 | 2284 | if (rc == LDAP_SUCCESS) |
2285 | { | |
9db0b148 | 2286 | if ((rc = set_password(sam_name, ldap_domain)) != 0) |
cd9e6b16 | 2287 | { |
9db0b148 | 2288 | if ((rc = set_password(user_name, ldap_domain)) != 0) |
2289 | { | |
78af4e6e | 2290 | critical_alert("AD incremental - user create", |
2291 | "Couldn't set password for user %s : %ld", | |
9db0b148 | 2292 | user_name, rc); |
9db0b148 | 2293 | } |
cd9e6b16 | 2294 | } |
2295 | } | |
78af4e6e | 2296 | sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]); |
cd9e6b16 | 2297 | attr_array[0] = "objectSid"; |
2298 | attr_array[1] = NULL; | |
2299 | sid_count = 0; | |
2300 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
78af4e6e | 2301 | sid_ptr, &sid_count)) == LDAP_SUCCESS) |
cd9e6b16 | 2302 | { |
2303 | if (sid_count == 1) | |
2304 | { | |
2305 | (*sid_ptr)->member = strdup(av[U_NAME]); | |
2306 | (*sid_ptr)->type = (char *)USERS; | |
2307 | sid_ptr = &(*sid_ptr)->next; | |
2308 | } | |
2309 | } | |
78af4e6e | 2310 | return(0); |
cd9e6b16 | 2311 | } |
2312 | ||
9db0b148 | 2313 | int user_change_status(int ac, char **av, void *ptr) |
cd9e6b16 | 2314 | { |
2315 | char filter_exp[1024]; | |
2316 | char *attr_array[3]; | |
2317 | char temp[256]; | |
2318 | char distinguished_name[1024]; | |
2319 | char user_name[512]; | |
2320 | char **modvalues; | |
2321 | LDAPMod *mods[20]; | |
2322 | LK_ENTRY *group_base; | |
2323 | int group_count; | |
2324 | int rc; | |
2325 | int i; | |
2326 | int n; | |
9db0b148 | 2327 | int operation; |
cd9e6b16 | 2328 | ULONG ulongValue; |
9db0b148 | 2329 | char **call_args; |
cd9e6b16 | 2330 | |
9db0b148 | 2331 | call_args = ptr; |
2332 | ||
78af4e6e | 2333 | if (!check_string(av[U_NAME])) |
2334 | { | |
2335 | critical_alert("AD incremental - user change status", | |
2336 | "invalid LDAP user name %s", | |
2337 | av[U_NAME]); | |
2338 | return(0); | |
2339 | } | |
2340 | strcpy(user_name, av[U_NAME]); | |
9db0b148 | 2341 | operation = (int)call_args[2]; |
cd9e6b16 | 2342 | group_count = 0; |
2343 | group_base = NULL; | |
78af4e6e | 2344 | sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]); |
cd9e6b16 | 2345 | attr_array[0] = "UserAccountControl"; |
2346 | attr_array[1] = NULL; | |
9db0b148 | 2347 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, |
cd9e6b16 | 2348 | &group_base, &group_count)) != 0) |
2349 | { | |
78af4e6e | 2350 | critical_alert("AD incremental - user change status", |
2351 | "LDAP server couldn't process user %s : %s", | |
2352 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2353 | goto cleanup; |
2354 | } | |
2355 | ||
78af4e6e | 2356 | if (group_count != 1) |
cd9e6b16 | 2357 | { |
78af4e6e | 2358 | critical_alert("AD incremental - user change status", |
2359 | "LDAP server unable to find user %s in AD.", | |
2360 | user_name); | |
cd9e6b16 | 2361 | goto cleanup; |
2362 | } | |
2363 | ||
2364 | strcpy(distinguished_name, group_base->dn); | |
2365 | ulongValue = atoi((*group_base).value); | |
2366 | if (operation == MEMBER_DEACTIVATE) | |
2367 | ulongValue |= UF_ACCOUNTDISABLE; | |
2368 | else | |
2369 | ulongValue &= ~UF_ACCOUNTDISABLE; | |
2370 | sprintf(temp, "%ld", ulongValue); | |
2371 | if ((rc = construct_newvalues(group_base, group_count, (*group_base).value, | |
2372 | temp, &modvalues, REPLACE)) == 1) | |
2373 | goto cleanup; | |
2374 | linklist_free(group_base); | |
2375 | group_base = NULL; | |
2376 | group_count = 0; | |
2377 | n = 0; | |
2378 | ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE); | |
2379 | mods[n] = NULL; | |
9db0b148 | 2380 | rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods); |
cd9e6b16 | 2381 | for (i = 0; i < n; i++) |
2382 | free(mods[i]); | |
2383 | free_values(modvalues); | |
2384 | if (rc != LDAP_SUCCESS) | |
2385 | { | |
78af4e6e | 2386 | critical_alert("AD incremental - user change status", |
2387 | "LDAP server could not change status of user %s : %s", | |
2388 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2389 | } |
2390 | cleanup: | |
2391 | linklist_free(group_base); | |
78af4e6e | 2392 | return(0); |
cd9e6b16 | 2393 | } |
2394 | ||
2395 | int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name) | |
2396 | { | |
2397 | char filter_exp[1024]; | |
2398 | char *attr_array[3]; | |
2399 | char distinguished_name[1024]; | |
2400 | char user_name[512]; | |
2401 | LK_ENTRY *group_base; | |
2402 | int group_count; | |
2403 | int rc; | |
2404 | ||
2405 | if (!check_string(u_name)) | |
2406 | return(0); | |
2407 | strcpy(user_name, u_name); | |
2408 | group_count = 0; | |
2409 | group_base = NULL; | |
2410 | sprintf(filter_exp, "(sAMAccountName=%s)", user_name); | |
2411 | attr_array[0] = "name"; | |
2412 | attr_array[1] = NULL; | |
2413 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
2414 | &group_base, &group_count)) != 0) | |
2415 | { | |
2416 | critical_alert("AD incremental", | |
78af4e6e | 2417 | "LDAP server couldn't process user %s : %s", |
2418 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2419 | goto cleanup; |
2420 | } | |
2421 | ||
78af4e6e | 2422 | if (group_count != 1) |
cd9e6b16 | 2423 | { |
78af4e6e | 2424 | critical_alert("AD incremental - user change status", |
2425 | "LDAP server unable to find user %s in AD.", | |
2426 | user_name); | |
cd9e6b16 | 2427 | goto cleanup; |
2428 | } | |
2429 | ||
2430 | strcpy(distinguished_name, group_base->dn); | |
2431 | if (rc = ldap_delete_s(ldap_handle, distinguished_name)) | |
2432 | { | |
2433 | critical_alert("AD incremental", | |
78af4e6e | 2434 | "LDAP server couldn't process user %s : %s", |
2435 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2436 | } |
2437 | ||
2438 | cleanup: | |
2439 | linklist_free(group_base); | |
78af4e6e | 2440 | return(0); |
cd9e6b16 | 2441 | } |
2442 | ||
2443 | void linklist_free(LK_ENTRY *linklist_base) | |
2444 | { | |
2445 | LK_ENTRY *linklist_previous; | |
2446 | ||
2447 | while (linklist_base != NULL) | |
2448 | { | |
2449 | if (linklist_base->dn != NULL) | |
2450 | free(linklist_base->dn); | |
2451 | if (linklist_base->attribute != NULL) | |
2452 | free(linklist_base->attribute); | |
2453 | if (linklist_base->value != NULL) | |
2454 | free(linklist_base->value); | |
2455 | if (linklist_base->member != NULL) | |
2456 | free(linklist_base->member); | |
2457 | if (linklist_base->type != NULL) | |
2458 | free(linklist_base->type); | |
2459 | if (linklist_base->list != NULL) | |
2460 | free(linklist_base->list); | |
2461 | linklist_previous = linklist_base; | |
2462 | linklist_base = linklist_previous->next; | |
2463 | free(linklist_previous); | |
2464 | } | |
2465 | } | |
2466 | ||
2467 | void free_values(char **modvalues) | |
2468 | { | |
2469 | int i; | |
2470 | ||
2471 | i = 0; | |
2472 | if (modvalues != NULL) | |
2473 | { | |
2474 | while (modvalues[i] != NULL) | |
2475 | { | |
2476 | free(modvalues[i]); | |
2477 | modvalues[i] = NULL; | |
2478 | ++i; | |
2479 | } | |
2480 | free(modvalues); | |
2481 | } | |
2482 | } | |
2483 | ||
2484 | int sid_update(LDAP *ldap_handle, char *dn_path) | |
2485 | { | |
2486 | LK_ENTRY *ptr; | |
2487 | int rc; | |
2488 | unsigned char temp[126]; | |
2489 | char *av[3]; | |
2490 | ||
2491 | ptr = sid_base; | |
2492 | ||
2493 | while (ptr != NULL) | |
2494 | { | |
2495 | memset(temp, 0, sizeof(temp)); | |
2496 | convert_b_to_a(temp, ptr->value, ptr->length); | |
2497 | av[0] = ptr->member; | |
2498 | av[1] = temp; | |
2499 | if (ptr->type == (char *)GROUPS) | |
2500 | { | |
2501 | ptr->type = NULL; | |
2502 | rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL); | |
2503 | } | |
2504 | else if (ptr->type == (char *)USERS) | |
2505 | { | |
2506 | ptr->type = NULL; | |
2507 | rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL); | |
2508 | } | |
2509 | ptr = ptr->next; | |
2510 | } | |
2511 | return(0); | |
2512 | } | |
2513 | ||
2514 | void convert_b_to_a(char *string, UCHAR *binary, int length) | |
2515 | { | |
2516 | int i; | |
2517 | int j; | |
2518 | UCHAR tmp; | |
2519 | ||
2520 | j = 0; | |
2521 | for (i = 0; i < length; i++) | |
2522 | { | |
2523 | tmp = binary[i]; | |
2524 | string[j] = tmp; | |
2525 | string[j] >>= 4; | |
2526 | string[j] &= 0x0f; | |
2527 | string[j] += 0x30; | |
2528 | if (string[j] > '9') | |
2529 | string[j] += 0x27; | |
2530 | ++j; | |
2531 | string[j] = tmp & 0x0f; | |
2532 | string[j] += 0x30; | |
2533 | if (string[j] > '9') | |
2534 | string[j] += 0x27; | |
2535 | j++; | |
2536 | } | |
2537 | string[j] = 0; | |
2538 | } | |
2539 | ||
2540 | static int illegalchars[] = { | |
2541 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */ | |
2542 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */ | |
2543 | 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */ | |
2544 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */ | |
2545 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */ | |
2546 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */ | |
2547 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */ | |
2548 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */ | |
2549 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2550 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2551 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2552 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2553 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2554 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2555 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2556 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2557 | }; | |
2558 | ||
2559 | int check_string(char *s) | |
2560 | { | |
78af4e6e | 2561 | char character; |
2562 | ||
cd9e6b16 | 2563 | for (; *s; s++) |
2564 | { | |
78af4e6e | 2565 | character = *s; |
2566 | if (isupper(character)) | |
2567 | character = tolower(character); | |
2568 | if (illegalchars[(unsigned) character]) | |
cd9e6b16 | 2569 | return 0; |
2570 | } | |
2571 | return 1; | |
2572 | } | |
2573 | ||
2574 | int mr_connect_cl(char *server, char *client, int version, int auth) | |
2575 | { | |
984c91b7 | 2576 | int status; |
2577 | char *motd; | |
2578 | char temp[128]; | |
cd9e6b16 | 2579 | |
2580 | status = mr_connect(server); | |
2581 | if (status) | |
2582 | { | |
2583 | com_err(whoami, status, "while connecting to Moira"); | |
2584 | return MRCL_FAIL; | |
2585 | } | |
2586 | ||
2587 | status = mr_motd(&motd); | |
2588 | if (status) | |
2589 | { | |
2590 | mr_disconnect(); | |
2591 | com_err(whoami, status, "while checking server status"); | |
2592 | return MRCL_FAIL; | |
2593 | } | |
2594 | if (motd) | |
2595 | { | |
984c91b7 | 2596 | sprintf(temp, "The Moira server is currently unavailable: %s", motd); |
2597 | com_err(whoami, status, temp); | |
cd9e6b16 | 2598 | mr_disconnect(); |
2599 | return MRCL_FAIL; | |
2600 | } | |
2601 | ||
2602 | status = mr_version(version); | |
2603 | if (status) | |
2604 | { | |
2605 | if (status == MR_UNKNOWN_PROC) | |
2606 | { | |
2607 | if (version > 2) | |
2608 | status = MR_VERSION_HIGH; | |
2609 | else | |
2610 | status = MR_SUCCESS; | |
2611 | } | |
2612 | ||
2613 | if (status == MR_VERSION_HIGH) | |
2614 | { | |
2615 | com_err(whoami, 0, "Warning: This client is running newer code than the server."); | |
2616 | com_err(whoami, 0, "Some operations may not work."); | |
2617 | } | |
2618 | else if (status && status != MR_VERSION_LOW) | |
2619 | { | |
2620 | com_err(whoami, status, "while setting query version number."); | |
2621 | mr_disconnect(); | |
2622 | return MRCL_FAIL; | |
2623 | } | |
2624 | } | |
2625 | ||
2626 | if (auth) | |
2627 | { | |
2628 | status = mr_auth(client); | |
2629 | if (status) | |
2630 | { | |
2631 | com_err(whoami, status, "while authenticating to Moira."); | |
2632 | mr_disconnect(); | |
2633 | return MRCL_AUTH_ERROR; | |
2634 | } | |
2635 | } | |
2636 | ||
2637 | return MRCL_SUCCESS; | |
2638 | } | |
2639 |