]>
Commit | Line | Data |
---|---|---|
5d0a7127 | 1 | /* $Header$ |
89db421e | 2 | /* winad.incr arguments examples |
5d0a7127 | 3 | * |
cd9e6b16 | 4 | * |
89db421e | 5 | * arguments when moira creates the account - ignored by winad.incr since the account is unusable. |
6 | * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049 | |
7 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
cd9e6b16 | 8 | * |
89db421e | 9 | * arguments for creating or updating a user account |
10 | * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 | |
11 | * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 | |
12 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
78af4e6e | 13 | * |
89db421e | 14 | * arguments for deactivating/deleting a user account |
15 | * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 | |
16 | * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 | |
17 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
cd9e6b16 | 18 | * |
89db421e | 19 | * arguments for reactivating a user account |
20 | * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 | |
21 | * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 | |
22 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
cd9e6b16 | 23 | * |
89db421e | 24 | * arguments for changing user name |
25 | * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 | |
26 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
cd9e6b16 | 27 | * |
89db421e | 28 | * arguments for expunging a user |
29 | * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049 | |
30 | * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid | |
31 | * | |
32 | * arguments for creating a "special" group/list | |
33 | * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616 | |
34 | * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid | |
9db0b148 | 35 | * |
89db421e | 36 | * arguments for creating a "mail" group/list |
37 | * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616 | |
38 | * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid | |
39 | * | |
40 | * arguments for creating a "group" group/list | |
41 | * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616 | |
42 | * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid | |
43 | * | |
44 | * arguments for creating a "group/mail" group/list | |
45 | * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616 | |
46 | * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid | |
47 | * | |
48 | * arguments to add a USER member to group/list | |
49 | * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047 | |
50 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId | |
51 | * | |
52 | * arguments to add a STRING or KERBEROS member to group/list | |
53 | * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616 | |
54 | * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616 | |
55 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId | |
56 | * | |
57 | * NOTE: group members of type LIST are ignored. | |
58 | * | |
59 | * arguments to remove a USER member to group/list | |
60 | * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047 | |
61 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId | |
62 | * | |
63 | * arguments to remove a STRING or KERBEROS member to group/list | |
64 | * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616 | |
65 | * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616 | |
66 | * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId | |
9db0b148 | 67 | * |
89db421e | 68 | * NOTE: group members of type LIST are ignored. |
f75f605a | 69 | * |
89db421e | 70 | * arguments for renaming a group/list |
71 | * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616 | |
72 | * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId | |
f75f605a | 73 | * |
89db421e | 74 | * arguments for deleting a group/list |
75 | * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616 | |
76 | * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId | |
77 | ||
78 | * arguments for adding a file system | |
79 | * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727 | |
80 | * | |
81 | * arguments for deleting a file system | |
82 | * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727 | |
cd9e6b16 | 83 | */ |
5d0a7127 | 84 | #include <mit-copyright.h> |
85 | #ifdef _WIN32 | |
86 | #include <windows.h> | |
87 | #include <stdlib.h> | |
88 | #include <malloc.h> | |
89 | #include <lmaccess.h> | |
90 | #endif | |
f78c7eaf | 91 | #include <hesiod.h> |
cd9e6b16 | 92 | #include <string.h> |
5d0a7127 | 93 | #include <ldap.h> |
94 | #include <stdio.h> | |
95 | #include <moira.h> | |
96 | #include <moira_site.h> | |
cd9e6b16 | 97 | #include <mrclient.h> |
5d0a7127 | 98 | #include <krb5.h> |
99 | #include <krb.h> | |
100 | #include <gsssasl.h> | |
101 | #include <gssldap.h> | |
cd9e6b16 | 102 | #include "kpasswd.h" |
103 | ||
104 | #ifdef _WIN32 | |
105 | #ifndef ECONNABORTED | |
106 | #define ECONNABORTED WSAECONNABORTED | |
107 | #endif | |
108 | #ifndef ECONNREFUSED | |
109 | #define ECONNREFUSED WSAECONNREFUSED | |
110 | #endif | |
111 | #ifndef EHOSTUNREACH | |
112 | #define EHOSTUNREACH WSAEHOSTUNREACH | |
113 | #endif | |
114 | #define krb5_xfree free | |
0d958b3c | 115 | #define F_OK 0 |
116 | #define sleep(A) Sleep(A * 1000); | |
cd9e6b16 | 117 | #endif /* _WIN32 */ |
5d0a7127 | 118 | |
119 | #ifndef _WIN32 | |
f78c7eaf | 120 | #include <sys/types.h> |
121 | #include <netinet/in.h> | |
122 | #include <arpa/nameser.h> | |
123 | #include <resolv.h> | |
5d0a7127 | 124 | #include <sys/utsname.h> |
0d958b3c | 125 | #include <unistd.h> |
5d0a7127 | 126 | |
f75f605a | 127 | #define WINADCFG "/moira/winad/winad.cfg" |
f78c7eaf | 128 | #define strnicmp(A,B,C) strncasecmp(A,B,C) |
cd9e6b16 | 129 | #define UCHAR unsigned char |
130 | ||
5d0a7127 | 131 | #define UF_SCRIPT 0x0001 |
132 | #define UF_ACCOUNTDISABLE 0x0002 | |
133 | #define UF_HOMEDIR_REQUIRED 0x0008 | |
134 | #define UF_LOCKOUT 0x0010 | |
135 | #define UF_PASSWD_NOTREQD 0x0020 | |
136 | #define UF_PASSWD_CANT_CHANGE 0x0040 | |
cd9e6b16 | 137 | #define UF_DONT_EXPIRE_PASSWD 0x10000 |
5d0a7127 | 138 | |
139 | #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100 | |
140 | #define UF_NORMAL_ACCOUNT 0x0200 | |
141 | #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800 | |
142 | #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000 | |
143 | #define UF_SERVER_TRUST_ACCOUNT 0x2000 | |
144 | ||
145 | #ifndef BYTE | |
146 | #define BYTE unsigned char | |
147 | #endif | |
148 | typedef unsigned int DWORD; | |
149 | typedef unsigned long ULONG; | |
150 | ||
151 | typedef struct _GUID | |
152 | { | |
153 | unsigned long Data1; | |
154 | unsigned short Data2; | |
155 | unsigned short Data3; | |
156 | unsigned char Data4[8]; | |
157 | } GUID; | |
158 | ||
159 | typedef struct _SID_IDENTIFIER_AUTHORITY { | |
160 | BYTE Value[6]; | |
161 | } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; | |
162 | ||
163 | typedef struct _SID { | |
164 | BYTE Revision; | |
165 | BYTE SubAuthorityCount; | |
166 | SID_IDENTIFIER_AUTHORITY IdentifierAuthority; | |
167 | DWORD SubAuthority[512]; | |
168 | } SID; | |
169 | #endif/*!WIN32*/ | |
170 | ||
f75f605a | 171 | #ifndef WINADCFG |
172 | #define WINADCFG "winad.cfg" | |
173 | #endif | |
174 | ||
f78c7eaf | 175 | #define AFS "/afs/" |
176 | #define WINAFS "\\\\afs\\all\\" | |
177 | ||
cd9e6b16 | 178 | #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002 |
f78c7eaf | 179 | #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004 |
180 | #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004 | |
181 | #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 | |
182 | #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000 | |
cd9e6b16 | 183 | |
184 | #define QUERY_VERSION -1 | |
185 | #define PRIMARY_REALM "ATHENA.MIT.EDU" | |
186 | ||
5d0a7127 | 187 | #define SUBSTITUTE 1 |
188 | #define REPLACE 2 | |
189 | ||
cd9e6b16 | 190 | #define USERS 0 |
191 | #define GROUPS 1 | |
192 | ||
5d0a7127 | 193 | #define MEMBER_ADD 1 |
194 | #define MEMBER_REMOVE 2 | |
195 | #define MEMBER_CHANGE_NAME 3 | |
196 | #define MEMBER_ACTIVATE 4 | |
197 | #define MEMBER_DEACTIVATE 5 | |
cd9e6b16 | 198 | #define MEMBER_CREATE 6 |
5d0a7127 | 199 | |
f78c7eaf | 200 | #define MOIRA_ALL 0x0 |
201 | #define MOIRA_USERS 0x1 | |
202 | #define MOIRA_KERBEROS 0x2 | |
203 | #define MOIRA_STRINGS 0x4 | |
204 | #define MOIRA_LISTS 0x8 | |
205 | ||
89db421e | 206 | #define CHECK_GROUPS 1 |
207 | #define CLEANUP_GROUPS 2 | |
208 | ||
209 | #define AD_NO_GROUPS_FOUND -1 | |
210 | #define AD_WRONG_GROUP_DN_FOUND -2 | |
211 | #define AD_MULTIPLE_GROUPS_FOUND -3 | |
212 | #define AD_INVALID_NAME -4 | |
213 | #define AD_LDAP_FAILURE -5 | |
214 | #define AD_INVALID_FILESYS -6 | |
215 | #define AD_NO_ATTRIBUTE_FOUND -7 | |
216 | #define AD_NO_OU_FOUND -8 | |
217 | #define AD_NO_USER_FOUND -9 | |
218 | ||
5d0a7127 | 219 | typedef struct lk_entry { |
220 | int op; | |
221 | int length; | |
222 | int ber_value; | |
223 | char *dn; | |
224 | char *attribute; | |
225 | char *value; | |
226 | char *member; | |
227 | char *type; | |
228 | char *list; | |
229 | struct lk_entry *next; | |
230 | } LK_ENTRY; | |
231 | ||
0d958b3c | 232 | #define STOP_FILE "/moira/winad/nowinad" |
233 | #define file_exists(file) (access((file), F_OK) == 0) | |
234 | ||
5d0a7127 | 235 | #define LDAP_BERVAL struct berval |
cd9e6b16 | 236 | #define MAX_SERVER_NAMES 32 |
237 | ||
238 | #define ADD_ATTR(t, v, o) \ | |
239 | mods[n] = malloc(sizeof(LDAPMod)); \ | |
240 | mods[n]->mod_op = o; \ | |
241 | mods[n]->mod_type = t; \ | |
242 | mods[n++]->mod_values = v | |
5d0a7127 | 243 | |
244 | LK_ENTRY *member_base = NULL; | |
cd9e6b16 | 245 | LK_ENTRY *sid_base = NULL; |
246 | LK_ENTRY **sid_ptr = NULL; | |
0d958b3c | 247 | static char tbl_buf[1024]; |
89db421e | 248 | char kerberos_ou[] = "OU=kerberos,OU=moira"; |
249 | char contact_ou[] = "OU=strings,OU=moira"; | |
250 | char user_ou[] = "OU=users,OU=moira"; | |
251 | char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira"; | |
252 | char group_ou_root[] = "OU=lists,OU=moira"; | |
253 | char group_ou_security[] = "OU=group,OU=lists,OU=moira"; | |
254 | char group_ou_neither[] = "OU=special,OU=lists,OU=moira"; | |
255 | char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira"; | |
5d0a7127 | 256 | char *whoami; |
cd9e6b16 | 257 | char ldap_domain[256]; |
cd9e6b16 | 258 | int mr_connections = 0; |
78af4e6e | 259 | int callback_rc; |
f78c7eaf | 260 | char default_server[256]; |
bfb6f0ad | 261 | static char tbl_buf[1024]; |
cd9e6b16 | 262 | |
f78c7eaf | 263 | extern int set_password(char *user, char *password, char *domain); |
cd9e6b16 | 264 | |
89db421e | 265 | int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name, |
266 | char *group_membership, char *MoiraId, char *attribute, | |
267 | LK_ENTRY **linklist_base, int *linklist_count, | |
268 | char *rFilter); | |
f78c7eaf | 269 | void AfsToWinAfs(char* path, char* winPath); |
270 | int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path, | |
271 | char *Win2kPassword, char *Win2kUser, char *default_server, | |
272 | int connect_to_kdc); | |
273 | void ad_kdc_disconnect(); | |
0d958b3c | 274 | void check_winad(void); |
89db421e | 275 | int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId); |
f75f605a | 276 | int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name, |
277 | char *fs_type, char *fs_pack, int operation); | |
278 | int get_group_membership(char *group_membership, char *group_ou, | |
279 | int *security_flag, char **av); | |
89db421e | 280 | int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId, |
281 | char *group_name, char *group_ou, char *group_membership, | |
282 | int group_security_flag, int type); | |
f75f605a | 283 | int process_lists(int ac, char **av, void *ptr); |
cd9e6b16 | 284 | int user_create(int ac, char **av, void *ptr); |
89db421e | 285 | int user_change_status(LDAP *ldap_handle, char *dn_path, |
286 | char *user_name, char *MoiraId, int operation); | |
287 | int user_delete(LDAP *ldap_handle, char *dn_path, | |
288 | char *u_name, char *MoiraId); | |
f75f605a | 289 | int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name, |
89db421e | 290 | char *user_name); |
f75f605a | 291 | int user_update(LDAP *ldap_handle, char *dn_path, char *user_name, |
89db421e | 292 | char *uid, char *MitId, char *MoiraId, int State); |
293 | void change_to_lower_case(char *ptr); | |
cd9e6b16 | 294 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou); |
cd9e6b16 | 295 | int group_create(int ac, char **av, void *ptr); |
f75f605a | 296 | int group_delete(LDAP *ldap_handle, char *dn_path, |
89db421e | 297 | char *group_name, char *group_membership, char *MoiraId); |
f75f605a | 298 | int group_rename(LDAP *ldap_handle, char *dn_path, |
299 | char *before_group_name, char *before_group_membership, | |
5a775f54 | 300 | char *before_group_ou, int before_security_flag, char *before_desc, |
f75f605a | 301 | char *after_group_name, char *after_group_membership, |
89db421e | 302 | char *after_group_ou, int after_security_flag, char *after_desc, |
303 | char *MoiraId, char *filter); | |
304 | int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId, | |
305 | char *group_name, char *group_ou, char *group_membership, | |
306 | int group_security_flag, int updateGroup); | |
cd9e6b16 | 307 | int member_list_build(int ac, char **av, void *ptr); |
f75f605a | 308 | int member_add(LDAP *ldap_handle, char *dn_path, char *group_name, |
309 | char *group_ou, char *group_membership, | |
89db421e | 310 | char *user_name, char *pUserOu, char *MoiraId); |
78af4e6e | 311 | int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, |
f75f605a | 312 | char *group_ou, char *group_membership, char *user_name, |
89db421e | 313 | char *pUserOu, char *MoiraId); |
314 | int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name, | |
315 | char *group_ou, char *group_membership, | |
316 | int group_security_flag, char *MoiraId); | |
cd9e6b16 | 317 | int sid_update(LDAP *ldap_handle, char *dn_path); |
318 | int check_string(char *s); | |
319 | void convert_b_to_a(char *string, UCHAR *binary, int length); | |
320 | int mr_connect_cl(char *server, char *client, int version, int auth); | |
321 | ||
f78c7eaf | 322 | void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
323 | char **before, int beforec, char **after, int afterc); | |
324 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, | |
325 | char **before, int beforec, char **after, int afterc); | |
326 | void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, | |
cd9e6b16 | 327 | char **before, int beforec, char **after, int afterc); |
5d0a7127 | 328 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 329 | char **before, int beforec, char **after, int afterc); |
330 | int linklist_create_entry(char *attribute, char *value, | |
331 | LK_ENTRY **linklist_entry); | |
5d0a7127 | 332 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 333 | char **attr_array, LK_ENTRY **linklist_base, |
334 | int *linklist_count); | |
5d0a7127 | 335 | void linklist_free(LK_ENTRY *linklist_base); |
cd9e6b16 | 336 | |
337 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
338 | char *distinguished_name, LK_ENTRY **linklist_current); | |
339 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
340 | LK_ENTRY **linklist_base, int *linklist_count); | |
341 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
342 | char *Attribute, char *distinguished_name, | |
343 | LK_ENTRY **linklist_current); | |
344 | ||
345 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
346 | char *oldValue, char *newValue, | |
347 | char ***modvalues, int type); | |
348 | void free_values(char **modvalues); | |
349 | ||
350 | int convert_domain_to_dn(char *domain, char **bind_path); | |
5d0a7127 | 351 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 352 | char *distinguished_name); |
5d0a7127 | 353 | int moira_disconnect(void); |
354 | int moira_connect(void); | |
355 | void print_to_screen(const char *fmt, ...); | |
5d0a7127 | 356 | |
357 | int main(int argc, char **argv) | |
358 | { | |
cd9e6b16 | 359 | unsigned long rc; |
360 | int beforec; | |
361 | int afterc; | |
cd9e6b16 | 362 | int i; |
cd9e6b16 | 363 | char *table; |
364 | char **before; | |
365 | char **after; | |
cd9e6b16 | 366 | LDAP *ldap_handle; |
5d0a7127 | 367 | FILE *fptr; |
f78c7eaf | 368 | char dn_path[256]; |
cd9e6b16 | 369 | |
5d0a7127 | 370 | whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]); |
cd9e6b16 | 371 | |
372 | if (argc < 4) | |
373 | { | |
374 | com_err(whoami, 0, "%s", "argc < 4"); | |
375 | exit(1); | |
376 | } | |
377 | beforec = atoi(argv[2]); | |
378 | afterc = atoi(argv[3]); | |
379 | ||
380 | if (argc < (4 + beforec + afterc)) | |
381 | { | |
382 | com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)"); | |
383 | exit(1); | |
384 | } | |
385 | ||
386 | table = argv[1]; | |
387 | before = &argv[4]; | |
388 | after = &argv[4 + beforec]; | |
389 | ||
bfb6f0ad | 390 | for (i = 1; i < argc; i++) |
0d958b3c | 391 | { |
bfb6f0ad | 392 | strcat(tbl_buf, argv[i]); |
393 | strcat(tbl_buf, " "); | |
0d958b3c | 394 | } |
bfb6f0ad | 395 | com_err(whoami, 0, "%s", tbl_buf); |
396 | ||
0d958b3c | 397 | check_winad(); |
f75f605a | 398 | |
cd9e6b16 | 399 | memset(ldap_domain, '\0', sizeof(ldap_domain)); |
f75f605a | 400 | if ((fptr = fopen(WINADCFG, "r")) != NULL) |
5d0a7127 | 401 | { |
cd9e6b16 | 402 | fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr); |
5d0a7127 | 403 | fclose(fptr); |
404 | } | |
cd9e6b16 | 405 | if (strlen(ldap_domain) == 0) |
9db0b148 | 406 | strcpy(ldap_domain, "win.mit.edu"); |
5d0a7127 | 407 | initialize_sms_error_table(); |
408 | initialize_krb_error_table(); | |
cd9e6b16 | 409 | |
f78c7eaf | 410 | memset(default_server, '\0', sizeof(default_server)); |
411 | memset(dn_path, '\0', sizeof(dn_path)); | |
89db421e | 412 | for (i = 0; i < 5; i++) |
cd9e6b16 | 413 | { |
89db421e | 414 | if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))) |
415 | break; | |
416 | sleep(2); | |
417 | } | |
418 | if (rc) | |
419 | { | |
420 | critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain); | |
cd9e6b16 | 421 | exit(1); |
422 | } | |
cd9e6b16 | 423 | |
9db0b148 | 424 | for (i = 0; i < (int)strlen(table); i++) |
425 | table[i] = tolower(table[i]); | |
5d0a7127 | 426 | if (!strcmp(table, "users")) |
f78c7eaf | 427 | do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
428 | afterc); | |
5d0a7127 | 429 | else if (!strcmp(table, "list")) |
cd9e6b16 | 430 | do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
431 | afterc); | |
5d0a7127 | 432 | else if (!strcmp(table, "imembers")) |
cd9e6b16 | 433 | do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
434 | afterc); | |
cd9e6b16 | 435 | else if (!strcmp(table, "filesys")) |
f78c7eaf | 436 | do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
437 | afterc); | |
438 | /* | |
cd9e6b16 | 439 | else if (!strcmp(table, "quota")) |
440 | do_quota(before, beforec, after, afterc); | |
441 | */ | |
f78c7eaf | 442 | |
443 | ad_kdc_disconnect(); | |
5d0a7127 | 444 | rc = ldap_unbind_s(ldap_handle); |
5d0a7127 | 445 | exit(0); |
446 | } | |
447 | ||
f78c7eaf | 448 | void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
449 | char **before, int beforec, char **after, int afterc) | |
450 | { | |
451 | long rc; | |
452 | char *av[3]; | |
453 | char *call_args[7]; | |
454 | int acreate; | |
455 | int atype; | |
456 | int bcreate; | |
457 | int btype; | |
f75f605a | 458 | int abort_flag; |
f78c7eaf | 459 | |
f75f605a | 460 | abort_flag = 0; |
f78c7eaf | 461 | |
462 | if (afterc < FS_CREATE) | |
463 | atype = acreate = 0; | |
464 | else | |
465 | { | |
466 | atype = !strcmp(after[FS_TYPE], "AFS"); | |
467 | acreate = atoi(after[FS_CREATE]); | |
468 | } | |
469 | ||
470 | if (beforec < FS_CREATE) | |
471 | { | |
472 | if (acreate == 0 || atype == 0) | |
473 | goto cleanup; | |
474 | com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]); | |
f75f605a | 475 | abort_flag = 0; |
476 | while (1) | |
477 | { | |
478 | if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME], | |
479 | after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT) | |
480 | { | |
481 | if (rc != LDAP_SUCCESS) | |
482 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
483 | break; | |
484 | } | |
485 | if (abort_flag == 1) | |
486 | break; | |
487 | sleep(1); | |
488 | abort_flag = 1; | |
489 | if (rc = moira_connect()) | |
490 | { | |
491 | critical_alert("AD incremental", | |
492 | "Error contacting Moira server : %s", | |
493 | error_message(rc)); | |
494 | return; | |
495 | } | |
496 | av[0] = after[FS_NAME]; | |
497 | call_args[0] = (char *)ldap_handle; | |
498 | call_args[1] = dn_path; | |
89db421e | 499 | call_args[2] = ""; |
f75f605a | 500 | call_args[3] = NULL; |
501 | sid_base = NULL; | |
502 | sid_ptr = &sid_base; | |
5b8457c5 | 503 | callback_rc = 0; |
f75f605a | 504 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, |
505 | call_args)) | |
506 | { | |
507 | moira_disconnect(); | |
508 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
509 | break; | |
510 | } | |
5b8457c5 | 511 | if (callback_rc) |
512 | { | |
513 | moira_disconnect(); | |
514 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
515 | break; | |
516 | } | |
f75f605a | 517 | if (sid_base != NULL) |
518 | { | |
519 | sid_update(ldap_handle, dn_path); | |
520 | linklist_free(sid_base); | |
521 | sid_base = NULL; | |
522 | } | |
523 | moira_disconnect(); | |
524 | } | |
f78c7eaf | 525 | goto cleanup; |
526 | } | |
527 | ||
528 | btype = !strcmp(before[FS_TYPE], "AFS"); | |
529 | bcreate = atoi(before[FS_CREATE]); | |
530 | if (afterc < FS_CREATE) | |
531 | { | |
532 | if (btype && bcreate) | |
533 | { | |
f75f605a | 534 | if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME], |
535 | before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE)) | |
f78c7eaf | 536 | { |
f75f605a | 537 | com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]); |
f78c7eaf | 538 | } |
539 | } | |
f75f605a | 540 | return; |
f78c7eaf | 541 | } |
542 | ||
543 | if (!acreate) | |
f75f605a | 544 | return; |
f78c7eaf | 545 | |
546 | if (!atype && !btype) | |
547 | { | |
548 | if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR")) | |
549 | { | |
f75f605a | 550 | com_err(whoami, 0, "Filesystem %s or %s is not AFS", |
551 | before[FS_NAME], after[FS_NAME]); | |
552 | return; | |
f78c7eaf | 553 | } |
554 | } | |
555 | com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]); | |
f75f605a | 556 | abort_flag = 0; |
557 | while (1) | |
558 | { | |
559 | if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME], | |
560 | after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT) | |
561 | { | |
562 | if (rc != LDAP_SUCCESS) | |
563 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
564 | break; | |
565 | } | |
566 | if (abort_flag == 1) | |
567 | break; | |
568 | sleep(1); | |
569 | abort_flag = 1; | |
570 | if (rc = moira_connect()) | |
571 | { | |
572 | critical_alert("AD incremental", | |
573 | "Error contacting Moira server : %s", | |
574 | error_message(rc)); | |
575 | return; | |
576 | } | |
577 | av[0] = after[FS_NAME]; | |
578 | call_args[0] = (char *)ldap_handle; | |
579 | call_args[1] = dn_path; | |
89db421e | 580 | call_args[2] = ""; |
f75f605a | 581 | call_args[3] = NULL; |
582 | sid_base = NULL; | |
583 | sid_ptr = &sid_base; | |
5b8457c5 | 584 | callback_rc = 0; |
f75f605a | 585 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, |
586 | call_args)) | |
587 | { | |
588 | moira_disconnect(); | |
589 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
590 | break; | |
591 | } | |
5b8457c5 | 592 | if (callback_rc) |
593 | { | |
594 | moira_disconnect(); | |
595 | com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]); | |
596 | break; | |
597 | } | |
f75f605a | 598 | if (sid_base != NULL) |
599 | { | |
600 | sid_update(ldap_handle, dn_path); | |
601 | linklist_free(sid_base); | |
602 | sid_base = NULL; | |
603 | } | |
604 | moira_disconnect(); | |
605 | } | |
606 | ||
f78c7eaf | 607 | cleanup: |
f78c7eaf | 608 | return; |
609 | } | |
89db421e | 610 | |
611 | #define L_LIST_DESC 9 | |
612 | #define L_LIST_ID 10 | |
613 | ||
cd9e6b16 | 614 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
615 | char **before, int beforec, char **after, int afterc) | |
5d0a7127 | 616 | { |
89db421e | 617 | int updateGroup; |
f75f605a | 618 | long rc; |
89db421e | 619 | char group_membership[6]; |
620 | char list_id[32]; | |
f75f605a | 621 | int security_flag; |
89db421e | 622 | char filter[128]; |
f75f605a | 623 | char group_ou[256]; |
89db421e | 624 | char before_list_id[32]; |
f75f605a | 625 | char before_group_membership[1]; |
626 | int before_security_flag; | |
627 | char before_group_ou[256]; | |
f75f605a | 628 | LK_ENTRY *ptr = NULL; |
9db0b148 | 629 | |
630 | if (beforec == 0 && afterc == 0) | |
631 | return; | |
632 | ||
89db421e | 633 | memset(list_id, '\0', sizeof(list_id)); |
634 | memset(before_list_id, '\0', sizeof(before_list_id)); | |
635 | memset(before_group_ou, '\0', sizeof(before_group_ou)); | |
636 | memset(before_group_membership, '\0', sizeof(before_group_membership)); | |
637 | memset(group_ou, '\0', sizeof(group_ou)); | |
638 | memset(group_membership, '\0', sizeof(group_membership)); | |
639 | updateGroup = 0; | |
640 | ||
641 | if (beforec > L_GID) | |
642 | { | |
643 | if (beforec < L_LIST_ID) | |
644 | return; | |
645 | if (beforec > L_LIST_DESC) | |
646 | { | |
647 | strcpy(before_list_id, before[L_LIST_ID]); | |
648 | } | |
f75f605a | 649 | before_security_flag = 0; |
f75f605a | 650 | get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before); |
651 | } | |
89db421e | 652 | if (afterc > L_GID) |
f75f605a | 653 | { |
89db421e | 654 | if (afterc < L_LIST_ID) |
655 | return; | |
656 | if (afterc > L_LIST_DESC) | |
657 | { | |
658 | strcpy(list_id, before[L_LIST_ID]); | |
659 | } | |
f75f605a | 660 | security_flag = 0; |
f75f605a | 661 | get_group_membership(group_membership, group_ou, &security_flag, after); |
662 | } | |
89db421e | 663 | |
664 | if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/ | |
f75f605a | 665 | return; |
cd9e6b16 | 666 | |
89db421e | 667 | updateGroup = 0; |
668 | if (beforec) | |
cd9e6b16 | 669 | { |
89db421e | 670 | updateGroup = 1; |
671 | if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME], | |
672 | before_group_ou, before_group_membership, | |
673 | before_security_flag, CHECK_GROUPS))) | |
674 | { | |
675 | if (rc == AD_NO_GROUPS_FOUND) | |
676 | updateGroup = 0; | |
677 | else | |
f75f605a | 678 | { |
89db421e | 679 | if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND)) |
680 | { | |
681 | rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME], | |
682 | before_group_ou, before_group_membership, | |
683 | before_security_flag, CLEANUP_GROUPS); | |
684 | } | |
685 | if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0)) | |
f75f605a | 686 | { |
89db421e | 687 | com_err(whoami, 0, "Could not change list name from %s to %s", |
688 | before[L_NAME], after[L_NAME]); | |
f75f605a | 689 | return; |
690 | } | |
89db421e | 691 | if (rc == AD_NO_GROUPS_FOUND) |
692 | updateGroup = 0; | |
693 | } | |
694 | } | |
695 | } | |
696 | ||
697 | if ((beforec != 0) && (afterc != 0)) | |
698 | { | |
699 | if (((strcmp(after[L_NAME], before[L_NAME])) || | |
700 | ((!strcmp(after[L_NAME], before[L_NAME])) && | |
701 | (strcmp(before_group_ou, group_ou)))) && | |
702 | (updateGroup == 1)) | |
703 | { | |
704 | com_err(whoami, 0, "Changing list name from %s to %s", | |
705 | before[L_NAME], after[L_NAME]); | |
706 | if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) || | |
707 | (strlen(group_ou) == 0) || (strlen(group_membership) == 0)) | |
708 | { | |
709 | com_err(whoami, 0, "%s", "couldn't find the group OU's"); | |
710 | return; | |
711 | } | |
712 | memset(filter, '\0', sizeof(filter)); | |
713 | if ((rc = group_rename(ldap_handle, dn_path, | |
714 | before[L_NAME], before_group_membership, | |
715 | before_group_ou, before_security_flag, before[L_LIST_DESC], | |
716 | after[L_NAME], group_membership, | |
717 | group_ou, security_flag, after[L_LIST_DESC], | |
718 | list_id, filter))) | |
719 | { | |
720 | if (rc != AD_NO_GROUPS_FOUND) | |
f75f605a | 721 | { |
89db421e | 722 | com_err(whoami, 0, "Could not change list name from %s to %s", |
723 | before[L_NAME], after[L_NAME]); | |
f75f605a | 724 | return; |
725 | } | |
89db421e | 726 | updateGroup = 0; |
f75f605a | 727 | } |
89db421e | 728 | beforec = 0; |
f75f605a | 729 | } |
730 | else | |
89db421e | 731 | beforec = 0; |
cd9e6b16 | 732 | } |
733 | ||
89db421e | 734 | if (beforec) |
984c91b7 | 735 | { |
f75f605a | 736 | if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0)) |
984c91b7 | 737 | { |
f75f605a | 738 | com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]); |
739 | return; | |
740 | } | |
984c91b7 | 741 | com_err(whoami, 0, "Deleting group %s", before[L_NAME]); |
89db421e | 742 | rc = group_delete(ldap_handle, dn_path, before[L_NAME], |
743 | before_group_membership, before_list_id); | |
f75f605a | 744 | return; |
5d0a7127 | 745 | } |
89db421e | 746 | if (afterc) |
5d0a7127 | 747 | { |
89db421e | 748 | if (!updateGroup) |
749 | { | |
750 | com_err(whoami, 0, "Creating group %s", after[L_NAME]); | |
751 | if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME], | |
752 | group_ou, group_membership, | |
753 | security_flag, CHECK_GROUPS)) | |
754 | { | |
755 | if (rc != AD_NO_GROUPS_FOUND) | |
756 | { | |
757 | if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND)) | |
758 | { | |
759 | rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME], | |
760 | group_ou, group_membership, | |
761 | security_flag, CLEANUP_GROUPS); | |
762 | } | |
763 | if (rc) | |
764 | { | |
765 | com_err(whoami, 0, "Could not create list %s", after[L_NAME]); | |
766 | return; | |
767 | } | |
768 | } | |
769 | } | |
770 | } | |
771 | else | |
772 | com_err(whoami, 0, "Updating group %s information", after[L_NAME]); | |
cd9e6b16 | 773 | |
f75f605a | 774 | if (rc = moira_connect()) |
775 | { | |
776 | critical_alert("AD incremental", | |
777 | "Error contacting Moira server : %s", | |
778 | error_message(rc)); | |
779 | return; | |
780 | } | |
781 | ||
89db421e | 782 | if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME], |
783 | group_ou, group_membership, security_flag, updateGroup)) | |
cd9e6b16 | 784 | { |
f75f605a | 785 | moira_disconnect(); |
f75f605a | 786 | return; |
cd9e6b16 | 787 | } |
89db421e | 788 | if (atoi(after[L_ACTIVE])) |
cd9e6b16 | 789 | { |
89db421e | 790 | populate_group(ldap_handle, dn_path, after[L_NAME], group_ou, |
791 | group_membership, security_flag, list_id); | |
cd9e6b16 | 792 | } |
f75f605a | 793 | moira_disconnect(); |
5d0a7127 | 794 | } |
f75f605a | 795 | |
796 | return; | |
5d0a7127 | 797 | } |
798 | ||
f75f605a | 799 | #define LM_EXTRA_ACTIVE (LM_END) |
800 | #define LM_EXTRA_PUBLIC (LM_END+1) | |
801 | #define LM_EXTRA_HIDDEN (LM_END+2) | |
802 | #define LM_EXTRA_MAILLIST (LM_END+3) | |
803 | #define LM_EXTRA_GROUP (LM_END+4) | |
804 | #define LM_EXTRA_GID (LM_END+5) | |
89db421e | 805 | #define LMN_LIST_ID (LM_END+6) |
806 | #define LM_LIST_ID (LM_END+7) | |
807 | #define LM_USER_ID (LM_END+8) | |
808 | #define LM_EXTRA_END (LM_END+9) | |
984c91b7 | 809 | |
5d0a7127 | 810 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 811 | char **before, int beforec, char **after, int afterc) |
5d0a7127 | 812 | { |
cd9e6b16 | 813 | char group_name[128]; |
814 | char user_name[128]; | |
9db0b148 | 815 | char user_type[128]; |
89db421e | 816 | char moira_list_id[32]; |
817 | char moira_user_id[32]; | |
f75f605a | 818 | char group_membership[1]; |
f75f605a | 819 | char group_ou[256]; |
820 | char *args[16]; | |
821 | char **ptr; | |
89db421e | 822 | char *av[7]; |
823 | char *call_args[7]; | |
f75f605a | 824 | char *pUserOu; |
89db421e | 825 | int security_flag; |
826 | int rc; | |
f75f605a | 827 | |
828 | pUserOu = NULL; | |
829 | ptr = NULL; | |
89db421e | 830 | memset(moira_list_id, '\0', sizeof(moira_list_id)); |
831 | memset(moira_user_id, '\0', sizeof(moira_user_id)); | |
5d0a7127 | 832 | if (afterc) |
833 | { | |
89db421e | 834 | if (afterc < LM_EXTRA_GID) |
f75f605a | 835 | return; |
984c91b7 | 836 | if (!atoi(after[LM_EXTRA_ACTIVE])) |
cd9e6b16 | 837 | return; |
f75f605a | 838 | ptr = after; |
89db421e | 839 | if (!strcasecmp(ptr[LM_TYPE], "LIST")) |
840 | return; | |
984c91b7 | 841 | strcpy(user_name, after[LM_MEMBER]); |
842 | strcpy(group_name, after[LM_LIST]); | |
843 | strcpy(user_type, after[LM_TYPE]); | |
89db421e | 844 | if (!strcasecmp(ptr[LM_TYPE], "USER")) |
845 | { | |
846 | if (afterc > LMN_LIST_ID) | |
847 | { | |
848 | strcpy(moira_list_id, after[LM_LIST_ID]); | |
849 | strcpy(moira_user_id, after[LM_USER_ID]); | |
850 | } | |
851 | } | |
852 | else | |
853 | { | |
854 | if (afterc > LM_EXTRA_GID) | |
855 | strcpy(moira_list_id, after[LMN_LIST_ID]); | |
856 | } | |
5d0a7127 | 857 | } |
858 | else if (beforec) | |
859 | { | |
89db421e | 860 | if (beforec < LM_EXTRA_GID) |
f75f605a | 861 | return; |
984c91b7 | 862 | if (!atoi(before[LM_EXTRA_ACTIVE])) |
9db0b148 | 863 | return; |
f75f605a | 864 | ptr = before; |
89db421e | 865 | if (!strcasecmp(ptr[LM_TYPE], "LIST")) |
866 | return; | |
984c91b7 | 867 | strcpy(user_name, before[LM_MEMBER]); |
868 | strcpy(group_name, before[LM_LIST]); | |
869 | strcpy(user_type, before[LM_TYPE]); | |
89db421e | 870 | if (!strcasecmp(ptr[LM_TYPE], "USER")) |
871 | { | |
872 | if (beforec > LMN_LIST_ID) | |
873 | { | |
874 | strcpy(moira_list_id, before[LM_LIST_ID]); | |
875 | strcpy(moira_user_id, before[LM_USER_ID]); | |
876 | } | |
877 | } | |
878 | else | |
879 | { | |
880 | if (beforec > LM_EXTRA_GID) | |
881 | strcpy(moira_list_id, before[LMN_LIST_ID]); | |
882 | } | |
5d0a7127 | 883 | } |
cd9e6b16 | 884 | |
f75f605a | 885 | if (ptr == NULL) |
886 | return; | |
887 | ||
888 | args[L_NAME] = ptr[LM_LIST]; | |
889 | args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE]; | |
890 | args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC]; | |
891 | args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN]; | |
892 | args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST]; | |
893 | args[L_GROUP] = ptr[LM_EXTRA_GROUP]; | |
894 | args[L_GID] = ptr[LM_EXTRA_GID]; | |
895 | ||
896 | security_flag = 0; | |
897 | memset(group_ou, '\0', sizeof(group_ou)); | |
898 | get_group_membership(group_membership, group_ou, &security_flag, args); | |
899 | if (strlen(group_ou) == 0) | |
cd9e6b16 | 900 | { |
f75f605a | 901 | com_err(whoami, 0, "couldn't find the group OU for group %s", group_name); |
cd9e6b16 | 902 | return; |
903 | } | |
89db421e | 904 | if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS)) |
905 | { | |
906 | if (rc != AD_NO_GROUPS_FOUND) | |
907 | { | |
908 | if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS)) | |
909 | { | |
910 | if (rc != AD_NO_GROUPS_FOUND) | |
911 | { | |
912 | if (afterc) | |
913 | com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name); | |
914 | else | |
915 | com_err(whoami, 0, "Couldn't remove %s to group %s - unable to process group", user_name, group_name); | |
916 | return; | |
917 | } | |
918 | } | |
919 | } | |
920 | } | |
921 | if (rc == AD_NO_GROUPS_FOUND) | |
922 | { | |
923 | if (rc = moira_connect()) | |
924 | { | |
925 | critical_alert("AD incremental", | |
926 | "Error contacting Moira server : %s", | |
927 | error_message(rc)); | |
928 | return; | |
929 | } | |
f75f605a | 930 | |
89db421e | 931 | com_err(whoami, 0, "creating group %s", group_name); |
932 | if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST], | |
933 | group_ou, group_membership, security_flag, 0)) | |
934 | { | |
935 | moira_disconnect(); | |
936 | return; | |
937 | } | |
938 | if (atoi(ptr[LM_EXTRA_ACTIVE])) | |
939 | { | |
940 | populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou, | |
941 | group_membership, security_flag, moira_list_id); | |
942 | } | |
943 | moira_disconnect(); | |
944 | } | |
f75f605a | 945 | rc = 0; |
946 | if (beforec) | |
947 | { | |
89db421e | 948 | com_err(whoami, 0, "removing user %s from list %s", user_name, group_name); |
f75f605a | 949 | pUserOu = user_ou; |
950 | if (!strcasecmp(ptr[LM_TYPE], "STRING")) | |
cd9e6b16 | 951 | { |
f75f605a | 952 | if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou)) |
953 | return; | |
954 | pUserOu = contact_ou; | |
955 | } | |
956 | else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS")) | |
957 | { | |
958 | if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou)) | |
959 | return; | |
960 | pUserOu = kerberos_ou; | |
961 | } | |
89db421e | 962 | if (rc = member_remove(ldap_handle, dn_path, group_name, |
963 | group_ou, group_membership, ptr[LM_MEMBER], | |
964 | pUserOu, moira_list_id)) | |
965 | com_err(whoami, 0, "couldn't remove %s to group %s", user_name, group_name); | |
966 | return; | |
f75f605a | 967 | } |
89db421e | 968 | |
969 | com_err(whoami, 0, "Adding %s to list %s", user_name, group_name); | |
970 | pUserOu = user_ou; | |
971 | if (!strcasecmp(ptr[LM_TYPE], "STRING")) | |
f75f605a | 972 | { |
89db421e | 973 | if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou)) |
f75f605a | 974 | return; |
89db421e | 975 | pUserOu = contact_ou; |
976 | } | |
977 | else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS")) | |
978 | { | |
979 | if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou)) | |
980 | return; | |
981 | pUserOu = kerberos_ou; | |
982 | } | |
983 | else if (!strcasecmp(ptr[LM_TYPE], "USER")) | |
984 | { | |
985 | if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER], | |
986 | moira_user_id)) == AD_NO_USER_FOUND) | |
f75f605a | 987 | { |
89db421e | 988 | if (rc = moira_connect()) |
989 | { | |
990 | critical_alert("AD incremental", | |
991 | "Error connection to Moira : %s", | |
992 | error_message(rc)); | |
993 | return; | |
994 | } | |
995 | com_err(whoami, 0, "creating user %s", after[U_NAME]); | |
996 | av[0] = ptr[LM_MEMBER]; | |
997 | call_args[0] = (char *)ldap_handle; | |
998 | call_args[1] = dn_path; | |
999 | call_args[2] = moira_user_id; | |
1000 | call_args[3] = NULL; | |
1001 | sid_base = NULL; | |
1002 | sid_ptr = &sid_base; | |
1003 | callback_rc = 0; | |
1004 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, | |
1005 | call_args)) | |
1006 | { | |
1007 | moira_disconnect(); | |
1008 | com_err(whoami, 0, "couldn't create user %s : %s", | |
1009 | ptr[LM_MEMBER], error_message(rc)); | |
1010 | return; | |
1011 | } | |
1012 | if (callback_rc) | |
1013 | { | |
1014 | moira_disconnect(); | |
1015 | com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]); | |
1016 | return; | |
1017 | } | |
1018 | sleep(1); | |
1019 | if (sid_base != NULL) | |
1020 | { | |
1021 | sid_update(ldap_handle, dn_path); | |
1022 | linklist_free(sid_base); | |
1023 | } | |
f75f605a | 1024 | } |
89db421e | 1025 | else |
f75f605a | 1026 | { |
89db421e | 1027 | if (rc != 0) |
f75f605a | 1028 | return; |
cd9e6b16 | 1029 | } |
89db421e | 1030 | pUserOu = user_ou; |
cd9e6b16 | 1031 | } |
89db421e | 1032 | |
1033 | if (rc = member_add(ldap_handle, dn_path, group_name, | |
1034 | group_ou, group_membership, ptr[LM_MEMBER], | |
1035 | pUserOu, moira_list_id)) | |
cd9e6b16 | 1036 | { |
89db421e | 1037 | com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name); |
f75f605a | 1038 | } |
1039 | return; | |
5d0a7127 | 1040 | } |
1041 | ||
cd9e6b16 | 1042 | |
89db421e | 1043 | #define U_USER_ID 10 |
1044 | ||
f78c7eaf | 1045 | void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
1046 | char **before, int beforec, char **after, | |
cd9e6b16 | 1047 | int afterc) |
5d0a7127 | 1048 | { |
984c91b7 | 1049 | int rc; |
89db421e | 1050 | char *av[7]; |
1051 | char after_user_id[32]; | |
1052 | char before_user_id[32]; | |
1053 | char *call_args[7]; | |
984c91b7 | 1054 | |
5b8457c5 | 1055 | if ((beforec == 0) && (afterc == 0)) |
984c91b7 | 1056 | return; |
1057 | ||
89db421e | 1058 | memset(after_user_id, '\0', sizeof(after_user_id)); |
1059 | memset(before_user_id, '\0', sizeof(before_user_id)); | |
1060 | if (beforec > U_USER_ID) | |
1061 | strcpy(before_user_id, before[U_USER_ID]); | |
1062 | if (afterc > U_USER_ID) | |
1063 | strcpy(after_user_id, after[U_USER_ID]); | |
984c91b7 | 1064 | |
89db421e | 1065 | if ((beforec == 0) && (afterc == 0)) /*this case should never happen */ |
984c91b7 | 1066 | return; |
cd9e6b16 | 1067 | |
89db421e | 1068 | if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/ |
1069 | return; /*account is first created but not usable*/ | |
f75f605a | 1070 | |
89db421e | 1071 | if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/ |
1072 | { /*is expunged*/ | |
1073 | if (atoi(before[U_STATE]) == 0) | |
cd9e6b16 | 1074 | { |
89db421e | 1075 | com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]); |
1076 | user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id); | |
cd9e6b16 | 1077 | } |
f75f605a | 1078 | return; |
5d0a7127 | 1079 | } |
f75f605a | 1080 | |
89db421e | 1081 | /*process anything that gets here*/ |
1082 | if ((rc = check_user(ldap_handle, dn_path, after[U_NAME], | |
1083 | after_user_id)) == AD_NO_USER_FOUND) | |
5d0a7127 | 1084 | { |
f75f605a | 1085 | if (rc = moira_connect()) |
1086 | { | |
1087 | critical_alert("AD incremental", | |
1088 | "Error connection to Moira : %s", | |
1089 | error_message(rc)); | |
1090 | return; | |
1091 | } | |
89db421e | 1092 | com_err(whoami, 0, "creating user %s", after[U_NAME]); |
5d0a7127 | 1093 | |
984c91b7 | 1094 | av[0] = after[U_NAME]; |
cd9e6b16 | 1095 | call_args[0] = (char *)ldap_handle; |
1096 | call_args[1] = dn_path; | |
89db421e | 1097 | call_args[2] = after_user_id; |
9db0b148 | 1098 | call_args[3] = NULL; |
cd9e6b16 | 1099 | sid_base = NULL; |
1100 | sid_ptr = &sid_base; | |
5b8457c5 | 1101 | callback_rc = 0; |
cd9e6b16 | 1102 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, |
1103 | call_args)) | |
1104 | { | |
f75f605a | 1105 | moira_disconnect(); |
89db421e | 1106 | com_err(whoami, 0, "couldn't create user %s : %s", |
f75f605a | 1107 | after[U_NAME], error_message(rc)); |
1108 | return; | |
cd9e6b16 | 1109 | } |
5b8457c5 | 1110 | if (callback_rc) |
1111 | { | |
1112 | moira_disconnect(); | |
89db421e | 1113 | com_err(whoami, 0, "couldn't create user %s", after[U_NAME]); |
5b8457c5 | 1114 | return; |
1115 | } | |
f75f605a | 1116 | sleep(1); |
cd9e6b16 | 1117 | if (sid_base != NULL) |
1118 | { | |
1119 | sid_update(ldap_handle, dn_path); | |
1120 | linklist_free(sid_base); | |
1121 | } | |
89db421e | 1122 | return; |
1123 | } | |
1124 | else | |
1125 | { | |
1126 | if (rc != 0) | |
1127 | return; | |
1128 | } | |
1129 | if (strcmp(before[U_NAME], after[U_NAME])) | |
1130 | { | |
1131 | if ((check_string(before[U_NAME])) && (check_string(after[U_NAME]))) | |
f75f605a | 1132 | { |
89db421e | 1133 | com_err(whoami, 0, "changing user %s to %s", |
1134 | before[U_NAME], after[U_NAME]); | |
1135 | if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME], | |
1136 | after[U_NAME])) != LDAP_SUCCESS) | |
f75f605a | 1137 | { |
89db421e | 1138 | return; |
f75f605a | 1139 | } |
1140 | } | |
cd9e6b16 | 1141 | } |
89db421e | 1142 | com_err(whoami, 0, "updating user %s information", after[U_NAME]); |
1143 | rc = user_update(ldap_handle, dn_path, after[U_NAME], | |
1144 | after[U_UID], after[U_MITID], | |
1145 | after_user_id, atoi(after[U_STATE])); | |
f75f605a | 1146 | return; |
5d0a7127 | 1147 | } |
1148 | ||
1149 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
cd9e6b16 | 1150 | char *oldValue, char *newValue, |
1151 | char ***modvalues, int type) | |
5d0a7127 | 1152 | { |
cd9e6b16 | 1153 | LK_ENTRY *linklist_ptr; |
1154 | int i; | |
1155 | char *cPtr; | |
5d0a7127 | 1156 | |
cd9e6b16 | 1157 | if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *))) |
1158 | == NULL) | |
1159 | { | |
1160 | return(1); | |
1161 | } | |
5d0a7127 | 1162 | for (i = 0; i < (modvalue_count + 1); i++) |
cd9e6b16 | 1163 | (*modvalues)[i] = NULL; |
5d0a7127 | 1164 | if (modvalue_count != 0) |
1165 | { | |
1166 | linklist_ptr = linklist_base; | |
1167 | for (i = 0; i < modvalue_count; i++) | |
cd9e6b16 | 1168 | { |
1169 | if ((oldValue != NULL) && (newValue != NULL)) | |
1170 | { | |
1171 | if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue)) | |
1172 | != (char *)NULL) | |
1173 | { | |
1174 | if (type == REPLACE) | |
1175 | { | |
1176 | if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1)) | |
1177 | == NULL) | |
1178 | return(1); | |
1179 | memset((*modvalues)[i], '\0', strlen(newValue) + 1); | |
1180 | strcpy((*modvalues)[i], newValue); | |
1181 | } | |
1182 | else | |
1183 | { | |
1184 | if (((*modvalues)[i] = calloc(1, | |
1185 | (int)(cPtr - linklist_ptr->value) + | |
1186 | (linklist_ptr->length - strlen(oldValue)) + | |
1187 | strlen(newValue) + 1)) == NULL) | |
1188 | return(1); | |
1189 | memset((*modvalues)[i], '\0', | |
1190 | (int)(cPtr - linklist_ptr->value) + | |
1191 | (linklist_ptr->length - strlen(oldValue)) + | |
1192 | strlen(newValue) + 1); | |
1193 | memcpy((*modvalues)[i], linklist_ptr->value, | |
1194 | (int)(cPtr - linklist_ptr->value)); | |
1195 | strcat((*modvalues)[i], newValue); | |
1196 | strcat((*modvalues)[i], | |
1197 | &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]); | |
1198 | } | |
1199 | } | |
1200 | else | |
1201 | { | |
1202 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
1203 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
1204 | memcpy((*modvalues)[i], linklist_ptr->value, | |
1205 | linklist_ptr->length); | |
1206 | } | |
1207 | } | |
1208 | else | |
1209 | { | |
1210 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
1211 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
1212 | memcpy((*modvalues)[i], linklist_ptr->value, | |
1213 | linklist_ptr->length); | |
1214 | } | |
1215 | linklist_ptr = linklist_ptr->next; | |
1216 | } | |
1217 | (*modvalues)[i] = NULL; | |
5d0a7127 | 1218 | } |
1219 | return(0); | |
1220 | } | |
1221 | ||
cd9e6b16 | 1222 | |
5d0a7127 | 1223 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 1224 | char **attr_array, LK_ENTRY **linklist_base, |
1225 | int *linklist_count) | |
5d0a7127 | 1226 | { |
cd9e6b16 | 1227 | ULONG rc; |
5d0a7127 | 1228 | LDAPMessage *ldap_entry; |
cd9e6b16 | 1229 | |
1230 | rc = 0; | |
5d0a7127 | 1231 | ldap_entry = NULL; |
1232 | (*linklist_base) = NULL; | |
1233 | (*linklist_count) = 0; | |
1234 | if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE, | |
cd9e6b16 | 1235 | search_exp, attr_array, 0, &ldap_entry)) |
5d0a7127 | 1236 | != LDAP_SUCCESS) |
1237 | return(0); | |
cd9e6b16 | 1238 | rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count); |
1239 | ||
5d0a7127 | 1240 | ldap_msgfree(ldap_entry); |
1241 | return(rc); | |
1242 | } | |
1243 | ||
cd9e6b16 | 1244 | |
5d0a7127 | 1245 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 1246 | LK_ENTRY **linklist_base, int *linklist_count) |
5d0a7127 | 1247 | { |
cd9e6b16 | 1248 | char distinguished_name[1024]; |
1249 | LK_ENTRY *linklist_ptr; | |
1250 | int rc; | |
1251 | ||
5d0a7127 | 1252 | if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL) |
1253 | return(0); | |
cd9e6b16 | 1254 | |
1255 | memset(distinguished_name, '\0', sizeof(distinguished_name)); | |
1256 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
1257 | ||
1258 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
1259 | linklist_base)) != 0) | |
5d0a7127 | 1260 | return(rc); |
cd9e6b16 | 1261 | |
5d0a7127 | 1262 | while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL) |
1263 | { | |
cd9e6b16 | 1264 | memset(distinguished_name, '\0', sizeof(distinguished_name)); |
1265 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
1266 | ||
1267 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
1268 | linklist_base)) != 0) | |
1269 | return(rc); | |
5d0a7127 | 1270 | } |
cd9e6b16 | 1271 | |
5d0a7127 | 1272 | linklist_ptr = (*linklist_base); |
1273 | (*linklist_count) = 0; | |
1274 | while (linklist_ptr != NULL) | |
1275 | { | |
1276 | ++(*linklist_count); | |
1277 | linklist_ptr = linklist_ptr->next; | |
1278 | } | |
1279 | return(0); | |
1280 | } | |
1281 | ||
1282 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
cd9e6b16 | 1283 | char *distinguished_name, LK_ENTRY **linklist_current) |
5d0a7127 | 1284 | { |
cd9e6b16 | 1285 | char *Attribute; |
1286 | BerElement *ptr; | |
1287 | ||
5d0a7127 | 1288 | ptr = NULL; |
cd9e6b16 | 1289 | if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL) |
5d0a7127 | 1290 | { |
cd9e6b16 | 1291 | retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name, |
1292 | linklist_current); | |
5d0a7127 | 1293 | ldap_memfree(Attribute); |
cd9e6b16 | 1294 | while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry, |
1295 | ptr)) != NULL) | |
1296 | { | |
1297 | retrieve_values(ldap_handle, ldap_entry, Attribute, | |
1298 | distinguished_name, linklist_current); | |
1299 | ldap_memfree(Attribute); | |
1300 | } | |
5d0a7127 | 1301 | } |
cd9e6b16 | 1302 | ldap_ber_free(ptr, 0); |
5d0a7127 | 1303 | return(0); |
1304 | } | |
1305 | ||
cd9e6b16 | 1306 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
1307 | char *Attribute, char *distinguished_name, | |
1308 | LK_ENTRY **linklist_current) | |
5d0a7127 | 1309 | { |
cd9e6b16 | 1310 | char **str_value; |
1311 | char temp[256]; | |
1312 | void **Ptr; | |
1313 | int use_bervalue; | |
1314 | LK_ENTRY *linklist_previous; | |
5d0a7127 | 1315 | LDAP_BERVAL **ber_value; |
cd9e6b16 | 1316 | DWORD ber_length; |
5d0a7127 | 1317 | #ifdef LDAP_DEBUG |
cd9e6b16 | 1318 | SID *sid; |
1319 | GUID *guid; | |
1320 | int i; | |
1321 | int intValue; | |
1322 | DWORD *subauth; | |
1323 | SID_IDENTIFIER_AUTHORITY *sid_auth; | |
1324 | unsigned char *subauth_count; | |
1325 | #endif /*LDAP_BEGUG*/ | |
5d0a7127 | 1326 | |
1327 | use_bervalue = 0; | |
1328 | memset(temp, '\0', sizeof(temp)); | |
1329 | if ((!strcmp(Attribute, "objectSid")) || | |
1330 | (!strcmp(Attribute, "objectGUID"))) | |
1331 | use_bervalue = 1; | |
cd9e6b16 | 1332 | |
5d0a7127 | 1333 | if (use_bervalue) |
1334 | { | |
1335 | ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute); | |
1336 | Ptr = (void **)ber_value; | |
1337 | str_value = NULL; | |
cd9e6b16 | 1338 | } |
5d0a7127 | 1339 | else |
1340 | { | |
1341 | str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute); | |
1342 | Ptr = (void **)str_value; | |
1343 | ber_value = NULL; | |
1344 | } | |
1345 | if (Ptr != NULL) | |
1346 | { | |
1347 | for (; *Ptr; Ptr++) | |
cd9e6b16 | 1348 | { |
1349 | if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL) | |
1350 | return(1); | |
1351 | memset(linklist_previous, '\0', sizeof(LK_ENTRY)); | |
1352 | linklist_previous->next = (*linklist_current); | |
1353 | (*linklist_current) = linklist_previous; | |
1354 | ||
1355 | if (((*linklist_current)->attribute = calloc(1, | |
1356 | strlen(Attribute) + 1)) == NULL) | |
1357 | return(1); | |
1358 | memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1); | |
1359 | strcpy((*linklist_current)->attribute, Attribute); | |
1360 | if (use_bervalue) | |
1361 | { | |
1362 | ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len; | |
1363 | if (((*linklist_current)->value = calloc(1, ber_length)) == NULL) | |
1364 | return(1); | |
1365 | memset((*linklist_current)->value, '\0', ber_length); | |
1366 | memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val, | |
1367 | ber_length); | |
1368 | (*linklist_current)->length = ber_length; | |
1369 | } | |
1370 | else | |
1371 | { | |
1372 | if (((*linklist_current)->value = calloc(1, | |
1373 | strlen(*Ptr) + 1)) == NULL) | |
1374 | return(1); | |
1375 | memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1); | |
1376 | (*linklist_current)->length = strlen(*Ptr); | |
1377 | strcpy((*linklist_current)->value, *Ptr); | |
1378 | } | |
1379 | (*linklist_current)->ber_value = use_bervalue; | |
1380 | if (((*linklist_current)->dn = calloc(1, | |
1381 | strlen(distinguished_name) + 1)) == NULL) | |
1382 | return(1); | |
1383 | memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1); | |
1384 | strcpy((*linklist_current)->dn, distinguished_name); | |
1385 | ||
5d0a7127 | 1386 | #ifdef LDAP_DEBUG |
cd9e6b16 | 1387 | if (!strcmp(Attribute, "objectGUID")) |
1388 | { | |
1389 | guid = (GUID *)((*linklist_current)->value); | |
1390 | sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", | |
1391 | guid->Data1, guid->Data2, guid->Data3, | |
1392 | guid->Data4[0], guid->Data4[1], guid->Data4[2], | |
1393 | guid->Data4[3], guid->Data4[4], guid->Data4[5], | |
1394 | guid->Data4[6], guid->Data4[7]); | |
1395 | print_to_screen(" %20s : {%s}\n", Attribute, temp); | |
1396 | } | |
1397 | else if (!strcmp(Attribute, "objectSid")) | |
1398 | { | |
1399 | sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val); | |
5d0a7127 | 1400 | #ifdef _WIN32 |
cd9e6b16 | 1401 | print_to_screen(" Revision = %d\n", sid->Revision); |
1402 | print_to_screen(" SID Identifier Authority:\n"); | |
1403 | sid_auth = &sid->IdentifierAuthority; | |
1404 | if (sid_auth->Value[0]) | |
1405 | print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n"); | |
1406 | else if (sid_auth->Value[1]) | |
1407 | print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n"); | |
1408 | else if (sid_auth->Value[2]) | |
1409 | print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n"); | |
1410 | else if (sid_auth->Value[3]) | |
1411 | print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n"); | |
1412 | else if (sid_auth->Value[5]) | |
1413 | print_to_screen(" SECURITY_NT_AUTHORITY\n"); | |
1414 | else | |
1415 | print_to_screen(" UNKNOWN SID AUTHORITY\n"); | |
1416 | subauth_count = GetSidSubAuthorityCount(sid); | |
1417 | print_to_screen(" SidSubAuthorityCount = %d\n", | |
1418 | *subauth_count); | |
1419 | print_to_screen(" SidSubAuthority:\n"); | |
1420 | for (i = 0; i < *subauth_count; i++) | |
1421 | { | |
1422 | if ((subauth = GetSidSubAuthority(sid, i)) != NULL) | |
1423 | print_to_screen(" %u\n", *subauth); | |
1424 | } | |
5d0a7127 | 1425 | #endif |
cd9e6b16 | 1426 | } |
1427 | else if ((!memcmp(Attribute, "userAccountControl", | |
1428 | strlen("userAccountControl"))) || | |
1429 | (!memcmp(Attribute, "sAMAccountType", | |
1430 | strlen("sAmAccountType")))) | |
1431 | { | |
1432 | intValue = atoi(*Ptr); | |
1433 | print_to_screen(" %20s : %ld\n",Attribute, intValue); | |
1434 | if (!memcmp(Attribute, "userAccountControl", | |
1435 | strlen("userAccountControl"))) | |
1436 | { | |
1437 | if (intValue & UF_ACCOUNTDISABLE) | |
1438 | print_to_screen(" %20s : %s\n", | |
1439 | "", "Account disabled"); | |
1440 | else | |
1441 | print_to_screen(" %20s : %s\n", | |
1442 | "", "Account active"); | |
1443 | if (intValue & UF_HOMEDIR_REQUIRED) | |
1444 | print_to_screen(" %20s : %s\n", | |
1445 | "", "Home directory required"); | |
1446 | if (intValue & UF_LOCKOUT) | |
1447 | print_to_screen(" %20s : %s\n", | |
1448 | "", "Account locked out"); | |
1449 | if (intValue & UF_PASSWD_NOTREQD) | |
1450 | print_to_screen(" %20s : %s\n", | |
1451 | "", "No password required"); | |
1452 | if (intValue & UF_PASSWD_CANT_CHANGE) | |
1453 | print_to_screen(" %20s : %s\n", | |
1454 | "", "Cannot change password"); | |
1455 | if (intValue & UF_TEMP_DUPLICATE_ACCOUNT) | |
1456 | print_to_screen(" %20s : %s\n", | |
1457 | "", "Temp duplicate account"); | |
1458 | if (intValue & UF_NORMAL_ACCOUNT) | |
1459 | print_to_screen(" %20s : %s\n", | |
1460 | "", "Normal account"); | |
1461 | if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT) | |
1462 | print_to_screen(" %20s : %s\n", | |
1463 | "", "Interdomain trust account"); | |
1464 | if (intValue & UF_WORKSTATION_TRUST_ACCOUNT) | |
1465 | print_to_screen(" %20s : %s\n", | |
1466 | "", "Workstation trust account"); | |
1467 | if (intValue & UF_SERVER_TRUST_ACCOUNT) | |
1468 | print_to_screen(" %20s : %s\n", | |
1469 | "", "Server trust account"); | |
1470 | } | |
1471 | } | |
1472 | else | |
1473 | { | |
1474 | print_to_screen(" %20s : %s\n",Attribute, *Ptr); | |
1475 | } | |
5d0a7127 | 1476 | #endif /*LDAP_DEBUG*/ |
cd9e6b16 | 1477 | } |
5d0a7127 | 1478 | if (str_value != NULL) |
cd9e6b16 | 1479 | ldap_value_free(str_value); |
5d0a7127 | 1480 | if (ber_value != NULL) |
cd9e6b16 | 1481 | ldap_value_free_len(ber_value); |
5d0a7127 | 1482 | } |
1483 | (*linklist_current) = linklist_previous; | |
1484 | return(0); | |
1485 | } | |
1486 | ||
5d0a7127 | 1487 | int moira_connect(void) |
1488 | { | |
cd9e6b16 | 1489 | long rc; |
1490 | char HostName[64]; | |
1491 | ||
5d0a7127 | 1492 | if (!mr_connections++) |
1493 | { | |
1494 | #ifdef _WIN32 | |
1495 | memset(HostName, '\0', sizeof(HostName)); | |
1496 | strcpy(HostName, "ttsp"); | |
cd9e6b16 | 1497 | rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1); |
1498 | /*det | |
5d0a7127 | 1499 | rc = mr_connect(HostName); |
cd9e6b16 | 1500 | */ |
5d0a7127 | 1501 | #else |
1502 | struct utsname uts; | |
1503 | uname(&uts); | |
cd9e6b16 | 1504 | rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1); |
1505 | /* | |
5d0a7127 | 1506 | rc = mr_connect(uts.nodename); |
cd9e6b16 | 1507 | */ |
5d0a7127 | 1508 | #endif /*WIN32*/ |
cd9e6b16 | 1509 | /*det |
5d0a7127 | 1510 | if (!rc) |
cd9e6b16 | 1511 | rc = mr_auth("winad.incr"); |
1512 | */ | |
5d0a7127 | 1513 | return rc; |
1514 | } | |
1515 | return 0; | |
1516 | } | |
1517 | ||
0d958b3c | 1518 | void check_winad(void) |
1519 | { | |
1520 | int i; | |
1521 | ||
1522 | for (i = 0; file_exists(STOP_FILE); i++) | |
1523 | { | |
1524 | if (i > 30) | |
1525 | { | |
f75f605a | 1526 | critical_alert("AD incremental", |
f78c7eaf | 1527 | "WINAD incremental failed (%s exists): %s", |
1528 | STOP_FILE, tbl_buf); | |
1529 | exit(1); | |
1530 | } | |
0d958b3c | 1531 | sleep(60); |
1532 | } | |
1533 | } | |
1534 | ||
5d0a7127 | 1535 | int moira_disconnect(void) |
1536 | { | |
5d0a7127 | 1537 | |
cd9e6b16 | 1538 | if (!--mr_connections) |
5d0a7127 | 1539 | { |
cd9e6b16 | 1540 | mr_disconnect(); |
5d0a7127 | 1541 | } |
cd9e6b16 | 1542 | return 0; |
5d0a7127 | 1543 | } |
1544 | ||
5d0a7127 | 1545 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 1546 | char *distinguished_name) |
5d0a7127 | 1547 | { |
cd9e6b16 | 1548 | char *CName; |
1549 | ||
5d0a7127 | 1550 | CName = ldap_get_dn(ldap_handle, ldap_entry); |
1551 | if (CName == NULL) | |
1552 | return; | |
1553 | strcpy(distinguished_name, CName); | |
1554 | ldap_memfree(CName); | |
1555 | } | |
1556 | ||
1557 | int linklist_create_entry(char *attribute, char *value, | |
cd9e6b16 | 1558 | LK_ENTRY **linklist_entry) |
5d0a7127 | 1559 | { |
1560 | (*linklist_entry) = calloc(1, sizeof(LK_ENTRY)); | |
1561 | if (!(*linklist_entry)) | |
1562 | { | |
1563 | return(1); | |
1564 | } | |
1565 | memset((*linklist_entry), '\0', sizeof(LK_ENTRY)); | |
1566 | (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1); | |
1567 | memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1); | |
1568 | strcpy((*linklist_entry)->attribute, attribute); | |
1569 | (*linklist_entry)->value = calloc(1, strlen(value) + 1); | |
1570 | memset((*linklist_entry)->value, '\0', strlen(value) + 1); | |
1571 | strcpy((*linklist_entry)->value, value); | |
1572 | (*linklist_entry)->length = strlen(value); | |
1573 | (*linklist_entry)->next = NULL; | |
1574 | return(0); | |
1575 | } | |
1576 | ||
1577 | void print_to_screen(const char *fmt, ...) | |
1578 | { | |
1579 | va_list pvar; | |
cd9e6b16 | 1580 | |
5d0a7127 | 1581 | va_start(pvar, fmt); |
1582 | vfprintf(stderr, fmt, pvar); | |
1583 | fflush(stderr); | |
1584 | va_end(pvar); | |
1585 | } | |
cd9e6b16 | 1586 | |
1587 | int get_group_membership(char *group_membership, char *group_ou, | |
1588 | int *security_flag, char **av) | |
1589 | { | |
1590 | int maillist_flag; | |
1591 | int group_flag; | |
1592 | ||
1593 | maillist_flag = atoi(av[L_MAILLIST]); | |
1594 | group_flag = atoi(av[L_GROUP]); | |
1595 | if (security_flag != NULL) | |
1596 | (*security_flag) = 0; | |
1597 | ||
1598 | if ((maillist_flag) && (group_flag)) | |
1599 | { | |
1600 | if (group_membership != NULL) | |
1601 | group_membership[0] = 'B'; | |
1602 | if (security_flag != NULL) | |
1603 | (*security_flag) = 1; | |
1604 | if (group_ou != NULL) | |
1605 | strcpy(group_ou, group_ou_both); | |
1606 | } | |
1607 | else if ((!maillist_flag) && (group_flag)) | |
1608 | { | |
1609 | if (group_membership != NULL) | |
1610 | group_membership[0] = 'S'; | |
1611 | if (security_flag != NULL) | |
1612 | (*security_flag) = 1; | |
1613 | if (group_ou != NULL) | |
1614 | strcpy(group_ou, group_ou_security); | |
1615 | } | |
1616 | else if ((maillist_flag) && (!group_flag)) | |
1617 | { | |
1618 | if (group_membership != NULL) | |
1619 | group_membership[0] = 'D'; | |
1620 | if (group_ou != NULL) | |
1621 | strcpy(group_ou, group_ou_distribution); | |
1622 | } | |
1623 | else | |
1624 | { | |
1625 | if (group_membership != NULL) | |
1626 | group_membership[0] = 'N'; | |
1627 | if (group_ou != NULL) | |
1628 | strcpy(group_ou, group_ou_neither); | |
1629 | } | |
1630 | return(0); | |
1631 | } | |
1632 | ||
f75f605a | 1633 | int group_rename(LDAP *ldap_handle, char *dn_path, |
1634 | char *before_group_name, char *before_group_membership, | |
5a775f54 | 1635 | char *before_group_ou, int before_security_flag, char *before_desc, |
f75f605a | 1636 | char *after_group_name, char *after_group_membership, |
89db421e | 1637 | char *after_group_ou, int after_security_flag, char *after_desc, |
1638 | char *MoiraId, char *filter) | |
9db0b148 | 1639 | { |
1640 | LDAPMod *mods[20]; | |
1641 | char old_dn[512]; | |
1642 | char new_dn[512]; | |
78af4e6e | 1643 | char new_dn_path[512]; |
78af4e6e | 1644 | char sam_name[256]; |
9db0b148 | 1645 | char *attr_array[3]; |
89db421e | 1646 | char *mitMoiraId_v[] = {NULL, NULL}; |
9db0b148 | 1647 | char *name_v[] = {NULL, NULL}; |
5a775f54 | 1648 | char *desc_v[] = {NULL, NULL}; |
78af4e6e | 1649 | char *samAccountName_v[] = {NULL, NULL}; |
c76c595a | 1650 | char *groupTypeControl_v[] = {NULL, NULL}; |
1651 | u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP; | |
1652 | char groupTypeControlStr[80]; | |
9db0b148 | 1653 | int n; |
1654 | int i; | |
1655 | int rc; | |
9db0b148 | 1656 | LK_ENTRY *group_base; |
1657 | int group_count; | |
9db0b148 | 1658 | |
f75f605a | 1659 | if (!check_string(before_group_name)) |
78af4e6e | 1660 | { |
f75f605a | 1661 | com_err(whoami, 0, "invalid LDAP list name %s", before_group_name); |
89db421e | 1662 | return(AD_INVALID_NAME); |
78af4e6e | 1663 | } |
f75f605a | 1664 | if (!check_string(after_group_name)) |
78af4e6e | 1665 | { |
f75f605a | 1666 | com_err(whoami, 0, "invalid LDAP list name %s", after_group_name); |
89db421e | 1667 | return(AD_INVALID_NAME); |
1668 | } | |
1669 | ||
1670 | group_count = 0; | |
1671 | group_base = NULL; | |
1672 | if (rc = ad_get_group(ldap_handle, dn_path, before_group_name, | |
1673 | before_group_membership, | |
1674 | MoiraId, "distinguishedName", &group_base, | |
1675 | &group_count, filter)) | |
1676 | return(rc); | |
1677 | ||
1678 | if (group_count == 0) | |
1679 | { | |
1680 | return(AD_NO_GROUPS_FOUND); | |
1681 | } | |
1682 | if (group_count != 1) | |
1683 | { | |
1684 | com_err(whoami, 0, | |
1685 | "multiple groups with MoiraId = %s exist in the AD", | |
1686 | MoiraId); | |
1687 | return(AD_MULTIPLE_GROUPS_FOUND); | |
78af4e6e | 1688 | } |
89db421e | 1689 | strcpy(old_dn, group_base->value); |
78af4e6e | 1690 | |
89db421e | 1691 | linklist_free(group_base); |
1692 | group_base = NULL; | |
1693 | group_count = 0; | |
1694 | attr_array[0] = "sAMAccountName"; | |
9db0b148 | 1695 | attr_array[1] = NULL; |
89db421e | 1696 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, |
9db0b148 | 1697 | &group_base, &group_count)) != 0) |
1698 | { | |
f75f605a | 1699 | com_err(whoami, 0, "LDAP server unable to get list %s dn : %s", |
1700 | after_group_name, ldap_err2string(rc)); | |
1701 | return(rc); | |
9db0b148 | 1702 | } |
1703 | if (group_count != 1) | |
1704 | { | |
89db421e | 1705 | com_err(whoami, 0, |
1706 | "Unable to get sAMAccountName for group %s", | |
1707 | before_group_name); | |
1708 | return(AD_LDAP_FAILURE); | |
9db0b148 | 1709 | } |
89db421e | 1710 | |
1711 | strcpy(sam_name, group_base->value); | |
9db0b148 | 1712 | linklist_free(group_base); |
1713 | group_base = NULL; | |
1714 | group_count = 0; | |
1715 | ||
f75f605a | 1716 | sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path); |
1717 | sprintf(new_dn, "cn=%s", after_group_name); | |
1718 | if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path, | |
78af4e6e | 1719 | TRUE, NULL, NULL)) != LDAP_SUCCESS) |
1720 | { | |
f75f605a | 1721 | com_err(whoami, 0, "Couldn't rename list from %s to %s : %s", |
89db421e | 1722 | before_group_name, after_group_name, ldap_err2string(rc)); |
f75f605a | 1723 | return(rc); |
78af4e6e | 1724 | } |
9db0b148 | 1725 | |
f75f605a | 1726 | name_v[0] = after_group_name; |
89db421e | 1727 | if (!strncmp(&sam_name[strlen(sam_name) - strlen("_zZxc")], "_zZx", strlen("_zZx"))) |
1728 | { | |
1729 | sprintf(sam_name, "%s_zZx%c", after_group_name, after_group_membership[0]); | |
1730 | } | |
1731 | else if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group"))) | |
1732 | { | |
1733 | sprintf(sam_name, "%s_group", after_group_name); | |
1734 | } | |
1735 | else | |
1736 | { | |
1737 | com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found", | |
1738 | before_group_name, after_group_name); | |
1739 | return(rc); | |
1740 | } | |
78af4e6e | 1741 | samAccountName_v[0] = sam_name; |
c76c595a | 1742 | if (after_security_flag) |
1743 | groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED; | |
1744 | sprintf(groupTypeControlStr, "%ld", groupTypeControl); | |
1745 | groupTypeControl_v[0] = groupTypeControlStr; | |
9db0b148 | 1746 | n = 0; |
5a775f54 | 1747 | ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE); |
9db0b148 | 1748 | ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE); |
89db421e | 1749 | desc_v[0] = after_desc; |
5a775f54 | 1750 | if (strlen(after_desc) == 0) |
1751 | desc_v[0] = NULL; | |
1752 | ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE); | |
89db421e | 1753 | mitMoiraId_v[0] = MoiraId; |
1754 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE); | |
c76c595a | 1755 | ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE); |
9db0b148 | 1756 | mods[n] = NULL; |
f75f605a | 1757 | sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path); |
1758 | if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS) | |
78af4e6e | 1759 | { |
f75f605a | 1760 | com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s", |
1761 | after_group_name, ldap_err2string(rc)); | |
78af4e6e | 1762 | } |
9db0b148 | 1763 | for (i = 0; i < n; i++) |
1764 | free(mods[i]); | |
f75f605a | 1765 | return(rc); |
9db0b148 | 1766 | } |
1767 | ||
cd9e6b16 | 1768 | int group_create(int ac, char **av, void *ptr) |
1769 | { | |
1770 | LDAPMod *mods[20]; | |
5b8457c5 | 1771 | LK_ENTRY *group_base; |
cd9e6b16 | 1772 | char new_dn[256]; |
1773 | char group_ou[256]; | |
1774 | char new_group_name[256]; | |
1775 | char sam_group_name[256]; | |
1776 | char cn_group_name[256]; | |
1777 | char *cn_v[] = {NULL, NULL}; | |
1778 | char *objectClass_v[] = {"top", "group", NULL}; | |
1779 | char info[256]; | |
1780 | char *samAccountName_v[] = {NULL, NULL}; | |
1781 | char *managedBy_v[] = {NULL, NULL}; | |
1782 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
89db421e | 1783 | char *member_v[] = {NULL, NULL}; |
cd9e6b16 | 1784 | char *name_v[] = {NULL, NULL}; |
1785 | char *desc_v[] = {NULL, NULL}; | |
1786 | char *info_v[] = {NULL, NULL}; | |
89db421e | 1787 | char *mitMoiraId_v[] = {NULL, NULL}; |
cd9e6b16 | 1788 | char *groupTypeControl_v[] = {NULL, NULL}; |
1789 | char groupTypeControlStr[80]; | |
1790 | char group_membership[1]; | |
1791 | int i; | |
1792 | int security_flag; | |
1793 | u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP; | |
1794 | int n; | |
1795 | int rc; | |
5b8457c5 | 1796 | int group_count; |
89db421e | 1797 | int updateGroup; |
1798 | char filter[128]; | |
cd9e6b16 | 1799 | char *attr_array[3]; |
1800 | char **call_args; | |
1801 | ||
1802 | call_args = ptr; | |
1803 | ||
cd9e6b16 | 1804 | if (!check_string(av[L_NAME])) |
78af4e6e | 1805 | { |
f75f605a | 1806 | com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]); |
89db421e | 1807 | return(AD_INVALID_NAME); |
78af4e6e | 1808 | } |
f75f605a | 1809 | |
89db421e | 1810 | updateGroup = (int)call_args[4]; |
cd9e6b16 | 1811 | memset(group_ou, 0, sizeof(group_ou)); |
1812 | memset(group_membership, 0, sizeof(group_membership)); | |
1813 | security_flag = 0; | |
1814 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
89db421e | 1815 | strcpy(new_group_name, av[L_NAME]); |
1816 | sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]); | |
cd9e6b16 | 1817 | if (security_flag) |
1818 | groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED; | |
89db421e | 1819 | |
1820 | sprintf(sam_group_name, "%s_group", av[L_NAME]); | |
cd9e6b16 | 1821 | |
89db421e | 1822 | if (!updateGroup) |
1823 | { | |
cd9e6b16 | 1824 | |
89db421e | 1825 | sprintf(groupTypeControlStr, "%ld", groupTypeControl); |
1826 | groupTypeControl_v[0] = groupTypeControlStr; | |
cd9e6b16 | 1827 | |
89db421e | 1828 | strcpy(cn_group_name, av[L_NAME]); |
cd9e6b16 | 1829 | |
89db421e | 1830 | samAccountName_v[0] = sam_group_name; |
1831 | name_v[0] = new_group_name; | |
1832 | cn_v[0] = new_group_name; | |
cd9e6b16 | 1833 | |
89db421e | 1834 | n = 0; |
1835 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
1836 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1837 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
1838 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1839 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1840 | if (strlen(av[L_DESC]) != 0) | |
1841 | { | |
1842 | desc_v[0] = av[L_DESC]; | |
1843 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1844 | } | |
1845 | ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD); | |
1846 | if (strlen(av[L_ACE_NAME]) != 0) | |
1847 | { | |
1848 | sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]); | |
1849 | info_v[0] = info; | |
1850 | ADD_ATTR("info", info_v, LDAP_MOD_ADD); | |
1851 | } | |
1852 | if (strlen(call_args[5]) != 0) | |
1853 | { | |
1854 | mitMoiraId_v[0] = call_args[5]; | |
1855 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD); | |
1856 | } | |
1857 | mods[n] = NULL; | |
1858 | ||
1859 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
1860 | ||
1861 | for (i = 0; i < n; i++) | |
1862 | free(mods[i]); | |
1863 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
1864 | { | |
1865 | com_err(whoami, 0, "Unable to create/update list %s in AD : %s", | |
1866 | av[L_NAME], ldap_err2string(rc)); | |
1867 | callback_rc = rc; | |
1868 | return(rc); | |
1869 | } | |
78af4e6e | 1870 | } |
89db421e | 1871 | if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup)) |
5a775f54 | 1872 | { |
1873 | n = 0; | |
89db421e | 1874 | desc_v[0] = NULL; |
1875 | if (strlen(av[L_DESC]) != 0) | |
1876 | desc_v[0] = av[L_DESC]; | |
5a775f54 | 1877 | ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE); |
89db421e | 1878 | info_v[0] = NULL; |
1879 | if (strlen(av[L_ACE_NAME]) != 0) | |
1880 | { | |
1881 | sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]); | |
1882 | info_v[0] = info; | |
1883 | } | |
1884 | ADD_ATTR("info", info_v, LDAP_MOD_REPLACE); | |
1885 | if (strlen(call_args[5]) != 0) | |
1886 | { | |
1887 | mitMoiraId_v[0] = call_args[5]; | |
1888 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE); | |
1889 | } | |
1890 | if (!(atoi(av[L_ACTIVE]))) | |
1891 | { | |
1892 | member_v[0] = NULL; | |
1893 | ADD_ATTR("member", member_v, LDAP_MOD_REPLACE); | |
1894 | } | |
5a775f54 | 1895 | mods[n] = NULL; |
1896 | rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods); | |
1897 | for (i = 0; i < n; i++) | |
1898 | free(mods[i]); | |
1899 | } | |
89db421e | 1900 | |
1901 | sprintf(filter, "(sAMAccountName=%s)", sam_group_name); | |
1902 | if (strlen(call_args[5]) != 0) | |
1903 | sprintf(filter, "(mitMoiraId=%s)", call_args[5]); | |
cd9e6b16 | 1904 | attr_array[0] = "objectSid"; |
1905 | attr_array[1] = NULL; | |
5b8457c5 | 1906 | group_count = 0; |
1907 | group_base = NULL; | |
89db421e | 1908 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array, |
5b8457c5 | 1909 | &group_base, &group_count)) == LDAP_SUCCESS) |
cd9e6b16 | 1910 | { |
5b8457c5 | 1911 | if (group_count == 1) |
cd9e6b16 | 1912 | { |
5b8457c5 | 1913 | (*sid_ptr) = group_base; |
cd9e6b16 | 1914 | (*sid_ptr)->member = strdup(av[L_NAME]); |
1915 | (*sid_ptr)->type = (char *)GROUPS; | |
1916 | sid_ptr = &(*sid_ptr)->next; | |
1917 | } | |
5b8457c5 | 1918 | else |
1919 | { | |
1920 | if (group_base != NULL) | |
1921 | linklist_free(group_base); | |
1922 | } | |
cd9e6b16 | 1923 | } |
5b8457c5 | 1924 | else |
1925 | { | |
1926 | if (group_base != NULL) | |
1927 | linklist_free(group_base); | |
1928 | } | |
1929 | return(LDAP_SUCCESS); | |
cd9e6b16 | 1930 | } |
1931 | ||
89db421e | 1932 | int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name, |
1933 | char *group_membership, char *MoiraId) | |
cd9e6b16 | 1934 | { |
1935 | LK_ENTRY *group_base; | |
f75f605a | 1936 | char temp[512]; |
89db421e | 1937 | char filter[128]; |
cd9e6b16 | 1938 | int group_count; |
1939 | int rc; | |
1940 | ||
f75f605a | 1941 | if (!check_string(group_name)) |
78af4e6e | 1942 | { |
f75f605a | 1943 | com_err(whoami, 0, "invalid LDAP list name %s", group_name); |
89db421e | 1944 | return(AD_INVALID_NAME); |
78af4e6e | 1945 | } |
89db421e | 1946 | |
1947 | memset(filter, '\0', sizeof(filter)); | |
cd9e6b16 | 1948 | group_count = 0; |
1949 | group_base = NULL; | |
cd9e6b16 | 1950 | sprintf(temp, "%s,%s", group_ou_root, dn_path); |
89db421e | 1951 | if (rc = ad_get_group(ldap_handle, temp, group_name, |
1952 | group_membership, MoiraId, | |
1953 | "distinguishedName", &group_base, | |
1954 | &group_count, filter)) | |
1955 | return(rc); | |
1956 | ||
cd9e6b16 | 1957 | if (group_count == 1) |
78af4e6e | 1958 | { |
1959 | if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS) | |
1960 | { | |
f75f605a | 1961 | linklist_free(group_base); |
1962 | com_err(whoami, 0, "Unable to delete list %s from AD : %s", | |
1963 | group_name, ldap_err2string(rc)); | |
89db421e | 1964 | return(rc); |
78af4e6e | 1965 | } |
f75f605a | 1966 | linklist_free(group_base); |
78af4e6e | 1967 | } |
1968 | else | |
1969 | { | |
f75f605a | 1970 | linklist_free(group_base); |
1971 | com_err(whoami, 0, "Unable to find list %s in AD.", group_name); | |
89db421e | 1972 | return(AD_NO_GROUPS_FOUND); |
78af4e6e | 1973 | } |
f75f605a | 1974 | |
78af4e6e | 1975 | return(0); |
cd9e6b16 | 1976 | } |
1977 | ||
f75f605a | 1978 | int process_lists(int ac, char **av, void *ptr) |
cd9e6b16 | 1979 | { |
f75f605a | 1980 | int rc; |
1981 | int security_flag; | |
1982 | char group_ou[256]; | |
1983 | char group_membership[2]; | |
1984 | char **call_args; | |
cd9e6b16 | 1985 | |
1986 | call_args = ptr; | |
1987 | ||
f75f605a | 1988 | security_flag = 0; |
1989 | memset(group_ou, '\0', sizeof(group_ou)); | |
1990 | memset(group_membership, '\0', sizeof(group_membership)); | |
1991 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
1992 | rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME], | |
89db421e | 1993 | group_ou, group_membership, call_args[2], |
1994 | (char *)call_args[3], ""); | |
cd9e6b16 | 1995 | return(0); |
1996 | } | |
1997 | ||
1998 | int member_list_build(int ac, char **av, void *ptr) | |
1999 | { | |
2000 | LK_ENTRY *linklist; | |
78af4e6e | 2001 | char temp[1024]; |
cd9e6b16 | 2002 | char **call_args; |
2003 | ||
2004 | call_args = ptr; | |
2005 | ||
2006 | strcpy(temp, av[ACE_NAME]); | |
2007 | if (!check_string(temp)) | |
2008 | return(0); | |
f78c7eaf | 2009 | if (!strcmp(av[ACE_TYPE], "USER")) |
cd9e6b16 | 2010 | { |
f75f605a | 2011 | if (!((int)call_args[3] & MOIRA_USERS)) |
f78c7eaf | 2012 | return(0); |
2013 | } | |
2014 | else if (!strcmp(av[ACE_TYPE], "STRING")) | |
2015 | { | |
f75f605a | 2016 | if (!((int)call_args[3] & MOIRA_STRINGS)) |
f78c7eaf | 2017 | return(0); |
2018 | if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou)) | |
2019 | return(0); | |
cd9e6b16 | 2020 | } |
2021 | else if (!strcmp(av[ACE_TYPE], "LIST")) | |
2022 | { | |
f75f605a | 2023 | if (!((int)call_args[3] & MOIRA_LISTS)) |
f78c7eaf | 2024 | return(0); |
cd9e6b16 | 2025 | } |
f78c7eaf | 2026 | else if (!strcmp(av[ACE_TYPE], "KERBEROS")) |
cd9e6b16 | 2027 | { |
f75f605a | 2028 | if (!((int)call_args[3] & MOIRA_KERBEROS)) |
f78c7eaf | 2029 | return(0); |
2030 | if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou)) | |
2031 | return(0); | |
cd9e6b16 | 2032 | } |
f78c7eaf | 2033 | else |
2034 | return(0); | |
2035 | ||
cd9e6b16 | 2036 | linklist = member_base; |
2037 | while (linklist) | |
2038 | { | |
2039 | if (!strcasecmp(temp, linklist->member)) | |
2040 | return(0); | |
2041 | linklist = linklist->next; | |
2042 | } | |
2043 | linklist = calloc(1, sizeof(LK_ENTRY)); | |
2044 | linklist->op = 1; | |
2045 | linklist->dn = NULL; | |
2046 | linklist->list = calloc(1, strlen(call_args[2]) + 1); | |
2047 | strcpy(linklist->list, call_args[2]); | |
2048 | linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1); | |
2049 | strcpy(linklist->type, av[ACE_TYPE]); | |
2050 | linklist->member = calloc(1, strlen(temp) + 1); | |
2051 | strcpy(linklist->member, temp); | |
2052 | linklist->next = member_base; | |
2053 | member_base = linklist; | |
2054 | return(0); | |
2055 | } | |
2056 | ||
78af4e6e | 2057 | int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, |
f75f605a | 2058 | char *group_ou, char *group_membership, char *user_name, |
89db421e | 2059 | char *UserOu, char *MoiraId) |
78af4e6e | 2060 | { |
2061 | char distinguished_name[1024]; | |
f75f605a | 2062 | char *modvalues[2]; |
78af4e6e | 2063 | char temp[256]; |
89db421e | 2064 | char filter[128]; |
78af4e6e | 2065 | int group_count; |
2066 | int i; | |
2067 | int n; | |
2068 | LDAPMod *mods[20]; | |
2069 | LK_ENTRY *group_base; | |
2070 | ULONG rc; | |
2071 | ||
2072 | if (!check_string(group_name)) | |
89db421e | 2073 | return(AD_INVALID_NAME); |
2074 | ||
2075 | memset(filter, '\0', sizeof(filter)); | |
2076 | group_base = NULL; | |
2077 | group_count = 0; | |
2078 | if (rc = ad_get_group(ldap_handle, dn_path, group_name, | |
2079 | group_membership, MoiraId, | |
2080 | "distinguishedName", &group_base, | |
2081 | &group_count, filter)) | |
2082 | return(rc); | |
2083 | ||
78af4e6e | 2084 | if (group_count != 1) |
2085 | { | |
f75f605a | 2086 | com_err(whoami, 0, "LDAP server unable to find list %s in AD", |
2087 | group_name); | |
2088 | linklist_free(group_base); | |
2089 | group_base = NULL; | |
2090 | group_count = 0; | |
78af4e6e | 2091 | goto cleanup; |
2092 | } | |
2093 | strcpy(distinguished_name, group_base->value); | |
2094 | linklist_free(group_base); | |
2095 | group_base = NULL; | |
2096 | group_count = 0; | |
78af4e6e | 2097 | |
f75f605a | 2098 | sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path); |
2099 | modvalues[0] = temp; | |
2100 | modvalues[1] = NULL; | |
2101 | ||
2102 | n = 0; | |
2103 | ADD_ATTR("member", modvalues, LDAP_MOD_DELETE); | |
2104 | mods[n] = NULL; | |
2105 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
2106 | for (i = 0; i < n; i++) | |
2107 | free(mods[i]); | |
89db421e | 2108 | if ((!strcmp(UserOu, kerberos_ou)) || (!strcmp(UserOu, contact_ou))) |
2109 | { | |
2110 | if (rc == LDAP_UNWILLING_TO_PERFORM) | |
2111 | rc = LDAP_SUCCESS; | |
2112 | } | |
f75f605a | 2113 | if (rc != LDAP_SUCCESS) |
78af4e6e | 2114 | { |
f75f605a | 2115 | com_err(whoami, 0, "LDAP server unable to modify list %s members : %s", |
2116 | group_name, ldap_err2string(rc)); | |
2117 | goto cleanup; | |
78af4e6e | 2118 | } |
2119 | ||
2120 | cleanup: | |
78af4e6e | 2121 | return(rc); |
2122 | } | |
2123 | ||
f75f605a | 2124 | int member_add(LDAP *ldap_handle, char *dn_path, char *group_name, |
89db421e | 2125 | char *group_ou, char *group_membership, char *user_name, |
2126 | char *UserOu, char *MoiraId) | |
cd9e6b16 | 2127 | { |
2128 | char distinguished_name[1024]; | |
f75f605a | 2129 | char *modvalues[2]; |
cd9e6b16 | 2130 | char temp[256]; |
89db421e | 2131 | char filter[128]; |
cd9e6b16 | 2132 | int group_count; |
cd9e6b16 | 2133 | int n; |
f75f605a | 2134 | int i; |
cd9e6b16 | 2135 | LDAPMod *mods[20]; |
2136 | LK_ENTRY *group_base; | |
cd9e6b16 | 2137 | ULONG rc; |
2138 | ||
89db421e | 2139 | if (!check_string(group_name)) |
2140 | return(AD_INVALID_NAME); | |
2141 | ||
cd9e6b16 | 2142 | rc = 0; |
89db421e | 2143 | memset(filter, '\0', sizeof(filter)); |
cd9e6b16 | 2144 | group_base = NULL; |
2145 | group_count = 0; | |
89db421e | 2146 | if (rc = ad_get_group(ldap_handle, dn_path, group_name, |
2147 | group_membership, MoiraId, | |
2148 | "distinguishedName", &group_base, | |
2149 | &group_count, filter)) | |
2150 | return(rc); | |
cd9e6b16 | 2151 | |
cd9e6b16 | 2152 | if (group_count != 1) |
2153 | { | |
f75f605a | 2154 | linklist_free(group_base); |
2155 | group_base = NULL; | |
2156 | group_count = 0; | |
2157 | com_err(whoami, 0, "LDAP server unable to find list %s in AD", | |
2158 | group_name); | |
89db421e | 2159 | return(AD_MULTIPLE_GROUPS_FOUND); |
cd9e6b16 | 2160 | } |
f75f605a | 2161 | |
cd9e6b16 | 2162 | strcpy(distinguished_name, group_base->value); |
2163 | linklist_free(group_base); | |
2164 | group_base = NULL; | |
2165 | group_count = 0; | |
2166 | ||
f75f605a | 2167 | sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path); |
2168 | modvalues[0] = temp; | |
2169 | modvalues[1] = NULL; | |
cd9e6b16 | 2170 | |
f75f605a | 2171 | n = 0; |
2172 | ADD_ATTR("member", modvalues, LDAP_MOD_ADD); | |
2173 | mods[n] = NULL; | |
2174 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
2175 | if (rc == LDAP_ALREADY_EXISTS) | |
2176 | rc = LDAP_SUCCESS; | |
89db421e | 2177 | if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou))) |
2178 | { | |
2179 | if (rc == LDAP_UNWILLING_TO_PERFORM) | |
2180 | rc = LDAP_SUCCESS; | |
2181 | } | |
f75f605a | 2182 | for (i = 0; i < n; i++) |
2183 | free(mods[i]); | |
2184 | if (rc != LDAP_SUCCESS) | |
cd9e6b16 | 2185 | { |
89db421e | 2186 | com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s", |
2187 | user_name, group_name, ldap_err2string(rc)); | |
cd9e6b16 | 2188 | } |
2189 | ||
f75f605a | 2190 | return(rc); |
cd9e6b16 | 2191 | } |
2192 | ||
2193 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou) | |
2194 | { | |
2195 | LDAPMod *mods[20]; | |
2196 | char new_dn[256]; | |
2197 | char cn_user_name[256]; | |
2198 | char contact_name[256]; | |
f78c7eaf | 2199 | char *email_v[] = {NULL, NULL}; |
cd9e6b16 | 2200 | char *cn_v[] = {NULL, NULL}; |
2201 | char *contact_v[] = {NULL, NULL}; | |
2202 | char *objectClass_v[] = {"top", "person", | |
2203 | "organizationalPerson", | |
2204 | "contact", NULL}; | |
2205 | char *name_v[] = {NULL, NULL}; | |
2206 | char *desc_v[] = {NULL, NULL}; | |
2207 | int n; | |
2208 | int rc; | |
2209 | int i; | |
2210 | ||
2211 | if (!check_string(user)) | |
78af4e6e | 2212 | { |
f75f605a | 2213 | com_err(whoami, 0, "invalid LDAP name %s", user); |
89db421e | 2214 | return(AD_INVALID_NAME); |
78af4e6e | 2215 | } |
cd9e6b16 | 2216 | strcpy(contact_name, user); |
2217 | sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path); | |
2218 | cn_v[0] = cn_user_name; | |
2219 | contact_v[0] = contact_name; | |
2220 | name_v[0] = user; | |
2221 | desc_v[0] = "Auto account created by Moira"; | |
f78c7eaf | 2222 | email_v[0] = user; |
cd9e6b16 | 2223 | |
2224 | strcpy(new_dn, cn_user_name); | |
2225 | n = 0; | |
2226 | ADD_ATTR("cn", contact_v, LDAP_MOD_ADD); | |
2227 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
2228 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
2229 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
2230 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
f78c7eaf | 2231 | if (!strcmp(group_ou, contact_ou)) |
2232 | { | |
2233 | ADD_ATTR("mail", email_v, LDAP_MOD_ADD); | |
2234 | } | |
cd9e6b16 | 2235 | mods[n] = NULL; |
2236 | ||
2237 | rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL); | |
2238 | for (i = 0; i < n; i++) | |
2239 | free(mods[i]); | |
f78c7eaf | 2240 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) |
2241 | { | |
2242 | n = 0; | |
2243 | ADD_ATTR("cn", contact_v, LDAP_MOD_ADD); | |
2244 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
2245 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
2246 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
2247 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
2248 | mods[n] = NULL; | |
2249 | rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL); | |
2250 | for (i = 0; i < n; i++) | |
2251 | free(mods[i]); | |
2252 | } | |
cd9e6b16 | 2253 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) |
78af4e6e | 2254 | { |
f75f605a | 2255 | com_err(whoami, 0, "could not create contact %s : %s", |
2256 | user, ldap_err2string(rc)); | |
89db421e | 2257 | return(rc); |
78af4e6e | 2258 | } |
2259 | return(0); | |
2260 | } | |
2261 | ||
f75f605a | 2262 | int user_update(LDAP *ldap_handle, char *dn_path, char *user_name, |
89db421e | 2263 | char *Uid, char *MitId, char *MoiraId, int State) |
78af4e6e | 2264 | { |
2265 | LDAPMod *mods[20]; | |
2266 | LK_ENTRY *group_base; | |
2267 | int group_count; | |
2268 | char distinguished_name[256]; | |
89db421e | 2269 | char *mitMoiraId_v[] = {NULL, NULL}; |
78af4e6e | 2270 | char *uid_v[] = {NULL, NULL}; |
2271 | char *mitid_v[] = {NULL, NULL}; | |
f78c7eaf | 2272 | char *homedir_v[] = {NULL, NULL}; |
2273 | char *winProfile_v[] = {NULL, NULL}; | |
2274 | char *drives_v[] = {NULL, NULL}; | |
89db421e | 2275 | char *userAccountControl_v[] = {NULL, NULL}; |
2276 | char userAccountControlStr[80]; | |
78af4e6e | 2277 | int n; |
2278 | int rc; | |
2279 | int i; | |
89db421e | 2280 | u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE; |
2281 | char filter[128]; | |
78af4e6e | 2282 | char *attr_array[3]; |
f78c7eaf | 2283 | char **hp; |
2284 | char path[256]; | |
2285 | char winPath[256]; | |
2286 | char winProfile[256]; | |
78af4e6e | 2287 | |
f75f605a | 2288 | if (!check_string(user_name)) |
78af4e6e | 2289 | { |
f75f605a | 2290 | com_err(whoami, 0, "invalid LDAP user name %s", user_name); |
89db421e | 2291 | return(AD_INVALID_NAME); |
78af4e6e | 2292 | } |
2293 | ||
78af4e6e | 2294 | group_count = 0; |
2295 | group_base = NULL; | |
89db421e | 2296 | |
2297 | if (strlen(MoiraId) != 0) | |
78af4e6e | 2298 | { |
89db421e | 2299 | sprintf(filter, "(mitMoiraId=%s)", MoiraId); |
2300 | attr_array[0] = "cn"; | |
2301 | attr_array[1] = NULL; | |
2302 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2303 | &group_base, &group_count)) != 0) | |
2304 | { | |
2305 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2306 | user_name, ldap_err2string(rc)); | |
2307 | return(rc); | |
2308 | } | |
2309 | } | |
2310 | if (group_count == 0) | |
2311 | { | |
2312 | sprintf(filter, "(sAMAccountName=%s)", user_name); | |
2313 | attr_array[0] = "cn"; | |
2314 | attr_array[1] = NULL; | |
2315 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2316 | &group_base, &group_count)) != 0) | |
2317 | { | |
2318 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2319 | user_name, ldap_err2string(rc)); | |
2320 | return(rc); | |
2321 | } | |
78af4e6e | 2322 | } |
2323 | ||
2324 | if (group_count != 1) | |
2325 | { | |
f75f605a | 2326 | com_err(whoami, 0, "LDAP server unable to find user %s in AD", |
2327 | user_name); | |
2328 | linklist_free(group_base); | |
89db421e | 2329 | return(AD_NO_USER_FOUND); |
78af4e6e | 2330 | } |
2331 | strcpy(distinguished_name, group_base->dn); | |
2332 | ||
f75f605a | 2333 | linklist_free(group_base); |
2334 | group_count = 0; | |
78af4e6e | 2335 | n = 0; |
f78c7eaf | 2336 | if ((hp = hes_resolve(user_name, "filsys")) != NULL) |
2337 | { | |
2338 | memset(path, 0, sizeof(path)); | |
2339 | memset(winPath, 0, sizeof(winPath)); | |
2340 | sscanf(hp[0], "%*s %s", path); | |
2341 | if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0) | |
2342 | { | |
2343 | AfsToWinAfs(path, winPath); | |
2344 | homedir_v[0] = winPath; | |
2345 | ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE); | |
2346 | strcpy(winProfile, winPath); | |
2347 | strcat(winProfile, "\\.winprofile"); | |
2348 | winProfile_v[0] = winProfile; | |
2349 | ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE); | |
2350 | drives_v[0] = "H:"; | |
2351 | ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE); | |
2352 | } | |
2353 | } | |
89db421e | 2354 | uid_v[0] = Uid; |
2355 | if (strlen(Uid) == 0) | |
2356 | uid_v[0] = NULL; | |
2357 | ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE); | |
2358 | ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE); | |
2359 | mitid_v[0] = MitId; | |
2360 | if (strlen(MitId) == 0) | |
2361 | mitid_v[0] = NULL; | |
2362 | ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE); | |
2363 | mitMoiraId_v[0] = MoiraId; | |
2364 | if (strlen(MoiraId) == 0) | |
2365 | mitMoiraId_v[0] = NULL; | |
2366 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE); | |
2367 | if ((State != US_NO_PASSWD) && (State != US_REGISTERED)) | |
2368 | userAccountControl |= UF_ACCOUNTDISABLE; | |
2369 | sprintf(userAccountControlStr, "%ld", userAccountControl); | |
2370 | userAccountControl_v[0] = userAccountControlStr; | |
2371 | ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE); | |
78af4e6e | 2372 | mods[n] = NULL; |
89db421e | 2373 | if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS) |
78af4e6e | 2374 | { |
89db421e | 2375 | com_err(whoami, 0, "Couldn't modify user data for %s : %s", |
2376 | user_name, ldap_err2string(rc)); | |
78af4e6e | 2377 | } |
89db421e | 2378 | for (i = 0; i < n; i++) |
2379 | free(mods[i]); | |
2380 | ||
f78c7eaf | 2381 | if (hp != NULL) |
2382 | { | |
2383 | i = 0; | |
2384 | while (hp[i]) | |
2385 | { | |
2386 | free(hp[i]); | |
2387 | i++; | |
2388 | } | |
2389 | } | |
78af4e6e | 2390 | |
f75f605a | 2391 | return(rc); |
cd9e6b16 | 2392 | } |
2393 | ||
f75f605a | 2394 | int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name, |
89db421e | 2395 | char *user_name) |
9db0b148 | 2396 | { |
2397 | LDAPMod *mods[20]; | |
2398 | char new_dn[256]; | |
2399 | char old_dn[256]; | |
9db0b148 | 2400 | char upn[256]; |
2401 | char temp[128]; | |
2402 | char *userPrincipalName_v[] = {NULL, NULL}; | |
2403 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
2404 | char *name_v[] = {NULL, NULL}; | |
78af4e6e | 2405 | char *samAccountName_v[] = {NULL, NULL}; |
9db0b148 | 2406 | int n; |
2407 | int rc; | |
2408 | int i; | |
9db0b148 | 2409 | |
f75f605a | 2410 | if (!check_string(before_user_name)) |
78af4e6e | 2411 | { |
f75f605a | 2412 | com_err(whoami, 0, "invalid LDAP user name %s", before_user_name); |
89db421e | 2413 | return(AD_INVALID_NAME); |
78af4e6e | 2414 | } |
f75f605a | 2415 | if (!check_string(user_name)) |
78af4e6e | 2416 | { |
f75f605a | 2417 | com_err(whoami, 0, "invalid LDAP user name %s", user_name); |
89db421e | 2418 | return(AD_INVALID_NAME); |
78af4e6e | 2419 | } |
9db0b148 | 2420 | |
f75f605a | 2421 | strcpy(user_name, user_name); |
2422 | sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path); | |
9db0b148 | 2423 | sprintf(new_dn, "cn=%s", user_name); |
f75f605a | 2424 | if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE, |
9db0b148 | 2425 | NULL, NULL)) != LDAP_SUCCESS) |
2426 | { | |
89db421e | 2427 | com_err(whoami, 0, "Couldn't rename user from %s to %s : %s", |
2428 | before_user_name, user_name, ldap_err2string(rc)); | |
f75f605a | 2429 | return(rc); |
9db0b148 | 2430 | } |
2431 | ||
2432 | name_v[0] = user_name; | |
2433 | sprintf(upn, "%s@%s", user_name, ldap_domain); | |
2434 | userPrincipalName_v[0] = upn; | |
2435 | sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM); | |
2436 | altSecurityIdentities_v[0] = temp; | |
78af4e6e | 2437 | samAccountName_v[0] = user_name; |
9db0b148 | 2438 | |
2439 | n = 0; | |
2440 | ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE); | |
2441 | ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE); | |
2442 | ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE); | |
78af4e6e | 2443 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE); |
9db0b148 | 2444 | mods[n] = NULL; |
f75f605a | 2445 | sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path); |
2446 | if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS) | |
9db0b148 | 2447 | { |
f75f605a | 2448 | com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s", |
2449 | user_name, ldap_err2string(rc)); | |
9db0b148 | 2450 | } |
2451 | for (i = 0; i < n; i++) | |
2452 | free(mods[i]); | |
f75f605a | 2453 | return(rc); |
9db0b148 | 2454 | } |
2455 | ||
f75f605a | 2456 | int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name, |
2457 | char *fs_type, char *fs_pack, int operation) | |
f78c7eaf | 2458 | { |
2459 | char distinguished_name[256]; | |
2460 | char winPath[256]; | |
2461 | char winProfile[256]; | |
89db421e | 2462 | char filter[128]; |
f78c7eaf | 2463 | char *attr_array[3]; |
2464 | char *homedir_v[] = {NULL, NULL}; | |
2465 | char *winProfile_v[] = {NULL, NULL}; | |
2466 | char *drives_v[] = {NULL, NULL}; | |
f78c7eaf | 2467 | int group_count; |
2468 | int n; | |
2469 | int rc; | |
2470 | int i; | |
f78c7eaf | 2471 | LDAPMod *mods[20]; |
2472 | LK_ENTRY *group_base; | |
2473 | ||
f75f605a | 2474 | if (!check_string(fs_name)) |
f78c7eaf | 2475 | { |
f75f605a | 2476 | com_err(whoami, 0, "invalid filesys name %s", fs_name); |
89db421e | 2477 | return(AD_INVALID_NAME); |
f78c7eaf | 2478 | } |
2479 | ||
f75f605a | 2480 | if (strcmp(fs_type, "AFS")) |
f78c7eaf | 2481 | { |
f75f605a | 2482 | com_err(whoami, 0, "invalid filesys type %s", fs_type); |
89db421e | 2483 | return(AD_INVALID_FILESYS); |
f78c7eaf | 2484 | } |
2485 | ||
f78c7eaf | 2486 | group_count = 0; |
2487 | group_base = NULL; | |
89db421e | 2488 | sprintf(filter, "(sAMAccountName=%s)", fs_name); |
f78c7eaf | 2489 | attr_array[0] = "cn"; |
2490 | attr_array[1] = NULL; | |
89db421e | 2491 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, |
f78c7eaf | 2492 | &group_base, &group_count)) != 0) |
2493 | { | |
f75f605a | 2494 | com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s", |
2495 | fs_name, ldap_err2string(rc)); | |
2496 | return(rc); | |
f78c7eaf | 2497 | } |
2498 | ||
2499 | if (group_count != 1) | |
2500 | { | |
f75f605a | 2501 | linklist_free(group_base); |
2502 | com_err(whoami, 0, "LDAP server unable to find user %s in AD", | |
2503 | fs_name); | |
2504 | return(LDAP_NO_SUCH_OBJECT); | |
f78c7eaf | 2505 | } |
2506 | strcpy(distinguished_name, group_base->dn); | |
f75f605a | 2507 | linklist_free(group_base); |
2508 | group_count = 0; | |
f78c7eaf | 2509 | |
2510 | n = 0; | |
2511 | if (operation == LDAP_MOD_ADD) | |
2512 | { | |
2513 | memset(winPath, 0, sizeof(winPath)); | |
f75f605a | 2514 | AfsToWinAfs(fs_pack, winPath); |
f78c7eaf | 2515 | homedir_v[0] = winPath; |
2516 | drives_v[0] = "H:"; | |
2517 | memset(winProfile, 0, sizeof(winProfile)); | |
2518 | strcpy(winProfile, winPath); | |
2519 | strcat(winProfile, "\\.winprofile"); | |
2520 | winProfile_v[0] = winProfile; | |
2521 | } | |
2522 | else | |
2523 | { | |
2524 | homedir_v[0] = NULL; | |
2525 | drives_v[0] = NULL; | |
2526 | winProfile_v[0] = NULL; | |
2527 | } | |
2528 | ADD_ATTR("profilePath", winProfile_v, operation); | |
2529 | ADD_ATTR("homeDrive", drives_v, operation); | |
2530 | ADD_ATTR("homeDirectory", homedir_v, operation); | |
2531 | mods[n] = NULL; | |
2532 | ||
f75f605a | 2533 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); |
f78c7eaf | 2534 | if (rc != LDAP_SUCCESS) |
2535 | { | |
f75f605a | 2536 | com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s", |
2537 | fs_name, ldap_err2string(rc)); | |
f78c7eaf | 2538 | } |
2539 | for (i = 0; i < n; i++) | |
2540 | free(mods[i]); | |
2541 | ||
f75f605a | 2542 | return(rc); |
f78c7eaf | 2543 | } |
2544 | ||
cd9e6b16 | 2545 | int user_create(int ac, char **av, void *ptr) |
2546 | { | |
5b8457c5 | 2547 | LK_ENTRY *group_base; |
cd9e6b16 | 2548 | LDAPMod *mods[20]; |
2549 | char new_dn[256]; | |
2550 | char user_name[256]; | |
9db0b148 | 2551 | char sam_name[256]; |
5b8457c5 | 2552 | char upn[256]; |
cd9e6b16 | 2553 | char *cn_v[] = {NULL, NULL}; |
2554 | char *objectClass_v[] = {"top", "person", | |
2555 | "organizationalPerson", | |
2556 | "user", NULL}; | |
2557 | ||
2558 | char *samAccountName_v[] = {NULL, NULL}; | |
2559 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
89db421e | 2560 | char *mitMoiraId_v[] = {NULL, NULL}; |
cd9e6b16 | 2561 | char *name_v[] = {NULL, NULL}; |
2562 | char *desc_v[] = {NULL, NULL}; | |
cd9e6b16 | 2563 | char *userPrincipalName_v[] = {NULL, NULL}; |
2564 | char *userAccountControl_v[] = {NULL, NULL}; | |
78af4e6e | 2565 | char *uid_v[] = {NULL, NULL}; |
2566 | char *mitid_v[] = {NULL, NULL}; | |
cd9e6b16 | 2567 | char userAccountControlStr[80]; |
2568 | char temp[128]; | |
2569 | u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE; | |
2570 | int n; | |
2571 | int rc; | |
2572 | int i; | |
5b8457c5 | 2573 | int group_count; |
89db421e | 2574 | char filter[128]; |
cd9e6b16 | 2575 | char *attr_array[3]; |
2576 | char **call_args; | |
2577 | ||
2578 | call_args = ptr; | |
2579 | ||
78af4e6e | 2580 | if (!check_string(av[U_NAME])) |
2581 | { | |
89db421e | 2582 | callback_rc = AD_INVALID_NAME; |
f75f605a | 2583 | com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]); |
89db421e | 2584 | return(AD_INVALID_NAME); |
78af4e6e | 2585 | } |
9db0b148 | 2586 | |
cd9e6b16 | 2587 | strcpy(user_name, av[U_NAME]); |
2588 | sprintf(upn, "%s@%s", user_name, ldap_domain); | |
78af4e6e | 2589 | sprintf(sam_name, "%s", av[U_NAME]); |
9db0b148 | 2590 | samAccountName_v[0] = sam_name; |
89db421e | 2591 | if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED)) |
cd9e6b16 | 2592 | userAccountControl |= UF_ACCOUNTDISABLE; |
2593 | sprintf(userAccountControlStr, "%ld", userAccountControl); | |
2594 | userAccountControl_v[0] = userAccountControlStr; | |
2595 | userPrincipalName_v[0] = upn; | |
2596 | ||
2597 | cn_v[0] = user_name; | |
2598 | name_v[0] = user_name; | |
2599 | desc_v[0] = "Auto account created by Moira"; | |
2600 | sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM); | |
2601 | altSecurityIdentities_v[0] = temp; | |
2602 | sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]); | |
2603 | ||
2604 | n = 0; | |
2605 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
2606 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
2607 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
2608 | ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD); | |
2609 | ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD); | |
2610 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
2611 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
2612 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
89db421e | 2613 | if (strlen(call_args[2]) != 0) |
2614 | { | |
2615 | mitMoiraId_v[0] = call_args[2]; | |
2616 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD); | |
2617 | } | |
cd9e6b16 | 2618 | ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD); |
78af4e6e | 2619 | if (strlen(av[U_UID]) != 0) |
2620 | { | |
2621 | uid_v[0] = av[U_UID]; | |
2622 | ADD_ATTR("uid", uid_v, LDAP_MOD_ADD); | |
2623 | ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD); | |
2624 | } | |
2625 | if (strlen(av[U_MITID]) != 0) | |
2626 | mitid_v[0] = av[U_MITID]; | |
2627 | else | |
2628 | mitid_v[0] = "none"; | |
2629 | ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD); | |
cd9e6b16 | 2630 | mods[n] = NULL; |
2631 | ||
2632 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
78af4e6e | 2633 | for (i = 0; i < n; i++) |
2634 | free(mods[i]); | |
5b8457c5 | 2635 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) |
2636 | { | |
2637 | com_err(whoami, 0, "could not create user %s : %s", | |
2638 | user_name, ldap_err2string(rc)); | |
2639 | callback_rc = rc; | |
2640 | return(rc); | |
2641 | } | |
cd9e6b16 | 2642 | if (rc == LDAP_SUCCESS) |
2643 | { | |
f78c7eaf | 2644 | if ((rc = set_password(sam_name, "", ldap_domain)) != 0) |
cd9e6b16 | 2645 | { |
f75f605a | 2646 | com_err(whoami, 0, "Couldn't set password for user %s : %ld", |
2647 | user_name, rc); | |
cd9e6b16 | 2648 | } |
2649 | } | |
89db421e | 2650 | sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]); |
2651 | if (strlen(call_args[2]) != 0) | |
2652 | sprintf(filter, "(mitMoiraId=%s)", call_args[2]); | |
cd9e6b16 | 2653 | attr_array[0] = "objectSid"; |
2654 | attr_array[1] = NULL; | |
5b8457c5 | 2655 | group_count = 0; |
2656 | group_base = NULL; | |
89db421e | 2657 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array, |
5b8457c5 | 2658 | &group_base, &group_count)) == LDAP_SUCCESS) |
cd9e6b16 | 2659 | { |
5b8457c5 | 2660 | if (group_count == 1) |
cd9e6b16 | 2661 | { |
5b8457c5 | 2662 | (*sid_ptr) = group_base; |
2663 | (*sid_ptr)->member = strdup(av[L_NAME]); | |
2664 | (*sid_ptr)->type = (char *)GROUPS; | |
cd9e6b16 | 2665 | sid_ptr = &(*sid_ptr)->next; |
2666 | } | |
5b8457c5 | 2667 | else |
2668 | { | |
2669 | if (group_base != NULL) | |
2670 | linklist_free(group_base); | |
2671 | } | |
2672 | } | |
2673 | else | |
2674 | { | |
2675 | if (group_base != NULL) | |
2676 | linklist_free(group_base); | |
cd9e6b16 | 2677 | } |
78af4e6e | 2678 | return(0); |
cd9e6b16 | 2679 | } |
2680 | ||
89db421e | 2681 | int user_change_status(LDAP *ldap_handle, char *dn_path, |
2682 | char *user_name, char *MoiraId, | |
2683 | int operation) | |
cd9e6b16 | 2684 | { |
89db421e | 2685 | char filter[128]; |
cd9e6b16 | 2686 | char *attr_array[3]; |
2687 | char temp[256]; | |
2688 | char distinguished_name[1024]; | |
cd9e6b16 | 2689 | char **modvalues; |
89db421e | 2690 | char *mitMoiraId_v[] = {NULL, NULL}; |
cd9e6b16 | 2691 | LDAPMod *mods[20]; |
2692 | LK_ENTRY *group_base; | |
2693 | int group_count; | |
2694 | int rc; | |
2695 | int i; | |
2696 | int n; | |
2697 | ULONG ulongValue; | |
2698 | ||
f75f605a | 2699 | if (!check_string(user_name)) |
78af4e6e | 2700 | { |
f75f605a | 2701 | com_err(whoami, 0, "invalid LDAP user name %s", user_name); |
89db421e | 2702 | return(AD_INVALID_NAME); |
78af4e6e | 2703 | } |
f75f605a | 2704 | |
cd9e6b16 | 2705 | group_count = 0; |
2706 | group_base = NULL; | |
89db421e | 2707 | |
2708 | if (strlen(MoiraId) != 0) | |
cd9e6b16 | 2709 | { |
89db421e | 2710 | sprintf(filter, "(mitMoiraId=%s)", MoiraId); |
2711 | attr_array[0] = "UserAccountControl"; | |
2712 | attr_array[1] = NULL; | |
2713 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2714 | &group_base, &group_count)) != 0) | |
2715 | { | |
2716 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2717 | user_name, ldap_err2string(rc)); | |
2718 | return(rc); | |
2719 | } | |
2720 | } | |
2721 | if (group_count == 0) | |
2722 | { | |
2723 | sprintf(filter, "(sAMAccountName=%s)", user_name); | |
2724 | attr_array[0] = "UserAccountControl"; | |
2725 | attr_array[1] = NULL; | |
2726 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2727 | &group_base, &group_count)) != 0) | |
2728 | { | |
2729 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2730 | user_name, ldap_err2string(rc)); | |
2731 | return(rc); | |
2732 | } | |
cd9e6b16 | 2733 | } |
2734 | ||
78af4e6e | 2735 | if (group_count != 1) |
cd9e6b16 | 2736 | { |
f75f605a | 2737 | linklist_free(group_base); |
2738 | com_err(whoami, 0, "LDAP server unable to find user %s in AD", | |
2739 | user_name); | |
2740 | return(LDAP_NO_SUCH_OBJECT); | |
cd9e6b16 | 2741 | } |
2742 | ||
2743 | strcpy(distinguished_name, group_base->dn); | |
2744 | ulongValue = atoi((*group_base).value); | |
2745 | if (operation == MEMBER_DEACTIVATE) | |
2746 | ulongValue |= UF_ACCOUNTDISABLE; | |
2747 | else | |
2748 | ulongValue &= ~UF_ACCOUNTDISABLE; | |
2749 | sprintf(temp, "%ld", ulongValue); | |
2750 | if ((rc = construct_newvalues(group_base, group_count, (*group_base).value, | |
2751 | temp, &modvalues, REPLACE)) == 1) | |
f75f605a | 2752 | goto cleanup; |
cd9e6b16 | 2753 | linklist_free(group_base); |
2754 | group_base = NULL; | |
2755 | group_count = 0; | |
2756 | n = 0; | |
2757 | ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE); | |
89db421e | 2758 | if (strlen(MoiraId) != 0) |
2759 | { | |
2760 | mitMoiraId_v[0] = MoiraId; | |
2761 | ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE); | |
2762 | } | |
cd9e6b16 | 2763 | mods[n] = NULL; |
f75f605a | 2764 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); |
cd9e6b16 | 2765 | for (i = 0; i < n; i++) |
2766 | free(mods[i]); | |
2767 | free_values(modvalues); | |
2768 | if (rc != LDAP_SUCCESS) | |
2769 | { | |
f75f605a | 2770 | com_err(whoami, 0, "LDAP server could not change status of user %s : %s", |
2771 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2772 | } |
2773 | cleanup: | |
f75f605a | 2774 | return(rc); |
cd9e6b16 | 2775 | } |
2776 | ||
89db421e | 2777 | int user_delete(LDAP *ldap_handle, char *dn_path, |
2778 | char *u_name, char *MoiraId) | |
cd9e6b16 | 2779 | { |
89db421e | 2780 | char filter[128]; |
cd9e6b16 | 2781 | char *attr_array[3]; |
2782 | char distinguished_name[1024]; | |
2783 | char user_name[512]; | |
2784 | LK_ENTRY *group_base; | |
2785 | int group_count; | |
2786 | int rc; | |
2787 | ||
2788 | if (!check_string(u_name)) | |
89db421e | 2789 | return(AD_INVALID_NAME); |
2790 | ||
cd9e6b16 | 2791 | strcpy(user_name, u_name); |
2792 | group_count = 0; | |
2793 | group_base = NULL; | |
89db421e | 2794 | |
2795 | if (strlen(MoiraId) != 0) | |
cd9e6b16 | 2796 | { |
89db421e | 2797 | sprintf(filter, "(mitMoiraId=%s)", MoiraId); |
2798 | attr_array[0] = "name"; | |
2799 | attr_array[1] = NULL; | |
2800 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2801 | &group_base, &group_count)) != 0) | |
2802 | { | |
2803 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2804 | user_name, ldap_err2string(rc)); | |
2805 | goto cleanup; | |
2806 | } | |
2807 | } | |
2808 | if (group_count == 0) | |
2809 | { | |
2810 | sprintf(filter, "(sAMAccountName=%s)", user_name); | |
2811 | attr_array[0] = "name"; | |
2812 | attr_array[1] = NULL; | |
2813 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
2814 | &group_base, &group_count)) != 0) | |
2815 | { | |
2816 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
2817 | user_name, ldap_err2string(rc)); | |
2818 | goto cleanup; | |
2819 | } | |
cd9e6b16 | 2820 | } |
2821 | ||
78af4e6e | 2822 | if (group_count != 1) |
cd9e6b16 | 2823 | { |
f75f605a | 2824 | com_err(whoami, 0, "LDAP server unable to find user %s in AD", |
2825 | user_name); | |
cd9e6b16 | 2826 | goto cleanup; |
2827 | } | |
2828 | ||
2829 | strcpy(distinguished_name, group_base->dn); | |
2830 | if (rc = ldap_delete_s(ldap_handle, distinguished_name)) | |
2831 | { | |
f75f605a | 2832 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", |
2833 | user_name, ldap_err2string(rc)); | |
cd9e6b16 | 2834 | } |
2835 | ||
2836 | cleanup: | |
2837 | linklist_free(group_base); | |
78af4e6e | 2838 | return(0); |
cd9e6b16 | 2839 | } |
2840 | ||
2841 | void linklist_free(LK_ENTRY *linklist_base) | |
2842 | { | |
2843 | LK_ENTRY *linklist_previous; | |
2844 | ||
2845 | while (linklist_base != NULL) | |
2846 | { | |
2847 | if (linklist_base->dn != NULL) | |
2848 | free(linklist_base->dn); | |
2849 | if (linklist_base->attribute != NULL) | |
2850 | free(linklist_base->attribute); | |
2851 | if (linklist_base->value != NULL) | |
2852 | free(linklist_base->value); | |
2853 | if (linklist_base->member != NULL) | |
2854 | free(linklist_base->member); | |
2855 | if (linklist_base->type != NULL) | |
2856 | free(linklist_base->type); | |
2857 | if (linklist_base->list != NULL) | |
2858 | free(linklist_base->list); | |
2859 | linklist_previous = linklist_base; | |
2860 | linklist_base = linklist_previous->next; | |
2861 | free(linklist_previous); | |
2862 | } | |
2863 | } | |
2864 | ||
2865 | void free_values(char **modvalues) | |
2866 | { | |
2867 | int i; | |
2868 | ||
2869 | i = 0; | |
2870 | if (modvalues != NULL) | |
2871 | { | |
2872 | while (modvalues[i] != NULL) | |
2873 | { | |
2874 | free(modvalues[i]); | |
2875 | modvalues[i] = NULL; | |
2876 | ++i; | |
2877 | } | |
2878 | free(modvalues); | |
2879 | } | |
2880 | } | |
2881 | ||
2882 | int sid_update(LDAP *ldap_handle, char *dn_path) | |
2883 | { | |
2884 | LK_ENTRY *ptr; | |
2885 | int rc; | |
2886 | unsigned char temp[126]; | |
2887 | char *av[3]; | |
2888 | ||
2889 | ptr = sid_base; | |
2890 | ||
2891 | while (ptr != NULL) | |
2892 | { | |
2893 | memset(temp, 0, sizeof(temp)); | |
2894 | convert_b_to_a(temp, ptr->value, ptr->length); | |
5b8457c5 | 2895 | if (!ptr->member) |
2896 | continue; | |
cd9e6b16 | 2897 | av[0] = ptr->member; |
2898 | av[1] = temp; | |
2899 | if (ptr->type == (char *)GROUPS) | |
2900 | { | |
2901 | ptr->type = NULL; | |
2902 | rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL); | |
2903 | } | |
2904 | else if (ptr->type == (char *)USERS) | |
2905 | { | |
2906 | ptr->type = NULL; | |
2907 | rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL); | |
2908 | } | |
2909 | ptr = ptr->next; | |
2910 | } | |
2911 | return(0); | |
2912 | } | |
2913 | ||
2914 | void convert_b_to_a(char *string, UCHAR *binary, int length) | |
2915 | { | |
2916 | int i; | |
2917 | int j; | |
2918 | UCHAR tmp; | |
2919 | ||
2920 | j = 0; | |
2921 | for (i = 0; i < length; i++) | |
2922 | { | |
2923 | tmp = binary[i]; | |
2924 | string[j] = tmp; | |
2925 | string[j] >>= 4; | |
2926 | string[j] &= 0x0f; | |
2927 | string[j] += 0x30; | |
2928 | if (string[j] > '9') | |
2929 | string[j] += 0x27; | |
2930 | ++j; | |
2931 | string[j] = tmp & 0x0f; | |
2932 | string[j] += 0x30; | |
2933 | if (string[j] > '9') | |
2934 | string[j] += 0x27; | |
2935 | j++; | |
2936 | } | |
2937 | string[j] = 0; | |
2938 | } | |
2939 | ||
2940 | static int illegalchars[] = { | |
2941 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */ | |
2942 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */ | |
2943 | 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */ | |
2944 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */ | |
f75f605a | 2945 | 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */ |
cd9e6b16 | 2946 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */ |
2947 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */ | |
2948 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */ | |
2949 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2950 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2951 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2952 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2953 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2954 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2955 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2956 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2957 | }; | |
2958 | ||
2959 | int check_string(char *s) | |
2960 | { | |
78af4e6e | 2961 | char character; |
2962 | ||
cd9e6b16 | 2963 | for (; *s; s++) |
2964 | { | |
78af4e6e | 2965 | character = *s; |
2966 | if (isupper(character)) | |
2967 | character = tolower(character); | |
2968 | if (illegalchars[(unsigned) character]) | |
cd9e6b16 | 2969 | return 0; |
2970 | } | |
2971 | return 1; | |
2972 | } | |
2973 | ||
2974 | int mr_connect_cl(char *server, char *client, int version, int auth) | |
2975 | { | |
984c91b7 | 2976 | int status; |
2977 | char *motd; | |
2978 | char temp[128]; | |
cd9e6b16 | 2979 | |
2980 | status = mr_connect(server); | |
2981 | if (status) | |
2982 | { | |
2983 | com_err(whoami, status, "while connecting to Moira"); | |
aea5154c | 2984 | return status; |
cd9e6b16 | 2985 | } |
2986 | ||
2987 | status = mr_motd(&motd); | |
2988 | if (status) | |
2989 | { | |
2990 | mr_disconnect(); | |
2991 | com_err(whoami, status, "while checking server status"); | |
aea5154c | 2992 | return status; |
cd9e6b16 | 2993 | } |
2994 | if (motd) | |
2995 | { | |
984c91b7 | 2996 | sprintf(temp, "The Moira server is currently unavailable: %s", motd); |
2997 | com_err(whoami, status, temp); | |
cd9e6b16 | 2998 | mr_disconnect(); |
aea5154c | 2999 | return status; |
cd9e6b16 | 3000 | } |
3001 | ||
3002 | status = mr_version(version); | |
3003 | if (status) | |
3004 | { | |
3005 | if (status == MR_UNKNOWN_PROC) | |
f78c7eaf | 3006 | { |
3007 | if (version > 2) | |
3008 | status = MR_VERSION_HIGH; | |
3009 | else | |
3010 | status = MR_SUCCESS; | |
3011 | } | |
cd9e6b16 | 3012 | |
3013 | if (status == MR_VERSION_HIGH) | |
f78c7eaf | 3014 | { |
3015 | com_err(whoami, 0, "Warning: This client is running newer code than the server."); | |
3016 | com_err(whoami, 0, "Some operations may not work."); | |
3017 | } | |
cd9e6b16 | 3018 | else if (status && status != MR_VERSION_LOW) |
f78c7eaf | 3019 | { |
3020 | com_err(whoami, status, "while setting query version number."); | |
3021 | mr_disconnect(); | |
aea5154c | 3022 | return status; |
f78c7eaf | 3023 | } |
cd9e6b16 | 3024 | } |
3025 | ||
3026 | if (auth) | |
3027 | { | |
3028 | status = mr_auth(client); | |
3029 | if (status) | |
f78c7eaf | 3030 | { |
3031 | com_err(whoami, status, "while authenticating to Moira."); | |
3032 | mr_disconnect(); | |
aea5154c | 3033 | return status; |
f78c7eaf | 3034 | } |
cd9e6b16 | 3035 | } |
3036 | ||
aea5154c | 3037 | return MR_SUCCESS; |
cd9e6b16 | 3038 | } |
3039 | ||
f78c7eaf | 3040 | void AfsToWinAfs(char* path, char* winPath) |
3041 | { | |
3042 | char* pathPtr; | |
3043 | char* winPathPtr; | |
3044 | strcpy(winPath, WINAFS); | |
3045 | pathPtr = path + strlen(AFS); | |
3046 | winPathPtr = winPath + strlen(WINAFS); | |
3047 | ||
3048 | while (*pathPtr) | |
3049 | { | |
3050 | if (*pathPtr == '/') | |
3051 | *winPathPtr = '\\'; | |
3052 | else | |
3053 | *winPathPtr = *pathPtr; | |
3054 | ||
3055 | pathPtr++; | |
3056 | winPathPtr++; | |
3057 | } | |
3058 | } | |
89db421e | 3059 | |
3060 | int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId, | |
3061 | char *group_name, char *group_ou, char *group_membership, | |
3062 | int group_security_flag, int updateGroup) | |
3063 | { | |
3064 | char *av[3]; | |
3065 | char *call_args[7]; | |
3066 | int rc; | |
3067 | ||
3068 | av[0] = group_name; | |
3069 | call_args[0] = (char *)ldap_handle; | |
3070 | call_args[1] = dn_path; | |
3071 | call_args[2] = group_name; | |
3072 | call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS); | |
3073 | call_args[4] = (char *)updateGroup; | |
3074 | call_args[5] = MoiraId; | |
3075 | call_args[6] = NULL; | |
3076 | sid_base = NULL; | |
3077 | sid_ptr = &sid_base; | |
3078 | callback_rc = 0; | |
3079 | if (rc = mr_query("get_list_info", 1, av, group_create, call_args)) | |
3080 | { | |
3081 | moira_disconnect(); | |
3082 | com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc)); | |
3083 | return(rc); | |
3084 | } | |
3085 | if (callback_rc) | |
3086 | { | |
3087 | moira_disconnect(); | |
3088 | com_err(whoami, 0, "Couldn't create list %s", group_name); | |
3089 | return(callback_rc); | |
3090 | } | |
3091 | ||
3092 | if (sid_base != NULL) | |
3093 | { | |
3094 | sid_update(ldap_handle, dn_path); | |
3095 | linklist_free(sid_base); | |
3096 | sid_base = NULL; | |
3097 | } | |
3098 | return(0); | |
3099 | } | |
3100 | ||
3101 | int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name, | |
3102 | char *group_ou, char *group_membership, | |
3103 | int group_security_flag, char *MoiraId) | |
3104 | { | |
3105 | char *av[3]; | |
3106 | char *call_args[7]; | |
3107 | char *pUserOu; | |
3108 | LK_ENTRY *ptr; | |
3109 | int rc; | |
3110 | ||
3111 | com_err(whoami, 0, "Populating group %s", group_name); | |
3112 | av[0] = group_name; | |
3113 | call_args[0] = (char *)ldap_handle; | |
3114 | call_args[1] = dn_path; | |
3115 | call_args[2] = group_name; | |
3116 | call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS); | |
3117 | call_args[4] = NULL; | |
3118 | member_base = NULL; | |
3119 | if (rc = mr_query("get_end_members_of_list", 1, av, | |
3120 | member_list_build, call_args)) | |
3121 | { | |
3122 | com_err(whoami, 0, "Couldn't populate list %s : %s", | |
3123 | group_name, error_message(rc)); | |
3124 | return(3); | |
3125 | } | |
3126 | if (member_base != NULL) | |
3127 | { | |
3128 | ptr = member_base; | |
3129 | while (ptr != NULL) | |
3130 | { | |
3131 | if (!strcasecmp(ptr->type, "LIST")) | |
3132 | { | |
3133 | ptr = ptr->next; | |
3134 | continue; | |
3135 | } | |
3136 | pUserOu = user_ou; | |
3137 | if (!strcasecmp(ptr->type, "STRING")) | |
3138 | { | |
3139 | if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou)) | |
3140 | return(3); | |
3141 | pUserOu = contact_ou; | |
3142 | } | |
3143 | else if (!strcasecmp(ptr->type, "KERBEROS")) | |
3144 | { | |
3145 | if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou)) | |
3146 | return(3); | |
3147 | pUserOu = kerberos_ou; | |
3148 | } | |
3149 | rc = member_add(ldap_handle, dn_path, group_name, | |
3150 | group_ou, group_membership, ptr->member, | |
3151 | pUserOu, MoiraId); | |
3152 | ptr = ptr->next; | |
3153 | } | |
3154 | linklist_free(member_base); | |
3155 | member_base = NULL; | |
3156 | } | |
3157 | return(0); | |
3158 | } | |
3159 | ||
3160 | int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId, | |
3161 | char *group_name, char *group_ou, char *group_membership, | |
3162 | int group_security_flag, int type) | |
3163 | { | |
3164 | char before_desc[512]; | |
3165 | char before_name[256]; | |
3166 | char before_group_ou[256]; | |
3167 | char before_group_membership[2]; | |
3168 | char distinguishedName[256]; | |
3169 | char ad_distinguishedName[256]; | |
3170 | char filter[128]; | |
3171 | char *attr_array[3]; | |
3172 | int before_security_flag; | |
3173 | int group_count; | |
3174 | int rc; | |
3175 | LK_ENTRY *group_base; | |
3176 | LK_ENTRY *ptr; | |
3177 | char ou_both[512]; | |
3178 | char ou_security[512]; | |
3179 | char ou_distribution[512]; | |
3180 | char ou_neither[512]; | |
3181 | ||
3182 | memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName)); | |
3183 | sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path); | |
3184 | ||
3185 | ||
3186 | memset(filter, '\0', sizeof(filter)); | |
3187 | group_base = NULL; | |
3188 | group_count = 0; | |
3189 | if (rc = ad_get_group(ldap_handle, dn_path, group_name, | |
3190 | "*", MoiraId, | |
3191 | "distinguishedName", &group_base, | |
3192 | &group_count, filter)) | |
3193 | return(rc); | |
3194 | ||
3195 | if (type == CHECK_GROUPS) | |
3196 | { | |
3197 | if (group_count == 1) | |
3198 | { | |
3199 | if (!strcasecmp(group_base->value, distinguishedName)) | |
3200 | { | |
3201 | linklist_free(group_base); | |
3202 | return(0); | |
3203 | } | |
3204 | } | |
3205 | linklist_free(group_base); | |
3206 | if (group_count == 0) | |
3207 | return(AD_NO_GROUPS_FOUND); | |
3208 | if (group_count == 1) | |
3209 | return(AD_WRONG_GROUP_DN_FOUND); | |
3210 | return(AD_MULTIPLE_GROUPS_FOUND); | |
3211 | } | |
3212 | if (group_count == 0) | |
3213 | { | |
3214 | return(AD_NO_GROUPS_FOUND); | |
3215 | } | |
3216 | if (group_count > 1) | |
3217 | { | |
3218 | ptr = group_base; | |
3219 | while (ptr != NULL) | |
3220 | { | |
3221 | if (!strcasecmp(distinguishedName, ptr->value)) | |
3222 | break; | |
3223 | ptr = ptr->next; | |
3224 | } | |
3225 | if (ptr == NULL) | |
3226 | { | |
3227 | com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId); | |
3228 | ptr = group_base; | |
3229 | while (ptr != NULL) | |
3230 | { | |
3231 | com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId); | |
3232 | ptr = ptr->next; | |
3233 | } | |
3234 | linklist_free(group_base); | |
3235 | return(AD_MULTIPLE_GROUPS_FOUND); | |
3236 | } | |
3237 | ptr = group_base; | |
3238 | while (ptr != NULL) | |
3239 | { | |
3240 | if (strcasecmp(distinguishedName, ptr->value)) | |
3241 | rc = ldap_delete_s(ldap_handle, ptr->value); | |
3242 | ptr = ptr->next; | |
3243 | } | |
3244 | linklist_free(group_base); | |
3245 | memset(filter, '\0', sizeof(filter)); | |
3246 | group_base = NULL; | |
3247 | group_count = 0; | |
3248 | if (rc = ad_get_group(ldap_handle, dn_path, group_name, | |
3249 | "*", MoiraId, | |
3250 | "distinguishedName", &group_base, | |
3251 | &group_count, filter)) | |
3252 | return(rc); | |
3253 | if (group_count == 0) | |
3254 | return(AD_NO_GROUPS_FOUND); | |
3255 | if (group_count > 1) | |
3256 | return(AD_MULTIPLE_GROUPS_FOUND); | |
3257 | } | |
3258 | ||
3259 | strcpy(ad_distinguishedName, group_base->value); | |
3260 | linklist_free(group_base); | |
3261 | group_base = NULL; | |
3262 | group_count = 0; | |
3263 | ||
3264 | attr_array[0] = "sAMAccountName"; | |
3265 | attr_array[1] = NULL; | |
3266 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3267 | &group_base, &group_count)) != 0) | |
3268 | { | |
3269 | com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s", | |
3270 | MoiraId, ldap_err2string(rc)); | |
3271 | return(rc); | |
3272 | } | |
3273 | sprintf(filter, "(sAMAccountName=%s)", group_base->value); | |
3274 | ||
3275 | if (!strcasecmp(ad_distinguishedName, distinguishedName)) | |
3276 | { | |
3277 | linklist_free(group_base); | |
3278 | group_base = NULL; | |
3279 | group_count = 0; | |
3280 | return(0); | |
3281 | } | |
3282 | linklist_free(group_base); | |
3283 | group_base = NULL; | |
3284 | group_count = 0; | |
3285 | memset(ou_both, '\0', sizeof(ou_both)); | |
3286 | memset(ou_security, '\0', sizeof(ou_security)); | |
3287 | memset(ou_distribution, '\0', sizeof(ou_distribution)); | |
3288 | memset(ou_neither, '\0', sizeof(ou_neither)); | |
3289 | memset(before_name, '\0', sizeof(before_name)); | |
3290 | memset(before_desc, '\0', sizeof(before_desc)); | |
3291 | memset(before_group_membership, '\0', sizeof(before_group_membership)); | |
3292 | attr_array[0] = "name"; | |
3293 | attr_array[1] = NULL; | |
3294 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3295 | &group_base, &group_count)) != 0) | |
3296 | { | |
3297 | com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s", | |
3298 | MoiraId, ldap_err2string(rc)); | |
3299 | return(rc); | |
3300 | } | |
3301 | strcpy(before_name, group_base->value); | |
3302 | linklist_free(group_base); | |
3303 | group_base = NULL; | |
3304 | group_count = 0; | |
3305 | attr_array[0] = "description"; | |
3306 | attr_array[1] = NULL; | |
3307 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3308 | &group_base, &group_count)) != 0) | |
3309 | { | |
3310 | com_err(whoami, 0, | |
3311 | "LDAP server unable to get list description with MoiraId = %s: %s", | |
3312 | MoiraId, ldap_err2string(rc)); | |
3313 | return(rc); | |
3314 | } | |
3315 | strcpy(before_desc, group_base->value); | |
3316 | linklist_free(group_base); | |
3317 | group_base = NULL; | |
3318 | group_count = 0; | |
3319 | change_to_lower_case(ad_distinguishedName); | |
3320 | strcpy(ou_both, group_ou_both); | |
3321 | change_to_lower_case(ou_both); | |
3322 | strcpy(ou_security, group_ou_security); | |
3323 | change_to_lower_case(ou_security); | |
3324 | strcpy(ou_distribution, group_ou_distribution); | |
3325 | change_to_lower_case(ou_distribution); | |
3326 | strcpy(ou_neither, group_ou_neither); | |
3327 | change_to_lower_case(ou_neither); | |
3328 | if (strstr(ad_distinguishedName, ou_both)) | |
3329 | { | |
3330 | strcpy(before_group_ou, group_ou_both); | |
3331 | before_group_membership[0] = 'B'; | |
3332 | before_security_flag = 1; | |
3333 | } | |
3334 | else if (strstr(ad_distinguishedName, ou_security)) | |
3335 | { | |
3336 | strcpy(before_group_ou, group_ou_security); | |
3337 | before_group_membership[0] = 'S'; | |
3338 | before_security_flag = 1; | |
3339 | } | |
3340 | else if (strstr(ad_distinguishedName, ou_distribution)) | |
3341 | { | |
3342 | strcpy(before_group_ou, group_ou_distribution); | |
3343 | before_group_membership[0] = 'D'; | |
3344 | before_security_flag = 0; | |
3345 | } | |
3346 | else if (strstr(ad_distinguishedName, ou_neither)) | |
3347 | { | |
3348 | strcpy(before_group_ou, group_ou_neither); | |
3349 | before_group_membership[0] = 'N'; | |
3350 | before_security_flag = 0; | |
3351 | } | |
3352 | else | |
3353 | return(AD_NO_OU_FOUND); | |
3354 | rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership, | |
3355 | before_group_ou, before_security_flag, before_desc, | |
3356 | group_name, group_membership, group_ou, group_security_flag, | |
3357 | before_desc, MoiraId, filter); | |
3358 | return(rc); | |
3359 | } | |
3360 | ||
3361 | void change_to_lower_case(char *ptr) | |
3362 | { | |
3363 | int i; | |
3364 | ||
3365 | for (i = 0; i < (int)strlen(ptr); i++) | |
3366 | { | |
3367 | ptr[i] = tolower(ptr[i]); | |
3368 | } | |
3369 | } | |
3370 | ||
3371 | int ad_get_group(LDAP *ldap_handle, char *dn_path, | |
3372 | char *group_name, char *group_membership, | |
3373 | char *MoiraId, char *attribute, | |
3374 | LK_ENTRY **linklist_base, int *linklist_count, | |
3375 | char *rFilter) | |
3376 | { | |
3377 | char filter[128]; | |
3378 | char *attr_array[3]; | |
3379 | int rc; | |
3380 | ||
3381 | (*linklist_base) = NULL; | |
3382 | (*linklist_count) = 0; | |
3383 | if (strlen(rFilter) != 0) | |
3384 | { | |
3385 | strcpy(filter, rFilter); | |
3386 | attr_array[0] = attribute; | |
3387 | attr_array[1] = NULL; | |
3388 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3389 | linklist_base, linklist_count)) != 0) | |
3390 | { | |
3391 | com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s", | |
3392 | MoiraId, ldap_err2string(rc)); | |
3393 | return(rc); | |
3394 | } | |
3395 | if ((*linklist_count) == 1) | |
3396 | { | |
3397 | strcpy(rFilter, filter); | |
3398 | return(0); | |
3399 | } | |
3400 | } | |
3401 | ||
3402 | linklist_free((*linklist_base)); | |
3403 | (*linklist_base) = NULL; | |
3404 | (*linklist_count) = 0; | |
3405 | if (strlen(MoiraId) != 0) | |
3406 | { | |
3407 | sprintf(filter, "(mitMoiraId=%s)", MoiraId); | |
3408 | attr_array[0] = attribute; | |
3409 | attr_array[1] = NULL; | |
3410 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3411 | linklist_base, linklist_count)) != 0) | |
3412 | { | |
3413 | com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s", | |
3414 | MoiraId, ldap_err2string(rc)); | |
3415 | return(rc); | |
3416 | } | |
3417 | } | |
3418 | if ((*linklist_count) == 1) | |
3419 | { | |
3420 | strcpy(rFilter, filter); | |
3421 | return(0); | |
3422 | } | |
3423 | ||
3424 | linklist_free((*linklist_base)); | |
3425 | (*linklist_base) = NULL; | |
3426 | (*linklist_count) = 0; | |
3427 | sprintf(filter, "(sAMAccountName=%s_group)", group_name); | |
3428 | attr_array[0] = attribute; | |
3429 | attr_array[1] = NULL; | |
3430 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3431 | linklist_base, linklist_count)) != 0) | |
3432 | { | |
3433 | com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s", | |
3434 | MoiraId, ldap_err2string(rc)); | |
3435 | return(rc); | |
3436 | } | |
3437 | if ((*linklist_count) == 1) | |
3438 | { | |
3439 | strcpy(rFilter, filter); | |
3440 | return(0); | |
3441 | } | |
3442 | ||
3443 | linklist_free((*linklist_base)); | |
3444 | (*linklist_base) = NULL; | |
3445 | (*linklist_count) = 0; | |
3446 | sprintf(filter, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]); | |
3447 | attr_array[0] = attribute; | |
3448 | attr_array[1] = NULL; | |
3449 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3450 | linklist_base, linklist_count)) != 0) | |
3451 | { | |
3452 | com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s", | |
3453 | MoiraId, ldap_err2string(rc)); | |
3454 | return(rc); | |
3455 | } | |
3456 | if ((*linklist_count) == 1) | |
3457 | strcpy(rFilter, filter); | |
3458 | return(0); | |
3459 | } | |
3460 | ||
3461 | int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId) | |
3462 | { | |
3463 | char filter[128]; | |
3464 | char *attr_array[3]; | |
3465 | char SamAccountName[64]; | |
3466 | int group_count; | |
3467 | int rc; | |
3468 | LK_ENTRY *group_base; | |
3469 | ||
3470 | group_count = 0; | |
3471 | group_base = NULL; | |
3472 | ||
3473 | if (strlen(MoiraId) != 0) | |
3474 | { | |
3475 | sprintf(filter, "(mitMoiraId=%s)", MoiraId); | |
3476 | attr_array[0] = "sAMAccountName"; | |
3477 | attr_array[1] = NULL; | |
3478 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3479 | &group_base, &group_count)) != 0) | |
3480 | { | |
3481 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
3482 | UserName, ldap_err2string(rc)); | |
3483 | return(rc); | |
3484 | } | |
3485 | } | |
3486 | if (group_count == 0) | |
3487 | { | |
3488 | sprintf(filter, "(sAMAccountName=%s)", UserName); | |
3489 | attr_array[0] = "sAMAccountName"; | |
3490 | attr_array[1] = NULL; | |
3491 | if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, | |
3492 | &group_base, &group_count)) != 0) | |
3493 | { | |
3494 | com_err(whoami, 0, "LDAP server couldn't process user %s : %s", | |
3495 | UserName, ldap_err2string(rc)); | |
3496 | return(rc); | |
3497 | } | |
3498 | } | |
3499 | ||
3500 | if (group_count != 1) | |
3501 | { | |
3502 | linklist_free(group_base); | |
3503 | return(AD_NO_USER_FOUND); | |
3504 | } | |
3505 | strcpy(SamAccountName, group_base->value); | |
3506 | linklist_free(group_base); | |
3507 | group_count = 0; | |
3508 | rc = 0; | |
3509 | if (strcmp(SamAccountName, UserName)) | |
3510 | { | |
3511 | rc = user_rename(ldap_handle, dn_path, SamAccountName, | |
3512 | UserName); | |
3513 | } | |
3514 | return(0); | |
3515 | } |