]>
Commit | Line | Data |
---|---|---|
5d0a7127 | 1 | /* $Header$ |
cd9e6b16 | 2 | /*test parameters for reactivating a user account - done |
3 | * users 9 9 aadam 1 sh account test A 1 3 2 aadam 1 csh new login b 1 2 3 | |
5d0a7127 | 4 | * |
cd9e6b16 | 5 | * test parameters for deactivating a user account - done |
6 | * users 9 9 aadam 0 sh account test A 1 2 3 aadam 1 csh new login b 0 0 0 | |
7 | * | |
8 | *test parameters for creating a user account - done | |
9 | * users 9 9 aadam 1 sh account test A 0 0 0 aadam 1 csh new login b 1 2 3 | |
10 | * | |
11 | * test parameters for deleting a group - done | |
12 | * list 7 7 pismere-team 1 2 3 4 5 6 pismere-team 8 9 10 11 12 0 | |
13 | * | |
14 | * test parameters for creating and populating a group - done | |
15 | * list 7 7 pismere-team 2 2 3 4 5 0 pismere-team 1 9 10 11 12 13 | |
16 | * | |
17 | * test parameters for renaming a group - done | |
18 | * list 7 7 testgroup 1 2 3 4 5 6 pismere-team 1 9 10 11 12 13 | |
19 | * | |
20 | * test parameters for creating and not populating a group - done | |
21 | * list 0 7 pismere-team 1 9 10 11 12 13 | |
22 | * | |
23 | * test parameters for add member to list - done | |
24 | * imembers 9 9 pismere-team USER dtanner 0 2 3 4 5 6 pismere-team USER dtanner 1 2 3 4 5 6 | |
25 | * note: the group the group will be created if it does not exist in the AD. | |
26 | * | |
27 | * test parameters for remove member from list - done | |
28 | * imembers 9 0 pismere-team USER testaccount 1 2 3 4 5 6 | |
29 | * | |
30 | * test parameters for changing account name - done | |
31 | * users 9 9 aatestaccount 1 sh account test A 1 1 2 darkwing 1 csh new login b 1 2 3 | |
32 | * | |
33 | */ | |
5d0a7127 | 34 | #include <mit-copyright.h> |
35 | #ifdef _WIN32 | |
36 | #include <windows.h> | |
37 | #include <stdlib.h> | |
38 | #include <malloc.h> | |
39 | #include <lmaccess.h> | |
40 | #endif | |
cd9e6b16 | 41 | |
42 | #include <string.h> | |
5d0a7127 | 43 | #include <ldap.h> |
44 | #include <stdio.h> | |
45 | #include <moira.h> | |
46 | #include <moira_site.h> | |
cd9e6b16 | 47 | #include <mrclient.h> |
5d0a7127 | 48 | #include <krb5.h> |
49 | #include <krb.h> | |
50 | #include <gsssasl.h> | |
51 | #include <gssldap.h> | |
cd9e6b16 | 52 | #include "kpasswd.h" |
53 | ||
54 | #ifdef _WIN32 | |
55 | #ifndef ECONNABORTED | |
56 | #define ECONNABORTED WSAECONNABORTED | |
57 | #endif | |
58 | #ifndef ECONNREFUSED | |
59 | #define ECONNREFUSED WSAECONNREFUSED | |
60 | #endif | |
61 | #ifndef EHOSTUNREACH | |
62 | #define EHOSTUNREACH WSAEHOSTUNREACH | |
63 | #endif | |
64 | #define krb5_xfree free | |
65 | #endif /* _WIN32 */ | |
5d0a7127 | 66 | |
67 | #ifndef _WIN32 | |
68 | #include <sys/utsname.h> | |
69 | ||
cd9e6b16 | 70 | #define UCHAR unsigned char |
71 | ||
5d0a7127 | 72 | #define UF_SCRIPT 0x0001 |
73 | #define UF_ACCOUNTDISABLE 0x0002 | |
74 | #define UF_HOMEDIR_REQUIRED 0x0008 | |
75 | #define UF_LOCKOUT 0x0010 | |
76 | #define UF_PASSWD_NOTREQD 0x0020 | |
77 | #define UF_PASSWD_CANT_CHANGE 0x0040 | |
cd9e6b16 | 78 | #define UF_DONT_EXPIRE_PASSWD 0x10000 |
5d0a7127 | 79 | |
80 | #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100 | |
81 | #define UF_NORMAL_ACCOUNT 0x0200 | |
82 | #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800 | |
83 | #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000 | |
84 | #define UF_SERVER_TRUST_ACCOUNT 0x2000 | |
85 | ||
86 | #ifndef BYTE | |
87 | #define BYTE unsigned char | |
88 | #endif | |
89 | typedef unsigned int DWORD; | |
90 | typedef unsigned long ULONG; | |
91 | ||
92 | typedef struct _GUID | |
93 | { | |
94 | unsigned long Data1; | |
95 | unsigned short Data2; | |
96 | unsigned short Data3; | |
97 | unsigned char Data4[8]; | |
98 | } GUID; | |
99 | ||
100 | typedef struct _SID_IDENTIFIER_AUTHORITY { | |
101 | BYTE Value[6]; | |
102 | } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; | |
103 | ||
104 | typedef struct _SID { | |
105 | BYTE Revision; | |
106 | BYTE SubAuthorityCount; | |
107 | SID_IDENTIFIER_AUTHORITY IdentifierAuthority; | |
108 | DWORD SubAuthority[512]; | |
109 | } SID; | |
110 | #endif/*!WIN32*/ | |
111 | ||
cd9e6b16 | 112 | #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002 |
113 | #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004 | |
114 | #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004 | |
115 | #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 | |
116 | #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000 | |
117 | ||
118 | #define QUERY_VERSION -1 | |
119 | #define PRIMARY_REALM "ATHENA.MIT.EDU" | |
120 | ||
5d0a7127 | 121 | #define SUBSTITUTE 1 |
122 | #define REPLACE 2 | |
123 | ||
cd9e6b16 | 124 | #define USERS 0 |
125 | #define GROUPS 1 | |
126 | ||
5d0a7127 | 127 | #define MEMBER_ADD 1 |
128 | #define MEMBER_REMOVE 2 | |
129 | #define MEMBER_CHANGE_NAME 3 | |
130 | #define MEMBER_ACTIVATE 4 | |
131 | #define MEMBER_DEACTIVATE 5 | |
cd9e6b16 | 132 | #define MEMBER_CREATE 6 |
5d0a7127 | 133 | |
134 | #define GROUP_CREATE 1 | |
135 | #define GROUP_DELETE 2 | |
136 | #define GROUP_MOVE_MEMBERS 3 | |
137 | #define GROUP_UPDATE_MEMBERS 4 | |
138 | ||
139 | typedef struct lk_entry { | |
140 | int op; | |
141 | int length; | |
142 | int ber_value; | |
143 | char *dn; | |
144 | char *attribute; | |
145 | char *value; | |
146 | char *member; | |
147 | char *type; | |
148 | char *list; | |
149 | struct lk_entry *next; | |
150 | } LK_ENTRY; | |
151 | ||
152 | #define LDAP_BERVAL struct berval | |
cd9e6b16 | 153 | #define MAX_SERVER_NAMES 32 |
154 | ||
155 | #define ADD_ATTR(t, v, o) \ | |
156 | mods[n] = malloc(sizeof(LDAPMod)); \ | |
157 | mods[n]->mod_op = o; \ | |
158 | mods[n]->mod_type = t; \ | |
159 | mods[n++]->mod_values = v | |
5d0a7127 | 160 | |
161 | LK_ENTRY *member_base = NULL; | |
cd9e6b16 | 162 | LK_ENTRY *sid_base = NULL; |
163 | LK_ENTRY **sid_ptr = NULL; | |
164 | char kerberos_ou[] = "OU=kerberos, OU=moira, OU=athena"; | |
165 | char contact_ou[] = "OU=strings, OU=moira, OU=athena"; | |
166 | char user_ou[] = "OU=users, OU=moira, OU=athena"; | |
167 | char group_ou_distribution[] = "OU=distribution, OU=lists, OU=moira, OU=athena"; | |
168 | char group_ou_security[] = "OU=security, OU=lists, OU=moira, OU=athena"; | |
169 | char group_ou_neither[] = "OU=neither, OU=lists, OU=moira, OU=athena"; | |
170 | char group_ou_both[] = "OU=both, OU=lists, OU=moira, OU=athena"; | |
171 | char group_ou_root[] = "OU=lists, OU=moira, OU=athena"; | |
5d0a7127 | 172 | char *whoami; |
cd9e6b16 | 173 | char group_manager[64]; |
174 | char ldap_domain[256]; | |
175 | char list_type[32]; | |
176 | char GroupType[2]; | |
177 | int maillist_flag; | |
178 | int group_flag; | |
179 | int mr_connections = 0; | |
180 | ||
181 | extern int locate_ldap_server(char *domain, char *server_name[]); | |
182 | extern int set_password(char *user, char *domain); | |
183 | ||
184 | int user_create(int ac, char **av, void *ptr); | |
185 | int user_change_status(LDAP *ldap_handle, char *dn_path, | |
186 | char *u_name, int operation); | |
187 | int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name); | |
188 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou); | |
189 | int get_group_info(int ac, char**av, void *ptr); | |
190 | int group_create(int ac, char **av, void *ptr); | |
191 | int group_delete(int ac, char **av, void *ptr); | |
192 | int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name); | |
193 | int group_list_build(int ac, char **av, void *ptr); | |
194 | int group_update_membership(LDAP *ldap_handle, char *dn_path, char *group_name); | |
195 | int member_list_build(int ac, char **av, void *ptr); | |
196 | int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name, | |
197 | char *group_ou, char *group_membership); | |
198 | int sid_update(LDAP *ldap_handle, char *dn_path); | |
199 | int check_string(char *s); | |
200 | void convert_b_to_a(char *string, UCHAR *binary, int length); | |
201 | int mr_connect_cl(char *server, char *client, int version, int auth); | |
202 | ||
5d0a7127 | 203 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 204 | char **before, int beforec, char **after, int afterc); |
5d0a7127 | 205 | void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname, |
cd9e6b16 | 206 | char *dn_path, char **before, int beforec, char **after, |
207 | int afterc); | |
5d0a7127 | 208 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
cd9e6b16 | 209 | char **before, int beforec, char **after, int afterc); |
210 | int linklist_create_entry(char *attribute, char *value, | |
211 | LK_ENTRY **linklist_entry); | |
5d0a7127 | 212 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 213 | char **attr_array, LK_ENTRY **linklist_base, |
214 | int *linklist_count); | |
5d0a7127 | 215 | void linklist_free(LK_ENTRY *linklist_base); |
cd9e6b16 | 216 | |
217 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
218 | char *distinguished_name, LK_ENTRY **linklist_current); | |
219 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
220 | LK_ENTRY **linklist_base, int *linklist_count); | |
221 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
222 | char *Attribute, char *distinguished_name, | |
223 | LK_ENTRY **linklist_current); | |
224 | ||
225 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
226 | char *oldValue, char *newValue, | |
227 | char ***modvalues, int type); | |
228 | void free_values(char **modvalues); | |
229 | ||
230 | int convert_domain_to_dn(char *domain, char **bind_path); | |
5d0a7127 | 231 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 232 | char *distinguished_name); |
5d0a7127 | 233 | int moira_disconnect(void); |
234 | int moira_connect(void); | |
235 | void print_to_screen(const char *fmt, ...); | |
5d0a7127 | 236 | |
237 | int main(int argc, char **argv) | |
238 | { | |
cd9e6b16 | 239 | unsigned long rc; |
240 | int beforec; | |
241 | int afterc; | |
242 | int Max_wait_time = 500; | |
243 | int Max_size_limit = LDAP_NO_LIMIT; | |
244 | int i; | |
245 | char *dn_path; | |
246 | char *table; | |
247 | char **before; | |
248 | char **after; | |
249 | char search_exp[1024]; | |
250 | char *server_name[MAX_SERVER_NAMES]; | |
251 | ULONG version = LDAP_VERSION3; | |
252 | LDAP *ldap_handle; | |
253 | LDAPMessage *ldap_entry; | |
5d0a7127 | 254 | FILE *fptr; |
cd9e6b16 | 255 | |
5d0a7127 | 256 | whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]); |
cd9e6b16 | 257 | |
258 | if (argc < 4) | |
259 | { | |
260 | com_err(whoami, 0, "%s", "argc < 4"); | |
261 | exit(1); | |
262 | } | |
263 | beforec = atoi(argv[2]); | |
264 | afterc = atoi(argv[3]); | |
265 | ||
266 | if (argc < (4 + beforec + afterc)) | |
267 | { | |
268 | com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)"); | |
269 | exit(1); | |
270 | } | |
271 | ||
272 | table = argv[1]; | |
273 | before = &argv[4]; | |
274 | after = &argv[4 + beforec]; | |
275 | ||
276 | memset(ldap_domain, '\0', sizeof(ldap_domain)); | |
5d0a7127 | 277 | if ((fptr = fopen("winad.cfg", "r")) != NULL) |
278 | { | |
cd9e6b16 | 279 | fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr); |
5d0a7127 | 280 | fclose(fptr); |
281 | } | |
cd9e6b16 | 282 | if (strlen(ldap_domain) == 0) |
283 | strcpy(ldap_domain, "windows.mit.edu"); | |
5d0a7127 | 284 | initialize_sms_error_table(); |
285 | initialize_krb_error_table(); | |
cd9e6b16 | 286 | |
5d0a7127 | 287 | memset(search_exp, '\0', sizeof(search_exp)); |
288 | ldap_entry = NULL; | |
289 | dn_path = NULL; | |
cd9e6b16 | 290 | convert_domain_to_dn(ldap_domain, &dn_path); |
5d0a7127 | 291 | if (dn_path == NULL) |
cd9e6b16 | 292 | { |
293 | com_err(whoami, 0, "%s", "cannot create AD path"); | |
294 | exit(1); | |
295 | } | |
296 | memset(server_name, '\0', sizeof(server_name[0]) * MAX_SERVER_NAMES); | |
297 | if (locate_ldap_server(ldap_domain, server_name) == -1) | |
298 | { | |
299 | com_err(whoami, 0, "%s %s", "cannot locate any server in domain ", | |
300 | ldap_domain); | |
301 | exit(1); | |
302 | } | |
303 | ||
304 | for (i = 0; i < MAX_SERVER_NAMES; i++) | |
305 | { | |
306 | if (server_name[i] != NULL) | |
307 | { | |
308 | if ((ldap_handle = ldap_open(server_name[i], LDAP_PORT)) != NULL) | |
309 | { | |
310 | break; | |
311 | } | |
312 | } | |
313 | } | |
314 | if (i >= MAX_SERVER_NAMES) | |
315 | { | |
316 | com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ", | |
317 | ldap_domain); | |
318 | exit(1); | |
319 | } | |
320 | for (i = 0; i < MAX_SERVER_NAMES; i++) | |
321 | { | |
322 | if (server_name[i] != NULL) | |
323 | free(server_name[i]); | |
324 | } | |
5d0a7127 | 325 | rc = ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &version); |
326 | rc = ldap_set_option(ldap_handle, LDAP_OPT_TIMELIMIT, | |
327 | (void *)&Max_wait_time); | |
328 | rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, | |
329 | (void *)&Max_size_limit); | |
330 | rc = ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); | |
cd9e6b16 | 331 | rc = ldap_adgssapi_bind(ldap_handle, dn_path, GSSSASL_PRIVACY_PROTECTION); |
5d0a7127 | 332 | if (rc != LDAP_SUCCESS) |
cd9e6b16 | 333 | exit(1); |
334 | ||
5d0a7127 | 335 | if (!strcmp(table, "users")) |
cd9e6b16 | 336 | do_user(ldap_handle, ldap_entry, ldap_domain, dn_path, before, beforec, |
337 | after, afterc); | |
5d0a7127 | 338 | else if (!strcmp(table, "list")) |
cd9e6b16 | 339 | do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
340 | afterc); | |
5d0a7127 | 341 | else if (!strcmp(table, "imembers")) |
cd9e6b16 | 342 | do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after, |
343 | afterc); | |
344 | /* | |
345 | else if (!strcmp(table, "filesys")) | |
346 | do_filesys(before, beforec, after, afterc); | |
347 | else if (!strcmp(table, "quota")) | |
348 | do_quota(before, beforec, after, afterc); | |
349 | */ | |
5d0a7127 | 350 | rc = ldap_unbind_s(ldap_handle); |
351 | free(dn_path); | |
5d0a7127 | 352 | exit(0); |
353 | } | |
354 | ||
cd9e6b16 | 355 | void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, |
356 | char **before, int beforec, char **after, int afterc) | |
5d0a7127 | 357 | { |
cd9e6b16 | 358 | int agid; |
359 | int bgid; | |
360 | int ahide; | |
361 | int bhide; | |
362 | long rc; | |
363 | char *av[3]; | |
364 | char *call_args[6]; | |
365 | ||
366 | agid = bgid = 0; | |
5d0a7127 | 367 | if (beforec > L_GID && atoi(before[L_ACTIVE]) && atoi(before[L_GROUP])) |
368 | { | |
369 | bgid = atoi(before[L_GID]); | |
370 | bhide = atoi(before[L_HIDDEN]); | |
371 | } | |
372 | if (afterc > L_GID && atoi(after[L_ACTIVE]) && atoi(after[L_GROUP])) | |
373 | { | |
374 | agid = atoi(after[L_GID]); | |
375 | ahide = atoi(after[L_HIDDEN]); | |
376 | } | |
cd9e6b16 | 377 | |
5d0a7127 | 378 | if (agid == 0 && bgid == 0) |
379 | return; | |
cd9e6b16 | 380 | |
381 | if (rc = moira_connect()) | |
382 | { | |
383 | critical_alert("AD incremental", | |
384 | "Error contacting Moira server: %s", | |
385 | error_message(rc)); | |
386 | return; | |
387 | } | |
388 | ||
5d0a7127 | 389 | if (agid && bgid) |
390 | { | |
391 | if (strcmp(after[L_NAME], before[L_NAME])) | |
cd9e6b16 | 392 | { |
393 | com_err(whoami, 0, "Changing group %s to %s", | |
394 | before[L_NAME], after[L_NAME]); | |
395 | ||
396 | av[0] = after[L_NAME]; | |
397 | call_args[0] = (char *)ldap_handle; | |
398 | call_args[1] = dn_path; | |
399 | call_args[2] = after[L_NAME]; | |
400 | call_args[3] = NULL; | |
401 | call_args[4] = NULL; | |
402 | member_base = NULL; | |
403 | sid_base = NULL; | |
404 | sid_ptr = &sid_base; | |
405 | if (rc = mr_query("get_list_info", 1, av, group_create, call_args)) | |
406 | { | |
407 | critical_alert("AD incremental", "Couldn't find group %s ", | |
408 | after[L_NAME]); | |
409 | } | |
410 | else | |
411 | { | |
412 | if (sid_base != NULL) | |
413 | { | |
414 | sid_update(ldap_handle, dn_path); | |
415 | linklist_free(sid_base); | |
416 | } | |
417 | if (!(rc = mr_query("get_members_of_list", 1, av, | |
418 | member_list_build, call_args))) | |
419 | { | |
420 | rc = member_list_process(ldap_handle, dn_path, | |
421 | after[L_NAME], call_args[3], | |
422 | call_args[4]); | |
423 | } | |
424 | if (rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME])) | |
425 | { | |
426 | av[0] = before[L_NAME]; | |
427 | if (rc = mr_query("get_list_info", 1, av, group_delete, | |
428 | call_args)) | |
429 | { | |
430 | critical_alert("AD incremental", "Couldn't delete group %s ", | |
431 | before[L_NAME]); | |
432 | } | |
433 | } | |
434 | } | |
435 | linklist_free(member_base); | |
436 | if (call_args[3] != NULL) | |
437 | free(call_args[3]); | |
438 | if (call_args[4] != NULL) | |
439 | free(call_args[4]); | |
440 | } | |
441 | goto cleanup; | |
5d0a7127 | 442 | } |
443 | if (bgid) | |
444 | { | |
445 | com_err(whoami, 0, "Deleting group %s", before[L_NAME]); | |
cd9e6b16 | 446 | if (rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME])) |
447 | { | |
448 | av[0] = before[L_NAME]; | |
449 | call_args[0] = (char *)ldap_handle; | |
450 | call_args[1] = dn_path; | |
451 | if (!(rc = mr_query("get_list_info", 1, av, group_delete, | |
452 | call_args))) | |
453 | { | |
454 | critical_alert("AD incremental", | |
455 | "Couldn't delete group %s", | |
456 | before[L_NAME]); | |
457 | } | |
458 | } | |
459 | goto cleanup; | |
5d0a7127 | 460 | } |
461 | if (agid) | |
462 | { | |
5d0a7127 | 463 | com_err(whoami, 0, "Creating group %s", after[L_NAME]); |
cd9e6b16 | 464 | |
5d0a7127 | 465 | av[0] = after[L_NAME]; |
cd9e6b16 | 466 | call_args[0] = (char *)ldap_handle; |
467 | call_args[1] = dn_path; | |
468 | call_args[2] = after[L_NAME]; | |
469 | call_args[3] = NULL; | |
470 | call_args[4] = NULL; | |
471 | sid_base = NULL; | |
472 | sid_ptr = &sid_base; | |
473 | rc = mr_query("get_list_info", 1, av, group_create, call_args); | |
474 | if ((rc) && (rc != LDAP_ALREADY_EXISTS)) | |
475 | { | |
476 | critical_alert("AD incremental", "Couldn't create group %s", | |
477 | after[L_NAME]); | |
478 | goto cleanup; | |
479 | } | |
480 | if (sid_base != NULL) | |
481 | { | |
482 | sid_update(ldap_handle, dn_path); | |
483 | linklist_free(sid_base); | |
484 | } | |
485 | ||
486 | if (beforec < L_ACTIVE) | |
487 | goto cleanup; | |
488 | if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build, | |
489 | call_args))) | |
490 | { | |
491 | rc = member_list_process(ldap_handle, dn_path, after[L_NAME], | |
492 | call_args[3], call_args[4]); | |
493 | } | |
5d0a7127 | 494 | if (rc) |
cd9e6b16 | 495 | { |
496 | critical_alert("AD incremental", | |
497 | "Error contacting Moira server to resolve %s: %s", | |
498 | after[L_NAME], error_message(rc)); | |
499 | } | |
5d0a7127 | 500 | linklist_free(member_base); |
cd9e6b16 | 501 | goto cleanup; |
5d0a7127 | 502 | } |
cd9e6b16 | 503 | cleanup: |
504 | moira_disconnect(); | |
5d0a7127 | 505 | } |
506 | ||
507 | #define LM_EXTRA_ACTIVE (LM_END) | |
508 | #define LM_EXTRA_PUBLIC (LM_END+1) | |
509 | #define LM_EXTRA_HIDDEN (LM_END+2) | |
510 | #define LM_EXTRA_MAILLIST (LM_END+3) | |
511 | #define LM_EXTRA_GROUP (LM_END+4) | |
512 | #define LM_EXTRA_GID (LM_END+5) | |
513 | #define LM_EXTRA_END (LM_END+6) | |
514 | ||
515 | void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname, | |
cd9e6b16 | 516 | char **before, int beforec, char **after, int afterc) |
5d0a7127 | 517 | { |
cd9e6b16 | 518 | char *call_args[6]; |
519 | char *av[2]; | |
520 | char group_name[128]; | |
521 | char user_name[128]; | |
522 | int rc; | |
523 | ||
5d0a7127 | 524 | if (afterc) |
525 | { | |
526 | if (afterc < LM_EXTRA_END) | |
cd9e6b16 | 527 | return; |
5d0a7127 | 528 | else |
cd9e6b16 | 529 | { |
530 | if (!atoi(after[LM_EXTRA_ACTIVE]) || !atoi(after[LM_EXTRA_GROUP])) | |
531 | return; | |
532 | } | |
533 | strcpy(user_name, after[U_NAME]); | |
534 | strcpy(group_name, after[LM_LIST]); | |
5d0a7127 | 535 | } |
536 | else if (beforec) | |
537 | { | |
538 | if (beforec < LM_EXTRA_END) | |
cd9e6b16 | 539 | return; |
5d0a7127 | 540 | else |
cd9e6b16 | 541 | { |
542 | if (!atoi(before[LM_EXTRA_ACTIVE]) || !atoi(before[LM_EXTRA_GROUP])) | |
543 | return; | |
544 | } | |
545 | strcpy(user_name, before[U_NAME]); | |
546 | strcpy(group_name, before[LM_LIST]); | |
5d0a7127 | 547 | } |
cd9e6b16 | 548 | |
549 | ||
550 | if (rc = moira_connect()) | |
551 | { | |
552 | critical_alert("AD incremental", | |
553 | "Moira error retrieving grouplist of user %s: %s", | |
554 | user_name, error_message(rc)); | |
555 | return; | |
556 | } | |
557 | av[0] = group_name; | |
558 | call_args[0] = (char *)ldap_handle; | |
559 | call_args[1] = dn_path; | |
560 | call_args[2] = group_name; | |
561 | call_args[3] = NULL; | |
562 | call_args[4] = NULL; | |
563 | member_base = NULL; | |
564 | sid_base = NULL; | |
565 | sid_ptr = &sid_base; | |
566 | if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args))) | |
567 | { | |
568 | if (sid_base != NULL) | |
569 | { | |
570 | sid_update(ldap_handle, dn_path); | |
571 | linklist_free(sid_base); | |
572 | } | |
573 | if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build, | |
574 | call_args))) | |
575 | { | |
576 | rc = member_list_process(ldap_handle, dn_path, group_name, | |
577 | call_args[3], call_args[4]); | |
578 | } | |
579 | else | |
580 | { | |
581 | if (rc == MR_NO_MATCH) | |
582 | { | |
583 | if (call_args[3] != NULL) | |
584 | free(call_args[3]); | |
585 | if (call_args[4] != NULL) | |
586 | free(call_args[4]); | |
587 | call_args[3] = NULL; | |
588 | call_args[4] = NULL; | |
589 | sid_base = NULL; | |
590 | sid_ptr = &sid_base; | |
591 | rc = group_ad_delete(ldap_handle, dn_path, group_name); | |
592 | if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args))) | |
593 | { | |
594 | if (sid_base != NULL) | |
595 | { | |
596 | sid_update(ldap_handle, dn_path); | |
597 | linklist_free(sid_base); | |
598 | } | |
599 | } | |
600 | } | |
601 | } | |
602 | } | |
603 | if (rc) | |
604 | { | |
605 | if (afterc) | |
606 | critical_alert("AD incremental", "Couldn't add %s to group %s ", | |
607 | user_name, group_name); | |
608 | else | |
609 | critical_alert("AD incremental", "Couldn't remove %s from group %s ", | |
610 | user_name, group_name); | |
611 | } | |
612 | linklist_free(member_base); | |
613 | if (call_args[3] != NULL) | |
614 | free(call_args[3]); | |
615 | if (call_args[4] != NULL) | |
616 | free(call_args[4]); | |
617 | moira_disconnect(); | |
5d0a7127 | 618 | } |
619 | ||
cd9e6b16 | 620 | |
5d0a7127 | 621 | void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname, |
cd9e6b16 | 622 | char *dn_path, char **before, int beforec, char **after, |
623 | int afterc) | |
5d0a7127 | 624 | { |
cd9e6b16 | 625 | int astate; |
626 | int bstate; | |
627 | int auid; | |
628 | int buid; | |
629 | int rc; | |
630 | char *av[2]; | |
631 | LK_ENTRY *list_base; | |
632 | LK_ENTRY *ptr; | |
633 | char *call_args[6]; | |
634 | ||
635 | auid = buid = astate = bstate = 0; | |
5d0a7127 | 636 | if (afterc > U_STATE) |
637 | astate = atoi(after[U_STATE]); | |
638 | if (beforec > U_STATE) | |
639 | bstate = atoi(before[U_STATE]); | |
640 | if (afterc > U_UID) | |
641 | auid = atoi(after[U_UID]); | |
642 | if (beforec > U_UID) | |
643 | buid = atoi(before[U_UID]); | |
cd9e6b16 | 644 | |
5d0a7127 | 645 | if (astate == 2) |
646 | astate = 1; | |
647 | if (bstate == 2) | |
648 | bstate = 1; | |
cd9e6b16 | 649 | |
5d0a7127 | 650 | if (astate != 1 && bstate != 1) /* inactive user */ |
651 | return; | |
cd9e6b16 | 652 | |
653 | if (astate == bstate && auid == buid && !strcmp(before[U_NAME], after[U_NAME])) | |
5d0a7127 | 654 | return; |
cd9e6b16 | 655 | if (rc = moira_connect()) |
5d0a7127 | 656 | { |
cd9e6b16 | 657 | critical_alert("AD incremental", |
658 | "Error connection to Moira: %s", | |
659 | error_message(rc)); | |
5d0a7127 | 660 | return; |
661 | } | |
5d0a7127 | 662 | |
cd9e6b16 | 663 | if (astate == bstate) |
5d0a7127 | 664 | { |
cd9e6b16 | 665 | com_err(whoami, 0, "Changing user %s to %s", before[U_NAME], |
666 | after[U_NAME]); | |
667 | av[0] = after[U_NAME]; | |
668 | call_args[0] = (char *)ldap_handle; | |
669 | call_args[1] = dn_path; | |
670 | sid_base = NULL; | |
671 | sid_ptr = &sid_base; | |
672 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, | |
673 | call_args)) | |
674 | { | |
675 | critical_alert("AD incremental", | |
676 | "Couldn't change user name for %s to %s", | |
677 | before[U_NAME], after[U_NAME]); | |
678 | goto cleanup; | |
679 | } | |
680 | if (sid_base != NULL) | |
681 | { | |
682 | sid_update(ldap_handle, dn_path); | |
683 | linklist_free(sid_base); | |
684 | } | |
685 | user_delete(ldap_handle, dn_path, before[U_NAME]); | |
686 | av[0] = "ruser"; | |
687 | av[1] = after[U_NAME]; | |
688 | call_args[0] = after[U_NAME]; | |
689 | member_base = NULL; | |
690 | if (rc = mr_query("get_lists_of_member", 2, av, group_list_build, | |
691 | call_args)) | |
692 | { | |
693 | critical_alert("AD incremental", | |
694 | "Couldn't retrieve membership of user %s: %s", | |
695 | after[U_NAME], error_message(rc)); | |
696 | goto cleanup; | |
697 | } | |
698 | list_base = member_base; | |
699 | ptr = list_base; | |
700 | while (ptr) | |
701 | { | |
702 | rc = group_update_membership(ldap_handle, dn_path, ptr->list); | |
703 | ptr = ptr->next; | |
704 | } | |
705 | linklist_free(list_base); | |
5d0a7127 | 706 | goto cleanup; |
707 | } | |
cd9e6b16 | 708 | if (bstate == 1) |
5d0a7127 | 709 | { |
cd9e6b16 | 710 | com_err(whoami, 0, "Deactivate/Delete user %s from the AD", before[U_NAME]); |
711 | if (rc = user_delete(ldap_handle, dn_path, before[U_NAME])) | |
712 | { | |
713 | critical_alert("AD incremental", | |
714 | "Couldn't deactivate/delete user %s (id %d) from the AD", | |
715 | before[U_NAME], buid); | |
716 | } | |
5d0a7127 | 717 | goto cleanup; |
718 | } | |
cd9e6b16 | 719 | if (astate == 1) |
5d0a7127 | 720 | { |
cd9e6b16 | 721 | com_err(whoami, 0, "%s user %s", |
722 | ((bstate != 0) ? "Reactivating" : "Creating"), | |
723 | after[U_NAME]); | |
5d0a7127 | 724 | |
cd9e6b16 | 725 | av[0] = after[U_NAME]; |
726 | call_args[0] = (char *)ldap_handle; | |
727 | call_args[1] = dn_path; | |
728 | sid_base = NULL; | |
729 | sid_ptr = &sid_base; | |
730 | if (rc = mr_query("get_user_account_by_login", 1, av, user_create, | |
731 | call_args)) | |
732 | { | |
733 | critical_alert("AD incremental", "Couldn't activate user %s (id %d)", | |
734 | after[U_NAME], auid); | |
735 | goto cleanup; | |
736 | } | |
737 | if (sid_base != NULL) | |
738 | { | |
739 | sid_update(ldap_handle, dn_path); | |
740 | linklist_free(sid_base); | |
741 | } | |
742 | ||
743 | /* | |
744 | av[0] = "ruser"; | |
745 | av[1] = after[U_NAME]; | |
746 | call_args[0] = after[U_NAME]; | |
747 | member_base = NULL; | |
748 | if (rc = mr_query("get_lists_of_member", 2, av, group_list_build, | |
749 | call_args)) | |
750 | { | |
751 | critical_alert("AD incremental", | |
752 | "Couldn't retrieve group membership of user %s", | |
753 | after[U_NAME]); | |
754 | } | |
5d0a7127 | 755 | else |
cd9e6b16 | 756 | { |
757 | list_base = member_base; | |
758 | ptr = list_base; | |
759 | while (ptr) | |
760 | { | |
761 | rc = group_update_membership(ldap_handle, dn_path, ptr->list); | |
762 | ptr = ptr->next; | |
763 | } | |
764 | linklist_free(list_base); | |
765 | } | |
766 | */ | |
767 | } | |
768 | cleanup: | |
769 | moira_disconnect(); | |
5d0a7127 | 770 | } |
771 | ||
772 | int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count, | |
cd9e6b16 | 773 | char *oldValue, char *newValue, |
774 | char ***modvalues, int type) | |
5d0a7127 | 775 | { |
cd9e6b16 | 776 | LK_ENTRY *linklist_ptr; |
777 | int i; | |
778 | char *cPtr; | |
5d0a7127 | 779 | |
cd9e6b16 | 780 | if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *))) |
781 | == NULL) | |
782 | { | |
783 | return(1); | |
784 | } | |
5d0a7127 | 785 | for (i = 0; i < (modvalue_count + 1); i++) |
cd9e6b16 | 786 | (*modvalues)[i] = NULL; |
5d0a7127 | 787 | if (modvalue_count != 0) |
788 | { | |
789 | linklist_ptr = linklist_base; | |
790 | for (i = 0; i < modvalue_count; i++) | |
cd9e6b16 | 791 | { |
792 | if ((oldValue != NULL) && (newValue != NULL)) | |
793 | { | |
794 | if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue)) | |
795 | != (char *)NULL) | |
796 | { | |
797 | if (type == REPLACE) | |
798 | { | |
799 | if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1)) | |
800 | == NULL) | |
801 | return(1); | |
802 | memset((*modvalues)[i], '\0', strlen(newValue) + 1); | |
803 | strcpy((*modvalues)[i], newValue); | |
804 | } | |
805 | else | |
806 | { | |
807 | if (((*modvalues)[i] = calloc(1, | |
808 | (int)(cPtr - linklist_ptr->value) + | |
809 | (linklist_ptr->length - strlen(oldValue)) + | |
810 | strlen(newValue) + 1)) == NULL) | |
811 | return(1); | |
812 | memset((*modvalues)[i], '\0', | |
813 | (int)(cPtr - linklist_ptr->value) + | |
814 | (linklist_ptr->length - strlen(oldValue)) + | |
815 | strlen(newValue) + 1); | |
816 | memcpy((*modvalues)[i], linklist_ptr->value, | |
817 | (int)(cPtr - linklist_ptr->value)); | |
818 | strcat((*modvalues)[i], newValue); | |
819 | strcat((*modvalues)[i], | |
820 | &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]); | |
821 | } | |
822 | } | |
823 | else | |
824 | { | |
825 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
826 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
827 | memcpy((*modvalues)[i], linklist_ptr->value, | |
828 | linklist_ptr->length); | |
829 | } | |
830 | } | |
831 | else | |
832 | { | |
833 | (*modvalues)[i] = calloc(1, linklist_ptr->length + 1); | |
834 | memset((*modvalues)[i], '\0', linklist_ptr->length + 1); | |
835 | memcpy((*modvalues)[i], linklist_ptr->value, | |
836 | linklist_ptr->length); | |
837 | } | |
838 | linklist_ptr = linklist_ptr->next; | |
839 | } | |
840 | (*modvalues)[i] = NULL; | |
5d0a7127 | 841 | } |
842 | return(0); | |
843 | } | |
844 | ||
cd9e6b16 | 845 | |
5d0a7127 | 846 | int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp, |
cd9e6b16 | 847 | char **attr_array, LK_ENTRY **linklist_base, |
848 | int *linklist_count) | |
5d0a7127 | 849 | { |
cd9e6b16 | 850 | ULONG rc; |
5d0a7127 | 851 | LDAPMessage *ldap_entry; |
cd9e6b16 | 852 | |
853 | rc = 0; | |
5d0a7127 | 854 | ldap_entry = NULL; |
855 | (*linklist_base) = NULL; | |
856 | (*linklist_count) = 0; | |
857 | if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE, | |
cd9e6b16 | 858 | search_exp, attr_array, 0, &ldap_entry)) |
5d0a7127 | 859 | != LDAP_SUCCESS) |
860 | return(0); | |
cd9e6b16 | 861 | rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count); |
862 | ||
5d0a7127 | 863 | ldap_msgfree(ldap_entry); |
864 | return(rc); | |
865 | } | |
866 | ||
cd9e6b16 | 867 | |
5d0a7127 | 868 | int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
cd9e6b16 | 869 | LK_ENTRY **linklist_base, int *linklist_count) |
5d0a7127 | 870 | { |
cd9e6b16 | 871 | char distinguished_name[1024]; |
872 | LK_ENTRY *linklist_ptr; | |
873 | int rc; | |
874 | ||
5d0a7127 | 875 | if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL) |
876 | return(0); | |
cd9e6b16 | 877 | |
878 | memset(distinguished_name, '\0', sizeof(distinguished_name)); | |
879 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
880 | ||
881 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
882 | linklist_base)) != 0) | |
5d0a7127 | 883 | return(rc); |
cd9e6b16 | 884 | |
5d0a7127 | 885 | while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL) |
886 | { | |
cd9e6b16 | 887 | memset(distinguished_name, '\0', sizeof(distinguished_name)); |
888 | get_distinguished_name(ldap_handle, ldap_entry, distinguished_name); | |
889 | ||
890 | if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name, | |
891 | linklist_base)) != 0) | |
892 | return(rc); | |
5d0a7127 | 893 | } |
cd9e6b16 | 894 | |
5d0a7127 | 895 | linklist_ptr = (*linklist_base); |
896 | (*linklist_count) = 0; | |
897 | while (linklist_ptr != NULL) | |
898 | { | |
899 | ++(*linklist_count); | |
900 | linklist_ptr = linklist_ptr->next; | |
901 | } | |
902 | return(0); | |
903 | } | |
904 | ||
905 | int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
cd9e6b16 | 906 | char *distinguished_name, LK_ENTRY **linklist_current) |
5d0a7127 | 907 | { |
cd9e6b16 | 908 | char *Attribute; |
909 | BerElement *ptr; | |
910 | ||
5d0a7127 | 911 | ptr = NULL; |
cd9e6b16 | 912 | if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL) |
5d0a7127 | 913 | { |
cd9e6b16 | 914 | retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name, |
915 | linklist_current); | |
5d0a7127 | 916 | ldap_memfree(Attribute); |
cd9e6b16 | 917 | while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry, |
918 | ptr)) != NULL) | |
919 | { | |
920 | retrieve_values(ldap_handle, ldap_entry, Attribute, | |
921 | distinguished_name, linklist_current); | |
922 | ldap_memfree(Attribute); | |
923 | } | |
5d0a7127 | 924 | } |
cd9e6b16 | 925 | ldap_ber_free(ptr, 0); |
5d0a7127 | 926 | return(0); |
927 | } | |
928 | ||
cd9e6b16 | 929 | int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry, |
930 | char *Attribute, char *distinguished_name, | |
931 | LK_ENTRY **linklist_current) | |
5d0a7127 | 932 | { |
cd9e6b16 | 933 | char **str_value; |
934 | char temp[256]; | |
935 | void **Ptr; | |
936 | int use_bervalue; | |
937 | LK_ENTRY *linklist_previous; | |
5d0a7127 | 938 | LDAP_BERVAL **ber_value; |
cd9e6b16 | 939 | DWORD ber_length; |
5d0a7127 | 940 | #ifdef LDAP_DEBUG |
cd9e6b16 | 941 | SID *sid; |
942 | GUID *guid; | |
943 | int i; | |
944 | int intValue; | |
945 | DWORD *subauth; | |
946 | SID_IDENTIFIER_AUTHORITY *sid_auth; | |
947 | unsigned char *subauth_count; | |
948 | #endif /*LDAP_BEGUG*/ | |
5d0a7127 | 949 | |
950 | use_bervalue = 0; | |
951 | memset(temp, '\0', sizeof(temp)); | |
952 | if ((!strcmp(Attribute, "objectSid")) || | |
953 | (!strcmp(Attribute, "objectGUID"))) | |
954 | use_bervalue = 1; | |
cd9e6b16 | 955 | |
5d0a7127 | 956 | if (use_bervalue) |
957 | { | |
958 | ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute); | |
959 | Ptr = (void **)ber_value; | |
960 | str_value = NULL; | |
cd9e6b16 | 961 | } |
5d0a7127 | 962 | else |
963 | { | |
964 | str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute); | |
965 | Ptr = (void **)str_value; | |
966 | ber_value = NULL; | |
967 | } | |
968 | if (Ptr != NULL) | |
969 | { | |
970 | for (; *Ptr; Ptr++) | |
cd9e6b16 | 971 | { |
972 | if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL) | |
973 | return(1); | |
974 | memset(linklist_previous, '\0', sizeof(LK_ENTRY)); | |
975 | linklist_previous->next = (*linklist_current); | |
976 | (*linklist_current) = linklist_previous; | |
977 | ||
978 | if (((*linklist_current)->attribute = calloc(1, | |
979 | strlen(Attribute) + 1)) == NULL) | |
980 | return(1); | |
981 | memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1); | |
982 | strcpy((*linklist_current)->attribute, Attribute); | |
983 | if (use_bervalue) | |
984 | { | |
985 | ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len; | |
986 | if (((*linklist_current)->value = calloc(1, ber_length)) == NULL) | |
987 | return(1); | |
988 | memset((*linklist_current)->value, '\0', ber_length); | |
989 | memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val, | |
990 | ber_length); | |
991 | (*linklist_current)->length = ber_length; | |
992 | } | |
993 | else | |
994 | { | |
995 | if (((*linklist_current)->value = calloc(1, | |
996 | strlen(*Ptr) + 1)) == NULL) | |
997 | return(1); | |
998 | memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1); | |
999 | (*linklist_current)->length = strlen(*Ptr); | |
1000 | strcpy((*linklist_current)->value, *Ptr); | |
1001 | } | |
1002 | (*linklist_current)->ber_value = use_bervalue; | |
1003 | if (((*linklist_current)->dn = calloc(1, | |
1004 | strlen(distinguished_name) + 1)) == NULL) | |
1005 | return(1); | |
1006 | memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1); | |
1007 | strcpy((*linklist_current)->dn, distinguished_name); | |
1008 | ||
5d0a7127 | 1009 | #ifdef LDAP_DEBUG |
cd9e6b16 | 1010 | if (!strcmp(Attribute, "objectGUID")) |
1011 | { | |
1012 | guid = (GUID *)((*linklist_current)->value); | |
1013 | sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", | |
1014 | guid->Data1, guid->Data2, guid->Data3, | |
1015 | guid->Data4[0], guid->Data4[1], guid->Data4[2], | |
1016 | guid->Data4[3], guid->Data4[4], guid->Data4[5], | |
1017 | guid->Data4[6], guid->Data4[7]); | |
1018 | print_to_screen(" %20s : {%s}\n", Attribute, temp); | |
1019 | } | |
1020 | else if (!strcmp(Attribute, "objectSid")) | |
1021 | { | |
1022 | sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val); | |
5d0a7127 | 1023 | #ifdef _WIN32 |
cd9e6b16 | 1024 | print_to_screen(" Revision = %d\n", sid->Revision); |
1025 | print_to_screen(" SID Identifier Authority:\n"); | |
1026 | sid_auth = &sid->IdentifierAuthority; | |
1027 | if (sid_auth->Value[0]) | |
1028 | print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n"); | |
1029 | else if (sid_auth->Value[1]) | |
1030 | print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n"); | |
1031 | else if (sid_auth->Value[2]) | |
1032 | print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n"); | |
1033 | else if (sid_auth->Value[3]) | |
1034 | print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n"); | |
1035 | else if (sid_auth->Value[5]) | |
1036 | print_to_screen(" SECURITY_NT_AUTHORITY\n"); | |
1037 | else | |
1038 | print_to_screen(" UNKNOWN SID AUTHORITY\n"); | |
1039 | subauth_count = GetSidSubAuthorityCount(sid); | |
1040 | print_to_screen(" SidSubAuthorityCount = %d\n", | |
1041 | *subauth_count); | |
1042 | print_to_screen(" SidSubAuthority:\n"); | |
1043 | for (i = 0; i < *subauth_count; i++) | |
1044 | { | |
1045 | if ((subauth = GetSidSubAuthority(sid, i)) != NULL) | |
1046 | print_to_screen(" %u\n", *subauth); | |
1047 | } | |
5d0a7127 | 1048 | #endif |
cd9e6b16 | 1049 | } |
1050 | else if ((!memcmp(Attribute, "userAccountControl", | |
1051 | strlen("userAccountControl"))) || | |
1052 | (!memcmp(Attribute, "sAMAccountType", | |
1053 | strlen("sAmAccountType")))) | |
1054 | { | |
1055 | intValue = atoi(*Ptr); | |
1056 | print_to_screen(" %20s : %ld\n",Attribute, intValue); | |
1057 | if (!memcmp(Attribute, "userAccountControl", | |
1058 | strlen("userAccountControl"))) | |
1059 | { | |
1060 | if (intValue & UF_ACCOUNTDISABLE) | |
1061 | print_to_screen(" %20s : %s\n", | |
1062 | "", "Account disabled"); | |
1063 | else | |
1064 | print_to_screen(" %20s : %s\n", | |
1065 | "", "Account active"); | |
1066 | if (intValue & UF_HOMEDIR_REQUIRED) | |
1067 | print_to_screen(" %20s : %s\n", | |
1068 | "", "Home directory required"); | |
1069 | if (intValue & UF_LOCKOUT) | |
1070 | print_to_screen(" %20s : %s\n", | |
1071 | "", "Account locked out"); | |
1072 | if (intValue & UF_PASSWD_NOTREQD) | |
1073 | print_to_screen(" %20s : %s\n", | |
1074 | "", "No password required"); | |
1075 | if (intValue & UF_PASSWD_CANT_CHANGE) | |
1076 | print_to_screen(" %20s : %s\n", | |
1077 | "", "Cannot change password"); | |
1078 | if (intValue & UF_TEMP_DUPLICATE_ACCOUNT) | |
1079 | print_to_screen(" %20s : %s\n", | |
1080 | "", "Temp duplicate account"); | |
1081 | if (intValue & UF_NORMAL_ACCOUNT) | |
1082 | print_to_screen(" %20s : %s\n", | |
1083 | "", "Normal account"); | |
1084 | if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT) | |
1085 | print_to_screen(" %20s : %s\n", | |
1086 | "", "Interdomain trust account"); | |
1087 | if (intValue & UF_WORKSTATION_TRUST_ACCOUNT) | |
1088 | print_to_screen(" %20s : %s\n", | |
1089 | "", "Workstation trust account"); | |
1090 | if (intValue & UF_SERVER_TRUST_ACCOUNT) | |
1091 | print_to_screen(" %20s : %s\n", | |
1092 | "", "Server trust account"); | |
1093 | } | |
1094 | } | |
1095 | else | |
1096 | { | |
1097 | print_to_screen(" %20s : %s\n",Attribute, *Ptr); | |
1098 | } | |
5d0a7127 | 1099 | #endif /*LDAP_DEBUG*/ |
cd9e6b16 | 1100 | } |
5d0a7127 | 1101 | if (str_value != NULL) |
cd9e6b16 | 1102 | ldap_value_free(str_value); |
5d0a7127 | 1103 | if (ber_value != NULL) |
cd9e6b16 | 1104 | ldap_value_free_len(ber_value); |
5d0a7127 | 1105 | } |
1106 | (*linklist_current) = linklist_previous; | |
1107 | return(0); | |
1108 | } | |
1109 | ||
5d0a7127 | 1110 | int moira_connect(void) |
1111 | { | |
cd9e6b16 | 1112 | long rc; |
1113 | char HostName[64]; | |
1114 | ||
5d0a7127 | 1115 | if (!mr_connections++) |
1116 | { | |
1117 | #ifdef _WIN32 | |
1118 | memset(HostName, '\0', sizeof(HostName)); | |
1119 | strcpy(HostName, "ttsp"); | |
cd9e6b16 | 1120 | rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1); |
1121 | /*det | |
5d0a7127 | 1122 | rc = mr_connect(HostName); |
cd9e6b16 | 1123 | */ |
5d0a7127 | 1124 | #else |
1125 | struct utsname uts; | |
1126 | uname(&uts); | |
cd9e6b16 | 1127 | rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1); |
1128 | /* | |
5d0a7127 | 1129 | rc = mr_connect(uts.nodename); |
cd9e6b16 | 1130 | */ |
5d0a7127 | 1131 | #endif /*WIN32*/ |
cd9e6b16 | 1132 | /*det |
5d0a7127 | 1133 | if (!rc) |
cd9e6b16 | 1134 | rc = mr_auth("winad.incr"); |
1135 | */ | |
5d0a7127 | 1136 | return rc; |
1137 | } | |
1138 | return 0; | |
1139 | } | |
1140 | ||
1141 | int moira_disconnect(void) | |
1142 | { | |
5d0a7127 | 1143 | |
cd9e6b16 | 1144 | if (!--mr_connections) |
5d0a7127 | 1145 | { |
cd9e6b16 | 1146 | mr_disconnect(); |
5d0a7127 | 1147 | } |
cd9e6b16 | 1148 | return 0; |
5d0a7127 | 1149 | } |
1150 | ||
1151 | int convert_domain_to_dn(char *domain, char **dnp) | |
1152 | { | |
cd9e6b16 | 1153 | char *fp; |
1154 | char *dp; | |
1155 | char dn[1024]; | |
1156 | int dnlen = 1; | |
1157 | ||
5d0a7127 | 1158 | memset(dn, 0, sizeof(dn)); |
1159 | strcpy(dn, "dc="); | |
1160 | dp = dn+3; | |
1161 | for (fp = domain; *fp; fp++) | |
1162 | { | |
1163 | if (*fp == '.') | |
cd9e6b16 | 1164 | { |
1165 | strcpy(dp, ",dc="); | |
1166 | dp += 4; | |
1167 | } | |
5d0a7127 | 1168 | else |
cd9e6b16 | 1169 | *dp++ = *fp; |
5d0a7127 | 1170 | } |
cd9e6b16 | 1171 | |
5d0a7127 | 1172 | *dnp = (char *)strdup(dn); |
1173 | return 0; | |
1174 | } | |
1175 | ||
1176 | void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry, | |
cd9e6b16 | 1177 | char *distinguished_name) |
5d0a7127 | 1178 | { |
cd9e6b16 | 1179 | char *CName; |
1180 | ||
5d0a7127 | 1181 | CName = ldap_get_dn(ldap_handle, ldap_entry); |
1182 | if (CName == NULL) | |
1183 | return; | |
1184 | strcpy(distinguished_name, CName); | |
1185 | ldap_memfree(CName); | |
1186 | } | |
1187 | ||
1188 | int linklist_create_entry(char *attribute, char *value, | |
cd9e6b16 | 1189 | LK_ENTRY **linklist_entry) |
5d0a7127 | 1190 | { |
1191 | (*linklist_entry) = calloc(1, sizeof(LK_ENTRY)); | |
1192 | if (!(*linklist_entry)) | |
1193 | { | |
1194 | return(1); | |
1195 | } | |
1196 | memset((*linklist_entry), '\0', sizeof(LK_ENTRY)); | |
1197 | (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1); | |
1198 | memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1); | |
1199 | strcpy((*linklist_entry)->attribute, attribute); | |
1200 | (*linklist_entry)->value = calloc(1, strlen(value) + 1); | |
1201 | memset((*linklist_entry)->value, '\0', strlen(value) + 1); | |
1202 | strcpy((*linklist_entry)->value, value); | |
1203 | (*linklist_entry)->length = strlen(value); | |
1204 | (*linklist_entry)->next = NULL; | |
1205 | return(0); | |
1206 | } | |
1207 | ||
1208 | void print_to_screen(const char *fmt, ...) | |
1209 | { | |
1210 | va_list pvar; | |
cd9e6b16 | 1211 | |
5d0a7127 | 1212 | va_start(pvar, fmt); |
1213 | vfprintf(stderr, fmt, pvar); | |
1214 | fflush(stderr); | |
1215 | va_end(pvar); | |
1216 | } | |
cd9e6b16 | 1217 | |
1218 | int get_group_membership(char *group_membership, char *group_ou, | |
1219 | int *security_flag, char **av) | |
1220 | { | |
1221 | int maillist_flag; | |
1222 | int group_flag; | |
1223 | ||
1224 | maillist_flag = atoi(av[L_MAILLIST]); | |
1225 | group_flag = atoi(av[L_GROUP]); | |
1226 | if (security_flag != NULL) | |
1227 | (*security_flag) = 0; | |
1228 | ||
1229 | if ((maillist_flag) && (group_flag)) | |
1230 | { | |
1231 | if (group_membership != NULL) | |
1232 | group_membership[0] = 'B'; | |
1233 | if (security_flag != NULL) | |
1234 | (*security_flag) = 1; | |
1235 | if (group_ou != NULL) | |
1236 | strcpy(group_ou, group_ou_both); | |
1237 | } | |
1238 | else if ((!maillist_flag) && (group_flag)) | |
1239 | { | |
1240 | if (group_membership != NULL) | |
1241 | group_membership[0] = 'S'; | |
1242 | if (security_flag != NULL) | |
1243 | (*security_flag) = 1; | |
1244 | if (group_ou != NULL) | |
1245 | strcpy(group_ou, group_ou_security); | |
1246 | } | |
1247 | else if ((maillist_flag) && (!group_flag)) | |
1248 | { | |
1249 | if (group_membership != NULL) | |
1250 | group_membership[0] = 'D'; | |
1251 | if (group_ou != NULL) | |
1252 | strcpy(group_ou, group_ou_distribution); | |
1253 | } | |
1254 | else | |
1255 | { | |
1256 | if (group_membership != NULL) | |
1257 | group_membership[0] = 'N'; | |
1258 | if (group_ou != NULL) | |
1259 | strcpy(group_ou, group_ou_neither); | |
1260 | } | |
1261 | return(0); | |
1262 | } | |
1263 | ||
1264 | int get_group_info(int ac, char**av, void *ptr) | |
1265 | { | |
1266 | char **call_args; | |
1267 | ||
1268 | call_args = ptr; | |
1269 | ||
1270 | if (!atoi(av[L_ACTIVE])) | |
1271 | return(0); | |
1272 | if (ptr == NULL) | |
1273 | get_group_membership(GroupType, NULL, NULL, av); | |
1274 | else | |
1275 | get_group_membership(call_args[4], call_args[3], NULL, av); | |
1276 | ||
1277 | return(0); | |
1278 | } | |
1279 | ||
1280 | int group_create(int ac, char **av, void *ptr) | |
1281 | { | |
1282 | LDAPMod *mods[20]; | |
1283 | char new_dn[256]; | |
1284 | char group_ou[256]; | |
1285 | char new_group_name[256]; | |
1286 | char sam_group_name[256]; | |
1287 | char cn_group_name[256]; | |
1288 | char *cn_v[] = {NULL, NULL}; | |
1289 | char *objectClass_v[] = {"top", "group", NULL}; | |
1290 | char info[256]; | |
1291 | char *samAccountName_v[] = {NULL, NULL}; | |
1292 | char *managedBy_v[] = {NULL, NULL}; | |
1293 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
1294 | char *name_v[] = {NULL, NULL}; | |
1295 | char *desc_v[] = {NULL, NULL}; | |
1296 | char *info_v[] = {NULL, NULL}; | |
1297 | char *groupTypeControl_v[] = {NULL, NULL}; | |
1298 | char groupTypeControlStr[80]; | |
1299 | char group_membership[1]; | |
1300 | int i; | |
1301 | int security_flag; | |
1302 | u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP; | |
1303 | int n; | |
1304 | int rc; | |
1305 | int sid_count; | |
1306 | char filter_exp[256]; | |
1307 | char *attr_array[3]; | |
1308 | char **call_args; | |
1309 | ||
1310 | call_args = ptr; | |
1311 | ||
1312 | if (!atoi(av[L_ACTIVE])) | |
1313 | return(0); | |
1314 | if (!check_string(av[L_NAME])) | |
1315 | return(0); | |
1316 | memset(group_ou, 0, sizeof(group_ou)); | |
1317 | memset(group_membership, 0, sizeof(group_membership)); | |
1318 | security_flag = 0; | |
1319 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
1320 | call_args[3] = strdup(group_ou); | |
1321 | call_args[4] = strdup(group_membership); | |
1322 | ||
1323 | if (security_flag) | |
1324 | groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED; | |
1325 | sprintf(groupTypeControlStr, "%ld", groupTypeControl); | |
1326 | groupTypeControl_v[0] = groupTypeControlStr; | |
1327 | ||
1328 | strcpy(new_group_name, av[L_NAME]); | |
1329 | strcpy(sam_group_name, av[L_NAME]); | |
1330 | strcpy(cn_group_name, av[L_NAME]); | |
1331 | sprintf(&sam_group_name[strlen(sam_group_name)], | |
1332 | "_zZx%c", group_membership[0]); | |
1333 | ||
1334 | samAccountName_v[0] = sam_group_name; | |
1335 | name_v[0] = new_group_name; | |
1336 | cn_v[0] = cn_group_name; | |
1337 | ||
1338 | sprintf(new_dn, "cn=%s,%s,%s", cn_group_name, group_ou, call_args[1]); | |
1339 | n = 0; | |
1340 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
1341 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1342 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
1343 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1344 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1345 | if (strlen(av[L_DESC]) != 0) | |
1346 | { | |
1347 | desc_v[0] = av[L_DESC]; | |
1348 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1349 | } | |
1350 | ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD); | |
1351 | if (!strcmp(av[L_ACE_TYPE], "LIST")) | |
1352 | { | |
1353 | sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]); | |
1354 | info_v[0] = info; | |
1355 | ADD_ATTR("info", info_v, LDAP_MOD_ADD); | |
1356 | } | |
1357 | mods[n] = NULL; | |
1358 | ||
1359 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
1360 | ||
1361 | for (i = 0; i < n; i++) | |
1362 | free(mods[i]); | |
1363 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
1364 | return(rc); | |
1365 | sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name); | |
1366 | attr_array[0] = "objectSid"; | |
1367 | attr_array[1] = NULL; | |
1368 | sid_count = 0; | |
1369 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
1370 | sid_ptr, &sid_count)) == LDAP_SUCCESS) | |
1371 | { | |
1372 | if (sid_count == 1) | |
1373 | { | |
1374 | (*sid_ptr)->member = strdup(av[L_NAME]); | |
1375 | (*sid_ptr)->type = (char *)GROUPS; | |
1376 | sid_ptr = &(*sid_ptr)->next; | |
1377 | } | |
1378 | } | |
1379 | return(LDAP_SUCCESS); | |
1380 | } | |
1381 | ||
1382 | int group_delete(int ac, char **av, void *ptr) | |
1383 | { | |
1384 | LK_ENTRY *group_base; | |
1385 | char **call_args; | |
1386 | char *attr_array[3]; | |
1387 | char filter_exp[1024]; | |
1388 | char group_membership[1]; | |
1389 | char group_ou[256]; | |
1390 | char sam_group_name[256]; | |
1391 | int security_flag; | |
1392 | int group_count; | |
1393 | int rc; | |
1394 | ||
1395 | call_args = ptr; | |
1396 | ||
1397 | if (!check_string(av[L_NAME])) | |
1398 | return(0); | |
1399 | memset(group_ou, 0, sizeof(group_ou)); | |
1400 | memset(group_membership, 0, sizeof(group_membership)); | |
1401 | security_flag = 0; | |
1402 | get_group_membership(group_membership, group_ou, &security_flag, av); | |
1403 | ||
1404 | group_count = 0; | |
1405 | group_base = NULL; | |
1406 | attr_array[0] = "distinguishedName"; | |
1407 | attr_array[1] = NULL; | |
1408 | strcpy(sam_group_name, av[L_NAME]); | |
1409 | sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c", | |
1410 | group_membership[0]); | |
1411 | sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name); | |
1412 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, | |
1413 | attr_array, &group_base, &group_count)) != 0) | |
1414 | goto cleanup; | |
1415 | if (group_count == 1) | |
1416 | rc = ldap_delete_s((LDAP *)call_args[0], group_base->value); | |
1417 | if (rc != LDAP_SUCCESS) | |
1418 | { | |
1419 | critical_alert("AD incremental", | |
1420 | "Couldn't delete group %s: %s", | |
1421 | av[L_NAME], ldap_err2string(rc)); | |
1422 | } | |
1423 | cleanup: | |
1424 | linklist_free(group_base); | |
1425 | return(rc); | |
1426 | } | |
1427 | ||
1428 | int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name) | |
1429 | { | |
1430 | LK_ENTRY *group_base; | |
1431 | char *attr_array[3]; | |
1432 | char filter_exp[1024]; | |
1433 | char sam_group_name[256]; | |
1434 | char temp[512]; | |
1435 | int group_count; | |
1436 | int rc; | |
1437 | ||
1438 | if (!check_string(group_name)) | |
1439 | return(0); | |
1440 | ||
1441 | rc = 1; | |
1442 | group_count = 0; | |
1443 | group_base = NULL; | |
1444 | attr_array[0] = "distinguishedName"; | |
1445 | attr_array[1] = NULL; | |
1446 | strcpy(sam_group_name, group_name); | |
1447 | sprintf(temp, "%s,%s", group_ou_root, dn_path); | |
1448 | sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name); | |
1449 | if (linklist_build(ldap_handle, temp, filter_exp, attr_array, | |
1450 | &group_base, &group_count) != 0) | |
1451 | goto cleanup; | |
1452 | if (group_count == 1) | |
1453 | { | |
1454 | rc = ldap_delete_s(ldap_handle, group_base->value); | |
1455 | if (rc != LDAP_SUCCESS) | |
1456 | { | |
1457 | critical_alert("AD incremental", | |
1458 | "Couldn't delete group %s", | |
1459 | group_name); | |
1460 | } | |
1461 | } | |
1462 | cleanup: | |
1463 | linklist_free(group_base); | |
1464 | return(rc); | |
1465 | } | |
1466 | ||
1467 | int group_list_build(int ac, char **av, void *ptr) | |
1468 | { | |
1469 | LK_ENTRY *linklist; | |
1470 | char **call_args; | |
1471 | ||
1472 | call_args = ptr; | |
1473 | ||
1474 | if (!atoi(av[L_ACTIVE])) | |
1475 | return(0); | |
1476 | if (!check_string(av[L_NAME])) | |
1477 | return(0); | |
1478 | linklist = calloc(1, sizeof(LK_ENTRY)); | |
1479 | if (!linklist) | |
1480 | { | |
1481 | critical_alert("AD incremental", "Out of memory"); | |
1482 | exit(1); | |
1483 | } | |
1484 | memset(linklist, '\0', sizeof(LK_ENTRY)); | |
1485 | linklist->op = 1; | |
1486 | linklist->dn = NULL; | |
1487 | linklist->list = calloc(1, strlen(av[L_NAME]) + 1); | |
1488 | strcpy(linklist->list, av[L_NAME]); | |
1489 | linklist->type = calloc(1, strlen("USER") + 1); | |
1490 | strcpy(linklist->type, "USER"); | |
1491 | linklist->member = calloc(1, strlen(call_args[0]) + 1); | |
1492 | strcpy(linklist->member, call_args[0]); | |
1493 | linklist->next = member_base; | |
1494 | member_base = linklist; | |
1495 | return(0); | |
1496 | } | |
1497 | ||
1498 | int member_list_build(int ac, char **av, void *ptr) | |
1499 | { | |
1500 | LK_ENTRY *linklist; | |
1501 | char temp[128]; | |
1502 | char **call_args; | |
1503 | ||
1504 | call_args = ptr; | |
1505 | ||
1506 | strcpy(temp, av[ACE_NAME]); | |
1507 | if (!check_string(temp)) | |
1508 | return(0); | |
1509 | if (!strcmp(av[ACE_TYPE], "STRING")) | |
1510 | { | |
1511 | contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou); | |
1512 | } | |
1513 | else if (!strcmp(av[ACE_TYPE], "LIST")) | |
1514 | { | |
1515 | strcpy(temp, av[ACE_NAME]); | |
1516 | } | |
1517 | else if (strcmp(av[ACE_TYPE], "USER")) | |
1518 | { | |
1519 | contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou); | |
1520 | } | |
1521 | linklist = member_base; | |
1522 | while (linklist) | |
1523 | { | |
1524 | if (!strcasecmp(temp, linklist->member)) | |
1525 | return(0); | |
1526 | linklist = linklist->next; | |
1527 | } | |
1528 | linklist = calloc(1, sizeof(LK_ENTRY)); | |
1529 | linklist->op = 1; | |
1530 | linklist->dn = NULL; | |
1531 | linklist->list = calloc(1, strlen(call_args[2]) + 1); | |
1532 | strcpy(linklist->list, call_args[2]); | |
1533 | linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1); | |
1534 | strcpy(linklist->type, av[ACE_TYPE]); | |
1535 | linklist->member = calloc(1, strlen(temp) + 1); | |
1536 | strcpy(linklist->member, temp); | |
1537 | linklist->next = member_base; | |
1538 | member_base = linklist; | |
1539 | return(0); | |
1540 | } | |
1541 | ||
1542 | #define USER_COUNT 5 | |
1543 | ||
1544 | int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name, | |
1545 | char *group_ou, char *group_membership) | |
1546 | { | |
1547 | char distinguished_name[1024]; | |
1548 | char **modvalues; | |
1549 | char filter_exp[4096]; | |
1550 | char *attr_array[3]; | |
1551 | char temp[256]; | |
1552 | char group_member[256]; | |
1553 | char *args[2]; | |
1554 | int group_count; | |
1555 | int new_list_count; | |
1556 | int i; | |
1557 | int j; | |
1558 | int k; | |
1559 | int n; | |
1560 | int filter_count; | |
1561 | LDAPMod *mods[20]; | |
1562 | LK_ENTRY *group_base; | |
1563 | LK_ENTRY *new_list; | |
1564 | LK_ENTRY *sPtr; | |
1565 | LK_ENTRY *pPtr; | |
1566 | ULONG rc; | |
1567 | ||
1568 | rc = 0; | |
1569 | group_base = NULL; | |
1570 | group_count = 0; | |
1571 | modvalues = NULL; | |
1572 | ||
1573 | pPtr = member_base; | |
1574 | while (pPtr) | |
1575 | { | |
1576 | ++group_count; | |
1577 | pPtr = pPtr->next; | |
1578 | } | |
1579 | j = group_count/USER_COUNT; | |
1580 | ++j; | |
1581 | ||
1582 | if (!check_string(group_name)) | |
1583 | return(0); | |
1584 | strcpy(temp, group_name); | |
1585 | sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", temp, group_membership[0]); | |
1586 | attr_array[0] = "distinguishedName"; | |
1587 | attr_array[1] = NULL; | |
1588 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1589 | &group_base, &group_count)) != 0) | |
1590 | { | |
1591 | critical_alert("AD incremental", | |
1592 | "LDAP server unable to get group %s info: %d", | |
1593 | group_name, rc); | |
1594 | rc = 1; | |
1595 | goto cleanup; | |
1596 | } | |
1597 | if (group_count != 1) | |
1598 | { | |
1599 | critical_alert("AD incremental", | |
1600 | "LDAP server unable to find group %s in AD.", | |
1601 | group_name); | |
1602 | rc = 1; | |
1603 | goto cleanup; | |
1604 | } | |
1605 | strcpy(distinguished_name, group_base->value); | |
1606 | linklist_free(group_base); | |
1607 | group_base = NULL; | |
1608 | group_count = 0; | |
1609 | ||
1610 | pPtr = member_base; | |
1611 | for (i = 0; i < j; i++) | |
1612 | { | |
1613 | if (pPtr == NULL) | |
1614 | break; | |
1615 | memset(filter_exp, 0, sizeof(filter_exp)); | |
1616 | strcpy(filter_exp, "(|"); | |
1617 | filter_count = 0; | |
1618 | for (k = 0; k < USER_COUNT; k++) | |
1619 | { | |
1620 | strcpy(group_member, pPtr->member); | |
1621 | if (!check_string(group_member)) | |
1622 | { | |
1623 | pPtr = pPtr->next; | |
1624 | if (pPtr == NULL) | |
1625 | break; | |
1626 | continue; | |
1627 | } | |
1628 | if (!strcmp(pPtr->type, "LIST")) | |
1629 | { | |
1630 | args[0] = pPtr->member; | |
1631 | rc = mr_query("get_list_info", 1, args, get_group_info, NULL); | |
1632 | sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, | |
1633 | GroupType[0]); | |
1634 | } | |
1635 | else if (!strcmp(pPtr->type, "USER")) | |
1636 | { | |
1637 | sprintf(temp, "(sAMAccountName=%s)", group_member); | |
1638 | } | |
1639 | else if (!strcmp(pPtr->type, "STRING")) | |
1640 | { | |
1641 | sprintf(temp, "(cn=%s,%s,%s)", group_member, contact_ou, dn_path); | |
1642 | } | |
1643 | else | |
1644 | { | |
1645 | sprintf(temp, "(cn=%s,%s,%s)", group_member, kerberos_ou, dn_path); | |
1646 | } | |
1647 | strcat(filter_exp, temp); | |
1648 | ++filter_count; | |
1649 | pPtr = pPtr->next; | |
1650 | if (pPtr == NULL) | |
1651 | break; | |
1652 | } | |
1653 | if (filter_count == 0) | |
1654 | continue; | |
1655 | strcat(filter_exp, ")"); | |
1656 | attr_array[0] = "distinguishedName"; | |
1657 | attr_array[1] = NULL; | |
1658 | new_list = NULL; | |
1659 | new_list_count = 0; | |
1660 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1661 | &new_list, &new_list_count)) != 0) | |
1662 | { | |
1663 | critical_alert("AD incremental", | |
1664 | "LDAP server unable to get group %s members from AD: %d", | |
1665 | group_name, rc); | |
1666 | rc = 1; | |
1667 | goto cleanup; | |
1668 | } | |
1669 | group_count += new_list_count; | |
1670 | if (group_base == NULL) | |
1671 | group_base = new_list; | |
1672 | else | |
1673 | { | |
1674 | sPtr = group_base; | |
1675 | while (sPtr) | |
1676 | { | |
1677 | if (sPtr->next != NULL) | |
1678 | { | |
1679 | sPtr = sPtr->next; | |
1680 | continue; | |
1681 | } | |
1682 | sPtr->next = new_list; | |
1683 | break; | |
1684 | } | |
1685 | } | |
1686 | } | |
1687 | ||
1688 | modvalues = NULL; | |
1689 | if (group_count != 0) | |
1690 | { | |
1691 | if ((rc = construct_newvalues(group_base, group_count, NULL, NULL, | |
1692 | &modvalues, REPLACE)) == 1) | |
1693 | goto cleanup; | |
1694 | n = 0; | |
1695 | ADD_ATTR("member", modvalues, LDAP_MOD_ADD); | |
1696 | mods[n] = NULL; | |
1697 | if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) | |
1698 | != LDAP_SUCCESS) | |
1699 | { | |
1700 | mods[0]->mod_op = LDAP_MOD_REPLACE; | |
1701 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
1702 | } | |
1703 | if (rc == LDAP_ALREADY_EXISTS) | |
1704 | rc = LDAP_SUCCESS; | |
1705 | for (i = 0; i < n; i++) | |
1706 | free(mods[i]); | |
1707 | linklist_free(group_base); | |
1708 | group_count = 0; | |
1709 | group_base = NULL; | |
1710 | } | |
1711 | ||
1712 | cleanup: | |
1713 | free_values(modvalues); | |
1714 | linklist_free(group_base); | |
1715 | return(rc); | |
1716 | } | |
1717 | ||
1718 | int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou) | |
1719 | { | |
1720 | LDAPMod *mods[20]; | |
1721 | char new_dn[256]; | |
1722 | char cn_user_name[256]; | |
1723 | char contact_name[256]; | |
1724 | char *cn_v[] = {NULL, NULL}; | |
1725 | char *contact_v[] = {NULL, NULL}; | |
1726 | char *objectClass_v[] = {"top", "person", | |
1727 | "organizationalPerson", | |
1728 | "contact", NULL}; | |
1729 | char *name_v[] = {NULL, NULL}; | |
1730 | char *desc_v[] = {NULL, NULL}; | |
1731 | int n; | |
1732 | int rc; | |
1733 | int i; | |
1734 | ||
1735 | if (!check_string(user)) | |
1736 | return(0); | |
1737 | strcpy(contact_name, user); | |
1738 | sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path); | |
1739 | cn_v[0] = cn_user_name; | |
1740 | contact_v[0] = contact_name; | |
1741 | name_v[0] = user; | |
1742 | desc_v[0] = "Auto account created by Moira"; | |
1743 | ||
1744 | strcpy(new_dn, cn_user_name); | |
1745 | n = 0; | |
1746 | ADD_ATTR("cn", contact_v, LDAP_MOD_ADD); | |
1747 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1748 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1749 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1750 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1751 | mods[n] = NULL; | |
1752 | ||
1753 | rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL); | |
1754 | for (i = 0; i < n; i++) | |
1755 | free(mods[i]); | |
1756 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
1757 | return(rc); | |
1758 | return(LDAP_SUCCESS); | |
1759 | } | |
1760 | ||
1761 | int user_create(int ac, char **av, void *ptr) | |
1762 | { | |
1763 | LDAPMod *mods[20]; | |
1764 | char new_dn[256]; | |
1765 | char user_name[256]; | |
1766 | char *cn_v[] = {NULL, NULL}; | |
1767 | char *objectClass_v[] = {"top", "person", | |
1768 | "organizationalPerson", | |
1769 | "user", NULL}; | |
1770 | ||
1771 | char *samAccountName_v[] = {NULL, NULL}; | |
1772 | char *altSecurityIdentities_v[] = {NULL, NULL}; | |
1773 | char *name_v[] = {NULL, NULL}; | |
1774 | char *desc_v[] = {NULL, NULL}; | |
1775 | char upn[256]; | |
1776 | char *userPrincipalName_v[] = {NULL, NULL}; | |
1777 | char *userAccountControl_v[] = {NULL, NULL}; | |
1778 | char userAccountControlStr[80]; | |
1779 | char temp[128]; | |
1780 | u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE; | |
1781 | int n; | |
1782 | int rc; | |
1783 | int i; | |
1784 | int sid_count; | |
1785 | char filter_exp[256]; | |
1786 | char *attr_array[3]; | |
1787 | char **call_args; | |
1788 | ||
1789 | call_args = ptr; | |
1790 | ||
1791 | if (!check_string(av[U_NAME])) | |
1792 | return(0); | |
1793 | if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) && | |
1794 | (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED)) | |
1795 | if (!strncmp(av[U_NAME], "#", 1)) | |
1796 | return(0); | |
1797 | strcpy(user_name, av[U_NAME]); | |
1798 | sprintf(upn, "%s@%s", user_name, ldap_domain); | |
1799 | samAccountName_v[0] = user_name; | |
1800 | if (atoi(av[U_STATE]) == US_DELETED) | |
1801 | userAccountControl |= UF_ACCOUNTDISABLE; | |
1802 | sprintf(userAccountControlStr, "%ld", userAccountControl); | |
1803 | userAccountControl_v[0] = userAccountControlStr; | |
1804 | userPrincipalName_v[0] = upn; | |
1805 | ||
1806 | cn_v[0] = user_name; | |
1807 | name_v[0] = user_name; | |
1808 | desc_v[0] = "Auto account created by Moira"; | |
1809 | sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM); | |
1810 | altSecurityIdentities_v[0] = temp; | |
1811 | sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]); | |
1812 | ||
1813 | n = 0; | |
1814 | ADD_ATTR("cn", cn_v, LDAP_MOD_ADD); | |
1815 | ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD); | |
1816 | ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD); | |
1817 | ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD); | |
1818 | ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD); | |
1819 | ADD_ATTR("name", name_v, LDAP_MOD_ADD); | |
1820 | ADD_ATTR("displayName", name_v, LDAP_MOD_ADD); | |
1821 | ADD_ATTR("description", desc_v, LDAP_MOD_ADD); | |
1822 | ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD); | |
1823 | mods[n] = NULL; | |
1824 | ||
1825 | rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL); | |
1826 | for (i = 0; i < n; i++) | |
1827 | free(mods[i]); | |
1828 | if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS)) | |
1829 | return(rc); | |
1830 | if (rc == LDAP_SUCCESS) | |
1831 | { | |
1832 | if ((rc = set_password(user_name, ldap_domain)) != 0) | |
1833 | { | |
1834 | critical_alert("AD incremental", "Couldn't set password for user %s", | |
1835 | user_name); | |
1836 | return(rc); | |
1837 | } | |
1838 | } | |
1839 | sprintf(filter_exp, "(sAMAccountName=%s)", user_name); | |
1840 | attr_array[0] = "objectSid"; | |
1841 | attr_array[1] = NULL; | |
1842 | sid_count = 0; | |
1843 | if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array, | |
1844 | sid_ptr, &sid_count)) == LDAP_SUCCESS) | |
1845 | { | |
1846 | if (sid_count == 1) | |
1847 | { | |
1848 | (*sid_ptr)->member = strdup(av[U_NAME]); | |
1849 | (*sid_ptr)->type = (char *)USERS; | |
1850 | sid_ptr = &(*sid_ptr)->next; | |
1851 | } | |
1852 | } | |
1853 | return(LDAP_SUCCESS); | |
1854 | return(LDAP_SUCCESS); | |
1855 | } | |
1856 | ||
1857 | int group_update_membership(LDAP *ldap_handle, char *dn_path, char *group_name) | |
1858 | { | |
1859 | char group_ou[512]; | |
1860 | char group_membership[3]; | |
1861 | char *call_args[6]; | |
1862 | char *av[2]; | |
1863 | int rc; | |
1864 | ||
1865 | member_base = NULL; | |
1866 | memset(group_ou, 0, sizeof(group_ou)); | |
1867 | memset(group_membership, 0, sizeof(group_membership)); | |
1868 | av[0] = group_name; | |
1869 | call_args[0] = (char *)ldap_handle; | |
1870 | call_args[1] = dn_path; | |
1871 | call_args[2] = group_name; | |
1872 | call_args[3] = group_ou; | |
1873 | call_args[4] = group_membership; | |
1874 | if (rc = mr_query("get_list_info", 1, av, get_group_info, call_args)) | |
1875 | { | |
1876 | critical_alert("AD incremental", | |
1877 | "Moira error retrieving information from list %s: %s", | |
1878 | group_name, error_message(rc)); | |
1879 | return(rc); | |
1880 | } | |
1881 | ||
1882 | if (rc = mr_query("get_members_of_list", 1, av, member_list_build, | |
1883 | call_args)) | |
1884 | { | |
1885 | critical_alert("AD incremental", | |
1886 | "Moira error retrieving list members from list %s: %s", | |
1887 | group_name, error_message(rc)); | |
1888 | goto cleanup; | |
1889 | } | |
1890 | if (rc = member_list_process(ldap_handle, dn_path, group_name, call_args[3], | |
1891 | call_args[4])) | |
1892 | { | |
1893 | if ((rc != 0) && (rc != 1)) | |
1894 | { | |
1895 | critical_alert("AD incremental", | |
1896 | "LDAP error updating AD membership list for list %s: %d", | |
1897 | group_name, rc); | |
1898 | } | |
1899 | goto cleanup; | |
1900 | } | |
1901 | cleanup: | |
1902 | linklist_free(member_base); | |
1903 | return(rc); | |
1904 | } | |
1905 | ||
1906 | int user_change_status(LDAP *ldap_handle, char *dn_path, char *u_name, | |
1907 | int operation) | |
1908 | { | |
1909 | char filter_exp[1024]; | |
1910 | char *attr_array[3]; | |
1911 | char temp[256]; | |
1912 | char distinguished_name[1024]; | |
1913 | char user_name[512]; | |
1914 | char **modvalues; | |
1915 | LDAPMod *mods[20]; | |
1916 | LK_ENTRY *group_base; | |
1917 | int group_count; | |
1918 | int rc; | |
1919 | int i; | |
1920 | int n; | |
1921 | ULONG ulongValue; | |
1922 | ||
1923 | if (!check_string(u_name)) | |
1924 | return(0); | |
1925 | strcpy(user_name, u_name); | |
1926 | group_count = 0; | |
1927 | group_base = NULL; | |
1928 | sprintf(filter_exp, "(sAMAccountName=%s)", user_name); | |
1929 | attr_array[0] = "UserAccountControl"; | |
1930 | attr_array[1] = NULL; | |
1931 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1932 | &group_base, &group_count)) != 0) | |
1933 | { | |
1934 | critical_alert("AD incremental", | |
1935 | "LDAP server couldn't process user %s: %s", | |
1936 | user_name, "no memory"); | |
1937 | goto cleanup; | |
1938 | } | |
1939 | ||
1940 | if (group_count == 0) | |
1941 | { | |
1942 | critical_alert("AD incremental", | |
1943 | "LDAP server couldn't process user %s: %s", | |
1944 | user_name, "user not found in AD"); | |
1945 | goto cleanup; | |
1946 | } | |
1947 | ||
1948 | strcpy(distinguished_name, group_base->dn); | |
1949 | ulongValue = atoi((*group_base).value); | |
1950 | if (operation == MEMBER_DEACTIVATE) | |
1951 | ulongValue |= UF_ACCOUNTDISABLE; | |
1952 | else | |
1953 | ulongValue &= ~UF_ACCOUNTDISABLE; | |
1954 | sprintf(temp, "%ld", ulongValue); | |
1955 | if ((rc = construct_newvalues(group_base, group_count, (*group_base).value, | |
1956 | temp, &modvalues, REPLACE)) == 1) | |
1957 | goto cleanup; | |
1958 | linklist_free(group_base); | |
1959 | group_base = NULL; | |
1960 | group_count = 0; | |
1961 | n = 0; | |
1962 | ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE); | |
1963 | mods[n] = NULL; | |
1964 | rc = ldap_modify_s(ldap_handle, distinguished_name, mods); | |
1965 | for (i = 0; i < n; i++) | |
1966 | free(mods[i]); | |
1967 | free_values(modvalues); | |
1968 | if (rc != LDAP_SUCCESS) | |
1969 | { | |
1970 | critical_alert("AD incremental", | |
1971 | "LDAP server couldn't process user %s: %d", | |
1972 | user_name, rc); | |
1973 | } | |
1974 | cleanup: | |
1975 | linklist_free(group_base); | |
1976 | return(rc); | |
1977 | } | |
1978 | ||
1979 | int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name) | |
1980 | { | |
1981 | char filter_exp[1024]; | |
1982 | char *attr_array[3]; | |
1983 | char distinguished_name[1024]; | |
1984 | char user_name[512]; | |
1985 | LK_ENTRY *group_base; | |
1986 | int group_count; | |
1987 | int rc; | |
1988 | ||
1989 | if (!check_string(u_name)) | |
1990 | return(0); | |
1991 | strcpy(user_name, u_name); | |
1992 | group_count = 0; | |
1993 | group_base = NULL; | |
1994 | sprintf(filter_exp, "(sAMAccountName=%s)", user_name); | |
1995 | attr_array[0] = "name"; | |
1996 | attr_array[1] = NULL; | |
1997 | if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array, | |
1998 | &group_base, &group_count)) != 0) | |
1999 | { | |
2000 | critical_alert("AD incremental", | |
2001 | "LDAP server couldn't process user %s: %s", | |
2002 | user_name, "no memory"); | |
2003 | goto cleanup; | |
2004 | } | |
2005 | ||
2006 | if (group_count == 0) | |
2007 | { | |
2008 | critical_alert("AD incremental", | |
2009 | "LDAP server couldn't process user %s: %s", | |
2010 | user_name, "user not found in AD"); | |
2011 | goto cleanup; | |
2012 | } | |
2013 | ||
2014 | strcpy(distinguished_name, group_base->dn); | |
2015 | if (rc = ldap_delete_s(ldap_handle, distinguished_name)) | |
2016 | { | |
2017 | critical_alert("AD incremental", | |
2018 | "LDAP server couldn't process user %s: %s", | |
2019 | user_name, "cannot delete user from AD"); | |
2020 | } | |
2021 | ||
2022 | cleanup: | |
2023 | linklist_free(group_base); | |
2024 | return(rc); | |
2025 | } | |
2026 | ||
2027 | void linklist_free(LK_ENTRY *linklist_base) | |
2028 | { | |
2029 | LK_ENTRY *linklist_previous; | |
2030 | ||
2031 | while (linklist_base != NULL) | |
2032 | { | |
2033 | if (linklist_base->dn != NULL) | |
2034 | free(linklist_base->dn); | |
2035 | if (linklist_base->attribute != NULL) | |
2036 | free(linklist_base->attribute); | |
2037 | if (linklist_base->value != NULL) | |
2038 | free(linklist_base->value); | |
2039 | if (linklist_base->member != NULL) | |
2040 | free(linklist_base->member); | |
2041 | if (linklist_base->type != NULL) | |
2042 | free(linklist_base->type); | |
2043 | if (linklist_base->list != NULL) | |
2044 | free(linklist_base->list); | |
2045 | linklist_previous = linklist_base; | |
2046 | linklist_base = linklist_previous->next; | |
2047 | free(linklist_previous); | |
2048 | } | |
2049 | } | |
2050 | ||
2051 | void free_values(char **modvalues) | |
2052 | { | |
2053 | int i; | |
2054 | ||
2055 | i = 0; | |
2056 | if (modvalues != NULL) | |
2057 | { | |
2058 | while (modvalues[i] != NULL) | |
2059 | { | |
2060 | free(modvalues[i]); | |
2061 | modvalues[i] = NULL; | |
2062 | ++i; | |
2063 | } | |
2064 | free(modvalues); | |
2065 | } | |
2066 | } | |
2067 | ||
2068 | int sid_update(LDAP *ldap_handle, char *dn_path) | |
2069 | { | |
2070 | LK_ENTRY *ptr; | |
2071 | int rc; | |
2072 | unsigned char temp[126]; | |
2073 | char *av[3]; | |
2074 | ||
2075 | ptr = sid_base; | |
2076 | ||
2077 | while (ptr != NULL) | |
2078 | { | |
2079 | memset(temp, 0, sizeof(temp)); | |
2080 | convert_b_to_a(temp, ptr->value, ptr->length); | |
2081 | av[0] = ptr->member; | |
2082 | av[1] = temp; | |
2083 | if (ptr->type == (char *)GROUPS) | |
2084 | { | |
2085 | ptr->type = NULL; | |
2086 | rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL); | |
2087 | } | |
2088 | else if (ptr->type == (char *)USERS) | |
2089 | { | |
2090 | ptr->type = NULL; | |
2091 | rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL); | |
2092 | } | |
2093 | ptr = ptr->next; | |
2094 | } | |
2095 | return(0); | |
2096 | } | |
2097 | ||
2098 | void convert_b_to_a(char *string, UCHAR *binary, int length) | |
2099 | { | |
2100 | int i; | |
2101 | int j; | |
2102 | UCHAR tmp; | |
2103 | ||
2104 | j = 0; | |
2105 | for (i = 0; i < length; i++) | |
2106 | { | |
2107 | tmp = binary[i]; | |
2108 | string[j] = tmp; | |
2109 | string[j] >>= 4; | |
2110 | string[j] &= 0x0f; | |
2111 | string[j] += 0x30; | |
2112 | if (string[j] > '9') | |
2113 | string[j] += 0x27; | |
2114 | ++j; | |
2115 | string[j] = tmp & 0x0f; | |
2116 | string[j] += 0x30; | |
2117 | if (string[j] > '9') | |
2118 | string[j] += 0x27; | |
2119 | j++; | |
2120 | } | |
2121 | string[j] = 0; | |
2122 | } | |
2123 | ||
2124 | static int illegalchars[] = { | |
2125 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */ | |
2126 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */ | |
2127 | 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */ | |
2128 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */ | |
2129 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */ | |
2130 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */ | |
2131 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */ | |
2132 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */ | |
2133 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2134 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2135 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2136 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2137 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2138 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2139 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2140 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, | |
2141 | }; | |
2142 | ||
2143 | int check_string(char *s) | |
2144 | { | |
2145 | for (; *s; s++) | |
2146 | { | |
2147 | if (isupper(*s)) | |
2148 | *s = tolower(*s); | |
2149 | if (illegalchars[(unsigned) *s]) | |
2150 | return 0; | |
2151 | } | |
2152 | return 1; | |
2153 | } | |
2154 | ||
2155 | int mr_connect_cl(char *server, char *client, int version, int auth) | |
2156 | { | |
2157 | int status; | |
2158 | char *motd; | |
2159 | ||
2160 | status = mr_connect(server); | |
2161 | if (status) | |
2162 | { | |
2163 | com_err(whoami, status, "while connecting to Moira"); | |
2164 | return MRCL_FAIL; | |
2165 | } | |
2166 | ||
2167 | status = mr_motd(&motd); | |
2168 | if (status) | |
2169 | { | |
2170 | mr_disconnect(); | |
2171 | com_err(whoami, status, "while checking server status"); | |
2172 | return MRCL_FAIL; | |
2173 | } | |
2174 | if (motd) | |
2175 | { | |
2176 | fprintf(stderr, "The Moira server is currently unavailable:\n%s\n", | |
2177 | motd); | |
2178 | mr_disconnect(); | |
2179 | return MRCL_FAIL; | |
2180 | } | |
2181 | ||
2182 | status = mr_version(version); | |
2183 | if (status) | |
2184 | { | |
2185 | if (status == MR_UNKNOWN_PROC) | |
2186 | { | |
2187 | if (version > 2) | |
2188 | status = MR_VERSION_HIGH; | |
2189 | else | |
2190 | status = MR_SUCCESS; | |
2191 | } | |
2192 | ||
2193 | if (status == MR_VERSION_HIGH) | |
2194 | { | |
2195 | com_err(whoami, 0, "Warning: This client is running newer code than the server."); | |
2196 | com_err(whoami, 0, "Some operations may not work."); | |
2197 | } | |
2198 | else if (status && status != MR_VERSION_LOW) | |
2199 | { | |
2200 | com_err(whoami, status, "while setting query version number."); | |
2201 | mr_disconnect(); | |
2202 | return MRCL_FAIL; | |
2203 | } | |
2204 | } | |
2205 | ||
2206 | if (auth) | |
2207 | { | |
2208 | status = mr_auth(client); | |
2209 | if (status) | |
2210 | { | |
2211 | com_err(whoami, status, "while authenticating to Moira."); | |
2212 | mr_disconnect(); | |
2213 | return MRCL_AUTH_ERROR; | |
2214 | } | |
2215 | } | |
2216 | ||
2217 | return MRCL_SUCCESS; | |
2218 | } | |
2219 |