2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * imembers 0 9 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
31 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
33 * test parameters for remove member from group/list - done
34 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
35 * imembers 9 0 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
36 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
38 * test parameters for creating and/or populating a group/list - done
39 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
40 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
42 * test parameters for deleting a group/list - done
43 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
44 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
46 * test parameters for renaming a group/list - done
47 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
48 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
49 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
51 #include <mit-copyright.h>
63 #include <moira_site.h>
73 #define ECONNABORTED WSAECONNABORTED
76 #define ECONNREFUSED WSAECONNREFUSED
79 #define EHOSTUNREACH WSAEHOSTUNREACH
81 #define krb5_xfree free
85 #include <sys/utsname.h>
87 #define UCHAR unsigned char
89 #define UF_SCRIPT 0x0001
90 #define UF_ACCOUNTDISABLE 0x0002
91 #define UF_HOMEDIR_REQUIRED 0x0008
92 #define UF_LOCKOUT 0x0010
93 #define UF_PASSWD_NOTREQD 0x0020
94 #define UF_PASSWD_CANT_CHANGE 0x0040
95 #define UF_DONT_EXPIRE_PASSWD 0x10000
97 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
98 #define UF_NORMAL_ACCOUNT 0x0200
99 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
100 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
101 #define UF_SERVER_TRUST_ACCOUNT 0x2000
104 #define BYTE unsigned char
106 typedef unsigned int DWORD;
107 typedef unsigned long ULONG;
112 unsigned short Data2;
113 unsigned short Data3;
114 unsigned char Data4[8];
117 typedef struct _SID_IDENTIFIER_AUTHORITY {
119 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
121 typedef struct _SID {
123 BYTE SubAuthorityCount;
124 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
125 DWORD SubAuthority[512];
129 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
130 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
131 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
132 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
133 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
135 #define QUERY_VERSION -1
136 #define PRIMARY_REALM "ATHENA.MIT.EDU"
145 #define MEMBER_REMOVE 2
146 #define MEMBER_CHANGE_NAME 3
147 #define MEMBER_ACTIVATE 4
148 #define MEMBER_DEACTIVATE 5
149 #define MEMBER_CREATE 6
151 typedef struct lk_entry {
161 struct lk_entry *next;
164 #define LDAP_BERVAL struct berval
165 #define MAX_SERVER_NAMES 32
167 #define ADD_ATTR(t, v, o) \
168 mods[n] = malloc(sizeof(LDAPMod)); \
169 mods[n]->mod_op = o; \
170 mods[n]->mod_type = t; \
171 mods[n++]->mod_values = v
173 LK_ENTRY *member_base = NULL;
174 LK_ENTRY *sid_base = NULL;
175 LK_ENTRY **sid_ptr = NULL;
176 char kerberos_ou[] = "OU=kerberos, OU=moira, OU=athena";
177 char contact_ou[] = "OU=strings, OU=moira, OU=athena";
178 char user_ou[] = "OU=users, OU=moira, OU=athena";
179 char group_ou_distribution[] = "OU=distribution, OU=lists, OU=moira, OU=athena";
180 char group_ou_security[] = "OU=security, OU=lists, OU=moira, OU=athena";
181 char group_ou_neither[] = "OU=neither, OU=lists, OU=moira, OU=athena";
182 char group_ou_both[] = "OU=both, OU=lists, OU=moira, OU=athena";
183 char group_ou_root[] = "OU=lists, OU=moira, OU=athena";
185 char group_manager[64];
186 char ldap_domain[256];
191 int mr_connections = 0;
194 extern int locate_ldap_server(char *domain, char *server_name[]);
195 extern int set_password(char *user, char *domain);
197 int user_create(int ac, char **av, void *ptr);
198 int user_change_status(int ac, char **av, void *ptr);
199 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
200 int user_rename(int ac, char **av, void *ptr);
201 int user_update(int ac, char **av, void *ptr);
202 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
203 int get_group_info(int ac, char**av, void *ptr);
204 int group_create(int ac, char **av, void *ptr);
205 int group_delete(int ac, char **av, void *ptr);
206 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name);
207 int group_list_build(int ac, char **av, void *ptr);
208 int group_rename(int ac, char **av, void *ptr);
209 int member_list_build(int ac, char **av, void *ptr);
210 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
211 char *group_ou, char *group_membership, char *group_gid);
212 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
213 char *group_ou, char *group_membership, char *group_gid);
214 int sid_update(LDAP *ldap_handle, char *dn_path);
215 int check_string(char *s);
216 void convert_b_to_a(char *string, UCHAR *binary, int length);
217 int mr_connect_cl(char *server, char *client, int version, int auth);
219 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
220 char **before, int beforec, char **after, int afterc);
221 void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname,
222 char *dn_path, char **before, int beforec, char **after,
224 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
225 char **before, int beforec, char **after, int afterc);
226 int linklist_create_entry(char *attribute, char *value,
227 LK_ENTRY **linklist_entry);
228 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
229 char **attr_array, LK_ENTRY **linklist_base,
230 int *linklist_count);
231 void linklist_free(LK_ENTRY *linklist_base);
233 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
234 char *distinguished_name, LK_ENTRY **linklist_current);
235 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
236 LK_ENTRY **linklist_base, int *linklist_count);
237 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
238 char *Attribute, char *distinguished_name,
239 LK_ENTRY **linklist_current);
241 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
242 char *oldValue, char *newValue,
243 char ***modvalues, int type);
244 void free_values(char **modvalues);
246 int convert_domain_to_dn(char *domain, char **bind_path);
247 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
248 char *distinguished_name);
249 int moira_disconnect(void);
250 int moira_connect(void);
251 void print_to_screen(const char *fmt, ...);
253 int main(int argc, char **argv)
258 int Max_wait_time = 500;
259 int Max_size_limit = LDAP_NO_LIMIT;
265 char search_exp[1024];
266 char *server_name[MAX_SERVER_NAMES];
267 ULONG version = LDAP_VERSION3;
269 LDAPMessage *ldap_entry;
272 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
276 com_err(whoami, 0, "%s", "argc < 4");
279 beforec = atoi(argv[2]);
280 afterc = atoi(argv[3]);
282 if (argc < (4 + beforec + afterc))
284 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
290 after = &argv[4 + beforec];
292 memset(ldap_domain, '\0', sizeof(ldap_domain));
293 if ((fptr = fopen("winad.cfg", "r")) != NULL)
295 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
298 if (strlen(ldap_domain) == 0)
299 strcpy(ldap_domain, "win.mit.edu");
300 initialize_sms_error_table();
301 initialize_krb_error_table();
303 memset(search_exp, '\0', sizeof(search_exp));
306 convert_domain_to_dn(ldap_domain, &dn_path);
309 com_err(whoami, 0, "%s", "cannot create AD path");
312 memset(server_name, '\0', sizeof(server_name[0]) * MAX_SERVER_NAMES);
313 if (locate_ldap_server(ldap_domain, server_name) == -1)
315 com_err(whoami, 0, "%s %s", "cannot locate any server in domain ",
320 for (i = 0; i < MAX_SERVER_NAMES; i++)
322 if (server_name[i] != NULL)
324 if ((ldap_handle = ldap_open(server_name[i], LDAP_PORT)) != NULL)
330 if (i >= MAX_SERVER_NAMES)
332 com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ",
336 for (i = 0; i < MAX_SERVER_NAMES; i++)
338 if (server_name[i] != NULL)
339 free(server_name[i]);
341 rc = ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &version);
342 rc = ldap_set_option(ldap_handle, LDAP_OPT_TIMELIMIT,
343 (void *)&Max_wait_time);
344 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT,
345 (void *)&Max_size_limit);
346 rc = ldap_set_option(ldap_handle, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
347 rc = ldap_adgssapi_bind(ldap_handle, dn_path, GSSSASL_PRIVACY_PROTECTION);
348 if (rc != LDAP_SUCCESS)
351 for (i = 0; i < (int)strlen(table); i++)
352 table[i] = tolower(table[i]);
353 if (!strcmp(table, "users"))
354 do_user(ldap_handle, ldap_entry, ldap_domain, dn_path, before, beforec,
356 else if (!strcmp(table, "list"))
357 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
359 else if (!strcmp(table, "imembers"))
360 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
363 else if (!strcmp(table, "filesys"))
364 do_filesys(before, beforec, after, afterc);
365 else if (!strcmp(table, "quota"))
366 do_quota(before, beforec, after, afterc);
368 rc = ldap_unbind_s(ldap_handle);
373 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
374 char **before, int beforec, char **after, int afterc)
391 if (beforec == 0 && afterc == 0)
394 astatus = bstatus = 0;
396 apublic = bpublic = 0;
397 amaillist = bmaillist = 0;
400 if (atoi(before[L_ACTIVE]))
402 bstatus = atoi(before[L_ACTIVE]);
403 bhide = atoi(before[L_HIDDEN]);
404 bpublic = atoi(before[L_PUBLIC]);
405 bmaillist = atoi(before[L_MAILLIST]);
406 bgroup = atoi(before[L_GROUP]);
411 if (atoi(after[L_ACTIVE]))
413 astatus = atoi(after[L_ACTIVE]);
414 ahide = atoi(after[L_HIDDEN]);
415 apublic = atoi(after[L_PUBLIC]);
416 amaillist = atoi(after[L_MAILLIST]);
417 agroup = atoi(after[L_GROUP]);
421 if (rc = moira_connect())
423 critical_alert("AD incremental",
424 "Error contacting Moira server : %s",
429 if (astatus && bstatus)
431 if ((bmaillist == amaillist) && (bgroup == agroup) &&
432 (!strcmp(before[L_NAME], after[L_NAME])))
434 com_err(whoami, 0, "Changing group %s to %s",
435 before[L_NAME], after[L_NAME]);
437 av[0] = after[L_NAME];
438 call_args[0] = (char *)ldap_handle;
439 call_args[1] = dn_path;
440 call_args[2] = before[L_NAME];
441 call_args[3] = before[L_MAILLIST];
442 call_args[4] = before[L_GROUP];
445 if (rc = mr_query("get_list_info", 1, av, group_rename, call_args))
447 if (callback_rc != LDAP_NO_SUCH_OBJECT)
449 critical_alert("AD incremental",
450 "Could not change list %s to %s : %s",
452 after[L_NAME], error_message(rc));
455 callback_rc = LDAP_NO_SUCH_OBJECT;
457 if (callback_rc != LDAP_NO_SUCH_OBJECT)
463 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
464 rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME]);
469 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
471 av[0] = after[L_NAME];
472 call_args[0] = (char *)ldap_handle;
473 call_args[1] = dn_path;
474 call_args[2] = after[L_NAME];
480 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
482 critical_alert("AD incremental", "Couldn't create list %s : %s",
483 after[L_NAME], error_message(rc));
486 if (sid_base != NULL)
488 sid_update(ldap_handle, dn_path);
489 linklist_free(sid_base);
495 if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build,
498 if (member_base != NULL)
499 rc = member_list_process(ldap_handle, dn_path, after[L_NAME],
500 call_args[3], call_args[4], call_args[5]);
504 critical_alert("AD incremental",
505 "Error contacting Moira server to resolve %s : %s",
506 after[L_NAME], error_message(rc));
508 linklist_free(member_base);
515 #define LM_EXTRA_ACTIVE (LM_END)
517 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
518 char **before, int beforec, char **after, int afterc)
522 char group_name[128];
529 if (!atoi(after[LM_EXTRA_ACTIVE]))
531 strcpy(user_name, after[LM_MEMBER]);
532 strcpy(group_name, after[LM_LIST]);
533 strcpy(user_type, after[LM_TYPE]);
538 if (!atoi(before[LM_EXTRA_ACTIVE]))
540 strcpy(user_name, before[LM_MEMBER]);
541 strcpy(group_name, before[LM_LIST]);
542 strcpy(user_type, before[LM_TYPE]);
545 if (rc = moira_connect())
547 critical_alert("AD incremental",
548 "Moira error retrieving grouplist of user %s : %s",
549 user_name, error_message(rc));
553 call_args[0] = (char *)ldap_handle;
554 call_args[1] = dn_path;
555 call_args[2] = group_name;
562 if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args)))
564 if (sid_base != NULL)
566 sid_update(ldap_handle, dn_path);
567 linklist_free(sid_base);
570 if (!(rc = mr_query("get_members_of_list", 1, av, member_list_build,
573 if (member_base == NULL)
575 member_remove(ldap_handle, dn_path, group_name,
576 call_args[3], call_args[4], call_args[5]);
580 rc = member_list_process(ldap_handle, dn_path, group_name,
581 call_args[3], call_args[4], call_args[5]);
588 critical_alert("AD incremental", "Couldn't add %s to group %s ",
589 user_name, group_name);
591 critical_alert("AD incremental", "Couldn't remove %s from group %s ",
592 user_name, group_name);
594 linklist_free(member_base);
595 if (call_args[3] != NULL)
597 if (call_args[4] != NULL)
603 void do_user(LDAP *ldap_handle, LDAPMessage *ldap_entry, char *ldap_hostname,
604 char *dn_path, char **before, int beforec, char **after,
614 if ((beforec == 0) || (afterc == 0))
619 if (afterc > U_STATE)
620 astate = atoi(after[U_STATE]);
621 if (beforec > U_STATE)
622 bstate = atoi(before[U_STATE]);
629 if ((bstate == 0) && (astate == 0))
632 if (rc = moira_connect())
634 critical_alert("AD incremental",
635 "Error connection to Moira : %s",
640 if (astate == bstate)
642 if (!strcmp(before[U_NAME], after[U_NAME]))
644 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
645 av[0] = before[U_NAME];
646 call_args[0] = (char *)ldap_handle;
647 call_args[1] = dn_path;
651 if (rc = mr_query("get_user_account_by_login", 1, av, user_update,
654 if (callback_rc != LDAP_NO_SUCH_OBJECT)
656 critical_alert("AD incremental",
657 "Could not update user %s info : %s",
666 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
668 av[0] = after[U_NAME];
669 call_args[0] = (char *)ldap_handle;
670 call_args[1] = dn_path;
671 call_args[2] = (char *)MEMBER_ACTIVATE;
672 call_args[3] = before[U_NAME];
676 if (rc = mr_query("get_user_account_by_login", 1, av, user_rename,
679 if (callback_rc != LDAP_NO_SUCH_OBJECT)
681 critical_alert("AD incremental",
682 "Could not change user %s to %s : %s",
684 after[U_NAME], error_message(rc));
689 if (callback_rc != LDAP_NO_SUCH_OBJECT)
695 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
696 av[0] = before[U_NAME];
697 call_args[0] = (char *)ldap_handle;
698 call_args[1] = dn_path;
699 call_args[2] = (char *)MEMBER_DEACTIVATE;
700 if (rc = mr_query("get_user_account_by_login", 1, av, user_change_status,
703 critical_alert("AD incremental",
704 "Couldn't deactivate user %s in the AD : %s",
705 before[U_NAME], error_message(rc));
711 com_err(whoami, 0, "%s user %s", "Creating/Reactivating",
714 av[0] = after[U_NAME];
715 call_args[0] = (char *)ldap_handle;
716 call_args[1] = dn_path;
717 call_args[2] = (char *)MEMBER_ACTIVATE;
721 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
724 critical_alert("AD incremental", "Couldn't create/activate user %s : %s",
725 after[U_NAME], error_message(rc));
728 if (sid_base != NULL)
730 sid_update(ldap_handle, dn_path);
731 linklist_free(sid_base);
738 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
739 char *oldValue, char *newValue,
740 char ***modvalues, int type)
742 LK_ENTRY *linklist_ptr;
746 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
751 for (i = 0; i < (modvalue_count + 1); i++)
752 (*modvalues)[i] = NULL;
753 if (modvalue_count != 0)
755 linklist_ptr = linklist_base;
756 for (i = 0; i < modvalue_count; i++)
758 if ((oldValue != NULL) && (newValue != NULL))
760 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
765 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
768 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
769 strcpy((*modvalues)[i], newValue);
773 if (((*modvalues)[i] = calloc(1,
774 (int)(cPtr - linklist_ptr->value) +
775 (linklist_ptr->length - strlen(oldValue)) +
776 strlen(newValue) + 1)) == NULL)
778 memset((*modvalues)[i], '\0',
779 (int)(cPtr - linklist_ptr->value) +
780 (linklist_ptr->length - strlen(oldValue)) +
781 strlen(newValue) + 1);
782 memcpy((*modvalues)[i], linklist_ptr->value,
783 (int)(cPtr - linklist_ptr->value));
784 strcat((*modvalues)[i], newValue);
785 strcat((*modvalues)[i],
786 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
791 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
792 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
793 memcpy((*modvalues)[i], linklist_ptr->value,
794 linklist_ptr->length);
799 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
800 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
801 memcpy((*modvalues)[i], linklist_ptr->value,
802 linklist_ptr->length);
804 linklist_ptr = linklist_ptr->next;
806 (*modvalues)[i] = NULL;
812 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
813 char **attr_array, LK_ENTRY **linklist_base,
817 LDAPMessage *ldap_entry;
821 (*linklist_base) = NULL;
822 (*linklist_count) = 0;
823 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
824 search_exp, attr_array, 0, &ldap_entry))
827 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
829 ldap_msgfree(ldap_entry);
834 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
835 LK_ENTRY **linklist_base, int *linklist_count)
837 char distinguished_name[1024];
838 LK_ENTRY *linklist_ptr;
841 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
844 memset(distinguished_name, '\0', sizeof(distinguished_name));
845 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
847 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
848 linklist_base)) != 0)
851 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
853 memset(distinguished_name, '\0', sizeof(distinguished_name));
854 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
856 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
857 linklist_base)) != 0)
861 linklist_ptr = (*linklist_base);
862 (*linklist_count) = 0;
863 while (linklist_ptr != NULL)
866 linklist_ptr = linklist_ptr->next;
871 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
872 char *distinguished_name, LK_ENTRY **linklist_current)
878 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
880 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
882 ldap_memfree(Attribute);
883 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
886 retrieve_values(ldap_handle, ldap_entry, Attribute,
887 distinguished_name, linklist_current);
888 ldap_memfree(Attribute);
891 ldap_ber_free(ptr, 0);
895 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
896 char *Attribute, char *distinguished_name,
897 LK_ENTRY **linklist_current)
903 LK_ENTRY *linklist_previous;
904 LDAP_BERVAL **ber_value;
912 SID_IDENTIFIER_AUTHORITY *sid_auth;
913 unsigned char *subauth_count;
914 #endif /*LDAP_BEGUG*/
917 memset(temp, '\0', sizeof(temp));
918 if ((!strcmp(Attribute, "objectSid")) ||
919 (!strcmp(Attribute, "objectGUID")))
924 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
925 Ptr = (void **)ber_value;
930 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
931 Ptr = (void **)str_value;
938 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
940 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
941 linklist_previous->next = (*linklist_current);
942 (*linklist_current) = linklist_previous;
944 if (((*linklist_current)->attribute = calloc(1,
945 strlen(Attribute) + 1)) == NULL)
947 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
948 strcpy((*linklist_current)->attribute, Attribute);
951 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
952 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
954 memset((*linklist_current)->value, '\0', ber_length);
955 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
957 (*linklist_current)->length = ber_length;
961 if (((*linklist_current)->value = calloc(1,
962 strlen(*Ptr) + 1)) == NULL)
964 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
965 (*linklist_current)->length = strlen(*Ptr);
966 strcpy((*linklist_current)->value, *Ptr);
968 (*linklist_current)->ber_value = use_bervalue;
969 if (((*linklist_current)->dn = calloc(1,
970 strlen(distinguished_name) + 1)) == NULL)
972 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
973 strcpy((*linklist_current)->dn, distinguished_name);
976 if (!strcmp(Attribute, "objectGUID"))
978 guid = (GUID *)((*linklist_current)->value);
979 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
980 guid->Data1, guid->Data2, guid->Data3,
981 guid->Data4[0], guid->Data4[1], guid->Data4[2],
982 guid->Data4[3], guid->Data4[4], guid->Data4[5],
983 guid->Data4[6], guid->Data4[7]);
984 print_to_screen(" %20s : {%s}\n", Attribute, temp);
986 else if (!strcmp(Attribute, "objectSid"))
988 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
990 print_to_screen(" Revision = %d\n", sid->Revision);
991 print_to_screen(" SID Identifier Authority:\n");
992 sid_auth = &sid->IdentifierAuthority;
993 if (sid_auth->Value[0])
994 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
995 else if (sid_auth->Value[1])
996 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
997 else if (sid_auth->Value[2])
998 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
999 else if (sid_auth->Value[3])
1000 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1001 else if (sid_auth->Value[5])
1002 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1004 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1005 subauth_count = GetSidSubAuthorityCount(sid);
1006 print_to_screen(" SidSubAuthorityCount = %d\n",
1008 print_to_screen(" SidSubAuthority:\n");
1009 for (i = 0; i < *subauth_count; i++)
1011 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1012 print_to_screen(" %u\n", *subauth);
1016 else if ((!memcmp(Attribute, "userAccountControl",
1017 strlen("userAccountControl"))) ||
1018 (!memcmp(Attribute, "sAMAccountType",
1019 strlen("sAmAccountType"))))
1021 intValue = atoi(*Ptr);
1022 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1023 if (!memcmp(Attribute, "userAccountControl",
1024 strlen("userAccountControl")))
1026 if (intValue & UF_ACCOUNTDISABLE)
1027 print_to_screen(" %20s : %s\n",
1028 "", "Account disabled");
1030 print_to_screen(" %20s : %s\n",
1031 "", "Account active");
1032 if (intValue & UF_HOMEDIR_REQUIRED)
1033 print_to_screen(" %20s : %s\n",
1034 "", "Home directory required");
1035 if (intValue & UF_LOCKOUT)
1036 print_to_screen(" %20s : %s\n",
1037 "", "Account locked out");
1038 if (intValue & UF_PASSWD_NOTREQD)
1039 print_to_screen(" %20s : %s\n",
1040 "", "No password required");
1041 if (intValue & UF_PASSWD_CANT_CHANGE)
1042 print_to_screen(" %20s : %s\n",
1043 "", "Cannot change password");
1044 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1045 print_to_screen(" %20s : %s\n",
1046 "", "Temp duplicate account");
1047 if (intValue & UF_NORMAL_ACCOUNT)
1048 print_to_screen(" %20s : %s\n",
1049 "", "Normal account");
1050 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1051 print_to_screen(" %20s : %s\n",
1052 "", "Interdomain trust account");
1053 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1054 print_to_screen(" %20s : %s\n",
1055 "", "Workstation trust account");
1056 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1057 print_to_screen(" %20s : %s\n",
1058 "", "Server trust account");
1063 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1065 #endif /*LDAP_DEBUG*/
1067 if (str_value != NULL)
1068 ldap_value_free(str_value);
1069 if (ber_value != NULL)
1070 ldap_value_free_len(ber_value);
1072 (*linklist_current) = linklist_previous;
1076 int moira_connect(void)
1081 if (!mr_connections++)
1084 memset(HostName, '\0', sizeof(HostName));
1085 strcpy(HostName, "ttsp");
1086 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1088 rc = mr_connect(HostName);
1093 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1095 rc = mr_connect(uts.nodename);
1100 rc = mr_auth("winad.incr");
1107 int moira_disconnect(void)
1110 if (!--mr_connections)
1117 int convert_domain_to_dn(char *domain, char **dnp)
1124 memset(dn, 0, sizeof(dn));
1127 for (fp = domain; *fp; fp++)
1138 *dnp = (char *)strdup(dn);
1142 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1143 char *distinguished_name)
1147 CName = ldap_get_dn(ldap_handle, ldap_entry);
1150 strcpy(distinguished_name, CName);
1151 ldap_memfree(CName);
1154 int linklist_create_entry(char *attribute, char *value,
1155 LK_ENTRY **linklist_entry)
1157 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1158 if (!(*linklist_entry))
1162 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1163 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1164 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1165 strcpy((*linklist_entry)->attribute, attribute);
1166 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1167 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1168 strcpy((*linklist_entry)->value, value);
1169 (*linklist_entry)->length = strlen(value);
1170 (*linklist_entry)->next = NULL;
1174 void print_to_screen(const char *fmt, ...)
1178 va_start(pvar, fmt);
1179 vfprintf(stderr, fmt, pvar);
1184 int get_group_membership(char *group_membership, char *group_ou,
1185 int *security_flag, char **av)
1190 maillist_flag = atoi(av[L_MAILLIST]);
1191 group_flag = atoi(av[L_GROUP]);
1192 if (security_flag != NULL)
1193 (*security_flag) = 0;
1195 if ((maillist_flag) && (group_flag))
1197 if (group_membership != NULL)
1198 group_membership[0] = 'B';
1199 if (security_flag != NULL)
1200 (*security_flag) = 1;
1201 if (group_ou != NULL)
1202 strcpy(group_ou, group_ou_both);
1204 else if ((!maillist_flag) && (group_flag))
1206 if (group_membership != NULL)
1207 group_membership[0] = 'S';
1208 if (security_flag != NULL)
1209 (*security_flag) = 1;
1210 if (group_ou != NULL)
1211 strcpy(group_ou, group_ou_security);
1213 else if ((maillist_flag) && (!group_flag))
1215 if (group_membership != NULL)
1216 group_membership[0] = 'D';
1217 if (group_ou != NULL)
1218 strcpy(group_ou, group_ou_distribution);
1222 if (group_membership != NULL)
1223 group_membership[0] = 'N';
1224 if (group_ou != NULL)
1225 strcpy(group_ou, group_ou_neither);
1230 int get_group_info(int ac, char**av, void *ptr)
1236 if (!atoi(av[L_ACTIVE]))
1240 get_group_membership(GroupType, NULL, NULL, av);
1244 call_args[5] = av[L_NAME];
1245 get_group_membership(call_args[4], call_args[3], NULL, av);
1251 int group_rename(int ac, char **av, void *ptr)
1256 char new_dn_path[512];
1259 char group_membership[2];
1260 char filter_exp[4096];
1261 char *attr_array[3];
1262 char *name_v[] = {NULL, NULL};
1263 char *samAccountName_v[] = {NULL, NULL};
1268 LK_ENTRY *group_base;
1271 char *maillist_flag = NULL;
1272 char *group_flag = NULL;
1276 if (!check_string(call_args[2]))
1278 callback_rc = LDAP_NO_SUCH_OBJECT;
1281 if (!check_string(av[L_NAME]))
1283 critical_alert("AD incremental - list rename",
1284 "invalid LDAP list name %s",
1289 memset(group_ou, 0, sizeof(group_ou));
1290 memset(group_membership, 0, sizeof(group_membership));
1293 maillist_flag = av[L_MAILLIST];
1294 group_flag = av[L_GROUP];
1295 av[L_MAILLIST] = call_args[3];
1296 av[L_GROUP] = call_args[4];
1297 get_group_membership(group_membership, NULL, NULL, av);
1298 av[L_MAILLIST] = maillist_flag;
1299 av[L_GROUP] = group_flag;
1301 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", call_args[2], group_membership[0]);
1302 attr_array[0] = "distinguishedName";
1303 attr_array[1] = NULL;
1304 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1305 &group_base, &group_count)) != 0)
1307 critical_alert("AD incremental - list rename",
1308 "LDAP server unable to get list %s dn : %s",
1309 call_args[2], ldap_err2string(rc));
1312 if (group_count != 1)
1314 critical_alert("AD incremental - list rename",
1315 "LDAP server unable to find list %s in AD.",
1317 callback_rc = LDAP_NO_SUCH_OBJECT;
1320 strcpy(old_dn, group_base->value);
1321 linklist_free(group_base);
1325 get_group_membership(group_membership, group_ou, &security_flag, av);
1326 sprintf(sam_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1327 sprintf(new_dn_path, "%s,%s", group_ou, call_args[1]);
1328 sprintf(new_dn, "cn=%s", av[L_NAME]);
1329 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, new_dn_path,
1330 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1332 critical_alert("AD incremental - list rename",
1333 "Couldn't rename list from %s to %s : %s",
1334 call_args[2], av[L_NAME], ldap_err2string(rc));
1338 name_v[0] = av[L_NAME];
1339 samAccountName_v[0] = sam_name;
1341 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1342 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1344 sprintf(new_dn, "cn=%s,%s,%s", av[L_NAME], group_ou, call_args[1]);
1345 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
1347 critical_alert("AD incremental - list rename",
1348 "After renaming, couldn't modify list data for %s : %s",
1349 av[L_NAME], ldap_err2string(rc));
1351 for (i = 0; i < n; i++)
1356 int group_create(int ac, char **av, void *ptr)
1361 char new_group_name[256];
1362 char sam_group_name[256];
1363 char cn_group_name[256];
1364 char *cn_v[] = {NULL, NULL};
1365 char *objectClass_v[] = {"top", "group", NULL};
1367 char *samAccountName_v[] = {NULL, NULL};
1368 char *managedBy_v[] = {NULL, NULL};
1369 char *altSecurityIdentities_v[] = {NULL, NULL};
1370 char *name_v[] = {NULL, NULL};
1371 char *desc_v[] = {NULL, NULL};
1372 char *info_v[] = {NULL, NULL};
1373 char *groupTypeControl_v[] = {NULL, NULL};
1374 char groupTypeControlStr[80];
1375 char group_membership[1];
1378 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1382 char filter_exp[256];
1383 char *attr_array[3];
1388 if (!atoi(av[L_ACTIVE]))
1390 if (!check_string(av[L_NAME]))
1392 critical_alert("AD incremental - list create",
1393 "invalid LDAP list name %s",
1397 memset(group_ou, 0, sizeof(group_ou));
1398 memset(group_membership, 0, sizeof(group_membership));
1400 get_group_membership(group_membership, group_ou, &security_flag, av);
1401 call_args[3] = strdup(group_ou);
1402 call_args[4] = strdup(group_membership);
1403 call_args[5] = strdup(av[L_NAME]);
1406 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1407 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1408 groupTypeControl_v[0] = groupTypeControlStr;
1410 strcpy(new_group_name, av[L_NAME]);
1411 strcpy(sam_group_name, av[L_NAME]);
1412 strcpy(cn_group_name, av[L_NAME]);
1413 sprintf(&sam_group_name[strlen(sam_group_name)],
1414 "_zZx%c", group_membership[0]);
1416 samAccountName_v[0] = sam_group_name;
1417 name_v[0] = new_group_name;
1418 cn_v[0] = new_group_name;
1420 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1422 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1423 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1424 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1425 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1426 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1427 if (strlen(av[L_DESC]) != 0)
1429 desc_v[0] = av[L_DESC];
1430 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1432 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1433 if (strlen(av[L_ACE_NAME]) != 0)
1435 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1437 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1441 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1443 for (i = 0; i < n; i++)
1445 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1447 critical_alert("AD incremental - list rename",
1448 "Unable to create list %s in AD : %s",
1449 av[L_NAME], ldap_err2string(rc));
1452 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1453 attr_array[0] = "objectSid";
1454 attr_array[1] = NULL;
1456 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1457 sid_ptr, &sid_count)) == LDAP_SUCCESS)
1461 (*sid_ptr)->member = strdup(av[L_NAME]);
1462 (*sid_ptr)->type = (char *)GROUPS;
1463 sid_ptr = &(*sid_ptr)->next;
1469 int group_delete(int ac, char **av, void *ptr)
1471 LK_ENTRY *group_base;
1473 char *attr_array[3];
1474 char filter_exp[1024];
1475 char group_membership[1];
1477 char sam_group_name[256];
1484 if (!check_string(av[L_NAME]))
1486 critical_alert("AD incremental - list delete",
1487 "invalid LDAP list name %s",
1491 memset(group_ou, 0, sizeof(group_ou));
1492 memset(group_membership, 0, sizeof(group_membership));
1494 get_group_membership(group_membership, group_ou, &security_flag, av);
1498 attr_array[0] = "distinguishedName";
1499 attr_array[1] = NULL;
1500 strcpy(sam_group_name, av[L_NAME]);
1501 sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c",
1502 group_membership[0]);
1503 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1504 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp,
1505 attr_array, &group_base, &group_count)) != 0)
1507 if (group_count == 1)
1509 if ((rc = ldap_delete_s((LDAP *)call_args[0], group_base->value)) != LDAP_SUCCESS)
1511 critical_alert("AD incremental - list delete",
1512 "Couldn't delete group %s : %s",
1513 av[L_NAME], ldap_err2string(rc));
1518 critical_alert("AD incremental - list delete",
1519 "Unable to find list %s in AD.",
1523 linklist_free(group_base);
1527 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name)
1529 LK_ENTRY *group_base;
1530 char *attr_array[3];
1531 char filter_exp[1024];
1532 char sam_group_name[256];
1537 if (!check_string(group_name))
1539 critical_alert("AD incremental - list AD delete",
1540 "invalid LDAP list name %s",
1547 attr_array[0] = "distinguishedName";
1548 attr_array[1] = NULL;
1549 strcpy(sam_group_name, group_name);
1550 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1551 sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name);
1552 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1553 &group_base, &group_count) != 0)
1555 if (group_count == 1)
1557 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1559 critical_alert("AD incremental - list AD delete",
1560 "Unable to delete list %s from AD : %s",
1561 group_name, ldap_err2string(rc));
1567 critical_alert("AD incremental - list AD delete",
1568 "Unable to find list %s in AD.",
1572 linklist_free(group_base);
1576 int group_list_build(int ac, char **av, void *ptr)
1583 if (!atoi(av[L_ACTIVE]))
1585 if (!check_string(av[L_NAME]))
1587 linklist = calloc(1, sizeof(LK_ENTRY));
1590 critical_alert("AD incremental", "Out of memory");
1593 memset(linklist, '\0', sizeof(LK_ENTRY));
1595 linklist->dn = NULL;
1596 linklist->list = calloc(1, strlen(av[L_NAME]) + 1);
1597 strcpy(linklist->list, av[L_NAME]);
1598 linklist->type = calloc(1, strlen("USER") + 1);
1599 strcpy(linklist->type, "USER");
1600 linklist->member = calloc(1, strlen(call_args[0]) + 1);
1601 strcpy(linklist->member, call_args[0]);
1602 linklist->next = member_base;
1603 member_base = linklist;
1607 int member_list_build(int ac, char **av, void *ptr)
1615 strcpy(temp, av[ACE_NAME]);
1616 if (!check_string(temp))
1618 if (!strcmp(av[ACE_TYPE], "STRING"))
1620 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1623 else if (!strcmp(av[ACE_TYPE], "LIST"))
1625 strcpy(temp, av[ACE_NAME]);
1627 else if (strcmp(av[ACE_TYPE], "USER"))
1629 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1632 linklist = member_base;
1635 if (!strcasecmp(temp, linklist->member))
1637 linklist = linklist->next;
1639 linklist = calloc(1, sizeof(LK_ENTRY));
1641 linklist->dn = NULL;
1642 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1643 strcpy(linklist->list, call_args[2]);
1644 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1645 strcpy(linklist->type, av[ACE_TYPE]);
1646 linklist->member = calloc(1, strlen(temp) + 1);
1647 strcpy(linklist->member, temp);
1648 linklist->next = member_base;
1649 member_base = linklist;
1653 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1654 char *group_ou, char *group_membership, char *group_gid)
1656 char distinguished_name[1024];
1658 char filter_exp[4096];
1659 char *attr_array[3];
1665 LK_ENTRY *group_base;
1668 if (!check_string(group_name))
1670 strcpy(temp, group_name);
1671 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1672 attr_array[0] = "distinguishedName";
1673 attr_array[1] = NULL;
1674 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1675 &group_base, &group_count)) != 0)
1677 critical_alert("AD incremental - member remove",
1678 "LDAP server unable to get list %s info : %s",
1679 group_name, ldap_err2string(rc));
1682 if (group_count != 1)
1684 critical_alert("AD incremental - member remove",
1685 "LDAP server unable to find list %s in AD.",
1689 strcpy(distinguished_name, group_base->value);
1690 linklist_free(group_base);
1693 attr_array[0] = "member";
1694 attr_array[1] = NULL;
1695 if ((rc = linklist_build(ldap_handle, distinguished_name, filter_exp, attr_array,
1696 &group_base, &group_count)) != 0)
1698 critical_alert("AD incremental - member remove",
1699 "LDAP server unable to get list %s info : %s",
1700 group_name, ldap_err2string(rc));
1705 if (group_count != 0)
1707 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1708 &modvalues, REPLACE)) == 1)
1711 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1713 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1714 for (i = 0; i < n; i++)
1716 if (rc != LDAP_SUCCESS)
1718 critical_alert("AD incremental - member remove",
1719 "LDAP server unable to modify list %s members : %s",
1720 group_name, ldap_err2string(rc));
1723 linklist_free(group_base);
1729 free_values(modvalues);
1730 linklist_free(group_base);
1734 #define USER_COUNT 5
1736 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
1737 char *group_ou, char *group_membership, char *group_gid)
1739 char distinguished_name[1024];
1741 char filter_exp[4096];
1742 char *attr_array[3];
1744 char group_member[256];
1754 LK_ENTRY *group_base;
1771 j = group_count/USER_COUNT;
1774 if (!check_string(group_name))
1776 strcpy(temp, group_name);
1777 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1778 attr_array[0] = "distinguishedName";
1779 attr_array[1] = NULL;
1780 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1781 &group_base, &group_count)) != 0)
1783 critical_alert("AD incremental - member list process",
1784 "LDAP server unable to get list %s info : %s",
1785 group_name, ldap_err2string(rc));
1788 if (group_count != 1)
1790 critical_alert("AD incremental - member list process",
1791 "LDAP server unable to find list %s in AD.",
1795 strcpy(distinguished_name, group_base->value);
1796 linklist_free(group_base);
1801 for (i = 0; i < j; i++)
1805 memset(filter_exp, 0, sizeof(filter_exp));
1806 strcpy(filter_exp, "(|");
1808 for (k = 0; k < USER_COUNT; k++)
1810 strcpy(group_member, pPtr->member);
1811 if (!check_string(group_member))
1818 if (!strcmp(pPtr->type, "LIST"))
1820 args[0] = pPtr->member;
1821 rc = mr_query("get_list_info", 1, args, get_group_info, NULL);
1822 sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, GroupType[0]);
1824 else if (!strcmp(pPtr->type, "USER"))
1826 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, user_ou, dn_path);
1828 else if (!strcmp(pPtr->type, "STRING"))
1830 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, contact_ou, dn_path);
1834 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, kerberos_ou, dn_path);
1836 strcat(filter_exp, temp);
1842 if (filter_count == 0)
1844 strcat(filter_exp, ")");
1845 attr_array[0] = "distinguishedName";
1846 attr_array[1] = NULL;
1849 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1850 &new_list, &new_list_count)) != 0)
1852 critical_alert("AD incremental - member list process",
1853 "LDAP server unable to get list %s members from AD : %s",
1854 group_name, ldap_err2string(rc));
1857 group_count += new_list_count;
1858 if (group_base == NULL)
1859 group_base = new_list;
1865 if (sPtr->next != NULL)
1870 sPtr->next = new_list;
1877 if (group_count != 0)
1879 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1880 &modvalues, REPLACE)) == 1)
1883 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
1885 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods))
1888 mods[0]->mod_op = LDAP_MOD_REPLACE;
1889 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1891 if (rc == LDAP_ALREADY_EXISTS)
1893 for (i = 0; i < n; i++)
1895 linklist_free(group_base);
1898 if (rc != LDAP_SUCCESS)
1900 critical_alert("AD incremental - member list process",
1901 "LDAP server unable to modify list %s members in AD : %s",
1902 group_name, ldap_err2string(rc));
1908 free_values(modvalues);
1909 linklist_free(group_base);
1913 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
1917 char cn_user_name[256];
1918 char contact_name[256];
1919 char *cn_v[] = {NULL, NULL};
1920 char *contact_v[] = {NULL, NULL};
1921 char *objectClass_v[] = {"top", "person",
1922 "organizationalPerson",
1924 char *name_v[] = {NULL, NULL};
1925 char *desc_v[] = {NULL, NULL};
1930 if (!check_string(user))
1932 critical_alert("AD incremental - contact create",
1933 "invalid LDAP name %s",
1937 strcpy(contact_name, user);
1938 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
1939 cn_v[0] = cn_user_name;
1940 contact_v[0] = contact_name;
1942 desc_v[0] = "Auto account created by Moira";
1944 strcpy(new_dn, cn_user_name);
1946 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
1947 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1948 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1949 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1950 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1953 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
1954 for (i = 0; i < n; i++)
1956 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1958 critical_alert("AD incremental - contact create",
1959 "could not create contact %s : %s",
1960 user, ldap_err2string(rc));
1966 int user_update(int ac, char **av, void *ptr)
1969 LK_ENTRY *group_base;
1971 char distinguished_name[256];
1972 char user_name[256];
1973 char *uid_v[] = {NULL, NULL};
1974 char *mitid_v[] = {NULL, NULL};
1979 char filter_exp[256];
1980 char *attr_array[3];
1984 if (!check_string(av[U_NAME]))
1986 critical_alert("AD incremental - user update",
1987 "invalid LDAP user name %s",
1992 strcpy(user_name, av[U_NAME]);
1995 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
1996 attr_array[0] = "cn";
1997 attr_array[1] = NULL;
1998 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1999 &group_base, &group_count)) != 0)
2001 critical_alert("AD incremental - user update",
2002 "LDAP server couldn't process user %s : %s",
2003 user_name, ldap_err2string(rc));
2007 if (group_count != 1)
2009 critical_alert("AD incremental - user update",
2010 "LDAP server unable to find user %s in AD.",
2012 callback_rc = LDAP_NO_SUCH_OBJECT;
2015 strcpy(distinguished_name, group_base->dn);
2018 if (strlen(av[U_UID]) != 0)
2020 uid_v[0] = av[U_UID];
2021 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2022 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2024 if (strlen(av[U_MITID]) != 0)
2026 mitid_v[0] = av[U_MITID];
2027 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2032 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) != LDAP_SUCCESS)
2034 critical_alert("AD incremental - user update",
2035 "Couldn't modify user data for %s : %s",
2036 user_name, ldap_err2string(rc));
2038 for (i = 0; i < n; i++)
2043 linklist_free(group_base);
2047 int user_rename(int ac, char **av, void *ptr)
2052 char user_name[256];
2055 char *userPrincipalName_v[] = {NULL, NULL};
2056 char *altSecurityIdentities_v[] = {NULL, NULL};
2057 char *name_v[] = {NULL, NULL};
2058 char *samAccountName_v[] = {NULL, NULL};
2059 char *uid_v[] = {NULL, NULL};
2060 char *mitid_v[] = {NULL, NULL};
2068 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2069 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2071 if (!strncmp(av[U_NAME], "#", 1))
2073 if (!check_string(call_args[3]))
2075 callback_rc = LDAP_NO_SUCH_OBJECT;
2078 if (!check_string(av[U_NAME]))
2080 critical_alert("AD incremental - user rename",
2081 "invalid LDAP user name %s",
2086 strcpy(user_name, av[U_NAME]);
2087 sprintf(old_dn, "cn=%s,%s,%s", call_args[3], user_ou, call_args[1]);
2088 sprintf(new_dn, "cn=%s", user_name);
2090 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, NULL, TRUE,
2091 NULL, NULL)) != LDAP_SUCCESS)
2093 if (rc == LDAP_NO_SUCH_OBJECT)
2095 callback_rc = LDAP_NO_SUCH_OBJECT;
2098 critical_alert("AD incremental - user rename",
2099 "Couldn't rename user from %s to %s : %s",
2100 call_args[3], user_name, ldap_err2string(rc));
2104 name_v[0] = user_name;
2105 sprintf(upn, "%s@%s", user_name, ldap_domain);
2106 userPrincipalName_v[0] = upn;
2107 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2108 altSecurityIdentities_v[0] = temp;
2109 samAccountName_v[0] = user_name;
2112 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2113 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2114 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2115 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2116 if (strlen(av[U_UID]) != 0)
2118 uid_v[0] = av[U_UID];
2119 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2120 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2122 if (strlen(av[U_MITID]) != 0)
2124 mitid_v[0] = av[U_MITID];
2125 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2128 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2129 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
2131 critical_alert("AD incremental - user rename",
2132 "After renaming, couldn't modify user data for %s : %s",
2133 user_name, ldap_err2string(rc));
2135 for (i = 0; i < n; i++)
2140 int user_create(int ac, char **av, void *ptr)
2144 char user_name[256];
2146 char *cn_v[] = {NULL, NULL};
2147 char *objectClass_v[] = {"top", "person",
2148 "organizationalPerson",
2151 char *samAccountName_v[] = {NULL, NULL};
2152 char *altSecurityIdentities_v[] = {NULL, NULL};
2153 char *name_v[] = {NULL, NULL};
2154 char *desc_v[] = {NULL, NULL};
2156 char *userPrincipalName_v[] = {NULL, NULL};
2157 char *userAccountControl_v[] = {NULL, NULL};
2158 char *uid_v[] = {NULL, NULL};
2159 char *mitid_v[] = {NULL, NULL};
2160 char userAccountControlStr[80];
2162 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2167 char filter_exp[256];
2168 char *attr_array[3];
2173 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2174 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2176 if (!strncmp(av[U_NAME], "#", 1))
2178 if (!check_string(av[U_NAME]))
2180 critical_alert("AD incremental - user create",
2181 "invalid LDAP user name %s",
2186 strcpy(user_name, av[U_NAME]);
2187 sprintf(upn, "%s@%s", user_name, ldap_domain);
2188 sprintf(sam_name, "%s", av[U_NAME]);
2189 samAccountName_v[0] = sam_name;
2190 if (atoi(av[U_STATE]) == US_DELETED)
2191 userAccountControl |= UF_ACCOUNTDISABLE;
2192 sprintf(userAccountControlStr, "%ld", userAccountControl);
2193 userAccountControl_v[0] = userAccountControlStr;
2194 userPrincipalName_v[0] = upn;
2196 cn_v[0] = user_name;
2197 name_v[0] = user_name;
2198 desc_v[0] = "Auto account created by Moira";
2199 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2200 altSecurityIdentities_v[0] = temp;
2201 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2204 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2205 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2206 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2207 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2208 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2209 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2210 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2211 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2212 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2213 if (strlen(av[U_UID]) != 0)
2215 uid_v[0] = av[U_UID];
2216 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2217 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2219 if (strlen(av[U_MITID]) != 0)
2220 mitid_v[0] = av[U_MITID];
2222 mitid_v[0] = "none";
2223 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2226 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2227 for (i = 0; i < n; i++)
2229 if (rc == LDAP_ALREADY_EXISTS)
2231 rc = user_change_status(ac, av, ptr);
2234 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2236 critical_alert("AD incremental - user create",
2237 "could not create user %s : %s",
2238 user_name, ldap_err2string(rc));
2241 if (rc == LDAP_SUCCESS)
2243 if ((rc = set_password(sam_name, ldap_domain)) != 0)
2245 if ((rc = set_password(user_name, ldap_domain)) != 0)
2247 critical_alert("AD incremental - user create",
2248 "Couldn't set password for user %s : %ld",
2253 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2254 attr_array[0] = "objectSid";
2255 attr_array[1] = NULL;
2257 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2258 sid_ptr, &sid_count)) == LDAP_SUCCESS)
2262 (*sid_ptr)->member = strdup(av[U_NAME]);
2263 (*sid_ptr)->type = (char *)USERS;
2264 sid_ptr = &(*sid_ptr)->next;
2270 int user_change_status(int ac, char **av, void *ptr)
2272 char filter_exp[1024];
2273 char *attr_array[3];
2275 char distinguished_name[1024];
2276 char user_name[512];
2279 LK_ENTRY *group_base;
2290 if (!check_string(av[U_NAME]))
2292 critical_alert("AD incremental - user change status",
2293 "invalid LDAP user name %s",
2297 strcpy(user_name, av[U_NAME]);
2298 operation = (int)call_args[2];
2301 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2302 attr_array[0] = "UserAccountControl";
2303 attr_array[1] = NULL;
2304 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2305 &group_base, &group_count)) != 0)
2307 critical_alert("AD incremental - user change status",
2308 "LDAP server couldn't process user %s : %s",
2309 user_name, ldap_err2string(rc));
2313 if (group_count != 1)
2315 critical_alert("AD incremental - user change status",
2316 "LDAP server unable to find user %s in AD.",
2321 strcpy(distinguished_name, group_base->dn);
2322 ulongValue = atoi((*group_base).value);
2323 if (operation == MEMBER_DEACTIVATE)
2324 ulongValue |= UF_ACCOUNTDISABLE;
2326 ulongValue &= ~UF_ACCOUNTDISABLE;
2327 sprintf(temp, "%ld", ulongValue);
2328 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2329 temp, &modvalues, REPLACE)) == 1)
2331 linklist_free(group_base);
2335 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2337 rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods);
2338 for (i = 0; i < n; i++)
2340 free_values(modvalues);
2341 if (rc != LDAP_SUCCESS)
2343 critical_alert("AD incremental - user change status",
2344 "LDAP server could not change status of user %s : %s",
2345 user_name, ldap_err2string(rc));
2348 linklist_free(group_base);
2352 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2354 char filter_exp[1024];
2355 char *attr_array[3];
2356 char distinguished_name[1024];
2357 char user_name[512];
2358 LK_ENTRY *group_base;
2362 if (!check_string(u_name))
2364 strcpy(user_name, u_name);
2367 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2368 attr_array[0] = "name";
2369 attr_array[1] = NULL;
2370 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2371 &group_base, &group_count)) != 0)
2373 critical_alert("AD incremental",
2374 "LDAP server couldn't process user %s : %s",
2375 user_name, ldap_err2string(rc));
2379 if (group_count != 1)
2381 critical_alert("AD incremental - user change status",
2382 "LDAP server unable to find user %s in AD.",
2387 strcpy(distinguished_name, group_base->dn);
2388 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2390 critical_alert("AD incremental",
2391 "LDAP server couldn't process user %s : %s",
2392 user_name, ldap_err2string(rc));
2396 linklist_free(group_base);
2400 void linklist_free(LK_ENTRY *linklist_base)
2402 LK_ENTRY *linklist_previous;
2404 while (linklist_base != NULL)
2406 if (linklist_base->dn != NULL)
2407 free(linklist_base->dn);
2408 if (linklist_base->attribute != NULL)
2409 free(linklist_base->attribute);
2410 if (linklist_base->value != NULL)
2411 free(linklist_base->value);
2412 if (linklist_base->member != NULL)
2413 free(linklist_base->member);
2414 if (linklist_base->type != NULL)
2415 free(linklist_base->type);
2416 if (linklist_base->list != NULL)
2417 free(linklist_base->list);
2418 linklist_previous = linklist_base;
2419 linklist_base = linklist_previous->next;
2420 free(linklist_previous);
2424 void free_values(char **modvalues)
2429 if (modvalues != NULL)
2431 while (modvalues[i] != NULL)
2434 modvalues[i] = NULL;
2441 int sid_update(LDAP *ldap_handle, char *dn_path)
2445 unsigned char temp[126];
2452 memset(temp, 0, sizeof(temp));
2453 convert_b_to_a(temp, ptr->value, ptr->length);
2454 av[0] = ptr->member;
2456 if (ptr->type == (char *)GROUPS)
2459 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2461 else if (ptr->type == (char *)USERS)
2464 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2471 void convert_b_to_a(char *string, UCHAR *binary, int length)
2478 for (i = 0; i < length; i++)
2485 if (string[j] > '9')
2488 string[j] = tmp & 0x0f;
2490 if (string[j] > '9')
2497 static int illegalchars[] = {
2498 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2499 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2500 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2501 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2502 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2503 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2504 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2505 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2506 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2507 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2508 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2509 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2510 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2511 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2512 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2513 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2516 int check_string(char *s)
2523 if (isupper(character))
2524 character = tolower(character);
2525 if (illegalchars[(unsigned) character])
2531 int mr_connect_cl(char *server, char *client, int version, int auth)
2537 status = mr_connect(server);
2540 com_err(whoami, status, "while connecting to Moira");
2544 status = mr_motd(&motd);
2548 com_err(whoami, status, "while checking server status");
2553 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2554 com_err(whoami, status, temp);
2559 status = mr_version(version);
2562 if (status == MR_UNKNOWN_PROC)
2565 status = MR_VERSION_HIGH;
2567 status = MR_SUCCESS;
2570 if (status == MR_VERSION_HIGH)
2572 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2573 com_err(whoami, 0, "Some operations may not work.");
2575 else if (status && status != MR_VERSION_LOW)
2577 com_err(whoami, status, "while setting query version number.");
2585 status = mr_auth(client);
2588 com_err(whoami, status, "while authenticating to Moira.");
2590 return MRCL_AUTH_ERROR;
2594 return MRCL_SUCCESS;