]> andersk Git - moira.git/blame - incremental/winad/winad.c
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Punt filesystem processing code.
[moira.git] / incremental / winad / winad.c
CommitLineData
5d0a7127 1/* $Header$
89db421e 2/* winad.incr arguments examples
cd9e6b16 3 *
89db421e 4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
cd9e6b16 7 *
89db421e 8 * arguments for creating or updating a user account
3abb4456 9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
89db421e 11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
78af4e6e 12 *
89db421e 13 * arguments for deactivating/deleting a user account
3abb4456 14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
89db421e 16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
cd9e6b16 17 *
89db421e 18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
cd9e6b16 22 *
89db421e 23 * arguments for changing user name
3abb4456 24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
89db421e 25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
cd9e6b16 26 *
89db421e 27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
30 *
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
9db0b148 34 *
89db421e 35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
38 *
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
42 *
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
46 *
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
50 *
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
55 *
56 * NOTE: group members of type LIST are ignored.
57 *
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
61 *
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
9db0b148 66 *
89db421e 67 * NOTE: group members of type LIST are ignored.
f75f605a 68 *
89db421e 69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
f75f605a 72 *
89db421e 73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
6c8f12af 76 *
89db421e 77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
79 *
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
6c8f12af 82 *
83 * arguments when moira creates a container (OU).
209367bd 84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
6c8f12af 85 *
86 * arguments when moira deletes a container (OU).
209367bd 87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
9cfe334f 88 *
6c8f12af 89 * arguments when moira modifies a container information (OU).
209367bd 90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
bbef4f93 91 *
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
209367bd 94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
bbef4f93 95 *
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
209367bd 98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
bbef4f93 99 *
cd9e6b16 100*/
5d0a7127 101#include <mit-copyright.h>
102#ifdef _WIN32
4a6e2ee4 103#include <winsock2.h>
5d0a7127 104#include <windows.h>
105#include <stdlib.h>
106#include <malloc.h>
107#include <lmaccess.h>
108#endif
f78c7eaf 109#include <hesiod.h>
cd9e6b16 110#include <string.h>
5d0a7127 111#include <ldap.h>
112#include <stdio.h>
113#include <moira.h>
114#include <moira_site.h>
cd9e6b16 115#include <mrclient.h>
5d0a7127 116#include <krb5.h>
5d0a7127 117#include <gsssasl.h>
118#include <gssldap.h>
cd9e6b16 119#include "kpasswd.h"
120
121#ifdef _WIN32
122#ifndef ECONNABORTED
123#define ECONNABORTED WSAECONNABORTED
124#endif
125#ifndef ECONNREFUSED
126#define ECONNREFUSED WSAECONNREFUSED
127#endif
128#ifndef EHOSTUNREACH
129#define EHOSTUNREACH WSAEHOSTUNREACH
130#endif
131#define krb5_xfree free
0d958b3c 132#define F_OK 0
133#define sleep(A) Sleep(A * 1000);
cd9e6b16 134#endif /* _WIN32 */
5d0a7127 135
136#ifndef _WIN32
f78c7eaf 137#include <sys/types.h>
138#include <netinet/in.h>
139#include <arpa/nameser.h>
140#include <resolv.h>
5d0a7127 141#include <sys/utsname.h>
0d958b3c 142#include <unistd.h>
5d0a7127 143
f75f605a 144#define WINADCFG "/moira/winad/winad.cfg"
f78c7eaf 145#define strnicmp(A,B,C) strncasecmp(A,B,C)
cd9e6b16 146#define UCHAR unsigned char
147
5d0a7127 148#define UF_SCRIPT 0x0001
149#define UF_ACCOUNTDISABLE 0x0002
150#define UF_HOMEDIR_REQUIRED 0x0008
151#define UF_LOCKOUT 0x0010
152#define UF_PASSWD_NOTREQD 0x0020
153#define UF_PASSWD_CANT_CHANGE 0x0040
cd9e6b16 154#define UF_DONT_EXPIRE_PASSWD 0x10000
5d0a7127 155
156#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157#define UF_NORMAL_ACCOUNT 0x0200
158#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160#define UF_SERVER_TRUST_ACCOUNT 0x2000
161
909e0dc3 162#define OWNER_SECURITY_INFORMATION (0x00000001L)
163#define GROUP_SECURITY_INFORMATION (0x00000002L)
164#define DACL_SECURITY_INFORMATION (0x00000004L)
165#define SACL_SECURITY_INFORMATION (0x00000008L)
166
5d0a7127 167#ifndef BYTE
168#define BYTE unsigned char
169#endif
170typedef unsigned int DWORD;
171typedef unsigned long ULONG;
172
173typedef struct _GUID
174{
175 unsigned long Data1;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
179} GUID;
180
181typedef struct _SID_IDENTIFIER_AUTHORITY {
182 BYTE Value[6];
183} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
184
185typedef struct _SID {
186 BYTE Revision;
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
190} SID;
191#endif/*!WIN32*/
192
f75f605a 193#ifndef WINADCFG
194#define WINADCFG "winad.cfg"
195#endif
196
f78c7eaf 197#define AFS "/afs/"
198#define WINAFS "\\\\afs\\all\\"
199
cd9e6b16 200#define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
f78c7eaf 201#define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202#define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203#define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204#define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
cd9e6b16 205
26503e15 206#define QUERY_VERSION -1
207#define PRIMARY_REALM "ATHENA.MIT.EDU"
208#define PRIMARY_DOMAIN "win.mit.edu"
209#define PRODUCTION_PRINCIPAL "sms"
210#define TEST_PRINCIPAL "smstest"
cd9e6b16 211
5d0a7127 212#define SUBSTITUTE 1
213#define REPLACE 2
214
cd9e6b16 215#define USERS 0
216#define GROUPS 1
217
5d0a7127 218#define MEMBER_ADD 1
219#define MEMBER_REMOVE 2
220#define MEMBER_CHANGE_NAME 3
221#define MEMBER_ACTIVATE 4
222#define MEMBER_DEACTIVATE 5
cd9e6b16 223#define MEMBER_CREATE 6
5d0a7127 224
f78c7eaf 225#define MOIRA_ALL 0x0
226#define MOIRA_USERS 0x1
227#define MOIRA_KERBEROS 0x2
228#define MOIRA_STRINGS 0x4
229#define MOIRA_LISTS 0x8
230
89db421e 231#define CHECK_GROUPS 1
232#define CLEANUP_GROUPS 2
233
234#define AD_NO_GROUPS_FOUND -1
235#define AD_WRONG_GROUP_DN_FOUND -2
236#define AD_MULTIPLE_GROUPS_FOUND -3
237#define AD_INVALID_NAME -4
238#define AD_LDAP_FAILURE -5
239#define AD_INVALID_FILESYS -6
240#define AD_NO_ATTRIBUTE_FOUND -7
241#define AD_NO_OU_FOUND -8
242#define AD_NO_USER_FOUND -9
243
6c8f12af 244/* container arguments */
209367bd 245#define CONTAINER_NAME 0
246#define CONTAINER_DESC 1
247#define CONTAINER_LOCATION 2
248#define CONTAINER_CONTACT 3
249#define CONTAINER_TYPE 4
250#define CONTAINER_ID 5
251#define CONTAINER_ROWID 6
252#define CONTAINER_GROUP_NAME 7
6c8f12af 253
bbef4f93 254/*mcntmap arguments*/
255#define OU_MACHINE_NAME 0
256#define OU_CONTAINER_NAME 1
257#define OU_MACHINE_ID 2
258#define OU_CONTAINER_ID 3
209367bd 259#define OU_CONTAINER_GROUP 4
bbef4f93 260
5d0a7127 261typedef struct lk_entry {
262 int op;
263 int length;
264 int ber_value;
265 char *dn;
266 char *attribute;
267 char *value;
268 char *member;
269 char *type;
270 char *list;
271 struct lk_entry *next;
272} LK_ENTRY;
273
0d958b3c 274#define STOP_FILE "/moira/winad/nowinad"
275#define file_exists(file) (access((file), F_OK) == 0)
276
909e0dc3 277#define N_SD_BER_BYTES 5
5d0a7127 278#define LDAP_BERVAL struct berval
cd9e6b16 279#define MAX_SERVER_NAMES 32
280
909e0dc3 281#define HIDDEN_GROUP "HiddenGroup.g"
282#define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
283#define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
284#define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
285
cd9e6b16 286#define ADD_ATTR(t, v, o) \
287 mods[n] = malloc(sizeof(LDAPMod)); \
288 mods[n]->mod_op = o; \
289 mods[n]->mod_type = t; \
290 mods[n++]->mod_values = v
5d0a7127 291
3abb4456 292#define DEL_ATTR(t, o) \
293 DelMods[i] = malloc(sizeof(LDAPMod)); \
294 DelMods[i]->mod_op = o; \
295 DelMods[i]->mod_type = t; \
296 DelMods[i++]->mod_values = NULL
297
298#define DOMAIN_SUFFIX "MIT.EDU"
26503e15 299#define DOMAIN "DOMAIN:"
300#define PRINCIPALNAME "PRINCIPAL:"
301#define SERVER "SERVER:"
302#define MSSFU "SFU:"
d7051053 303#define SFUTYPE "30"
3abb4456 304
26503e15 305char PrincipalName[128];
306#ifndef _WIN32
307#define KRB5CCNAME "KRB5CCNAME=/tmp/krb5cc_winad.incr"
308#define KRBTKFILE "KRBTKFILE=/tmp/tkt_winad.incr"
309#define KEYTABFILE "/etc/krb5.keytab"
310#else
311#define KRB5CCNAME "KRB5CCNAME=\\tmp\\krb5cc_winad.incr"
312#define KRBTKFILE "KRBTKFILE=\\tmp\\tkt_winad.incr"
313#define KEYTABFILE "\\keytabs\\krb5.keytab"
314#endif
315
5d0a7127 316LK_ENTRY *member_base = NULL;
cd9e6b16 317LK_ENTRY *sid_base = NULL;
318LK_ENTRY **sid_ptr = NULL;
0d958b3c 319static char tbl_buf[1024];
89db421e 320char kerberos_ou[] = "OU=kerberos,OU=moira";
321char contact_ou[] = "OU=strings,OU=moira";
322char user_ou[] = "OU=users,OU=moira";
323char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
324char group_ou_root[] = "OU=lists,OU=moira";
325char group_ou_security[] = "OU=group,OU=lists,OU=moira";
326char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
327char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
6c8f12af 328char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
329char orphans_other_ou[] = "OU=Other,OU=Orphans";
909e0dc3 330char security_template_ou[] = "OU=security_templates";
5d0a7127 331char *whoami;
cd9e6b16 332char ldap_domain[256];
d7051053 333char *ServerList[MAX_SERVER_NAMES];
cd9e6b16 334int mr_connections = 0;
78af4e6e 335int callback_rc;
f78c7eaf 336char default_server[256];
bfb6f0ad 337static char tbl_buf[1024];
3abb4456 338int UseSFU30 = 0;
26503e15 339int NoChangeConfigFile;
cd9e6b16 340
f78c7eaf 341extern int set_password(char *user, char *password, char *domain);
cd9e6b16 342
89db421e 343int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
344 char *group_membership, char *MoiraId, char *attribute,
345 LK_ENTRY **linklist_base, int *linklist_count,
346 char *rFilter);
f78c7eaf 347void AfsToWinAfs(char* path, char* winPath);
348int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
349 char *Win2kPassword, char *Win2kUser, char *default_server,
26503e15 350 int connect_to_kdc, char **ServerList);
f78c7eaf 351void ad_kdc_disconnect();
26503e15 352int ad_server_connect(char *connectedServer, char *domain);
4a6e2ee4 353int attribute_update(LDAP *ldap_handle, char *distinguished_name,
354 char *attribute_value, char *attribute, char *user_name);
909e0dc3 355int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
bbef4f93 356int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
0d958b3c 357void check_winad(void);
89db421e 358int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
6c8f12af 359/* containers */
360int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
361 char *distinguishedName, int count, char **av);
362void container_check(LDAP *ldap_handle, char *dn_path, char *name);
363int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
364int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
365int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
366 char *distinguishedName, int count, char **av);
367void container_get_dn(char *src, char *dest);
368void container_get_name(char *src, char *dest);
369int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
370int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
371 int afterc, char **after);
372int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
373 int afterc, char **after);
374
909e0dc3 375int GetAceInfo(int ac, char **av, void *ptr);
d7051053 376int GetServerList(char *ldap_domain, char **MasterServe);
f75f605a 377int get_group_membership(char *group_membership, char *group_ou,
378 int *security_flag, char **av);
cc1e4a1d 379int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
209367bd 380int Moira_container_group_create(char **after);
381int Moira_container_group_delete(char **before);
382int Moira_groupname_create(char *GroupName, char *ContainerName,
383 char *ContainerRowID);
384int Moira_container_group_update(char **before, char **after);
385int Moira_process_machine_container_group(char *MachineName, char* groupName,
386 int DeleteMachine);
387int Moira_addGroupToParent(char *origContainerName, char *GroupName);
388int Moira_getContainerGroup(int ac, char **av, void *ptr);
389int Moira_getGroupName(char *origContainerName, char *GroupName,
390 int ParentFlag);
391int Moira_setContainerGroup(char *ContainerName, char *GroupName);
909e0dc3 392int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
393 int UpdateGroup, int *ProcessGroup);
89db421e 394int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
395 char *group_name, char *group_ou, char *group_membership,
396 int group_security_flag, int type);
f75f605a 397int process_lists(int ac, char **av, void *ptr);
909e0dc3 398int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
399 int HiddenGroup, char *AceType, char *AceName);
3abb4456 400int ProcessMachineName(int ac, char **av, void *ptr);
26503e15 401void ReadConfigFile();
402void StringTrim(char *StringToTrim);
cd9e6b16 403int user_create(int ac, char **av, void *ptr);
89db421e 404int user_change_status(LDAP *ldap_handle, char *dn_path,
405 char *user_name, char *MoiraId, int operation);
406int user_delete(LDAP *ldap_handle, char *dn_path,
407 char *u_name, char *MoiraId);
f75f605a 408int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
89db421e 409 char *user_name);
f75f605a 410int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
3abb4456 411 char *uid, char *MitId, char *MoiraId, int State,
412 char *WinHomeDir, char *WinProfileDir);
89db421e 413void change_to_lower_case(char *ptr);
cd9e6b16 414int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
cd9e6b16 415int group_create(int ac, char **av, void *ptr);
f75f605a 416int group_delete(LDAP *ldap_handle, char *dn_path,
89db421e 417 char *group_name, char *group_membership, char *MoiraId);
f75f605a 418int group_rename(LDAP *ldap_handle, char *dn_path,
419 char *before_group_name, char *before_group_membership,
5a775f54 420 char *before_group_ou, int before_security_flag, char *before_desc,
f75f605a 421 char *after_group_name, char *after_group_membership,
89db421e 422 char *after_group_ou, int after_security_flag, char *after_desc,
423 char *MoiraId, char *filter);
bbef4f93 424int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
425int machine_GetMoiraContainer(int ac, char **av, void *ptr);
426int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
427int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
89db421e 428int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
429 char *group_name, char *group_ou, char *group_membership,
430 int group_security_flag, int updateGroup);
cd9e6b16 431int member_list_build(int ac, char **av, void *ptr);
f75f605a 432int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
433 char *group_ou, char *group_membership,
89db421e 434 char *user_name, char *pUserOu, char *MoiraId);
78af4e6e 435int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
f75f605a 436 char *group_ou, char *group_membership, char *user_name,
89db421e 437 char *pUserOu, char *MoiraId);
438int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
439 char *group_ou, char *group_membership,
440 int group_security_flag, char *MoiraId);
3abb4456 441int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
442 char *WinHomeDir, char *WinProfileDir,
443 char **homedir_v, char **winProfile_v,
444 char **drives_v, LDAPMod **mods,
445 int OpType, int n);
cd9e6b16 446int sid_update(LDAP *ldap_handle, char *dn_path);
3abb4456 447void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
cd9e6b16 448int check_string(char *s);
bb52f279 449int check_container_name(char* s);
cd9e6b16 450void convert_b_to_a(char *string, UCHAR *binary, int length);
451int mr_connect_cl(char *server, char *client, int version, int auth);
452
6c8f12af 453void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
454 char **before, int beforec, char **after, int afterc);
f78c7eaf 455void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
456 char **before, int beforec, char **after, int afterc);
457void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 458 char **before, int beforec, char **after, int afterc);
5d0a7127 459void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 460 char **before, int beforec, char **after, int afterc);
bbef4f93 461void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
462 char **before, int beforec, char **after, int afterc);
cd9e6b16 463int linklist_create_entry(char *attribute, char *value,
464 LK_ENTRY **linklist_entry);
5d0a7127 465int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
cd9e6b16 466 char **attr_array, LK_ENTRY **linklist_base,
d7051053 467 int *linklist_count, unsigned long ScopeType);
5d0a7127 468void linklist_free(LK_ENTRY *linklist_base);
cd9e6b16 469
470int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
471 char *distinguished_name, LK_ENTRY **linklist_current);
472int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
473 LK_ENTRY **linklist_base, int *linklist_count);
474int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
475 char *Attribute, char *distinguished_name,
476 LK_ENTRY **linklist_current);
477
478int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
479 char *oldValue, char *newValue,
480 char ***modvalues, int type);
481void free_values(char **modvalues);
482
483int convert_domain_to_dn(char *domain, char **bind_path);
5d0a7127 484void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 485 char *distinguished_name);
5d0a7127 486int moira_disconnect(void);
487int moira_connect(void);
488void print_to_screen(const char *fmt, ...);
3abb4456 489int GetMachineName(char *MachineName);
26503e15 490int tickets_get_k5();
491int get_tickets();
492int destroy_cache(void);
493int dest_tkt(void);
5d0a7127 494
495int main(int argc, char **argv)
496{
cd9e6b16 497 unsigned long rc;
498 int beforec;
499 int afterc;
cd9e6b16 500 int i;
d7051053 501 int j;
d7051053 502 int OldUseSFU30;
cd9e6b16 503 char *table;
504 char **before;
505 char **after;
cd9e6b16 506 LDAP *ldap_handle;
f78c7eaf 507 char dn_path[256];
cd9e6b16 508
5d0a7127 509 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
cd9e6b16 510
511 if (argc < 4)
512 {
4a6e2ee4 513 com_err(whoami, 0, "Unable to process %s", "argc < 4");
cd9e6b16 514 exit(1);
515 }
516 beforec = atoi(argv[2]);
517 afterc = atoi(argv[3]);
518
519 if (argc < (4 + beforec + afterc))
520 {
4a6e2ee4 521 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
cd9e6b16 522 exit(1);
523 }
524
525 table = argv[1];
526 before = &argv[4];
527 after = &argv[4 + beforec];
528
74647f91 529 if (!strcmp(table, "filesys"))
530 exit(0);
531
68ba2617 532 if (afterc == 0)
533 after = NULL;
534 if (beforec == 0)
535 before = NULL;
536
bfb6f0ad 537 for (i = 1; i < argc; i++)
0d958b3c 538 {
bfb6f0ad 539 strcat(tbl_buf, argv[i]);
540 strcat(tbl_buf, " ");
0d958b3c 541 }
bfb6f0ad 542 com_err(whoami, 0, "%s", tbl_buf);
543
26503e15 544 memset(PrincipalName, '\0', sizeof(PrincipalName));
cd9e6b16 545 memset(ldap_domain, '\0', sizeof(ldap_domain));
d7051053 546 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
3abb4456 547 UseSFU30 = 0;
26503e15 548 NoChangeConfigFile = 0;
d7051053 549
26503e15 550 check_winad();
551
552 ReadConfigFile();
553 OldUseSFU30 = UseSFU30;
d7051053 554
26503e15 555 get_tickets();
535f3d5e 556
5d0a7127 557 initialize_sms_error_table();
558 initialize_krb_error_table();
cd9e6b16 559
f78c7eaf 560 memset(default_server, '\0', sizeof(default_server));
561 memset(dn_path, '\0', sizeof(dn_path));
89db421e 562 for (i = 0; i < 5; i++)
cd9e6b16 563 {
26503e15 564 ldap_handle = (LDAP *)NULL;
d7051053 565 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
26503e15 566 default_server, 1, ServerList)))
89db421e 567 break;
26503e15 568 if (ldap_handle == NULL)
d7051053 569 {
26503e15 570 if (!NoChangeConfigFile)
d7051053 571 {
26503e15 572 for (j = 0; j < MAX_SERVER_NAMES; j++)
d7051053 573 {
26503e15 574 if (ServerList[j] != NULL)
575 {
576 free(ServerList[j]);
577 ServerList[j] = NULL;
578 }
d7051053 579 }
26503e15 580 GetServerList(ldap_domain, ServerList);
d7051053 581 }
d7051053 582 }
89db421e 583 }
26503e15 584
585 if ((rc) || (ldap_handle == NULL))
89db421e 586 {
587 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
26503e15 588 destroy_cache();
cd9e6b16 589 exit(1);
590 }
cd9e6b16 591
9db0b148 592 for (i = 0; i < (int)strlen(table); i++)
593 table[i] = tolower(table[i]);
4a6e2ee4 594
5d0a7127 595 if (!strcmp(table, "users"))
f78c7eaf 596 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
597 afterc);
5d0a7127 598 else if (!strcmp(table, "list"))
cd9e6b16 599 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
600 afterc);
5d0a7127 601 else if (!strcmp(table, "imembers"))
cd9e6b16 602 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
603 afterc);
6c8f12af 604 else if (!strcmp(table, "containers"))
605 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
606 afterc);
bbef4f93 607 else if (!strcmp(table, "mcntmap"))
608 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
609 afterc);
d7051053 610 if (OldUseSFU30 != UseSFU30)
611 {
26503e15 612 if (!NoChangeConfigFile)
613 GetServerList(ldap_domain, ServerList);
d7051053 614 }
f78c7eaf 615 ad_kdc_disconnect();
d7051053 616 for (i = 0; i < MAX_SERVER_NAMES; i++)
617 {
618 if (ServerList[i] != NULL)
619 {
620 free(ServerList[i]);
621 ServerList[i] = NULL;
622 }
623 }
5d0a7127 624 rc = ldap_unbind_s(ldap_handle);
26503e15 625 destroy_cache();
5d0a7127 626 exit(0);
627}
628
bbef4f93 629void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
630 char **before, int beforec, char **after, int afterc)
631{
632 char MoiraContainerName[128];
633 char ADContainerName[128];
3abb4456 634 char MachineName[1024];
635 char OriginalMachineName[1024];
bbef4f93 636 long rc;
209367bd 637 int DeleteMachine;
638 char MoiraContainerGroup[64];
bbef4f93 639
209367bd 640 DeleteMachine = 0;
bbef4f93 641 memset(ADContainerName, '\0', sizeof(ADContainerName));
209367bd 642 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
643
bbef4f93 644 if ((beforec == 0) && (afterc == 0))
645 return;
646
647 if (rc = moira_connect())
648 {
649 critical_alert("AD incremental",
650 "Error contacting Moira server : %s",
651 error_message(rc));
652 return;
653 }
654
655 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
656 {
3abb4456 657 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
bbef4f93 658 strcpy(MachineName, before[OU_MACHINE_NAME]);
3abb4456 659 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
660 DeleteMachine = 1;
661 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
bbef4f93 662 }
663 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
664 {
3abb4456 665 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
bbef4f93 666 strcpy(MachineName, after[OU_MACHINE_NAME]);
3abb4456 667 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
668 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
bbef4f93 669 }
670 else
209367bd 671 {
3abb4456 672 moira_disconnect();
bbef4f93 673 return;
209367bd 674 }
bbef4f93 675
3abb4456 676 rc = GetMachineName(MachineName);
677 if (strlen(MachineName) == 0)
678 {
679 moira_disconnect();
680 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
681 return;
682 }
209367bd 683 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
684 DeleteMachine);
bbef4f93 685 if (machine_check(ldap_handle, dn_path, MachineName))
686 {
4a6e2ee4 687 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
3abb4456 688 moira_disconnect();
bbef4f93 689 return;
690 }
209367bd 691 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
bbef4f93 692 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
693 if (strlen(MoiraContainerName) == 0)
694 {
4a6e2ee4 695 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
3abb4456 696 OriginalMachineName, MachineName);
bbef4f93 697 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
3abb4456 698 moira_disconnect();
bbef4f93 699 return;
700 }
701 container_get_dn(MoiraContainerName, ADContainerName);
702 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
703 strcat(MoiraContainerName, "/");
704 container_check(ldap_handle, dn_path, MoiraContainerName);
705 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
209367bd 706 moira_disconnect();
bbef4f93 707 return;
708}
709
6c8f12af 710void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
711 char **before, int beforec, char **after, int afterc)
712{
209367bd 713 long rc;
6c8f12af 714
715 if ((beforec == 0) && (afterc == 0))
716 return;
717
209367bd 718 if (rc = moira_connect())
719 {
720 critical_alert("AD incremental", "Error contacting Moira server : %s",
721 error_message(rc));
722 return;
723 }
724
6c8f12af 725 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
726 {
727 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
728 container_delete(ldap_handle, dn_path, beforec, before);
209367bd 729 Moira_container_group_delete(before);
730 moira_disconnect();
6c8f12af 731 return;
732 }
733 if ((beforec == 0) && (afterc != 0)) /*create a container*/
734 {
9cfe334f 735 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
6c8f12af 736 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
737 container_create(ldap_handle, dn_path, afterc, after);
209367bd 738 Moira_container_group_create(after);
739 moira_disconnect();
6c8f12af 740 return;
741 }
742
743 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
744 {
745 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
746 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
209367bd 747 Moira_container_group_update(before, after);
748 moira_disconnect();
6c8f12af 749 return;
750 }
9cfe334f 751 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
6c8f12af 752 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
209367bd 753 Moira_container_group_update(before, after);
754 moira_disconnect();
6c8f12af 755 return;
756}
757
89db421e 758#define L_LIST_DESC 9
759#define L_LIST_ID 10
760
cd9e6b16 761void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
762 char **before, int beforec, char **after, int afterc)
5d0a7127 763{
89db421e 764 int updateGroup;
909e0dc3 765 int ProcessGroup;
f75f605a 766 long rc;
89db421e 767 char group_membership[6];
768 char list_id[32];
f75f605a 769 int security_flag;
89db421e 770 char filter[128];
f75f605a 771 char group_ou[256];
89db421e 772 char before_list_id[32];
f75f605a 773 char before_group_membership[1];
774 int before_security_flag;
775 char before_group_ou[256];
f75f605a 776 LK_ENTRY *ptr = NULL;
9db0b148 777
778 if (beforec == 0 && afterc == 0)
779 return;
780
89db421e 781 memset(list_id, '\0', sizeof(list_id));
782 memset(before_list_id, '\0', sizeof(before_list_id));
783 memset(before_group_ou, '\0', sizeof(before_group_ou));
784 memset(before_group_membership, '\0', sizeof(before_group_membership));
785 memset(group_ou, '\0', sizeof(group_ou));
786 memset(group_membership, '\0', sizeof(group_membership));
787 updateGroup = 0;
788
789 if (beforec > L_GID)
790 {
791 if (beforec < L_LIST_ID)
792 return;
793 if (beforec > L_LIST_DESC)
794 {
795 strcpy(before_list_id, before[L_LIST_ID]);
796 }
f75f605a 797 before_security_flag = 0;
f75f605a 798 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
799 }
89db421e 800 if (afterc > L_GID)
f75f605a 801 {
89db421e 802 if (afterc < L_LIST_ID)
803 return;
804 if (afterc > L_LIST_DESC)
805 {
0a5e96ec 806 strcpy(list_id, after[L_LIST_ID]);
89db421e 807 }
f75f605a 808 security_flag = 0;
f75f605a 809 get_group_membership(group_membership, group_ou, &security_flag, after);
810 }
89db421e 811
812 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
f75f605a 813 return;
cd9e6b16 814
89db421e 815 updateGroup = 0;
816 if (beforec)
cd9e6b16 817 {
89db421e 818 updateGroup = 1;
819 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
820 before_group_ou, before_group_membership,
821 before_security_flag, CHECK_GROUPS)))
822 {
823 if (rc == AD_NO_GROUPS_FOUND)
824 updateGroup = 0;
825 else
f75f605a 826 {
89db421e 827 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
828 {
829 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
830 before_group_ou, before_group_membership,
831 before_security_flag, CLEANUP_GROUPS);
832 }
833 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
f75f605a 834 {
68ba2617 835 com_err(whoami, 0, "Unable to process list %s",
836 before[L_NAME]);
f75f605a 837 return;
838 }
89db421e 839 if (rc == AD_NO_GROUPS_FOUND)
840 updateGroup = 0;
841 }
842 }
843 }
844
845 if ((beforec != 0) && (afterc != 0))
846 {
847 if (((strcmp(after[L_NAME], before[L_NAME])) ||
848 ((!strcmp(after[L_NAME], before[L_NAME])) &&
849 (strcmp(before_group_ou, group_ou)))) &&
850 (updateGroup == 1))
851 {
852 com_err(whoami, 0, "Changing list name from %s to %s",
853 before[L_NAME], after[L_NAME]);
854 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
855 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
856 {
4a6e2ee4 857 com_err(whoami, 0, "%s", "Unable to find the group OU's");
89db421e 858 return;
859 }
860 memset(filter, '\0', sizeof(filter));
861 if ((rc = group_rename(ldap_handle, dn_path,
862 before[L_NAME], before_group_membership,
863 before_group_ou, before_security_flag, before[L_LIST_DESC],
864 after[L_NAME], group_membership,
865 group_ou, security_flag, after[L_LIST_DESC],
866 list_id, filter)))
867 {
868 if (rc != AD_NO_GROUPS_FOUND)
f75f605a 869 {
4a6e2ee4 870 com_err(whoami, 0, "Unable to change list name from %s to %s",
89db421e 871 before[L_NAME], after[L_NAME]);
f75f605a 872 return;
873 }
89db421e 874 updateGroup = 0;
f75f605a 875 }
89db421e 876 beforec = 0;
f75f605a 877 }
878 else
89db421e 879 beforec = 0;
cd9e6b16 880 }
881
89db421e 882 if (beforec)
984c91b7 883 {
f75f605a 884 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
984c91b7 885 {
4a6e2ee4 886 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
f75f605a 887 return;
888 }
984c91b7 889 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
89db421e 890 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
891 before_group_membership, before_list_id);
f75f605a 892 return;
5d0a7127 893 }
89db421e 894 if (afterc)
5d0a7127 895 {
89db421e 896 if (!updateGroup)
897 {
898 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
899 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
900 group_ou, group_membership,
901 security_flag, CHECK_GROUPS))
902 {
903 if (rc != AD_NO_GROUPS_FOUND)
904 {
905 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
906 {
907 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
908 group_ou, group_membership,
909 security_flag, CLEANUP_GROUPS);
910 }
911 if (rc)
912 {
4a6e2ee4 913 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
89db421e 914 return;
915 }
916 }
917 }
918 }
919 else
920 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
cd9e6b16 921
f75f605a 922 if (rc = moira_connect())
923 {
924 critical_alert("AD incremental",
925 "Error contacting Moira server : %s",
926 error_message(rc));
927 return;
928 }
929
909e0dc3 930 ProcessGroup = 0;
931 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
932 return;
933 if (ProcessGroup)
934 {
935 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
936 return;
937 }
89db421e 938 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
939 group_ou, group_membership, security_flag, updateGroup))
cd9e6b16 940 {
f75f605a 941 moira_disconnect();
f75f605a 942 return;
cd9e6b16 943 }
89db421e 944 if (atoi(after[L_ACTIVE]))
cd9e6b16 945 {
89db421e 946 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
947 group_membership, security_flag, list_id);
cd9e6b16 948 }
f75f605a 949 moira_disconnect();
5d0a7127 950 }
f75f605a 951 return;
5d0a7127 952}
953
f75f605a 954#define LM_EXTRA_ACTIVE (LM_END)
955#define LM_EXTRA_PUBLIC (LM_END+1)
956#define LM_EXTRA_HIDDEN (LM_END+2)
957#define LM_EXTRA_MAILLIST (LM_END+3)
958#define LM_EXTRA_GROUP (LM_END+4)
959#define LM_EXTRA_GID (LM_END+5)
89db421e 960#define LMN_LIST_ID (LM_END+6)
961#define LM_LIST_ID (LM_END+7)
962#define LM_USER_ID (LM_END+8)
963#define LM_EXTRA_END (LM_END+9)
984c91b7 964
5d0a7127 965void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 966 char **before, int beforec, char **after, int afterc)
5d0a7127 967{
cd9e6b16 968 char group_name[128];
969 char user_name[128];
9db0b148 970 char user_type[128];
89db421e 971 char moira_list_id[32];
972 char moira_user_id[32];
f75f605a 973 char group_membership[1];
f75f605a 974 char group_ou[256];
5f7b0741 975 char machine_ou[256];
f75f605a 976 char *args[16];
977 char **ptr;
89db421e 978 char *av[7];
979 char *call_args[7];
f75f605a 980 char *pUserOu;
cc1e4a1d 981 char NewMachineName[1024];
89db421e 982 int security_flag;
983 int rc;
909e0dc3 984 int ProcessGroup;
f75f605a 985
986 pUserOu = NULL;
987 ptr = NULL;
89db421e 988 memset(moira_list_id, '\0', sizeof(moira_list_id));
989 memset(moira_user_id, '\0', sizeof(moira_user_id));
5d0a7127 990 if (afterc)
991 {
89db421e 992 if (afterc < LM_EXTRA_GID)
f75f605a 993 return;
984c91b7 994 if (!atoi(after[LM_EXTRA_ACTIVE]))
4a6e2ee4 995 {
996 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
cd9e6b16 997 return;
4a6e2ee4 998 }
f75f605a 999 ptr = after;
89db421e 1000 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
4a6e2ee4 1001 {
1002 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1003 after[2], after[0], after[0]);
1004 return;
1005 }
984c91b7 1006 strcpy(user_name, after[LM_MEMBER]);
1007 strcpy(group_name, after[LM_LIST]);
1008 strcpy(user_type, after[LM_TYPE]);
5f7b0741 1009 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1010 {
1011 if (afterc > LM_EXTRA_GROUP)
1012 {
f7c496a6 1013 strcpy(moira_list_id, after[LMN_LIST_ID]);
1014 strcpy(moira_user_id, after[LM_LIST_ID]);
5f7b0741 1015 }
1016 }
1017 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
89db421e 1018 {
1019 if (afterc > LMN_LIST_ID)
1020 {
1021 strcpy(moira_list_id, after[LM_LIST_ID]);
1022 strcpy(moira_user_id, after[LM_USER_ID]);
1023 }
1024 }
1025 else
1026 {
1027 if (afterc > LM_EXTRA_GID)
1028 strcpy(moira_list_id, after[LMN_LIST_ID]);
1029 }
5d0a7127 1030 }
1031 else if (beforec)
1032 {
89db421e 1033 if (beforec < LM_EXTRA_GID)
f75f605a 1034 return;
984c91b7 1035 if (!atoi(before[LM_EXTRA_ACTIVE]))
4a6e2ee4 1036 {
1037 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
9db0b148 1038 return;
4a6e2ee4 1039 }
f75f605a 1040 ptr = before;
89db421e 1041 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
4a6e2ee4 1042 {
1043 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1044 before[2], before[0], before[0]);
1045 return;
1046 }
984c91b7 1047 strcpy(user_name, before[LM_MEMBER]);
1048 strcpy(group_name, before[LM_LIST]);
1049 strcpy(user_type, before[LM_TYPE]);
5f7b0741 1050 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1051 {
1052 if (beforec > LM_EXTRA_GROUP)
1053 {
f7c496a6 1054 strcpy(moira_list_id, before[LMN_LIST_ID]);
1055 strcpy(moira_user_id, before[LM_LIST_ID]);
5f7b0741 1056 }
1057 }
1058 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
89db421e 1059 {
1060 if (beforec > LMN_LIST_ID)
1061 {
1062 strcpy(moira_list_id, before[LM_LIST_ID]);
1063 strcpy(moira_user_id, before[LM_USER_ID]);
1064 }
1065 }
1066 else
1067 {
1068 if (beforec > LM_EXTRA_GID)
1069 strcpy(moira_list_id, before[LMN_LIST_ID]);
1070 }
5d0a7127 1071 }
cd9e6b16 1072
f75f605a 1073 if (ptr == NULL)
4a6e2ee4 1074 {
1075 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1076 return;
1077 }
f75f605a 1078
1079 args[L_NAME] = ptr[LM_LIST];
1080 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1081 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1082 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1083 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1084 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1085 args[L_GID] = ptr[LM_EXTRA_GID];
1086
1087 security_flag = 0;
1088 memset(group_ou, '\0', sizeof(group_ou));
1089 get_group_membership(group_membership, group_ou, &security_flag, args);
1090 if (strlen(group_ou) == 0)
cd9e6b16 1091 {
4a6e2ee4 1092 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
cd9e6b16 1093 return;
1094 }
89db421e 1095 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1096 {
1097 if (rc != AD_NO_GROUPS_FOUND)
1098 {
1099 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1100 {
1101 if (rc != AD_NO_GROUPS_FOUND)
1102 {
1103 if (afterc)
4a6e2ee4 1104 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
89db421e 1105 else
4a6e2ee4 1106 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
89db421e 1107 return;
1108 }
1109 }
1110 }
1111 }
1112 if (rc == AD_NO_GROUPS_FOUND)
1113 {
1114 if (rc = moira_connect())
1115 {
1116 critical_alert("AD incremental",
1117 "Error contacting Moira server : %s",
1118 error_message(rc));
1119 return;
1120 }
f75f605a 1121
89db421e 1122 com_err(whoami, 0, "creating group %s", group_name);
909e0dc3 1123 ProcessGroup = 0;
1124 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1125 return;
1126 if (ProcessGroup)
1127 {
1128 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1129 return;
1130 }
89db421e 1131 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1132 group_ou, group_membership, security_flag, 0))
1133 {
1134 moira_disconnect();
1135 return;
1136 }
1137 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1138 {
1139 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1140 group_membership, security_flag, moira_list_id);
1141 }
1142 moira_disconnect();
1143 }
f75f605a 1144 rc = 0;
1145 if (beforec)
1146 {
89db421e 1147 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
f75f605a 1148 pUserOu = user_ou;
5f7b0741 1149 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1150 {
1151 memset(machine_ou, '\0', sizeof(machine_ou));
cc1e4a1d 1152 memset(NewMachineName, '\0', sizeof(NewMachineName));
1153 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
5f7b0741 1154 return;
cc1e4a1d 1155 ptr[LM_MEMBER] = NewMachineName;
5f7b0741 1156 pUserOu = machine_ou;
1157 }
f75f605a 1158 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
cd9e6b16 1159 {
f75f605a 1160 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1161 return;
1162 pUserOu = contact_ou;
1163 }
1164 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1165 {
1166 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1167 return;
1168 pUserOu = kerberos_ou;
1169 }
89db421e 1170 if (rc = member_remove(ldap_handle, dn_path, group_name,
1171 group_ou, group_membership, ptr[LM_MEMBER],
1172 pUserOu, moira_list_id))
4a6e2ee4 1173 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
89db421e 1174 return;
f75f605a 1175 }
89db421e 1176
1177 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1178 pUserOu = user_ou;
5f7b0741 1179
1180 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1181 {
1182 memset(machine_ou, '\0', sizeof(machine_ou));
cc1e4a1d 1183 memset(NewMachineName, '\0', sizeof(NewMachineName));
1184 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
5f7b0741 1185 return;
cc1e4a1d 1186 ptr[LM_MEMBER] = NewMachineName;
5f7b0741 1187 pUserOu = machine_ou;
1188 }
1189 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
f75f605a 1190 {
89db421e 1191 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
f75f605a 1192 return;
89db421e 1193 pUserOu = contact_ou;
1194 }
1195 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1196 {
1197 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1198 return;
1199 pUserOu = kerberos_ou;
1200 }
1201 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1202 {
1203 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1204 moira_user_id)) == AD_NO_USER_FOUND)
f75f605a 1205 {
89db421e 1206 if (rc = moira_connect())
1207 {
1208 critical_alert("AD incremental",
1209 "Error connection to Moira : %s",
1210 error_message(rc));
1211 return;
1212 }
1213 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1214 av[0] = ptr[LM_MEMBER];
1215 call_args[0] = (char *)ldap_handle;
1216 call_args[1] = dn_path;
1217 call_args[2] = moira_user_id;
1218 call_args[3] = NULL;
1219 sid_base = NULL;
1220 sid_ptr = &sid_base;
1221 callback_rc = 0;
1222 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1223 call_args))
1224 {
1225 moira_disconnect();
4a6e2ee4 1226 com_err(whoami, 0, "Unable to create user %s : %s",
89db421e 1227 ptr[LM_MEMBER], error_message(rc));
1228 return;
1229 }
1230 if (callback_rc)
1231 {
1232 moira_disconnect();
4a6e2ee4 1233 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
89db421e 1234 return;
1235 }
1236 sleep(1);
1237 if (sid_base != NULL)
1238 {
1239 sid_update(ldap_handle, dn_path);
1240 linklist_free(sid_base);
1241 }
f75f605a 1242 }
89db421e 1243 else
f75f605a 1244 {
89db421e 1245 if (rc != 0)
f75f605a 1246 return;
cd9e6b16 1247 }
89db421e 1248 pUserOu = user_ou;
cd9e6b16 1249 }
89db421e 1250
1251 if (rc = member_add(ldap_handle, dn_path, group_name,
1252 group_ou, group_membership, ptr[LM_MEMBER],
1253 pUserOu, moira_list_id))
cd9e6b16 1254 {
4a6e2ee4 1255 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
f75f605a 1256 }
1257 return;
5d0a7127 1258}
1259
cd9e6b16 1260
3abb4456 1261#define U_USER_ID 10
1262#define U_HOMEDIR 11
1263#define U_PROFILEDIR 12
89db421e 1264
f78c7eaf 1265void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1266 char **before, int beforec, char **after,
cd9e6b16 1267 int afterc)
5d0a7127 1268{
984c91b7 1269 int rc;
89db421e 1270 char *av[7];
1271 char after_user_id[32];
1272 char before_user_id[32];
1273 char *call_args[7];
984c91b7 1274
5b8457c5 1275 if ((beforec == 0) && (afterc == 0))
984c91b7 1276 return;
1277
89db421e 1278 memset(after_user_id, '\0', sizeof(after_user_id));
1279 memset(before_user_id, '\0', sizeof(before_user_id));
1280 if (beforec > U_USER_ID)
1281 strcpy(before_user_id, before[U_USER_ID]);
1282 if (afterc > U_USER_ID)
1283 strcpy(after_user_id, after[U_USER_ID]);
984c91b7 1284
89db421e 1285 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
984c91b7 1286 return;
cd9e6b16 1287
4a6e2ee4 1288 if ((beforec == 0) && (afterc != 0))
1289 {
1290 /*this case only happens when the account*/
1291 /*account is first created but not usable*/
1292 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1293 return;
1294 }
89db421e 1295 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1296 { /*is expunged*/
1297 if (atoi(before[U_STATE]) == 0)
cd9e6b16 1298 {
89db421e 1299 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1300 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
cd9e6b16 1301 }
4a6e2ee4 1302 else
1303 {
1304 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1305 }
f75f605a 1306 return;
5d0a7127 1307 }
f75f605a 1308
89db421e 1309 /*process anything that gets here*/
c0bd7667 1310 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1311 before_user_id)) == AD_NO_USER_FOUND)
5d0a7127 1312 {
6c8f12af 1313 if (!check_string(after[U_NAME]))
1314 return;
f75f605a 1315 if (rc = moira_connect())
1316 {
1317 critical_alert("AD incremental",
1318 "Error connection to Moira : %s",
1319 error_message(rc));
1320 return;
1321 }
89db421e 1322 com_err(whoami, 0, "creating user %s", after[U_NAME]);
5d0a7127 1323
984c91b7 1324 av[0] = after[U_NAME];
cd9e6b16 1325 call_args[0] = (char *)ldap_handle;
1326 call_args[1] = dn_path;
89db421e 1327 call_args[2] = after_user_id;
9db0b148 1328 call_args[3] = NULL;
cd9e6b16 1329 sid_base = NULL;
1330 sid_ptr = &sid_base;
5b8457c5 1331 callback_rc = 0;
cd9e6b16 1332 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1333 call_args))
1334 {
f75f605a 1335 moira_disconnect();
4a6e2ee4 1336 com_err(whoami, 0, "Unable to create user %s : %s",
f75f605a 1337 after[U_NAME], error_message(rc));
1338 return;
cd9e6b16 1339 }
5b8457c5 1340 if (callback_rc)
1341 {
1342 moira_disconnect();
4a6e2ee4 1343 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
5b8457c5 1344 return;
1345 }
f75f605a 1346 sleep(1);
cd9e6b16 1347 if (sid_base != NULL)
1348 {
1349 sid_update(ldap_handle, dn_path);
1350 linklist_free(sid_base);
1351 }
89db421e 1352 return;
1353 }
1354 else
1355 {
1356 if (rc != 0)
1357 return;
1358 }
1359 if (strcmp(before[U_NAME], after[U_NAME]))
1360 {
1361 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
f75f605a 1362 {
89db421e 1363 com_err(whoami, 0, "changing user %s to %s",
1364 before[U_NAME], after[U_NAME]);
1365 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1366 after[U_NAME])) != LDAP_SUCCESS)
f75f605a 1367 {
89db421e 1368 return;
f75f605a 1369 }
1370 }
cd9e6b16 1371 }
89db421e 1372 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1373 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1374 after[U_UID], after[U_MITID],
3abb4456 1375 after_user_id, atoi(after[U_STATE]),
1376 after[U_HOMEDIR], after[U_PROFILEDIR]);
f75f605a 1377 return;
5d0a7127 1378}
1379
1380int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
cd9e6b16 1381 char *oldValue, char *newValue,
1382 char ***modvalues, int type)
5d0a7127 1383{
cd9e6b16 1384 LK_ENTRY *linklist_ptr;
1385 int i;
1386 char *cPtr;
5d0a7127 1387
cd9e6b16 1388 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1389 == NULL)
1390 {
1391 return(1);
1392 }
5d0a7127 1393 for (i = 0; i < (modvalue_count + 1); i++)
cd9e6b16 1394 (*modvalues)[i] = NULL;
5d0a7127 1395 if (modvalue_count != 0)
1396 {
1397 linklist_ptr = linklist_base;
1398 for (i = 0; i < modvalue_count; i++)
cd9e6b16 1399 {
1400 if ((oldValue != NULL) && (newValue != NULL))
1401 {
1402 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1403 != (char *)NULL)
1404 {
1405 if (type == REPLACE)
1406 {
1407 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1408 == NULL)
1409 return(1);
1410 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1411 strcpy((*modvalues)[i], newValue);
1412 }
1413 else
1414 {
1415 if (((*modvalues)[i] = calloc(1,
1416 (int)(cPtr - linklist_ptr->value) +
1417 (linklist_ptr->length - strlen(oldValue)) +
1418 strlen(newValue) + 1)) == NULL)
1419 return(1);
1420 memset((*modvalues)[i], '\0',
1421 (int)(cPtr - linklist_ptr->value) +
1422 (linklist_ptr->length - strlen(oldValue)) +
1423 strlen(newValue) + 1);
1424 memcpy((*modvalues)[i], linklist_ptr->value,
1425 (int)(cPtr - linklist_ptr->value));
1426 strcat((*modvalues)[i], newValue);
1427 strcat((*modvalues)[i],
1428 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1429 }
1430 }
1431 else
1432 {
1433 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1434 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1435 memcpy((*modvalues)[i], linklist_ptr->value,
1436 linklist_ptr->length);
1437 }
1438 }
1439 else
1440 {
1441 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1442 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1443 memcpy((*modvalues)[i], linklist_ptr->value,
1444 linklist_ptr->length);
1445 }
1446 linklist_ptr = linklist_ptr->next;
1447 }
1448 (*modvalues)[i] = NULL;
5d0a7127 1449 }
1450 return(0);
1451}
1452
cd9e6b16 1453
5d0a7127 1454int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
cd9e6b16 1455 char **attr_array, LK_ENTRY **linklist_base,
d7051053 1456 int *linklist_count, unsigned long ScopeType)
5d0a7127 1457{
cd9e6b16 1458 ULONG rc;
5d0a7127 1459 LDAPMessage *ldap_entry;
cd9e6b16 1460
1461 rc = 0;
5d0a7127 1462 ldap_entry = NULL;
1463 (*linklist_base) = NULL;
1464 (*linklist_count) = 0;
d7051053 1465 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
cd9e6b16 1466 search_exp, attr_array, 0, &ldap_entry))
5d0a7127 1467 != LDAP_SUCCESS)
6c8f12af 1468 {
1469 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1470 return(0);
1471 }
1472
cd9e6b16 1473 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1474
5d0a7127 1475 ldap_msgfree(ldap_entry);
1476 return(rc);
1477}
1478
cd9e6b16 1479
5d0a7127 1480int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 1481 LK_ENTRY **linklist_base, int *linklist_count)
5d0a7127 1482{
cd9e6b16 1483 char distinguished_name[1024];
1484 LK_ENTRY *linklist_ptr;
1485 int rc;
1486
5d0a7127 1487 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1488 return(0);
cd9e6b16 1489
1490 memset(distinguished_name, '\0', sizeof(distinguished_name));
1491 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1492
1493 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1494 linklist_base)) != 0)
5d0a7127 1495 return(rc);
cd9e6b16 1496
5d0a7127 1497 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1498 {
cd9e6b16 1499 memset(distinguished_name, '\0', sizeof(distinguished_name));
1500 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1501
1502 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1503 linklist_base)) != 0)
1504 return(rc);
5d0a7127 1505 }
cd9e6b16 1506
5d0a7127 1507 linklist_ptr = (*linklist_base);
1508 (*linklist_count) = 0;
1509 while (linklist_ptr != NULL)
1510 {
1511 ++(*linklist_count);
1512 linklist_ptr = linklist_ptr->next;
1513 }
1514 return(0);
1515}
1516
1517int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 1518 char *distinguished_name, LK_ENTRY **linklist_current)
5d0a7127 1519{
cd9e6b16 1520 char *Attribute;
1521 BerElement *ptr;
1522
5d0a7127 1523 ptr = NULL;
cd9e6b16 1524 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
5d0a7127 1525 {
cd9e6b16 1526 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1527 linklist_current);
5d0a7127 1528 ldap_memfree(Attribute);
cd9e6b16 1529 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1530 ptr)) != NULL)
1531 {
1532 retrieve_values(ldap_handle, ldap_entry, Attribute,
1533 distinguished_name, linklist_current);
1534 ldap_memfree(Attribute);
1535 }
5d0a7127 1536 }
cd9e6b16 1537 ldap_ber_free(ptr, 0);
5d0a7127 1538 return(0);
1539}
1540
cd9e6b16 1541int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1542 char *Attribute, char *distinguished_name,
1543 LK_ENTRY **linklist_current)
5d0a7127 1544{
cd9e6b16 1545 char **str_value;
1546 char temp[256];
1547 void **Ptr;
1548 int use_bervalue;
1549 LK_ENTRY *linklist_previous;
5d0a7127 1550 LDAP_BERVAL **ber_value;
cd9e6b16 1551 DWORD ber_length;
5d0a7127 1552#ifdef LDAP_DEBUG
cd9e6b16 1553 SID *sid;
1554 GUID *guid;
1555 int i;
1556 int intValue;
1557 DWORD *subauth;
1558 SID_IDENTIFIER_AUTHORITY *sid_auth;
1559 unsigned char *subauth_count;
1560#endif /*LDAP_BEGUG*/
5d0a7127 1561
1562 use_bervalue = 0;
1563 memset(temp, '\0', sizeof(temp));
1564 if ((!strcmp(Attribute, "objectSid")) ||
1565 (!strcmp(Attribute, "objectGUID")))
1566 use_bervalue = 1;
cd9e6b16 1567
5d0a7127 1568 if (use_bervalue)
1569 {
1570 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1571 Ptr = (void **)ber_value;
1572 str_value = NULL;
cd9e6b16 1573 }
5d0a7127 1574 else
1575 {
1576 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1577 Ptr = (void **)str_value;
1578 ber_value = NULL;
1579 }
1580 if (Ptr != NULL)
1581 {
1582 for (; *Ptr; Ptr++)
cd9e6b16 1583 {
1584 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1585 return(1);
1586 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1587 linklist_previous->next = (*linklist_current);
1588 (*linklist_current) = linklist_previous;
1589
1590 if (((*linklist_current)->attribute = calloc(1,
1591 strlen(Attribute) + 1)) == NULL)
1592 return(1);
1593 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1594 strcpy((*linklist_current)->attribute, Attribute);
1595 if (use_bervalue)
1596 {
1597 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1598 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1599 return(1);
1600 memset((*linklist_current)->value, '\0', ber_length);
1601 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1602 ber_length);
1603 (*linklist_current)->length = ber_length;
1604 }
1605 else
1606 {
1607 if (((*linklist_current)->value = calloc(1,
1608 strlen(*Ptr) + 1)) == NULL)
1609 return(1);
1610 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1611 (*linklist_current)->length = strlen(*Ptr);
1612 strcpy((*linklist_current)->value, *Ptr);
1613 }
1614 (*linklist_current)->ber_value = use_bervalue;
1615 if (((*linklist_current)->dn = calloc(1,
1616 strlen(distinguished_name) + 1)) == NULL)
1617 return(1);
1618 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1619 strcpy((*linklist_current)->dn, distinguished_name);
1620
5d0a7127 1621#ifdef LDAP_DEBUG
cd9e6b16 1622 if (!strcmp(Attribute, "objectGUID"))
1623 {
1624 guid = (GUID *)((*linklist_current)->value);
1625 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1626 guid->Data1, guid->Data2, guid->Data3,
1627 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1628 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1629 guid->Data4[6], guid->Data4[7]);
1630 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1631 }
1632 else if (!strcmp(Attribute, "objectSid"))
1633 {
1634 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
5d0a7127 1635#ifdef _WIN32
cd9e6b16 1636 print_to_screen(" Revision = %d\n", sid->Revision);
1637 print_to_screen(" SID Identifier Authority:\n");
1638 sid_auth = &sid->IdentifierAuthority;
1639 if (sid_auth->Value[0])
1640 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1641 else if (sid_auth->Value[1])
1642 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1643 else if (sid_auth->Value[2])
1644 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1645 else if (sid_auth->Value[3])
1646 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1647 else if (sid_auth->Value[5])
1648 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1649 else
1650 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1651 subauth_count = GetSidSubAuthorityCount(sid);
1652 print_to_screen(" SidSubAuthorityCount = %d\n",
1653 *subauth_count);
1654 print_to_screen(" SidSubAuthority:\n");
1655 for (i = 0; i < *subauth_count; i++)
1656 {
1657 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1658 print_to_screen(" %u\n", *subauth);
1659 }
5d0a7127 1660#endif
cd9e6b16 1661 }
1662 else if ((!memcmp(Attribute, "userAccountControl",
1663 strlen("userAccountControl"))) ||
1664 (!memcmp(Attribute, "sAMAccountType",
1665 strlen("sAmAccountType"))))
1666 {
1667 intValue = atoi(*Ptr);
1668 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1669 if (!memcmp(Attribute, "userAccountControl",
1670 strlen("userAccountControl")))
1671 {
1672 if (intValue & UF_ACCOUNTDISABLE)
1673 print_to_screen(" %20s : %s\n",
1674 "", "Account disabled");
1675 else
1676 print_to_screen(" %20s : %s\n",
1677 "", "Account active");
1678 if (intValue & UF_HOMEDIR_REQUIRED)
1679 print_to_screen(" %20s : %s\n",
1680 "", "Home directory required");
1681 if (intValue & UF_LOCKOUT)
1682 print_to_screen(" %20s : %s\n",
1683 "", "Account locked out");
1684 if (intValue & UF_PASSWD_NOTREQD)
1685 print_to_screen(" %20s : %s\n",
1686 "", "No password required");
1687 if (intValue & UF_PASSWD_CANT_CHANGE)
1688 print_to_screen(" %20s : %s\n",
1689 "", "Cannot change password");
1690 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1691 print_to_screen(" %20s : %s\n",
1692 "", "Temp duplicate account");
1693 if (intValue & UF_NORMAL_ACCOUNT)
1694 print_to_screen(" %20s : %s\n",
1695 "", "Normal account");
1696 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1697 print_to_screen(" %20s : %s\n",
1698 "", "Interdomain trust account");
1699 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1700 print_to_screen(" %20s : %s\n",
1701 "", "Workstation trust account");
1702 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1703 print_to_screen(" %20s : %s\n",
1704 "", "Server trust account");
1705 }
1706 }
1707 else
1708 {
1709 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1710 }
5d0a7127 1711#endif /*LDAP_DEBUG*/
cd9e6b16 1712 }
5d0a7127 1713 if (str_value != NULL)
cd9e6b16 1714 ldap_value_free(str_value);
5d0a7127 1715 if (ber_value != NULL)
cd9e6b16 1716 ldap_value_free_len(ber_value);
5d0a7127 1717 }
1718 (*linklist_current) = linklist_previous;
1719 return(0);
1720}
1721
5d0a7127 1722int moira_connect(void)
1723{
cd9e6b16 1724 long rc;
1725 char HostName[64];
1726
5d0a7127 1727 if (!mr_connections++)
1728 {
1729#ifdef _WIN32
1730 memset(HostName, '\0', sizeof(HostName));
1731 strcpy(HostName, "ttsp");
cd9e6b16 1732 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1733/*det
5d0a7127 1734 rc = mr_connect(HostName);
cd9e6b16 1735*/
5d0a7127 1736#else
1737 struct utsname uts;
1738 uname(&uts);
cd9e6b16 1739 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1740/*
5d0a7127 1741 rc = mr_connect(uts.nodename);
cd9e6b16 1742*/
5d0a7127 1743#endif /*WIN32*/
cd9e6b16 1744/*det
5d0a7127 1745 if (!rc)
cd9e6b16 1746 rc = mr_auth("winad.incr");
1747*/
5d0a7127 1748 return rc;
1749 }
1750 return 0;
1751}
1752
0d958b3c 1753void check_winad(void)
1754{
1755 int i;
1756
1757 for (i = 0; file_exists(STOP_FILE); i++)
1758 {
1759 if (i > 30)
1760 {
f75f605a 1761 critical_alert("AD incremental",
f78c7eaf 1762 "WINAD incremental failed (%s exists): %s",
1763 STOP_FILE, tbl_buf);
1764 exit(1);
1765 }
0d958b3c 1766 sleep(60);
1767 }
1768}
1769
5d0a7127 1770int moira_disconnect(void)
1771{
5d0a7127 1772
cd9e6b16 1773 if (!--mr_connections)
5d0a7127 1774 {
cd9e6b16 1775 mr_disconnect();
5d0a7127 1776 }
cd9e6b16 1777 return 0;
5d0a7127 1778}
1779
5d0a7127 1780void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 1781 char *distinguished_name)
5d0a7127 1782{
cd9e6b16 1783 char *CName;
1784
5d0a7127 1785 CName = ldap_get_dn(ldap_handle, ldap_entry);
1786 if (CName == NULL)
1787 return;
1788 strcpy(distinguished_name, CName);
1789 ldap_memfree(CName);
1790}
1791
1792int linklist_create_entry(char *attribute, char *value,
cd9e6b16 1793 LK_ENTRY **linklist_entry)
5d0a7127 1794{
1795 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1796 if (!(*linklist_entry))
1797 {
1798 return(1);
1799 }
1800 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1801 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1802 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1803 strcpy((*linklist_entry)->attribute, attribute);
1804 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1805 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1806 strcpy((*linklist_entry)->value, value);
1807 (*linklist_entry)->length = strlen(value);
1808 (*linklist_entry)->next = NULL;
1809 return(0);
1810}
1811
1812void print_to_screen(const char *fmt, ...)
1813{
1814 va_list pvar;
cd9e6b16 1815
5d0a7127 1816 va_start(pvar, fmt);
1817 vfprintf(stderr, fmt, pvar);
1818 fflush(stderr);
1819 va_end(pvar);
1820}
cd9e6b16 1821
1822int get_group_membership(char *group_membership, char *group_ou,
1823 int *security_flag, char **av)
1824{
1825 int maillist_flag;
1826 int group_flag;
1827
1828 maillist_flag = atoi(av[L_MAILLIST]);
1829 group_flag = atoi(av[L_GROUP]);
1830 if (security_flag != NULL)
1831 (*security_flag) = 0;
1832
1833 if ((maillist_flag) && (group_flag))
1834 {
1835 if (group_membership != NULL)
1836 group_membership[0] = 'B';
1837 if (security_flag != NULL)
1838 (*security_flag) = 1;
1839 if (group_ou != NULL)
1840 strcpy(group_ou, group_ou_both);
1841 }
1842 else if ((!maillist_flag) && (group_flag))
1843 {
1844 if (group_membership != NULL)
1845 group_membership[0] = 'S';
1846 if (security_flag != NULL)
1847 (*security_flag) = 1;
1848 if (group_ou != NULL)
1849 strcpy(group_ou, group_ou_security);
1850 }
1851 else if ((maillist_flag) && (!group_flag))
1852 {
1853 if (group_membership != NULL)
1854 group_membership[0] = 'D';
1855 if (group_ou != NULL)
1856 strcpy(group_ou, group_ou_distribution);
1857 }
1858 else
1859 {
1860 if (group_membership != NULL)
1861 group_membership[0] = 'N';
1862 if (group_ou != NULL)
1863 strcpy(group_ou, group_ou_neither);
1864 }
1865 return(0);
1866}
1867
f75f605a 1868int group_rename(LDAP *ldap_handle, char *dn_path,
1869 char *before_group_name, char *before_group_membership,
5a775f54 1870 char *before_group_ou, int before_security_flag, char *before_desc,
f75f605a 1871 char *after_group_name, char *after_group_membership,
89db421e 1872 char *after_group_ou, int after_security_flag, char *after_desc,
1873 char *MoiraId, char *filter)
9db0b148 1874{
1875 LDAPMod *mods[20];
1876 char old_dn[512];
1877 char new_dn[512];
78af4e6e 1878 char new_dn_path[512];
78af4e6e 1879 char sam_name[256];
9db0b148 1880 char *attr_array[3];
89db421e 1881 char *mitMoiraId_v[] = {NULL, NULL};
9db0b148 1882 char *name_v[] = {NULL, NULL};
78af4e6e 1883 char *samAccountName_v[] = {NULL, NULL};
c76c595a 1884 char *groupTypeControl_v[] = {NULL, NULL};
1885 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1886 char groupTypeControlStr[80];
9db0b148 1887 int n;
1888 int i;
1889 int rc;
9db0b148 1890 LK_ENTRY *group_base;
1891 int group_count;
9db0b148 1892
f75f605a 1893 if (!check_string(before_group_name))
78af4e6e 1894 {
4a6e2ee4 1895 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
89db421e 1896 return(AD_INVALID_NAME);
78af4e6e 1897 }
f75f605a 1898 if (!check_string(after_group_name))
78af4e6e 1899 {
4a6e2ee4 1900 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
89db421e 1901 return(AD_INVALID_NAME);
1902 }
1903
1904 group_count = 0;
1905 group_base = NULL;
1906 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1907 before_group_membership,
1908 MoiraId, "distinguishedName", &group_base,
1909 &group_count, filter))
1910 return(rc);
1911
1912 if (group_count == 0)
1913 {
1914 return(AD_NO_GROUPS_FOUND);
1915 }
1916 if (group_count != 1)
1917 {
1918 com_err(whoami, 0,
4a6e2ee4 1919 "Unable to process multiple groups with MoiraId = %s exist in the AD",
89db421e 1920 MoiraId);
1921 return(AD_MULTIPLE_GROUPS_FOUND);
78af4e6e 1922 }
89db421e 1923 strcpy(old_dn, group_base->value);
78af4e6e 1924
89db421e 1925 linklist_free(group_base);
1926 group_base = NULL;
1927 group_count = 0;
1928 attr_array[0] = "sAMAccountName";
9db0b148 1929 attr_array[1] = NULL;
89db421e 1930 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 1931 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
9db0b148 1932 {
4a6e2ee4 1933 com_err(whoami, 0, "Unable to get list %s dn : %s",
f75f605a 1934 after_group_name, ldap_err2string(rc));
1935 return(rc);
9db0b148 1936 }
1937 if (group_count != 1)
1938 {
89db421e 1939 com_err(whoami, 0,
1940 "Unable to get sAMAccountName for group %s",
1941 before_group_name);
1942 return(AD_LDAP_FAILURE);
9db0b148 1943 }
89db421e 1944
1945 strcpy(sam_name, group_base->value);
9db0b148 1946 linklist_free(group_base);
1947 group_base = NULL;
1948 group_count = 0;
1949
f75f605a 1950 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1951 sprintf(new_dn, "cn=%s", after_group_name);
1952 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
78af4e6e 1953 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1954 {
4a6e2ee4 1955 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
89db421e 1956 before_group_name, after_group_name, ldap_err2string(rc));
f75f605a 1957 return(rc);
78af4e6e 1958 }
9db0b148 1959
f75f605a 1960 name_v[0] = after_group_name;
c0bd7667 1961 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
89db421e 1962 {
1963 sprintf(sam_name, "%s_group", after_group_name);
1964 }
1965 else
1966 {
4a6e2ee4 1967 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
89db421e 1968 before_group_name, after_group_name);
1969 return(rc);
1970 }
78af4e6e 1971 samAccountName_v[0] = sam_name;
c76c595a 1972 if (after_security_flag)
1973 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1974 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1975 groupTypeControl_v[0] = groupTypeControlStr;
4a6e2ee4 1976 mitMoiraId_v[0] = MoiraId;
1977
1978 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1979 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
9db0b148 1980 n = 0;
5a775f54 1981 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
9db0b148 1982 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
89db421e 1983 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
c76c595a 1984 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
9db0b148 1985 mods[n] = NULL;
f75f605a 1986 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
78af4e6e 1987 {
4a6e2ee4 1988 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
f75f605a 1989 after_group_name, ldap_err2string(rc));
78af4e6e 1990 }
9db0b148 1991 for (i = 0; i < n; i++)
1992 free(mods[i]);
f75f605a 1993 return(rc);
9db0b148 1994}
1995
cd9e6b16 1996int group_create(int ac, char **av, void *ptr)
1997{
1998 LDAPMod *mods[20];
5b8457c5 1999 LK_ENTRY *group_base;
cd9e6b16 2000 char new_dn[256];
2001 char group_ou[256];
2002 char new_group_name[256];
2003 char sam_group_name[256];
2004 char cn_group_name[256];
2005 char *cn_v[] = {NULL, NULL};
2006 char *objectClass_v[] = {"top", "group", NULL};
2007 char info[256];
2008 char *samAccountName_v[] = {NULL, NULL};
cd9e6b16 2009 char *altSecurityIdentities_v[] = {NULL, NULL};
89db421e 2010 char *member_v[] = {NULL, NULL};
cd9e6b16 2011 char *name_v[] = {NULL, NULL};
2012 char *desc_v[] = {NULL, NULL};
2013 char *info_v[] = {NULL, NULL};
89db421e 2014 char *mitMoiraId_v[] = {NULL, NULL};
cd9e6b16 2015 char *groupTypeControl_v[] = {NULL, NULL};
2016 char groupTypeControlStr[80];
2017 char group_membership[1];
2018 int i;
2019 int security_flag;
2020 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2021 int n;
2022 int rc;
5b8457c5 2023 int group_count;
89db421e 2024 int updateGroup;
2025 char filter[128];
cd9e6b16 2026 char *attr_array[3];
2027 char **call_args;
2028
2029 call_args = ptr;
2030
cd9e6b16 2031 if (!check_string(av[L_NAME]))
78af4e6e 2032 {
4a6e2ee4 2033 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
89db421e 2034 return(AD_INVALID_NAME);
78af4e6e 2035 }
f75f605a 2036
89db421e 2037 updateGroup = (int)call_args[4];
cd9e6b16 2038 memset(group_ou, 0, sizeof(group_ou));
2039 memset(group_membership, 0, sizeof(group_membership));
2040 security_flag = 0;
2041 get_group_membership(group_membership, group_ou, &security_flag, av);
89db421e 2042 strcpy(new_group_name, av[L_NAME]);
2043 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
cd9e6b16 2044 if (security_flag)
2045 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
89db421e 2046
2047 sprintf(sam_group_name, "%s_group", av[L_NAME]);
cd9e6b16 2048
89db421e 2049 if (!updateGroup)
2050 {
cd9e6b16 2051
89db421e 2052 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2053 groupTypeControl_v[0] = groupTypeControlStr;
cd9e6b16 2054
89db421e 2055 strcpy(cn_group_name, av[L_NAME]);
cd9e6b16 2056
89db421e 2057 samAccountName_v[0] = sam_group_name;
2058 name_v[0] = new_group_name;
2059 cn_v[0] = new_group_name;
cd9e6b16 2060
89db421e 2061 n = 0;
2062 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2063 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2064 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2065 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2066 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2067 if (strlen(av[L_DESC]) != 0)
2068 {
2069 desc_v[0] = av[L_DESC];
2070 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2071 }
2072 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2073 if (strlen(av[L_ACE_NAME]) != 0)
2074 {
2075 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2076 info_v[0] = info;
2077 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2078 }
2079 if (strlen(call_args[5]) != 0)
2080 {
2081 mitMoiraId_v[0] = call_args[5];
2082 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2083 }
2084 mods[n] = NULL;
2085
2086 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2087
2088 for (i = 0; i < n; i++)
2089 free(mods[i]);
2090 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2091 {
909e0dc3 2092 com_err(whoami, 0, "Unable to create list %s in AD : %s",
89db421e 2093 av[L_NAME], ldap_err2string(rc));
2094 callback_rc = rc;
2095 return(rc);
2096 }
78af4e6e 2097 }
89db421e 2098 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
5a775f54 2099 {
4a6e2ee4 2100 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2101 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2102 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
5a775f54 2103 n = 0;
89db421e 2104 if (strlen(call_args[5]) != 0)
2105 {
2106 mitMoiraId_v[0] = call_args[5];
2107 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2108 }
2109 if (!(atoi(av[L_ACTIVE])))
2110 {
2111 member_v[0] = NULL;
2112 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2113 }
5a775f54 2114 mods[n] = NULL;
4a6e2ee4 2115 rc = LDAP_SUCCESS;
2116 if (n != 0)
909e0dc3 2117 {
4a6e2ee4 2118 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2119 for (i = 0; i < n; i++)
2120 free(mods[i]);
2121 if (rc != LDAP_SUCCESS)
2122 {
2123 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2124 av[L_NAME], ldap_err2string(rc));
2125 callback_rc = rc;
2126 return(rc);
2127 }
909e0dc3 2128 }
5a775f54 2129 }
89db421e 2130
909e0dc3 2131 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2132 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2133
89db421e 2134 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2135 if (strlen(call_args[5]) != 0)
6c8f12af 2136 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
cd9e6b16 2137 attr_array[0] = "objectSid";
2138 attr_array[1] = NULL;
5b8457c5 2139 group_count = 0;
2140 group_base = NULL;
89db421e 2141 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
d7051053 2142 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
cd9e6b16 2143 {
3e586ecf 2144 if (group_count != 1)
2145 {
2146 if (strlen(call_args[5]) != 0)
2147 {
2148 linklist_free(group_base);
2149 group_count = 0;
2150 group_base = NULL;
2151 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2152 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
d7051053 2153 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3e586ecf 2154 }
2155 }
5b8457c5 2156 if (group_count == 1)
cd9e6b16 2157 {
5b8457c5 2158 (*sid_ptr) = group_base;
cd9e6b16 2159 (*sid_ptr)->member = strdup(av[L_NAME]);
2160 (*sid_ptr)->type = (char *)GROUPS;
2161 sid_ptr = &(*sid_ptr)->next;
2162 }
5b8457c5 2163 else
2164 {
2165 if (group_base != NULL)
2166 linklist_free(group_base);
2167 }
cd9e6b16 2168 }
5b8457c5 2169 else
2170 {
2171 if (group_base != NULL)
2172 linklist_free(group_base);
2173 }
2174 return(LDAP_SUCCESS);
cd9e6b16 2175}
2176
909e0dc3 2177int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2178 int HiddenGroup, char *AceType, char *AceName)
2179{
2180 char filter_exp[1024];
2181 char *attr_array[5];
2182 char search_path[512];
2183 char root_ou[128];
2184 char TemplateDn[512];
2185 char TemplateSamName[128];
2186 char TargetDn[512];
2187 char TargetSamName[128];
2188 char AceSamAccountName[128];
2189 char AceDn[256];
2190 unsigned char AceSid[128];
2191 unsigned char UserTemplateSid[128];
2192 char acBERBuf[N_SD_BER_BYTES];
2193 char GroupSecurityTemplate[256];
2194 int AceSidCount;
2195 int UserTemplateSidCount;
2196 int group_count;
2197 int n;
2198 int i;
2199 int rc;
2200 int nVal;
2201 ULONG dwInfo;
2202 int array_count = 0;
2203 LDAPMod *mods[20];
2204 LK_ENTRY *group_base;
2205 LDAP_BERVAL **ppsValues;
2206 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2207 { N_SD_BER_BYTES, acBERBuf },
2208 TRUE
2209 };
2210 LDAPControl *apsServerControls[] = {&sControl, NULL};
2211 LDAPMessage *psMsg;
2212
2213 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2214 BEREncodeSecurityBits(dwInfo, acBERBuf);
2215
2216 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2217 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2218 attr_array[0] = "sAMAccountName";
2219 attr_array[1] = NULL;
2220 group_count = 0;
2221 group_base = NULL;
2222 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
d7051053 2223 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
909e0dc3 2224 return(1);
2225 if (group_count != 1)
2226 {
2227 linklist_free(group_base);
2228 return(1);
2229 }
2230 strcpy(TargetDn, group_base->dn);
2231 strcpy(TargetSamName, group_base->value);
2232 linklist_free(group_base);
2233 group_base = NULL;
2234 group_count = 0;
2235
2236 UserTemplateSidCount = 0;
2237 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2238 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2239 memset(AceSid, '\0', sizeof(AceSid));
2240 AceSidCount = 0;
2241 group_base = NULL;
2242 group_count = 0;
2243 if (strlen(AceName) != 0)
2244 {
2245 if (!strcmp(AceType, "LIST"))
2246 {
2247 sprintf(AceSamAccountName, "%s_group", AceName);
2248 strcpy(root_ou, group_ou_root);
2249 }
2250 else if (!strcmp(AceType, "USER"))
2251 {
2252 sprintf(AceSamAccountName, "%s", AceName);
2253 strcpy(root_ou, user_ou);
2254 }
2255 if (strlen(AceSamAccountName) != 0)
2256 {
bbef4f93 2257 sprintf(search_path, "%s", dn_path);
909e0dc3 2258 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2259 attr_array[0] = "objectSid";
2260 attr_array[1] = NULL;
2261 group_count = 0;
2262 group_base = NULL;
2263 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
d7051053 2264 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
909e0dc3 2265 return(1);
2266 if (group_count == 1)
2267 {
2268 strcpy(AceDn, group_base->dn);
2269 AceSidCount = group_base->length;
2270 memcpy(AceSid, group_base->value, AceSidCount);
2271 }
2272 linklist_free(group_base);
2273 group_base = NULL;
2274 group_count = 0;
2275 }
2276 }
2277 if (AceSidCount == 0)
2278 {
2279 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2280 com_err(whoami, 0, " Non-admin security group template will be used.");
2281 }
2282 else
2283 {
2284 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2285 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2286 attr_array[0] = "objectSid";
2287 attr_array[1] = NULL;
2288
2289 group_count = 0;
2290 group_base = NULL;
2291 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
d7051053 2292 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
909e0dc3 2293 return(1);
2294 if ((rc != 0) || (group_count != 1))
2295 {
4a6e2ee4 2296 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
909e0dc3 2297 AceSidCount = 0;
2298 }
2299 else
2300 {
2301 UserTemplateSidCount = group_base->length;
2302 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2303 }
2304 linklist_free(group_base);
2305 group_base = NULL;
2306 group_count = 0;
2307 }
2308
2309 if (HiddenGroup)
2310 {
2311 if (AceSidCount == 0)
2312 {
2313 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2314 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2315 }
2316 else
2317 {
2318 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2319 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2320 }
2321 }
2322 else
2323 {
2324 if (AceSidCount == 0)
2325 {
2326 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2327 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2328 }
2329 else
2330 {
2331 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2332 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2333 }
2334 }
2335
2336 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2337 attr_array[0] = "sAMAccountName";
2338 attr_array[1] = NULL;
2339 group_count = 0;
2340 group_base = NULL;
2341 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
d7051053 2342 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
909e0dc3 2343 return(1);
2344 if (group_count != 1)
2345 {
2346 linklist_free(group_base);
4a6e2ee4 2347 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
909e0dc3 2348 return(1);
2349 }
2350 strcpy(TemplateDn, group_base->dn);
2351 strcpy(TemplateSamName, group_base->value);
2352 linklist_free(group_base);
2353 group_base = NULL;
2354 group_count = 0;
2355
2356 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2357 rc = ldap_search_ext_s(ldap_handle,
2358 TemplateDn,
2359 LDAP_SCOPE_SUBTREE,
2360 filter_exp,
2361 NULL,
2362 0,
2363 apsServerControls,
2364 NULL,
2365 NULL,
2366 0,
2367 &psMsg);
2368
2369 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2370 {
4a6e2ee4 2371 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
909e0dc3 2372 return(1);
2373 }
2374 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2375 if (ppsValues == NULL)
2376 {
4a6e2ee4 2377 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
909e0dc3 2378 return(1);
2379 }
2380
2381 if (AceSidCount != 0)
2382 {
2383 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2384 {
2385 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2386 {
2387 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2388 {
2389 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2390 break;
2391 }
2392 }
2393 }
2394 }
2395
2396 n = 0;
2397 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2398 mods[n] = NULL;
2399
2400 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2401 for (i = 0; i < n; i++)
2402 free(mods[i]);
2403 ldap_value_free_len(ppsValues);
2404 ldap_msgfree(psMsg);
2405 if (rc != LDAP_SUCCESS)
2406 {
4a6e2ee4 2407 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
909e0dc3 2408 TargetGroupName, ldap_err2string(rc));
2409 if (AceSidCount != 0)
2410 {
2411 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2412 TargetGroupName);
2413 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2414 HiddenGroup, "", ""))
2415 {
2416 com_err(whoami, 0, "Unable to set security for group %s.",
2417 TargetGroupName);
2418 return(rc);
2419 }
2420 }
2421 return(rc);
2422 }
909e0dc3 2423 return(rc);
2424}
2425
89db421e 2426int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2427 char *group_membership, char *MoiraId)
cd9e6b16 2428{
2429 LK_ENTRY *group_base;
f75f605a 2430 char temp[512];
89db421e 2431 char filter[128];
cd9e6b16 2432 int group_count;
2433 int rc;
2434
f75f605a 2435 if (!check_string(group_name))
78af4e6e 2436 {
4a6e2ee4 2437 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
89db421e 2438 return(AD_INVALID_NAME);
78af4e6e 2439 }
89db421e 2440
2441 memset(filter, '\0', sizeof(filter));
cd9e6b16 2442 group_count = 0;
2443 group_base = NULL;
cd9e6b16 2444 sprintf(temp, "%s,%s", group_ou_root, dn_path);
89db421e 2445 if (rc = ad_get_group(ldap_handle, temp, group_name,
2446 group_membership, MoiraId,
2447 "distinguishedName", &group_base,
2448 &group_count, filter))
2449 return(rc);
2450
cd9e6b16 2451 if (group_count == 1)
78af4e6e 2452 {
2453 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2454 {
f75f605a 2455 linklist_free(group_base);
2456 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2457 group_name, ldap_err2string(rc));
89db421e 2458 return(rc);
78af4e6e 2459 }
f75f605a 2460 linklist_free(group_base);
78af4e6e 2461 }
2462 else
2463 {
f75f605a 2464 linklist_free(group_base);
2465 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
89db421e 2466 return(AD_NO_GROUPS_FOUND);
78af4e6e 2467 }
f75f605a 2468
78af4e6e 2469 return(0);
cd9e6b16 2470}
2471
909e0dc3 2472int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2473{
2474 *pBuffer++ = 0x30;
2475 *pBuffer++ = 0x03;
2476 *pBuffer++ = 0x02;
2477 *pBuffer++ = 0x00;
2478 return(N_SD_BER_BYTES);
2479}
2480
f75f605a 2481int process_lists(int ac, char **av, void *ptr)
cd9e6b16 2482{
f75f605a 2483 int rc;
2484 int security_flag;
2485 char group_ou[256];
2486 char group_membership[2];
2487 char **call_args;
cd9e6b16 2488
2489 call_args = ptr;
2490
f75f605a 2491 security_flag = 0;
2492 memset(group_ou, '\0', sizeof(group_ou));
2493 memset(group_membership, '\0', sizeof(group_membership));
2494 get_group_membership(group_membership, group_ou, &security_flag, av);
2495 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
89db421e 2496 group_ou, group_membership, call_args[2],
2497 (char *)call_args[3], "");
cd9e6b16 2498 return(0);
2499}
2500
2501int member_list_build(int ac, char **av, void *ptr)
2502{
2503 LK_ENTRY *linklist;
78af4e6e 2504 char temp[1024];
cd9e6b16 2505 char **call_args;
2506
2507 call_args = ptr;
2508
2509 strcpy(temp, av[ACE_NAME]);
2510 if (!check_string(temp))
2511 return(0);
f78c7eaf 2512 if (!strcmp(av[ACE_TYPE], "USER"))
cd9e6b16 2513 {
f75f605a 2514 if (!((int)call_args[3] & MOIRA_USERS))
f78c7eaf 2515 return(0);
2516 }
2517 else if (!strcmp(av[ACE_TYPE], "STRING"))
2518 {
f75f605a 2519 if (!((int)call_args[3] & MOIRA_STRINGS))
f78c7eaf 2520 return(0);
2521 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2522 return(0);
cd9e6b16 2523 }
2524 else if (!strcmp(av[ACE_TYPE], "LIST"))
2525 {
f75f605a 2526 if (!((int)call_args[3] & MOIRA_LISTS))
f78c7eaf 2527 return(0);
cd9e6b16 2528 }
f78c7eaf 2529 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
cd9e6b16 2530 {
f75f605a 2531 if (!((int)call_args[3] & MOIRA_KERBEROS))
f78c7eaf 2532 return(0);
2533 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2534 return(0);
cd9e6b16 2535 }
f78c7eaf 2536 else
2537 return(0);
2538
cd9e6b16 2539 linklist = member_base;
2540 while (linklist)
2541 {
2542 if (!strcasecmp(temp, linklist->member))
2543 return(0);
2544 linklist = linklist->next;
2545 }
2546 linklist = calloc(1, sizeof(LK_ENTRY));
2547 linklist->op = 1;
2548 linklist->dn = NULL;
2549 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2550 strcpy(linklist->list, call_args[2]);
2551 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2552 strcpy(linklist->type, av[ACE_TYPE]);
2553 linklist->member = calloc(1, strlen(temp) + 1);
2554 strcpy(linklist->member, temp);
2555 linklist->next = member_base;
2556 member_base = linklist;
2557 return(0);
2558}
2559
78af4e6e 2560int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
f75f605a 2561 char *group_ou, char *group_membership, char *user_name,
89db421e 2562 char *UserOu, char *MoiraId)
78af4e6e 2563{
2564 char distinguished_name[1024];
f75f605a 2565 char *modvalues[2];
78af4e6e 2566 char temp[256];
89db421e 2567 char filter[128];
78af4e6e 2568 int group_count;
2569 int i;
2570 int n;
2571 LDAPMod *mods[20];
2572 LK_ENTRY *group_base;
2573 ULONG rc;
2574
2575 if (!check_string(group_name))
89db421e 2576 return(AD_INVALID_NAME);
2577
2578 memset(filter, '\0', sizeof(filter));
2579 group_base = NULL;
2580 group_count = 0;
2581 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2582 group_membership, MoiraId,
2583 "distinguishedName", &group_base,
2584 &group_count, filter))
2585 return(rc);
2586
78af4e6e 2587 if (group_count != 1)
2588 {
4a6e2ee4 2589 com_err(whoami, 0, "Unable to find list %s in AD",
f75f605a 2590 group_name);
2591 linklist_free(group_base);
2592 group_base = NULL;
2593 group_count = 0;
78af4e6e 2594 goto cleanup;
2595 }
2596 strcpy(distinguished_name, group_base->value);
2597 linklist_free(group_base);
2598 group_base = NULL;
2599 group_count = 0;
78af4e6e 2600
f75f605a 2601 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2602 modvalues[0] = temp;
2603 modvalues[1] = NULL;
2604
2605 n = 0;
2606 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2607 mods[n] = NULL;
2608 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2609 for (i = 0; i < n; i++)
2610 free(mods[i]);
6c8f12af 2611 if (rc == LDAP_UNWILLING_TO_PERFORM)
2612 rc = LDAP_SUCCESS;
f75f605a 2613 if (rc != LDAP_SUCCESS)
78af4e6e 2614 {
4a6e2ee4 2615 com_err(whoami, 0, "Unable to modify list %s members : %s",
f75f605a 2616 group_name, ldap_err2string(rc));
2617 goto cleanup;
78af4e6e 2618 }
2619
2620cleanup:
78af4e6e 2621 return(rc);
2622}
2623
f75f605a 2624int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
89db421e 2625 char *group_ou, char *group_membership, char *user_name,
2626 char *UserOu, char *MoiraId)
cd9e6b16 2627{
2628 char distinguished_name[1024];
f75f605a 2629 char *modvalues[2];
cd9e6b16 2630 char temp[256];
89db421e 2631 char filter[128];
cd9e6b16 2632 int group_count;
cd9e6b16 2633 int n;
f75f605a 2634 int i;
cd9e6b16 2635 LDAPMod *mods[20];
2636 LK_ENTRY *group_base;
cd9e6b16 2637 ULONG rc;
2638
89db421e 2639 if (!check_string(group_name))
2640 return(AD_INVALID_NAME);
2641
cd9e6b16 2642 rc = 0;
89db421e 2643 memset(filter, '\0', sizeof(filter));
cd9e6b16 2644 group_base = NULL;
2645 group_count = 0;
89db421e 2646 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2647 group_membership, MoiraId,
2648 "distinguishedName", &group_base,
2649 &group_count, filter))
2650 return(rc);
cd9e6b16 2651
cd9e6b16 2652 if (group_count != 1)
2653 {
f75f605a 2654 linklist_free(group_base);
2655 group_base = NULL;
2656 group_count = 0;
4a6e2ee4 2657 com_err(whoami, 0, "Unable to find list %s in AD",
f75f605a 2658 group_name);
89db421e 2659 return(AD_MULTIPLE_GROUPS_FOUND);
cd9e6b16 2660 }
f75f605a 2661
cd9e6b16 2662 strcpy(distinguished_name, group_base->value);
2663 linklist_free(group_base);
2664 group_base = NULL;
2665 group_count = 0;
2666
f75f605a 2667 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2668 modvalues[0] = temp;
2669 modvalues[1] = NULL;
cd9e6b16 2670
f75f605a 2671 n = 0;
2672 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2673 mods[n] = NULL;
2674 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2675 if (rc == LDAP_ALREADY_EXISTS)
2676 rc = LDAP_SUCCESS;
89db421e 2677 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2678 {
2679 if (rc == LDAP_UNWILLING_TO_PERFORM)
2680 rc = LDAP_SUCCESS;
2681 }
f75f605a 2682 for (i = 0; i < n; i++)
2683 free(mods[i]);
2684 if (rc != LDAP_SUCCESS)
cd9e6b16 2685 {
4a6e2ee4 2686 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
89db421e 2687 user_name, group_name, ldap_err2string(rc));
cd9e6b16 2688 }
2689
f75f605a 2690 return(rc);
cd9e6b16 2691}
2692
2693int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2694{
2695 LDAPMod *mods[20];
2696 char new_dn[256];
2697 char cn_user_name[256];
2698 char contact_name[256];
f78c7eaf 2699 char *email_v[] = {NULL, NULL};
cd9e6b16 2700 char *cn_v[] = {NULL, NULL};
2701 char *contact_v[] = {NULL, NULL};
2702 char *objectClass_v[] = {"top", "person",
2703 "organizationalPerson",
2704 "contact", NULL};
2705 char *name_v[] = {NULL, NULL};
2706 char *desc_v[] = {NULL, NULL};
2707 int n;
2708 int rc;
2709 int i;
2710
2711 if (!check_string(user))
78af4e6e 2712 {
4a6e2ee4 2713 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
89db421e 2714 return(AD_INVALID_NAME);
78af4e6e 2715 }
cd9e6b16 2716 strcpy(contact_name, user);
2717 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2718 cn_v[0] = cn_user_name;
2719 contact_v[0] = contact_name;
2720 name_v[0] = user;
2721 desc_v[0] = "Auto account created by Moira";
f78c7eaf 2722 email_v[0] = user;
cd9e6b16 2723
2724 strcpy(new_dn, cn_user_name);
2725 n = 0;
2726 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2727 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2728 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2729 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2730 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
f78c7eaf 2731 if (!strcmp(group_ou, contact_ou))
2732 {
2733 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2734 }
cd9e6b16 2735 mods[n] = NULL;
2736
2737 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2738 for (i = 0; i < n; i++)
2739 free(mods[i]);
f78c7eaf 2740 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2741 {
2742 n = 0;
2743 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2744 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2745 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2746 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2747 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2748 mods[n] = NULL;
2749 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2750 for (i = 0; i < n; i++)
2751 free(mods[i]);
2752 }
cd9e6b16 2753 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
78af4e6e 2754 {
4a6e2ee4 2755 com_err(whoami, 0, "Unable to create contact %s : %s",
f75f605a 2756 user, ldap_err2string(rc));
89db421e 2757 return(rc);
78af4e6e 2758 }
2759 return(0);
2760}
2761
f75f605a 2762int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
3abb4456 2763 char *Uid, char *MitId, char *MoiraId, int State,
2764 char *WinHomeDir, char *WinProfileDir)
78af4e6e 2765{
2766 LDAPMod *mods[20];
2767 LK_ENTRY *group_base;
2768 int group_count;
3abb4456 2769 char distinguished_name[512];
89db421e 2770 char *mitMoiraId_v[] = {NULL, NULL};
78af4e6e 2771 char *uid_v[] = {NULL, NULL};
2772 char *mitid_v[] = {NULL, NULL};
f78c7eaf 2773 char *homedir_v[] = {NULL, NULL};
2774 char *winProfile_v[] = {NULL, NULL};
2775 char *drives_v[] = {NULL, NULL};
89db421e 2776 char *userAccountControl_v[] = {NULL, NULL};
2777 char userAccountControlStr[80];
78af4e6e 2778 int n;
2779 int rc;
2780 int i;
3abb4456 2781 int OldUseSFU30;
89db421e 2782 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2783 char filter[128];
78af4e6e 2784 char *attr_array[3];
c0bd7667 2785 char temp[256];
78af4e6e 2786
f75f605a 2787 if (!check_string(user_name))
78af4e6e 2788 {
4a6e2ee4 2789 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
89db421e 2790 return(AD_INVALID_NAME);
78af4e6e 2791 }
2792
78af4e6e 2793 group_count = 0;
2794 group_base = NULL;
89db421e 2795
2796 if (strlen(MoiraId) != 0)
78af4e6e 2797 {
c0bd7667 2798 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
89db421e 2799 attr_array[0] = "cn";
2800 attr_array[1] = NULL;
2801 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 2802 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 2803 {
4a6e2ee4 2804 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 2805 user_name, ldap_err2string(rc));
2806 return(rc);
2807 }
2808 }
c0bd7667 2809 if (group_count != 1)
89db421e 2810 {
c0bd7667 2811 linklist_free(group_base);
2812 group_base = NULL;
2813 group_count = 0;
89db421e 2814 sprintf(filter, "(sAMAccountName=%s)", user_name);
2815 attr_array[0] = "cn";
2816 attr_array[1] = NULL;
c0bd7667 2817 sprintf(temp, "%s,%s", user_ou, dn_path);
2818 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
d7051053 2819 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 2820 {
4a6e2ee4 2821 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 2822 user_name, ldap_err2string(rc));
2823 return(rc);
2824 }
78af4e6e 2825 }
2826
2827 if (group_count != 1)
2828 {
4a6e2ee4 2829 com_err(whoami, 0, "Unable to find user %s in AD",
f75f605a 2830 user_name);
2831 linklist_free(group_base);
89db421e 2832 return(AD_NO_USER_FOUND);
78af4e6e 2833 }
2834 strcpy(distinguished_name, group_base->dn);
2835
f75f605a 2836 linklist_free(group_base);
2837 group_count = 0;
4a6e2ee4 2838
7dc865bd 2839 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
2840 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
2841 else
2842 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
4a6e2ee4 2843 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
2844 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
2845
78af4e6e 2846 n = 0;
50b4a32b 2847 uid_v[0] = Uid;
3abb4456 2848 if (!UseSFU30)
2849 {
2850 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2851 }
2852 else
2853 {
2854 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
2855 }
4a6e2ee4 2856
2857
89db421e 2858 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2859 userAccountControl |= UF_ACCOUNTDISABLE;
2860 sprintf(userAccountControlStr, "%ld", userAccountControl);
2861 userAccountControl_v[0] = userAccountControlStr;
2862 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3abb4456 2863
2864 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
2865 WinProfileDir, homedir_v, winProfile_v,
2866 drives_v, mods, LDAP_MOD_REPLACE, n);
2867
78af4e6e 2868 mods[n] = NULL;
89db421e 2869 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
78af4e6e 2870 {
3abb4456 2871 OldUseSFU30 = UseSFU30;
2872 SwitchSFU(mods, &UseSFU30, n);
2873 if (OldUseSFU30 != UseSFU30)
2874 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2875 if (rc)
f78c7eaf 2876 {
4a6e2ee4 2877 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3abb4456 2878 user_name, ldap_err2string(rc));
f78c7eaf 2879 }
2880 }
3abb4456 2881 for (i = 0; i < n; i++)
2882 free(mods[i]);
f75f605a 2883 return(rc);
cd9e6b16 2884}
2885
f75f605a 2886int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
89db421e 2887 char *user_name)
9db0b148 2888{
2889 LDAPMod *mods[20];
2890 char new_dn[256];
2891 char old_dn[256];
9db0b148 2892 char upn[256];
2893 char temp[128];
2894 char *userPrincipalName_v[] = {NULL, NULL};
2895 char *altSecurityIdentities_v[] = {NULL, NULL};
2896 char *name_v[] = {NULL, NULL};
78af4e6e 2897 char *samAccountName_v[] = {NULL, NULL};
9db0b148 2898 int n;
2899 int rc;
2900 int i;
9db0b148 2901
f75f605a 2902 if (!check_string(before_user_name))
78af4e6e 2903 {
4a6e2ee4 2904 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
89db421e 2905 return(AD_INVALID_NAME);
78af4e6e 2906 }
f75f605a 2907 if (!check_string(user_name))
78af4e6e 2908 {
4a6e2ee4 2909 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
89db421e 2910 return(AD_INVALID_NAME);
78af4e6e 2911 }
9db0b148 2912
f75f605a 2913 strcpy(user_name, user_name);
2914 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
9db0b148 2915 sprintf(new_dn, "cn=%s", user_name);
f75f605a 2916 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
9db0b148 2917 NULL, NULL)) != LDAP_SUCCESS)
2918 {
4a6e2ee4 2919 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
89db421e 2920 before_user_name, user_name, ldap_err2string(rc));
f75f605a 2921 return(rc);
9db0b148 2922 }
2923
2924 name_v[0] = user_name;
2925 sprintf(upn, "%s@%s", user_name, ldap_domain);
2926 userPrincipalName_v[0] = upn;
2927 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2928 altSecurityIdentities_v[0] = temp;
78af4e6e 2929 samAccountName_v[0] = user_name;
9db0b148 2930
2931 n = 0;
2932 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2933 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2934 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
78af4e6e 2935 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
9db0b148 2936 mods[n] = NULL;
f75f605a 2937 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2938 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
9db0b148 2939 {
4a6e2ee4 2940 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
f75f605a 2941 user_name, ldap_err2string(rc));
9db0b148 2942 }
2943 for (i = 0; i < n; i++)
2944 free(mods[i]);
f75f605a 2945 return(rc);
9db0b148 2946}
2947
cd9e6b16 2948int user_create(int ac, char **av, void *ptr)
2949{
5b8457c5 2950 LK_ENTRY *group_base;
cd9e6b16 2951 LDAPMod *mods[20];
2952 char new_dn[256];
2953 char user_name[256];
9db0b148 2954 char sam_name[256];
5b8457c5 2955 char upn[256];
cd9e6b16 2956 char *cn_v[] = {NULL, NULL};
2957 char *objectClass_v[] = {"top", "person",
2958 "organizationalPerson",
2959 "user", NULL};
2960
2961 char *samAccountName_v[] = {NULL, NULL};
2962 char *altSecurityIdentities_v[] = {NULL, NULL};
89db421e 2963 char *mitMoiraId_v[] = {NULL, NULL};
cd9e6b16 2964 char *name_v[] = {NULL, NULL};
2965 char *desc_v[] = {NULL, NULL};
cd9e6b16 2966 char *userPrincipalName_v[] = {NULL, NULL};
2967 char *userAccountControl_v[] = {NULL, NULL};
78af4e6e 2968 char *uid_v[] = {NULL, NULL};
2969 char *mitid_v[] = {NULL, NULL};
3abb4456 2970 char *homedir_v[] = {NULL, NULL};
2971 char *winProfile_v[] = {NULL, NULL};
2972 char *drives_v[] = {NULL, NULL};
cd9e6b16 2973 char userAccountControlStr[80];
2974 char temp[128];
2975 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2976 int n;
2977 int rc;
2978 int i;
5b8457c5 2979 int group_count;
3abb4456 2980 int OldUseSFU30;
89db421e 2981 char filter[128];
cd9e6b16 2982 char *attr_array[3];
2983 char **call_args;
3abb4456 2984 char WinHomeDir[1024];
2985 char WinProfileDir[1024];
cd9e6b16 2986
2987 call_args = ptr;
2988
78af4e6e 2989 if (!check_string(av[U_NAME]))
2990 {
89db421e 2991 callback_rc = AD_INVALID_NAME;
4a6e2ee4 2992 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
89db421e 2993 return(AD_INVALID_NAME);
78af4e6e 2994 }
9db0b148 2995
3abb4456 2996 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
2997 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
2998 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
2999 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
cd9e6b16 3000 strcpy(user_name, av[U_NAME]);
3001 sprintf(upn, "%s@%s", user_name, ldap_domain);
78af4e6e 3002 sprintf(sam_name, "%s", av[U_NAME]);
9db0b148 3003 samAccountName_v[0] = sam_name;
89db421e 3004 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
cd9e6b16 3005 userAccountControl |= UF_ACCOUNTDISABLE;
3006 sprintf(userAccountControlStr, "%ld", userAccountControl);
3007 userAccountControl_v[0] = userAccountControlStr;
3008 userPrincipalName_v[0] = upn;
3009
3010 cn_v[0] = user_name;
3011 name_v[0] = user_name;
3012 desc_v[0] = "Auto account created by Moira";
3013 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3014 altSecurityIdentities_v[0] = temp;
3015 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3016
3017 n = 0;
3018 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3019 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3020 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3021 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3022 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3023 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3024 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3025 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3abb4456 3026 if (strlen(call_args[2]) != 0)
89db421e 3027 {
3028 mitMoiraId_v[0] = call_args[2];
3029 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3030 }
cd9e6b16 3031 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
78af4e6e 3032 if (strlen(av[U_UID]) != 0)
3033 {
3034 uid_v[0] = av[U_UID];
3035 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3abb4456 3036 if (!UseSFU30)
3037 {
3038 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3039 }
3040 else
3041 {
3042 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3043 }
78af4e6e 3044 }
7dc865bd 3045 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
78af4e6e 3046 mitid_v[0] = av[U_MITID];
3047 else
3048 mitid_v[0] = "none";
3049 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3abb4456 3050
3051 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3052 WinProfileDir, homedir_v, winProfile_v,
3053 drives_v, mods, LDAP_MOD_ADD, n);
3054
cd9e6b16 3055 mods[n] = NULL;
3056
3057 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3abb4456 3058 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3059 {
3060 OldUseSFU30 = UseSFU30;
3061 SwitchSFU(mods, &UseSFU30, n);
3062 if (OldUseSFU30 != UseSFU30)
3063 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3064 }
3065
78af4e6e 3066 for (i = 0; i < n; i++)
3067 free(mods[i]);
5b8457c5 3068 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3069 {
4a6e2ee4 3070 com_err(whoami, 0, "Unable to create user %s : %s",
5b8457c5 3071 user_name, ldap_err2string(rc));
3072 callback_rc = rc;
3073 return(rc);
3074 }
cd9e6b16 3075 if (rc == LDAP_SUCCESS)
3076 {
f78c7eaf 3077 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
cd9e6b16 3078 {
26503e15 3079 ad_kdc_disconnect();
3080 tickets_get_k5();
3081 if (!ad_server_connect(default_server, ldap_domain))
3082 {
3083 com_err(whoami, 0, "Unable to set password for user %s : %s",
3084 user_name, "cannot get changepw ticket from windows domain");
3085 }
3086 else
3087 {
3088 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3089 {
3090 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3091 user_name, rc);
3092 }
3093 }
cd9e6b16 3094 }
3095 }
89db421e 3096 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3097 if (strlen(call_args[2]) != 0)
c0bd7667 3098 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
cd9e6b16 3099 attr_array[0] = "objectSid";
3100 attr_array[1] = NULL;
5b8457c5 3101 group_count = 0;
3102 group_base = NULL;
89db421e 3103 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
d7051053 3104 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
cd9e6b16 3105 {
3e586ecf 3106 if (group_count != 1)
3107 {
3108 if (strlen(call_args[2]) != 0)
3109 {
3110 linklist_free(group_base);
3111 group_count = 0;
3112 group_base = NULL;
3113 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3114 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
d7051053 3115 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3e586ecf 3116 }
3117 }
5b8457c5 3118 if (group_count == 1)
cd9e6b16 3119 {
5b8457c5 3120 (*sid_ptr) = group_base;
3e586ecf 3121 (*sid_ptr)->member = strdup(av[U_NAME]);
5b8457c5 3122 (*sid_ptr)->type = (char *)GROUPS;
cd9e6b16 3123 sid_ptr = &(*sid_ptr)->next;
3124 }
5b8457c5 3125 else
3126 {
3127 if (group_base != NULL)
3128 linklist_free(group_base);
3129 }
3130 }
3131 else
3132 {
3133 if (group_base != NULL)
3134 linklist_free(group_base);
cd9e6b16 3135 }
78af4e6e 3136 return(0);
cd9e6b16 3137}
3138
89db421e 3139int user_change_status(LDAP *ldap_handle, char *dn_path,
3140 char *user_name, char *MoiraId,
3141 int operation)
cd9e6b16 3142{
89db421e 3143 char filter[128];
cd9e6b16 3144 char *attr_array[3];
3145 char temp[256];
3146 char distinguished_name[1024];
cd9e6b16 3147 char **modvalues;
89db421e 3148 char *mitMoiraId_v[] = {NULL, NULL};
cd9e6b16 3149 LDAPMod *mods[20];
3150 LK_ENTRY *group_base;
3151 int group_count;
3152 int rc;
3153 int i;
3154 int n;
3155 ULONG ulongValue;
3156
f75f605a 3157 if (!check_string(user_name))
78af4e6e 3158 {
4a6e2ee4 3159 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
89db421e 3160 return(AD_INVALID_NAME);
78af4e6e 3161 }
f75f605a 3162
cd9e6b16 3163 group_count = 0;
3164 group_base = NULL;
89db421e 3165
3166 if (strlen(MoiraId) != 0)
cd9e6b16 3167 {
c0bd7667 3168 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
89db421e 3169 attr_array[0] = "UserAccountControl";
3170 attr_array[1] = NULL;
3171 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3172 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3173 {
4a6e2ee4 3174 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 3175 user_name, ldap_err2string(rc));
3176 return(rc);
3177 }
3178 }
c0bd7667 3179 if (group_count != 1)
89db421e 3180 {
c0bd7667 3181 linklist_free(group_base);
3182 group_count = 0;
3183 group_base = NULL;
89db421e 3184 sprintf(filter, "(sAMAccountName=%s)", user_name);
3185 attr_array[0] = "UserAccountControl";
3186 attr_array[1] = NULL;
3187 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3188 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3189 {
4a6e2ee4 3190 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 3191 user_name, ldap_err2string(rc));
3192 return(rc);
3193 }
cd9e6b16 3194 }
3195
78af4e6e 3196 if (group_count != 1)
cd9e6b16 3197 {
f75f605a 3198 linklist_free(group_base);
4a6e2ee4 3199 com_err(whoami, 0, "Unable to find user %s in AD",
f75f605a 3200 user_name);
3201 return(LDAP_NO_SUCH_OBJECT);
cd9e6b16 3202 }
3203
3204 strcpy(distinguished_name, group_base->dn);
3205 ulongValue = atoi((*group_base).value);
3206 if (operation == MEMBER_DEACTIVATE)
3207 ulongValue |= UF_ACCOUNTDISABLE;
3208 else
3209 ulongValue &= ~UF_ACCOUNTDISABLE;
3210 sprintf(temp, "%ld", ulongValue);
3211 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3212 temp, &modvalues, REPLACE)) == 1)
f75f605a 3213 goto cleanup;
cd9e6b16 3214 linklist_free(group_base);
3215 group_base = NULL;
3216 group_count = 0;
3217 n = 0;
3218 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
89db421e 3219 if (strlen(MoiraId) != 0)
3220 {
3221 mitMoiraId_v[0] = MoiraId;
3222 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3223 }
cd9e6b16 3224 mods[n] = NULL;
f75f605a 3225 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
cd9e6b16 3226 for (i = 0; i < n; i++)
3227 free(mods[i]);
3228 free_values(modvalues);
3229 if (rc != LDAP_SUCCESS)
3230 {
4a6e2ee4 3231 com_err(whoami, 0, "Unable to change status of user %s : %s",
f75f605a 3232 user_name, ldap_err2string(rc));
cd9e6b16 3233 }
3234cleanup:
f75f605a 3235 return(rc);
cd9e6b16 3236}
3237
89db421e 3238int user_delete(LDAP *ldap_handle, char *dn_path,
3239 char *u_name, char *MoiraId)
cd9e6b16 3240{
89db421e 3241 char filter[128];
cd9e6b16 3242 char *attr_array[3];
3243 char distinguished_name[1024];
3244 char user_name[512];
3245 LK_ENTRY *group_base;
3246 int group_count;
3247 int rc;
3248
3249 if (!check_string(u_name))
89db421e 3250 return(AD_INVALID_NAME);
3251
cd9e6b16 3252 strcpy(user_name, u_name);
3253 group_count = 0;
3254 group_base = NULL;
89db421e 3255
3256 if (strlen(MoiraId) != 0)
cd9e6b16 3257 {
c0bd7667 3258 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
89db421e 3259 attr_array[0] = "name";
3260 attr_array[1] = NULL;
3261 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3262 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3263 {
4a6e2ee4 3264 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 3265 user_name, ldap_err2string(rc));
3266 goto cleanup;
3267 }
3268 }
c0bd7667 3269 if (group_count != 1)
89db421e 3270 {
c0bd7667 3271 linklist_free(group_base);
3272 group_count = 0;
3273 group_base = NULL;
89db421e 3274 sprintf(filter, "(sAMAccountName=%s)", user_name);
3275 attr_array[0] = "name";
3276 attr_array[1] = NULL;
3277 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3278 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3279 {
4a6e2ee4 3280 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 3281 user_name, ldap_err2string(rc));
3282 goto cleanup;
3283 }
cd9e6b16 3284 }
3285
78af4e6e 3286 if (group_count != 1)
cd9e6b16 3287 {
4a6e2ee4 3288 com_err(whoami, 0, "Unable to find user %s in AD",
f75f605a 3289 user_name);
cd9e6b16 3290 goto cleanup;
3291 }
3292
3293 strcpy(distinguished_name, group_base->dn);
3294 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3295 {
4a6e2ee4 3296 com_err(whoami, 0, "Unable to process user %s : %s",
f75f605a 3297 user_name, ldap_err2string(rc));
cd9e6b16 3298 }
3299
3300cleanup:
3301 linklist_free(group_base);
78af4e6e 3302 return(0);
cd9e6b16 3303}
3304
3305void linklist_free(LK_ENTRY *linklist_base)
3306{
3307 LK_ENTRY *linklist_previous;
3308
3309 while (linklist_base != NULL)
3310 {
3311 if (linklist_base->dn != NULL)
3312 free(linklist_base->dn);
3313 if (linklist_base->attribute != NULL)
3314 free(linklist_base->attribute);
3315 if (linklist_base->value != NULL)
3316 free(linklist_base->value);
3317 if (linklist_base->member != NULL)
3318 free(linklist_base->member);
3319 if (linklist_base->type != NULL)
3320 free(linklist_base->type);
3321 if (linklist_base->list != NULL)
3322 free(linklist_base->list);
3323 linklist_previous = linklist_base;
3324 linklist_base = linklist_previous->next;
3325 free(linklist_previous);
3326 }
3327}
3328
3329void free_values(char **modvalues)
3330{
3331 int i;
3332
3333 i = 0;
3334 if (modvalues != NULL)
3335 {
3336 while (modvalues[i] != NULL)
3337 {
3338 free(modvalues[i]);
3339 modvalues[i] = NULL;
3340 ++i;
3341 }
3342 free(modvalues);
3343 }
3344}
3345
3346int sid_update(LDAP *ldap_handle, char *dn_path)
3347{
3348 LK_ENTRY *ptr;
3349 int rc;
3350 unsigned char temp[126];
3351 char *av[3];
3352
3353 ptr = sid_base;
3354
3355 while (ptr != NULL)
3356 {
3357 memset(temp, 0, sizeof(temp));
3358 convert_b_to_a(temp, ptr->value, ptr->length);
5b8457c5 3359 if (!ptr->member)
3360 continue;
cd9e6b16 3361 av[0] = ptr->member;
3362 av[1] = temp;
3363 if (ptr->type == (char *)GROUPS)
3364 {
3365 ptr->type = NULL;
3366 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3367 }
3368 else if (ptr->type == (char *)USERS)
3369 {
3370 ptr->type = NULL;
3371 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3372 }
3373 ptr = ptr->next;
3374 }
3375 return(0);
3376}
3377
3378void convert_b_to_a(char *string, UCHAR *binary, int length)
3379{
3380 int i;
3381 int j;
3382 UCHAR tmp;
3383
3384 j = 0;
3385 for (i = 0; i < length; i++)
3386 {
3387 tmp = binary[i];
3388 string[j] = tmp;
3389 string[j] >>= 4;
3390 string[j] &= 0x0f;
3391 string[j] += 0x30;
3392 if (string[j] > '9')
3393 string[j] += 0x27;
3394 ++j;
3395 string[j] = tmp & 0x0f;
3396 string[j] += 0x30;
3397 if (string[j] > '9')
3398 string[j] += 0x27;
3399 j++;
3400 }
3401 string[j] = 0;
3402}
3403
3404static int illegalchars[] = {
3405 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3406 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3407 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3408 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
f75f605a 3409 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
cd9e6b16 3410 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3411 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3412 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3413 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3414 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3415 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3416 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3417 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3418 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3419 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3420 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3421};
3422
3423int check_string(char *s)
3424{
78af4e6e 3425 char character;
3426
cd9e6b16 3427 for (; *s; s++)
3428 {
78af4e6e 3429 character = *s;
3430 if (isupper(character))
3431 character = tolower(character);
3432 if (illegalchars[(unsigned) character])
cd9e6b16 3433 return 0;
3434 }
3435 return 1;
3436}
3437
bb52f279 3438int check_container_name(char *s)
3439{
3440 char character;
3441
3442 for (; *s; s++)
3443 {
3444 character = *s;
3445 if (isupper(character))
3446 character = tolower(character);
3447
3448 if (character == ' ')
3449 continue;
3450 if (illegalchars[(unsigned) character])
3451 return 0;
3452 }
3453 return 1;
3454}
3455
cd9e6b16 3456int mr_connect_cl(char *server, char *client, int version, int auth)
3457{
984c91b7 3458 int status;
3459 char *motd;
3460 char temp[128];
cd9e6b16 3461
3462 status = mr_connect(server);
3463 if (status)
3464 {
3465 com_err(whoami, status, "while connecting to Moira");
aea5154c 3466 return status;
cd9e6b16 3467 }
3468
3469 status = mr_motd(&motd);
3470 if (status)
3471 {
3472 mr_disconnect();
3473 com_err(whoami, status, "while checking server status");
aea5154c 3474 return status;
cd9e6b16 3475 }
3476 if (motd)
3477 {
984c91b7 3478 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3479 com_err(whoami, status, temp);
cd9e6b16 3480 mr_disconnect();
aea5154c 3481 return status;
cd9e6b16 3482 }
3483
3484 status = mr_version(version);
3485 if (status)
3486 {
3487 if (status == MR_UNKNOWN_PROC)
f78c7eaf 3488 {
3489 if (version > 2)
3490 status = MR_VERSION_HIGH;
3491 else
3492 status = MR_SUCCESS;
3493 }
cd9e6b16 3494
3495 if (status == MR_VERSION_HIGH)
f78c7eaf 3496 {
3497 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3498 com_err(whoami, 0, "Some operations may not work.");
3499 }
cd9e6b16 3500 else if (status && status != MR_VERSION_LOW)
f78c7eaf 3501 {
3502 com_err(whoami, status, "while setting query version number.");
3503 mr_disconnect();
aea5154c 3504 return status;
f78c7eaf 3505 }
cd9e6b16 3506 }
3507
3508 if (auth)
3509 {
3510 status = mr_auth(client);
3511 if (status)
f78c7eaf 3512 {
3513 com_err(whoami, status, "while authenticating to Moira.");
3514 mr_disconnect();
aea5154c 3515 return status;
f78c7eaf 3516 }
cd9e6b16 3517 }
3518
aea5154c 3519 return MR_SUCCESS;
cd9e6b16 3520}
3521
f78c7eaf 3522void AfsToWinAfs(char* path, char* winPath)
3523{
3524 char* pathPtr;
3525 char* winPathPtr;
3526 strcpy(winPath, WINAFS);
3527 pathPtr = path + strlen(AFS);
3528 winPathPtr = winPath + strlen(WINAFS);
3529
3530 while (*pathPtr)
3531 {
3532 if (*pathPtr == '/')
3533 *winPathPtr = '\\';
3534 else
3535 *winPathPtr = *pathPtr;
3536
3537 pathPtr++;
3538 winPathPtr++;
3539 }
3540}
89db421e 3541
909e0dc3 3542int GetAceInfo(int ac, char **av, void *ptr)
3543{
3544 char **call_args;
3545 int security_flag;
3546
3547 call_args = ptr;
3548
3549 strcpy(call_args[0], av[L_ACE_TYPE]);
3550 strcpy(call_args[1], av[L_ACE_NAME]);
3551 security_flag = 0;
3552 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3553 return(LDAP_SUCCESS);
3554
3555}
3556
bbef4f93 3557int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
909e0dc3 3558{
3559 char filter[128];
3560 char *attr_array[3];
3561 int group_count;
3562 int rc;
3563 LK_ENTRY *group_base;
3564
3565 group_count = 0;
3566 group_base = NULL;
3567
3568 sprintf(filter, "(sAMAccountName=%s)", Name);
3569 attr_array[0] = "sAMAccountName";
3570 attr_array[1] = NULL;
3571 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3572 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
909e0dc3 3573 {
4a6e2ee4 3574 com_err(whoami, 0, "Unable to process ACE name %s : %s",
909e0dc3 3575 Name, ldap_err2string(rc));
3576 return(1);
3577 }
3578
3579 linklist_free(group_base);
3580 group_base = NULL;
3581 if (group_count == 0)
3582 return(0);
3583 return(1);
3584}
3585
3586#define MAX_ACE 7
3587
3588int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3589{
3590 char *av[2];
3591 char GroupName[256];
3592 char *call_args[7];
3593 int rc;
3594 char *AceInfo[4];
3595 char AceType[32];
3596 char AceName[128];
3597 char AceMembership[2];
3598 char AceOu[256];
3599 char temp[128];
3600
3601 strcpy(GroupName, Name);
3602
3603 if (strcasecmp(Type, "LIST"))
3604 return(1);
3605 while (1)
3606 {
3607 av[0] = GroupName;
3608 AceInfo[0] = AceType;
3609 AceInfo[1] = AceName;
3610 AceInfo[2] = AceMembership;
3611 AceInfo[3] = AceOu;
3612 memset(AceType, '\0', sizeof(AceType));
3613 memset(AceName, '\0', sizeof(AceName));
3614 memset(AceMembership, '\0', sizeof(AceMembership));
3615 memset(AceOu, '\0', sizeof(AceOu));
3616 callback_rc = 0;
3617 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3618 {
4a6e2ee4 3619 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
909e0dc3 3620 return(1);
3621 }
3622 if (callback_rc)
3623 {
4a6e2ee4 3624 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
909e0dc3 3625 return(1);
3626 }
3627 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3628 return(0);
3629 strcpy(temp, AceName);
3630 if (!strcasecmp(AceType, "LIST"))
3631 sprintf(temp, "%s_group", AceName);
3632 if (!UpdateGroup)
3633 {
bbef4f93 3634 if (checkADname(ldap_handle, dn_path, temp))
909e0dc3 3635 return(0);
3636 (*ProcessGroup) = 1;
3637 }
3638 if (!strcasecmp(AceInfo[0], "LIST"))
3639 {
3640 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3641 return(1);
3642 }
3643 else if (!strcasecmp(AceInfo[0], "USER"))
3644 {
3645 av[0] = AceName;
3646 call_args[0] = (char *)ldap_handle;
3647 call_args[1] = dn_path;
3648 call_args[2] = "";
3649 call_args[3] = NULL;
3650 sid_base = NULL;
3651 sid_ptr = &sid_base;
3652 callback_rc = 0;
3653 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3654 {
4a6e2ee4 3655 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
909e0dc3 3656 return(1);
3657 }
3658 if (callback_rc)
3659 {
4a6e2ee4 3660 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
909e0dc3 3661 return(1);
3662 }
3663 if (sid_base != NULL)
3664 {
3665 sid_update(ldap_handle, dn_path);
3666 linklist_free(sid_base);
3667 sid_base = NULL;
3668 }
3669 return(0);
3670 }
3671 else
3672 return(1);
3673 if (!strcasecmp(AceType, "LIST"))
3674 {
3675 if (!strcasecmp(GroupName, AceName))
3676 return(0);
3677 }
3678 strcpy(GroupName, AceName);
3679 }
3680 return(1);
3681}
3682
89db421e 3683int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3684 char *group_name, char *group_ou, char *group_membership,
3685 int group_security_flag, int updateGroup)
3686{
3687 char *av[3];
3688 char *call_args[7];
3689 int rc;
3690
3691 av[0] = group_name;
3692 call_args[0] = (char *)ldap_handle;
3693 call_args[1] = dn_path;
3694 call_args[2] = group_name;
3695 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3696 call_args[4] = (char *)updateGroup;
3697 call_args[5] = MoiraId;
3698 call_args[6] = NULL;
3699 sid_base = NULL;
3700 sid_ptr = &sid_base;
3701 callback_rc = 0;
3702 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3703 {
3704 moira_disconnect();
4a6e2ee4 3705 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
89db421e 3706 return(rc);
3707 }
3708 if (callback_rc)
3709 {
3710 moira_disconnect();
4a6e2ee4 3711 com_err(whoami, 0, "Unable to create list %s", group_name);
89db421e 3712 return(callback_rc);
3713 }
3714
3715 if (sid_base != NULL)
3716 {
3717 sid_update(ldap_handle, dn_path);
3718 linklist_free(sid_base);
3719 sid_base = NULL;
3720 }
3721 return(0);
3722}
3723
3724int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3725 char *group_ou, char *group_membership,
3726 int group_security_flag, char *MoiraId)
3727{
3728 char *av[3];
3729 char *call_args[7];
3730 char *pUserOu;
3731 LK_ENTRY *ptr;
3732 int rc;
3733
3734 com_err(whoami, 0, "Populating group %s", group_name);
3735 av[0] = group_name;
3736 call_args[0] = (char *)ldap_handle;
3737 call_args[1] = dn_path;
3738 call_args[2] = group_name;
3739 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3740 call_args[4] = NULL;
3741 member_base = NULL;
3742 if (rc = mr_query("get_end_members_of_list", 1, av,
3743 member_list_build, call_args))
3744 {
4a6e2ee4 3745 com_err(whoami, 0, "Unable to populate list %s : %s",
89db421e 3746 group_name, error_message(rc));
3747 return(3);
3748 }
3749 if (member_base != NULL)
3750 {
3751 ptr = member_base;
3752 while (ptr != NULL)
3753 {
3754 if (!strcasecmp(ptr->type, "LIST"))
3755 {
3756 ptr = ptr->next;
3757 continue;
3758 }
3759 pUserOu = user_ou;
3760 if (!strcasecmp(ptr->type, "STRING"))
3761 {
3762 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3763 return(3);
3764 pUserOu = contact_ou;
3765 }
3766 else if (!strcasecmp(ptr->type, "KERBEROS"))
3767 {
3768 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3769 return(3);
3770 pUserOu = kerberos_ou;
3771 }
3772 rc = member_add(ldap_handle, dn_path, group_name,
3773 group_ou, group_membership, ptr->member,
3774 pUserOu, MoiraId);
3775 ptr = ptr->next;
3776 }
3777 linklist_free(member_base);
3778 member_base = NULL;
3779 }
3780 return(0);
3781}
3782
3783int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3784 char *group_name, char *group_ou, char *group_membership,
3785 int group_security_flag, int type)
3786{
3787 char before_desc[512];
3788 char before_name[256];
3789 char before_group_ou[256];
3790 char before_group_membership[2];
3791 char distinguishedName[256];
3792 char ad_distinguishedName[256];
3793 char filter[128];
3794 char *attr_array[3];
3795 int before_security_flag;
3796 int group_count;
3797 int rc;
3798 LK_ENTRY *group_base;
3799 LK_ENTRY *ptr;
3800 char ou_both[512];
3801 char ou_security[512];
3802 char ou_distribution[512];
3803 char ou_neither[512];
3804
3805 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3806 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3807
3808
3809 memset(filter, '\0', sizeof(filter));
3810 group_base = NULL;
3811 group_count = 0;
3812 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3813 "*", MoiraId,
3814 "distinguishedName", &group_base,
3815 &group_count, filter))
3816 return(rc);
3817
3818 if (type == CHECK_GROUPS)
3819 {
3820 if (group_count == 1)
3821 {
3822 if (!strcasecmp(group_base->value, distinguishedName))
3823 {
3824 linklist_free(group_base);
3825 return(0);
3826 }
3827 }
3828 linklist_free(group_base);
3829 if (group_count == 0)
3830 return(AD_NO_GROUPS_FOUND);
3831 if (group_count == 1)
3832 return(AD_WRONG_GROUP_DN_FOUND);
3833 return(AD_MULTIPLE_GROUPS_FOUND);
3834 }
3835 if (group_count == 0)
3836 {
3837 return(AD_NO_GROUPS_FOUND);
3838 }
3839 if (group_count > 1)
3840 {
3841 ptr = group_base;
3842 while (ptr != NULL)
3843 {
3844 if (!strcasecmp(distinguishedName, ptr->value))
3845 break;
3846 ptr = ptr->next;
3847 }
3848 if (ptr == NULL)
3849 {
3850 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3851 ptr = group_base;
3852 while (ptr != NULL)
3853 {
3854 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3855 ptr = ptr->next;
3856 }
3857 linklist_free(group_base);
3858 return(AD_MULTIPLE_GROUPS_FOUND);
6c8f12af 3859 }
89db421e 3860 ptr = group_base;
3861 while (ptr != NULL)
3862 {
3863 if (strcasecmp(distinguishedName, ptr->value))
3864 rc = ldap_delete_s(ldap_handle, ptr->value);
3865 ptr = ptr->next;
3866 }
3867 linklist_free(group_base);
3868 memset(filter, '\0', sizeof(filter));
3869 group_base = NULL;
3870 group_count = 0;
3871 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3872 "*", MoiraId,
3873 "distinguishedName", &group_base,
3874 &group_count, filter))
3875 return(rc);
3876 if (group_count == 0)
3877 return(AD_NO_GROUPS_FOUND);
3878 if (group_count > 1)
3879 return(AD_MULTIPLE_GROUPS_FOUND);
3880 }
3881
3882 strcpy(ad_distinguishedName, group_base->value);
3883 linklist_free(group_base);
3884 group_base = NULL;
3885 group_count = 0;
3886
3887 attr_array[0] = "sAMAccountName";
3888 attr_array[1] = NULL;
3889 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3890 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3891 {
4a6e2ee4 3892 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
89db421e 3893 MoiraId, ldap_err2string(rc));
3894 return(rc);
3895 }
3896 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3897
3898 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3899 {
3900 linklist_free(group_base);
3901 group_base = NULL;
3902 group_count = 0;
3903 return(0);
3904 }
3905 linklist_free(group_base);
3906 group_base = NULL;
3907 group_count = 0;
3908 memset(ou_both, '\0', sizeof(ou_both));
3909 memset(ou_security, '\0', sizeof(ou_security));
3910 memset(ou_distribution, '\0', sizeof(ou_distribution));
3911 memset(ou_neither, '\0', sizeof(ou_neither));
3912 memset(before_name, '\0', sizeof(before_name));
3913 memset(before_desc, '\0', sizeof(before_desc));
3914 memset(before_group_membership, '\0', sizeof(before_group_membership));
3915 attr_array[0] = "name";
3916 attr_array[1] = NULL;
3917 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3918 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3919 {
4a6e2ee4 3920 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
89db421e 3921 MoiraId, ldap_err2string(rc));
3922 return(rc);
3923 }
3924 strcpy(before_name, group_base->value);
3925 linklist_free(group_base);
3926 group_base = NULL;
3927 group_count = 0;
3928 attr_array[0] = "description";
3929 attr_array[1] = NULL;
3930 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 3931 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 3932 {
3933 com_err(whoami, 0,
4a6e2ee4 3934 "Unable to get list description with MoiraId = %s: %s",
89db421e 3935 MoiraId, ldap_err2string(rc));
3936 return(rc);
3937 }
c0bd7667 3938 if (group_count != 0)
3939 {
3940 strcpy(before_desc, group_base->value);
3941 linklist_free(group_base);
3942 group_base = NULL;
3943 group_count = 0;
3944 }
89db421e 3945 change_to_lower_case(ad_distinguishedName);
3946 strcpy(ou_both, group_ou_both);
3947 change_to_lower_case(ou_both);
3948 strcpy(ou_security, group_ou_security);
3949 change_to_lower_case(ou_security);
3950 strcpy(ou_distribution, group_ou_distribution);
3951 change_to_lower_case(ou_distribution);
3952 strcpy(ou_neither, group_ou_neither);
3953 change_to_lower_case(ou_neither);
3954 if (strstr(ad_distinguishedName, ou_both))
3955 {
3956 strcpy(before_group_ou, group_ou_both);
3957 before_group_membership[0] = 'B';
3958 before_security_flag = 1;
3959 }
3960 else if (strstr(ad_distinguishedName, ou_security))
3961 {
3962 strcpy(before_group_ou, group_ou_security);
3963 before_group_membership[0] = 'S';
3964 before_security_flag = 1;
3965 }
3966 else if (strstr(ad_distinguishedName, ou_distribution))
3967 {
3968 strcpy(before_group_ou, group_ou_distribution);
3969 before_group_membership[0] = 'D';
3970 before_security_flag = 0;
3971 }
3972 else if (strstr(ad_distinguishedName, ou_neither))
3973 {
3974 strcpy(before_group_ou, group_ou_neither);
3975 before_group_membership[0] = 'N';
3976 before_security_flag = 0;
3977 }
3978 else
3979 return(AD_NO_OU_FOUND);
3980 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3981 before_group_ou, before_security_flag, before_desc,
3982 group_name, group_membership, group_ou, group_security_flag,
3983 before_desc, MoiraId, filter);
3984 return(rc);
3985}
3986
3987void change_to_lower_case(char *ptr)
3988{
3989 int i;
3990
3991 for (i = 0; i < (int)strlen(ptr); i++)
3992 {
3993 ptr[i] = tolower(ptr[i]);
3994 }
3995}
3996
3997int ad_get_group(LDAP *ldap_handle, char *dn_path,
3998 char *group_name, char *group_membership,
3999 char *MoiraId, char *attribute,
4000 LK_ENTRY **linklist_base, int *linklist_count,
4001 char *rFilter)
4002{
3e586ecf 4003 LK_ENTRY *pPtr;
c0bd7667 4004 char filter[128];
4005 char *attr_array[3];
89db421e 4006 int rc;
4007
4008 (*linklist_base) = NULL;
4009 (*linklist_count) = 0;
4010 if (strlen(rFilter) != 0)
4011 {
4012 strcpy(filter, rFilter);
4013 attr_array[0] = attribute;
4014 attr_array[1] = NULL;
4015 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4016 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 4017 {
4a6e2ee4 4018 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
89db421e 4019 MoiraId, ldap_err2string(rc));
4020 return(rc);
4021 }
4022 if ((*linklist_count) == 1)
4023 {
4024 strcpy(rFilter, filter);
4025 return(0);
4026 }
4027 }
4028
4029 linklist_free((*linklist_base));
4030 (*linklist_base) = NULL;
4031 (*linklist_count) = 0;
4032 if (strlen(MoiraId) != 0)
4033 {
c0bd7667 4034 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
89db421e 4035 attr_array[0] = attribute;
4036 attr_array[1] = NULL;
4037 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4038 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 4039 {
4a6e2ee4 4040 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
89db421e 4041 MoiraId, ldap_err2string(rc));
4042 return(rc);
4043 }
4044 }
3e586ecf 4045 if ((*linklist_count) > 1)
4046 {
4047 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4048 pPtr = (*linklist_base);
4049 while (pPtr)
4050 {
4051 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4052 pPtr = pPtr->next;
4053 }
4054 linklist_free((*linklist_base));
4055 (*linklist_base) = NULL;
4056 (*linklist_count) = 0;
4057 }
89db421e 4058 if ((*linklist_count) == 1)
4059 {
909e0dc3 4060 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4061 {
4062 strcpy(rFilter, filter);
4063 return(0);
4064 }
89db421e 4065 }
4066
4067 linklist_free((*linklist_base));
4068 (*linklist_base) = NULL;
4069 (*linklist_count) = 0;
4070 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4071 attr_array[0] = attribute;
4072 attr_array[1] = NULL;
4073 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4074 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 4075 {
4a6e2ee4 4076 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
89db421e 4077 MoiraId, ldap_err2string(rc));
4078 return(rc);
4079 }
4080 if ((*linklist_count) == 1)
4081 {
4082 strcpy(rFilter, filter);
4083 return(0);
4084 }
4085
89db421e 4086 return(0);
4087}
4088
4089int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4090{
4091 char filter[128];
4092 char *attr_array[3];
4093 char SamAccountName[64];
4094 int group_count;
4095 int rc;
4096 LK_ENTRY *group_base;
c0bd7667 4097 LK_ENTRY *gPtr;
89db421e 4098
4099 group_count = 0;
4100 group_base = NULL;
4101
4102 if (strlen(MoiraId) != 0)
4103 {
c0bd7667 4104 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
89db421e 4105 attr_array[0] = "sAMAccountName";
4106 attr_array[1] = NULL;
4107 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4108 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 4109 {
4a6e2ee4 4110 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 4111 UserName, ldap_err2string(rc));
4112 return(rc);
4113 }
c0bd7667 4114 if (group_count > 1)
4115 {
4116 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4117 MoiraId);
4118 gPtr = group_base;
4119 while (gPtr)
4120 {
4121 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4122 gPtr->value, MoiraId);
4123 gPtr = gPtr->next;
4124 }
4125 }
89db421e 4126 }
c0bd7667 4127 if (group_count != 1)
89db421e 4128 {
c0bd7667 4129 linklist_free(group_base);
4130 group_count = 0;
4131 group_base = NULL;
89db421e 4132 sprintf(filter, "(sAMAccountName=%s)", UserName);
4133 attr_array[0] = "sAMAccountName";
4134 attr_array[1] = NULL;
4135 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4136 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
89db421e 4137 {
4a6e2ee4 4138 com_err(whoami, 0, "Unable to process user %s : %s",
89db421e 4139 UserName, ldap_err2string(rc));
4140 return(rc);
4141 }
4142 }
4143
4144 if (group_count != 1)
4145 {
4146 linklist_free(group_base);
4147 return(AD_NO_USER_FOUND);
4148 }
4149 strcpy(SamAccountName, group_base->value);
4150 linklist_free(group_base);
4151 group_count = 0;
4152 rc = 0;
4153 if (strcmp(SamAccountName, UserName))
4154 {
4155 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4156 UserName);
4157 }
4158 return(0);
4159}
6c8f12af 4160
4161void container_get_dn(char *src, char *dest)
4162{
4163 char *sPtr;
4164 char *array[20];
4165 char name[256];
4166 int n;
4167
4168 memset(array, '\0', 20 * sizeof(array[0]));
4169
4170 if (strlen(src) == 0)
4171 return;
4172 strcpy(name, src);
4173 sPtr = name;
4174 n = 0;
4175 array[n] = name;
4176 ++n;
4177 while (*sPtr)
4178 {
4179 if ((*sPtr) == '/')
4180 {
4181 (*sPtr) = '\0';
4182 ++sPtr;
4183 array[n] = sPtr;
4184 ++n;
4185 }
4186 else
4187 ++sPtr;
4188 }
4189 strcpy(dest, "OU=");
4190 while (n != 0)
4191 {
4192 strcat(dest, array[n-1]);
4193 --n;
4194 if (n > 0)
4195 {
4196 strcat(dest, ",OU=");
4197 }
4198 }
4199 return;
4200}
4201
4202void container_get_name(char *src, char *dest)
4203{
4204 char *sPtr;
4205 char *dPtr;
4206
4207 if (strlen(src) == 0)
4208 return;
4209 sPtr = src;
4210 dPtr = src;
4211 while (*sPtr)
4212 {
4213 if ((*sPtr) == '/')
4214 {
4215 dPtr = sPtr;
4216 ++dPtr;
4217 }
4218 ++sPtr;
4219 }
4220 strcpy(dest, dPtr);
4221 return;
4222}
4223
4224void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4225{
4226 char cName[256];
4227 char *av[7];
4228 int i;
4229 int rc;
4230
4231 strcpy(cName, name);
4232 for (i = 0; i < (int)strlen(cName); i++)
4233 {
4234 if (cName[i] == '/')
4235 {
4236 cName[i] = '\0';
4237 av[CONTAINER_NAME] = cName;
4238 av[CONTAINER_DESC] = "";
4239 av[CONTAINER_LOCATION] = "";
4240 av[CONTAINER_CONTACT] = "";
4241 av[CONTAINER_TYPE] = "";
4242 av[CONTAINER_ID] = "";
4243 av[CONTAINER_ROWID] = "";
4244 rc = container_create(ldap_handle, dn_path, 7, av);
4245 if (rc == LDAP_SUCCESS)
4246 {
4247 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4248 }
4249 cName[i] = '/';
4250 }
4251 }
4252
4253}
4254
4255int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4256 int afterc, char **after)
4257{
4258 char dName[256];
4259 char cName[256];
4260 char new_cn[128];
4261 char new_dn_path[256];
4262 char temp[256];
4263 char distinguishedName[256];
4264 char *pPtr;
4265 int rc;
4266 int i;
4267
4268 memset(cName, '\0', sizeof(cName));
4269 container_get_name(after[CONTAINER_NAME], cName);
bb52f279 4270 if (!check_container_name(cName))
6c8f12af 4271 {
4a6e2ee4 4272 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
6c8f12af 4273 return(AD_INVALID_NAME);
4274 }
4275
4276 memset(distinguishedName, '\0', sizeof(distinguishedName));
4277 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4278 return(rc);
4279 if (strlen(distinguishedName) == 0)
4280 {
4281 rc = container_create(ldap_handle, dn_path, afterc, after);
4282 return(rc);
4283 }
4284
4285 strcpy(temp, after[CONTAINER_NAME]);
9cfe334f 4286 pPtr = temp;
6c8f12af 4287 for (i = 0; i < (int)strlen(temp); i++)
4288 {
4289 if (temp[i] == '/')
4290 {
4291 pPtr = &temp[i];
4292 }
4293 }
9cfe334f 4294 (*pPtr) = '\0';
6c8f12af 4295
4296 container_get_dn(temp, dName);
9cfe334f 4297 if (strlen(temp) != 0)
4298 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4299 else
4300 sprintf(new_dn_path, "%s", dn_path);
6c8f12af 4301 sprintf(new_cn, "OU=%s", cName);
4302
4303 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4304
4305 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4306 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4307 {
4a6e2ee4 4308 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6c8f12af 4309 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4310 return(rc);
4311 }
4312
4313 memset(dName, '\0', sizeof(dName));
4314 container_get_dn(after[CONTAINER_NAME], dName);
4315 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4316 return(rc);
4317}
4318
4319int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4320{
4321 char distinguishedName[256];
4322 int rc;
4323
4324 memset(distinguishedName, '\0', sizeof(distinguishedName));
4325 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4326 return(rc);
4327 if (strlen(distinguishedName) == 0)
4328 return(0);
4329 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4330 {
4331 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4332 container_move_objects(ldap_handle, dn_path, distinguishedName);
4333 else
4a6e2ee4 4334 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6c8f12af 4335 av[CONTAINER_NAME], ldap_err2string(rc));
4336 }
4337 return(rc);
4338}
bbef4f93 4339
6c8f12af 4340int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4341{
4342 char *attr_array[3];
4343 LK_ENTRY *group_base;
4344 int group_count;
4345 LDAPMod *mods[20];
4346 char *objectClass_v[] = {"top",
4347 "organizationalUnit",
4348 NULL};
4349
4350 char *ou_v[] = {NULL, NULL};
4351 char *name_v[] = {NULL, NULL};
4352 char *moiraId_v[] = {NULL, NULL};
4353 char *desc_v[] = {NULL, NULL};
4354 char *managedBy_v[] = {NULL, NULL};
4355 char dName[256];
4356 char cName[256];
4357 char managedByDN[256];
4358 char filter[256];
4359 char temp[256];
4360 int n;
4361 int i;
4362 int rc;
4363
4364 memset(filter, '\0', sizeof(filter));
4365 memset(dName, '\0', sizeof(dName));
4366 memset(cName, '\0', sizeof(cName));
4367 memset(managedByDN, '\0', sizeof(managedByDN));
4368 container_get_dn(av[CONTAINER_NAME], dName);
4369 container_get_name(av[CONTAINER_NAME], cName);
4370
4371 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4372 {
4a6e2ee4 4373 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
6c8f12af 4374 return(AD_INVALID_NAME);
4375 }
4376
bb52f279 4377 if (!check_container_name(cName))
6c8f12af 4378 {
4a6e2ee4 4379 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
6c8f12af 4380 return(AD_INVALID_NAME);
4381 }
4382
4383 n = 0;
4384 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4385 name_v[0] = cName;
4386 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4387 ou_v[0] = cName;
4388 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4389 if (strlen(av[CONTAINER_ROWID]) != 0)
4390 {
4391 moiraId_v[0] = av[CONTAINER_ROWID];
4392 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4393 }
4394 if (strlen(av[CONTAINER_DESC]) != 0)
4395 {
4396 desc_v[0] = av[CONTAINER_DESC];
4397 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4398 }
4399 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4400 {
0eae7c9b 4401 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4402 {
4403 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4404 {
4405 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4406 managedBy_v[0] = managedByDN;
4407 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4408 }
4409 }
4410 else
4411 {
4412 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6c8f12af 4413 {
0eae7c9b 4414 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
6c8f12af 4415 }
0eae7c9b 4416 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6c8f12af 4417 {
0eae7c9b 4418 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
6c8f12af 4419 }
0eae7c9b 4420 if (strlen(filter) != 0)
6c8f12af 4421 {
4422 attr_array[0] = "distinguishedName";
4423 attr_array[1] = NULL;
4424 group_count = 0;
4425 group_base = NULL;
909e0dc3 4426 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4427 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6c8f12af 4428 {
4429 if (group_count == 1)
4430 {
4431 strcpy(managedByDN, group_base->value);
4432 managedBy_v[0] = managedByDN;
4433 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4434 }
4435 linklist_free(group_base);
4436 group_base = NULL;
4437 group_count = 0;
4438 }
4439 }
4440 }
0eae7c9b 4441 }
6c8f12af 4442 mods[n] = NULL;
4443
4444 sprintf(temp, "%s,%s", dName, dn_path);
4445 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4446 for (i = 0; i < n; i++)
4447 free(mods[i]);
4448 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4449 {
4a6e2ee4 4450 com_err(whoami, 0, "Unable to create container %s : %s",
6c8f12af 4451 cName, ldap_err2string(rc));
4452 return(rc);
4453 }
4454 if (rc == LDAP_ALREADY_EXISTS)
4455 {
4456 if (strlen(av[CONTAINER_ROWID]) != 0)
4457 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4458 }
4459 return(rc);
4460}
4461
4462int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4463 int afterc, char **after)
4464{
4465 char distinguishedName[256];
4466 int rc;
4467
4468 memset(distinguishedName, '\0', sizeof(distinguishedName));
4469 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4470 return(rc);
4471 if (strlen(distinguishedName) == 0)
4472 {
4473 rc = container_create(ldap_handle, dn_path, afterc, after);
4474 return(rc);
4475 }
4476
4477 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4478 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4479
4480 return(rc);
4481}
4482
4483int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4484{
4485 char *attr_array[3];
4486 LK_ENTRY *group_base;
4487 int group_count;
4488 char dName[256];
4489 char cName[256];
4490 char filter[512];
4491 int rc;
4492
4493 memset(filter, '\0', sizeof(filter));
4494 memset(dName, '\0', sizeof(dName));
4495 memset(cName, '\0', sizeof(cName));
4496 container_get_dn(av[CONTAINER_NAME], dName);
4497 container_get_name(av[CONTAINER_NAME], cName);
4498
4499 if (strlen(dName) == 0)
4500 {
4a6e2ee4 4501 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
6c8f12af 4502 return(AD_INVALID_NAME);
4503 }
4504
bb52f279 4505 if (!check_container_name(cName))
6c8f12af 4506 {
4a6e2ee4 4507 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
6c8f12af 4508 return(AD_INVALID_NAME);
4509 }
4510
4511 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4512 attr_array[0] = "distinguishedName";
4513 attr_array[1] = NULL;
4514 group_count = 0;
4515 group_base = NULL;
4516 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4517 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6c8f12af 4518 {
4519 if (group_count == 1)
4520 {
4521 strcpy(distinguishedName, group_base->value);
4522 }
4523 linklist_free(group_base);
4524 group_base = NULL;
4525 group_count = 0;
4526 }
4527 if (strlen(distinguishedName) == 0)
4528 {
4529 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4530 attr_array[0] = "distinguishedName";
4531 attr_array[1] = NULL;
4532 group_count = 0;
4533 group_base = NULL;
4534 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4535 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6c8f12af 4536 {
4537 if (group_count == 1)
4538 {
4539 strcpy(distinguishedName, group_base->value);
4540 }
4541 linklist_free(group_base);
4542 group_base = NULL;
4543 group_count = 0;
4544 }
4545 }
4546 return(0);
4547}
4548
4549int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4550 char *distinguishedName, int count, char **av)
4551{
4552 char *attr_array[5];
4553 LK_ENTRY *group_base;
4554 LK_ENTRY *pPtr;
4555 LDAPMod *mods[20];
4556 int group_count;
4557 char filter[512];
6c8f12af 4558 char *moiraId_v[] = {NULL, NULL};
4559 char *desc_v[] = {NULL, NULL};
4560 char *managedBy_v[] = {NULL, NULL};
4561 char managedByDN[256];
4562 char moiraId[64];
4563 char desc[256];
4a6e2ee4 4564 char ad_path[512];
6c8f12af 4565 int rc;
4566 int i;
4567 int n;
4568
4569
4a6e2ee4 4570 strcpy(ad_path, distinguishedName);
6c8f12af 4571 if (strlen(dName) != 0)
4a6e2ee4 4572 sprintf(ad_path, "%s,%s", dName, dn_path);
6c8f12af 4573
4a6e2ee4 4574 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
6c8f12af 4575 if (strlen(av[CONTAINER_ID]) != 0)
4576 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4577 attr_array[0] = "mitMoiraId";
4578 attr_array[1] = "description";
4579 attr_array[2] = "managedBy";
4580 attr_array[3] = NULL;
4581 group_count = 0;
4582 group_base = NULL;
4583 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4584 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
6c8f12af 4585 {
4a6e2ee4 4586 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
6c8f12af 4587 av[CONTAINER_NAME], ldap_err2string(rc));
4588 return(rc);
4589 }
4590 memset(managedByDN, '\0', sizeof(managedByDN));
4591 memset(moiraId, '\0', sizeof(moiraId));
4592 memset(desc, '\0', sizeof(desc));
4593 pPtr = group_base;
4594 while (pPtr)
4595 {
4596 if (!strcasecmp(pPtr->attribute, "description"))
4597 strcpy(desc, pPtr->value);
9cfe334f 4598 else if (!strcasecmp(pPtr->attribute, "managedBy"))
6c8f12af 4599 strcpy(managedByDN, pPtr->value);
9cfe334f 4600 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
6c8f12af 4601 strcpy(moiraId, pPtr->value);
4602 pPtr = pPtr->next;
4603 }
4604 linklist_free(group_base);
4605 group_base = NULL;
4606 group_count = 0;
4607
4608 n = 0;
4609 if (strlen(av[CONTAINER_ROWID]) != 0)
4610 {
4611 moiraId_v[0] = av[CONTAINER_ROWID];
4612 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4613 }
4614 if (strlen(av[CONTAINER_DESC]) != 0)
4615 {
4a6e2ee4 4616 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
6c8f12af 4617 }
4618 else
4619 {
4620 if (strlen(desc) != 0)
4621 {
4a6e2ee4 4622 attribute_update(ldap_handle, ad_path, "", "description", dName);
6c8f12af 4623 }
4624 }
4625 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4626 {
0eae7c9b 4627 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4628 {
4629 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4630 {
4631 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4632 managedBy_v[0] = managedByDN;
4a6e2ee4 4633 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
0eae7c9b 4634 }
4635 else
4636 {
4637 if (strlen(managedByDN) != 0)
4638 {
4a6e2ee4 4639 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
0eae7c9b 4640 }
4641 }
4642 }
4643 else
4644 {
4645 memset(filter, '\0', sizeof(filter));
4646 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6c8f12af 4647 {
0eae7c9b 4648 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
6c8f12af 4649 }
0eae7c9b 4650 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6c8f12af 4651 {
0eae7c9b 4652 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
6c8f12af 4653 }
0eae7c9b 4654 if (strlen(filter) != 0)
6c8f12af 4655 {
4656 attr_array[0] = "distinguishedName";
4657 attr_array[1] = NULL;
4658 group_count = 0;
4659 group_base = NULL;
5f7b0741 4660 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
d7051053 4661 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6c8f12af 4662 {
4663 if (group_count == 1)
4664 {
4665 strcpy(managedByDN, group_base->value);
4666 managedBy_v[0] = managedByDN;
4667 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4668 }
4669 else
4670 {
4671 if (strlen(managedByDN) != 0)
4672 {
4a6e2ee4 4673 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
6c8f12af 4674 }
4675 }
4676 linklist_free(group_base);
4677 group_base = NULL;
4678 group_count = 0;
4679 }
4680 }
0eae7c9b 4681 else
6c8f12af 4682 {
4683 if (strlen(managedByDN) != 0)
4684 {
4a6e2ee4 4685 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
6c8f12af 4686 }
4687 }
0eae7c9b 4688 }
6c8f12af 4689 }
4690 mods[n] = NULL;
4691 if (n == 0)
4692 return(LDAP_SUCCESS);
4693
4a6e2ee4 4694 rc = ldap_modify_s(ldap_handle, ad_path, mods);
6c8f12af 4695 for (i = 0; i < n; i++)
4696 free(mods[i]);
4697 if (rc != LDAP_SUCCESS)
4698 {
4a6e2ee4 4699 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4700 av[CONTAINER_NAME], ldap_err2string(rc));
4701 return(rc);
6c8f12af 4702 }
4703 return(rc);
4704}
4705
4706int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4707{
4708 char *attr_array[3];
4709 LK_ENTRY *group_base;
4710 LK_ENTRY *pPtr;
4711 int group_count;
4712 char filter[512];
4713 char new_cn[128];
4714 char temp[256];
4715 int rc;
4716 int NumberOfEntries = 10;
4717 int i;
4718 int count;
4719
4720 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4721
4722 for (i = 0; i < 3; i++)
4723 {
4724 memset(filter, '\0', sizeof(filter));
4725 if (i == 0)
4726 {
4727 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4728 attr_array[0] = "cn";
4729 attr_array[1] = NULL;
4730 }
4731 else if (i == 1)
4732 {
4733 strcpy(filter, "(objectClass=computer)");
4734 attr_array[0] = "cn";
4735 attr_array[1] = NULL;
4736 }
4737 else
4738 {
4739 strcpy(filter, "(objectClass=organizationalUnit)");
4740 attr_array[0] = "ou";
4741 attr_array[1] = NULL;
4742 }
4743
4744 while (1)
4745 {
4746 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
d7051053 4747 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
6c8f12af 4748 {
4749 break;
4750 }
4751 if (group_count == 0)
4752 break;
4753 pPtr = group_base;
4754 while(pPtr)
4755 {
4756 if (!strcasecmp(pPtr->attribute, "cn"))
4757 {
4758 sprintf(new_cn, "cn=%s", pPtr->value);
4759 if (i == 0)
4760 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4761 if (i == 1)
4762 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4763 count = 1;
4764 while (1)
4765 {
4766 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4767 TRUE, NULL, NULL);
4768 if (rc == LDAP_ALREADY_EXISTS)
4769 {
4770 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4771 ++count;
4772 }
4773 else
4774 break;
4775 }
4776 }
4777 else if (!strcasecmp(pPtr->attribute, "ou"))
4778 {
4779 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4780 }
4781 pPtr = pPtr->next;
4782 }
4783 linklist_free(group_base);
4784 group_base = NULL;
4785 group_count = 0;
4786 }
4787 }
4788 return(0);
4789}
5f7b0741 4790
cc1e4a1d 4791int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5f7b0741 4792{
4793 LK_ENTRY *group_base;
4794 int group_count;
4795 int i;
4796 char filter[128];
4797 char *attr_array[3];
4798 char cn[256];
4799 char dn[256];
4800 char temp[256];
4801 char *pPtr;
4802 int rc;
4803
3abb4456 4804 strcpy(NewMachineName, member);
cc1e4a1d 4805 rc = moira_connect();
3abb4456 4806 rc = GetMachineName(NewMachineName);
cc1e4a1d 4807 moira_disconnect();
3abb4456 4808 if (strlen(NewMachineName) == 0)
4809 {
4810 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
4811 return(1);
4812 }
4813
5f7b0741 4814 pPtr = NULL;
3abb4456 4815 pPtr = strchr(NewMachineName, '.');
5f7b0741 4816 if (pPtr != NULL)
4817 (*pPtr) = '\0';
4818
4819 group_base = NULL;
4820 group_count = 0;
3abb4456 4821 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5f7b0741 4822 attr_array[0] = "cn";
4823 attr_array[1] = NULL;
4824 sprintf(temp, "%s", dn_path);
4825 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
d7051053 4826 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5f7b0741 4827 {
4a6e2ee4 4828 com_err(whoami, 0, "Unable to process machine %s : %s",
5f7b0741 4829 member, ldap_err2string(rc));
4830 return(1);
4831 }
4832 if (group_count != 1)
4833 {
4a6e2ee4 4834 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
3abb4456 4835 NewMachineName);
5f7b0741 4836 return(1);
4837 }
4838 strcpy(dn, group_base->dn);
4839 strcpy(cn, group_base->value);
4840 for (i = 0; i < (int)strlen(dn); i++)
4841 dn[i] = tolower(dn[i]);
4842 for (i = 0; i < (int)strlen(cn); i++)
4843 cn[i] = tolower(cn[i]);
4844 linklist_free(group_base);
4845 pPtr = NULL;
4846 pPtr = strstr(dn, cn);
4847 if (pPtr == NULL)
4848 {
4a6e2ee4 4849 com_err(whoami, 0, "Unable to process machine %s",
5f7b0741 4850 member);
4851 return(1);
4852 }
4853 pPtr += strlen(cn) + 1;
4854 strcpy(machine_ou, pPtr);
4855 pPtr = NULL;
4856 pPtr = strstr(machine_ou, "dc=");
4857 if (pPtr == NULL)
4858 {
4a6e2ee4 4859 com_err(whoami, 0, "Unable to process machine %s",
5f7b0741 4860 member);
4861 return(1);
4862 }
4863 --pPtr;
4864 (*pPtr) = '\0';
4865 return(0);
4866}
bbef4f93 4867
4868int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
4869{
4870
4871 char NewCn[128];
4872 char OldDn[512];
4873 char MachineName[128];
4874 char filter[128];
4875 char *attr_array[3];
4876 char NewOu[256];
4877 char *cPtr = NULL;
4878 int group_count;
4879 long rc;
4880 LK_ENTRY *group_base;
4881
4882 group_count = 0;
4883 group_base = NULL;
4884
4885 strcpy(MachineName, MoiraMachineName);
3abb4456 4886 rc = GetMachineName(MachineName);
4887 if (strlen(MachineName) == 0)
4888 {
4889 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
4890 return(1);
4891 }
4892
bbef4f93 4893 cPtr = strchr(MachineName, '.');
4894 if (cPtr != NULL)
4895 (*cPtr) = '\0';
4896 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
4897 attr_array[0] = "sAMAccountName";
4898 attr_array[1] = NULL;
d7051053 4899 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
4900 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
bbef4f93 4901 {
4a6e2ee4 4902 com_err(whoami, 0, "Unable to process machine %s : %s",
3abb4456 4903 MoiraMachineName, ldap_err2string(rc));
bbef4f93 4904 return(1);
4905 }
4906
4907 if (group_count == 1)
4908 strcpy(OldDn, group_base->dn);
4909 linklist_free(group_base);
4910 group_base = NULL;
4911 if (group_count != 1)
4912 {
3abb4456 4913 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
bbef4f93 4914 return(1);
4915 }
4916 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
4917 cPtr = strchr(OldDn, ',');
4918 if (cPtr != NULL)
4919 {
4920 ++cPtr;
4921 if (!strcasecmp(cPtr, NewOu))
4922 return(0);
4923 }
4924 sprintf(NewCn, "CN=%s", MachineName);
4925 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
4926 return(rc);
4927}
4928
4929int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
4930{
4931 char Name[128];
4932 char *pPtr;
4933 int rc;
4934
4935 memset(Name, '\0', sizeof(Name));
4936 strcpy(Name, machine_name);
4937 pPtr = NULL;
4938 pPtr = strchr(Name, '.');
4939 if (pPtr != NULL)
4940 (*pPtr) = '\0';
4941 strcat(Name, "$");
4942 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
4943}
4944
4945int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
4946{
4947 int rc;
4948 char *av[2];
4949 char *call_args[2];
4950
4951 av[0] = machine_name;
4952 call_args[0] = (char *)container_name;
4953 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
4954 call_args);
4955 return(rc);
4956}
4957
4958int machine_GetMoiraContainer(int ac, char **av, void *ptr)
4959{
4960 char **call_args;
4961
4962 call_args = ptr;
4963 strcpy(call_args[0], av[1]);
4964 return(0);
4965}
4966
209367bd 4967int Moira_container_group_create(char **after)
4968{
4969 long rc;
4970 char GroupName[64];
c7fec834 4971 char *argv[20];
209367bd 4972
4973 memset(GroupName, '\0', sizeof(GroupName));
4974 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
4975 after[CONTAINER_ROWID]);
4976 if (rc)
4977 return rc;
4978
4979 argv[L_NAME] = GroupName;
4980 argv[L_ACTIVE] = "1";
4981 argv[L_PUBLIC] = "0";
4982 argv[L_HIDDEN] = "0";
4983 argv[L_MAILLIST] = "0";
4984 argv[L_GROUP] = "1";
4985 argv[L_GID] = UNIQUE_GID;
4986 argv[L_NFSGROUP] = "0";
3fe96507 4987 argv[L_MAILMAN] = "0";
4988 argv[L_MAILMAN_SERVER] = "[NONE]";
209367bd 4989 argv[L_DESC] = "auto created container group";
4990 argv[L_ACE_TYPE] = "USER";
4991 argv[L_MEMACE_TYPE] = "USER";
4992 argv[L_ACE_NAME] = "sms";
4993 argv[L_MEMACE_NAME] = "sms";
4994
3fe96507 4995 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
209367bd 4996 {
4a6e2ee4 4997 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
209367bd 4998 GroupName, after[CONTAINER_NAME], error_message(rc));
4999 }
5000
5001 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5002 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5003
5004 return(rc);
5005}
5006
5007int Moira_container_group_update(char **before, char **after)
5008{
5009 long rc;
5010 char BeforeGroupName[64];
5011 char AfterGroupName[64];
c7fec834 5012 char *argv[20];
209367bd 5013
5014 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5015 return(0);
5016
5017 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5018 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5019 if (strlen(BeforeGroupName) == 0)
5020 return(0);
5021
5022 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5023 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5024 after[CONTAINER_ROWID]);
5025 if (rc)
5026 return rc;
5027
5028 if (strcasecmp(BeforeGroupName, AfterGroupName))
5029 {
5030 argv[L_NAME] = BeforeGroupName;
5031 argv[L_NAME + 1] = AfterGroupName;
5032 argv[L_ACTIVE + 1] = "1";
5033 argv[L_PUBLIC + 1] = "0";
50b4a32b 5034 argv[L_HIDDEN + 1] = "0";
209367bd 5035 argv[L_MAILLIST + 1] = "0";
5036 argv[L_GROUP + 1] = "1";
5037 argv[L_GID + 1] = UNIQUE_GID;
5038 argv[L_NFSGROUP + 1] = "0";
3fe96507 5039 argv[L_MAILMAN + 1] = "0";
5040 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
209367bd 5041 argv[L_DESC + 1] = "auto created container group";
5042 argv[L_ACE_TYPE + 1] = "USER";
5043 argv[L_MEMACE_TYPE + 1] = "USER";
5044 argv[L_ACE_NAME + 1] = "sms";
5045 argv[L_MEMACE_NAME + 1] = "sms";
5046
3fe96507 5047 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
209367bd 5048 {
4a6e2ee4 5049 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
209367bd 5050 BeforeGroupName, AfterGroupName, error_message(rc));
5051 }
5052 }
5053
5054 return(rc);
5055}
5056
5057int Moira_container_group_delete(char **before)
5058{
5059 long rc = 0;
5060 char *argv[13];
5061 char GroupName[64];
5062 char ParentGroupName[64];
5063
5064 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5065 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5066
5067 memset(GroupName, '\0', sizeof(GroupName));
5068 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5069 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5070
5071 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5072 {
5073 argv[0] = ParentGroupName;
5074 argv[1] = "LIST";
5075 argv[2] = GroupName;
5076 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5077 {
4a6e2ee4 5078 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
209367bd 5079 GroupName, ParentGroupName, error_message(rc));
5080 }
5081 }
5082
5083 if (strlen(GroupName) != 0)
5084 {
5085 argv[0] = GroupName;
5086 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5087 {
4a6e2ee4 5088 com_err(whoami, 0, "Unable to delete container group %s : %s",
209367bd 5089 GroupName, error_message(rc));
5090 }
5091 }
5092
5093 return(rc);
5094}
5095
5096int Moira_groupname_create(char *GroupName, char *ContainerName,
5097 char *ContainerRowID)
5098{
5099 char *ptr;
5100 char *ptr1;
5101 char temp[64];
5102 char newGroupName[64];
5103 char tempGroupName[64];
e0e094af 5104 char tempgname[64];
209367bd 5105 char *argv[1];
5106 int i;
5107 long rc;
5108
5109 strcpy(temp, ContainerName);
5110
5111 ptr1 = strrchr(temp, '/');
5112 if (ptr1 != NULL)
e0e094af 5113 {
5114 *ptr1 = '\0';
209367bd 5115 ptr = ++ptr1;
e0e094af 5116 ptr1 = strrchr(temp, '/');
5117 if (ptr1 != NULL)
5118 {
5119 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
5120 }
5121 else
5122 strcpy(tempgname, ptr);
5123 }
209367bd 5124 else
e0e094af 5125 strcpy(tempgname, temp);
209367bd 5126
e0e094af 5127 if (strlen(tempgname) > 25)
5128 tempgname[25] ='\0';
209367bd 5129
e0e094af 5130 sprintf(newGroupName, "cnt-%s", tempgname);
209367bd 5131
5132 /* change everything to lower case */
5133 ptr = newGroupName;
5134 while (*ptr)
5135 {
5136 if (isupper(*ptr))
5137 *ptr = tolower(*ptr);
5138 if (*ptr == ' ')
5139 *ptr = '-';
5140 ptr++;
5141 }
5142
5143 strcpy(tempGroupName, newGroupName);
5144 i = (int)'0';
5145 /* append 0-9 then a-z if a duplicate is found */
5146 while(1)
5147 {
5148 argv[0] = newGroupName;
5149 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5150 {
5151 if (rc == MR_NO_MATCH)
5152 break;
5153 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5154 ContainerName, error_message(rc));
5155 return rc;
5156 }
5157 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5158 if (i == (int)'z')
5159 {
4a6e2ee4 5160 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
209367bd 5161 ContainerName);
5162 return 1;
5163 }
5164 if (i == '9')
5165 i = 'a';
5166 else
5167 i++;
5168 }
5169
5170 strcpy(GroupName, newGroupName);
5171 return(0);
5172}
5173
5174int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5175{
5176 long rc;
5177 char *argv[3];
5178
5179 argv[0] = origContainerName;
5180 argv[1] = GroupName;
5181
5182 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5183 {
4a6e2ee4 5184 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
209367bd 5185 GroupName, origContainerName, error_message(rc));
5186 }
5187
5188 return(0);
5189}
5190
5191 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5192 {
5193 char ContainerName[64];
5194 char ParentGroupName[64];
5195 char *argv[3];
5196 long rc;
5197
5198 strcpy(ContainerName, origContainerName);
5199
5200 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5201 /* top-level container */
5202 if (strlen(ParentGroupName) == 0)
5203 return(0);
5204
5205 argv[0] = ParentGroupName;
5206 argv[1] = "LIST";
5207 argv[2] = GroupName;
5208 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5209 {
4a6e2ee4 5210 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
209367bd 5211 GroupName, ParentGroupName, error_message(rc));
5212 }
5213 return(0);
5214 }
5215
5216int Moira_getContainerGroup(int ac, char **av, void *ptr)
5217{
5218 char **call_args;
5219
5220 call_args = ptr;
5221 strcpy(call_args[0], av[1]);
5222 return(0);
5223}
5224
5225int Moira_getGroupName(char *origContainerName, char *GroupName,
5226 int ParentFlag)
5227{
209367bd 5228 char ContainerName[64];
5229 char *argv[3];
5230 char *call_args[3];
5231 char *ptr;
5232 long rc;
5233
5234 strcpy(ContainerName, origContainerName);
5235
5236 if (ParentFlag)
5237 {
5238 ptr = strrchr(ContainerName, '/');
5239 if (ptr != NULL)
5240 (*ptr) = '\0';
5241 else
5242 return(0);
5243 }
5244
5245 argv[0] = ContainerName;
5246 argv[1] = NULL;
5247 call_args[0] = GroupName;
5248 call_args[1] = NULL;
5249
5250 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5251 call_args)))
5252 {
5253 if (strlen(GroupName) != 0)
5254 return(0);
5255 }
5256
5257 if (rc)
4a6e2ee4 5258 com_err(whoami, 0, "Unable to get container group from container %s: %s",
209367bd 5259 ContainerName, error_message(rc));
5260 else
4a6e2ee4 5261 com_err(whoami, 0, "Unable to get container group from container %s",
209367bd 5262 ContainerName);
5263 return(0);
5264}
5265
5266int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5267 int DeleteMachine)
5268{
5269 char *argv[3];
5270 long rc;
5271
5272 if (strcmp(GroupName, "[none]") == 0)
5273 return 0;
5274
5275 argv[0] = GroupName;
5276 argv[1] = "MACHINE";
5277 argv[2] = MachineName;
5278 if (!DeleteMachine)
5279 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5280 else
5281 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5282 if (rc)
5283 {
4a6e2ee4 5284 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
209367bd 5285 MachineName, GroupName, error_message(rc));
5286 }
5287 return(0);
5288}
3abb4456 5289
5290int GetMachineName(char *MachineName)
5291{
5292 char *args[2];
5293 char NewMachineName[1024];
5294 char *szDot;
5295 int rc = 0;
5296 int i;
5297 DWORD dwLen = 0;
5298 char *call_args[2];
5299
5300 // If the address happens to be in the top-level MIT domain, great!
5301 strcpy(NewMachineName, MachineName);
5302 for (i = 0; i < (int)strlen(NewMachineName); i++)
5303 NewMachineName[i] = toupper(NewMachineName[i]);
5304 szDot = strchr(NewMachineName,'.');
5305 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5306 {
5307 return(0);
5308 }
5309
5310 // If not, see if it has a Moira alias in the top-level MIT domain.
5311 memset(NewMachineName, '\0', sizeof(NewMachineName));
5312 args[0] = "*";
5313 args[1] = MachineName;
5314 call_args[0] = NewMachineName;
5315 call_args[1] = NULL;
5316 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5317 {
4a6e2ee4 5318 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
3abb4456 5319 MachineName, error_message(rc));
5320 strcpy(MachineName, "");
5321 return(0);
5322 }
5323
5324 if (strlen(NewMachineName) != 0)
5325 strcpy(MachineName, NewMachineName);
5326 else
5327 strcpy(MachineName, "");
5328 return(0);
5329
5330}
5331
5332int ProcessMachineName(int ac, char **av, void *ptr)
5333{
5334 char **call_args;
5335 char MachineName[1024];
5336 char *szDot;
5337 int i;
5338
5339 call_args = ptr;
5340 if (strlen(call_args[0]) == 0)
5341 {
5342 strcpy(MachineName, av[0]);
5343 for (i = 0; i < (int)strlen(MachineName); i++)
5344 MachineName[i] = toupper(MachineName[i]);
5345 szDot = strchr(MachineName,'.');
5346 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5347 {
5348 strcpy(call_args[0], MachineName);
5349 }
5350 }
5351 return(0);
5352}
5353
5354void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5355{
5356 int i;
5357
5358 if (*UseSFU30)
5359 {
5360 for (i = 0; i < n; i++)
5361 {
5362 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5363 mods[i]->mod_type = "uidNumber";
5364 }
5365 (*UseSFU30) = 0;
5366 }
5367 else
5368 {
5369 for (i = 0; i < n; i++)
5370 {
5371 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5372 mods[i]->mod_type = "msSFU30UidNumber";
5373 }
5374 (*UseSFU30) = 1;
5375 }
5376}
5377
5378int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5379 char *WinHomeDir, char *WinProfileDir,
5380 char **homedir_v, char **winProfile_v,
5381 char **drives_v, LDAPMod **mods,
5382 int OpType, int n)
5383{
5384 char **hp;
5385 char cWeight[3];
5386 char cPath[1024];
5387 char path[1024];
5388 char winPath[1024];
5389 char winProfile[1024];
5390 char homeDrive[8];
5391 int last_weight;
5392 int i;
5393 int rc;
5394 LDAPMod *DelMods[20];
5395
5396 memset(homeDrive, '\0', sizeof(homeDrive));
5397 memset(path, '\0', sizeof(path));
5398 memset(winPath, '\0', sizeof(winPath));
5399 memset(winProfile, '\0', sizeof(winProfile));
5400 hp = NULL;
5401 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5402 {
5403 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5404 {
5405 memset(cWeight, 0, sizeof(cWeight));
5406 memset(cPath, 0, sizeof(cPath));
5407 last_weight = 1000;
5408 i = 0;
5409 while (hp[i] != NULL)
5410 {
5411 if (sscanf(hp[i], "%*s %s", cPath))
5412 {
5413 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5414 {
5415 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5416 {
5417 if (atoi(cWeight) < last_weight)
5418 {
5419 strcpy(path, cPath);
5420 last_weight = (int)atoi(cWeight);
5421 }
5422 }
5423 else
5424 strcpy(path, cPath);
5425 }
5426 }
5427 ++i;
5428 }
5429 if (strlen(path))
5430 {
5431 if (!strnicmp(path, AFS, strlen(AFS)))
5432 {
5433 AfsToWinAfs(path, winPath);
5434 strcpy(winProfile, winPath);
5435 strcat(winProfile, "\\.winprofile");
5436 }
5437 }
5438 }
64ffea58 5439 else
5440 return(n);
3abb4456 5441 }
5442
e0e094af 5443 if ((!strcasecmp(WinHomeDir, "[dfs]")) || (!strcasecmp(WinProfileDir, "[dfs]")))
5444 {
5445 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain, user_name[0], user_name);
5446 if (!strcasecmp(WinProfileDir, "[dfs]"))
5447 {
5448 strcpy(winProfile, path);
5449 strcat(winProfile, "\\.winprofile");
5450 }
5451 if (!strcasecmp(WinHomeDir, "[dfs]"))
5452 strcpy(winPath, path);
5453 }
5454
3abb4456 5455 if (hp != NULL)
5456 {
5457 i = 0;
5458 while (hp[i])
5459 {
5460 free(hp[i]);
5461 i++;
5462 }
5463 }
5464
5465 if (!strcasecmp(WinHomeDir, "[local]"))
5466 memset(winPath, '\0', sizeof(winPath));
e0e094af 5467 else if (!strcasecmp(WinHomeDir, "[afs]") || !strcasecmp(WinHomeDir, "[dfs]"))
3abb4456 5468 {
5469 strcpy(homeDrive, "H:");
5470 }
5471 else
5472 {
5473 strcpy(winPath, WinHomeDir);
5474 if (!strncmp(WinHomeDir, "\\\\", 2))
5475 {
5476 strcpy(homeDrive, "H:");
5477 }
5478 }
5479
5480 // nothing needs to be done if WinProfileDir is [afs].
5481 if (!strcasecmp(WinProfileDir, "[local]"))
5482 memset(winProfile, '\0', sizeof(winProfile));
e0e094af 5483 else if (strcasecmp(WinProfileDir, "[afs]") && strcasecmp(WinProfileDir, "[dfs]"))
3abb4456 5484 {
5485 strcpy(winProfile, WinProfileDir);
5486 }
5487
5488 if (strlen(winProfile) != 0)
5489 {
5490 if (winProfile[strlen(winProfile) - 1] == '\\')
5491 winProfile[strlen(winProfile) - 1] = '\0';
5492 }
5493 if (strlen(winPath) != 0)
5494 {
5495 if (winPath[strlen(winPath) - 1] == '\\')
5496 winPath[strlen(winPath) - 1] = '\0';
5497 }
5498
5499 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5500 strcat(winProfile, "\\");
5501 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5502 strcat(winPath, "\\");
5503
5504 if (strlen(winPath) == 0)
5505 {
5506 if (OpType == LDAP_MOD_REPLACE)
5507 {
5508 i = 0;
5509 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5510 DelMods[i] = NULL;
5511 //unset homeDirectory attribute for user.
5512 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5513 free(DelMods[0]);
5514 }
5515 }
5516 else
5517 {
5518 homedir_v[0] = strdup(winPath);
5519 ADD_ATTR("homeDirectory", homedir_v, OpType);
5520 }
5521
5522 if (strlen(winProfile) == 0)
5523 {
5524 if (OpType == LDAP_MOD_REPLACE)
5525 {
5526 i = 0;
5527 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5528 DelMods[i] = NULL;
5529 //unset profilePate attribute for user.
5530 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5531 free(DelMods[0]);
5532 }
5533 }
5534 else
5535 {
5536 winProfile_v[0] = strdup(winProfile);
5537 ADD_ATTR("profilePath", winProfile_v, OpType);
5538 }
5539
5540 if (strlen(homeDrive) == 0)
5541 {
5542 if (OpType == LDAP_MOD_REPLACE)
5543 {
5544 i = 0;
5545 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5546 DelMods[i] = NULL;
5547 //unset homeDrive attribute for user
5548 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5549 free(DelMods[0]);
5550 }
5551 }
5552 else
5553 {
5554 drives_v[0] = strdup(homeDrive);
5555 ADD_ATTR("homeDrive", drives_v, OpType);
5556 }
5557
5558 return(n);
5559}
d7051053 5560
5561int GetServerList(char *ldap_domain, char **ServerList)
5562{
5563 unsigned long rc;
5564 int group_count;
5565 int UseSFU30;
5566 int Count;
5567 int i;
26503e15 5568 int k;
d7051053 5569 int ServerListFound;
5570 char default_server[256];
5571 char dn_path[256];
5572 char *attr_array[3];
5573 char *sPtr;
5574 char base[128];
5575 char filter[128];
5576 LK_ENTRY *group_base;
5577 LK_ENTRY *gPtr;
5578 LDAP *ldap_handle;
5579 FILE *fptr;
5580
5581 memset(default_server, '\0', sizeof(default_server));
5582 memset(dn_path, '\0', sizeof(dn_path));
5583 for (i = 0; i < MAX_SERVER_NAMES; i++)
5584 {
5585 if (ServerList[i] != NULL)
5586 {
5587 free(ServerList[i]);
5588 ServerList[i] = NULL;
5589 }
5590 }
d7051053 5591 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
26503e15 5592 ServerList))
d7051053 5593 return(1);
5594 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5595 group_count = 0;
5596 group_base = NULL;
5597 Count = 0;
5598 ServerListFound = 0;
5599
5600 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5601 attr_array[0] = "fSMORoleOwner";
5602 attr_array[1] = NULL;
5603 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5604 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5605 {
5606 if (group_count != 0)
5607 {
5608 sPtr = strstr(group_base->value, ",CN=");
5609 if (sPtr != NULL)
5610 {
5611 sPtr += strlen(",CN=");
5612 if (ServerList[0] == NULL)
5613 ServerList[0] = calloc(1, 256);
5614 strcpy(ServerList[0], sPtr);
5615 sPtr = strstr(ServerList[0], ",");
5616 if (sPtr != NULL)
5617 (*sPtr) = '\0';
5618 ++Count;
5619 ServerListFound = 1;
5620 }
5621 }
5622 }
5623 linklist_free(group_base);
5624
5625 group_count = 0;
5626 group_base = NULL;
5627 attr_array[0] = "cn";
5628 attr_array[1] = NULL;
5629 strcpy(filter, "(cn=*)");
5630 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5631
5632 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5633 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5634 {
5635 if (group_count != 0)
5636 {
5637 gPtr = group_base;
5638 while (gPtr != NULL)
5639 {
5640 if (ServerListFound != 0)
5641 {
5642 if (!strcasecmp(ServerList[0], gPtr->value))
5643 {
5644 gPtr = gPtr->next;
5645 continue;
5646 }
5647 }
5648 if (Count < MAX_SERVER_NAMES)
5649 {
5650 if (ServerList[Count] == NULL)
5651 ServerList[Count] = calloc(1, 256);
5652 strcpy(ServerList[Count], gPtr->value);
5653 gPtr = gPtr->next;
5654 ++Count;
5655 }
5656 }
5657 }
5658 }
5659 linklist_free(group_base);
5660
5661 UseSFU30 = 0;
5662 group_count = 0;
5663 group_base = NULL;
5664
5665 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5666 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5667
5668 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5669 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5670 {
5671 if (group_count != 0)
5672 {
5673 UseSFU30 = 1;
5674 }
5675 }
5676 linklist_free(group_base);
5677 group_count = 0;
5678 group_base = NULL;
5679
5680 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5681 {
26503e15 5682 fprintf(fptr, "%s %s\n", DOMAIN, ldap_domain);
5683 if (strlen(PrincipalName) != 0)
5684 fprintf(fptr, "%s %s\n", PRINCIPALNAME, PrincipalName);
d7051053 5685 if (UseSFU30)
26503e15 5686 fprintf(fptr, "%s %s\n", MSSFU, SFUTYPE);
d7051053 5687 for (i = 0; i < MAX_SERVER_NAMES; i++)
5688 {
5689 if (ServerList[i] != NULL)
5690 {
26503e15 5691 fprintf(fptr, "%s %s\n", SERVER, ServerList[i]);
d7051053 5692 }
5693 }
5694 fclose(fptr);
5695 }
5696 ldap_unbind_s(ldap_handle);
5697
26503e15 5698 for (i = 0; i < MAX_SERVER_NAMES; i++)
5699 {
5700 if (ServerList[i] != NULL)
5701 {
5702 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
5703 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
5704 strcat(ServerList[i], ".");
5705 strcat(ServerList[i], ldap_domain);
5706 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5707 ServerList[i][k] = toupper(ServerList[i][k]);
5708 }
5709 }
5710
d7051053 5711 return(0);
5712}
4a6e2ee4 5713
5714int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5715 char *attribute_value, char *attribute, char *user_name)
5716{
5717 char *mod_v[] = {NULL, NULL};
5718 LDAPMod *DelMods[20];
5719 LDAPMod *mods[20];
5720 int n;
5721 int i;
5722 int rc;
5723
5724 if (strlen(attribute_value) == 0)
5725 {
5726 i = 0;
5727 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5728 DelMods[i] = NULL;
5729 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5730 free(DelMods[0]);
5731 }
5732 else
5733 {
5734 n = 0;
5735 mod_v[0] = attribute_value;
5736 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5737 mods[n] = NULL;
5738 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5739 {
5740 free(mods[0]);
5741 n = 0;
5742 mod_v[0] = attribute_value;
5743 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5744 mods[n] = NULL;
5745 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5746 {
5747 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5748 attribute, user_name, ldap_err2string(rc));
5749 }
5750 }
5751 free(mods[0]);
5752 }
5753 return(rc);
5754}
26503e15 5755
5756int tickets_get_k5()
5757{
5758 char temp[128];
5759 char KinitPath[128];
5760 int retval;
5761 int i;
5762 static char EnvVar[128];
5763 static char EnvVar1[128];
5764
5765 strcpy(EnvVar, KRB5CCNAME);
5766 retval = putenv(EnvVar);
5767 strcpy(EnvVar1, KRBTKFILE);
5768 retval = putenv(EnvVar1);
5769
5770 for (i = 0; i < (int)strlen(PrincipalName); i++)
5771 PrincipalName[i] = tolower(PrincipalName[i]);
5772 if (strlen(PrincipalName) == 0)
5773 {
5774 strcpy(PrincipalName, PRODUCTION_PRINCIPAL);
c75a6005 5775 if (strcasecmp(ldap_domain, PRIMARY_DOMAIN))
26503e15 5776 strcpy(PrincipalName, TEST_PRINCIPAL);
5777 }
5778
5779 memset(KinitPath, '\0',sizeof(KinitPath));
5780#ifndef _WIN32
5781 strcpy(KinitPath, "/usr/athena/bin/");
5782#endif
5783 sprintf(temp, "%skinit -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
5784 retval = system(temp);
5785 if (retval)
5786 return(-1);
5787 return(0);
5788}
5789
5790int get_tickets()
5791{
5792
5793 if (tickets_get_k5())
5794 {
5795 sleep(1);
5796 if (tickets_get_k5())
5797 {
5798 critical_alert("AD incremental", "%s",
5799 "winad.incr incremental failed (unable to get kerberos tickets)");
5800 exit(1);
5801 }
5802 }
5803 return(0);
5804}
5805
5806int destroy_cache(void)
5807{
5808 krb5_context context;
5809 krb5_ccache cache;
5810 krb5_error_code rc;
5811
5812 context = NULL;
5813 cache = NULL;
5814 if (!krb5_init_context(&context))
5815 {
5816 if (!krb5_cc_default(context, &cache))
5817 rc = krb5_cc_destroy(context, cache);
5818 }
5819 if (context != NULL)
5820 krb5_free_context(context);
5821 dest_tkt();
5822
5823 return(rc);
5824}
5825
5826
5827void StringTrim(char *StringToTrim)
5828{
5829 char *cPtr;
5830 char temp[256];
5831 int i;
5832
5833 if (strlen(StringToTrim) == 0)
5834 return;
5835
5836 cPtr = StringToTrim;
5837 while (isspace(*cPtr))
5838 {
5839 ++cPtr;
5840 }
5841 strcpy(temp, cPtr);
5842 if (strlen(temp) == 0)
5843 {
5844 strcpy(StringToTrim, temp);
5845 return;
5846 }
5847 while (1)
5848 {
5849 i = strlen(temp);
5850 if (i == 0)
5851 break;
5852 if (!isspace(temp[i-1]))
5853 break;
5854 temp[i-1] = '\0';
5855 }
5856
5857 strcpy(StringToTrim, temp);
5858 return;
5859}
5860
5861void ReadConfigFile()
5862{
5863 int Count;
5864 int i;
5865 int k;
5866 char temp[256];
5867 char temp1[256];
5868 FILE *fptr;
5869
5870 Count = 0;
5871
5872 if ((fptr = fopen(WINADCFG, "r")) != NULL)
5873 {
5874 while (fgets(temp, sizeof(temp), fptr) != 0)
5875 {
5876 for (i = 0; i < (int)strlen(temp); i++)
5877 temp[i] = toupper(temp[i]);
5878 if (temp[strlen(temp) - 1] == '\n')
5879 temp[strlen(temp) - 1] = '\0';
5880 StringTrim(temp);
5881 if (strlen(temp) == 0)
5882 continue;
5883 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
5884 {
5885 if (strlen(temp) > (strlen(DOMAIN)))
5886 {
5887 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
5888 StringTrim(ldap_domain);
5889 }
5890 }
5891 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
5892 {
5893 if (strlen(temp) > (strlen(PRINCIPALNAME)))
5894 {
5895 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
5896 StringTrim(PrincipalName);
5897 }
5898 }
5899 else if (!strncmp(temp, SERVER, strlen(SERVER)))
5900 {
5901 if (strlen(temp) > (strlen(SERVER)))
5902 {
5903 ServerList[Count] = calloc(1, 256);
5904 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
5905 StringTrim(ServerList[Count]);
5906 ++Count;
5907 }
5908 }
5909 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
5910 {
5911 if (strlen(temp) > (strlen(MSSFU)))
5912 {
5913 strcpy(temp1, &temp[strlen(MSSFU)]);
5914 StringTrim(temp1);
5915 if (!strcmp(temp1, SFUTYPE))
5916 UseSFU30 = 1;
5917 }
5918 }
5919 else if (!strcasecmp(temp, "NOCHANGE"))
5920 {
5921 NoChangeConfigFile = 1;
5922 }
5923 else
5924 {
5925 if (strlen(ldap_domain) != 0)
5926 {
5927 memset(ldap_domain, '\0', sizeof(ldap_domain));
5928 break;
5929 }
5930 if (strlen(temp) != 0)
5931 strcpy(ldap_domain, temp);
5932 }
5933 }
5934 fclose(fptr);
5935 }
5936
5937 if (strlen(ldap_domain) == 0)
5938 {
5939 critical_alert("incremental", "%s",
5940 "winad.incr cannot run due to a configuration error in winad.cfg");
5941 exit(1);
5942 }
5943 if (Count == 0)
5944 return;
5945 for (i = 0; i < Count; i++)
5946 {
5947 if (ServerList[i] != 0)
5948 {
5949 strcat(ServerList[i], ".");
5950 strcat(ServerList[i], ldap_domain);
5951 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5952 ServerList[i][k] = toupper(ServerList[i][k]);
5953 }
5954 }
5955
5956}
Moira, the Athena Service Management system
This page took 1.023161 seconds and 5 git commands to generate.