]> andersk Git - moira.git/blame - incremental/winad/winad.c
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Change default answer to "no" when asking users if the name they entered
[moira.git] / incremental / winad / winad.c
CommitLineData
5d0a7127 1/* $Header$
9db0b148 2/ *test parameters for creating a user account - done
3 * users 0 3 6_d0006 950 2
4 * users 0 3 6_d0006 950 1
5d0a7127 5 *
9db0b148 6 * test parameters for deactivating/deleting a user account - done
7 * users 3 0 6_d0006 950 3
8 * users 3 0 6_d0006 950 3
cd9e6b16 9 *
9db0b148 10 *test parameters for reactivating a user account - done
11 * users 0 3 6_d0006 950 2
12 * users 0 3 6_d0006 950 1
cd9e6b16 13 *
78af4e6e 14 *test parameters for updating user account info - done
15 * users 1 0 6_d0006
16 * currently, this only occurs when the U_UID or U_MITID changes
17 *
9db0b148 18 * test parameters for changing account name - done
19 * users 3 3 6_d0006 950 1 alexp 950 1
20 * users 3 3 6_d0006 950 2 alexp 950 2
21 * users 3 3 6_d0006 950 2 a_chen 950 2
cd9e6b16 22 *
9db0b148 23 * test parameters for add member to group/list
24 * imembers 0 5 pismere-team USER dtanner 1 1
cd9e6b16 25 * note: the group the group will be created if it does not exist in the AD.
26 *
9db0b148 27 * test parameters for remove member from group/list
28 * imembers 5 0 pismere-team USER dtanner 1 1
cd9e6b16 29 *
9db0b148 30 * test parameters for creating and/or populating a group/list - done
31 * list 0 7 pismere-team 1 0 1 1 1 760
32 *
33 * test parameters for deleting a group/list - done
34 * list 7 0 pismere-team 1 0 1 1 1 760
78af4e6e 35 * L_NAME L_ACTIVE L_PUBLIC L_HIDDEN L_MAILLIST L_GROUP L_GID
36 * used when ever L_ACTIVE changes
9db0b148 37 *
38 * test parameters for renaming a group/list
78af4e6e 39 * list 7 7 6_d0006-acl 1 0 1 0 0 760 1.00students 1 0 1 1 1 760
40 * L_NAME L_ACTIVE L_PUBLIC L_HIDDEN L_MAILLIST L_GROUP L_GID
41 * used whenever L_NAME, L_MAILLIST or L_GROUP changes
cd9e6b16 42*/
5d0a7127 43#include <mit-copyright.h>
44#ifdef _WIN32
45#include <windows.h>
46#include <stdlib.h>
47#include <malloc.h>
48#include <lmaccess.h>
49#endif
cd9e6b16 50
51#include <string.h>
5d0a7127 52#include <ldap.h>
53#include <stdio.h>
54#include <moira.h>
55#include <moira_site.h>
cd9e6b16 56#include <mrclient.h>
5d0a7127 57#include <krb5.h>
58#include <krb.h>
59#include <gsssasl.h>
60#include <gssldap.h>
cd9e6b16 61#include "kpasswd.h"
62
63#ifdef _WIN32
64#ifndef ECONNABORTED
65#define ECONNABORTED WSAECONNABORTED
66#endif
67#ifndef ECONNREFUSED
68#define ECONNREFUSED WSAECONNREFUSED
69#endif
70#ifndef EHOSTUNREACH
71#define EHOSTUNREACH WSAEHOSTUNREACH
72#endif
73#define krb5_xfree free
74#endif /* _WIN32 */
5d0a7127 75
76#ifndef _WIN32
77#include <sys/utsname.h>
78
cd9e6b16 79#define UCHAR unsigned char
80
5d0a7127 81#define UF_SCRIPT 0x0001
82#define UF_ACCOUNTDISABLE 0x0002
83#define UF_HOMEDIR_REQUIRED 0x0008
84#define UF_LOCKOUT 0x0010
85#define UF_PASSWD_NOTREQD 0x0020
86#define UF_PASSWD_CANT_CHANGE 0x0040
cd9e6b16 87#define UF_DONT_EXPIRE_PASSWD 0x10000
5d0a7127 88
89#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
90#define UF_NORMAL_ACCOUNT 0x0200
91#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
92#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
93#define UF_SERVER_TRUST_ACCOUNT 0x2000
94
95#ifndef BYTE
96#define BYTE unsigned char
97#endif
98typedef unsigned int DWORD;
99typedef unsigned long ULONG;
100
101typedef struct _GUID
102{
103 unsigned long Data1;
104 unsigned short Data2;
105 unsigned short Data3;
106 unsigned char Data4[8];
107} GUID;
108
109typedef struct _SID_IDENTIFIER_AUTHORITY {
110 BYTE Value[6];
111} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
112
113typedef struct _SID {
114 BYTE Revision;
115 BYTE SubAuthorityCount;
116 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
117 DWORD SubAuthority[512];
118} SID;
119#endif/*!WIN32*/
120
cd9e6b16 121#define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
122#define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
123#define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
124#define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
125#define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
126
127#define QUERY_VERSION -1
128#define PRIMARY_REALM "ATHENA.MIT.EDU"
129
9db0b148 130#define BEFORE_U_NAME 0
131#define BEFORE_U_UID 1
132#define BEFORE_U_STATE 2
133#define AFTER_U_NAME 0
134#define AFTER_U_UID 1
135#define AFTER_U_STATE 2
136
137#define BEFORE_LM_LIST 0
138#define BEFORE_LM_TYPE 1
139#define BEFORE_LM_MEMBER 2
140#define BEFORE_LM_EXTRA_ACTIVE 3
141#define BEFORE_LM_EXTRA_GROUP 4
142#define AFTER_LM_LIST 0
143#define AFTER_LM_TYPE 1
144#define AFTER_LM_MEMBER 2
145#define AFTER_LM_EXTRA_ACTIVE 3
146#define AFTER_LM_EXTRA_GROUP 4
147
148#define BEFORE_L_NAME 0
149#define BEFORE_L_ACTIVE 1
150#define BEFORE_L_PUBLIC 2
151#define BEFORE_L_HIDDEN 3
152#define BEFORE_L_MAILLIST 4
153#define BEFORE_L_GROUP 5
154#define BEFORE_L_GID 6
155#define AFTER_L_NAME 0
156#define AFTER_L_ACTIVE 1
157#define AFTER_L_PUBLIC 2
158#define AFTER_L_HIDDEN 3
159#define AFTER_L_MAILLIST 4
160#define AFTER_L_GROUP 5
161#define AFTER_L_GID 6
162
5d0a7127 163#define SUBSTITUTE 1
164#define REPLACE 2
165
cd9e6b16 166#define USERS 0
167#define GROUPS 1
168
5d0a7127 169#define MEMBER_ADD 1
170#define MEMBER_REMOVE 2
171#define MEMBER_CHANGE_NAME 3
172#define MEMBER_ACTIVATE 4
173#define MEMBER_DEACTIVATE 5
cd9e6b16 174#define MEMBER_CREATE 6
5d0a7127 175
176#define GROUP_CREATE 1
177#define GROUP_DELETE 2
178#define GROUP_MOVE_MEMBERS 3
179#define GROUP_UPDATE_MEMBERS 4
180
181typedef struct lk_entry {
182 int op;
183 int length;
184 int ber_value;
185 char *dn;
186 char *attribute;
187 char *value;
188 char *member;
189 char *type;
190 char *list;
191 struct lk_entry *next;
192} LK_ENTRY;
193
194#define LDAP_BERVAL struct berval
cd9e6b16 195#define MAX_SERVER_NAMES 32
196
197#define ADD_ATTR(t, v, o) \
198 mods[n] = malloc(sizeof(LDAPMod)); \
199 mods[n]->mod_op = o; \
200 mods[n]->mod_type = t; \
201 mods[n++]->mod_values = v
5d0a7127 202
203LK_ENTRY *member_base = NULL;
cd9e6b16 204LK_ENTRY *sid_base = NULL;
205LK_ENTRY **sid_ptr = NULL;
206char kerberos_ou[] = "OU=kerberos, OU=moira, OU=athena";
207char contact_ou[] = "OU=strings, OU=moira, OU=athena";
208char user_ou[] = "OU=users, OU=moira, OU=athena";
209char group_ou_distribution[] = "OU=distribution, OU=lists, OU=moira, OU=athena";
210char group_ou_security[] = "OU=security, OU=lists, OU=moira, OU=athena";
211char group_ou_neither[] = "OU=neither, OU=lists, OU=moira, OU=athena";
212char group_ou_both[] = "OU=both, OU=lists, OU=moira, OU=athena";
213char group_ou_root[] = "OU=lists, OU=moira, OU=athena";
5d0a7127 214char *whoami;
cd9e6b16 215char group_manager[64];
216char ldap_domain[256];
217char list_type[32];
218char GroupType[2];
219int maillist_flag;
220int group_flag;
221int mr_connections = 0;
78af4e6e 222int callback_rc;
cd9e6b16 223
224extern int locate_ldap_server(char *domain, char *server_name[]);
225extern int set_password(char *user, char *domain);
226
227int user_create(int ac, char **av, void *ptr);
9db0b148 228int user_change_status(int ac, char **av, void *ptr);
cd9e6b16 229int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
9db0b148 230int user_rename(int ac, char **av, void *ptr);
78af4e6e 231int user_update(int ac, char **av, void *ptr);
cd9e6b16 232int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
233int get_group_info(int ac, char**av, void *ptr);
234int group_create(int ac, char **av, void *ptr);
235int group_delete(int ac, char **av, void *ptr);
78af4e6e 236int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name);
cd9e6b16 237int group_list_build(int ac, char **av, void *ptr);
9db0b148 238int group_rename(int ac, char **av, void *ptr);
cd9e6b16 239int member_list_build(int ac, char **av, void *ptr);
9db0b148 240int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
241 char *group_ou, char *group_membership, char *group_gid);
78af4e6e 242int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
243 char *group_ou, char *group_membership, char *group_gid);
cd9e6b16 244int sid_update(LDAP *ldap_handle, char *dn_path);
245int check_string(char *s);
246void convert_b_to_a(char *string, UCHAR *binary, int length);
247int mr_connect_cl(char *server, char *client, int version, int auth);
248
5d0a7127 249void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 250 char **before, int beforec, char **after, int afterc);
5d0a7127 251void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname,
cd9e6b16 252 char *dn_path, char **before, int beforec, char **after,
253 int afterc);
5d0a7127 254void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 255 char **before, int beforec, char **after, int afterc);
256int linklist_create_entry(char *attribute, char *value,
257 LK_ENTRY **linklist_entry);
5d0a7127 258int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
cd9e6b16 259 char **attr_array, LK_ENTRY **linklist_base,
260 int *linklist_count);
5d0a7127 261void linklist_free(LK_ENTRY *linklist_base);
cd9e6b16 262
263int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
264 char *distinguished_name, LK_ENTRY **linklist_current);
265int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
266 LK_ENTRY **linklist_base, int *linklist_count);
267int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
268 char *Attribute, char *distinguished_name,
269 LK_ENTRY **linklist_current);
270
271int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
272 char *oldValue, char *newValue,
273 char ***modvalues, int type);
274void free_values(char **modvalues);
275
276int convert_domain_to_dn(char *domain, char **bind_path);
5d0a7127 277void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 278 char *distinguished_name);
5d0a7127 279int moira_disconnect(void);
280int moira_connect(void);
281void print_to_screen(const char *fmt, ...);
5d0a7127 282
283int main(int argc, char **argv)
284{
cd9e6b16 285 unsigned long rc;
286 int beforec;
287 int afterc;
288 int Max_wait_time = 500;
289 int Max_size_limit = LDAP_NO_LIMIT;
290 int i;
291 char *dn_path;
292 char *table;
293 char **before;
294 char **after;
295 char search_exp[1024];
296 char *server_name[MAX_SERVER_NAMES];
297 ULONG version = LDAP_VERSION3;
298 LDAP *ldap_handle;
299 LDAPMessage *ldap_entry;
5d0a7127 300 FILE *fptr;
cd9e6b16 301
5d0a7127 302 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
cd9e6b16 303
304 if (argc < 4)
305 {
306 com_err(whoami, 0, "%s", "argc < 4");
307 exit(1);
308 }
309 beforec = atoi(argv[2]);
310 afterc = atoi(argv[3]);
311
312 if (argc < (4 + beforec + afterc))
313 {
314 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
315 exit(1);
316 }
317
318 table = argv[1];
319 before = &argv[4];
320 after = &argv[4 + beforec];
321
322 memset(ldap_domain, '\0', sizeof(ldap_domain));
5d0a7127 323 if ((fptr = fopen("winad.cfg", "r")) != NULL)
324 {
cd9e6b16 325 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
5d0a7127 326 fclose(fptr);
327 }
cd9e6b16 328 if (strlen(ldap_domain) == 0)
9db0b148 329 strcpy(ldap_domain, "win.mit.edu");
5d0a7127 330 initialize_sms_error_table();
331 initialize_krb_error_table();
cd9e6b16 332
5d0a7127 333 memset(search_exp, '\0', sizeof(search_exp));
334 ldap_entry = NULL;
335 dn_path = NULL;
cd9e6b16 336 convert_domain_to_dn(ldap_domain, &dn_path);
5d0a7127 337 if (dn_path == NULL)
cd9e6b16 338 {
339 com_err(whoami, 0, "%s", "cannot create AD path");
340 exit(1);
341 }
342 memset(server_name, '\0', sizeof(server_name[0]) * MAX_SERVER_NAMES);
343 if (locate_ldap_server(ldap_domain, server_name) == -1)
344 {
345 com_err(whoami, 0, "%s %s", "cannot locate any server in domain ",
346 ldap_domain);
347 exit(1);
348 }
349
350 for (i = 0; i < MAX_SERVER_NAMES; i++)
351 {
352 if (server_name[i] != NULL)
353 {
354 if ((ldap_handle = ldap_open(server_name[i], LDAP_PORT)) != NULL)
355 {
356 break;
357 }
358 }
359 }
360 if (i >= MAX_SERVER_NAMES)
361 {
362 com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ",
363 ldap_domain);
364 exit(1);
365 }
366 for (i = 0; i < MAX_SERVER_NAMES; i++)
367 {
368 if (server_name[i] != NULL)
369 free(server_name[i]);
370 }
5d0a7127 371 rc = ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &version);
372 rc = ldap_set_option(ldap_handle, LDAP_OPT_TIMELIMIT,
373 (void *)&Max_wait_time);
374 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT,
375 (void *)&Max_size_limit);
376 rc = ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
cd9e6b16 377 rc = ldap_adgssapi_bind(ldap_handle, dn_path, GSSSASL_PRIVACY_PROTECTION);
5d0a7127 378 if (rc != LDAP_SUCCESS)
cd9e6b16 379 exit(1);
380
9db0b148 381 for (i = 0; i < (int)strlen(table); i++)
382 table[i] = tolower(table[i]);
5d0a7127 383 if (!strcmp(table, "users"))
cd9e6b16 384 do_user(ldap_handle, ldap_entry, ldap_domain, dn_path, before, beforec,
385 after, afterc);
5d0a7127 386 else if (!strcmp(table, "list"))
cd9e6b16 387 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
388 afterc);
5d0a7127 389 else if (!strcmp(table, "imembers"))
cd9e6b16 390 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
391 afterc);
392/*
393 else if (!strcmp(table, "filesys"))
394 do_filesys(before, beforec, after, afterc);
395 else if (!strcmp(table, "quota"))
396 do_quota(before, beforec, after, afterc);
397*/
5d0a7127 398 rc = ldap_unbind_s(ldap_handle);
399 free(dn_path);
5d0a7127 400 exit(0);
401}
402
cd9e6b16 403void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
404 char **before, int beforec, char **after, int afterc)
5d0a7127 405{
cd9e6b16 406 int agid;
407 int bgid;
408 int ahide;
409 int bhide;
9db0b148 410 int apublic;
411 int bpublic;
78af4e6e 412 int bgroup;
413 int agroup;
9db0b148 414 int amaillist;
415 int bmailist;
cd9e6b16 416 long rc;
417 char *av[3];
418 char *call_args[6];
419
9db0b148 420
421 if (beforec == 0 && afterc == 0)
422 return;
423
cd9e6b16 424 agid = bgid = 0;
9db0b148 425 ahide = bhide = 0;
426 apublic = bpublic = 0;
427 amaillist = bmailist = 0;
428 if (beforec > BEFORE_L_GROUP)
5d0a7127 429 {
9db0b148 430 bgid = atoi(before[BEFORE_L_GID]);
431 bhide = atoi(before[BEFORE_L_HIDDEN]);
432 bpublic = atoi(before[BEFORE_L_PUBLIC]);
433 bmailist = atoi(before[BEFORE_L_MAILLIST]);
78af4e6e 434 bgroup = atoi(before[BEFORE_L_GROUP]);
5d0a7127 435 }
9db0b148 436 if (afterc > AFTER_L_GROUP)
5d0a7127 437 {
9db0b148 438 agid = atoi(after[AFTER_L_GID]);
439 ahide = atoi(after[AFTER_L_HIDDEN]);
440 apublic = atoi(after[AFTER_L_PUBLIC]);
441 amaillist = atoi(after[AFTER_L_MAILLIST]);
78af4e6e 442 agroup = atoi(after[AFTER_L_GROUP]);
5d0a7127 443 }
cd9e6b16 444
cd9e6b16 445 if (rc = moira_connect())
446 {
447 critical_alert("AD incremental",
78af4e6e 448 "Error contacting Moira server : %s",
cd9e6b16 449 error_message(rc));
450 return;
451 }
452
9db0b148 453 if (beforec && afterc)
5d0a7127 454 {
78af4e6e 455 com_err(whoami, 0, "Changing group %s to %s",
456 before[BEFORE_L_NAME], after[AFTER_L_NAME]);
457
458 av[0] = after[AFTER_L_NAME];
459 call_args[0] = (char *)ldap_handle;
460 call_args[1] = dn_path;
461 call_args[2] = before[BEFORE_L_NAME];
462 call_args[3] = before[BEFORE_L_MAILLIST];
463 call_args[4] = before[BEFORE_L_GROUP];
464 call_args[5] = NULL;
465 callback_rc = 0;
466 if (rc = mr_query("get_list_info", 1, av, group_rename, call_args))
467 {
468 if (rc != LDAP_NO_SUCH_OBJECT)
469 {
470 critical_alert("AD incremental",
471 "Could not change list %s to %s : %s",
472 before[BEFORE_L_NAME],
473 after[AFTER_L_NAME], error_message(rc));
474 goto cleanup;
475 }
476 callback_rc = LDAP_NO_SUCH_OBJECT;
477 }
478 if (callback_rc != LDAP_NO_SUCH_OBJECT)
479 goto cleanup;
480 beforec = 0;
5d0a7127 481 }
9db0b148 482 if (beforec)
5d0a7127 483 {
9db0b148 484 com_err(whoami, 0, "Deleting group %s", before[BEFORE_L_NAME]);
485 rc = group_ad_delete(ldap_handle, dn_path, before[BEFORE_L_NAME]);
cd9e6b16 486 goto cleanup;
5d0a7127 487 }
9db0b148 488 if (afterc)
5d0a7127 489 {
9db0b148 490 com_err(whoami, 0, "Creating group %s", after[AFTER_L_NAME]);
cd9e6b16 491
9db0b148 492 av[0] = after[AFTER_L_NAME];
cd9e6b16 493 call_args[0] = (char *)ldap_handle;
494 call_args[1] = dn_path;
9db0b148 495 call_args[2] = after[AFTER_L_NAME];
cd9e6b16 496 call_args[3] = NULL;
497 call_args[4] = NULL;
9db0b148 498 call_args[5] = NULL;
cd9e6b16 499 sid_base = NULL;
500 sid_ptr = &sid_base;
78af4e6e 501 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
cd9e6b16 502 {
78af4e6e 503 critical_alert("AD incremental", "Couldn't create list %s : %s",
504 after[AFTER_L_NAME], error_message(rc));
cd9e6b16 505 goto cleanup;
506 }
507 if (sid_base != NULL)
508 {
509 sid_update(ldap_handle, dn_path);
510 linklist_free(sid_base);
511 }
512
9db0b148 513 if (afterc == 0)
cd9e6b16 514 goto cleanup;
78af4e6e 515 member_base = NULL;
cd9e6b16 516 if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build,
517 call_args)))
518 {
78af4e6e 519 if (member_base != NULL)
520 rc = member_list_process(ldap_handle, dn_path, after[AFTER_L_NAME],
521 call_args[3], call_args[4], call_args[5]);
cd9e6b16 522 }
78af4e6e 523 else
cd9e6b16 524 {
525 critical_alert("AD incremental",
78af4e6e 526 "Error contacting Moira server to resolve %s : %s",
9db0b148 527 after[AFTER_L_NAME], error_message(rc));
cd9e6b16 528 }
5d0a7127 529 linklist_free(member_base);
cd9e6b16 530 goto cleanup;
5d0a7127 531 }
cd9e6b16 532cleanup:
533 moira_disconnect();
5d0a7127 534}
535
5d0a7127 536void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
cd9e6b16 537 char **before, int beforec, char **after, int afterc)
5d0a7127 538{
cd9e6b16 539 char *call_args[6];
540 char *av[2];
541 char group_name[128];
542 char user_name[128];
9db0b148 543 char user_type[128];
cd9e6b16 544 int rc;
9db0b148 545 int i;
cd9e6b16 546
5d0a7127 547 if (afterc)
548 {
9db0b148 549 if (!atoi(after[AFTER_LM_EXTRA_ACTIVE]) || !atoi(after[AFTER_LM_EXTRA_GROUP]))
cd9e6b16 550 return;
9db0b148 551 strcpy(user_name, after[AFTER_LM_MEMBER]);
552 strcpy(group_name, after[AFTER_LM_LIST]);
553 strcpy(user_type, after[AFTER_LM_TYPE]);
554
5d0a7127 555 }
556 else if (beforec)
557 {
9db0b148 558 if (!atoi(before[BEFORE_LM_EXTRA_ACTIVE]) || !atoi(before[BEFORE_LM_EXTRA_GROUP]))
559 return;
560 strcpy(user_name, before[BEFORE_LM_MEMBER]);
561 strcpy(group_name, before[BEFORE_LM_LIST]);
562 strcpy(user_type, before[AFTER_LM_TYPE]);
5d0a7127 563 }
9db0b148 564 for (i = 0; i < (int)strlen(user_type); i++)
565 user_type[i] = tolower(user_type[i]);
566 if (strcmp(user_type, "user"))
567 return;
cd9e6b16 568
569 if (rc = moira_connect())
570 {
571 critical_alert("AD incremental",
78af4e6e 572 "Moira error retrieving grouplist of user %s : %s",
cd9e6b16 573 user_name, error_message(rc));
574 return;
575 }
576 av[0] = group_name;
577 call_args[0] = (char *)ldap_handle;
578 call_args[1] = dn_path;
579 call_args[2] = group_name;
580 call_args[3] = NULL;
581 call_args[4] = NULL;
9db0b148 582 call_args[5] = NULL;
cd9e6b16 583 member_base = NULL;
584 sid_base = NULL;
585 sid_ptr = &sid_base;
586 if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args)))
587 {
588 if (sid_base != NULL)
589 {
590 sid_update(ldap_handle, dn_path);
591 linklist_free(sid_base);
592 }
78af4e6e 593 member_base = NULL;
cd9e6b16 594 if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build,
595 call_args)))
596 {
78af4e6e 597 if (member_base == NULL)
598 {
599 member_remove(ldap_handle, dn_path, group_name,
600 call_args[3], call_args[4], call_args[5]);
601 }
602 else
603 {
604 rc = member_list_process(ldap_handle, dn_path, group_name,
605 call_args[3], call_args[4], call_args[5]);
606 }
cd9e6b16 607 }
608 }
609 if (rc)
610 {
611 if (afterc)
612 critical_alert("AD incremental", "Couldn't add %s to group %s ",
613 user_name, group_name);
614 else
615 critical_alert("AD incremental", "Couldn't remove %s from group %s ",
616 user_name, group_name);
617 }
618 linklist_free(member_base);
619 if (call_args[3] != NULL)
620 free(call_args[3]);
621 if (call_args[4] != NULL)
622 free(call_args[4]);
623 moira_disconnect();
5d0a7127 624}
625
cd9e6b16 626
5d0a7127 627void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname,
cd9e6b16 628 char *dn_path, char **before, int beforec, char **after,
629 int afterc)
5d0a7127 630{
cd9e6b16 631 int rc;
632 char *av[2];
cd9e6b16 633 char *call_args[6];
634
cd9e6b16 635 if (rc = moira_connect())
5d0a7127 636 {
cd9e6b16 637 critical_alert("AD incremental",
78af4e6e 638 "Error connection to Moira : %s",
cd9e6b16 639 error_message(rc));
5d0a7127 640 return;
641 }
5d0a7127 642
78af4e6e 643 if ((beforec == 1) && (afterc == 0))
644 {
645 com_err(whoami, 0, "Updating user %s info", before[BEFORE_U_NAME]);
646 av[0] = before[BEFORE_U_NAME];
647 call_args[0] = (char *)ldap_handle;
648 call_args[1] = dn_path;
649 sid_base = NULL;
650 sid_ptr = &sid_base;
651 callback_rc = 0;
652 if (rc = mr_query("get_user_account_by_login", 1, av, user_update,
653 call_args))
654 {
655 critical_alert("AD incremental",
656 "Could not update user %s info : %s",
657 before[BEFORE_U_NAME],
658 error_message(rc));
659 }
660 goto cleanup;
661 }
9db0b148 662 if ((beforec != 0) && (afterc != 0))
5d0a7127 663 {
9db0b148 664 if (beforec != afterc)
665 return;
666 if (!strcmp(before[BEFORE_U_NAME], after[AFTER_U_NAME]))
667 return;
668 com_err(whoami, 0, "Changing user %s to %s", before[BEFORE_U_NAME],
669 after[AFTER_U_NAME]);
670 av[0] = after[AFTER_U_NAME];
cd9e6b16 671 call_args[0] = (char *)ldap_handle;
672 call_args[1] = dn_path;
9db0b148 673 call_args[2] = (char *)MEMBER_ACTIVATE;
674 call_args[3] = before[BEFORE_U_NAME];
cd9e6b16 675 sid_base = NULL;
676 sid_ptr = &sid_base;
78af4e6e 677 callback_rc = 0;
9db0b148 678 if (rc = mr_query("get_user_account_by_login", 1, av, user_rename,
cd9e6b16 679 call_args))
680 {
78af4e6e 681 if (rc != LDAP_NO_SUCH_OBJECT)
682 {
683 critical_alert("AD incremental",
684 "Could not change user %s to %s : %s",
685 before[BEFORE_U_NAME],
686 after[AFTER_U_NAME], error_message(rc));
687 goto cleanup;
688 }
689 callback_rc = LDAP_NO_SUCH_OBJECT;
cd9e6b16 690 }
78af4e6e 691 if (callback_rc != LDAP_NO_SUCH_OBJECT)
692 goto cleanup;
693 beforec = 0;
5d0a7127 694 }
9db0b148 695 if (beforec != 0)
5d0a7127 696 {
9db0b148 697 com_err(whoami, 0, "Deactivate user %s in the AD", before[BEFORE_U_NAME]);
698 av[0] = before[BEFORE_U_NAME];
699 call_args[0] = (char *)ldap_handle;
700 call_args[1] = dn_path;
701 call_args[2] = (char *)MEMBER_DEACTIVATE;
702 if (rc = mr_query("get_user_account_by_login", 1, av, user_change_status,
703 call_args))
cd9e6b16 704 {
705 critical_alert("AD incremental",
78af4e6e 706 "Couldn't deactivate user %s in the AD : %s",
707 before[BEFORE_U_NAME], error_message(rc));
cd9e6b16 708 }
5d0a7127 709 goto cleanup;
710 }
9db0b148 711 if (afterc != 0)
5d0a7127 712 {
9db0b148 713 com_err(whoami, 0, "%s user %s", "Creating/Reactivating",
714 after[AFTER_U_NAME]);
5d0a7127 715
9db0b148 716 av[0] = after[AFTER_U_NAME];
cd9e6b16 717 call_args[0] = (char *)ldap_handle;
718 call_args[1] = dn_path;
9db0b148 719 call_args[2] = (char *)MEMBER_ACTIVATE;
720 call_args[3] = NULL;
cd9e6b16 721 sid_base = NULL;
722 sid_ptr = &sid_base;
723 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
724 call_args))
725 {
78af4e6e 726 critical_alert("AD incremental", "Couldn't create/activate user %s : %s",
727 after[AFTER_U_NAME], error_message(rc));
cd9e6b16 728 goto cleanup;
729 }
730 if (sid_base != NULL)
731 {
732 sid_update(ldap_handle, dn_path);
733 linklist_free(sid_base);
734 }
cd9e6b16 735 }
736cleanup:
737 moira_disconnect();
5d0a7127 738}
739
740int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
cd9e6b16 741 char *oldValue, char *newValue,
742 char ***modvalues, int type)
5d0a7127 743{
cd9e6b16 744 LK_ENTRY *linklist_ptr;
745 int i;
746 char *cPtr;
5d0a7127 747
cd9e6b16 748 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
749 == NULL)
750 {
751 return(1);
752 }
5d0a7127 753 for (i = 0; i < (modvalue_count + 1); i++)
cd9e6b16 754 (*modvalues)[i] = NULL;
5d0a7127 755 if (modvalue_count != 0)
756 {
757 linklist_ptr = linklist_base;
758 for (i = 0; i < modvalue_count; i++)
cd9e6b16 759 {
760 if ((oldValue != NULL) && (newValue != NULL))
761 {
762 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
763 != (char *)NULL)
764 {
765 if (type == REPLACE)
766 {
767 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
768 == NULL)
769 return(1);
770 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
771 strcpy((*modvalues)[i], newValue);
772 }
773 else
774 {
775 if (((*modvalues)[i] = calloc(1,
776 (int)(cPtr - linklist_ptr->value) +
777 (linklist_ptr->length - strlen(oldValue)) +
778 strlen(newValue) + 1)) == NULL)
779 return(1);
780 memset((*modvalues)[i], '\0',
781 (int)(cPtr - linklist_ptr->value) +
782 (linklist_ptr->length - strlen(oldValue)) +
783 strlen(newValue) + 1);
784 memcpy((*modvalues)[i], linklist_ptr->value,
785 (int)(cPtr - linklist_ptr->value));
786 strcat((*modvalues)[i], newValue);
787 strcat((*modvalues)[i],
788 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
789 }
790 }
791 else
792 {
793 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
794 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
795 memcpy((*modvalues)[i], linklist_ptr->value,
796 linklist_ptr->length);
797 }
798 }
799 else
800 {
801 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
802 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
803 memcpy((*modvalues)[i], linklist_ptr->value,
804 linklist_ptr->length);
805 }
806 linklist_ptr = linklist_ptr->next;
807 }
808 (*modvalues)[i] = NULL;
5d0a7127 809 }
810 return(0);
811}
812
cd9e6b16 813
5d0a7127 814int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
cd9e6b16 815 char **attr_array, LK_ENTRY **linklist_base,
816 int *linklist_count)
5d0a7127 817{
cd9e6b16 818 ULONG rc;
5d0a7127 819 LDAPMessage *ldap_entry;
cd9e6b16 820
821 rc = 0;
5d0a7127 822 ldap_entry = NULL;
823 (*linklist_base) = NULL;
824 (*linklist_count) = 0;
825 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
cd9e6b16 826 search_exp, attr_array, 0, &ldap_entry))
5d0a7127 827 != LDAP_SUCCESS)
828 return(0);
cd9e6b16 829 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
830
5d0a7127 831 ldap_msgfree(ldap_entry);
832 return(rc);
833}
834
cd9e6b16 835
5d0a7127 836int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 837 LK_ENTRY **linklist_base, int *linklist_count)
5d0a7127 838{
cd9e6b16 839 char distinguished_name[1024];
840 LK_ENTRY *linklist_ptr;
841 int rc;
842
5d0a7127 843 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
844 return(0);
cd9e6b16 845
846 memset(distinguished_name, '\0', sizeof(distinguished_name));
847 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
848
849 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
850 linklist_base)) != 0)
5d0a7127 851 return(rc);
cd9e6b16 852
5d0a7127 853 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
854 {
cd9e6b16 855 memset(distinguished_name, '\0', sizeof(distinguished_name));
856 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
857
858 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
859 linklist_base)) != 0)
860 return(rc);
5d0a7127 861 }
cd9e6b16 862
5d0a7127 863 linklist_ptr = (*linklist_base);
864 (*linklist_count) = 0;
865 while (linklist_ptr != NULL)
866 {
867 ++(*linklist_count);
868 linklist_ptr = linklist_ptr->next;
869 }
870 return(0);
871}
872
873int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 874 char *distinguished_name, LK_ENTRY **linklist_current)
5d0a7127 875{
cd9e6b16 876 char *Attribute;
877 BerElement *ptr;
878
5d0a7127 879 ptr = NULL;
cd9e6b16 880 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
5d0a7127 881 {
cd9e6b16 882 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
883 linklist_current);
5d0a7127 884 ldap_memfree(Attribute);
cd9e6b16 885 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
886 ptr)) != NULL)
887 {
888 retrieve_values(ldap_handle, ldap_entry, Attribute,
889 distinguished_name, linklist_current);
890 ldap_memfree(Attribute);
891 }
5d0a7127 892 }
cd9e6b16 893 ldap_ber_free(ptr, 0);
5d0a7127 894 return(0);
895}
896
cd9e6b16 897int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
898 char *Attribute, char *distinguished_name,
899 LK_ENTRY **linklist_current)
5d0a7127 900{
cd9e6b16 901 char **str_value;
902 char temp[256];
903 void **Ptr;
904 int use_bervalue;
905 LK_ENTRY *linklist_previous;
5d0a7127 906 LDAP_BERVAL **ber_value;
cd9e6b16 907 DWORD ber_length;
5d0a7127 908#ifdef LDAP_DEBUG
cd9e6b16 909 SID *sid;
910 GUID *guid;
911 int i;
912 int intValue;
913 DWORD *subauth;
914 SID_IDENTIFIER_AUTHORITY *sid_auth;
915 unsigned char *subauth_count;
916#endif /*LDAP_BEGUG*/
5d0a7127 917
918 use_bervalue = 0;
919 memset(temp, '\0', sizeof(temp));
920 if ((!strcmp(Attribute, "objectSid")) ||
921 (!strcmp(Attribute, "objectGUID")))
922 use_bervalue = 1;
cd9e6b16 923
5d0a7127 924 if (use_bervalue)
925 {
926 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
927 Ptr = (void **)ber_value;
928 str_value = NULL;
cd9e6b16 929 }
5d0a7127 930 else
931 {
932 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
933 Ptr = (void **)str_value;
934 ber_value = NULL;
935 }
936 if (Ptr != NULL)
937 {
938 for (; *Ptr; Ptr++)
cd9e6b16 939 {
940 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
941 return(1);
942 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
943 linklist_previous->next = (*linklist_current);
944 (*linklist_current) = linklist_previous;
945
946 if (((*linklist_current)->attribute = calloc(1,
947 strlen(Attribute) + 1)) == NULL)
948 return(1);
949 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
950 strcpy((*linklist_current)->attribute, Attribute);
951 if (use_bervalue)
952 {
953 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
954 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
955 return(1);
956 memset((*linklist_current)->value, '\0', ber_length);
957 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
958 ber_length);
959 (*linklist_current)->length = ber_length;
960 }
961 else
962 {
963 if (((*linklist_current)->value = calloc(1,
964 strlen(*Ptr) + 1)) == NULL)
965 return(1);
966 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
967 (*linklist_current)->length = strlen(*Ptr);
968 strcpy((*linklist_current)->value, *Ptr);
969 }
970 (*linklist_current)->ber_value = use_bervalue;
971 if (((*linklist_current)->dn = calloc(1,
972 strlen(distinguished_name) + 1)) == NULL)
973 return(1);
974 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
975 strcpy((*linklist_current)->dn, distinguished_name);
976
5d0a7127 977#ifdef LDAP_DEBUG
cd9e6b16 978 if (!strcmp(Attribute, "objectGUID"))
979 {
980 guid = (GUID *)((*linklist_current)->value);
981 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
982 guid->Data1, guid->Data2, guid->Data3,
983 guid->Data4[0], guid->Data4[1], guid->Data4[2],
984 guid->Data4[3], guid->Data4[4], guid->Data4[5],
985 guid->Data4[6], guid->Data4[7]);
986 print_to_screen(" %20s : {%s}\n", Attribute, temp);
987 }
988 else if (!strcmp(Attribute, "objectSid"))
989 {
990 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
5d0a7127 991#ifdef _WIN32
cd9e6b16 992 print_to_screen(" Revision = %d\n", sid->Revision);
993 print_to_screen(" SID Identifier Authority:\n");
994 sid_auth = &sid->IdentifierAuthority;
995 if (sid_auth->Value[0])
996 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
997 else if (sid_auth->Value[1])
998 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
999 else if (sid_auth->Value[2])
1000 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1001 else if (sid_auth->Value[3])
1002 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1003 else if (sid_auth->Value[5])
1004 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1005 else
1006 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1007 subauth_count = GetSidSubAuthorityCount(sid);
1008 print_to_screen(" SidSubAuthorityCount = %d\n",
1009 *subauth_count);
1010 print_to_screen(" SidSubAuthority:\n");
1011 for (i = 0; i < *subauth_count; i++)
1012 {
1013 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1014 print_to_screen(" %u\n", *subauth);
1015 }
5d0a7127 1016#endif
cd9e6b16 1017 }
1018 else if ((!memcmp(Attribute, "userAccountControl",
1019 strlen("userAccountControl"))) ||
1020 (!memcmp(Attribute, "sAMAccountType",
1021 strlen("sAmAccountType"))))
1022 {
1023 intValue = atoi(*Ptr);
1024 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1025 if (!memcmp(Attribute, "userAccountControl",
1026 strlen("userAccountControl")))
1027 {
1028 if (intValue & UF_ACCOUNTDISABLE)
1029 print_to_screen(" %20s : %s\n",
1030 "", "Account disabled");
1031 else
1032 print_to_screen(" %20s : %s\n",
1033 "", "Account active");
1034 if (intValue & UF_HOMEDIR_REQUIRED)
1035 print_to_screen(" %20s : %s\n",
1036 "", "Home directory required");
1037 if (intValue & UF_LOCKOUT)
1038 print_to_screen(" %20s : %s\n",
1039 "", "Account locked out");
1040 if (intValue & UF_PASSWD_NOTREQD)
1041 print_to_screen(" %20s : %s\n",
1042 "", "No password required");
1043 if (intValue & UF_PASSWD_CANT_CHANGE)
1044 print_to_screen(" %20s : %s\n",
1045 "", "Cannot change password");
1046 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1047 print_to_screen(" %20s : %s\n",
1048 "", "Temp duplicate account");
1049 if (intValue & UF_NORMAL_ACCOUNT)
1050 print_to_screen(" %20s : %s\n",
1051 "", "Normal account");
1052 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1053 print_to_screen(" %20s : %s\n",
1054 "", "Interdomain trust account");
1055 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1056 print_to_screen(" %20s : %s\n",
1057 "", "Workstation trust account");
1058 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1059 print_to_screen(" %20s : %s\n",
1060 "", "Server trust account");
1061 }
1062 }
1063 else
1064 {
1065 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1066 }
5d0a7127 1067#endif /*LDAP_DEBUG*/
cd9e6b16 1068 }
5d0a7127 1069 if (str_value != NULL)
cd9e6b16 1070 ldap_value_free(str_value);
5d0a7127 1071 if (ber_value != NULL)
cd9e6b16 1072 ldap_value_free_len(ber_value);
5d0a7127 1073 }
1074 (*linklist_current) = linklist_previous;
1075 return(0);
1076}
1077
5d0a7127 1078int moira_connect(void)
1079{
cd9e6b16 1080 long rc;
1081 char HostName[64];
1082
5d0a7127 1083 if (!mr_connections++)
1084 {
1085#ifdef _WIN32
1086 memset(HostName, '\0', sizeof(HostName));
1087 strcpy(HostName, "ttsp");
cd9e6b16 1088 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1089/*det
5d0a7127 1090 rc = mr_connect(HostName);
cd9e6b16 1091*/
5d0a7127 1092#else
1093 struct utsname uts;
1094 uname(&uts);
cd9e6b16 1095 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1096/*
5d0a7127 1097 rc = mr_connect(uts.nodename);
cd9e6b16 1098*/
5d0a7127 1099#endif /*WIN32*/
cd9e6b16 1100/*det
5d0a7127 1101 if (!rc)
cd9e6b16 1102 rc = mr_auth("winad.incr");
1103*/
5d0a7127 1104 return rc;
1105 }
1106 return 0;
1107}
1108
1109int moira_disconnect(void)
1110{
5d0a7127 1111
cd9e6b16 1112 if (!--mr_connections)
5d0a7127 1113 {
cd9e6b16 1114 mr_disconnect();
5d0a7127 1115 }
cd9e6b16 1116 return 0;
5d0a7127 1117}
1118
1119int convert_domain_to_dn(char *domain, char **dnp)
1120{
cd9e6b16 1121 char *fp;
1122 char *dp;
1123 char dn[1024];
1124 int dnlen = 1;
1125
5d0a7127 1126 memset(dn, 0, sizeof(dn));
1127 strcpy(dn, "dc=");
1128 dp = dn+3;
1129 for (fp = domain; *fp; fp++)
1130 {
1131 if (*fp == '.')
cd9e6b16 1132 {
1133 strcpy(dp, ",dc=");
1134 dp += 4;
1135 }
5d0a7127 1136 else
cd9e6b16 1137 *dp++ = *fp;
5d0a7127 1138 }
cd9e6b16 1139
5d0a7127 1140 *dnp = (char *)strdup(dn);
1141 return 0;
1142}
1143
1144void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
cd9e6b16 1145 char *distinguished_name)
5d0a7127 1146{
cd9e6b16 1147 char *CName;
1148
5d0a7127 1149 CName = ldap_get_dn(ldap_handle, ldap_entry);
1150 if (CName == NULL)
1151 return;
1152 strcpy(distinguished_name, CName);
1153 ldap_memfree(CName);
1154}
1155
1156int linklist_create_entry(char *attribute, char *value,
cd9e6b16 1157 LK_ENTRY **linklist_entry)
5d0a7127 1158{
1159 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1160 if (!(*linklist_entry))
1161 {
1162 return(1);
1163 }
1164 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1165 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1166 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1167 strcpy((*linklist_entry)->attribute, attribute);
1168 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1169 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1170 strcpy((*linklist_entry)->value, value);
1171 (*linklist_entry)->length = strlen(value);
1172 (*linklist_entry)->next = NULL;
1173 return(0);
1174}
1175
1176void print_to_screen(const char *fmt, ...)
1177{
1178 va_list pvar;
cd9e6b16 1179
5d0a7127 1180 va_start(pvar, fmt);
1181 vfprintf(stderr, fmt, pvar);
1182 fflush(stderr);
1183 va_end(pvar);
1184}
cd9e6b16 1185
1186int get_group_membership(char *group_membership, char *group_ou,
1187 int *security_flag, char **av)
1188{
1189 int maillist_flag;
1190 int group_flag;
1191
1192 maillist_flag = atoi(av[L_MAILLIST]);
1193 group_flag = atoi(av[L_GROUP]);
1194 if (security_flag != NULL)
1195 (*security_flag) = 0;
1196
1197 if ((maillist_flag) && (group_flag))
1198 {
1199 if (group_membership != NULL)
1200 group_membership[0] = 'B';
1201 if (security_flag != NULL)
1202 (*security_flag) = 1;
1203 if (group_ou != NULL)
1204 strcpy(group_ou, group_ou_both);
1205 }
1206 else if ((!maillist_flag) && (group_flag))
1207 {
1208 if (group_membership != NULL)
1209 group_membership[0] = 'S';
1210 if (security_flag != NULL)
1211 (*security_flag) = 1;
1212 if (group_ou != NULL)
1213 strcpy(group_ou, group_ou_security);
1214 }
1215 else if ((maillist_flag) && (!group_flag))
1216 {
1217 if (group_membership != NULL)
1218 group_membership[0] = 'D';
1219 if (group_ou != NULL)
1220 strcpy(group_ou, group_ou_distribution);
1221 }
1222 else
1223 {
1224 if (group_membership != NULL)
1225 group_membership[0] = 'N';
1226 if (group_ou != NULL)
1227 strcpy(group_ou, group_ou_neither);
1228 }
1229 return(0);
1230}
1231
1232int get_group_info(int ac, char**av, void *ptr)
1233{
1234 char **call_args;
1235
1236 call_args = ptr;
1237
1238 if (!atoi(av[L_ACTIVE]))
1239 return(0);
1240 if (ptr == NULL)
9db0b148 1241 {
78af4e6e 1242 get_group_membership(GroupType, NULL, NULL, av);
9db0b148 1243 }
cd9e6b16 1244 else
9db0b148 1245 {
1246 call_args[5] = av[L_NAME];
cd9e6b16 1247 get_group_membership(call_args[4], call_args[3], NULL, av);
9db0b148 1248 }
cd9e6b16 1249
1250 return(0);
1251}
1252
9db0b148 1253int group_rename(int ac, char **av, void *ptr)
1254{
1255 LDAPMod *mods[20];
1256 char old_dn[512];
1257 char new_dn[512];
78af4e6e 1258 char new_dn_path[512];
9db0b148 1259 char group_ou[256];
78af4e6e 1260 char sam_name[256];
9db0b148 1261 char group_membership[2];
1262 char filter_exp[4096];
1263 char *attr_array[3];
1264 char *name_v[] = {NULL, NULL};
78af4e6e 1265 char *samAccountName_v[] = {NULL, NULL};
9db0b148 1266 int n;
1267 int i;
1268 int rc;
1269 int security_flag;
1270 LK_ENTRY *group_base;
1271 int group_count;
1272 char **call_args;
78af4e6e 1273 char *maillist_flag = NULL;
1274 char *group_flag = NULL;
9db0b148 1275
1276 call_args = ptr;
1277
78af4e6e 1278 if (!check_string(call_args[2]))
1279 {
1280 callback_rc = LDAP_NO_SUCH_OBJECT;
1281 return(0);
1282 }
1283 if (!check_string(av[L_NAME]))
1284 {
1285 critical_alert("AD incremental - list rename",
1286 "invalid LDAP list name %s",
1287 av[L_NAME]);
1288 return(0);
1289 }
1290
9db0b148 1291 memset(group_ou, 0, sizeof(group_ou));
1292 memset(group_membership, 0, sizeof(group_membership));
1293 security_flag = 0;
9db0b148 1294
78af4e6e 1295 maillist_flag = av[L_MAILLIST];
1296 group_flag = av[L_GROUP];
1297 av[L_MAILLIST] = call_args[3];
1298 av[L_GROUP] = call_args[4];
1299 get_group_membership(group_membership, NULL, NULL, av);
1300 av[L_MAILLIST] = maillist_flag;
1301 av[L_GROUP] = group_flag;
9db0b148 1302
78af4e6e 1303 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", call_args[2], group_membership[0]);
9db0b148 1304 attr_array[0] = "distinguishedName";
1305 attr_array[1] = NULL;
1306 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1307 &group_base, &group_count)) != 0)
1308 {
78af4e6e 1309 critical_alert("AD incremental - list rename",
1310 "LDAP server unable to get list %s dn : %s",
1311 call_args[2], ldap_err2string(rc));
9db0b148 1312 return(0);
1313 }
1314 if (group_count != 1)
1315 {
78af4e6e 1316 critical_alert("AD incremental - list rename",
1317 "LDAP server unable to find list %s in AD.",
1318 call_args[2]);
1319 callback_rc = LDAP_NO_SUCH_OBJECT;
9db0b148 1320 return(0);
1321 }
1322 strcpy(old_dn, group_base->value);
1323 linklist_free(group_base);
1324 group_base = NULL;
1325 group_count = 0;
1326
78af4e6e 1327 get_group_membership(group_membership, group_ou, &security_flag, av);
1328 sprintf(sam_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1329 sprintf(new_dn_path, "%s,%s", group_ou, call_args[1]);
1330 sprintf(new_dn, "cn=%s", av[L_NAME]);
1331 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, new_dn_path,
1332 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1333 {
1334 critical_alert("AD incremental - list rename",
1335 "Couldn't rename list from %s to %s : %s",
1336 call_args[2], av[L_NAME], ldap_err2string(rc));
1337 return(0);
1338 }
9db0b148 1339
78af4e6e 1340 name_v[0] = av[L_NAME];
1341 samAccountName_v[0] = sam_name;
9db0b148 1342 n = 0;
1343 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
78af4e6e 1344 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
9db0b148 1345 mods[n] = NULL;
78af4e6e 1346 sprintf(new_dn, "cn=%s,%s,%s", av[L_NAME], group_ou, call_args[1]);
1347 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
1348 {
1349 critical_alert("AD incremental - list rename",
1350 "After renaming, couldn't modify list data for %s : %s",
1351 av[L_NAME], ldap_err2string(rc));
1352 }
9db0b148 1353 for (i = 0; i < n; i++)
1354 free(mods[i]);
78af4e6e 1355 return(0);
9db0b148 1356}
1357
cd9e6b16 1358int group_create(int ac, char **av, void *ptr)
1359{
1360 LDAPMod *mods[20];
1361 char new_dn[256];
1362 char group_ou[256];
1363 char new_group_name[256];
1364 char sam_group_name[256];
1365 char cn_group_name[256];
1366 char *cn_v[] = {NULL, NULL};
1367 char *objectClass_v[] = {"top", "group", NULL};
1368 char info[256];
1369 char *samAccountName_v[] = {NULL, NULL};
1370 char *managedBy_v[] = {NULL, NULL};
1371 char *altSecurityIdentities_v[] = {NULL, NULL};
1372 char *name_v[] = {NULL, NULL};
1373 char *desc_v[] = {NULL, NULL};
1374 char *info_v[] = {NULL, NULL};
1375 char *groupTypeControl_v[] = {NULL, NULL};
1376 char groupTypeControlStr[80];
1377 char group_membership[1];
1378 int i;
1379 int security_flag;
1380 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1381 int n;
1382 int rc;
1383 int sid_count;
1384 char filter_exp[256];
1385 char *attr_array[3];
1386 char **call_args;
1387
1388 call_args = ptr;
1389
1390 if (!atoi(av[L_ACTIVE]))
1391 return(0);
1392 if (!check_string(av[L_NAME]))
78af4e6e 1393 {
1394 critical_alert("AD incremental - list create",
1395 "invalid LDAP list name %s",
1396 av[L_NAME]);
1397 return(0);
1398 }
cd9e6b16 1399 memset(group_ou, 0, sizeof(group_ou));
1400 memset(group_membership, 0, sizeof(group_membership));
1401 security_flag = 0;
1402 get_group_membership(group_membership, group_ou, &security_flag, av);
1403 call_args[3] = strdup(group_ou);
1404 call_args[4] = strdup(group_membership);
9db0b148 1405 call_args[5] = strdup(av[L_NAME]);
cd9e6b16 1406
1407 if (security_flag)
1408 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1409 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1410 groupTypeControl_v[0] = groupTypeControlStr;
1411
1412 strcpy(new_group_name, av[L_NAME]);
1413 strcpy(sam_group_name, av[L_NAME]);
1414 strcpy(cn_group_name, av[L_NAME]);
1415 sprintf(&sam_group_name[strlen(sam_group_name)],
1416 "_zZx%c", group_membership[0]);
1417
1418 samAccountName_v[0] = sam_group_name;
1419 name_v[0] = new_group_name;
9db0b148 1420 cn_v[0] = new_group_name;
cd9e6b16 1421
9db0b148 1422 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
cd9e6b16 1423 n = 0;
1424 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1425 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1426 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1427 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1428 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1429 if (strlen(av[L_DESC]) != 0)
1430 {
1431 desc_v[0] = av[L_DESC];
1432 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1433 }
1434 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
78af4e6e 1435 if (strlen(av[L_ACE_NAME]) != 0)
cd9e6b16 1436 {
1437 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1438 info_v[0] = info;
1439 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1440 }
1441 mods[n] = NULL;
1442
1443 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1444
1445 for (i = 0; i < n; i++)
1446 free(mods[i]);
1447 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
78af4e6e 1448 {
1449 critical_alert("AD incremental - list rename",
1450 "Unable to create list %s in AD : %s",
1451 av[L_NAME], ldap_err2string(rc));
1452 return(0);
1453 }
cd9e6b16 1454 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1455 attr_array[0] = "objectSid";
1456 attr_array[1] = NULL;
1457 sid_count = 0;
1458 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1459 sid_ptr, &sid_count)) == LDAP_SUCCESS)
1460 {
1461 if (sid_count == 1)
1462 {
1463 (*sid_ptr)->member = strdup(av[L_NAME]);
1464 (*sid_ptr)->type = (char *)GROUPS;
1465 sid_ptr = &(*sid_ptr)->next;
1466 }
1467 }
78af4e6e 1468 return(0);
cd9e6b16 1469}
1470
1471int group_delete(int ac, char **av, void *ptr)
1472{
1473 LK_ENTRY *group_base;
1474 char **call_args;
1475 char *attr_array[3];
1476 char filter_exp[1024];
1477 char group_membership[1];
1478 char group_ou[256];
1479 char sam_group_name[256];
1480 int security_flag;
1481 int group_count;
1482 int rc;
1483
1484 call_args = ptr;
1485
1486 if (!check_string(av[L_NAME]))
78af4e6e 1487 {
1488 critical_alert("AD incremental - list delete",
1489 "invalid LDAP list name %s",
1490 av[L_NAME]);
1491 return(0);
1492 }
cd9e6b16 1493 memset(group_ou, 0, sizeof(group_ou));
1494 memset(group_membership, 0, sizeof(group_membership));
1495 security_flag = 0;
1496 get_group_membership(group_membership, group_ou, &security_flag, av);
1497
1498 group_count = 0;
1499 group_base = NULL;
1500 attr_array[0] = "distinguishedName";
1501 attr_array[1] = NULL;
1502 strcpy(sam_group_name, av[L_NAME]);
1503 sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c",
1504 group_membership[0]);
1505 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1506 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp,
1507 attr_array, &group_base, &group_count)) != 0)
1508 goto cleanup;
1509 if (group_count == 1)
cd9e6b16 1510 {
78af4e6e 1511 if ((rc = ldap_delete_s((LDAP *)call_args[0], group_base->value)) != LDAP_SUCCESS)
1512 {
1513 critical_alert("AD incremental - list delete",
1514 "Couldn't delete group %s : %s",
1515 av[L_NAME], ldap_err2string(rc));
1516 }
1517 }
1518 else
1519 {
1520 critical_alert("AD incremental - list delete",
1521 "Unable to find list %s in AD.",
1522 av[L_NAME]);
cd9e6b16 1523 }
1524cleanup:
1525 linklist_free(group_base);
78af4e6e 1526 return(0);
cd9e6b16 1527}
1528
78af4e6e 1529int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name)
cd9e6b16 1530{
1531 LK_ENTRY *group_base;
1532 char *attr_array[3];
1533 char filter_exp[1024];
1534 char sam_group_name[256];
1535 char temp[512];
1536 int group_count;
1537 int rc;
1538
78af4e6e 1539 if (!check_string(group_name))
1540 {
1541 critical_alert("AD incremental - list AD delete",
1542 "invalid LDAP list name %s",
1543 group_name);
1544 return(0);
1545 }
cd9e6b16 1546 rc = 1;
1547 group_count = 0;
1548 group_base = NULL;
1549 attr_array[0] = "distinguishedName";
1550 attr_array[1] = NULL;
78af4e6e 1551 strcpy(sam_group_name, group_name);
cd9e6b16 1552 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1553 sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name);
1554 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1555 &group_base, &group_count) != 0)
1556 goto cleanup;
1557 if (group_count == 1)
78af4e6e 1558 {
1559 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1560 {
1561 critical_alert("AD incremental - list AD delete",
1562 "Unable to delete list %s from AD : %s",
1563 group_name, ldap_err2string(rc));
1564 return(0);
1565 }
1566 }
1567 else
1568 {
1569 critical_alert("AD incremental - list AD delete",
1570 "Unable to find list %s in AD.",
1571 group_name);
1572 }
cd9e6b16 1573cleanup:
1574 linklist_free(group_base);
78af4e6e 1575 return(0);
cd9e6b16 1576}
1577
1578int group_list_build(int ac, char **av, void *ptr)
1579{
1580 LK_ENTRY *linklist;
1581 char **call_args;
1582
1583 call_args = ptr;
1584
1585 if (!atoi(av[L_ACTIVE]))
1586 return(0);
1587 if (!check_string(av[L_NAME]))
1588 return(0);
1589 linklist = calloc(1, sizeof(LK_ENTRY));
1590 if (!linklist)
1591 {
1592 critical_alert("AD incremental", "Out of memory");
1593 exit(1);
1594 }
1595 memset(linklist, '\0', sizeof(LK_ENTRY));
1596 linklist->op = 1;
1597 linklist->dn = NULL;
1598 linklist->list = calloc(1, strlen(av[L_NAME]) + 1);
1599 strcpy(linklist->list, av[L_NAME]);
1600 linklist->type = calloc(1, strlen("USER") + 1);
1601 strcpy(linklist->type, "USER");
1602 linklist->member = calloc(1, strlen(call_args[0]) + 1);
1603 strcpy(linklist->member, call_args[0]);
1604 linklist->next = member_base;
1605 member_base = linklist;
1606 return(0);
1607}
1608
1609int member_list_build(int ac, char **av, void *ptr)
1610{
1611 LK_ENTRY *linklist;
78af4e6e 1612 char temp[1024];
cd9e6b16 1613 char **call_args;
1614
1615 call_args = ptr;
1616
1617 strcpy(temp, av[ACE_NAME]);
1618 if (!check_string(temp))
1619 return(0);
1620 if (!strcmp(av[ACE_TYPE], "STRING"))
1621 {
78af4e6e 1622 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1623 return(0);
cd9e6b16 1624 }
1625 else if (!strcmp(av[ACE_TYPE], "LIST"))
1626 {
1627 strcpy(temp, av[ACE_NAME]);
1628 }
1629 else if (strcmp(av[ACE_TYPE], "USER"))
1630 {
78af4e6e 1631 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1632 return(0);
cd9e6b16 1633 }
1634 linklist = member_base;
1635 while (linklist)
1636 {
1637 if (!strcasecmp(temp, linklist->member))
1638 return(0);
1639 linklist = linklist->next;
1640 }
1641 linklist = calloc(1, sizeof(LK_ENTRY));
1642 linklist->op = 1;
1643 linklist->dn = NULL;
1644 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1645 strcpy(linklist->list, call_args[2]);
1646 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1647 strcpy(linklist->type, av[ACE_TYPE]);
1648 linklist->member = calloc(1, strlen(temp) + 1);
1649 strcpy(linklist->member, temp);
1650 linklist->next = member_base;
1651 member_base = linklist;
1652 return(0);
1653}
1654
78af4e6e 1655int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1656 char *group_ou, char *group_membership, char *group_gid)
1657{
1658 char distinguished_name[1024];
1659 char **modvalues;
1660 char filter_exp[4096];
1661 char *attr_array[3];
1662 char temp[256];
1663 int group_count;
1664 int i;
1665 int n;
1666 LDAPMod *mods[20];
1667 LK_ENTRY *group_base;
1668 ULONG rc;
1669
1670 if (!check_string(group_name))
1671 return(0);
1672 strcpy(temp, group_name);
1673 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1674 attr_array[0] = "distinguishedName";
1675 attr_array[1] = NULL;
1676 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1677 &group_base, &group_count)) != 0)
1678 {
1679 critical_alert("AD incremental - member remove",
1680 "LDAP server unable to get list %s info : %s",
1681 group_name, ldap_err2string(rc));
1682 goto cleanup;
1683 }
1684 if (group_count != 1)
1685 {
1686 critical_alert("AD incremental - member remove",
1687 "LDAP server unable to find list %s in AD.",
1688 group_name);
1689 goto cleanup;
1690 }
1691 strcpy(distinguished_name, group_base->value);
1692 linklist_free(group_base);
1693 group_base = NULL;
1694 group_count = 0;
1695 attr_array[0] = "member";
1696 attr_array[1] = NULL;
1697 if ((rc = linklist_build(ldap_handle, distinguished_name, filter_exp, attr_array,
1698 &group_base, &group_count)) != 0)
1699 {
1700 critical_alert("AD incremental - member remove",
1701 "LDAP server unable to get list %s info : %s",
1702 group_name, ldap_err2string(rc));
1703 goto cleanup;
1704 }
1705
1706 modvalues = NULL;
1707 if (group_count != 0)
1708 {
1709 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1710 &modvalues, REPLACE)) == 1)
1711 goto cleanup;
1712 n = 0;
1713 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1714 mods[n] = NULL;
1715 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1716 for (i = 0; i < n; i++)
1717 free(mods[i]);
1718 if (rc != LDAP_SUCCESS)
1719 {
1720 critical_alert("AD incremental - member remove",
1721 "LDAP server unable to modify list %s members : %s",
1722 group_name, ldap_err2string(rc));
1723 goto cleanup;
1724 }
1725 linklist_free(group_base);
1726 group_count = 0;
1727 group_base = NULL;
1728 }
1729
1730cleanup:
1731 free_values(modvalues);
1732 linklist_free(group_base);
1733 return(rc);
1734}
1735
cd9e6b16 1736#define USER_COUNT 5
1737
1738int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
9db0b148 1739 char *group_ou, char *group_membership, char *group_gid)
cd9e6b16 1740{
1741 char distinguished_name[1024];
1742 char **modvalues;
1743 char filter_exp[4096];
1744 char *attr_array[3];
1745 char temp[256];
1746 char group_member[256];
1747 char *args[2];
1748 int group_count;
1749 int new_list_count;
1750 int i;
1751 int j;
1752 int k;
1753 int n;
1754 int filter_count;
1755 LDAPMod *mods[20];
1756 LK_ENTRY *group_base;
1757 LK_ENTRY *new_list;
1758 LK_ENTRY *sPtr;
1759 LK_ENTRY *pPtr;
1760 ULONG rc;
1761
1762 rc = 0;
1763 group_base = NULL;
1764 group_count = 0;
1765 modvalues = NULL;
1766
1767 pPtr = member_base;
1768 while (pPtr)
1769 {
1770 ++group_count;
1771 pPtr = pPtr->next;
1772 }
1773 j = group_count/USER_COUNT;
1774 ++j;
1775
1776 if (!check_string(group_name))
1777 return(0);
1778 strcpy(temp, group_name);
9db0b148 1779 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
cd9e6b16 1780 attr_array[0] = "distinguishedName";
1781 attr_array[1] = NULL;
1782 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1783 &group_base, &group_count)) != 0)
1784 {
78af4e6e 1785 critical_alert("AD incremental - member list process",
1786 "LDAP server unable to get list %s info : %s",
1787 group_name, ldap_err2string(rc));
cd9e6b16 1788 goto cleanup;
1789 }
1790 if (group_count != 1)
1791 {
78af4e6e 1792 critical_alert("AD incremental - member list process",
1793 "LDAP server unable to find list %s in AD.",
cd9e6b16 1794 group_name);
cd9e6b16 1795 goto cleanup;
1796 }
1797 strcpy(distinguished_name, group_base->value);
1798 linklist_free(group_base);
1799 group_base = NULL;
1800 group_count = 0;
1801
1802 pPtr = member_base;
1803 for (i = 0; i < j; i++)
1804 {
1805 if (pPtr == NULL)
1806 break;
1807 memset(filter_exp, 0, sizeof(filter_exp));
1808 strcpy(filter_exp, "(|");
1809 filter_count = 0;
1810 for (k = 0; k < USER_COUNT; k++)
1811 {
1812 strcpy(group_member, pPtr->member);
1813 if (!check_string(group_member))
1814 {
1815 pPtr = pPtr->next;
1816 if (pPtr == NULL)
1817 break;
1818 continue;
1819 }
1820 if (!strcmp(pPtr->type, "LIST"))
1821 {
1822 args[0] = pPtr->member;
1823 rc = mr_query("get_list_info", 1, args, get_group_info, NULL);
78af4e6e 1824 sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, GroupType[0]);
cd9e6b16 1825 }
1826 else if (!strcmp(pPtr->type, "USER"))
1827 {
9db0b148 1828 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, user_ou, dn_path);
cd9e6b16 1829 }
1830 else if (!strcmp(pPtr->type, "STRING"))
1831 {
9db0b148 1832 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, contact_ou, dn_path);
cd9e6b16 1833 }
1834 else
1835 {
9db0b148 1836 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, kerberos_ou, dn_path);
cd9e6b16 1837 }
1838 strcat(filter_exp, temp);
1839 ++filter_count;
1840 pPtr = pPtr->next;
1841 if (pPtr == NULL)
1842 break;
1843 }
1844 if (filter_count == 0)
1845 continue;
1846 strcat(filter_exp, ")");
1847 attr_array[0] = "distinguishedName";
1848 attr_array[1] = NULL;
1849 new_list = NULL;
1850 new_list_count = 0;
1851 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1852 &new_list, &new_list_count)) != 0)
1853 {
78af4e6e 1854 critical_alert("AD incremental - member list process",
1855 "LDAP server unable to get list %s members from AD : %s",
1856 group_name, ldap_err2string(rc));
cd9e6b16 1857 goto cleanup;
1858 }
1859 group_count += new_list_count;
1860 if (group_base == NULL)
1861 group_base = new_list;
1862 else
1863 {
1864 sPtr = group_base;
1865 while (sPtr)
1866 {
1867 if (sPtr->next != NULL)
1868 {
1869 sPtr = sPtr->next;
1870 continue;
1871 }
1872 sPtr->next = new_list;
1873 break;
1874 }
1875 }
1876 }
1877
1878 modvalues = NULL;
1879 if (group_count != 0)
1880 {
1881 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1882 &modvalues, REPLACE)) == 1)
1883 goto cleanup;
1884 n = 0;
1885 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
1886 mods[n] = NULL;
1887 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods))
1888 != LDAP_SUCCESS)
1889 {
1890 mods[0]->mod_op = LDAP_MOD_REPLACE;
1891 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1892 }
1893 if (rc == LDAP_ALREADY_EXISTS)
1894 rc = LDAP_SUCCESS;
1895 for (i = 0; i < n; i++)
1896 free(mods[i]);
1897 linklist_free(group_base);
1898 group_count = 0;
1899 group_base = NULL;
78af4e6e 1900 if (rc != LDAP_SUCCESS)
1901 {
1902 critical_alert("AD incremental - member list process",
1903 "LDAP server unable to modify list %s members in AD : %s",
1904 group_name, ldap_err2string(rc));
1905 goto cleanup;
1906 }
cd9e6b16 1907 }
1908
1909cleanup:
1910 free_values(modvalues);
1911 linklist_free(group_base);
78af4e6e 1912 return(0);
cd9e6b16 1913}
1914
1915int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
1916{
1917 LDAPMod *mods[20];
1918 char new_dn[256];
1919 char cn_user_name[256];
1920 char contact_name[256];
1921 char *cn_v[] = {NULL, NULL};
1922 char *contact_v[] = {NULL, NULL};
1923 char *objectClass_v[] = {"top", "person",
1924 "organizationalPerson",
1925 "contact", NULL};
1926 char *name_v[] = {NULL, NULL};
1927 char *desc_v[] = {NULL, NULL};
1928 int n;
1929 int rc;
1930 int i;
1931
1932 if (!check_string(user))
78af4e6e 1933 {
1934 critical_alert("AD incremental - contact create",
1935 "invalid LDAP name %s",
1936 user);
1937 return(1);
1938 }
cd9e6b16 1939 strcpy(contact_name, user);
1940 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
1941 cn_v[0] = cn_user_name;
1942 contact_v[0] = contact_name;
1943 name_v[0] = user;
1944 desc_v[0] = "Auto account created by Moira";
1945
1946 strcpy(new_dn, cn_user_name);
1947 n = 0;
1948 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
1949 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1950 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1951 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1952 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1953 mods[n] = NULL;
1954
1955 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
1956 for (i = 0; i < n; i++)
1957 free(mods[i]);
1958 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
78af4e6e 1959 {
1960 critical_alert("AD incremental - contact create",
1961 "could not create contact %s : %s",
1962 user, ldap_err2string(rc));
1963 return(1);
1964 }
1965 return(0);
1966}
1967
1968int user_update(int ac, char **av, void *ptr)
1969{
1970 LDAPMod *mods[20];
1971 LK_ENTRY *group_base;
1972 int group_count;
1973 char distinguished_name[256];
1974 char user_name[256];
1975 char *uid_v[] = {NULL, NULL};
1976 char *mitid_v[] = {NULL, NULL};
1977 int n;
1978 int rc;
1979 int i;
1980 char **call_args;
1981 char filter_exp[256];
1982 char *attr_array[3];
1983
1984 call_args = ptr;
1985
1986 if (!check_string(av[U_NAME]))
1987 {
1988 critical_alert("AD incremental - user update",
1989 "invalid LDAP user name %s",
1990 av[U_NAME]);
1991 return(0);
1992 }
1993
1994 strcpy(user_name, av[U_NAME]);
1995 group_count = 0;
1996 group_base = NULL;
1997 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
1998 attr_array[0] = "cn";
1999 attr_array[1] = NULL;
2000 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2001 &group_base, &group_count)) != 0)
2002 {
2003 critical_alert("AD incremental - user update",
2004 "LDAP server couldn't process user %s : %s",
2005 user_name, ldap_err2string(rc));
2006 goto cleanup;
2007 }
2008
2009 if (group_count != 1)
2010 {
2011 critical_alert("AD incremental - user update",
2012 "LDAP server unable to find user %s in AD.",
2013 user_name);
2014 goto cleanup;
2015 }
2016 strcpy(distinguished_name, group_base->dn);
2017
2018 n = 0;
2019 if (strlen(av[U_UID]) != 0)
2020 {
2021 uid_v[0] = av[U_UID];
2022 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2023 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2024 }
2025 if (strlen(av[U_MITID]) != 0)
2026 {
2027 mitid_v[0] = av[U_MITID];
2028 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2029 }
2030 mods[n] = NULL;
2031 if (n != 0)
2032 {
2033 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) != LDAP_SUCCESS)
2034 {
2035 critical_alert("AD incremental - user update",
2036 "Couldn't modify user data for %s : %s",
2037 user_name, ldap_err2string(rc));
2038 }
2039 for (i = 0; i < n; i++)
2040 free(mods[i]);
2041 }
2042
2043cleanup:
2044 linklist_free(group_base);
2045 return(0);
cd9e6b16 2046}
2047
9db0b148 2048int user_rename(int ac, char **av, void *ptr)
2049{
2050 LDAPMod *mods[20];
2051 char new_dn[256];
2052 char old_dn[256];
2053 char user_name[256];
2054 char upn[256];
2055 char temp[128];
2056 char *userPrincipalName_v[] = {NULL, NULL};
2057 char *altSecurityIdentities_v[] = {NULL, NULL};
2058 char *name_v[] = {NULL, NULL};
78af4e6e 2059 char *samAccountName_v[] = {NULL, NULL};
2060 char *uid_v[] = {NULL, NULL};
2061 char *mitid_v[] = {NULL, NULL};
9db0b148 2062 int n;
2063 int rc;
2064 int i;
2065 char **call_args;
2066
2067 call_args = ptr;
2068
9db0b148 2069 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2070 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
78af4e6e 2071 return(0);
9db0b148 2072 if (!strncmp(av[U_NAME], "#", 1))
2073 return(0);
78af4e6e 2074 if (!check_string(call_args[3]))
2075 {
2076 callback_rc = LDAP_NO_SUCH_OBJECT;
2077 return(0);
2078 }
2079 if (!check_string(av[U_NAME]))
2080 {
2081 critical_alert("AD incremental - user rename",
2082 "invalid LDAP user name %s",
2083 av[U_NAME]);
2084 return(0);
2085 }
9db0b148 2086
2087 strcpy(user_name, av[U_NAME]);
2088 sprintf(old_dn, "cn=%s,%s,%s", call_args[3], user_ou, call_args[1]);
2089 sprintf(new_dn, "cn=%s", user_name);
2090
2091 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, NULL, TRUE,
2092 NULL, NULL)) != LDAP_SUCCESS)
2093 {
78af4e6e 2094 if (rc == LDAP_NO_SUCH_OBJECT)
2095 {
2096 callback_rc = LDAP_NO_SUCH_OBJECT;
2097 return(0);
2098 }
2099 critical_alert("AD incremental - user rename",
2100 "Couldn't rename user from %s to %s : %s",
2101 call_args[3], user_name, ldap_err2string(rc));
2102 return(0);
9db0b148 2103 }
2104
2105 name_v[0] = user_name;
2106 sprintf(upn, "%s@%s", user_name, ldap_domain);
2107 userPrincipalName_v[0] = upn;
2108 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2109 altSecurityIdentities_v[0] = temp;
78af4e6e 2110 samAccountName_v[0] = user_name;
9db0b148 2111
2112 n = 0;
2113 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2114 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2115 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
78af4e6e 2116 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2117 if (strlen(av[U_UID]) != 0)
2118 {
2119 uid_v[0] = av[U_UID];
2120 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2121 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2122 }
2123 if (strlen(av[U_MITID]) != 0)
2124 {
2125 mitid_v[0] = av[U_MITID];
2126 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2127 }
9db0b148 2128 mods[n] = NULL;
2129 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2130 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
2131 {
78af4e6e 2132 critical_alert("AD incremental - user rename",
2133 "After renaming, couldn't modify user data for %s : %s",
2134 user_name, ldap_err2string(rc));
9db0b148 2135 }
2136 for (i = 0; i < n; i++)
2137 free(mods[i]);
78af4e6e 2138 return(0);
9db0b148 2139}
2140
cd9e6b16 2141int user_create(int ac, char **av, void *ptr)
2142{
2143 LDAPMod *mods[20];
2144 char new_dn[256];
2145 char user_name[256];
9db0b148 2146 char sam_name[256];
cd9e6b16 2147 char *cn_v[] = {NULL, NULL};
2148 char *objectClass_v[] = {"top", "person",
2149 "organizationalPerson",
2150 "user", NULL};
2151
2152 char *samAccountName_v[] = {NULL, NULL};
2153 char *altSecurityIdentities_v[] = {NULL, NULL};
2154 char *name_v[] = {NULL, NULL};
2155 char *desc_v[] = {NULL, NULL};
2156 char upn[256];
2157 char *userPrincipalName_v[] = {NULL, NULL};
2158 char *userAccountControl_v[] = {NULL, NULL};
78af4e6e 2159 char *uid_v[] = {NULL, NULL};
2160 char *mitid_v[] = {NULL, NULL};
cd9e6b16 2161 char userAccountControlStr[80];
2162 char temp[128];
2163 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2164 int n;
2165 int rc;
2166 int i;
2167 int sid_count;
2168 char filter_exp[256];
2169 char *attr_array[3];
2170 char **call_args;
2171
2172 call_args = ptr;
2173
cd9e6b16 2174 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2175 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
78af4e6e 2176 return(0);
cd9e6b16 2177 if (!strncmp(av[U_NAME], "#", 1))
2178 return(0);
78af4e6e 2179 if (!check_string(av[U_NAME]))
2180 {
2181 critical_alert("AD incremental - user create",
2182 "invalid LDAP user name %s",
2183 av[U_NAME]);
2184 return(0);
2185 }
9db0b148 2186
cd9e6b16 2187 strcpy(user_name, av[U_NAME]);
2188 sprintf(upn, "%s@%s", user_name, ldap_domain);
78af4e6e 2189 sprintf(sam_name, "%s", av[U_NAME]);
9db0b148 2190 samAccountName_v[0] = sam_name;
cd9e6b16 2191 if (atoi(av[U_STATE]) == US_DELETED)
2192 userAccountControl |= UF_ACCOUNTDISABLE;
2193 sprintf(userAccountControlStr, "%ld", userAccountControl);
2194 userAccountControl_v[0] = userAccountControlStr;
2195 userPrincipalName_v[0] = upn;
2196
2197 cn_v[0] = user_name;
2198 name_v[0] = user_name;
2199 desc_v[0] = "Auto account created by Moira";
2200 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2201 altSecurityIdentities_v[0] = temp;
2202 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2203
2204 n = 0;
2205 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2206 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2207 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2208 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2209 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2210 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2211 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2212 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2213 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
78af4e6e 2214 if (strlen(av[U_UID]) != 0)
2215 {
2216 uid_v[0] = av[U_UID];
2217 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2218 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2219 }
2220 if (strlen(av[U_MITID]) != 0)
2221 mitid_v[0] = av[U_MITID];
2222 else
2223 mitid_v[0] = "none";
2224 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
cd9e6b16 2225 mods[n] = NULL;
2226
2227 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
78af4e6e 2228 for (i = 0; i < n; i++)
2229 free(mods[i]);
9db0b148 2230 if (rc == LDAP_ALREADY_EXISTS)
2231 {
2232 rc = user_change_status(ac, av, ptr);
78af4e6e 2233 return(0);
9db0b148 2234 }
cd9e6b16 2235 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
78af4e6e 2236 {
2237 critical_alert("AD incremental - user create",
2238 "could not create user %s : %s",
2239 user_name, ldap_err2string(rc));
2240 return(0);
2241 }
cd9e6b16 2242 if (rc == LDAP_SUCCESS)
2243 {
9db0b148 2244 if ((rc = set_password(sam_name, ldap_domain)) != 0)
cd9e6b16 2245 {
9db0b148 2246 if ((rc = set_password(user_name, ldap_domain)) != 0)
2247 {
78af4e6e 2248 critical_alert("AD incremental - user create",
2249 "Couldn't set password for user %s : %ld",
9db0b148 2250 user_name, rc);
9db0b148 2251 }
cd9e6b16 2252 }
2253 }
78af4e6e 2254 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
cd9e6b16 2255 attr_array[0] = "objectSid";
2256 attr_array[1] = NULL;
2257 sid_count = 0;
2258 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
78af4e6e 2259 sid_ptr, &sid_count)) == LDAP_SUCCESS)
cd9e6b16 2260 {
2261 if (sid_count == 1)
2262 {
2263 (*sid_ptr)->member = strdup(av[U_NAME]);
2264 (*sid_ptr)->type = (char *)USERS;
2265 sid_ptr = &(*sid_ptr)->next;
2266 }
2267 }
78af4e6e 2268 return(0);
cd9e6b16 2269}
2270
9db0b148 2271int user_change_status(int ac, char **av, void *ptr)
cd9e6b16 2272{
2273 char filter_exp[1024];
2274 char *attr_array[3];
2275 char temp[256];
2276 char distinguished_name[1024];
2277 char user_name[512];
2278 char **modvalues;
2279 LDAPMod *mods[20];
2280 LK_ENTRY *group_base;
2281 int group_count;
2282 int rc;
2283 int i;
2284 int n;
9db0b148 2285 int operation;
cd9e6b16 2286 ULONG ulongValue;
9db0b148 2287 char **call_args;
cd9e6b16 2288
9db0b148 2289 call_args = ptr;
2290
78af4e6e 2291 if (!check_string(av[U_NAME]))
2292 {
2293 critical_alert("AD incremental - user change status",
2294 "invalid LDAP user name %s",
2295 av[U_NAME]);
2296 return(0);
2297 }
2298 strcpy(user_name, av[U_NAME]);
9db0b148 2299 operation = (int)call_args[2];
cd9e6b16 2300 group_count = 0;
2301 group_base = NULL;
78af4e6e 2302 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
cd9e6b16 2303 attr_array[0] = "UserAccountControl";
2304 attr_array[1] = NULL;
9db0b148 2305 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
cd9e6b16 2306 &group_base, &group_count)) != 0)
2307 {
78af4e6e 2308 critical_alert("AD incremental - user change status",
2309 "LDAP server couldn't process user %s : %s",
2310 user_name, ldap_err2string(rc));
cd9e6b16 2311 goto cleanup;
2312 }
2313
78af4e6e 2314 if (group_count != 1)
cd9e6b16 2315 {
78af4e6e 2316 critical_alert("AD incremental - user change status",
2317 "LDAP server unable to find user %s in AD.",
2318 user_name);
cd9e6b16 2319 goto cleanup;
2320 }
2321
2322 strcpy(distinguished_name, group_base->dn);
2323 ulongValue = atoi((*group_base).value);
2324 if (operation == MEMBER_DEACTIVATE)
2325 ulongValue |= UF_ACCOUNTDISABLE;
2326 else
2327 ulongValue &= ~UF_ACCOUNTDISABLE;
2328 sprintf(temp, "%ld", ulongValue);
2329 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2330 temp, &modvalues, REPLACE)) == 1)
2331 goto cleanup;
2332 linklist_free(group_base);
2333 group_base = NULL;
2334 group_count = 0;
2335 n = 0;
2336 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2337 mods[n] = NULL;
9db0b148 2338 rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods);
cd9e6b16 2339 for (i = 0; i < n; i++)
2340 free(mods[i]);
2341 free_values(modvalues);
2342 if (rc != LDAP_SUCCESS)
2343 {
78af4e6e 2344 critical_alert("AD incremental - user change status",
2345 "LDAP server could not change status of user %s : %s",
2346 user_name, ldap_err2string(rc));
cd9e6b16 2347 }
2348cleanup:
2349 linklist_free(group_base);
78af4e6e 2350 return(0);
cd9e6b16 2351}
2352
2353int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2354{
2355 char filter_exp[1024];
2356 char *attr_array[3];
2357 char distinguished_name[1024];
2358 char user_name[512];
2359 LK_ENTRY *group_base;
2360 int group_count;
2361 int rc;
2362
2363 if (!check_string(u_name))
2364 return(0);
2365 strcpy(user_name, u_name);
2366 group_count = 0;
2367 group_base = NULL;
2368 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2369 attr_array[0] = "name";
2370 attr_array[1] = NULL;
2371 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2372 &group_base, &group_count)) != 0)
2373 {
2374 critical_alert("AD incremental",
78af4e6e 2375 "LDAP server couldn't process user %s : %s",
2376 user_name, ldap_err2string(rc));
cd9e6b16 2377 goto cleanup;
2378 }
2379
78af4e6e 2380 if (group_count != 1)
cd9e6b16 2381 {
78af4e6e 2382 critical_alert("AD incremental - user change status",
2383 "LDAP server unable to find user %s in AD.",
2384 user_name);
cd9e6b16 2385 goto cleanup;
2386 }
2387
2388 strcpy(distinguished_name, group_base->dn);
2389 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2390 {
2391 critical_alert("AD incremental",
78af4e6e 2392 "LDAP server couldn't process user %s : %s",
2393 user_name, ldap_err2string(rc));
cd9e6b16 2394 }
2395
2396cleanup:
2397 linklist_free(group_base);
78af4e6e 2398 return(0);
cd9e6b16 2399}
2400
2401void linklist_free(LK_ENTRY *linklist_base)
2402{
2403 LK_ENTRY *linklist_previous;
2404
2405 while (linklist_base != NULL)
2406 {
2407 if (linklist_base->dn != NULL)
2408 free(linklist_base->dn);
2409 if (linklist_base->attribute != NULL)
2410 free(linklist_base->attribute);
2411 if (linklist_base->value != NULL)
2412 free(linklist_base->value);
2413 if (linklist_base->member != NULL)
2414 free(linklist_base->member);
2415 if (linklist_base->type != NULL)
2416 free(linklist_base->type);
2417 if (linklist_base->list != NULL)
2418 free(linklist_base->list);
2419 linklist_previous = linklist_base;
2420 linklist_base = linklist_previous->next;
2421 free(linklist_previous);
2422 }
2423}
2424
2425void free_values(char **modvalues)
2426{
2427 int i;
2428
2429 i = 0;
2430 if (modvalues != NULL)
2431 {
2432 while (modvalues[i] != NULL)
2433 {
2434 free(modvalues[i]);
2435 modvalues[i] = NULL;
2436 ++i;
2437 }
2438 free(modvalues);
2439 }
2440}
2441
2442int sid_update(LDAP *ldap_handle, char *dn_path)
2443{
2444 LK_ENTRY *ptr;
2445 int rc;
2446 unsigned char temp[126];
2447 char *av[3];
2448
2449 ptr = sid_base;
2450
2451 while (ptr != NULL)
2452 {
2453 memset(temp, 0, sizeof(temp));
2454 convert_b_to_a(temp, ptr->value, ptr->length);
2455 av[0] = ptr->member;
2456 av[1] = temp;
2457 if (ptr->type == (char *)GROUPS)
2458 {
2459 ptr->type = NULL;
2460 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2461 }
2462 else if (ptr->type == (char *)USERS)
2463 {
2464 ptr->type = NULL;
2465 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2466 }
2467 ptr = ptr->next;
2468 }
2469 return(0);
2470}
2471
2472void convert_b_to_a(char *string, UCHAR *binary, int length)
2473{
2474 int i;
2475 int j;
2476 UCHAR tmp;
2477
2478 j = 0;
2479 for (i = 0; i < length; i++)
2480 {
2481 tmp = binary[i];
2482 string[j] = tmp;
2483 string[j] >>= 4;
2484 string[j] &= 0x0f;
2485 string[j] += 0x30;
2486 if (string[j] > '9')
2487 string[j] += 0x27;
2488 ++j;
2489 string[j] = tmp & 0x0f;
2490 string[j] += 0x30;
2491 if (string[j] > '9')
2492 string[j] += 0x27;
2493 j++;
2494 }
2495 string[j] = 0;
2496}
2497
2498static int illegalchars[] = {
2499 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2500 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2501 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2502 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2503 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2504 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2505 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2506 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2507 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2508 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2509 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2510 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2511 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2512 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2513 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2514 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2515};
2516
2517int check_string(char *s)
2518{
78af4e6e 2519 char character;
2520
cd9e6b16 2521 for (; *s; s++)
2522 {
78af4e6e 2523 character = *s;
2524 if (isupper(character))
2525 character = tolower(character);
2526 if (illegalchars[(unsigned) character])
cd9e6b16 2527 return 0;
2528 }
2529 return 1;
2530}
2531
2532int mr_connect_cl(char *server, char *client, int version, int auth)
2533{
2534 int status;
2535 char *motd;
2536
2537 status = mr_connect(server);
2538 if (status)
2539 {
2540 com_err(whoami, status, "while connecting to Moira");
2541 return MRCL_FAIL;
2542 }
2543
2544 status = mr_motd(&motd);
2545 if (status)
2546 {
2547 mr_disconnect();
2548 com_err(whoami, status, "while checking server status");
2549 return MRCL_FAIL;
2550 }
2551 if (motd)
2552 {
2553 fprintf(stderr, "The Moira server is currently unavailable:\n%s\n",
2554 motd);
2555 mr_disconnect();
2556 return MRCL_FAIL;
2557 }
2558
2559 status = mr_version(version);
2560 if (status)
2561 {
2562 if (status == MR_UNKNOWN_PROC)
2563 {
2564 if (version > 2)
2565 status = MR_VERSION_HIGH;
2566 else
2567 status = MR_SUCCESS;
2568 }
2569
2570 if (status == MR_VERSION_HIGH)
2571 {
2572 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2573 com_err(whoami, 0, "Some operations may not work.");
2574 }
2575 else if (status && status != MR_VERSION_LOW)
2576 {
2577 com_err(whoami, status, "while setting query version number.");
2578 mr_disconnect();
2579 return MRCL_FAIL;
2580 }
2581 }
2582
2583 if (auth)
2584 {
2585 status = mr_auth(client);
2586 if (status)
2587 {
2588 com_err(whoami, status, "while authenticating to Moira.");
2589 mr_disconnect();
2590 return MRCL_AUTH_ERROR;
2591 }
2592 }
2593
2594 return MRCL_SUCCESS;
2595}
2596
Moira, the Athena Service Management system
This page took 0.713447 seconds and 5 git commands to generate.