2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("Ldap incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("Ldap incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("Ldap incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("Ldap incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("Ldap incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("Ldap incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("Ldap incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("Ldap incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from directory",
1733 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1737 com_err(whoami, 0, "Unable to process because user %s has been "
1738 "previously expungeded", before[U_NAME]);
1743 /*process anything that gets here*/
1745 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1746 before_user_id)) == AD_NO_USER_FOUND)
1748 if (!check_string(after[U_NAME]))
1751 if (rc = moira_connect())
1753 critical_alert("Ldap incremental",
1754 "Error connection to Moira : %s",
1759 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1761 av[0] = after[U_NAME];
1762 call_args[0] = (char *)ldap_handle;
1763 call_args[1] = dn_path;
1764 call_args[2] = after_user_id;
1765 call_args[3] = NULL;
1773 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1774 attr_array[0] = "cn";
1775 attr_array[1] = NULL;
1777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1778 &group_base, &group_count,
1779 LDAP_SCOPE_SUBTREE)) != 0)
1781 com_err(whoami, 0, "Unable to process user %s : %s",
1782 after[U_NAME], ldap_err2string(rc));
1786 if (group_count >= 1)
1788 com_err(whoami, 0, "Object already exists with name %s",
1793 linklist_free(group_base);
1798 if (rc = mr_query("get_user_account_by_login", 1, av,
1799 save_query_info, save_argv))
1802 com_err(whoami, 0, "Unable to create user %s : %s",
1803 after[U_NAME], error_message(rc));
1807 if (rc = user_create(U_END, save_argv, call_args))
1809 com_err(whoami, 0, "Unable to create user %s : %s",
1810 after[U_NAME], error_message(rc));
1817 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1829 if (strcmp(before[U_NAME], after[U_NAME]))
1831 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1833 com_err(whoami, 0, "changing user %s to %s",
1834 before[U_NAME], after[U_NAME]);
1836 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1837 after[U_NAME])) != LDAP_SUCCESS)
1844 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1845 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1846 after[U_UID], after[U_MITID],
1847 after_user_id, atoi(after[U_STATE]),
1848 after[U_HOMEDIR], after[U_PROFILEDIR],
1849 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1850 after[U_SHELL], after[U_CLASS]);
1855 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1856 char *oldValue, char *newValue,
1857 char ***modvalues, int type)
1859 LK_ENTRY *linklist_ptr;
1863 if (((*modvalues) = calloc(1,
1864 (modvalue_count + 1) * sizeof(char *))) == NULL)
1869 for (i = 0; i < (modvalue_count + 1); i++)
1870 (*modvalues)[i] = NULL;
1872 if (modvalue_count != 0)
1874 linklist_ptr = linklist_base;
1875 for (i = 0; i < modvalue_count; i++)
1877 if ((oldValue != NULL) && (newValue != NULL))
1879 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1882 if (type == REPLACE)
1884 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1887 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1888 strcpy((*modvalues)[i], newValue);
1892 if (((*modvalues)[i] = calloc(1,
1893 (int)(cPtr - linklist_ptr->value) +
1894 (linklist_ptr->length -
1896 strlen(newValue) + 1)) == NULL)
1898 memset((*modvalues)[i], '\0',
1899 (int)(cPtr - linklist_ptr->value) +
1900 (linklist_ptr->length - strlen(oldValue)) +
1901 strlen(newValue) + 1);
1902 memcpy((*modvalues)[i], linklist_ptr->value,
1903 (int)(cPtr - linklist_ptr->value));
1904 strcat((*modvalues)[i], newValue);
1905 strcat((*modvalues)[i],
1906 &linklist_ptr->value[(int)(cPtr -
1907 linklist_ptr->value) + strlen(oldValue)]);
1912 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1913 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1914 memcpy((*modvalues)[i], linklist_ptr->value,
1915 linklist_ptr->length);
1920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1922 memcpy((*modvalues)[i], linklist_ptr->value,
1923 linklist_ptr->length);
1925 linklist_ptr = linklist_ptr->next;
1927 (*modvalues)[i] = NULL;
1933 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1934 char **attr_array, LK_ENTRY **linklist_base,
1935 int *linklist_count, unsigned long ScopeType)
1938 LDAPMessage *ldap_entry;
1942 (*linklist_base) = NULL;
1943 (*linklist_count) = 0;
1945 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1946 search_exp, attr_array, 0,
1947 &ldap_entry)) != LDAP_SUCCESS)
1949 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1953 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1956 ldap_msgfree(ldap_entry);
1960 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1961 LK_ENTRY **linklist_base, int *linklist_count)
1963 char distinguished_name[1024];
1964 LK_ENTRY *linklist_ptr;
1967 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1970 memset(distinguished_name, '\0', sizeof(distinguished_name));
1971 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1973 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1974 linklist_base)) != 0)
1977 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1983 distinguished_name, linklist_base)) != 0)
1987 linklist_ptr = (*linklist_base);
1988 (*linklist_count) = 0;
1990 while (linklist_ptr != NULL)
1992 ++(*linklist_count);
1993 linklist_ptr = linklist_ptr->next;
1999 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2000 char *distinguished_name, LK_ENTRY **linklist_current)
2007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2010 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2012 ldap_memfree(Attribute);
2013 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2016 retrieve_values(ldap_handle, ldap_entry, Attribute,
2017 distinguished_name, linklist_current);
2018 ldap_memfree(Attribute);
2022 ldap_ber_free(ptr, 0);
2027 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2028 char *Attribute, char *distinguished_name,
2029 LK_ENTRY **linklist_current)
2035 LK_ENTRY *linklist_previous;
2036 LDAP_BERVAL **ber_value;
2045 SID_IDENTIFIER_AUTHORITY *sid_auth;
2046 unsigned char *subauth_count;
2047 #endif /*LDAP_BEGUG*/
2050 memset(temp, '\0', sizeof(temp));
2052 if ((!strcmp(Attribute, "objectSid")) ||
2053 (!strcmp(Attribute, "objectGUID")))
2058 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2059 Ptr = (void **)ber_value;
2064 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2065 Ptr = (void **)str_value;
2073 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2076 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2077 linklist_previous->next = (*linklist_current);
2078 (*linklist_current) = linklist_previous;
2080 if (((*linklist_current)->attribute = calloc(1,
2081 strlen(Attribute) + 1)) == NULL)
2084 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2085 strcpy((*linklist_current)->attribute, Attribute);
2089 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2091 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2094 memset((*linklist_current)->value, '\0', ber_length);
2095 memcpy((*linklist_current)->value,
2096 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2097 (*linklist_current)->length = ber_length;
2101 if (((*linklist_current)->value = calloc(1,
2102 strlen(*Ptr) + 1)) == NULL)
2105 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2106 (*linklist_current)->length = strlen(*Ptr);
2107 strcpy((*linklist_current)->value, *Ptr);
2110 (*linklist_current)->ber_value = use_bervalue;
2112 if (((*linklist_current)->dn = calloc(1,
2113 strlen(distinguished_name) + 1)) == NULL)
2116 memset((*linklist_current)->dn, '\0',
2117 strlen(distinguished_name) + 1);
2118 strcpy((*linklist_current)->dn, distinguished_name);
2121 if (!strcmp(Attribute, "objectGUID"))
2123 guid = (GUID *)((*linklist_current)->value);
2125 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2126 guid->Data1, guid->Data2, guid->Data3,
2127 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2128 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2129 guid->Data4[6], guid->Data4[7]);
2130 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2132 else if (!strcmp(Attribute, "objectSid"))
2134 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2137 print_to_screen(" Revision = %d\n", sid->Revision);
2138 print_to_screen(" SID Identifier Authority:\n");
2139 sid_auth = &sid->IdentifierAuthority;
2140 if (sid_auth->Value[0])
2141 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2142 else if (sid_auth->Value[1])
2143 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2144 else if (sid_auth->Value[2])
2145 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2146 else if (sid_auth->Value[3])
2147 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2148 else if (sid_auth->Value[5])
2149 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2151 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2152 subauth_count = GetSidSubAuthorityCount(sid);
2153 print_to_screen(" SidSubAuthorityCount = %d\n",
2155 print_to_screen(" SidSubAuthority:\n");
2156 for (i = 0; i < *subauth_count; i++)
2158 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2159 print_to_screen(" %u\n", *subauth);
2163 else if ((!memcmp(Attribute, "userAccountControl",
2164 strlen("userAccountControl"))) ||
2165 (!memcmp(Attribute, "sAMAccountType",
2166 strlen("sAmAccountType"))))
2168 intValue = atoi(*Ptr);
2169 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2171 if (!memcmp(Attribute, "userAccountControl",
2172 strlen("userAccountControl")))
2174 if (intValue & UF_ACCOUNTDISABLE)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Account disabled");
2178 print_to_screen(" %20s : %s\n",
2179 "", "Account active");
2180 if (intValue & UF_HOMEDIR_REQUIRED)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Home directory required");
2183 if (intValue & UF_LOCKOUT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account locked out");
2186 if (intValue & UF_PASSWD_NOTREQD)
2187 print_to_screen(" %20s : %s\n",
2188 "", "No password required");
2189 if (intValue & UF_PASSWD_CANT_CHANGE)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Cannot change password");
2192 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Temp duplicate account");
2195 if (intValue & UF_NORMAL_ACCOUNT)
2196 print_to_screen(" %20s : %s\n",
2197 "", "Normal account");
2198 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Interdomain trust account");
2201 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Workstation trust account");
2204 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Server trust account");
2211 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2213 #endif /*LDAP_DEBUG*/
2216 if (str_value != NULL)
2217 ldap_value_free(str_value);
2219 if (ber_value != NULL)
2220 ldap_value_free_len(ber_value);
2223 (*linklist_current) = linklist_previous;
2228 int moira_connect(void)
2233 if (!mr_connections++)
2237 memset(HostName, '\0', sizeof(HostName));
2238 strcpy(HostName, "ttsp");
2239 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2243 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2252 int check_winad(void)
2256 for (i = 0; file_exists(STOP_FILE); i++)
2260 critical_alert("Ldap incremental",
2261 "Ldap incremental failed (%s exists): %s",
2262 STOP_FILE, tbl_buf);
2272 int moira_disconnect(void)
2275 if (!--mr_connections)
2283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2284 char *distinguished_name)
2288 CName = ldap_get_dn(ldap_handle, ldap_entry);
2293 strcpy(distinguished_name, CName);
2294 ldap_memfree(CName);
2297 int linklist_create_entry(char *attribute, char *value,
2298 LK_ENTRY **linklist_entry)
2300 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2302 if (!(*linklist_entry))
2307 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2308 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2309 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2310 strcpy((*linklist_entry)->attribute, attribute);
2311 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2312 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2313 strcpy((*linklist_entry)->value, value);
2314 (*linklist_entry)->length = strlen(value);
2315 (*linklist_entry)->next = NULL;
2320 void print_to_screen(const char *fmt, ...)
2324 va_start(pvar, fmt);
2325 vfprintf(stderr, fmt, pvar);
2330 int get_group_membership(char *group_membership, char *group_ou,
2331 int *security_flag, char **av)
2336 maillist_flag = atoi(av[L_MAILLIST]);
2337 group_flag = atoi(av[L_GROUP]);
2339 if (security_flag != NULL)
2340 (*security_flag) = 0;
2342 if ((maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'B';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_both);
2353 else if ((!maillist_flag) && (group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'S';
2358 if (security_flag != NULL)
2359 (*security_flag) = 1;
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_security);
2364 else if ((maillist_flag) && (!group_flag))
2366 if (group_membership != NULL)
2367 group_membership[0] = 'D';
2369 if (group_ou != NULL)
2370 strcpy(group_ou, group_ou_distribution);
2374 if (group_membership != NULL)
2375 group_membership[0] = 'N';
2377 if (group_ou != NULL)
2378 strcpy(group_ou, group_ou_neither);
2384 int group_rename(LDAP *ldap_handle, char *dn_path,
2385 char *before_group_name, char *before_group_membership,
2386 char *before_group_ou, int before_security_flag,
2387 char *before_desc, char *after_group_name,
2388 char *after_group_membership, char *after_group_ou,
2389 int after_security_flag, char *after_desc,
2390 char *MoiraId, char *filter, char *maillist)
2395 char new_dn_path[512];
2398 char mail_nickname[256];
2399 char proxy_address[256];
2400 char address_book[256];
2401 char *attr_array[3];
2402 char *mitMoiraId_v[] = {NULL, NULL};
2403 char *name_v[] = {NULL, NULL};
2404 char *samAccountName_v[] = {NULL, NULL};
2405 char *groupTypeControl_v[] = {NULL, NULL};
2406 char *mail_v[] = {NULL, NULL};
2407 char *proxy_address_v[] = {NULL, NULL};
2408 char *mail_nickname_v[] = {NULL, NULL};
2409 char *report_to_originator_v[] = {NULL, NULL};
2410 char *address_book_v[] = {NULL, NULL};
2411 char *legacy_exchange_dn_v[] = {NULL, NULL};
2412 char *null_v[] = {NULL, NULL};
2413 u_int groupTypeControl;
2414 char groupTypeControlStr[80];
2415 char contact_mail[256];
2419 LK_ENTRY *group_base;
2421 int MailDisabled = 0;
2423 if(UseGroupUniversal)
2424 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2426 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2428 if (!check_string(before_group_name))
2431 "Unable to process invalid LDAP list name %s",
2433 return(AD_INVALID_NAME);
2436 if (!check_string(after_group_name))
2439 "Unable to process invalid LDAP list name %s", after_group_name);
2440 return(AD_INVALID_NAME);
2450 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2451 attr_array[0] = "cn";
2452 attr_array[1] = NULL;
2454 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2455 &group_base, &group_count,
2456 LDAP_SCOPE_SUBTREE)) != 0)
2458 com_err(whoami, 0, "Unable to process group %s : %s",
2459 after_group_name, ldap_err2string(rc));
2465 com_err(whoami, 0, "Object already exists with name %s",
2470 linklist_free(group_base);
2479 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2480 before_group_membership,
2481 MoiraId, "samAccountName", &group_base,
2482 &group_count, filter))
2485 if (group_count == 0)
2487 return(AD_NO_GROUPS_FOUND);
2490 if (group_count != 1)
2492 com_err(whoami, 0, "Unable to process multiple groups with "
2493 "MoiraId = %s exist in the directory", MoiraId);
2494 return(AD_MULTIPLE_GROUPS_FOUND);
2497 strcpy(old_dn, group_base->dn);
2499 linklist_free(group_base);
2502 attr_array[0] = "sAMAccountName";
2503 attr_array[1] = NULL;
2505 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2506 &group_base, &group_count,
2507 LDAP_SCOPE_SUBTREE)) != 0)
2509 com_err(whoami, 0, "Unable to get list %s dn : %s",
2510 after_group_name, ldap_err2string(rc));
2514 if (group_count != 1)
2517 "Unable to get sAMAccountName for group %s",
2519 return(AD_LDAP_FAILURE);
2522 strcpy(sam_name, group_base->value);
2523 linklist_free(group_base);
2527 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2528 sprintf(new_dn, "cn=%s", after_group_name);
2529 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2530 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2531 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2532 lowercase(ldap_domain));
2533 sprintf(mail_nickname, "%s", after_group_name);
2535 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2537 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2538 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2540 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2541 before_group_name, after_group_name, ldap_err2string(rc));
2545 name_v[0] = after_group_name;
2547 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2548 group_suffix, strlen(group_suffix)))
2550 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2555 "Unable to rename list from %s to %s : sAMAccountName not found",
2556 before_group_name, after_group_name);
2560 samAccountName_v[0] = sam_name;
2562 if (after_security_flag)
2563 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2565 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2566 groupTypeControl_v[0] = groupTypeControlStr;
2567 mitMoiraId_v[0] = MoiraId;
2569 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2570 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2573 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2580 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2582 mail_nickname_v[0] = mail_nickname;
2583 proxy_address_v[0] = proxy_address;
2585 report_to_originator_v[0] = "TRUE";
2587 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("reportToOriginator", report_to_originator_v,
2595 mail_nickname_v[0] = NULL;
2596 proxy_address_v[0] = NULL;
2598 legacy_exchange_dn_v[0] = NULL;
2599 address_book_v[0] = NULL;
2600 report_to_originator_v[0] = NULL;
2602 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2603 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2604 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2605 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2606 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2607 ADD_ATTR("reportToOriginator", report_to_originator_v,
2613 if(atoi(maillist) && email_isvalid(contact_mail))
2615 mail_v[0] = contact_mail;
2616 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2618 if(!ActiveDirectory)
2620 null_v[0] = "/dev/null";
2621 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2628 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2631 "Unable to modify list data for %s after renaming: %s",
2632 after_group_name, ldap_err2string(rc));
2635 for (i = 0; i < n; i++)
2641 int group_create(int ac, char **av, void *ptr)
2646 char new_group_name[256];
2647 char sam_group_name[256];
2648 char cn_group_name[256];
2650 char contact_mail[256];
2651 char mail_nickname[256];
2652 char proxy_address[256];
2653 char address_book[256];
2654 char *cn_v[] = {NULL, NULL};
2655 char *objectClass_v[] = {"top", "group", NULL};
2656 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2657 "group", "mailRecipient", NULL};
2659 char *samAccountName_v[] = {NULL, NULL};
2660 char *altSecurityIdentities_v[] = {NULL, NULL};
2661 char *member_v[] = {NULL, NULL};
2662 char *name_v[] = {NULL, NULL};
2663 char *desc_v[] = {NULL, NULL};
2664 char *info_v[] = {NULL, NULL};
2665 char *mitMoiraId_v[] = {NULL, NULL};
2666 char *mitMoiraPublic_v[] = {NULL, NULL};
2667 char *mitMoiraHidden_v[] = {NULL, NULL};
2668 char *groupTypeControl_v[] = {NULL, NULL};
2669 char *mail_v[] = {NULL, NULL};
2670 char *proxy_address_v[] = {NULL, NULL};
2671 char *mail_nickname_v[] = {NULL, NULL};
2672 char *report_to_originator_v[] = {NULL, NULL};
2673 char *address_book_v[] = {NULL, NULL};
2674 char *legacy_exchange_dn_v[] = {NULL, NULL};
2675 char *gidNumber_v[] = {NULL, NULL};
2676 char *null_v[] = {NULL, NULL};
2677 char groupTypeControlStr[80];
2678 char group_membership[1];
2681 u_int groupTypeControl;
2685 int MailDisabled = 0;
2687 LK_ENTRY *group_base;
2690 char *attr_array[3];
2694 if(UseGroupUniversal)
2695 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2697 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2699 if (!check_string(av[L_NAME]))
2701 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2703 return(AD_INVALID_NAME);
2706 updateGroup = (int)call_args[4];
2707 memset(group_ou, 0, sizeof(group_ou));
2708 memset(group_membership, 0, sizeof(group_membership));
2711 get_group_membership(group_membership, group_ou, &security_flag, av);
2713 strcpy(new_group_name, av[L_NAME]);
2714 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2715 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2716 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2717 sprintf(mail_nickname, "%s", av[L_NAME]);
2720 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2722 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2726 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2727 groupTypeControl_v[0] = groupTypeControlStr;
2729 strcpy(cn_group_name, av[L_NAME]);
2731 samAccountName_v[0] = sam_group_name;
2732 name_v[0] = new_group_name;
2733 cn_v[0] = new_group_name;
2736 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2740 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2744 mitMoiraPublic_v[0] = av[L_PUBLIC];
2745 mitMoiraHidden_v[0] = av[L_HIDDEN];
2746 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2747 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2748 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2750 if(atoi(av[L_GROUP]))
2752 gidNumber_v[0] = av[L_GID];
2753 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2757 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2758 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2759 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2763 if(atoi(av[L_MAILLIST]))
2768 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2769 attr_array[0] = "cn";
2770 attr_array[1] = NULL;
2772 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2773 filter, attr_array, &group_base,
2775 LDAP_SCOPE_SUBTREE)) != 0)
2777 com_err(whoami, 0, "Unable to process group %s : %s",
2778 av[L_NAME], ldap_err2string(rc));
2784 com_err(whoami, 0, "Object already exists with name %s",
2789 linklist_free(group_base);
2794 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2796 mail_nickname_v[0] = mail_nickname;
2797 report_to_originator_v[0] = "TRUE";
2799 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2800 ADD_ATTR("reportToOriginator", report_to_originator_v,
2806 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2808 mail_v[0] = contact_mail;
2809 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2811 if(!ActiveDirectory)
2813 null_v[0] = "/dev/null";
2814 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2819 if (strlen(av[L_DESC]) != 0)
2821 desc_v[0] = av[L_DESC];
2822 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2825 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2827 if (strlen(av[L_ACE_NAME]) != 0)
2829 sprintf(info, "The Administrator of this list is: %s",
2832 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2835 if (strlen(call_args[5]) != 0)
2837 mitMoiraId_v[0] = call_args[5];
2838 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2843 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2845 for (i = 0; i < n; i++)
2848 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2850 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2851 av[L_NAME], ldap_err2string(rc));
2857 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2859 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2860 "description", av[L_NAME]);
2861 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2863 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2868 if (strlen(call_args[5]) != 0)
2870 mitMoiraId_v[0] = call_args[5];
2871 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2874 if (!(atoi(av[L_ACTIVE])))
2877 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2880 if (!ActiveDirectory)
2882 mitMoiraPublic_v[0] = av[L_PUBLIC];
2883 mitMoiraHidden_v[0] = av[L_HIDDEN];
2884 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2885 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2887 if(atoi(av[L_GROUP]))
2889 gidNumber_v[0] = av[L_GID];
2890 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2894 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2900 if(atoi(av[L_MAILLIST]))
2905 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2906 attr_array[0] = "cn";
2907 attr_array[1] = NULL;
2909 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2910 filter, attr_array, &group_base,
2912 LDAP_SCOPE_SUBTREE)) != 0)
2914 com_err(whoami, 0, "Unable to process group %s : %s",
2915 av[L_NAME], ldap_err2string(rc));
2921 com_err(whoami, 0, "Object already exists with name %s",
2926 linklist_free(group_base);
2931 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2933 mail_nickname_v[0] = mail_nickname;
2934 report_to_originator_v[0] = "TRUE";
2936 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("reportToOriginator", report_to_originator_v,
2943 mail_nickname_v[0] = NULL;
2944 proxy_address_v[0] = NULL;
2945 legacy_exchange_dn_v[0] = NULL;
2946 address_book_v[0] = NULL;
2947 report_to_originator_v[0] = NULL;
2949 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2950 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2951 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2952 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2954 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2955 ADD_ATTR("reportToOriginator", report_to_originator_v,
2961 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2963 mail_v[0] = contact_mail;
2964 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2966 if(!ActiveDirectory)
2968 null_v[0] = "/dev/null";
2969 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2975 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2977 if(!ActiveDirectory)
2980 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2990 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2992 for (i = 0; i < n; i++)
2995 if (rc != LDAP_SUCCESS)
2997 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2998 av[L_NAME], ldap_err2string(rc));
3005 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3006 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3008 return(LDAP_SUCCESS);
3011 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3012 char *TargetGroupName, int HiddenGroup,
3013 char *AceType, char *AceName)
3015 char filter_exp[1024];
3016 char *attr_array[5];
3017 char search_path[512];
3019 char TemplateDn[512];
3020 char TemplateSamName[128];
3022 char TargetSamName[128];
3023 char AceSamAccountName[128];
3025 unsigned char AceSid[128];
3026 unsigned char UserTemplateSid[128];
3027 char acBERBuf[N_SD_BER_BYTES];
3028 char GroupSecurityTemplate[256];
3029 char hide_addres_lists[256];
3030 char address_book[256];
3031 char *hide_address_lists_v[] = {NULL, NULL};
3032 char *address_book_v[] = {NULL, NULL};
3033 char *owner_v[] = {NULL, NULL};
3035 int UserTemplateSidCount;
3042 int array_count = 0;
3044 LK_ENTRY *group_base;
3045 LDAP_BERVAL **ppsValues;
3046 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3047 { N_SD_BER_BYTES, acBERBuf },
3050 LDAPControl *apsServerControls[] = {&sControl, NULL};
3053 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3054 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3055 BEREncodeSecurityBits(dwInfo, acBERBuf);
3057 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3058 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3059 attr_array[0] = "sAMAccountName";
3060 attr_array[1] = NULL;
3064 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3065 &group_base, &group_count,
3066 LDAP_SCOPE_SUBTREE) != 0))
3069 if (group_count != 1)
3071 linklist_free(group_base);
3075 strcpy(TargetDn, group_base->dn);
3076 strcpy(TargetSamName, group_base->value);
3077 linklist_free(group_base);
3081 UserTemplateSidCount = 0;
3082 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3083 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3084 memset(AceSid, '\0', sizeof(AceSid));
3089 if (strlen(AceName) != 0)
3091 if (!strcmp(AceType, "LIST"))
3093 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3094 strcpy(root_ou, group_ou_root);
3096 else if (!strcmp(AceType, "USER"))
3098 sprintf(AceSamAccountName, "%s", AceName);
3099 strcpy(root_ou, user_ou);
3102 if (ActiveDirectory)
3104 if (strlen(AceSamAccountName) != 0)
3106 sprintf(search_path, "%s", dn_path);
3107 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3108 attr_array[0] = "objectSid";
3109 attr_array[1] = NULL;
3113 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3114 attr_array, &group_base, &group_count,
3115 LDAP_SCOPE_SUBTREE) != 0))
3117 if (group_count == 1)
3119 strcpy(AceDn, group_base->dn);
3120 AceSidCount = group_base->length;
3121 memcpy(AceSid, group_base->value, AceSidCount);
3123 linklist_free(group_base);
3130 if (strlen(AceSamAccountName) != 0)
3132 sprintf(search_path, "%s", dn_path);
3133 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3134 attr_array[0] = "samAccountName";
3135 attr_array[1] = NULL;
3139 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3140 attr_array, &group_base, &group_count,
3141 LDAP_SCOPE_SUBTREE) != 0))
3143 if (group_count == 1)
3145 strcpy(AceDn, group_base->dn);
3147 linklist_free(group_base);
3154 if (!ActiveDirectory)
3156 if (strlen(AceDn) != 0)
3158 owner_v[0] = strdup(AceDn);
3160 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3164 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3166 for (i = 0; i < n; i++)
3169 if (rc != LDAP_SUCCESS)
3170 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3171 TargetGroupName, ldap_err2string(rc));
3177 if (AceSidCount == 0)
3179 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3180 "have a directory SID.", TargetGroupName, AceName, AceType);
3181 com_err(whoami, 0, " Non-admin security group template will be used.");
3185 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3186 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3187 attr_array[0] = "objectSid";
3188 attr_array[1] = NULL;
3193 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3194 attr_array, &group_base, &group_count,
3195 LDAP_SCOPE_SUBTREE) != 0))
3198 if ((rc != 0) || (group_count != 1))
3200 com_err(whoami, 0, "Unable to process user security template: %s",
3206 UserTemplateSidCount = group_base->length;
3207 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3209 linklist_free(group_base);
3216 if (AceSidCount == 0)
3218 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3219 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3223 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3224 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3229 if (AceSidCount == 0)
3231 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3232 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3236 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3237 sprintf(filter_exp, "(sAMAccountName=%s)",
3238 NOT_HIDDEN_GROUP_WITH_ADMIN);
3242 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3243 attr_array[0] = "sAMAccountName";
3244 attr_array[1] = NULL;
3248 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3249 &group_base, &group_count,
3250 LDAP_SCOPE_SUBTREE) != 0))
3253 if (group_count != 1)
3255 linklist_free(group_base);
3256 com_err(whoami, 0, "Unable to process group security template: %s - "
3257 "security not set", GroupSecurityTemplate);
3261 strcpy(TemplateDn, group_base->dn);
3262 strcpy(TemplateSamName, group_base->value);
3263 linklist_free(group_base);
3267 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3268 rc = ldap_search_ext_s(ldap_handle,
3280 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3282 com_err(whoami, 0, "Unable to find group security template: %s - "
3283 "security not set", GroupSecurityTemplate);
3287 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3289 if (ppsValues == NULL)
3291 com_err(whoami, 0, "Unable to find group security descriptor for group "
3292 "%s - security not set", GroupSecurityTemplate);
3296 if (AceSidCount != 0)
3298 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3301 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3303 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3304 UserTemplateSidCount))
3306 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3314 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3315 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3321 hide_address_lists_v[0] = "TRUE";
3322 address_book_v[0] = NULL;
3323 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3325 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3327 hide_address_lists_v[0] = NULL;
3328 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3335 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3337 for (i = 0; i < n; i++)
3340 ldap_value_free_len(ppsValues);
3341 ldap_msgfree(psMsg);
3343 if (rc != LDAP_SUCCESS)
3345 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3346 TargetGroupName, ldap_err2string(rc));
3348 if (AceSidCount != 0)
3351 "Trying to set security for group %s without admin.",
3354 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3355 HiddenGroup, "", ""))
3357 com_err(whoami, 0, "Unable to set security for group %s.",
3368 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3369 char *group_membership, char *MoiraId)
3371 LK_ENTRY *group_base;
3377 if (!check_string(group_name))
3380 "Unable to process invalid LDAP list name %s", group_name);
3381 return(AD_INVALID_NAME);
3384 memset(filter, '\0', sizeof(filter));
3387 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3389 if (rc = ad_get_group(ldap_handle, temp, group_name,
3390 group_membership, MoiraId,
3391 "samAccountName", &group_base,
3392 &group_count, filter))
3395 if (group_count == 1)
3397 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3399 linklist_free(group_base);
3400 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3401 group_name, ldap_err2string(rc));
3404 linklist_free(group_base);
3408 linklist_free(group_base);
3409 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3410 return(AD_NO_GROUPS_FOUND);
3416 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3422 return(N_SD_BER_BYTES);
3425 int process_lists(int ac, char **av, void *ptr)
3430 char group_membership[2];
3436 memset(group_ou, '\0', sizeof(group_ou));
3437 memset(group_membership, '\0', sizeof(group_membership));
3438 get_group_membership(group_membership, group_ou, &security_flag, av);
3439 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3440 av[L_NAME], group_ou, group_membership,
3446 int member_list_build(int ac, char **av, void *ptr)
3454 strcpy(temp, av[ACE_NAME]);
3457 if (!check_string(temp))
3460 if (!strcmp(av[ACE_TYPE], "USER"))
3462 if (!((int)call_args[3] & MOIRA_USERS))
3465 else if (!strcmp(av[ACE_TYPE], "STRING"))
3469 if((s = strchr(temp, '@')) == (char *) NULL)
3471 strcat(temp, "@mit.edu");
3474 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3476 s = strrchr(temp, '.');
3478 strcat(s, ".mit.edu");
3482 if (!((int)call_args[3] & MOIRA_STRINGS))
3485 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3488 else if (!strcmp(av[ACE_TYPE], "LIST"))
3490 if (!((int)call_args[3] & MOIRA_LISTS))
3493 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3495 if (!((int)call_args[3] & MOIRA_KERBEROS))
3498 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3503 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3505 if (!((int)call_args[3] & MOIRA_MACHINE))
3511 linklist = member_base;
3515 if (!strcasecmp(temp, linklist->member) &&
3516 !strcasecmp(av[ACE_TYPE], linklist->type))
3519 linklist = linklist->next;
3522 linklist = calloc(1, sizeof(LK_ENTRY));
3524 linklist->dn = NULL;
3525 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3526 strcpy(linklist->list, call_args[2]);
3527 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3528 strcpy(linklist->type, av[ACE_TYPE]);
3529 linklist->member = calloc(1, strlen(temp) + 1);
3530 strcpy(linklist->member, temp);
3531 linklist->next = member_base;
3532 member_base = linklist;
3537 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3538 char *group_ou, char *group_membership, char *user_name,
3539 char *UserOu, char *MoiraId)
3541 char distinguished_name[1024];
3545 char *attr_array[3];
3550 LK_ENTRY *group_base;
3554 if (!check_string(group_name))
3555 return(AD_INVALID_NAME);
3557 memset(filter, '\0', sizeof(filter));
3561 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3562 group_membership, MoiraId,
3563 "samAccountName", &group_base,
3564 &group_count, filter))
3567 if (group_count != 1)
3569 com_err(whoami, 0, "Unable to find list %s in directory",
3571 linklist_free(group_base);
3577 strcpy(distinguished_name, group_base->dn);
3578 linklist_free(group_base);
3584 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3588 if(!strcmp(UserOu, user_ou))
3589 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3591 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3594 modvalues[0] = temp;
3595 modvalues[1] = NULL;
3598 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3600 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3602 for (i = 0; i < n; i++)
3605 if (rc == LDAP_UNWILLING_TO_PERFORM)
3608 if (rc != LDAP_SUCCESS)
3610 com_err(whoami, 0, "Unable to modify list %s members : %s",
3611 group_name, ldap_err2string(rc));
3615 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3619 if(!strcmp(UserOu, contact_ou) &&
3620 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3622 memset(temp, '\0', sizeof(temp));
3623 strcpy(temp, user_name);
3624 s = strchr(temp, '@');
3627 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3629 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3630 &group_base, &group_count,
3631 LDAP_SCOPE_SUBTREE) != 0))
3637 linklist_free(group_base);
3642 sprintf(filter, "(distinguishedName=%s)", temp);
3643 attr_array[0] = "memberOf";
3644 attr_array[1] = NULL;
3646 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3647 &group_base, &group_count,
3648 LDAP_SCOPE_SUBTREE) != 0))
3654 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3656 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3666 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3667 char *group_ou, char *group_membership, char *user_name,
3668 char *UserOu, char *MoiraId)
3670 char distinguished_name[1024];
3678 LK_ENTRY *group_base;
3681 if (!check_string(group_name))
3682 return(AD_INVALID_NAME);
3685 memset(filter, '\0', sizeof(filter));
3689 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3690 group_membership, MoiraId,
3691 "samAccountName", &group_base,
3692 &group_count, filter))
3695 if (group_count != 1)
3697 linklist_free(group_base);
3700 com_err(whoami, 0, "Unable to find list %s %d in directory",
3701 group_name, group_count);
3702 return(AD_MULTIPLE_GROUPS_FOUND);
3705 strcpy(distinguished_name, group_base->dn);
3706 linklist_free(group_base);
3712 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3716 if(!strcmp(UserOu, user_ou))
3717 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3719 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3722 modvalues[0] = temp;
3723 modvalues[1] = NULL;
3726 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3728 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3730 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3733 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3735 if (rc == LDAP_UNWILLING_TO_PERFORM)
3739 for (i = 0; i < n; i++)
3742 if (rc != LDAP_SUCCESS)
3744 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3745 user_name, group_name, ldap_err2string(rc));
3751 int contact_remove_email(LDAP *ld, char *bind_path,
3752 LK_ENTRY **linklist_base, int linklist_current)
3756 char *mail_v[] = {NULL, NULL};
3764 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3765 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3766 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3767 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3770 gPtr = (*linklist_base);
3773 rc = ldap_modify_s(ld, gPtr->dn, mods);
3775 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3777 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3778 gPtr->dn, ldap_err2string(rc));
3785 for (i = 0; i < n; i++)
3791 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3794 LK_ENTRY *group_base;
3797 char cn_user_name[256];
3798 char contact_name[256];
3799 char mail_nickname[256];
3800 char proxy_address_internal[256];
3801 char proxy_address_external[256];
3802 char target_address[256];
3803 char internal_contact_name[256];
3806 char principal[256];
3807 char mit_address_book[256];
3808 char default_address_book[256];
3809 char contact_address_book[256];
3811 char *email_v[] = {NULL, NULL};
3812 char *cn_v[] = {NULL, NULL};
3813 char *contact_v[] = {NULL, NULL};
3814 char *uid_v[] = {NULL, NULL};
3815 char *mail_nickname_v[] = {NULL, NULL};
3816 char *proxy_address_internal_v[] = {NULL, NULL};
3817 char *proxy_address_external_v[] = {NULL, NULL};
3818 char *target_address_v[] = {NULL, NULL};
3819 char *mit_address_book_v[] = {NULL, NULL};
3820 char *default_address_book_v[] = {NULL, NULL};
3821 char *contact_address_book_v[] = {NULL, NULL};
3822 char *hide_address_lists_v[] = {NULL, NULL};
3823 char *attr_array[3];
3824 char *objectClass_v[] = {"top", "person",
3825 "organizationalPerson",
3827 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3828 "inetOrgPerson", "organizationalPerson",
3829 "contact", "mailRecipient", "eduPerson",
3831 char *name_v[] = {NULL, NULL};
3832 char *desc_v[] = {NULL, NULL};
3839 char *mail_routing_v[] = {NULL, NULL};
3840 char *principal_v[] = {NULL, NULL};
3842 if (!check_string(user))
3844 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3845 return(AD_INVALID_NAME);
3849 strcpy(contact_name, mail);
3850 strcpy(internal_contact_name, mail);
3852 if((s = strchr(internal_contact_name, '@')) != NULL) {
3856 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3859 sprintf(target_address, "SMTP:%s", contact_name);
3860 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3861 sprintf(mail_nickname, "%s", internal_contact_name);
3863 cn_v[0] = cn_user_name;
3864 contact_v[0] = contact_name;
3867 desc_v[0] = "Auto account created by Moira";
3869 proxy_address_internal_v[0] = proxy_address_internal;
3870 proxy_address_external_v[0] = proxy_address_external;
3871 mail_nickname_v[0] = mail_nickname;
3872 target_address_v[0] = target_address;
3873 mit_address_book_v[0] = mit_address_book;
3874 default_address_book_v[0] = default_address_book;
3875 contact_address_book_v[0] = contact_address_book;
3876 strcpy(new_dn, cn_user_name);
3879 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3881 if(!ActiveDirectory)
3883 if(!strcmp(group_ou, contact_ou))
3884 sprintf(uid, "%s%s", contact_name, "_strings");
3886 if(!strcmp(group_ou, kerberos_ou))
3887 sprintf(uid, "%s%s", contact_name, "_kerberos");
3891 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3892 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3897 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3901 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3904 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3905 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3906 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3910 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3915 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3916 attr_array[0] = "cn";
3917 attr_array[1] = NULL;
3919 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3920 &group_base, &group_count,
3921 LDAP_SCOPE_SUBTREE)) != 0)
3923 com_err(whoami, 0, "Unable to process contact %s : %s",
3924 user, ldap_err2string(rc));
3930 com_err(whoami, 0, "Object already exists with name %s",
3935 linklist_free(group_base);
3939 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3940 attr_array[0] = "cn";
3941 attr_array[1] = NULL;
3943 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3944 &group_base, &group_count,
3945 LDAP_SCOPE_SUBTREE)) != 0)
3947 com_err(whoami, 0, "Unable to process contact %s : %s",
3948 user, ldap_err2string(rc));
3954 com_err(whoami, 0, "Object already exists with name %s",
3959 linklist_free(group_base);
3963 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3964 attr_array[0] = "cn";
3965 attr_array[1] = NULL;
3967 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3968 &group_base, &group_count,
3969 LDAP_SCOPE_SUBTREE)) != 0)
3971 com_err(whoami, 0, "Unable to process contact %s : %s",
3972 user, ldap_err2string(rc));
3978 com_err(whoami, 0, "Object already exists with name %s",
3983 linklist_free(group_base);
3987 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3988 attr_array[0] = "cn";
3989 attr_array[1] = NULL;
3991 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3992 &group_base, &group_count,
3993 LDAP_SCOPE_SUBTREE)) != 0)
3995 com_err(whoami, 0, "Unable to process contact %s : %s",
3996 user, ldap_err2string(rc));
4002 com_err(whoami, 0, "Object already exists with name %s",
4007 linklist_free(group_base);
4011 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4012 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4013 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4014 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4016 hide_address_lists_v[0] = "TRUE";
4017 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4022 if(!ActiveDirectory)
4024 if((c = strchr(mail, '@')) == NULL)
4025 sprintf(temp, "%s@mit.edu", mail);
4027 sprintf(temp, "%s", mail);
4029 mail_routing_v[0] = temp;
4031 principal_v[0] = principal;
4033 if(!strcmp(group_ou, contact_ou))
4035 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4036 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4042 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4044 for (i = 0; i < n; i++)
4049 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4050 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4054 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4055 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4056 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4058 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4060 hide_address_lists_v[0] = "TRUE";
4061 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4065 rc = ldap_modify_s(ld, new_dn, mods);
4069 com_err(whoami, 0, "Unable to update contact %s", mail);
4072 for (i = 0; i < n; i++)
4077 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4079 com_err(whoami, 0, "Unable to create contact %s : %s",
4080 user, ldap_err2string(rc));
4087 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4088 char *Uid, char *MitId, char *MoiraId, int State,
4089 char *WinHomeDir, char *WinProfileDir, char *first,
4090 char *middle, char *last, char *shell, char *class)
4093 LK_ENTRY *group_base;
4095 char distinguished_name[512];
4096 char displayName[256];
4097 char *mitMoiraId_v[] = {NULL, NULL};
4098 char *mitMoiraClass_v[] = {NULL, NULL};
4099 char *mitMoiraStatus_v[] = {NULL, NULL};
4100 char *uid_v[] = {NULL, NULL};
4101 char *mitid_v[] = {NULL, NULL};
4102 char *homedir_v[] = {NULL, NULL};
4103 char *winProfile_v[] = {NULL, NULL};
4104 char *drives_v[] = {NULL, NULL};
4105 char *userAccountControl_v[] = {NULL, NULL};
4106 char *alt_recipient_v[] = {NULL, NULL};
4107 char *hide_address_lists_v[] = {NULL, NULL};
4108 char *mail_v[] = {NULL, NULL};
4109 char *gid_v[] = {NULL, NULL};
4110 char *loginshell_v[] = {NULL, NULL};
4111 char *principal_v[] = {NULL, NULL};
4112 char userAccountControlStr[80];
4117 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4118 UF_PASSWD_CANT_CHANGE;
4120 char *attr_array[3];
4123 char contact_mail[256];
4124 char filter_exp[1024];
4125 char search_path[512];
4126 char TemplateDn[512];
4127 char TemplateSamName[128];
4128 char alt_recipient[256];
4129 char principal[256];
4131 char acBERBuf[N_SD_BER_BYTES];
4132 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4133 { N_SD_BER_BYTES, acBERBuf },
4135 LDAPControl *apsServerControls[] = {&sControl, NULL};
4137 LDAP_BERVAL **ppsValues;
4141 char *homeServerName;
4143 char search_string[256];
4145 char *mail_routing_v[] = {NULL, NULL};
4148 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4149 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4150 BEREncodeSecurityBits(dwInfo, acBERBuf);
4152 if (!check_string(user_name))
4154 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4156 return(AD_INVALID_NAME);
4159 memset(contact_mail, '\0', sizeof(contact_mail));
4160 sprintf(contact_mail, "%s@mit.edu", user_name);
4161 memset(mail, '\0', sizeof(mail));
4162 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4163 memset(alt_recipient, '\0', sizeof(alt_recipient));
4164 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4166 sprintf(search_string, "@%s", uppercase(ldap_domain));
4170 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4172 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4179 memset(displayName, '\0', sizeof(displayName));
4181 if (strlen(MoiraId) != 0)
4185 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4190 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4193 attr_array[0] = "cn";
4194 attr_array[1] = NULL;
4195 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4196 &group_base, &group_count,
4197 LDAP_SCOPE_SUBTREE)) != 0)
4199 com_err(whoami, 0, "Unable to process user %s : %s",
4200 user_name, ldap_err2string(rc));
4205 if (group_count != 1)
4207 linklist_free(group_base);
4210 sprintf(filter, "(sAMAccountName=%s)", user_name);
4211 attr_array[0] = "cn";
4212 attr_array[1] = NULL;
4213 sprintf(temp, "%s,%s", user_ou, dn_path);
4214 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4215 &group_base, &group_count,
4216 LDAP_SCOPE_SUBTREE)) != 0)
4218 com_err(whoami, 0, "Unable to process user %s : %s",
4219 user_name, ldap_err2string(rc));
4224 if (group_count != 1)
4226 com_err(whoami, 0, "Unable to find user %s in directory",
4228 linklist_free(group_base);
4229 return(AD_NO_USER_FOUND);
4232 strcpy(distinguished_name, group_base->dn);
4234 linklist_free(group_base);
4237 if(!ActiveDirectory)
4239 if (rc = moira_connect())
4241 critical_alert("Ldap incremental",
4242 "Error contacting Moira server : %s",
4247 argv[0] = user_name;
4249 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4252 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4254 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4256 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4261 "Unable to set the mailRoutingAddress for %s : %s",
4262 user_name, ldap_err2string(rc));
4264 p = strdup(save_argv[3]);
4266 if((c = strchr(p, ',')) != NULL)
4271 if ((c = strchr(q, '@')) == NULL)
4272 sprintf(temp, "%s@mit.edu", q);
4274 sprintf(temp, "%s", q);
4276 if(email_isvalid(temp) && State != US_DELETED)
4278 mail_routing_v[0] = temp;
4281 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4283 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4285 if (rc == LDAP_ALREADY_EXISTS ||
4286 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4291 "Unable to set the mailRoutingAddress for %s : %s",
4292 user_name, ldap_err2string(rc));
4295 while((q = strtok(NULL, ",")) != NULL) {
4298 if((c = strchr(q, '@')) == NULL)
4299 sprintf(temp, "%s@mit.edu", q);
4301 sprintf(temp, "%s", q);
4303 if(email_isvalid(temp) && State != US_DELETED)
4305 mail_routing_v[0] = temp;
4308 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4311 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4313 if (rc == LDAP_ALREADY_EXISTS ||
4314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4319 "Unable to set the mailRoutingAddress for "
4321 user_name, ldap_err2string(rc));
4327 if((c = strchr(p, '@')) == NULL)
4328 sprintf(temp, "%s@mit.edu", p);
4330 sprintf(temp, "%s", p);
4332 if(email_isvalid(temp) && State != US_DELETED)
4334 mail_routing_v[0] = temp;
4337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4339 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4341 if (rc == LDAP_ALREADY_EXISTS ||
4342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4347 "Unable to set the mailRoutingAddress for %s : %s",
4348 user_name, ldap_err2string(rc));
4355 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4356 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4357 "employeeID", user_name);
4359 rc = attribute_update(ldap_handle, distinguished_name, "none",
4360 "employeeID", user_name);
4363 strcat(displayName, first);
4366 if(strlen(middle)) {
4368 strcat(displayName, " ");
4370 strcat(displayName, middle);
4374 if(strlen(middle) || strlen(first))
4375 strcat(displayName, " ");
4377 strcat(displayName, last);
4380 if(strlen(displayName))
4381 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4382 "displayName", user_name);
4384 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4385 "displayName", user_name);
4387 if(!ActiveDirectory)
4389 if(strlen(displayName))
4390 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4393 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4397 if(!ActiveDirectory)
4399 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4400 "eduPersonNickname", user_name);
4404 rc = attribute_update(ldap_handle, distinguished_name, first,
4405 "givenName", user_name);
4407 rc = attribute_update(ldap_handle, distinguished_name, "",
4408 "givenName", user_name);
4410 if(strlen(middle) == 1)
4411 rc = attribute_update(ldap_handle, distinguished_name, middle,
4412 "initials", user_name);
4414 rc = attribute_update(ldap_handle, distinguished_name, "",
4415 "initials", user_name);
4418 rc = attribute_update(ldap_handle, distinguished_name, last,
4421 rc = attribute_update(ldap_handle, distinguished_name, "",
4426 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4431 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4435 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4436 "mitMoiraId", user_name);
4445 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4454 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4455 sprintf(status, "%d", State);
4456 principal_v[0] = principal;
4457 loginshell_v[0] = shell;
4458 mitMoiraClass_v[0] = class;
4459 mitMoiraStatus_v[0] = status;
4461 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4462 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4463 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4464 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4465 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4466 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4469 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4471 userAccountControl |= UF_ACCOUNTDISABLE;
4475 hide_address_lists_v[0] = "TRUE";
4476 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4484 hide_address_lists_v[0] = NULL;
4485 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4490 sprintf(userAccountControlStr, "%ld", userAccountControl);
4491 userAccountControl_v[0] = userAccountControlStr;
4492 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4496 if (rc = moira_connect())
4498 critical_alert("Ldap incremental",
4499 "Error contacting Moira server : %s",
4504 argv[0] = user_name;
4506 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4508 if(!strcmp(save_argv[1], "EXCHANGE") ||
4509 (strstr(save_argv[3], search_string) != NULL))
4511 alt_recipient_v[0] = NULL;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_EXISTS))
4522 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4523 user_name, exchange_acl, error_message(rc));
4528 alt_recipient_v[0] = alt_recipient;
4529 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4531 argv[0] = exchange_acl;
4533 argv[2] = user_name;
4535 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4537 if ((rc) && (rc != MR_NO_MATCH))
4540 "Unable to remove user %s from %s: %s, %d",
4541 user_name, exchange_acl, error_message(rc), rc);
4547 alt_recipient_v[0] = alt_recipient;
4548 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4550 argv[0] = exchange_acl;
4552 argv[2] = user_name;
4554 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4556 if ((rc) && (rc != MR_NO_MATCH))
4559 "Unable to remove user %s from %s: %s, %d",
4560 user_name, exchange_acl, error_message(rc), rc);
4568 mail_v[0] = contact_mail;
4569 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4572 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4573 WinProfileDir, homedir_v, winProfile_v,
4574 drives_v, mods, LDAP_MOD_REPLACE, n);
4578 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4579 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4580 attr_array[0] = "sAMAccountName";
4581 attr_array[1] = NULL;
4585 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4587 &group_base, &group_count,
4588 LDAP_SCOPE_SUBTREE) != 0))
4591 if (group_count != 1)
4593 com_err(whoami, 0, "Unable to process user security template: %s - "
4594 "security not set", "UserTemplate.u");
4598 strcpy(TemplateDn, group_base->dn);
4599 strcpy(TemplateSamName, group_base->value);
4600 linklist_free(group_base);
4604 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4605 filter_exp, NULL, 0, apsServerControls, NULL,
4608 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4610 com_err(whoami, 0, "Unable to find user security template: %s - "
4611 "security not set", "UserTemplate.u");
4615 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4616 "ntSecurityDescriptor");
4618 if (ppsValues == NULL)
4620 com_err(whoami, 0, "Unable to find user security template: %s - "
4621 "security not set", "UserTemplate.u");
4625 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4626 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4631 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4632 mods)) != LDAP_SUCCESS)
4634 OldUseSFU30 = UseSFU30;
4635 SwitchSFU(mods, &UseSFU30, n);
4636 if (OldUseSFU30 != UseSFU30)
4637 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4640 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4641 user_name, ldap_err2string(rc));
4645 for (i = 0; i < n; i++)
4651 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4659 char contact_mail[256];
4660 char proxy_address[256];
4661 char query_base_dn[256];
4663 char *userPrincipalName_v[] = {NULL, NULL};
4664 char *altSecurityIdentities_v[] = {NULL, NULL};
4665 char *name_v[] = {NULL, NULL};
4666 char *samAccountName_v[] = {NULL, NULL};
4667 char *mail_v[] = {NULL, NULL};
4668 char *mail_nickname_v[] = {NULL, NULL};
4669 char *proxy_address_v[] = {NULL, NULL};
4670 char *query_base_dn_v[] = {NULL, NULL};
4671 char *principal_v[] = {NULL, NULL};
4672 char principal[256];
4677 if (!check_string(before_user_name))
4680 "Unable to process invalid LDAP user name %s", before_user_name);
4681 return(AD_INVALID_NAME);
4684 if (!check_string(user_name))
4687 "Unable to process invalid LDAP user name %s", user_name);
4688 return(AD_INVALID_NAME);
4691 strcpy(user_name, user_name);
4694 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4696 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4699 sprintf(new_dn, "cn=%s", user_name);
4701 sprintf(new_dn, "uid=%s", user_name);
4703 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4704 sprintf(contact_mail, "%s@mit.edu", user_name);
4705 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4706 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4708 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4709 NULL, NULL)) != LDAP_SUCCESS)
4711 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4712 before_user_name, user_name, ldap_err2string(rc));
4718 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4721 if(rc = ldap_delete_s(ldap_handle, temp))
4723 com_err(whoami, 0, "Unable to delete user contact for %s",
4727 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4729 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4733 name_v[0] = user_name;
4734 sprintf(upn, "%s@%s", user_name, ldap_domain);
4735 userPrincipalName_v[0] = upn;
4736 principal_v[0] = principal;
4737 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4738 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4739 altSecurityIdentities_v[0] = temp;
4740 samAccountName_v[0] = user_name;
4742 mail_nickname_v[0] = user_name;
4743 proxy_address_v[0] = proxy_address;
4744 query_base_dn_v[0] = query_base_dn;
4747 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4749 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4750 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4752 if(!ActiveDirectory)
4754 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4755 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4756 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4757 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4762 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4763 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4764 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4765 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4769 mail_v[0] = contact_mail;
4770 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4776 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4778 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4780 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4783 "Unable to modify user data for %s after renaming : %s",
4784 user_name, ldap_err2string(rc));
4787 for (i = 0; i < n; i++)
4793 int user_create(int ac, char **av, void *ptr)
4797 char user_name[256];
4801 char contact_mail[256];
4802 char proxy_address[256];
4803 char mail_nickname[256];
4804 char query_base_dn[256];
4805 char displayName[256];
4806 char address_book[256];
4807 char alt_recipient[256];
4808 char *cn_v[] = {NULL, NULL};
4809 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4811 char *objectClass_ldap_v[] = {"top",
4812 "eduPerson", "posixAccount",
4813 "apple-user", "shadowAccount",
4814 "microsoftComTop", "securityPrincipal",
4815 "inetOrgPerson", "user",
4816 "organizationalPerson", "person",
4817 "mailRecipient", NULL};
4819 char *samAccountName_v[] = {NULL, NULL};
4820 char *altSecurityIdentities_v[] = {NULL, NULL};
4821 char *mitMoiraId_v[] = {NULL, NULL};
4822 char *mitMoiraClass_v[] = {NULL, NULL};
4823 char *mitMoiraStatus_v[] = {NULL, NULL};
4824 char *name_v[] = {NULL, NULL};
4825 char *desc_v[] = {NULL, NULL};
4826 char *userPrincipalName_v[] = {NULL, NULL};
4827 char *userAccountControl_v[] = {NULL, NULL};
4828 char *uid_v[] = {NULL, NULL};
4829 char *gid_v[] = {NULL, NULL};
4830 char *mitid_v[] = {NULL, NULL};
4831 char *homedir_v[] = {NULL, NULL};
4832 char *winProfile_v[] = {NULL, NULL};
4833 char *drives_v[] = {NULL, NULL};
4834 char *mail_v[] = {NULL, NULL};
4835 char *givenName_v[] = {NULL, NULL};
4836 char *sn_v[] = {NULL, NULL};
4837 char *initials_v[] = {NULL, NULL};
4838 char *displayName_v[] = {NULL, NULL};
4839 char *proxy_address_v[] = {NULL, NULL};
4840 char *mail_nickname_v[] = {NULL, NULL};
4841 char *query_base_dn_v[] = {NULL, NULL};
4842 char *address_book_v[] = {NULL, NULL};
4843 char *homeMDB_v[] = {NULL, NULL};
4844 char *homeServerName_v[] = {NULL, NULL};
4845 char *mdbUseDefaults_v[] = {NULL, NULL};
4846 char *mailbox_guid_v[] = {NULL, NULL};
4847 char *user_culture_v[] = {NULL, NULL};
4848 char *user_account_control_v[] = {NULL, NULL};
4849 char *msexch_version_v[] = {NULL, NULL};
4850 char *alt_recipient_v[] = {NULL, NULL};
4851 char *hide_address_lists_v[] = {NULL, NULL};
4852 char *principal_v[] = {NULL, NULL};
4853 char *loginshell_v[] = {NULL, NULL};
4854 char userAccountControlStr[80];
4856 char principal[256];
4857 char filter_exp[1024];
4858 char search_path[512];
4859 char *attr_array[3];
4860 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4861 UF_PASSWD_CANT_CHANGE;
4867 char WinHomeDir[1024];
4868 char WinProfileDir[1024];
4870 char *homeServerName;
4872 char acBERBuf[N_SD_BER_BYTES];
4873 LK_ENTRY *group_base;
4875 char TemplateDn[512];
4876 char TemplateSamName[128];
4877 LDAP_BERVAL **ppsValues;
4878 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4879 { N_SD_BER_BYTES, acBERBuf },
4881 LDAPControl *apsServerControls[] = {&sControl, NULL};
4885 char search_string[256];
4886 char *o_v[] = {NULL, NULL};
4888 char *mail_routing_v[] = {NULL, NULL};
4893 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4894 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4895 BEREncodeSecurityBits(dwInfo, acBERBuf);
4897 if (!check_string(av[U_NAME]))
4899 callback_rc = AD_INVALID_NAME;
4900 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4902 return(AD_INVALID_NAME);
4905 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4906 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4907 memset(displayName, '\0', sizeof(displayName));
4908 memset(query_base_dn, '\0', sizeof(query_base_dn));
4909 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4910 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4911 strcpy(user_name, av[U_NAME]);
4912 sprintf(upn, "%s@%s", user_name, ldap_domain);
4913 sprintf(sam_name, "%s", av[U_NAME]);
4915 if(strlen(av[U_FIRST])) {
4916 strcat(displayName, av[U_FIRST]);
4919 if(strlen(av[U_MIDDLE])) {
4920 if(strlen(av[U_FIRST]))
4921 strcat(displayName, " ");
4923 strcat(displayName, av[U_MIDDLE]);
4926 if(strlen(av[U_LAST])) {
4927 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4928 strcat(displayName, " ");
4930 strcat(displayName, av[U_LAST]);
4933 samAccountName_v[0] = sam_name;
4934 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4935 (atoi(av[U_STATE]) != US_REGISTERED))
4937 userAccountControl |= UF_ACCOUNTDISABLE;
4941 hide_address_lists_v[0] = "TRUE";
4942 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4947 sprintf(userAccountControlStr, "%ld", userAccountControl);
4948 userAccountControl_v[0] = userAccountControlStr;
4949 userPrincipalName_v[0] = upn;
4952 cn_v[0] = user_name;
4954 cn_v[0] = displayName;
4956 name_v[0] = user_name;
4957 desc_v[0] = "Auto account created by Moira";
4959 givenName_v[0] = av[U_FIRST];
4962 sn_v[0] = av[U_LAST];
4964 if(strlen(av[U_LAST]))
4965 sn_v[0] = av[U_LAST];
4967 sn_v[0] = av[U_NAME];
4969 displayName_v[0] = displayName;
4970 mail_nickname_v[0] = user_name;
4971 o_v[0] = "Massachusetts Institute of Technology";
4973 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4974 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4975 altSecurityIdentities_v[0] = temp;
4976 principal_v[0] = principal;
4979 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4981 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4983 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4984 sprintf(contact_mail, "%s@mit.edu", user_name);
4985 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4986 query_base_dn_v[0] = query_base_dn;
4987 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4989 sprintf(search_string, "@%s", uppercase(ldap_domain));
4993 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4996 com_err(whoami, 0, "Unable to create user contact %s",
5000 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5003 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5007 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5008 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5010 homeMDB_v[0] = homeMDB;
5011 homeServerName_v[0] = homeServerName;
5016 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5020 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5024 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5027 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5028 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5029 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5030 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5031 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5035 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5036 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5037 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5038 mdbUseDefaults_v[0] = "TRUE";
5039 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5040 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5042 argv[0] = user_name;
5044 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5046 if(!strcmp(save_argv[1], "EXCHANGE") ||
5047 (strstr(save_argv[3], search_string) != NULL))
5049 argv[0] = exchange_acl;
5051 argv[2] = user_name;
5053 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5055 if ((rc) && (rc != MR_EXISTS))
5057 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5058 user_name, exchange_acl, error_message(rc));
5063 alt_recipient_v[0] = alt_recipient;
5064 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5069 alt_recipient_v[0] = alt_recipient;
5070 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5072 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5077 mail_v[0] = contact_mail;
5078 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5081 if(strlen(av[U_FIRST])) {
5082 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5085 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5086 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5089 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5090 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5092 if(!ActiveDirectory)
5094 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5097 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5099 if(!ActiveDirectory)
5101 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5105 if (strlen(av[U_MIDDLE]) == 1) {
5106 initials_v[0] = av[U_MIDDLE];
5107 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5110 if (strlen(call_args[2]) != 0)
5112 mitMoiraId_v[0] = call_args[2];
5113 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5116 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5118 if(!ActiveDirectory)
5120 loginshell_v[0] = av[U_SHELL];
5121 mitMoiraClass_v[0] = av[U_CLASS];
5122 mitMoiraStatus_v[0] = av[U_STATE];
5123 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5124 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5125 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5126 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5127 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5128 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5131 if (strlen(av[U_UID]) != 0)
5133 uid_v[0] = av[U_UID];
5137 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5142 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5143 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5150 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5154 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5159 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5160 mitid_v[0] = av[U_MITID];
5162 mitid_v[0] = "none";
5164 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5166 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5167 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5168 drives_v, mods, LDAP_MOD_ADD, n);
5172 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5173 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5174 attr_array[0] = "sAMAccountName";
5175 attr_array[1] = NULL;
5179 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5180 attr_array, &group_base, &group_count,
5181 LDAP_SCOPE_SUBTREE) != 0))
5184 if (group_count != 1)
5186 com_err(whoami, 0, "Unable to process user security template: %s - "
5187 "security not set", "UserTemplate.u");
5191 strcpy(TemplateDn, group_base->dn);
5192 strcpy(TemplateSamName, group_base->value);
5193 linklist_free(group_base);
5197 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5198 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5199 apsServerControls, NULL,
5202 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5204 com_err(whoami, 0, "Unable to find user security template: %s - "
5205 "security not set", "UserTemplate.u");
5209 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5210 "ntSecurityDescriptor");
5211 if (ppsValues == NULL)
5213 com_err(whoami, 0, "Unable to find user security template: %s - "
5214 "security not set", "UserTemplate.u");
5218 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5219 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5224 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5226 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5228 OldUseSFU30 = UseSFU30;
5229 SwitchSFU(mods, &UseSFU30, n);
5230 if (OldUseSFU30 != UseSFU30)
5231 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5234 for (i = 0; i < n; i++)
5237 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5239 com_err(whoami, 0, "Unable to create user %s : %s",
5240 user_name, ldap_err2string(rc));
5245 if ((rc == LDAP_SUCCESS) && (SetPassword))
5247 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5249 ad_kdc_disconnect();
5250 if (!ad_server_connect(default_server, ldap_domain))
5252 com_err(whoami, 0, "Unable to set password for user %s : %s",
5254 "cannot get changepw ticket from windows domain");
5258 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5260 com_err(whoami, 0, "Unable to set password for user %s "
5261 ": %ld", user_name, rc);
5267 if(!ActiveDirectory)
5269 if (rc = moira_connect())
5271 critical_alert("Ldap incremental",
5272 "Error contacting Moira server : %s",
5277 argv[0] = user_name;
5279 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5282 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5284 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5286 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5291 "Unable to set the mailRoutingAddress for %s : %s",
5292 user_name, ldap_err2string(rc));
5294 p = strdup(save_argv[3]);
5296 if((c = strchr(p, ',')) != NULL) {
5300 if ((c = strchr(q, '@')) == NULL)
5301 sprintf(temp, "%s@mit.edu", q);
5303 sprintf(temp, "%s", q);
5305 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5307 mail_routing_v[0] = temp;
5310 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5312 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5314 if (rc == LDAP_ALREADY_EXISTS ||
5315 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5320 "Unable to set the mailRoutingAddress for %s : %s",
5321 user_name, ldap_err2string(rc));
5324 while((q = strtok(NULL, ",")) != NULL) {
5327 if((c = strchr(q, '@')) == NULL)
5328 sprintf(temp, "%s@mit.edu", q);
5330 sprintf(temp, "%s", q);
5332 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5334 mail_routing_v[0] = temp;
5337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5339 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5341 if (rc == LDAP_ALREADY_EXISTS ||
5342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5347 "Unable to set the mailRoutingAddress for %s : %s",
5348 user_name, ldap_err2string(rc));
5354 if((c = strchr(p, '@')) == NULL)
5355 sprintf(temp, "%s@mit.edu", p);
5357 sprintf(temp, "%s", p);
5359 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5361 mail_routing_v[0] = temp;
5364 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5366 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5368 if (rc == LDAP_ALREADY_EXISTS ||
5369 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5374 "Unable to set the mailRoutingAddress for %s : %s",
5375 user_name, ldap_err2string(rc));
5385 int user_change_status(LDAP *ldap_handle, char *dn_path,
5386 char *user_name, char *MoiraId,
5390 char *attr_array[3];
5392 char distinguished_name[1024];
5394 char *mitMoiraId_v[] = {NULL, NULL};
5396 LK_ENTRY *group_base;
5403 if (!check_string(user_name))
5405 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5407 return(AD_INVALID_NAME);
5413 if (strlen(MoiraId) != 0)
5415 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5416 attr_array[0] = "UserAccountControl";
5417 attr_array[1] = NULL;
5418 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5419 &group_base, &group_count,
5420 LDAP_SCOPE_SUBTREE)) != 0)
5422 com_err(whoami, 0, "Unable to process user %s : %s",
5423 user_name, ldap_err2string(rc));
5428 if (group_count != 1)
5430 linklist_free(group_base);
5433 sprintf(filter, "(sAMAccountName=%s)", user_name);
5434 attr_array[0] = "UserAccountControl";
5435 attr_array[1] = NULL;
5436 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5437 &group_base, &group_count,
5438 LDAP_SCOPE_SUBTREE)) != 0)
5440 com_err(whoami, 0, "Unable to process user %s : %s",
5441 user_name, ldap_err2string(rc));
5446 if (group_count != 1)
5448 linklist_free(group_base);
5449 com_err(whoami, 0, "Unable to find user %s in directory",
5451 return(LDAP_NO_SUCH_OBJECT);
5454 strcpy(distinguished_name, group_base->dn);
5455 ulongValue = atoi((*group_base).value);
5457 if (operation == MEMBER_DEACTIVATE)
5458 ulongValue |= UF_ACCOUNTDISABLE;
5460 ulongValue &= ~UF_ACCOUNTDISABLE;
5462 sprintf(temp, "%ld", ulongValue);
5464 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5465 temp, &modvalues, REPLACE)) == 1)
5468 linklist_free(group_base);
5472 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5474 if (strlen(MoiraId) != 0)
5476 mitMoiraId_v[0] = MoiraId;
5477 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5481 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5483 for (i = 0; i < n; i++)
5486 free_values(modvalues);
5488 if (rc != LDAP_SUCCESS)
5490 com_err(whoami, 0, "Unable to change status of user %s : %s",
5491 user_name, ldap_err2string(rc));
5498 int user_delete(LDAP *ldap_handle, char *dn_path,
5499 char *u_name, char *MoiraId)
5502 char *attr_array[3];
5503 char distinguished_name[1024];
5504 char user_name[512];
5505 LK_ENTRY *group_base;
5510 if (!check_string(u_name))
5511 return(AD_INVALID_NAME);
5513 strcpy(user_name, u_name);
5517 if (strlen(MoiraId) != 0)
5519 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5520 attr_array[0] = "name";
5521 attr_array[1] = NULL;
5522 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5523 &group_base, &group_count,
5524 LDAP_SCOPE_SUBTREE)) != 0)
5526 com_err(whoami, 0, "Unable to process user %s : %s",
5527 user_name, ldap_err2string(rc));
5532 if (group_count != 1)
5534 linklist_free(group_base);
5537 sprintf(filter, "(sAMAccountName=%s)", user_name);
5538 attr_array[0] = "name";
5539 attr_array[1] = NULL;
5540 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5541 &group_base, &group_count,
5542 LDAP_SCOPE_SUBTREE)) != 0)
5544 com_err(whoami, 0, "Unable to process user %s : %s",
5545 user_name, ldap_err2string(rc));
5550 if (group_count != 1)
5552 com_err(whoami, 0, "Unable to find user %s in directory",
5557 strcpy(distinguished_name, group_base->dn);
5559 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5561 com_err(whoami, 0, "Unable to process user %s : %s",
5562 user_name, ldap_err2string(rc));
5565 /* Need to add code to delete mit.edu contact */
5569 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5571 if(rc = ldap_delete_s(ldap_handle, temp))
5573 com_err(whoami, 0, "Unable to delete user contact for %s",
5579 linklist_free(group_base);
5584 void linklist_free(LK_ENTRY *linklist_base)
5586 LK_ENTRY *linklist_previous;
5588 while (linklist_base != NULL)
5590 if (linklist_base->dn != NULL)
5591 free(linklist_base->dn);
5593 if (linklist_base->attribute != NULL)
5594 free(linklist_base->attribute);
5596 if (linklist_base->value != NULL)
5597 free(linklist_base->value);
5599 if (linklist_base->member != NULL)
5600 free(linklist_base->member);
5602 if (linklist_base->type != NULL)
5603 free(linklist_base->type);
5605 if (linklist_base->list != NULL)
5606 free(linklist_base->list);
5608 linklist_previous = linklist_base;
5609 linklist_base = linklist_previous->next;
5610 free(linklist_previous);
5614 void free_values(char **modvalues)
5620 if (modvalues != NULL)
5622 while (modvalues[i] != NULL)
5625 modvalues[i] = NULL;
5632 static int illegalchars[] = {
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5635 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5636 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5637 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5638 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5639 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5640 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5641 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5642 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5643 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5644 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5645 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5646 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5647 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5648 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5651 static int illegalchars_ldap[] = {
5652 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5654 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5655 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5656 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5658 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5659 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5664 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5665 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5670 int check_string(char *s)
5678 if (isupper(character))
5679 character = tolower(character);
5683 if (illegalchars[(unsigned) character])
5685 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5686 character, (unsigned) character, s);
5692 if (illegalchars_ldap[(unsigned) character])
5694 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5695 character, (unsigned) character, s);
5704 int check_container_name(char *s)
5712 if (isupper(character))
5713 character = tolower(character);
5715 if (character == ' ')
5718 if (illegalchars[(unsigned) character])
5725 int mr_connect_cl(char *server, char *client, int version, int auth)
5731 status = mr_connect(server);
5735 com_err(whoami, status, "while connecting to Moira");
5739 status = mr_motd(&motd);
5744 com_err(whoami, status, "while checking server status");
5750 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5751 com_err(whoami, status, temp);
5756 status = mr_version(version);
5760 if (status == MR_UNKNOWN_PROC)
5763 status = MR_VERSION_HIGH;
5765 status = MR_SUCCESS;
5768 if (status == MR_VERSION_HIGH)
5770 com_err(whoami, 0, "Warning: This client is running newer code "
5771 "than the server.");
5772 com_err(whoami, 0, "Some operations may not work.");
5774 else if (status && status != MR_VERSION_LOW)
5776 com_err(whoami, status, "while setting query version number.");
5784 status = mr_krb5_auth(client);
5787 com_err(whoami, status, "while authenticating to Moira.");
5796 void AfsToWinAfs(char* path, char* winPath)
5800 strcpy(winPath, WINAFS);
5801 pathPtr = path + strlen(AFS);
5802 winPathPtr = winPath + strlen(WINAFS);
5806 if (*pathPtr == '/')
5809 *winPathPtr = *pathPtr;
5816 int GetAceInfo(int ac, char **av, void *ptr)
5823 strcpy(call_args[0], av[L_ACE_TYPE]);
5824 strcpy(call_args[1], av[L_ACE_NAME]);
5826 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5827 return(LDAP_SUCCESS);
5830 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5833 char *attr_array[3];
5836 LK_ENTRY *group_base;
5841 sprintf(filter, "(sAMAccountName=%s)", Name);
5842 attr_array[0] = "sAMAccountName";
5843 attr_array[1] = NULL;
5845 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5846 &group_base, &group_count,
5847 LDAP_SCOPE_SUBTREE)) != 0)
5849 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5850 Name, ldap_err2string(rc));
5854 linklist_free(group_base);
5857 if (group_count == 0)
5865 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5866 int UpdateGroup, int *ProcessGroup, char *maillist)
5869 char GroupName[256];
5875 char AceMembership[2];
5878 char *save_argv[U_END];
5882 com_err(whoami, 0, "ProcessAce disabled, skipping");
5886 strcpy(GroupName, Name);
5888 if (strcasecmp(Type, "LIST"))
5894 AceInfo[0] = AceType;
5895 AceInfo[1] = AceName;
5896 AceInfo[2] = AceMembership;
5898 memset(AceType, '\0', sizeof(AceType));
5899 memset(AceName, '\0', sizeof(AceName));
5900 memset(AceMembership, '\0', sizeof(AceMembership));
5901 memset(AceOu, '\0', sizeof(AceOu));
5904 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5906 if(rc != MR_NO_MATCH)
5907 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5908 GroupName, error_message(rc));
5915 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5919 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5922 strcpy(temp, AceName);
5924 if (!strcasecmp(AceType, "LIST"))
5925 sprintf(temp, "%s%s", AceName, group_suffix);
5929 if (checkADname(ldap_handle, dn_path, temp))
5932 (*ProcessGroup) = 1;
5935 if (!strcasecmp(AceInfo[0], "LIST"))
5937 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5938 AceMembership, 0, UpdateGroup, maillist))
5941 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5944 else if (!strcasecmp(AceInfo[0], "USER"))
5947 call_args[0] = (char *)ldap_handle;
5948 call_args[1] = dn_path;
5950 call_args[3] = NULL;
5953 if (rc = mr_query("get_user_account_by_login", 1, av,
5954 save_query_info, save_argv))
5956 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5961 if (rc = user_create(U_END, save_argv, call_args))
5963 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5970 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5980 if (!strcasecmp(AceType, "LIST"))
5982 if (!strcasecmp(GroupName, AceName))
5986 strcpy(GroupName, AceName);
5992 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5993 char *group_name, char *group_ou, char *group_membership,
5994 int group_security_flag, int updateGroup, char *maillist)
5999 LK_ENTRY *group_base;
6002 char *attr_array[3];
6005 call_args[0] = (char *)ldap_handle;
6006 call_args[1] = dn_path;
6007 call_args[2] = group_name;
6008 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6009 call_args[4] = (char *)updateGroup;
6010 call_args[5] = MoiraId;
6012 call_args[7] = NULL;
6018 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6021 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6029 com_err(whoami, 0, "Unable to create list %s", group_name);
6030 return(callback_rc);
6036 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6037 char *group_ou, char *group_membership,
6038 int group_security_flag, char *MoiraId)
6053 char *member_v[] = {NULL, NULL};
6054 char *save_argv[U_END];
6055 char machine_ou[256];
6056 char NewMachineName[1024];
6058 com_err(whoami, 0, "Populating group %s", group_name);
6060 call_args[0] = (char *)ldap_handle;
6061 call_args[1] = dn_path;
6062 call_args[2] = group_name;
6063 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6065 call_args[4] = NULL;
6068 if (rc = mr_query("get_end_members_of_list", 1, av,
6069 member_list_build, call_args))
6074 com_err(whoami, 0, "Unable to populate list %s : %s",
6075 group_name, error_message(rc));
6079 members = (char **)malloc(sizeof(char *) * 2);
6081 if (member_base != NULL)
6087 if (!strcasecmp(ptr->type, "LIST"))
6093 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6099 if(!strcasecmp(ptr->type, "USER"))
6101 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6102 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6108 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6109 "")) == AD_NO_USER_FOUND)
6111 com_err(whoami, 0, "creating user %s", ptr->member);
6113 av[0] = ptr->member;
6114 call_args[0] = (char *)ldap_handle;
6115 call_args[1] = dn_path;
6117 call_args[3] = NULL;
6120 if (rc = mr_query("get_user_account_by_login", 1, av,
6121 save_query_info, save_argv))
6123 com_err(whoami, 0, "Unable to create user %s "
6124 "while populating group %s.", ptr->member,
6130 if (rc = user_create(U_END, save_argv, call_args))
6132 com_err(whoami, 0, "Unable to create user %s "
6133 "while populating group %s.", ptr->member,
6141 com_err(whoami, 0, "Unable to create user %s "
6142 "while populating group %s", ptr->member,
6153 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6158 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6162 else if (!strcasecmp(ptr->type, "STRING"))
6164 if (contact_create(ldap_handle, dn_path, ptr->member,
6168 pUserOu = contact_ou;
6169 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6172 else if (!strcasecmp(ptr->type, "KERBEROS"))
6174 if (contact_create(ldap_handle, dn_path, ptr->member,
6178 pUserOu = kerberos_ou;
6179 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6182 else if (!strcasecmp(ptr->type, "MACHINE"))
6184 memset(machine_ou, '\0', sizeof(machine_ou));
6185 memset(NewMachineName, '\0', sizeof(NewMachineName));
6187 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6188 machine_ou, NewMachineName))
6190 pUserOu = machine_ou;
6191 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6202 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6203 members[i++] = strdup(member);
6208 linklist_free(member_base);
6214 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6216 if(GroupPopulateDelete)
6219 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6222 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6223 mods)) != LDAP_SUCCESS)
6226 "Unable to populate group membership for %s: %s",
6227 group_dn, ldap_err2string(rc));
6230 for (i = 0; i < n; i++)
6235 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6238 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6239 mods)) != LDAP_SUCCESS)
6242 "Unable to populate group membership for %s: %s",
6243 group_dn, ldap_err2string(rc));
6246 for (i = 0; i < n; i++)
6254 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6255 char *group_name, char *group_ou, char *group_membership,
6256 int group_security_flag, int type, char *maillist)
6258 char before_desc[512];
6259 char before_name[256];
6260 char before_group_ou[256];
6261 char before_group_membership[2];
6262 char distinguishedName[256];
6263 char ad_distinguishedName[256];
6265 char *attr_array[3];
6266 int before_security_flag;
6269 LK_ENTRY *group_base;
6272 char ou_security[512];
6273 char ou_distribution[512];
6274 char ou_neither[512];
6277 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6278 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6280 memset(filter, '\0', sizeof(filter));
6284 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6286 "samAccountName", &group_base,
6287 &group_count, filter))
6290 if (type == CHECK_GROUPS)
6292 if (group_count == 1)
6294 strcpy(group_dn, group_base->dn);
6296 if (!strcasecmp(group_dn, distinguishedName))
6298 linklist_free(group_base);
6303 linklist_free(group_base);
6305 if (group_count == 0)
6306 return(AD_NO_GROUPS_FOUND);
6308 if (group_count == 1)
6309 return(AD_WRONG_GROUP_DN_FOUND);
6311 return(AD_MULTIPLE_GROUPS_FOUND);
6314 if (group_count == 0)
6316 return(AD_NO_GROUPS_FOUND);
6319 if (group_count > 1)
6323 strcpy(group_dn, ptr->dn);
6327 if (!strcasecmp(group_dn, ptr->value))
6335 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6341 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6345 linklist_free(group_base);
6346 return(AD_MULTIPLE_GROUPS_FOUND);
6353 strcpy(group_dn, ptr->dn);
6355 if (strcasecmp(group_dn, ptr->value))
6356 rc = ldap_delete_s(ldap_handle, ptr->value);
6361 linklist_free(group_base);
6362 memset(filter, '\0', sizeof(filter));
6366 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6368 "samAccountName", &group_base,
6369 &group_count, filter))
6372 if (group_count == 0)
6373 return(AD_NO_GROUPS_FOUND);
6375 if (group_count > 1)
6376 return(AD_MULTIPLE_GROUPS_FOUND);
6379 strcpy(ad_distinguishedName, group_base->dn);
6380 linklist_free(group_base);
6384 attr_array[0] = "sAMAccountName";
6385 attr_array[1] = NULL;
6387 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6388 &group_base, &group_count,
6389 LDAP_SCOPE_SUBTREE)) != 0)
6391 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6392 MoiraId, ldap_err2string(rc));
6396 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6398 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6400 linklist_free(group_base);
6406 linklist_free(group_base);
6409 memset(ou_both, '\0', sizeof(ou_both));
6410 memset(ou_security, '\0', sizeof(ou_security));
6411 memset(ou_distribution, '\0', sizeof(ou_distribution));
6412 memset(ou_neither, '\0', sizeof(ou_neither));
6413 memset(before_name, '\0', sizeof(before_name));
6414 memset(before_desc, '\0', sizeof(before_desc));
6415 memset(before_group_membership, '\0', sizeof(before_group_membership));
6417 attr_array[0] = "name";
6418 attr_array[1] = NULL;
6420 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6421 &group_base, &group_count,
6422 LDAP_SCOPE_SUBTREE)) != 0)
6424 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6425 MoiraId, ldap_err2string(rc));
6429 strcpy(before_name, group_base->value);
6430 linklist_free(group_base);
6434 attr_array[0] = "description";
6435 attr_array[1] = NULL;
6437 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6438 &group_base, &group_count,
6439 LDAP_SCOPE_SUBTREE)) != 0)
6442 "Unable to get list description with MoiraId = %s: %s",
6443 MoiraId, ldap_err2string(rc));
6447 if (group_count != 0)
6449 strcpy(before_desc, group_base->value);
6450 linklist_free(group_base);
6455 change_to_lower_case(ad_distinguishedName);
6456 strcpy(ou_both, group_ou_both);
6457 change_to_lower_case(ou_both);
6458 strcpy(ou_security, group_ou_security);
6459 change_to_lower_case(ou_security);
6460 strcpy(ou_distribution, group_ou_distribution);
6461 change_to_lower_case(ou_distribution);
6462 strcpy(ou_neither, group_ou_neither);
6463 change_to_lower_case(ou_neither);
6465 if (strstr(ad_distinguishedName, ou_both))
6467 strcpy(before_group_ou, group_ou_both);
6468 before_group_membership[0] = 'B';
6469 before_security_flag = 1;
6471 else if (strstr(ad_distinguishedName, ou_security))
6473 strcpy(before_group_ou, group_ou_security);
6474 before_group_membership[0] = 'S';
6475 before_security_flag = 1;
6477 else if (strstr(ad_distinguishedName, ou_distribution))
6479 strcpy(before_group_ou, group_ou_distribution);
6480 before_group_membership[0] = 'D';
6481 before_security_flag = 0;
6483 else if (strstr(ad_distinguishedName, ou_neither))
6485 strcpy(before_group_ou, group_ou_neither);
6486 before_group_membership[0] = 'N';
6487 before_security_flag = 0;
6490 return(AD_NO_OU_FOUND);
6492 rc = group_rename(ldap_handle, dn_path, before_name,
6493 before_group_membership,
6494 before_group_ou, before_security_flag, before_desc,
6495 group_name, group_membership, group_ou,
6496 group_security_flag,
6497 before_desc, MoiraId, filter, maillist);
6502 void change_to_lower_case(char *ptr)
6506 for (i = 0; i < (int)strlen(ptr); i++)
6508 ptr[i] = tolower(ptr[i]);
6512 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6513 char *group_name, char *group_membership,
6514 char *MoiraId, char *attribute,
6515 LK_ENTRY **linklist_base, int *linklist_count,
6520 char *attr_array[3];
6524 (*linklist_base) = NULL;
6525 (*linklist_count) = 0;
6527 if (strlen(rFilter) != 0)
6529 strcpy(filter, rFilter);
6530 attr_array[0] = attribute;
6531 attr_array[1] = NULL;
6533 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6534 linklist_base, linklist_count,
6535 LDAP_SCOPE_SUBTREE)) != 0)
6537 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6538 MoiraId, ldap_err2string(rc));
6542 if ((*linklist_count) == 1)
6544 strcpy(rFilter, filter);
6549 linklist_free((*linklist_base));
6550 (*linklist_base) = NULL;
6551 (*linklist_count) = 0;
6553 if (strlen(MoiraId) != 0)
6555 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6557 attr_array[0] = attribute;
6558 attr_array[1] = NULL;
6560 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6561 linklist_base, linklist_count,
6562 LDAP_SCOPE_SUBTREE)) != 0)
6564 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6565 MoiraId, ldap_err2string(rc));
6570 if ((*linklist_count) > 1)
6572 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6573 pPtr = (*linklist_base);
6577 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6582 linklist_free((*linklist_base));
6583 (*linklist_base) = NULL;
6584 (*linklist_count) = 0;
6587 if ((*linklist_count) == 1)
6590 pPtr = (*linklist_base);
6591 dn = strdup(pPtr->dn);
6594 if (!memcmp(dn, group_name, strlen(group_name)))
6596 strcpy(rFilter, filter);
6601 linklist_free((*linklist_base));
6602 (*linklist_base) = NULL;
6603 (*linklist_count) = 0;
6604 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6606 attr_array[0] = attribute;
6607 attr_array[1] = NULL;
6609 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6610 linklist_base, linklist_count,
6611 LDAP_SCOPE_SUBTREE)) != 0)
6613 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6614 MoiraId, ldap_err2string(rc));
6618 if ((*linklist_count) == 1)
6620 strcpy(rFilter, filter);
6627 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6630 char *attr_array[3];
6631 char SamAccountName[64];
6634 LK_ENTRY *group_base;
6640 if (strlen(MoiraId) != 0)
6642 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6644 attr_array[0] = "sAMAccountName";
6645 attr_array[1] = NULL;
6646 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6647 &group_base, &group_count,
6648 LDAP_SCOPE_SUBTREE)) != 0)
6650 com_err(whoami, 0, "Unable to process user %s : %s",
6651 UserName, ldap_err2string(rc));
6655 if (group_count > 1)
6657 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6663 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6664 gPtr->value, MoiraId);
6670 if (group_count != 1)
6672 linklist_free(group_base);
6675 sprintf(filter, "(sAMAccountName=%s)", UserName);
6676 attr_array[0] = "sAMAccountName";
6677 attr_array[1] = NULL;
6679 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6680 &group_base, &group_count,
6681 LDAP_SCOPE_SUBTREE)) != 0)
6683 com_err(whoami, 0, "Unable to process user %s : %s",
6684 UserName, ldap_err2string(rc));
6689 if (group_count != 1)
6691 linklist_free(group_base);
6692 return(AD_NO_USER_FOUND);
6695 strcpy(SamAccountName, group_base->value);
6696 linklist_free(group_base);
6700 if (strcmp(SamAccountName, UserName))
6703 "User object %s with MoiraId %s has mismatched usernames "
6704 "(LDAP username %s, Moira username %s)", SamAccountName,
6705 MoiraId, SamAccountName, UserName);
6711 void container_get_dn(char *src, char *dest)
6718 memset(array, '\0', 20 * sizeof(array[0]));
6720 if (strlen(src) == 0)
6742 strcpy(dest, "OU=");
6746 strcat(dest, array[n-1]);
6750 strcat(dest, ",OU=");
6757 void container_get_name(char *src, char *dest)
6762 if (strlen(src) == 0)
6782 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6789 strcpy(cName, name);
6791 for (i = 0; i < (int)strlen(cName); i++)
6793 if (cName[i] == '/')
6796 av[CONTAINER_NAME] = cName;
6797 av[CONTAINER_DESC] = "";
6798 av[CONTAINER_LOCATION] = "";
6799 av[CONTAINER_CONTACT] = "";
6800 av[CONTAINER_TYPE] = "";
6801 av[CONTAINER_ID] = "";
6802 av[CONTAINER_ROWID] = "";
6803 rc = container_create(ldap_handle, dn_path, 7, av);
6805 if (rc == LDAP_SUCCESS)
6807 com_err(whoami, 0, "container %s created without a mitMoiraId",
6816 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6817 char **before, int afterc, char **after)
6822 char new_dn_path[256];
6824 char distinguishedName[256];
6829 memset(cName, '\0', sizeof(cName));
6830 container_get_name(after[CONTAINER_NAME], cName);
6832 if (!check_container_name(cName))
6834 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6836 return(AD_INVALID_NAME);
6839 memset(distinguishedName, '\0', sizeof(distinguishedName));
6841 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6842 distinguishedName, beforec, before))
6845 if (strlen(distinguishedName) == 0)
6847 rc = container_create(ldap_handle, dn_path, afterc, after);
6851 strcpy(temp, after[CONTAINER_NAME]);
6854 for (i = 0; i < (int)strlen(temp); i++)
6864 container_get_dn(temp, dName);
6866 if (strlen(temp) != 0)
6867 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6869 sprintf(new_dn_path, "%s", dn_path);
6871 sprintf(new_cn, "OU=%s", cName);
6873 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6875 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6876 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6878 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6879 before[CONTAINER_NAME], after[CONTAINER_NAME],
6880 ldap_err2string(rc));
6884 memset(dName, '\0', sizeof(dName));
6885 container_get_dn(after[CONTAINER_NAME], dName);
6886 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6891 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6893 char distinguishedName[256];
6896 memset(distinguishedName, '\0', sizeof(distinguishedName));
6898 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6899 distinguishedName, count, av))
6902 if (strlen(distinguishedName) == 0)
6905 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6907 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6908 container_move_objects(ldap_handle, dn_path, distinguishedName);
6910 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6911 av[CONTAINER_NAME], ldap_err2string(rc));
6917 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6919 char *attr_array[3];
6920 LK_ENTRY *group_base;
6923 char *objectClass_v[] = {"top",
6924 "organizationalUnit",
6927 char *ou_v[] = {NULL, NULL};
6928 char *name_v[] = {NULL, NULL};
6929 char *moiraId_v[] = {NULL, NULL};
6930 char *desc_v[] = {NULL, NULL};
6931 char *managedBy_v[] = {NULL, NULL};
6934 char managedByDN[256];
6941 memset(filter, '\0', sizeof(filter));
6942 memset(dName, '\0', sizeof(dName));
6943 memset(cName, '\0', sizeof(cName));
6944 memset(managedByDN, '\0', sizeof(managedByDN));
6945 container_get_dn(av[CONTAINER_NAME], dName);
6946 container_get_name(av[CONTAINER_NAME], cName);
6948 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6950 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6952 return(AD_INVALID_NAME);
6955 if (!check_container_name(cName))
6957 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6959 return(AD_INVALID_NAME);
6963 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6965 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6967 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6969 if (strlen(av[CONTAINER_ROWID]) != 0)
6971 moiraId_v[0] = av[CONTAINER_ROWID];
6972 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6975 if (strlen(av[CONTAINER_DESC]) != 0)
6977 desc_v[0] = av[CONTAINER_DESC];
6978 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6981 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6983 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6985 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6988 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6989 kerberos_ou, dn_path);
6990 managedBy_v[0] = managedByDN;
6991 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6996 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6998 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6999 "(objectClass=user)))", av[CONTAINER_ID]);
7002 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7004 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7008 if (strlen(filter) != 0)
7010 attr_array[0] = "distinguishedName";
7011 attr_array[1] = NULL;
7014 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7016 &group_base, &group_count,
7017 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7019 if (group_count == 1)
7021 strcpy(managedByDN, group_base->value);
7022 managedBy_v[0] = managedByDN;
7023 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7025 linklist_free(group_base);
7035 sprintf(temp, "%s,%s", dName, dn_path);
7036 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7038 for (i = 0; i < n; i++)
7041 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7043 com_err(whoami, 0, "Unable to create container %s : %s",
7044 cName, ldap_err2string(rc));
7048 if (rc == LDAP_ALREADY_EXISTS)
7050 if (strlen(av[CONTAINER_ROWID]) != 0)
7051 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7057 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7058 char **before, int afterc, char **after)
7060 char distinguishedName[256];
7063 memset(distinguishedName, '\0', sizeof(distinguishedName));
7065 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7066 distinguishedName, afterc, after))
7069 if (strlen(distinguishedName) == 0)
7071 rc = container_create(ldap_handle, dn_path, afterc, after);
7075 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7076 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7082 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7083 char *distinguishedName, int count,
7086 char *attr_array[3];
7087 LK_ENTRY *group_base;
7094 memset(filter, '\0', sizeof(filter));
7095 memset(dName, '\0', sizeof(dName));
7096 memset(cName, '\0', sizeof(cName));
7097 container_get_dn(av[CONTAINER_NAME], dName);
7098 container_get_name(av[CONTAINER_NAME], cName);
7100 if (strlen(dName) == 0)
7102 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7103 av[CONTAINER_NAME]);
7104 return(AD_INVALID_NAME);
7107 if (!check_container_name(cName))
7109 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7111 return(AD_INVALID_NAME);
7114 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7115 av[CONTAINER_ROWID]);
7116 attr_array[0] = "distinguishedName";
7117 attr_array[1] = NULL;
7121 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7122 &group_base, &group_count,
7123 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7125 if (group_count == 1)
7127 strcpy(distinguishedName, group_base->value);
7130 linklist_free(group_base);
7135 if (strlen(distinguishedName) == 0)
7137 sprintf(filter, "(&(objectClass=organizationalUnit)"
7138 "(distinguishedName=%s,%s))", dName, dn_path);
7139 attr_array[0] = "distinguishedName";
7140 attr_array[1] = NULL;
7144 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7145 &group_base, &group_count,
7146 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7148 if (group_count == 1)
7150 strcpy(distinguishedName, group_base->value);
7153 linklist_free(group_base);
7162 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7163 char *distinguishedName, int count, char **av)
7165 char *attr_array[5];
7166 LK_ENTRY *group_base;
7171 char *moiraId_v[] = {NULL, NULL};
7172 char *desc_v[] = {NULL, NULL};
7173 char *managedBy_v[] = {NULL, NULL};
7174 char managedByDN[256];
7183 strcpy(ad_path, distinguishedName);
7185 if (strlen(dName) != 0)
7186 sprintf(ad_path, "%s,%s", dName, dn_path);
7188 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7191 if (strlen(av[CONTAINER_ID]) != 0)
7192 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7193 av[CONTAINER_ROWID]);
7195 attr_array[0] = "mitMoiraId";
7196 attr_array[1] = "description";
7197 attr_array[2] = "managedBy";
7198 attr_array[3] = NULL;
7202 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7203 &group_base, &group_count,
7204 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7206 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7207 av[CONTAINER_NAME], ldap_err2string(rc));
7211 memset(managedByDN, '\0', sizeof(managedByDN));
7212 memset(moiraId, '\0', sizeof(moiraId));
7213 memset(desc, '\0', sizeof(desc));
7218 if (!strcasecmp(pPtr->attribute, "description"))
7219 strcpy(desc, pPtr->value);
7220 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7221 strcpy(managedByDN, pPtr->value);
7222 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7223 strcpy(moiraId, pPtr->value);
7227 linklist_free(group_base);
7232 if (strlen(av[CONTAINER_ROWID]) != 0)
7234 moiraId_v[0] = av[CONTAINER_ROWID];
7235 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7238 if (strlen(av[CONTAINER_DESC]) != 0)
7240 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7245 if (strlen(desc) != 0)
7247 attribute_update(ldap_handle, ad_path, "", "description", dName);
7251 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7253 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7255 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7258 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7259 kerberos_ou, dn_path);
7260 managedBy_v[0] = managedByDN;
7261 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7265 if (strlen(managedByDN) != 0)
7267 attribute_update(ldap_handle, ad_path, "", "managedBy",
7274 memset(filter, '\0', sizeof(filter));
7276 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7278 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7279 "(objectClass=user)))", av[CONTAINER_ID]);
7282 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7284 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7288 if (strlen(filter) != 0)
7290 attr_array[0] = "distinguishedName";
7291 attr_array[1] = NULL;
7294 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7295 attr_array, &group_base, &group_count,
7296 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7298 if (group_count == 1)
7300 strcpy(managedByDN, group_base->value);
7301 managedBy_v[0] = managedByDN;
7302 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7306 if (strlen(managedByDN) != 0)
7308 attribute_update(ldap_handle, ad_path, "",
7309 "managedBy", dName);
7313 linklist_free(group_base);
7320 if (strlen(managedByDN) != 0)
7322 attribute_update(ldap_handle, ad_path, "", "managedBy",
7332 return(LDAP_SUCCESS);
7334 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7336 for (i = 0; i < n; i++)
7339 if (rc != LDAP_SUCCESS)
7341 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7342 av[CONTAINER_NAME], ldap_err2string(rc));
7349 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7351 char *attr_array[3];
7352 LK_ENTRY *group_base;
7359 int NumberOfEntries = 10;
7363 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7365 for (i = 0; i < 3; i++)
7367 memset(filter, '\0', sizeof(filter));
7371 strcpy(filter, "(!(|(objectClass=computer)"
7372 "(objectClass=organizationalUnit)))");
7373 attr_array[0] = "cn";
7374 attr_array[1] = NULL;
7378 strcpy(filter, "(objectClass=computer)");
7379 attr_array[0] = "cn";
7380 attr_array[1] = NULL;
7384 strcpy(filter, "(objectClass=organizationalUnit)");
7385 attr_array[0] = "ou";
7386 attr_array[1] = NULL;
7391 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7392 &group_base, &group_count,
7393 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7398 if (group_count == 0)
7405 if (!strcasecmp(pPtr->attribute, "cn"))
7407 sprintf(new_cn, "cn=%s", pPtr->value);
7409 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7411 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7416 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7418 if (rc == LDAP_ALREADY_EXISTS)
7420 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7427 else if (!strcasecmp(pPtr->attribute, "ou"))
7429 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7435 linklist_free(group_base);
7444 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7445 char *machine_ou, char *NewMachineName)
7447 LK_ENTRY *group_base;
7451 char *attr_array[3];
7458 strcpy(NewMachineName, member);
7459 rc = moira_connect();
7460 rc = GetMachineName(NewMachineName);
7463 if (strlen(NewMachineName) == 0)
7465 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7471 pPtr = strchr(NewMachineName, '.');
7478 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7479 attr_array[0] = "cn";
7480 attr_array[1] = NULL;
7481 sprintf(temp, "%s", dn_path);
7483 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7484 &group_base, &group_count,
7485 LDAP_SCOPE_SUBTREE)) != 0)
7487 com_err(whoami, 0, "Unable to process machine %s : %s",
7488 member, ldap_err2string(rc));
7492 if (group_count != 1)
7497 strcpy(dn, group_base->dn);
7498 strcpy(cn, group_base->value);
7500 for (i = 0; i < (int)strlen(dn); i++)
7501 dn[i] = tolower(dn[i]);
7503 for (i = 0; i < (int)strlen(cn); i++)
7504 cn[i] = tolower(cn[i]);
7506 linklist_free(group_base);
7508 pPtr = strstr(dn, cn);
7512 com_err(whoami, 0, "Unable to process machine %s",
7517 pPtr += strlen(cn) + 1;
7518 strcpy(machine_ou, pPtr);
7520 pPtr = strstr(machine_ou, "dc=");
7524 com_err(whoami, 0, "Unable to process machine %s",
7535 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7536 char *MoiraMachineName, char *DestinationOu)
7540 char MachineName[128];
7542 char *attr_array[3];
7547 LK_ENTRY *group_base;
7552 strcpy(MachineName, MoiraMachineName);
7553 rc = GetMachineName(MachineName);
7555 if (strlen(MachineName) == 0)
7557 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7562 cPtr = strchr(MachineName, '.');
7567 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7568 attr_array[0] = "sAMAccountName";
7569 attr_array[1] = NULL;
7571 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7573 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7575 com_err(whoami, 0, "Unable to process machine %s : %s",
7576 MoiraMachineName, ldap_err2string(rc));
7580 if (group_count == 1)
7581 strcpy(OldDn, group_base->dn);
7583 linklist_free(group_base);
7586 if (group_count != 1)
7588 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7593 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7594 cPtr = strchr(OldDn, ',');
7599 if (!strcasecmp(cPtr, NewOu))
7603 sprintf(NewCn, "CN=%s", MachineName);
7604 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7609 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7615 memset(Name, '\0', sizeof(Name));
7616 strcpy(Name, machine_name);
7618 pPtr = strchr(Name, '.');
7624 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7627 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7628 char *machine_name, char *container_name)
7634 av[0] = machine_name;
7635 call_args[0] = (char *)container_name;
7636 rc = mr_query("get_machine_to_container_map", 1, av,
7637 machine_GetMoiraContainer, call_args);
7641 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7646 strcpy(call_args[0], av[1]);
7650 int Moira_container_group_create(char **after)
7656 memset(GroupName, '\0', sizeof(GroupName));
7657 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7658 after[CONTAINER_ROWID]);
7662 argv[L_NAME] = GroupName;
7663 argv[L_ACTIVE] = "1";
7664 argv[L_PUBLIC] = "0";
7665 argv[L_HIDDEN] = "0";
7666 argv[L_MAILLIST] = "0";
7667 argv[L_GROUP] = "1";
7668 argv[L_GID] = UNIQUE_GID;
7669 argv[L_NFSGROUP] = "0";
7670 argv[L_MAILMAN] = "0";
7671 argv[L_MAILMAN_SERVER] = "[NONE]";
7672 argv[L_DESC] = "auto created container group";
7673 argv[L_ACE_TYPE] = "USER";
7674 argv[L_MEMACE_TYPE] = "USER";
7675 argv[L_ACE_NAME] = "sms";
7676 argv[L_MEMACE_NAME] = "sms";
7678 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7681 "Unable to create container group %s for container %s: %s",
7682 GroupName, after[CONTAINER_NAME], error_message(rc));
7685 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7686 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7691 int Moira_container_group_update(char **before, char **after)
7694 char BeforeGroupName[64];
7695 char AfterGroupName[64];
7698 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7701 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7702 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7703 if (strlen(BeforeGroupName) == 0)
7706 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7707 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7708 after[CONTAINER_ROWID]);
7712 if (strcasecmp(BeforeGroupName, AfterGroupName))
7714 argv[L_NAME] = BeforeGroupName;
7715 argv[L_NAME + 1] = AfterGroupName;
7716 argv[L_ACTIVE + 1] = "1";
7717 argv[L_PUBLIC + 1] = "0";
7718 argv[L_HIDDEN + 1] = "0";
7719 argv[L_MAILLIST + 1] = "0";
7720 argv[L_GROUP + 1] = "1";
7721 argv[L_GID + 1] = UNIQUE_GID;
7722 argv[L_NFSGROUP + 1] = "0";
7723 argv[L_MAILMAN + 1] = "0";
7724 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7725 argv[L_DESC + 1] = "auto created container group";
7726 argv[L_ACE_TYPE + 1] = "USER";
7727 argv[L_MEMACE_TYPE + 1] = "USER";
7728 argv[L_ACE_NAME + 1] = "sms";
7729 argv[L_MEMACE_NAME + 1] = "sms";
7731 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7734 "Unable to rename container group from %s to %s: %s",
7735 BeforeGroupName, AfterGroupName, error_message(rc));
7742 int Moira_container_group_delete(char **before)
7747 char ParentGroupName[64];
7749 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7750 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7752 memset(GroupName, '\0', sizeof(GroupName));
7754 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7755 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7757 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7759 argv[0] = ParentGroupName;
7761 argv[2] = GroupName;
7763 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7766 "Unable to delete container group %s from list: %s",
7767 GroupName, ParentGroupName, error_message(rc));
7771 if (strlen(GroupName) != 0)
7773 argv[0] = GroupName;
7775 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7777 com_err(whoami, 0, "Unable to delete container group %s : %s",
7778 GroupName, error_message(rc));
7785 int Moira_groupname_create(char *GroupName, char *ContainerName,
7786 char *ContainerRowID)
7791 char newGroupName[64];
7792 char tempGroupName[64];
7798 strcpy(temp, ContainerName);
7800 ptr1 = strrchr(temp, '/');
7806 ptr1 = strrchr(temp, '/');
7810 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7813 strcpy(tempgname, ptr);
7816 strcpy(tempgname, temp);
7818 if (strlen(tempgname) > 25)
7819 tempgname[25] ='\0';
7821 sprintf(newGroupName, "cnt-%s", tempgname);
7823 /* change everything to lower case */
7829 *ptr = tolower(*ptr);
7837 strcpy(tempGroupName, newGroupName);
7840 /* append 0-9 then a-z if a duplicate is found */
7843 argv[0] = newGroupName;
7845 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7847 if (rc == MR_NO_MATCH)
7849 com_err(whoami, 0, "Moira error while creating group name for "
7850 "container %s : %s", ContainerName, error_message(rc));
7854 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7858 com_err(whoami, 0, "Unable to find a unique group name for "
7859 "container %s: too many duplicate container names",
7870 strcpy(GroupName, newGroupName);
7874 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7879 argv[0] = origContainerName;
7880 argv[1] = GroupName;
7882 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7885 "Unable to set container group %s in container %s: %s",
7886 GroupName, origContainerName, error_message(rc));
7892 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7894 char ContainerName[64];
7895 char ParentGroupName[64];
7899 strcpy(ContainerName, origContainerName);
7901 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7903 /* top-level container */
7904 if (strlen(ParentGroupName) == 0)
7907 argv[0] = ParentGroupName;
7909 argv[2] = GroupName;
7911 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7914 "Unable to add container group %s to parent group %s: %s",
7915 GroupName, ParentGroupName, error_message(rc));
7921 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7926 strcpy(call_args[0], av[1]);
7931 int Moira_getGroupName(char *origContainerName, char *GroupName,
7934 char ContainerName[64];
7940 strcpy(ContainerName, origContainerName);
7944 ptr = strrchr(ContainerName, '/');
7952 argv[0] = ContainerName;
7954 call_args[0] = GroupName;
7955 call_args[1] = NULL;
7957 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7960 if (strlen(GroupName) != 0)
7965 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7966 ContainerName, error_message(rc));
7968 com_err(whoami, 0, "Unable to get container group from container %s",
7974 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7980 if (strcmp(GroupName, "[none]") == 0)
7983 argv[0] = GroupName;
7984 argv[1] = "MACHINE";
7985 argv[2] = MachineName;
7988 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7990 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7994 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7995 MachineName, GroupName, error_message(rc));
8001 int GetMachineName(char *MachineName)
8004 char NewMachineName[1024];
8011 // If the address happens to be in the top-level MIT domain, great!
8012 strcpy(NewMachineName, MachineName);
8014 for (i = 0; i < (int)strlen(NewMachineName); i++)
8015 NewMachineName[i] = toupper(NewMachineName[i]);
8017 szDot = strchr(NewMachineName,'.');
8019 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8024 // If not, see if it has a Moira alias in the top-level MIT domain.
8025 memset(NewMachineName, '\0', sizeof(NewMachineName));
8027 args[1] = MachineName;
8028 call_args[0] = NewMachineName;
8029 call_args[1] = NULL;
8031 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8033 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8034 MachineName, error_message(rc));
8035 strcpy(MachineName, "");
8039 if (strlen(NewMachineName) != 0)
8040 strcpy(MachineName, NewMachineName);
8042 strcpy(MachineName, "");
8047 int ProcessMachineName(int ac, char **av, void *ptr)
8050 char MachineName[1024];
8056 if (strlen(call_args[0]) == 0)
8058 strcpy(MachineName, av[0]);
8060 for (i = 0; i < (int)strlen(MachineName); i++)
8061 MachineName[i] = toupper(MachineName[i]);
8063 szDot = strchr(MachineName,'.');
8065 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8067 strcpy(call_args[0], MachineName);
8074 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8080 for (i = 0; i < n; i++)
8082 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8083 mods[i]->mod_type = "uidNumber";
8090 for (i = 0; i < n; i++)
8092 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8093 mods[i]->mod_type = "msSFU30UidNumber";
8100 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8101 char *DistinguishedName,
8102 char *WinHomeDir, char *WinProfileDir,
8103 char **homedir_v, char **winProfile_v,
8104 char **drives_v, LDAPMod **mods,
8111 char winProfile[1024];
8114 char apple_homedir[1024];
8115 char *apple_homedir_v[] = {NULL, NULL};
8119 LDAPMod *DelMods[20];
8121 char *save_argv[FS_END];
8122 char *fsgroup_save_argv[2];
8124 memset(homeDrive, '\0', sizeof(homeDrive));
8125 memset(path, '\0', sizeof(path));
8126 memset(winPath, '\0', sizeof(winPath));
8127 memset(winProfile, '\0', sizeof(winProfile));
8129 if(!ActiveDirectory)
8131 if (rc = moira_connect())
8133 critical_alert("Ldap incremental",
8134 "Error contacting Moira server : %s",
8139 argv[0] = user_name;
8141 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8144 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8145 !strcmp(save_argv[FS_TYPE], "MUL"))
8148 argv[0] = save_argv[FS_NAME];
8151 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8152 save_fsgroup_info, fsgroup_save_argv)))
8156 argv[0] = fsgroup_save_argv[0];
8158 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8159 save_query_info, save_argv)))
8161 strcpy(path, save_argv[FS_PACK]);
8168 strcpy(path, save_argv[FS_PACK]);
8176 if (!strnicmp(path, AFS, strlen(AFS)))
8178 sprintf(homedir, "%s", path);
8179 sprintf(apple_homedir, "%s/MacData", path);
8180 homedir_v[0] = homedir;
8181 apple_homedir_v[0] = apple_homedir;
8182 ADD_ATTR("homeDirectory", homedir_v, OpType);
8183 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8189 homedir_v[0] = "NONE";
8190 apple_homedir_v[0] = "NONE";
8191 ADD_ATTR("homeDirectory", homedir_v, OpType);
8192 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8199 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8200 (!strcasecmp(WinProfileDir, "[afs]")))
8202 if (rc = moira_connect())
8204 critical_alert("Ldap incremental",
8205 "Error contacting Moira server : %s",
8210 argv[0] = user_name;
8212 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8215 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8216 !strcmp(save_argv[FS_TYPE], "MUL"))
8219 argv[0] = save_argv[FS_NAME];
8222 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8223 save_fsgroup_info, fsgroup_save_argv)))
8227 argv[0] = fsgroup_save_argv[0];
8229 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8230 save_query_info, save_argv)))
8232 strcpy(path, save_argv[FS_PACK]);
8239 strcpy(path, save_argv[FS_PACK]);
8247 if (!strnicmp(path, AFS, strlen(AFS)))
8249 AfsToWinAfs(path, winPath);
8250 strcpy(winProfile, winPath);
8251 strcat(winProfile, "\\.winprofile");
8258 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8259 (!strcasecmp(WinProfileDir, "[dfs]")))
8261 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8262 user_name[0], user_name);
8264 if (!strcasecmp(WinProfileDir, "[dfs]"))
8266 strcpy(winProfile, path);
8267 strcat(winProfile, "\\.winprofile");
8270 if (!strcasecmp(WinHomeDir, "[dfs]"))
8271 strcpy(winPath, path);
8274 if (!strcasecmp(WinHomeDir, "[local]"))
8275 memset(winPath, '\0', sizeof(winPath));
8276 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8277 !strcasecmp(WinHomeDir, "[dfs]"))
8279 strcpy(homeDrive, "H:");
8283 strcpy(winPath, WinHomeDir);
8284 if (!strncmp(WinHomeDir, "\\\\", 2))
8286 strcpy(homeDrive, "H:");
8290 // nothing needs to be done if WinProfileDir is [afs].
8291 if (!strcasecmp(WinProfileDir, "[local]"))
8292 memset(winProfile, '\0', sizeof(winProfile));
8293 else if (strcasecmp(WinProfileDir, "[afs]") &&
8294 strcasecmp(WinProfileDir, "[dfs]"))
8296 strcpy(winProfile, WinProfileDir);
8299 if (strlen(winProfile) != 0)
8301 if (winProfile[strlen(winProfile) - 1] == '\\')
8302 winProfile[strlen(winProfile) - 1] = '\0';
8305 if (strlen(winPath) != 0)
8307 if (winPath[strlen(winPath) - 1] == '\\')
8308 winPath[strlen(winPath) - 1] = '\0';
8311 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8312 strcat(winProfile, "\\");
8314 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8315 strcat(winPath, "\\");
8317 if (strlen(winPath) == 0)
8319 if (OpType == LDAP_MOD_REPLACE)
8322 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8324 //unset homeDirectory attribute for user.
8325 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8331 homedir_v[0] = strdup(winPath);
8332 ADD_ATTR("homeDirectory", homedir_v, OpType);
8335 if (strlen(winProfile) == 0)
8337 if (OpType == LDAP_MOD_REPLACE)
8340 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8342 //unset profilePate attribute for user.
8343 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8349 winProfile_v[0] = strdup(winProfile);
8350 ADD_ATTR("profilePath", winProfile_v, OpType);
8353 if (strlen(homeDrive) == 0)
8355 if (OpType == LDAP_MOD_REPLACE)
8358 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8360 //unset homeDrive attribute for user
8361 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8367 drives_v[0] = strdup(homeDrive);
8368 ADD_ATTR("homeDrive", drives_v, OpType);
8374 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8375 char *attribute_value, char *attribute, char *user_name)
8377 char *mod_v[] = {NULL, NULL};
8378 LDAPMod *DelMods[20];
8384 if (strlen(attribute_value) == 0)
8387 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8389 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8395 mod_v[0] = attribute_value;
8396 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8399 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8400 mods)) != LDAP_SUCCESS)
8404 mod_v[0] = attribute_value;
8405 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8408 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8409 mods)) != LDAP_SUCCESS)
8411 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8412 "in the directory : %s",
8413 attribute, user_name, ldap_err2string(rc));
8423 void StringTrim(char *StringToTrim)
8428 save = strdup(StringToTrim);
8435 /* skip to end of string */
8440 strcpy(StringToTrim, save);
8444 for (t = s; *t; t++)
8460 strcpy(StringToTrim, s);
8464 int ReadConfigFile(char *DomainName)
8475 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8477 if ((fptr = fopen(temp, "r")) != NULL)
8479 while (fgets(temp, sizeof(temp), fptr) != 0)
8481 for (i = 0; i < (int)strlen(temp); i++)
8482 temp[i] = toupper(temp[i]);
8484 if (temp[strlen(temp) - 1] == '\n')
8485 temp[strlen(temp) - 1] = '\0';
8489 if (strlen(temp) == 0)
8492 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8494 if (strlen(temp) > (strlen(DOMAIN)))
8496 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8497 StringTrim(ldap_domain);
8500 else if (!strncmp(temp, REALM, strlen(REALM)))
8502 if (strlen(temp) > (strlen(REALM)))
8504 strcpy(ldap_realm, &temp[strlen(REALM)]);
8505 StringTrim(ldap_realm);
8508 else if (!strncmp(temp, PORT, strlen(PORT)))
8510 if (strlen(temp) > (strlen(PORT)))
8512 strcpy(ldap_port, &temp[strlen(PORT)]);
8513 StringTrim(ldap_port);
8516 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8518 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8520 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8521 StringTrim(PrincipalName);
8524 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8526 if (strlen(temp) > (strlen(SERVER)))
8528 ServerList[Count] = calloc(1, 256);
8529 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8530 StringTrim(ServerList[Count]);
8534 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8536 if (strlen(temp) > (strlen(MSSFU)))
8538 strcpy(temp1, &temp[strlen(MSSFU)]);
8540 if (!strcmp(temp1, SFUTYPE))
8544 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8546 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8548 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8550 if (!strcasecmp(temp1, "NO"))
8553 memset(group_suffix, '\0', sizeof(group_suffix));
8557 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8559 if (strlen(temp) > (strlen(GROUP_TYPE)))
8561 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8563 if (!strcasecmp(temp1, "UNIVERSAL"))
8564 UseGroupUniversal = 1;
8567 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8569 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8571 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8573 if (!strcasecmp(temp1, "NO"))
8577 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8579 if (strlen(temp) > (strlen(SET_PASSWORD)))
8581 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8583 if (!strcasecmp(temp1, "NO"))
8587 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8589 if (strlen(temp) > (strlen(EXCHANGE)))
8591 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8593 if (!strcasecmp(temp1, "YES"))
8597 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8598 strlen(PROCESS_MACHINE_CONTAINER)))
8600 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8602 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8604 if (!strcasecmp(temp1, "NO"))
8605 ProcessMachineContainer = 0;
8608 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8609 strlen(ACTIVE_DIRECTORY)))
8611 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8613 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8615 if (!strcasecmp(temp1, "NO"))
8616 ActiveDirectory = 0;
8619 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8620 strlen(GROUP_POPULATE_MEMBERS)))
8622 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8624 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8626 if (!strcasecmp(temp1, "DELETE"))
8628 GroupPopulateDelete = 1;
8634 if (strlen(ldap_domain) != 0)
8636 memset(ldap_domain, '\0', sizeof(ldap_domain));
8640 if (strlen(temp) != 0)
8641 strcpy(ldap_domain, temp);
8647 if (strlen(ldap_domain) == 0)
8649 strcpy(ldap_domain, DomainName);
8655 for (i = 0; i < Count; i++)
8657 if (ServerList[i] != 0)
8659 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8660 ServerList[i][k] = toupper(ServerList[i][k]);
8667 int ReadDomainList()
8674 unsigned char c[11];
8675 unsigned char stuff[256];
8680 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8682 if ((fptr = fopen(temp, "r")) != NULL)
8684 while (fgets(temp, sizeof(temp), fptr) != 0)
8686 for (i = 0; i < (int)strlen(temp); i++)
8687 temp[i] = toupper(temp[i]);
8689 if (temp[strlen(temp) - 1] == '\n')
8690 temp[strlen(temp) - 1] = '\0';
8694 if (strlen(temp) == 0)
8697 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8699 if (strlen(temp) > (strlen(DOMAIN)))
8701 strcpy(temp1, &temp[strlen(DOMAIN)]);
8703 strcpy(temp, temp1);
8707 strcpy(DomainNames[Count], temp);
8708 StringTrim(DomainNames[Count]);
8717 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8718 "configuration error in ldap.cfg");
8725 int email_isvalid(const char *address) {
8727 const char *c, *domain;
8728 static char *rfc822_specials = "()<>@,;:\\\"[]";
8730 if(address[strlen(address) - 1] == '.')
8733 /* first we validate the name portion (name@domain) */
8734 for (c = address; *c; c++) {
8735 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8740 if (*c == '\\' && (*++c == ' '))
8742 if (*c <= ' ' || *c >= 127)
8757 if (*c <= ' ' || *c >= 127)
8759 if (strchr(rfc822_specials, *c))
8763 if (c == address || *(c - 1) == '.')
8766 /* next we validate the domain portion (name@domain) */
8767 if (!*(domain = ++c)) return 0;
8770 if (c == domain || *(c - 1) == '.')
8774 if (*c <= ' ' || *c >= 127)
8776 if (strchr(rfc822_specials, *c))
8780 return (count >= 1);
8783 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8784 char **homeServerName)
8786 LK_ENTRY *group_base;
8787 LK_ENTRY *sub_group_base;
8791 int sub_group_count;
8793 char sub_filter[1024];
8794 char search_path[1024];
8796 char *attr_array[3];
8798 int homeMDB_count = -1;
8802 int rangeStep = 1500;
8804 int rangeHigh = rangeLow + (rangeStep - 1);
8807 /* Grumble..... microsoft not making it searchable from the root *grr* */
8809 memset(filter, '\0', sizeof(filter));
8810 memset(search_path, '\0', sizeof(search_path));
8812 sprintf(filter, "(objectClass=msExchMDB)");
8813 sprintf(search_path, "CN=Configuration,%s", dn_path);
8814 attr_array[0] = "distinguishedName";
8815 attr_array[1] = NULL;
8820 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8821 &group_base, &group_count,
8822 LDAP_SCOPE_SUBTREE)) != 0)
8824 com_err(whoami, 0, "Unable to find msExchMDB %s",
8825 ldap_err2string(rc));
8834 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8835 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8836 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8843 * Due to limits in active directory we need to use the LDAP
8844 * range semantics to query and return all the values in
8845 * large lists, we will stop increasing the range when
8846 * the result count is 0.
8854 memset(sub_filter, '\0', sizeof(sub_filter));
8855 memset(range, '\0', sizeof(range));
8856 sprintf(sub_filter, "(objectClass=msExchMDB)");
8859 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8861 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8863 attr_array[0] = range;
8864 attr_array[1] = NULL;
8866 sub_group_base = NULL;
8867 sub_group_count = 0;
8869 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8870 attr_array, &sub_group_base,
8872 LDAP_SCOPE_SUBTREE)) != 0)
8874 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8875 ldap_err2string(rc));
8879 if(!sub_group_count)
8885 rangeHigh = rangeLow + (rangeStep - 1);
8892 mdbbl_count += sub_group_count;
8893 rangeLow = rangeHigh + 1;
8894 rangeHigh = rangeLow + (rangeStep - 1);
8897 /* First time through, need to initialize or update the least used */
8899 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8902 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8904 homeMDB_count = mdbbl_count;
8905 *homeMDB = strdup(gPtr->dn);
8909 linklist_free(sub_group_base);
8913 linklist_free(group_base);
8916 * Ok found the server least allocated need to now query to get its
8917 * msExchHomeServerName so we can set it as a user attribute
8920 attr_array[0] = "legacyExchangeDN";
8921 attr_array[1] = NULL;
8926 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8927 attr_array, &group_base,
8929 LDAP_SCOPE_SUBTREE)) != 0)
8931 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8932 ldap_err2string(rc));
8938 *homeServerName = strdup(group_base->value);
8939 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8945 linklist_free(group_base);
8950 char *lowercase(char *s)
8954 for (p = s; *p; p++)
8962 char *uppercase(char *s)
8966 for (p = s; *p; p++)
8974 char *escape_string(char *s)
8982 memset(string, '\0', sizeof(string));
8986 /* Escape any special characters */
8988 for(; *q != '\0'; q++) {
9011 return strdup(string);
9014 int save_query_info(int argc, char **argv, void *hint)
9017 char **nargv = hint;
9019 for(i = 0; i < argc; i++)
9020 nargv[i] = strdup(argv[i]);
9025 int save_fsgroup_info(int argc, char **argv, void *hint)
9028 char **nargv = hint;
9032 for(i = 0; i < argc; i++)
9033 nargv[i] = strdup(argv[i]);