2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("Ldap incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("Ldap incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("Ldap incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("Ldap incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("Ldap incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("Ldap incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("Ldap incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("Ldap incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from directory",
1733 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1737 com_err(whoami, 0, "Unable to process because user %s has been "
1738 "previously expungeded", before[U_NAME]);
1743 /*process anything that gets here*/
1745 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1746 before_user_id)) == AD_NO_USER_FOUND)
1748 if (!check_string(after[U_NAME]))
1751 if (rc = moira_connect())
1753 critical_alert("Ldap incremental",
1754 "Error connection to Moira : %s",
1759 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1761 av[0] = after[U_NAME];
1762 call_args[0] = (char *)ldap_handle;
1763 call_args[1] = dn_path;
1764 call_args[2] = after_user_id;
1765 call_args[3] = NULL;
1773 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1774 attr_array[0] = "cn";
1775 attr_array[1] = NULL;
1777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1778 &group_base, &group_count,
1779 LDAP_SCOPE_SUBTREE)) != 0)
1781 com_err(whoami, 0, "Unable to process user %s : %s",
1782 after[U_NAME], ldap_err2string(rc));
1786 if (group_count >= 1)
1788 com_err(whoami, 0, "Object already exists with name %s",
1793 linklist_free(group_base);
1798 if (rc = mr_query("get_user_account_by_login", 1, av,
1799 save_query_info, save_argv))
1802 com_err(whoami, 0, "Unable to create user %s : %s",
1803 after[U_NAME], error_message(rc));
1807 if (rc = user_create(U_END, save_argv, call_args))
1809 com_err(whoami, 0, "Unable to create user %s : %s",
1810 after[U_NAME], error_message(rc));
1817 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1829 if (strcmp(before[U_NAME], after[U_NAME]))
1831 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1833 com_err(whoami, 0, "changing user %s to %s",
1834 before[U_NAME], after[U_NAME]);
1836 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1837 after[U_NAME])) != LDAP_SUCCESS)
1844 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1845 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1846 after[U_UID], after[U_MITID],
1847 after_user_id, atoi(after[U_STATE]),
1848 after[U_HOMEDIR], after[U_PROFILEDIR],
1849 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1850 after[U_SHELL], after[U_CLASS]);
1855 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1856 char *oldValue, char *newValue,
1857 char ***modvalues, int type)
1859 LK_ENTRY *linklist_ptr;
1863 if (((*modvalues) = calloc(1,
1864 (modvalue_count + 1) * sizeof(char *))) == NULL)
1869 for (i = 0; i < (modvalue_count + 1); i++)
1870 (*modvalues)[i] = NULL;
1872 if (modvalue_count != 0)
1874 linklist_ptr = linklist_base;
1875 for (i = 0; i < modvalue_count; i++)
1877 if ((oldValue != NULL) && (newValue != NULL))
1879 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1882 if (type == REPLACE)
1884 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1887 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1888 strcpy((*modvalues)[i], newValue);
1892 if (((*modvalues)[i] = calloc(1,
1893 (int)(cPtr - linklist_ptr->value) +
1894 (linklist_ptr->length -
1896 strlen(newValue) + 1)) == NULL)
1898 memset((*modvalues)[i], '\0',
1899 (int)(cPtr - linklist_ptr->value) +
1900 (linklist_ptr->length - strlen(oldValue)) +
1901 strlen(newValue) + 1);
1902 memcpy((*modvalues)[i], linklist_ptr->value,
1903 (int)(cPtr - linklist_ptr->value));
1904 strcat((*modvalues)[i], newValue);
1905 strcat((*modvalues)[i],
1906 &linklist_ptr->value[(int)(cPtr -
1907 linklist_ptr->value) + strlen(oldValue)]);
1912 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1913 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1914 memcpy((*modvalues)[i], linklist_ptr->value,
1915 linklist_ptr->length);
1920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1922 memcpy((*modvalues)[i], linklist_ptr->value,
1923 linklist_ptr->length);
1925 linklist_ptr = linklist_ptr->next;
1927 (*modvalues)[i] = NULL;
1933 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1934 char **attr_array, LK_ENTRY **linklist_base,
1935 int *linklist_count, unsigned long ScopeType)
1938 LDAPMessage *ldap_entry;
1942 (*linklist_base) = NULL;
1943 (*linklist_count) = 0;
1945 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1946 search_exp, attr_array, 0,
1947 &ldap_entry)) != LDAP_SUCCESS)
1949 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1953 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1956 ldap_msgfree(ldap_entry);
1960 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1961 LK_ENTRY **linklist_base, int *linklist_count)
1963 char distinguished_name[1024];
1964 LK_ENTRY *linklist_ptr;
1967 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1970 memset(distinguished_name, '\0', sizeof(distinguished_name));
1971 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1973 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1974 linklist_base)) != 0)
1977 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1983 distinguished_name, linklist_base)) != 0)
1987 linklist_ptr = (*linklist_base);
1988 (*linklist_count) = 0;
1990 while (linklist_ptr != NULL)
1992 ++(*linklist_count);
1993 linklist_ptr = linklist_ptr->next;
1999 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2000 char *distinguished_name, LK_ENTRY **linklist_current)
2007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2010 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2012 ldap_memfree(Attribute);
2013 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2016 retrieve_values(ldap_handle, ldap_entry, Attribute,
2017 distinguished_name, linklist_current);
2018 ldap_memfree(Attribute);
2022 ldap_ber_free(ptr, 0);
2027 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2028 char *Attribute, char *distinguished_name,
2029 LK_ENTRY **linklist_current)
2035 LK_ENTRY *linklist_previous;
2036 LDAP_BERVAL **ber_value;
2045 SID_IDENTIFIER_AUTHORITY *sid_auth;
2046 unsigned char *subauth_count;
2047 #endif /*LDAP_BEGUG*/
2050 memset(temp, '\0', sizeof(temp));
2052 if ((!strcmp(Attribute, "objectSid")) ||
2053 (!strcmp(Attribute, "objectGUID")))
2058 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2059 Ptr = (void **)ber_value;
2064 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2065 Ptr = (void **)str_value;
2073 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2076 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2077 linklist_previous->next = (*linklist_current);
2078 (*linklist_current) = linklist_previous;
2080 if (((*linklist_current)->attribute = calloc(1,
2081 strlen(Attribute) + 1)) == NULL)
2084 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2085 strcpy((*linklist_current)->attribute, Attribute);
2089 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2091 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2094 memset((*linklist_current)->value, '\0', ber_length);
2095 memcpy((*linklist_current)->value,
2096 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2097 (*linklist_current)->length = ber_length;
2101 if (((*linklist_current)->value = calloc(1,
2102 strlen(*Ptr) + 1)) == NULL)
2105 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2106 (*linklist_current)->length = strlen(*Ptr);
2107 strcpy((*linklist_current)->value, *Ptr);
2110 (*linklist_current)->ber_value = use_bervalue;
2112 if (((*linklist_current)->dn = calloc(1,
2113 strlen(distinguished_name) + 1)) == NULL)
2116 memset((*linklist_current)->dn, '\0',
2117 strlen(distinguished_name) + 1);
2118 strcpy((*linklist_current)->dn, distinguished_name);
2121 if (!strcmp(Attribute, "objectGUID"))
2123 guid = (GUID *)((*linklist_current)->value);
2125 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2126 guid->Data1, guid->Data2, guid->Data3,
2127 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2128 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2129 guid->Data4[6], guid->Data4[7]);
2130 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2132 else if (!strcmp(Attribute, "objectSid"))
2134 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2137 print_to_screen(" Revision = %d\n", sid->Revision);
2138 print_to_screen(" SID Identifier Authority:\n");
2139 sid_auth = &sid->IdentifierAuthority;
2140 if (sid_auth->Value[0])
2141 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2142 else if (sid_auth->Value[1])
2143 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2144 else if (sid_auth->Value[2])
2145 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2146 else if (sid_auth->Value[3])
2147 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2148 else if (sid_auth->Value[5])
2149 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2151 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2152 subauth_count = GetSidSubAuthorityCount(sid);
2153 print_to_screen(" SidSubAuthorityCount = %d\n",
2155 print_to_screen(" SidSubAuthority:\n");
2156 for (i = 0; i < *subauth_count; i++)
2158 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2159 print_to_screen(" %u\n", *subauth);
2163 else if ((!memcmp(Attribute, "userAccountControl",
2164 strlen("userAccountControl"))) ||
2165 (!memcmp(Attribute, "sAMAccountType",
2166 strlen("sAmAccountType"))))
2168 intValue = atoi(*Ptr);
2169 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2171 if (!memcmp(Attribute, "userAccountControl",
2172 strlen("userAccountControl")))
2174 if (intValue & UF_ACCOUNTDISABLE)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Account disabled");
2178 print_to_screen(" %20s : %s\n",
2179 "", "Account active");
2180 if (intValue & UF_HOMEDIR_REQUIRED)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Home directory required");
2183 if (intValue & UF_LOCKOUT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account locked out");
2186 if (intValue & UF_PASSWD_NOTREQD)
2187 print_to_screen(" %20s : %s\n",
2188 "", "No password required");
2189 if (intValue & UF_PASSWD_CANT_CHANGE)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Cannot change password");
2192 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Temp duplicate account");
2195 if (intValue & UF_NORMAL_ACCOUNT)
2196 print_to_screen(" %20s : %s\n",
2197 "", "Normal account");
2198 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Interdomain trust account");
2201 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Workstation trust account");
2204 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Server trust account");
2211 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2213 #endif /*LDAP_DEBUG*/
2216 if (str_value != NULL)
2217 ldap_value_free(str_value);
2219 if (ber_value != NULL)
2220 ldap_value_free_len(ber_value);
2223 (*linklist_current) = linklist_previous;
2228 int moira_connect(void)
2233 if (!mr_connections++)
2237 memset(HostName, '\0', sizeof(HostName));
2238 strcpy(HostName, "ttsp");
2239 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2243 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2252 int check_winad(void)
2256 for (i = 0; file_exists(STOP_FILE); i++)
2260 critical_alert("Ldap incremental",
2261 "Ldap incremental failed (%s exists): %s",
2262 STOP_FILE, tbl_buf);
2272 int moira_disconnect(void)
2275 if (!--mr_connections)
2283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2284 char *distinguished_name)
2288 CName = ldap_get_dn(ldap_handle, ldap_entry);
2293 strcpy(distinguished_name, CName);
2294 ldap_memfree(CName);
2297 int linklist_create_entry(char *attribute, char *value,
2298 LK_ENTRY **linklist_entry)
2300 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2302 if (!(*linklist_entry))
2307 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2308 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2309 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2310 strcpy((*linklist_entry)->attribute, attribute);
2311 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2312 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2313 strcpy((*linklist_entry)->value, value);
2314 (*linklist_entry)->length = strlen(value);
2315 (*linklist_entry)->next = NULL;
2320 void print_to_screen(const char *fmt, ...)
2324 va_start(pvar, fmt);
2325 vfprintf(stderr, fmt, pvar);
2330 int get_group_membership(char *group_membership, char *group_ou,
2331 int *security_flag, char **av)
2336 maillist_flag = atoi(av[L_MAILLIST]);
2337 group_flag = atoi(av[L_GROUP]);
2339 if (security_flag != NULL)
2340 (*security_flag) = 0;
2342 if ((maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'B';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_both);
2353 else if ((!maillist_flag) && (group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'S';
2358 if (security_flag != NULL)
2359 (*security_flag) = 1;
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_security);
2364 else if ((maillist_flag) && (!group_flag))
2366 if (group_membership != NULL)
2367 group_membership[0] = 'D';
2369 if (group_ou != NULL)
2370 strcpy(group_ou, group_ou_distribution);
2374 if (group_membership != NULL)
2375 group_membership[0] = 'N';
2377 if (group_ou != NULL)
2378 strcpy(group_ou, group_ou_neither);
2384 int group_rename(LDAP *ldap_handle, char *dn_path,
2385 char *before_group_name, char *before_group_membership,
2386 char *before_group_ou, int before_security_flag,
2387 char *before_desc, char *after_group_name,
2388 char *after_group_membership, char *after_group_ou,
2389 int after_security_flag, char *after_desc,
2390 char *MoiraId, char *filter, char *maillist)
2395 char new_dn_path[512];
2398 char mail_nickname[256];
2399 char proxy_address[256];
2400 char address_book[256];
2401 char *attr_array[3];
2402 char *mitMoiraId_v[] = {NULL, NULL};
2403 char *name_v[] = {NULL, NULL};
2404 char *samAccountName_v[] = {NULL, NULL};
2405 char *groupTypeControl_v[] = {NULL, NULL};
2406 char *mail_v[] = {NULL, NULL};
2407 char *proxy_address_v[] = {NULL, NULL};
2408 char *mail_nickname_v[] = {NULL, NULL};
2409 char *report_to_originator_v[] = {NULL, NULL};
2410 char *address_book_v[] = {NULL, NULL};
2411 char *legacy_exchange_dn_v[] = {NULL, NULL};
2412 char *null_v[] = {NULL, NULL};
2413 u_int groupTypeControl;
2414 char groupTypeControlStr[80];
2415 char contact_mail[256];
2419 LK_ENTRY *group_base;
2421 int MailDisabled = 0;
2422 char search_filter[1024];
2424 if(UseGroupUniversal)
2425 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2427 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2429 if (!check_string(before_group_name))
2432 "Unable to process invalid LDAP list name %s",
2434 return(AD_INVALID_NAME);
2437 if (!check_string(after_group_name))
2440 "Unable to process invalid LDAP list name %s", after_group_name);
2441 return(AD_INVALID_NAME);
2451 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2453 attr_array[0] = "cn";
2454 attr_array[1] = NULL;
2456 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2457 attr_array, &group_base, &group_count,
2458 LDAP_SCOPE_SUBTREE)) != 0)
2460 com_err(whoami, 0, "Unable to process group %s : %s",
2461 after_group_name, ldap_err2string(rc));
2467 com_err(whoami, 0, "Object already exists with name %s",
2472 linklist_free(group_base);
2481 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2482 before_group_membership,
2483 MoiraId, "samAccountName", &group_base,
2484 &group_count, filter))
2487 if (group_count == 0)
2489 return(AD_NO_GROUPS_FOUND);
2492 if (group_count != 1)
2494 com_err(whoami, 0, "Unable to process multiple groups with "
2495 "MoiraId = %s exist in the directory", MoiraId);
2496 return(AD_MULTIPLE_GROUPS_FOUND);
2499 strcpy(old_dn, group_base->dn);
2501 linklist_free(group_base);
2504 attr_array[0] = "sAMAccountName";
2505 attr_array[1] = NULL;
2507 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2508 &group_base, &group_count,
2509 LDAP_SCOPE_SUBTREE)) != 0)
2511 com_err(whoami, 0, "Unable to get list %s dn : %s",
2512 after_group_name, ldap_err2string(rc));
2516 if (group_count != 1)
2519 "Unable to get sAMAccountName for group %s",
2521 return(AD_LDAP_FAILURE);
2524 strcpy(sam_name, group_base->value);
2525 linklist_free(group_base);
2529 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2530 sprintf(new_dn, "cn=%s", after_group_name);
2531 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2532 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2533 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2534 lowercase(ldap_domain));
2535 sprintf(mail_nickname, "%s", after_group_name);
2537 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2539 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2540 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2542 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2543 before_group_name, after_group_name, ldap_err2string(rc));
2547 name_v[0] = after_group_name;
2549 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2550 group_suffix, strlen(group_suffix)))
2552 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2557 "Unable to rename list from %s to %s : sAMAccountName not found",
2558 before_group_name, after_group_name);
2562 samAccountName_v[0] = sam_name;
2564 if (after_security_flag)
2565 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2567 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2568 groupTypeControl_v[0] = groupTypeControlStr;
2569 mitMoiraId_v[0] = MoiraId;
2571 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2572 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2575 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2577 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2578 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2580 if(!ActiveDirectory)
2582 ADD_ATTR("name", name_v, LDAP_MOD_REPLACE);
2587 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2589 mail_nickname_v[0] = mail_nickname;
2590 proxy_address_v[0] = proxy_address;
2592 report_to_originator_v[0] = "TRUE";
2594 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2595 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2596 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2597 ADD_ATTR("reportToOriginator", report_to_originator_v,
2602 mail_nickname_v[0] = NULL;
2603 proxy_address_v[0] = NULL;
2605 legacy_exchange_dn_v[0] = NULL;
2606 address_book_v[0] = NULL;
2607 report_to_originator_v[0] = NULL;
2609 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2610 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2611 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2612 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2613 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2614 ADD_ATTR("reportToOriginator", report_to_originator_v,
2620 if(atoi(maillist) && email_isvalid(contact_mail))
2622 mail_v[0] = contact_mail;
2623 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2625 if(!ActiveDirectory)
2627 null_v[0] = "/dev/null";
2628 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2635 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2638 "Unable to modify list data for %s after renaming: %s",
2639 after_group_name, ldap_err2string(rc));
2642 for (i = 0; i < n; i++)
2648 int group_create(int ac, char **av, void *ptr)
2653 char new_group_name[256];
2654 char sam_group_name[256];
2655 char cn_group_name[256];
2657 char contact_mail[256];
2658 char mail_nickname[256];
2659 char proxy_address[256];
2660 char address_book[256];
2661 char *cn_v[] = {NULL, NULL};
2662 char *objectClass_v[] = {"top", "group", NULL};
2663 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2664 "group", "mailRecipient", NULL};
2666 char *samAccountName_v[] = {NULL, NULL};
2667 char *altSecurityIdentities_v[] = {NULL, NULL};
2668 char *member_v[] = {NULL, NULL};
2669 char *name_v[] = {NULL, NULL};
2670 char *desc_v[] = {NULL, NULL};
2671 char *info_v[] = {NULL, NULL};
2672 char *mitMoiraId_v[] = {NULL, NULL};
2673 char *mitMoiraPublic_v[] = {NULL, NULL};
2674 char *mitMoiraHidden_v[] = {NULL, NULL};
2675 char *groupTypeControl_v[] = {NULL, NULL};
2676 char *mail_v[] = {NULL, NULL};
2677 char *proxy_address_v[] = {NULL, NULL};
2678 char *mail_nickname_v[] = {NULL, NULL};
2679 char *report_to_originator_v[] = {NULL, NULL};
2680 char *address_book_v[] = {NULL, NULL};
2681 char *legacy_exchange_dn_v[] = {NULL, NULL};
2682 char *gidNumber_v[] = {NULL, NULL};
2683 char *null_v[] = {NULL, NULL};
2684 char groupTypeControlStr[80];
2685 char group_membership[1];
2688 u_int groupTypeControl;
2692 int MailDisabled = 0;
2694 LK_ENTRY *group_base;
2697 char *attr_array[3];
2701 if(UseGroupUniversal)
2702 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2704 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2706 if (!check_string(av[L_NAME]))
2708 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2710 return(AD_INVALID_NAME);
2713 updateGroup = (int)call_args[4];
2714 memset(group_ou, 0, sizeof(group_ou));
2715 memset(group_membership, 0, sizeof(group_membership));
2718 get_group_membership(group_membership, group_ou, &security_flag, av);
2720 strcpy(new_group_name, av[L_NAME]);
2721 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2722 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2723 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2724 sprintf(mail_nickname, "%s", av[L_NAME]);
2727 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2729 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2733 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2734 groupTypeControl_v[0] = groupTypeControlStr;
2736 strcpy(cn_group_name, av[L_NAME]);
2738 samAccountName_v[0] = sam_group_name;
2739 name_v[0] = new_group_name;
2740 cn_v[0] = new_group_name;
2743 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2747 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2751 mitMoiraPublic_v[0] = av[L_PUBLIC];
2752 mitMoiraHidden_v[0] = av[L_HIDDEN];
2753 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2754 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2755 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2757 if(atoi(av[L_GROUP]))
2759 gidNumber_v[0] = av[L_GID];
2760 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2764 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2765 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2766 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2770 if(atoi(av[L_MAILLIST]))
2775 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2776 attr_array[0] = "cn";
2777 attr_array[1] = NULL;
2779 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2780 filter, attr_array, &group_base,
2782 LDAP_SCOPE_SUBTREE)) != 0)
2784 com_err(whoami, 0, "Unable to process group %s : %s",
2785 av[L_NAME], ldap_err2string(rc));
2791 com_err(whoami, 0, "Object already exists with name %s",
2796 linklist_free(group_base);
2801 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2803 mail_nickname_v[0] = mail_nickname;
2804 report_to_originator_v[0] = "TRUE";
2806 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2807 ADD_ATTR("reportToOriginator", report_to_originator_v,
2813 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2815 mail_v[0] = contact_mail;
2816 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2818 if(!ActiveDirectory)
2820 null_v[0] = "/dev/null";
2821 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2826 if (strlen(av[L_DESC]) != 0)
2828 desc_v[0] = av[L_DESC];
2829 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2832 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2834 if (strlen(av[L_ACE_NAME]) != 0)
2836 sprintf(info, "The Administrator of this list is: %s",
2839 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2842 if (strlen(call_args[5]) != 0)
2844 mitMoiraId_v[0] = call_args[5];
2845 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2850 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2852 for (i = 0; i < n; i++)
2855 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2857 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2858 av[L_NAME], ldap_err2string(rc));
2864 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2866 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2867 "description", av[L_NAME]);
2868 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2870 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2875 if (strlen(call_args[5]) != 0)
2877 mitMoiraId_v[0] = call_args[5];
2878 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2881 if (!(atoi(av[L_ACTIVE])))
2884 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2887 if (!ActiveDirectory)
2889 mitMoiraPublic_v[0] = av[L_PUBLIC];
2890 mitMoiraHidden_v[0] = av[L_HIDDEN];
2891 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2892 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2894 if(atoi(av[L_GROUP]))
2896 gidNumber_v[0] = av[L_GID];
2897 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2901 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2907 if(atoi(av[L_MAILLIST]))
2912 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2913 attr_array[0] = "cn";
2914 attr_array[1] = NULL;
2916 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2917 filter, attr_array, &group_base,
2919 LDAP_SCOPE_SUBTREE)) != 0)
2921 com_err(whoami, 0, "Unable to process group %s : %s",
2922 av[L_NAME], ldap_err2string(rc));
2928 com_err(whoami, 0, "Object already exists with name %s",
2933 linklist_free(group_base);
2938 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2940 mail_nickname_v[0] = mail_nickname;
2941 report_to_originator_v[0] = "TRUE";
2943 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2944 ADD_ATTR("reportToOriginator", report_to_originator_v,
2950 mail_nickname_v[0] = NULL;
2951 proxy_address_v[0] = NULL;
2952 legacy_exchange_dn_v[0] = NULL;
2953 address_book_v[0] = NULL;
2954 report_to_originator_v[0] = NULL;
2956 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2957 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2958 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2959 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2961 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2962 ADD_ATTR("reportToOriginator", report_to_originator_v,
2968 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2970 mail_v[0] = contact_mail;
2971 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2973 if(!ActiveDirectory)
2975 null_v[0] = "/dev/null";
2976 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2982 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2984 if(!ActiveDirectory)
2987 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2997 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2999 for (i = 0; i < n; i++)
3002 if (rc != LDAP_SUCCESS)
3004 com_err(whoami, 0, "Unable to update list %s in directory : %s",
3005 av[L_NAME], ldap_err2string(rc));
3012 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3013 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3015 return(LDAP_SUCCESS);
3018 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3019 char *TargetGroupName, int HiddenGroup,
3020 char *AceType, char *AceName)
3022 char filter_exp[1024];
3023 char *attr_array[5];
3024 char search_path[512];
3026 char TemplateDn[512];
3027 char TemplateSamName[128];
3029 char TargetSamName[128];
3030 char AceSamAccountName[128];
3032 unsigned char AceSid[128];
3033 unsigned char UserTemplateSid[128];
3034 char acBERBuf[N_SD_BER_BYTES];
3035 char GroupSecurityTemplate[256];
3036 char hide_addres_lists[256];
3037 char address_book[256];
3038 char *hide_address_lists_v[] = {NULL, NULL};
3039 char *address_book_v[] = {NULL, NULL};
3040 char *owner_v[] = {NULL, NULL};
3042 int UserTemplateSidCount;
3049 int array_count = 0;
3051 LK_ENTRY *group_base;
3052 LDAP_BERVAL **ppsValues;
3053 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3054 { N_SD_BER_BYTES, acBERBuf },
3057 LDAPControl *apsServerControls[] = {&sControl, NULL};
3060 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3061 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3062 BEREncodeSecurityBits(dwInfo, acBERBuf);
3064 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3065 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3066 attr_array[0] = "sAMAccountName";
3067 attr_array[1] = NULL;
3071 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3072 &group_base, &group_count,
3073 LDAP_SCOPE_SUBTREE) != 0))
3076 if (group_count != 1)
3078 linklist_free(group_base);
3082 strcpy(TargetDn, group_base->dn);
3083 strcpy(TargetSamName, group_base->value);
3084 linklist_free(group_base);
3088 UserTemplateSidCount = 0;
3089 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3090 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3091 memset(AceSid, '\0', sizeof(AceSid));
3096 if (strlen(AceName) != 0)
3098 if (!strcmp(AceType, "LIST"))
3100 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3101 strcpy(root_ou, group_ou_root);
3103 else if (!strcmp(AceType, "USER"))
3105 sprintf(AceSamAccountName, "%s", AceName);
3106 strcpy(root_ou, user_ou);
3109 if (ActiveDirectory)
3111 if (strlen(AceSamAccountName) != 0)
3113 sprintf(search_path, "%s", dn_path);
3114 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3115 attr_array[0] = "objectSid";
3116 attr_array[1] = NULL;
3120 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3121 attr_array, &group_base, &group_count,
3122 LDAP_SCOPE_SUBTREE) != 0))
3124 if (group_count == 1)
3126 strcpy(AceDn, group_base->dn);
3127 AceSidCount = group_base->length;
3128 memcpy(AceSid, group_base->value, AceSidCount);
3130 linklist_free(group_base);
3137 if (strlen(AceSamAccountName) != 0)
3139 sprintf(search_path, "%s", dn_path);
3140 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3141 attr_array[0] = "samAccountName";
3142 attr_array[1] = NULL;
3146 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3147 attr_array, &group_base, &group_count,
3148 LDAP_SCOPE_SUBTREE) != 0))
3150 if (group_count == 1)
3152 strcpy(AceDn, group_base->dn);
3154 linklist_free(group_base);
3161 if (!ActiveDirectory)
3163 if (strlen(AceDn) != 0)
3165 owner_v[0] = strdup(AceDn);
3167 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3171 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3173 for (i = 0; i < n; i++)
3176 if (rc != LDAP_SUCCESS)
3177 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3178 TargetGroupName, ldap_err2string(rc));
3184 if (AceSidCount == 0)
3186 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3187 "have a directory SID.", TargetGroupName, AceName, AceType);
3188 com_err(whoami, 0, " Non-admin security group template will be used.");
3192 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3193 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3194 attr_array[0] = "objectSid";
3195 attr_array[1] = NULL;
3200 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3201 attr_array, &group_base, &group_count,
3202 LDAP_SCOPE_SUBTREE) != 0))
3205 if ((rc != 0) || (group_count != 1))
3207 com_err(whoami, 0, "Unable to process user security template: %s",
3213 UserTemplateSidCount = group_base->length;
3214 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3216 linklist_free(group_base);
3223 if (AceSidCount == 0)
3225 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3226 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3230 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3231 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3236 if (AceSidCount == 0)
3238 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3239 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3243 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3244 sprintf(filter_exp, "(sAMAccountName=%s)",
3245 NOT_HIDDEN_GROUP_WITH_ADMIN);
3249 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3250 attr_array[0] = "sAMAccountName";
3251 attr_array[1] = NULL;
3255 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3256 &group_base, &group_count,
3257 LDAP_SCOPE_SUBTREE) != 0))
3260 if (group_count != 1)
3262 linklist_free(group_base);
3263 com_err(whoami, 0, "Unable to process group security template: %s - "
3264 "security not set", GroupSecurityTemplate);
3268 strcpy(TemplateDn, group_base->dn);
3269 strcpy(TemplateSamName, group_base->value);
3270 linklist_free(group_base);
3274 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3275 rc = ldap_search_ext_s(ldap_handle,
3287 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3289 com_err(whoami, 0, "Unable to find group security template: %s - "
3290 "security not set", GroupSecurityTemplate);
3294 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3296 if (ppsValues == NULL)
3298 com_err(whoami, 0, "Unable to find group security descriptor for group "
3299 "%s - security not set", GroupSecurityTemplate);
3303 if (AceSidCount != 0)
3305 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3308 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3310 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3311 UserTemplateSidCount))
3313 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3321 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3322 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3328 hide_address_lists_v[0] = "TRUE";
3329 address_book_v[0] = NULL;
3330 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3332 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3334 hide_address_lists_v[0] = NULL;
3335 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3342 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3344 for (i = 0; i < n; i++)
3347 ldap_value_free_len(ppsValues);
3348 ldap_msgfree(psMsg);
3350 if (rc != LDAP_SUCCESS)
3352 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3353 TargetGroupName, ldap_err2string(rc));
3355 if (AceSidCount != 0)
3358 "Trying to set security for group %s without admin.",
3361 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3362 HiddenGroup, "", ""))
3364 com_err(whoami, 0, "Unable to set security for group %s.",
3375 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3376 char *group_membership, char *MoiraId)
3378 LK_ENTRY *group_base;
3384 if (!check_string(group_name))
3387 "Unable to process invalid LDAP list name %s", group_name);
3388 return(AD_INVALID_NAME);
3391 memset(filter, '\0', sizeof(filter));
3394 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3396 if (rc = ad_get_group(ldap_handle, temp, group_name,
3397 group_membership, MoiraId,
3398 "samAccountName", &group_base,
3399 &group_count, filter))
3402 if (group_count == 1)
3404 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3406 linklist_free(group_base);
3407 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3408 group_name, ldap_err2string(rc));
3411 linklist_free(group_base);
3415 linklist_free(group_base);
3416 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3417 return(AD_NO_GROUPS_FOUND);
3423 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3429 return(N_SD_BER_BYTES);
3432 int process_lists(int ac, char **av, void *ptr)
3437 char group_membership[2];
3443 memset(group_ou, '\0', sizeof(group_ou));
3444 memset(group_membership, '\0', sizeof(group_membership));
3445 get_group_membership(group_membership, group_ou, &security_flag, av);
3446 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3447 av[L_NAME], group_ou, group_membership,
3453 int member_list_build(int ac, char **av, void *ptr)
3461 strcpy(temp, av[ACE_NAME]);
3464 if (!check_string(temp))
3467 if (!strcmp(av[ACE_TYPE], "USER"))
3469 if (!((int)call_args[3] & MOIRA_USERS))
3472 else if (!strcmp(av[ACE_TYPE], "STRING"))
3476 if((s = strchr(temp, '@')) == (char *) NULL)
3478 strcat(temp, "@mit.edu");
3481 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3483 s = strrchr(temp, '.');
3485 strcat(s, ".mit.edu");
3489 if (!((int)call_args[3] & MOIRA_STRINGS))
3492 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3495 else if (!strcmp(av[ACE_TYPE], "LIST"))
3497 if (!((int)call_args[3] & MOIRA_LISTS))
3500 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3502 if (!((int)call_args[3] & MOIRA_KERBEROS))
3505 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3510 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3512 if (!((int)call_args[3] & MOIRA_MACHINE))
3518 linklist = member_base;
3522 if (!strcasecmp(temp, linklist->member) &&
3523 !strcasecmp(av[ACE_TYPE], linklist->type))
3526 linklist = linklist->next;
3529 linklist = calloc(1, sizeof(LK_ENTRY));
3531 linklist->dn = NULL;
3532 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3533 strcpy(linklist->list, call_args[2]);
3534 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3535 strcpy(linklist->type, av[ACE_TYPE]);
3536 linklist->member = calloc(1, strlen(temp) + 1);
3537 strcpy(linklist->member, temp);
3538 linklist->next = member_base;
3539 member_base = linklist;
3544 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3545 char *group_ou, char *group_membership, char *user_name,
3546 char *UserOu, char *MoiraId)
3548 char distinguished_name[1024];
3552 char *attr_array[3];
3557 LK_ENTRY *group_base;
3561 if (!check_string(group_name))
3562 return(AD_INVALID_NAME);
3564 memset(filter, '\0', sizeof(filter));
3568 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3569 group_membership, MoiraId,
3570 "samAccountName", &group_base,
3571 &group_count, filter))
3574 if (group_count != 1)
3576 com_err(whoami, 0, "Unable to find list %s in directory",
3578 linklist_free(group_base);
3584 strcpy(distinguished_name, group_base->dn);
3585 linklist_free(group_base);
3591 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3595 if(!strcmp(UserOu, user_ou))
3596 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3598 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3601 modvalues[0] = temp;
3602 modvalues[1] = NULL;
3605 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3607 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3609 for (i = 0; i < n; i++)
3612 if (rc == LDAP_UNWILLING_TO_PERFORM)
3615 if (rc != LDAP_SUCCESS)
3617 com_err(whoami, 0, "Unable to modify list %s members : %s",
3618 group_name, ldap_err2string(rc));
3622 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3626 if(!strcmp(UserOu, contact_ou) &&
3627 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3629 memset(temp, '\0', sizeof(temp));
3630 strcpy(temp, user_name);
3631 s = strchr(temp, '@');
3634 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3636 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3637 &group_base, &group_count,
3638 LDAP_SCOPE_SUBTREE) != 0))
3644 linklist_free(group_base);
3649 sprintf(filter, "(distinguishedName=%s)", temp);
3650 attr_array[0] = "memberOf";
3651 attr_array[1] = NULL;
3653 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3654 &group_base, &group_count,
3655 LDAP_SCOPE_SUBTREE) != 0))
3661 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3663 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3673 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3674 char *group_ou, char *group_membership, char *user_name,
3675 char *UserOu, char *MoiraId)
3677 char distinguished_name[1024];
3685 LK_ENTRY *group_base;
3688 if (!check_string(group_name))
3689 return(AD_INVALID_NAME);
3692 memset(filter, '\0', sizeof(filter));
3696 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3697 group_membership, MoiraId,
3698 "samAccountName", &group_base,
3699 &group_count, filter))
3702 if (group_count != 1)
3704 linklist_free(group_base);
3707 com_err(whoami, 0, "Unable to find list %s %d in directory",
3708 group_name, group_count);
3709 return(AD_MULTIPLE_GROUPS_FOUND);
3712 strcpy(distinguished_name, group_base->dn);
3713 linklist_free(group_base);
3719 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3723 if(!strcmp(UserOu, user_ou))
3724 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3726 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3729 modvalues[0] = temp;
3730 modvalues[1] = NULL;
3733 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3735 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3737 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3740 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3742 if (rc == LDAP_UNWILLING_TO_PERFORM)
3746 for (i = 0; i < n; i++)
3749 if (rc != LDAP_SUCCESS)
3751 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3752 user_name, group_name, ldap_err2string(rc));
3758 int contact_remove_email(LDAP *ld, char *bind_path,
3759 LK_ENTRY **linklist_base, int linklist_current)
3763 char *mail_v[] = {NULL, NULL};
3771 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3772 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3773 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3774 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3777 gPtr = (*linklist_base);
3780 rc = ldap_modify_s(ld, gPtr->dn, mods);
3782 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3784 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3785 gPtr->dn, ldap_err2string(rc));
3792 for (i = 0; i < n; i++)
3798 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3801 LK_ENTRY *group_base;
3804 char cn_user_name[256];
3805 char contact_name[256];
3806 char mail_nickname[256];
3807 char proxy_address_internal[256];
3808 char proxy_address_external[256];
3809 char target_address[256];
3810 char internal_contact_name[256];
3813 char principal[256];
3814 char mit_address_book[256];
3815 char default_address_book[256];
3816 char contact_address_book[256];
3818 char *email_v[] = {NULL, NULL};
3819 char *cn_v[] = {NULL, NULL};
3820 char *contact_v[] = {NULL, NULL};
3821 char *uid_v[] = {NULL, NULL};
3822 char *mail_nickname_v[] = {NULL, NULL};
3823 char *proxy_address_internal_v[] = {NULL, NULL};
3824 char *proxy_address_external_v[] = {NULL, NULL};
3825 char *target_address_v[] = {NULL, NULL};
3826 char *mit_address_book_v[] = {NULL, NULL};
3827 char *default_address_book_v[] = {NULL, NULL};
3828 char *contact_address_book_v[] = {NULL, NULL};
3829 char *hide_address_lists_v[] = {NULL, NULL};
3830 char *attr_array[3];
3831 char *objectClass_v[] = {"top", "person",
3832 "organizationalPerson",
3834 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3835 "inetOrgPerson", "organizationalPerson",
3836 "contact", "mailRecipient", "eduPerson",
3838 char *name_v[] = {NULL, NULL};
3839 char *desc_v[] = {NULL, NULL};
3846 char *mail_routing_v[] = {NULL, NULL};
3847 char *principal_v[] = {NULL, NULL};
3849 if (!check_string(user))
3851 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3852 return(AD_INVALID_NAME);
3856 strcpy(contact_name, mail);
3857 strcpy(internal_contact_name, mail);
3859 if((s = strchr(internal_contact_name, '@')) != NULL) {
3863 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3866 sprintf(target_address, "SMTP:%s", contact_name);
3867 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3868 sprintf(mail_nickname, "%s", internal_contact_name);
3870 cn_v[0] = cn_user_name;
3871 contact_v[0] = contact_name;
3874 desc_v[0] = "Auto account created by Moira";
3876 proxy_address_internal_v[0] = proxy_address_internal;
3877 proxy_address_external_v[0] = proxy_address_external;
3878 mail_nickname_v[0] = mail_nickname;
3879 target_address_v[0] = target_address;
3880 mit_address_book_v[0] = mit_address_book;
3881 default_address_book_v[0] = default_address_book;
3882 contact_address_book_v[0] = contact_address_book;
3883 strcpy(new_dn, cn_user_name);
3886 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3888 if(!ActiveDirectory)
3890 if(!strcmp(group_ou, contact_ou))
3891 sprintf(uid, "%s%s", contact_name, "_strings");
3893 if(!strcmp(group_ou, kerberos_ou))
3894 sprintf(uid, "%s%s", contact_name, "_kerberos");
3898 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3899 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3904 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3908 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3911 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3912 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3913 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3917 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3922 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3923 attr_array[0] = "cn";
3924 attr_array[1] = NULL;
3926 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3927 &group_base, &group_count,
3928 LDAP_SCOPE_SUBTREE)) != 0)
3930 com_err(whoami, 0, "Unable to process contact %s : %s",
3931 user, ldap_err2string(rc));
3937 com_err(whoami, 0, "Object already exists with name %s",
3942 linklist_free(group_base);
3946 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3947 attr_array[0] = "cn";
3948 attr_array[1] = NULL;
3950 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3951 &group_base, &group_count,
3952 LDAP_SCOPE_SUBTREE)) != 0)
3954 com_err(whoami, 0, "Unable to process contact %s : %s",
3955 user, ldap_err2string(rc));
3961 com_err(whoami, 0, "Object already exists with name %s",
3966 linklist_free(group_base);
3970 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3971 attr_array[0] = "cn";
3972 attr_array[1] = NULL;
3974 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3975 &group_base, &group_count,
3976 LDAP_SCOPE_SUBTREE)) != 0)
3978 com_err(whoami, 0, "Unable to process contact %s : %s",
3979 user, ldap_err2string(rc));
3985 com_err(whoami, 0, "Object already exists with name %s",
3990 linklist_free(group_base);
3994 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3995 attr_array[0] = "cn";
3996 attr_array[1] = NULL;
3998 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3999 &group_base, &group_count,
4000 LDAP_SCOPE_SUBTREE)) != 0)
4002 com_err(whoami, 0, "Unable to process contact %s : %s",
4003 user, ldap_err2string(rc));
4009 com_err(whoami, 0, "Object already exists with name %s",
4014 linklist_free(group_base);
4018 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4019 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4020 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4021 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4023 hide_address_lists_v[0] = "TRUE";
4024 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4029 if(!ActiveDirectory)
4031 if((c = strchr(mail, '@')) == NULL)
4032 sprintf(temp, "%s@mit.edu", mail);
4034 sprintf(temp, "%s", mail);
4036 mail_routing_v[0] = temp;
4038 principal_v[0] = principal;
4040 if(!strcmp(group_ou, contact_ou))
4042 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4043 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4049 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4051 for (i = 0; i < n; i++)
4056 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4057 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4061 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4062 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4063 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4065 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4067 hide_address_lists_v[0] = "TRUE";
4068 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4072 rc = ldap_modify_s(ld, new_dn, mods);
4076 com_err(whoami, 0, "Unable to update contact %s", mail);
4079 for (i = 0; i < n; i++)
4084 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4086 com_err(whoami, 0, "Unable to create contact %s : %s",
4087 user, ldap_err2string(rc));
4094 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4095 char *Uid, char *MitId, char *MoiraId, int State,
4096 char *WinHomeDir, char *WinProfileDir, char *first,
4097 char *middle, char *last, char *shell, char *class)
4100 LK_ENTRY *group_base;
4102 char distinguished_name[512];
4103 char displayName[256];
4104 char *mitMoiraId_v[] = {NULL, NULL};
4105 char *mitMoiraClass_v[] = {NULL, NULL};
4106 char *mitMoiraStatus_v[] = {NULL, NULL};
4107 char *uid_v[] = {NULL, NULL};
4108 char *mitid_v[] = {NULL, NULL};
4109 char *homedir_v[] = {NULL, NULL};
4110 char *winProfile_v[] = {NULL, NULL};
4111 char *drives_v[] = {NULL, NULL};
4112 char *userAccountControl_v[] = {NULL, NULL};
4113 char *alt_recipient_v[] = {NULL, NULL};
4114 char *hide_address_lists_v[] = {NULL, NULL};
4115 char *mail_v[] = {NULL, NULL};
4116 char *gid_v[] = {NULL, NULL};
4117 char *loginshell_v[] = {NULL, NULL};
4118 char *principal_v[] = {NULL, NULL};
4119 char userAccountControlStr[80];
4124 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4125 UF_PASSWD_CANT_CHANGE;
4127 char *attr_array[3];
4130 char contact_mail[256];
4131 char filter_exp[1024];
4132 char search_path[512];
4133 char TemplateDn[512];
4134 char TemplateSamName[128];
4135 char alt_recipient[256];
4136 char principal[256];
4138 char acBERBuf[N_SD_BER_BYTES];
4139 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4140 { N_SD_BER_BYTES, acBERBuf },
4142 LDAPControl *apsServerControls[] = {&sControl, NULL};
4144 LDAP_BERVAL **ppsValues;
4148 char *homeServerName;
4150 char search_string[256];
4152 char *mail_routing_v[] = {NULL, NULL};
4155 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4156 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4157 BEREncodeSecurityBits(dwInfo, acBERBuf);
4159 if (!check_string(user_name))
4161 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4163 return(AD_INVALID_NAME);
4166 memset(contact_mail, '\0', sizeof(contact_mail));
4167 sprintf(contact_mail, "%s@mit.edu", user_name);
4168 memset(mail, '\0', sizeof(mail));
4169 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4170 memset(alt_recipient, '\0', sizeof(alt_recipient));
4171 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4173 sprintf(search_string, "@%s", uppercase(ldap_domain));
4177 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4179 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4186 memset(displayName, '\0', sizeof(displayName));
4188 if (strlen(MoiraId) != 0)
4192 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4197 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4200 attr_array[0] = "cn";
4201 attr_array[1] = NULL;
4202 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4203 &group_base, &group_count,
4204 LDAP_SCOPE_SUBTREE)) != 0)
4206 com_err(whoami, 0, "Unable to process user %s : %s",
4207 user_name, ldap_err2string(rc));
4212 if (group_count != 1)
4214 linklist_free(group_base);
4217 sprintf(filter, "(sAMAccountName=%s)", user_name);
4218 attr_array[0] = "cn";
4219 attr_array[1] = NULL;
4220 sprintf(temp, "%s,%s", user_ou, dn_path);
4221 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4222 &group_base, &group_count,
4223 LDAP_SCOPE_SUBTREE)) != 0)
4225 com_err(whoami, 0, "Unable to process user %s : %s",
4226 user_name, ldap_err2string(rc));
4231 if (group_count != 1)
4233 com_err(whoami, 0, "Unable to find user %s in directory",
4235 linklist_free(group_base);
4236 return(AD_NO_USER_FOUND);
4239 strcpy(distinguished_name, group_base->dn);
4241 linklist_free(group_base);
4244 if(!ActiveDirectory)
4246 if (rc = moira_connect())
4248 critical_alert("Ldap incremental",
4249 "Error contacting Moira server : %s",
4254 argv[0] = user_name;
4256 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4259 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4261 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4263 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4268 "Unable to set the mailRoutingAddress for %s : %s",
4269 user_name, ldap_err2string(rc));
4271 p = strdup(save_argv[3]);
4273 if((c = strchr(p, ',')) != NULL)
4278 if ((c = strchr(q, '@')) == NULL)
4279 sprintf(temp, "%s@mit.edu", q);
4281 sprintf(temp, "%s", q);
4283 if(email_isvalid(temp) && State != US_DELETED)
4285 mail_routing_v[0] = temp;
4288 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4290 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4292 if (rc == LDAP_ALREADY_EXISTS ||
4293 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4298 "Unable to set the mailRoutingAddress for %s : %s",
4299 user_name, ldap_err2string(rc));
4302 while((q = strtok(NULL, ",")) != NULL) {
4305 if((c = strchr(q, '@')) == NULL)
4306 sprintf(temp, "%s@mit.edu", q);
4308 sprintf(temp, "%s", q);
4310 if(email_isvalid(temp) && State != US_DELETED)
4312 mail_routing_v[0] = temp;
4315 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4318 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4320 if (rc == LDAP_ALREADY_EXISTS ||
4321 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4326 "Unable to set the mailRoutingAddress for "
4328 user_name, ldap_err2string(rc));
4334 if((c = strchr(p, '@')) == NULL)
4335 sprintf(temp, "%s@mit.edu", p);
4337 sprintf(temp, "%s", p);
4339 if(email_isvalid(temp) && State != US_DELETED)
4341 mail_routing_v[0] = temp;
4344 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4346 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4348 if (rc == LDAP_ALREADY_EXISTS ||
4349 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4354 "Unable to set the mailRoutingAddress for %s : %s",
4355 user_name, ldap_err2string(rc));
4362 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4363 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4364 "employeeID", user_name);
4366 rc = attribute_update(ldap_handle, distinguished_name, "none",
4367 "employeeID", user_name);
4370 strcat(displayName, first);
4373 if(strlen(middle)) {
4375 strcat(displayName, " ");
4377 strcat(displayName, middle);
4381 if(strlen(middle) || strlen(first))
4382 strcat(displayName, " ");
4384 strcat(displayName, last);
4387 if(strlen(displayName))
4388 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4389 "displayName", user_name);
4391 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4392 "displayName", user_name);
4394 if(!ActiveDirectory)
4396 if(strlen(displayName))
4397 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4400 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4404 if(!ActiveDirectory)
4406 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4407 "eduPersonNickname", user_name);
4411 rc = attribute_update(ldap_handle, distinguished_name, first,
4412 "givenName", user_name);
4414 rc = attribute_update(ldap_handle, distinguished_name, "",
4415 "givenName", user_name);
4417 if(strlen(middle) == 1)
4418 rc = attribute_update(ldap_handle, distinguished_name, middle,
4419 "initials", user_name);
4421 rc = attribute_update(ldap_handle, distinguished_name, "",
4422 "initials", user_name);
4425 rc = attribute_update(ldap_handle, distinguished_name, last,
4428 rc = attribute_update(ldap_handle, distinguished_name, "",
4433 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4438 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4442 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4443 "mitMoiraId", user_name);
4452 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4456 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4461 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4462 sprintf(status, "%d", State);
4463 principal_v[0] = principal;
4464 loginshell_v[0] = shell;
4465 mitMoiraClass_v[0] = class;
4466 mitMoiraStatus_v[0] = status;
4468 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4469 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4470 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4471 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4472 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4473 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4476 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4478 userAccountControl |= UF_ACCOUNTDISABLE;
4482 hide_address_lists_v[0] = "TRUE";
4483 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4491 hide_address_lists_v[0] = NULL;
4492 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4497 sprintf(userAccountControlStr, "%ld", userAccountControl);
4498 userAccountControl_v[0] = userAccountControlStr;
4499 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4503 if (rc = moira_connect())
4505 critical_alert("Ldap incremental",
4506 "Error contacting Moira server : %s",
4511 argv[0] = user_name;
4513 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4515 if(!strcmp(save_argv[1], "EXCHANGE") ||
4516 (strstr(save_argv[3], search_string) != NULL))
4518 alt_recipient_v[0] = NULL;
4519 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4521 argv[0] = exchange_acl;
4523 argv[2] = user_name;
4525 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4527 if ((rc) && (rc != MR_EXISTS))
4529 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4530 user_name, exchange_acl, error_message(rc));
4535 alt_recipient_v[0] = alt_recipient;
4536 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4538 argv[0] = exchange_acl;
4540 argv[2] = user_name;
4542 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4544 if ((rc) && (rc != MR_NO_MATCH))
4547 "Unable to remove user %s from %s: %s, %d",
4548 user_name, exchange_acl, error_message(rc), rc);
4554 alt_recipient_v[0] = alt_recipient;
4555 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4557 argv[0] = exchange_acl;
4559 argv[2] = user_name;
4561 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4563 if ((rc) && (rc != MR_NO_MATCH))
4566 "Unable to remove user %s from %s: %s, %d",
4567 user_name, exchange_acl, error_message(rc), rc);
4575 mail_v[0] = contact_mail;
4576 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4578 if(!ActiveDirectory)
4580 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4584 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4585 WinProfileDir, homedir_v, winProfile_v,
4586 drives_v, mods, LDAP_MOD_REPLACE, n);
4590 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4591 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4592 attr_array[0] = "sAMAccountName";
4593 attr_array[1] = NULL;
4597 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4599 &group_base, &group_count,
4600 LDAP_SCOPE_SUBTREE) != 0))
4603 if (group_count != 1)
4605 com_err(whoami, 0, "Unable to process user security template: %s - "
4606 "security not set", "UserTemplate.u");
4610 strcpy(TemplateDn, group_base->dn);
4611 strcpy(TemplateSamName, group_base->value);
4612 linklist_free(group_base);
4616 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4617 filter_exp, NULL, 0, apsServerControls, NULL,
4620 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4622 com_err(whoami, 0, "Unable to find user security template: %s - "
4623 "security not set", "UserTemplate.u");
4627 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4628 "ntSecurityDescriptor");
4630 if (ppsValues == NULL)
4632 com_err(whoami, 0, "Unable to find user security template: %s - "
4633 "security not set", "UserTemplate.u");
4637 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4638 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4643 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4644 mods)) != LDAP_SUCCESS)
4646 OldUseSFU30 = UseSFU30;
4647 SwitchSFU(mods, &UseSFU30, n);
4648 if (OldUseSFU30 != UseSFU30)
4649 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4652 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4653 user_name, ldap_err2string(rc));
4657 for (i = 0; i < n; i++)
4663 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4671 char contact_mail[256];
4672 char proxy_address[256];
4673 char query_base_dn[256];
4675 char *userPrincipalName_v[] = {NULL, NULL};
4676 char *altSecurityIdentities_v[] = {NULL, NULL};
4677 char *name_v[] = {NULL, NULL};
4678 char *samAccountName_v[] = {NULL, NULL};
4679 char *mail_v[] = {NULL, NULL};
4680 char *mail_nickname_v[] = {NULL, NULL};
4681 char *proxy_address_v[] = {NULL, NULL};
4682 char *query_base_dn_v[] = {NULL, NULL};
4683 char *principal_v[] = {NULL, NULL};
4684 char principal[256];
4689 if (!check_string(before_user_name))
4692 "Unable to process invalid LDAP user name %s", before_user_name);
4693 return(AD_INVALID_NAME);
4696 if (!check_string(user_name))
4699 "Unable to process invalid LDAP user name %s", user_name);
4700 return(AD_INVALID_NAME);
4703 strcpy(user_name, user_name);
4706 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4708 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4711 sprintf(new_dn, "cn=%s", user_name);
4713 sprintf(new_dn, "uid=%s", user_name);
4715 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4716 sprintf(contact_mail, "%s@mit.edu", user_name);
4717 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4718 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4720 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4721 NULL, NULL)) != LDAP_SUCCESS)
4723 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4724 before_user_name, user_name, ldap_err2string(rc));
4730 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4733 if(rc = ldap_delete_s(ldap_handle, temp))
4735 com_err(whoami, 0, "Unable to delete user contact for %s",
4739 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4741 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4745 name_v[0] = user_name;
4746 sprintf(upn, "%s@%s", user_name, ldap_domain);
4747 userPrincipalName_v[0] = upn;
4748 principal_v[0] = principal;
4749 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4750 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4751 altSecurityIdentities_v[0] = temp;
4752 samAccountName_v[0] = user_name;
4754 mail_nickname_v[0] = user_name;
4755 proxy_address_v[0] = proxy_address;
4756 query_base_dn_v[0] = query_base_dn;
4759 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4760 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4761 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4762 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4764 if(!ActiveDirectory)
4766 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4767 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4768 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4769 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4770 ADD_ATTR("name", name_v, LDAP_MOD_REPLACE);
4775 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4776 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4777 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4778 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4782 mail_v[0] = contact_mail;
4783 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4785 if(!ActiveDirectory)
4787 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4794 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4796 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4798 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4801 "Unable to modify user data for %s after renaming : %s",
4802 user_name, ldap_err2string(rc));
4805 for (i = 0; i < n; i++)
4811 int user_create(int ac, char **av, void *ptr)
4815 char user_name[256];
4819 char contact_mail[256];
4820 char proxy_address[256];
4821 char mail_nickname[256];
4822 char query_base_dn[256];
4823 char displayName[256];
4824 char address_book[256];
4825 char alt_recipient[256];
4826 char *cn_v[] = {NULL, NULL};
4827 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4829 char *objectClass_ldap_v[] = {"top",
4830 "eduPerson", "posixAccount",
4831 "apple-user", "shadowAccount",
4832 "microsoftComTop", "securityPrincipal",
4833 "inetOrgPerson", "user",
4834 "organizationalPerson", "person",
4835 "mailRecipient", NULL};
4837 char *samAccountName_v[] = {NULL, NULL};
4838 char *altSecurityIdentities_v[] = {NULL, NULL};
4839 char *mitMoiraId_v[] = {NULL, NULL};
4840 char *mitMoiraClass_v[] = {NULL, NULL};
4841 char *mitMoiraStatus_v[] = {NULL, NULL};
4842 char *name_v[] = {NULL, NULL};
4843 char *desc_v[] = {NULL, NULL};
4844 char *userPrincipalName_v[] = {NULL, NULL};
4845 char *userAccountControl_v[] = {NULL, NULL};
4846 char *uid_v[] = {NULL, NULL};
4847 char *gid_v[] = {NULL, NULL};
4848 char *mitid_v[] = {NULL, NULL};
4849 char *homedir_v[] = {NULL, NULL};
4850 char *winProfile_v[] = {NULL, NULL};
4851 char *drives_v[] = {NULL, NULL};
4852 char *mail_v[] = {NULL, NULL};
4853 char *givenName_v[] = {NULL, NULL};
4854 char *sn_v[] = {NULL, NULL};
4855 char *initials_v[] = {NULL, NULL};
4856 char *displayName_v[] = {NULL, NULL};
4857 char *proxy_address_v[] = {NULL, NULL};
4858 char *mail_nickname_v[] = {NULL, NULL};
4859 char *query_base_dn_v[] = {NULL, NULL};
4860 char *address_book_v[] = {NULL, NULL};
4861 char *homeMDB_v[] = {NULL, NULL};
4862 char *homeServerName_v[] = {NULL, NULL};
4863 char *mdbUseDefaults_v[] = {NULL, NULL};
4864 char *mailbox_guid_v[] = {NULL, NULL};
4865 char *user_culture_v[] = {NULL, NULL};
4866 char *user_account_control_v[] = {NULL, NULL};
4867 char *msexch_version_v[] = {NULL, NULL};
4868 char *alt_recipient_v[] = {NULL, NULL};
4869 char *hide_address_lists_v[] = {NULL, NULL};
4870 char *principal_v[] = {NULL, NULL};
4871 char *loginshell_v[] = {NULL, NULL};
4872 char userAccountControlStr[80];
4874 char principal[256];
4875 char filter_exp[1024];
4876 char search_path[512];
4877 char *attr_array[3];
4878 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4879 UF_PASSWD_CANT_CHANGE;
4885 char WinHomeDir[1024];
4886 char WinProfileDir[1024];
4888 char *homeServerName;
4890 char acBERBuf[N_SD_BER_BYTES];
4891 LK_ENTRY *group_base;
4893 char TemplateDn[512];
4894 char TemplateSamName[128];
4895 LDAP_BERVAL **ppsValues;
4896 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4897 { N_SD_BER_BYTES, acBERBuf },
4899 LDAPControl *apsServerControls[] = {&sControl, NULL};
4903 char search_string[256];
4904 char *o_v[] = {NULL, NULL};
4906 char *mail_routing_v[] = {NULL, NULL};
4911 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4912 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4913 BEREncodeSecurityBits(dwInfo, acBERBuf);
4915 if (!check_string(av[U_NAME]))
4917 callback_rc = AD_INVALID_NAME;
4918 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4920 return(AD_INVALID_NAME);
4923 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4924 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4925 memset(displayName, '\0', sizeof(displayName));
4926 memset(query_base_dn, '\0', sizeof(query_base_dn));
4927 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4928 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4929 strcpy(user_name, av[U_NAME]);
4930 sprintf(upn, "%s@%s", user_name, ldap_domain);
4931 sprintf(sam_name, "%s", av[U_NAME]);
4933 if(strlen(av[U_FIRST])) {
4934 strcat(displayName, av[U_FIRST]);
4937 if(strlen(av[U_MIDDLE])) {
4938 if(strlen(av[U_FIRST]))
4939 strcat(displayName, " ");
4941 strcat(displayName, av[U_MIDDLE]);
4944 if(strlen(av[U_LAST])) {
4945 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4946 strcat(displayName, " ");
4948 strcat(displayName, av[U_LAST]);
4951 samAccountName_v[0] = sam_name;
4952 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4953 (atoi(av[U_STATE]) != US_REGISTERED))
4955 userAccountControl |= UF_ACCOUNTDISABLE;
4959 hide_address_lists_v[0] = "TRUE";
4960 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4965 sprintf(userAccountControlStr, "%ld", userAccountControl);
4966 userAccountControl_v[0] = userAccountControlStr;
4967 userPrincipalName_v[0] = upn;
4970 cn_v[0] = user_name;
4972 cn_v[0] = displayName;
4974 name_v[0] = user_name;
4975 desc_v[0] = "Auto account created by Moira";
4977 givenName_v[0] = av[U_FIRST];
4980 sn_v[0] = av[U_LAST];
4982 if(strlen(av[U_LAST]))
4983 sn_v[0] = av[U_LAST];
4985 sn_v[0] = av[U_NAME];
4987 displayName_v[0] = displayName;
4988 mail_nickname_v[0] = user_name;
4989 o_v[0] = "Massachusetts Institute of Technology";
4991 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4992 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4993 altSecurityIdentities_v[0] = temp;
4994 principal_v[0] = principal;
4997 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4999 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
5001 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
5002 sprintf(contact_mail, "%s@mit.edu", user_name);
5003 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5004 query_base_dn_v[0] = query_base_dn;
5005 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
5007 sprintf(search_string, "@%s", uppercase(ldap_domain));
5011 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5014 com_err(whoami, 0, "Unable to create user contact %s",
5018 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5021 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5025 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5026 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5028 homeMDB_v[0] = homeMDB;
5029 homeServerName_v[0] = homeServerName;
5034 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5038 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5042 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5045 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5046 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5047 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5048 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5049 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5053 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5054 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5055 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5056 mdbUseDefaults_v[0] = "TRUE";
5057 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5058 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5060 argv[0] = user_name;
5062 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5064 if(!strcmp(save_argv[1], "EXCHANGE") ||
5065 (strstr(save_argv[3], search_string) != NULL))
5067 argv[0] = exchange_acl;
5069 argv[2] = user_name;
5071 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5073 if ((rc) && (rc != MR_EXISTS))
5075 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5076 user_name, exchange_acl, error_message(rc));
5081 alt_recipient_v[0] = alt_recipient;
5082 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5087 alt_recipient_v[0] = alt_recipient;
5088 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5090 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5095 mail_v[0] = contact_mail;
5096 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5098 if(!ActiveDirectory)
5100 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5104 if(strlen(av[U_FIRST])) {
5105 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5108 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5109 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5112 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5113 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5115 if(!ActiveDirectory)
5117 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5120 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5122 if(!ActiveDirectory)
5124 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5128 if (strlen(av[U_MIDDLE]) == 1) {
5129 initials_v[0] = av[U_MIDDLE];
5130 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5133 if (strlen(call_args[2]) != 0)
5135 mitMoiraId_v[0] = call_args[2];
5136 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5139 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5141 if(!ActiveDirectory)
5143 loginshell_v[0] = av[U_SHELL];
5144 mitMoiraClass_v[0] = av[U_CLASS];
5145 mitMoiraStatus_v[0] = av[U_STATE];
5146 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5147 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5148 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5149 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5150 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5151 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5154 if (strlen(av[U_UID]) != 0)
5156 uid_v[0] = av[U_UID];
5160 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5165 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5166 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5173 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5177 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5182 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5183 mitid_v[0] = av[U_MITID];
5185 mitid_v[0] = "none";
5187 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5189 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5190 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5191 drives_v, mods, LDAP_MOD_ADD, n);
5195 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5196 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5197 attr_array[0] = "sAMAccountName";
5198 attr_array[1] = NULL;
5202 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5203 attr_array, &group_base, &group_count,
5204 LDAP_SCOPE_SUBTREE) != 0))
5207 if (group_count != 1)
5209 com_err(whoami, 0, "Unable to process user security template: %s - "
5210 "security not set", "UserTemplate.u");
5214 strcpy(TemplateDn, group_base->dn);
5215 strcpy(TemplateSamName, group_base->value);
5216 linklist_free(group_base);
5220 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5221 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5222 apsServerControls, NULL,
5225 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5227 com_err(whoami, 0, "Unable to find user security template: %s - "
5228 "security not set", "UserTemplate.u");
5232 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5233 "ntSecurityDescriptor");
5234 if (ppsValues == NULL)
5236 com_err(whoami, 0, "Unable to find user security template: %s - "
5237 "security not set", "UserTemplate.u");
5241 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5242 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5247 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5249 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5251 OldUseSFU30 = UseSFU30;
5252 SwitchSFU(mods, &UseSFU30, n);
5253 if (OldUseSFU30 != UseSFU30)
5254 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5257 for (i = 0; i < n; i++)
5260 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5262 com_err(whoami, 0, "Unable to create user %s : %s",
5263 user_name, ldap_err2string(rc));
5268 if ((rc == LDAP_SUCCESS) && (SetPassword))
5270 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5272 ad_kdc_disconnect();
5273 if (!ad_server_connect(default_server, ldap_domain))
5275 com_err(whoami, 0, "Unable to set password for user %s : %s",
5277 "cannot get changepw ticket from windows domain");
5281 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5283 com_err(whoami, 0, "Unable to set password for user %s "
5284 ": %ld", user_name, rc);
5290 if(!ActiveDirectory)
5292 if (rc = moira_connect())
5294 critical_alert("Ldap incremental",
5295 "Error contacting Moira server : %s",
5300 argv[0] = user_name;
5302 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5305 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5307 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5309 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5314 "Unable to set the mailRoutingAddress for %s : %s",
5315 user_name, ldap_err2string(rc));
5317 p = strdup(save_argv[3]);
5319 if((c = strchr(p, ',')) != NULL) {
5323 if ((c = strchr(q, '@')) == NULL)
5324 sprintf(temp, "%s@mit.edu", q);
5326 sprintf(temp, "%s", q);
5328 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5330 mail_routing_v[0] = temp;
5333 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5335 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5337 if (rc == LDAP_ALREADY_EXISTS ||
5338 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5343 "Unable to set the mailRoutingAddress for %s : %s",
5344 user_name, ldap_err2string(rc));
5347 while((q = strtok(NULL, ",")) != NULL) {
5350 if((c = strchr(q, '@')) == NULL)
5351 sprintf(temp, "%s@mit.edu", q);
5353 sprintf(temp, "%s", q);
5355 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5357 mail_routing_v[0] = temp;
5360 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5362 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5364 if (rc == LDAP_ALREADY_EXISTS ||
5365 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5370 "Unable to set the mailRoutingAddress for %s : %s",
5371 user_name, ldap_err2string(rc));
5377 if((c = strchr(p, '@')) == NULL)
5378 sprintf(temp, "%s@mit.edu", p);
5380 sprintf(temp, "%s", p);
5382 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5384 mail_routing_v[0] = temp;
5387 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5389 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5391 if (rc == LDAP_ALREADY_EXISTS ||
5392 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5397 "Unable to set the mailRoutingAddress for %s : %s",
5398 user_name, ldap_err2string(rc));
5408 int user_change_status(LDAP *ldap_handle, char *dn_path,
5409 char *user_name, char *MoiraId,
5413 char *attr_array[3];
5415 char distinguished_name[1024];
5417 char *mitMoiraId_v[] = {NULL, NULL};
5419 LK_ENTRY *group_base;
5426 if (!check_string(user_name))
5428 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5430 return(AD_INVALID_NAME);
5436 if (strlen(MoiraId) != 0)
5438 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5439 attr_array[0] = "UserAccountControl";
5440 attr_array[1] = NULL;
5441 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5442 &group_base, &group_count,
5443 LDAP_SCOPE_SUBTREE)) != 0)
5445 com_err(whoami, 0, "Unable to process user %s : %s",
5446 user_name, ldap_err2string(rc));
5451 if (group_count != 1)
5453 linklist_free(group_base);
5456 sprintf(filter, "(sAMAccountName=%s)", user_name);
5457 attr_array[0] = "UserAccountControl";
5458 attr_array[1] = NULL;
5459 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5460 &group_base, &group_count,
5461 LDAP_SCOPE_SUBTREE)) != 0)
5463 com_err(whoami, 0, "Unable to process user %s : %s",
5464 user_name, ldap_err2string(rc));
5469 if (group_count != 1)
5471 linklist_free(group_base);
5472 com_err(whoami, 0, "Unable to find user %s in directory",
5474 return(LDAP_NO_SUCH_OBJECT);
5477 strcpy(distinguished_name, group_base->dn);
5478 ulongValue = atoi((*group_base).value);
5480 if (operation == MEMBER_DEACTIVATE)
5481 ulongValue |= UF_ACCOUNTDISABLE;
5483 ulongValue &= ~UF_ACCOUNTDISABLE;
5485 sprintf(temp, "%ld", ulongValue);
5487 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5488 temp, &modvalues, REPLACE)) == 1)
5491 linklist_free(group_base);
5495 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5497 if (strlen(MoiraId) != 0)
5499 mitMoiraId_v[0] = MoiraId;
5500 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5504 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5506 for (i = 0; i < n; i++)
5509 free_values(modvalues);
5511 if (rc != LDAP_SUCCESS)
5513 com_err(whoami, 0, "Unable to change status of user %s : %s",
5514 user_name, ldap_err2string(rc));
5521 int user_delete(LDAP *ldap_handle, char *dn_path,
5522 char *u_name, char *MoiraId)
5525 char *attr_array[3];
5526 char distinguished_name[1024];
5527 char user_name[512];
5528 LK_ENTRY *group_base;
5533 if (!check_string(u_name))
5534 return(AD_INVALID_NAME);
5536 strcpy(user_name, u_name);
5540 if (strlen(MoiraId) != 0)
5542 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5543 attr_array[0] = "name";
5544 attr_array[1] = NULL;
5545 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5546 &group_base, &group_count,
5547 LDAP_SCOPE_SUBTREE)) != 0)
5549 com_err(whoami, 0, "Unable to process user %s : %s",
5550 user_name, ldap_err2string(rc));
5555 if (group_count != 1)
5557 linklist_free(group_base);
5560 sprintf(filter, "(sAMAccountName=%s)", user_name);
5561 attr_array[0] = "name";
5562 attr_array[1] = NULL;
5563 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5564 &group_base, &group_count,
5565 LDAP_SCOPE_SUBTREE)) != 0)
5567 com_err(whoami, 0, "Unable to process user %s : %s",
5568 user_name, ldap_err2string(rc));
5573 if (group_count != 1)
5578 strcpy(distinguished_name, group_base->dn);
5580 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5582 com_err(whoami, 0, "Unable to process user %s : %s",
5583 user_name, ldap_err2string(rc));
5586 /* Need to add code to delete mit.edu contact */
5590 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5592 if(rc = ldap_delete_s(ldap_handle, temp))
5594 com_err(whoami, 0, "Unable to delete user contact for %s",
5600 linklist_free(group_base);
5605 void linklist_free(LK_ENTRY *linklist_base)
5607 LK_ENTRY *linklist_previous;
5609 while (linklist_base != NULL)
5611 if (linklist_base->dn != NULL)
5612 free(linklist_base->dn);
5614 if (linklist_base->attribute != NULL)
5615 free(linklist_base->attribute);
5617 if (linklist_base->value != NULL)
5618 free(linklist_base->value);
5620 if (linklist_base->member != NULL)
5621 free(linklist_base->member);
5623 if (linklist_base->type != NULL)
5624 free(linklist_base->type);
5626 if (linklist_base->list != NULL)
5627 free(linklist_base->list);
5629 linklist_previous = linklist_base;
5630 linklist_base = linklist_previous->next;
5631 free(linklist_previous);
5635 void free_values(char **modvalues)
5641 if (modvalues != NULL)
5643 while (modvalues[i] != NULL)
5646 modvalues[i] = NULL;
5653 static int illegalchars[] = {
5654 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5655 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5656 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5657 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5658 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5660 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5661 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5664 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5665 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5669 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5672 static int illegalchars_ldap[] = {
5673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5674 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5675 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5676 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5677 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5679 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5680 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5681 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5682 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5683 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5684 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5685 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5686 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5687 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5688 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5691 int check_string(char *s)
5702 if (isupper(character))
5703 character = tolower(character);
5707 if (illegalchars[(unsigned) character])
5709 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5710 character, (unsigned) character, string);
5716 if (illegalchars_ldap[(unsigned) character])
5718 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5719 character, (unsigned) character, string);
5728 int check_container_name(char *s)
5736 if (isupper(character))
5737 character = tolower(character);
5739 if (character == ' ')
5742 if (illegalchars[(unsigned) character])
5749 int mr_connect_cl(char *server, char *client, int version, int auth)
5755 status = mr_connect(server);
5759 com_err(whoami, status, "while connecting to Moira");
5763 status = mr_motd(&motd);
5768 com_err(whoami, status, "while checking server status");
5774 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5775 com_err(whoami, status, temp);
5780 status = mr_version(version);
5784 if (status == MR_UNKNOWN_PROC)
5787 status = MR_VERSION_HIGH;
5789 status = MR_SUCCESS;
5792 if (status == MR_VERSION_HIGH)
5794 com_err(whoami, 0, "Warning: This client is running newer code "
5795 "than the server.");
5796 com_err(whoami, 0, "Some operations may not work.");
5798 else if (status && status != MR_VERSION_LOW)
5800 com_err(whoami, status, "while setting query version number.");
5808 status = mr_krb5_auth(client);
5811 com_err(whoami, status, "while authenticating to Moira.");
5820 void AfsToWinAfs(char* path, char* winPath)
5824 strcpy(winPath, WINAFS);
5825 pathPtr = path + strlen(AFS);
5826 winPathPtr = winPath + strlen(WINAFS);
5830 if (*pathPtr == '/')
5833 *winPathPtr = *pathPtr;
5840 int GetAceInfo(int ac, char **av, void *ptr)
5847 strcpy(call_args[0], av[L_ACE_TYPE]);
5848 strcpy(call_args[1], av[L_ACE_NAME]);
5850 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5851 return(LDAP_SUCCESS);
5854 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5857 char *attr_array[3];
5860 LK_ENTRY *group_base;
5865 sprintf(filter, "(sAMAccountName=%s)", Name);
5866 attr_array[0] = "sAMAccountName";
5867 attr_array[1] = NULL;
5869 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5870 &group_base, &group_count,
5871 LDAP_SCOPE_SUBTREE)) != 0)
5873 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5874 Name, ldap_err2string(rc));
5878 linklist_free(group_base);
5881 if (group_count == 0)
5889 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5890 int UpdateGroup, int *ProcessGroup, char *maillist)
5893 char GroupName[256];
5899 char AceMembership[2];
5902 char *save_argv[U_END];
5906 com_err(whoami, 0, "ProcessAce disabled, skipping");
5910 strcpy(GroupName, Name);
5912 if (strcasecmp(Type, "LIST"))
5918 AceInfo[0] = AceType;
5919 AceInfo[1] = AceName;
5920 AceInfo[2] = AceMembership;
5922 memset(AceType, '\0', sizeof(AceType));
5923 memset(AceName, '\0', sizeof(AceName));
5924 memset(AceMembership, '\0', sizeof(AceMembership));
5925 memset(AceOu, '\0', sizeof(AceOu));
5928 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5930 if(rc != MR_NO_MATCH)
5931 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5932 GroupName, error_message(rc));
5939 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5943 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5946 strcpy(temp, AceName);
5948 if (!strcasecmp(AceType, "LIST"))
5949 sprintf(temp, "%s%s", AceName, group_suffix);
5953 if (checkADname(ldap_handle, dn_path, temp))
5956 (*ProcessGroup) = 1;
5959 if (!strcasecmp(AceInfo[0], "LIST"))
5961 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5962 AceMembership, 0, UpdateGroup, maillist))
5965 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5968 else if (!strcasecmp(AceInfo[0], "USER"))
5971 call_args[0] = (char *)ldap_handle;
5972 call_args[1] = dn_path;
5974 call_args[3] = NULL;
5977 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5978 !strcasecmp(AceName, TEST_PRINCIPAL))
5983 if (rc = mr_query("get_user_account_by_login", 1, av,
5984 save_query_info, save_argv))
5986 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5991 if (rc = user_create(U_END, save_argv, call_args))
5993 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6000 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6010 if (!strcasecmp(AceType, "LIST"))
6012 if (!strcasecmp(GroupName, AceName))
6016 strcpy(GroupName, AceName);
6022 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6023 char *group_name, char *group_ou, char *group_membership,
6024 int group_security_flag, int updateGroup, char *maillist)
6029 LK_ENTRY *group_base;
6032 char *attr_array[3];
6035 call_args[0] = (char *)ldap_handle;
6036 call_args[1] = dn_path;
6037 call_args[2] = group_name;
6038 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6039 call_args[4] = (char *)updateGroup;
6040 call_args[5] = MoiraId;
6042 call_args[7] = NULL;
6048 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6051 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6059 com_err(whoami, 0, "Unable to create list %s", group_name);
6060 return(callback_rc);
6066 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6067 char *group_ou, char *group_membership,
6068 int group_security_flag, char *MoiraId)
6083 char *member_v[] = {NULL, NULL};
6084 char *save_argv[U_END];
6085 char machine_ou[256];
6086 char NewMachineName[1024];
6088 com_err(whoami, 0, "Populating group %s", group_name);
6090 call_args[0] = (char *)ldap_handle;
6091 call_args[1] = dn_path;
6092 call_args[2] = group_name;
6093 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6095 call_args[4] = NULL;
6098 if (rc = mr_query("get_end_members_of_list", 1, av,
6099 member_list_build, call_args))
6104 com_err(whoami, 0, "Unable to populate list %s : %s",
6105 group_name, error_message(rc));
6109 members = (char **)malloc(sizeof(char *) * 2);
6111 if (member_base != NULL)
6117 if (!strcasecmp(ptr->type, "LIST"))
6123 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6129 if(!strcasecmp(ptr->type, "USER"))
6131 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6132 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6138 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6139 "")) == AD_NO_USER_FOUND)
6141 com_err(whoami, 0, "creating user %s", ptr->member);
6143 av[0] = ptr->member;
6144 call_args[0] = (char *)ldap_handle;
6145 call_args[1] = dn_path;
6147 call_args[3] = NULL;
6150 if (rc = mr_query("get_user_account_by_login", 1, av,
6151 save_query_info, save_argv))
6153 com_err(whoami, 0, "Unable to create user %s "
6154 "while populating group %s.", ptr->member,
6160 if (rc = user_create(U_END, save_argv, call_args))
6162 com_err(whoami, 0, "Unable to create user %s "
6163 "while populating group %s.", ptr->member,
6171 com_err(whoami, 0, "Unable to create user %s "
6172 "while populating group %s", ptr->member,
6183 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6188 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6192 else if (!strcasecmp(ptr->type, "STRING"))
6194 if (contact_create(ldap_handle, dn_path, ptr->member,
6198 pUserOu = contact_ou;
6199 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6202 else if (!strcasecmp(ptr->type, "KERBEROS"))
6204 if (contact_create(ldap_handle, dn_path, ptr->member,
6208 pUserOu = kerberos_ou;
6209 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6212 else if (!strcasecmp(ptr->type, "MACHINE"))
6214 memset(machine_ou, '\0', sizeof(machine_ou));
6215 memset(NewMachineName, '\0', sizeof(NewMachineName));
6217 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6218 machine_ou, NewMachineName))
6220 pUserOu = machine_ou;
6221 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6232 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6233 members[i++] = strdup(member);
6238 linklist_free(member_base);
6244 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6246 if(GroupPopulateDelete)
6249 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6252 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6253 mods)) != LDAP_SUCCESS)
6256 "Unable to populate group membership for %s: %s",
6257 group_dn, ldap_err2string(rc));
6260 for (i = 0; i < n; i++)
6265 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6268 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6269 mods)) != LDAP_SUCCESS)
6272 "Unable to populate group membership for %s: %s",
6273 group_dn, ldap_err2string(rc));
6276 for (i = 0; i < n; i++)
6284 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6285 char *group_name, char *group_ou, char *group_membership,
6286 int group_security_flag, int type, char *maillist)
6288 char before_desc[512];
6289 char before_name[256];
6290 char before_group_ou[256];
6291 char before_group_membership[2];
6292 char distinguishedName[256];
6293 char ad_distinguishedName[256];
6295 char *attr_array[3];
6296 int before_security_flag;
6299 LK_ENTRY *group_base;
6302 char ou_security[512];
6303 char ou_distribution[512];
6304 char ou_neither[512];
6307 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6308 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6310 memset(filter, '\0', sizeof(filter));
6314 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6316 "samAccountName", &group_base,
6317 &group_count, filter))
6320 if (type == CHECK_GROUPS)
6322 if (group_count == 1)
6324 strcpy(group_dn, group_base->dn);
6326 if (!strcasecmp(group_dn, distinguishedName))
6328 linklist_free(group_base);
6333 linklist_free(group_base);
6335 if (group_count == 0)
6336 return(AD_NO_GROUPS_FOUND);
6338 if (group_count == 1)
6339 return(AD_WRONG_GROUP_DN_FOUND);
6341 return(AD_MULTIPLE_GROUPS_FOUND);
6344 if (group_count == 0)
6346 return(AD_NO_GROUPS_FOUND);
6349 if (group_count > 1)
6353 strcpy(group_dn, ptr->dn);
6357 if (!strcasecmp(group_dn, ptr->value))
6365 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6371 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6375 linklist_free(group_base);
6376 return(AD_MULTIPLE_GROUPS_FOUND);
6383 strcpy(group_dn, ptr->dn);
6385 if (strcasecmp(group_dn, ptr->value))
6386 rc = ldap_delete_s(ldap_handle, ptr->value);
6391 linklist_free(group_base);
6392 memset(filter, '\0', sizeof(filter));
6396 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6398 "samAccountName", &group_base,
6399 &group_count, filter))
6402 if (group_count == 0)
6403 return(AD_NO_GROUPS_FOUND);
6405 if (group_count > 1)
6406 return(AD_MULTIPLE_GROUPS_FOUND);
6409 strcpy(ad_distinguishedName, group_base->dn);
6410 linklist_free(group_base);
6414 attr_array[0] = "sAMAccountName";
6415 attr_array[1] = NULL;
6417 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6418 &group_base, &group_count,
6419 LDAP_SCOPE_SUBTREE)) != 0)
6421 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6422 MoiraId, ldap_err2string(rc));
6426 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6428 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6430 linklist_free(group_base);
6436 linklist_free(group_base);
6439 memset(ou_both, '\0', sizeof(ou_both));
6440 memset(ou_security, '\0', sizeof(ou_security));
6441 memset(ou_distribution, '\0', sizeof(ou_distribution));
6442 memset(ou_neither, '\0', sizeof(ou_neither));
6443 memset(before_name, '\0', sizeof(before_name));
6444 memset(before_desc, '\0', sizeof(before_desc));
6445 memset(before_group_membership, '\0', sizeof(before_group_membership));
6447 attr_array[0] = "name";
6448 attr_array[1] = NULL;
6450 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6451 &group_base, &group_count,
6452 LDAP_SCOPE_SUBTREE)) != 0)
6454 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6455 MoiraId, ldap_err2string(rc));
6459 strcpy(before_name, group_base->value);
6460 linklist_free(group_base);
6464 attr_array[0] = "description";
6465 attr_array[1] = NULL;
6467 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6468 &group_base, &group_count,
6469 LDAP_SCOPE_SUBTREE)) != 0)
6472 "Unable to get list description with MoiraId = %s: %s",
6473 MoiraId, ldap_err2string(rc));
6477 if (group_count != 0)
6479 strcpy(before_desc, group_base->value);
6480 linklist_free(group_base);
6485 change_to_lower_case(ad_distinguishedName);
6486 strcpy(ou_both, group_ou_both);
6487 change_to_lower_case(ou_both);
6488 strcpy(ou_security, group_ou_security);
6489 change_to_lower_case(ou_security);
6490 strcpy(ou_distribution, group_ou_distribution);
6491 change_to_lower_case(ou_distribution);
6492 strcpy(ou_neither, group_ou_neither);
6493 change_to_lower_case(ou_neither);
6495 if (strstr(ad_distinguishedName, ou_both))
6497 strcpy(before_group_ou, group_ou_both);
6498 before_group_membership[0] = 'B';
6499 before_security_flag = 1;
6501 else if (strstr(ad_distinguishedName, ou_security))
6503 strcpy(before_group_ou, group_ou_security);
6504 before_group_membership[0] = 'S';
6505 before_security_flag = 1;
6507 else if (strstr(ad_distinguishedName, ou_distribution))
6509 strcpy(before_group_ou, group_ou_distribution);
6510 before_group_membership[0] = 'D';
6511 before_security_flag = 0;
6513 else if (strstr(ad_distinguishedName, ou_neither))
6515 strcpy(before_group_ou, group_ou_neither);
6516 before_group_membership[0] = 'N';
6517 before_security_flag = 0;
6520 return(AD_NO_OU_FOUND);
6522 rc = group_rename(ldap_handle, dn_path, before_name,
6523 before_group_membership,
6524 before_group_ou, before_security_flag, before_desc,
6525 group_name, group_membership, group_ou,
6526 group_security_flag,
6527 before_desc, MoiraId, filter, maillist);
6532 void change_to_lower_case(char *ptr)
6536 for (i = 0; i < (int)strlen(ptr); i++)
6538 ptr[i] = tolower(ptr[i]);
6542 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6543 char *group_name, char *group_membership,
6544 char *MoiraId, char *attribute,
6545 LK_ENTRY **linklist_base, int *linklist_count,
6550 char *attr_array[3];
6554 (*linklist_base) = NULL;
6555 (*linklist_count) = 0;
6557 if (strlen(rFilter) != 0)
6559 strcpy(filter, rFilter);
6560 attr_array[0] = attribute;
6561 attr_array[1] = NULL;
6563 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6564 linklist_base, linklist_count,
6565 LDAP_SCOPE_SUBTREE)) != 0)
6567 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6568 MoiraId, ldap_err2string(rc));
6572 if ((*linklist_count) == 1)
6574 strcpy(rFilter, filter);
6579 linklist_free((*linklist_base));
6580 (*linklist_base) = NULL;
6581 (*linklist_count) = 0;
6583 if (strlen(MoiraId) != 0)
6585 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6587 attr_array[0] = attribute;
6588 attr_array[1] = NULL;
6590 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6591 linklist_base, linklist_count,
6592 LDAP_SCOPE_SUBTREE)) != 0)
6594 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6595 MoiraId, ldap_err2string(rc));
6600 if ((*linklist_count) > 1)
6602 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6603 pPtr = (*linklist_base);
6607 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6612 linklist_free((*linklist_base));
6613 (*linklist_base) = NULL;
6614 (*linklist_count) = 0;
6617 if ((*linklist_count) == 1)
6620 pPtr = (*linklist_base);
6621 dn = strdup(pPtr->dn);
6624 if (!memcmp(dn, group_name, strlen(group_name)))
6626 strcpy(rFilter, filter);
6631 linklist_free((*linklist_base));
6632 (*linklist_base) = NULL;
6633 (*linklist_count) = 0;
6634 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6636 attr_array[0] = attribute;
6637 attr_array[1] = NULL;
6639 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6640 linklist_base, linklist_count,
6641 LDAP_SCOPE_SUBTREE)) != 0)
6643 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6644 MoiraId, ldap_err2string(rc));
6648 if ((*linklist_count) == 1)
6650 strcpy(rFilter, filter);
6657 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6660 char *attr_array[3];
6661 char SamAccountName[64];
6664 LK_ENTRY *group_base;
6670 if (strlen(MoiraId) != 0)
6672 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6674 attr_array[0] = "sAMAccountName";
6675 attr_array[1] = NULL;
6676 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6677 &group_base, &group_count,
6678 LDAP_SCOPE_SUBTREE)) != 0)
6680 com_err(whoami, 0, "Unable to process user %s : %s",
6681 UserName, ldap_err2string(rc));
6685 if (group_count > 1)
6687 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6693 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6694 gPtr->value, MoiraId);
6700 if (group_count != 1)
6702 linklist_free(group_base);
6705 sprintf(filter, "(sAMAccountName=%s)", UserName);
6706 attr_array[0] = "sAMAccountName";
6707 attr_array[1] = NULL;
6709 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6710 &group_base, &group_count,
6711 LDAP_SCOPE_SUBTREE)) != 0)
6713 com_err(whoami, 0, "Unable to process user %s : %s",
6714 UserName, ldap_err2string(rc));
6719 if (group_count != 1)
6721 linklist_free(group_base);
6722 return(AD_NO_USER_FOUND);
6725 strcpy(SamAccountName, group_base->value);
6726 linklist_free(group_base);
6730 if (strcmp(SamAccountName, UserName))
6733 "User object %s with MoiraId %s has mismatched usernames "
6734 "(LDAP username %s, Moira username %s)", SamAccountName,
6735 MoiraId, SamAccountName, UserName);
6741 void container_get_dn(char *src, char *dest)
6748 memset(array, '\0', 20 * sizeof(array[0]));
6750 if (strlen(src) == 0)
6772 strcpy(dest, "OU=");
6776 strcat(dest, array[n-1]);
6780 strcat(dest, ",OU=");
6787 void container_get_name(char *src, char *dest)
6792 if (strlen(src) == 0)
6812 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6819 strcpy(cName, name);
6821 for (i = 0; i < (int)strlen(cName); i++)
6823 if (cName[i] == '/')
6826 av[CONTAINER_NAME] = cName;
6827 av[CONTAINER_DESC] = "";
6828 av[CONTAINER_LOCATION] = "";
6829 av[CONTAINER_CONTACT] = "";
6830 av[CONTAINER_TYPE] = "";
6831 av[CONTAINER_ID] = "";
6832 av[CONTAINER_ROWID] = "";
6833 rc = container_create(ldap_handle, dn_path, 7, av);
6835 if (rc == LDAP_SUCCESS)
6837 com_err(whoami, 0, "container %s created without a mitMoiraId",
6846 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6847 char **before, int afterc, char **after)
6852 char new_dn_path[256];
6854 char distinguishedName[256];
6859 memset(cName, '\0', sizeof(cName));
6860 container_get_name(after[CONTAINER_NAME], cName);
6862 if (!check_container_name(cName))
6864 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6866 return(AD_INVALID_NAME);
6869 memset(distinguishedName, '\0', sizeof(distinguishedName));
6871 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6872 distinguishedName, beforec, before))
6875 if (strlen(distinguishedName) == 0)
6877 rc = container_create(ldap_handle, dn_path, afterc, after);
6881 strcpy(temp, after[CONTAINER_NAME]);
6884 for (i = 0; i < (int)strlen(temp); i++)
6894 container_get_dn(temp, dName);
6896 if (strlen(temp) != 0)
6897 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6899 sprintf(new_dn_path, "%s", dn_path);
6901 sprintf(new_cn, "OU=%s", cName);
6903 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6905 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6906 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6908 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6909 before[CONTAINER_NAME], after[CONTAINER_NAME],
6910 ldap_err2string(rc));
6914 memset(dName, '\0', sizeof(dName));
6915 container_get_dn(after[CONTAINER_NAME], dName);
6916 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6921 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6923 char distinguishedName[256];
6926 memset(distinguishedName, '\0', sizeof(distinguishedName));
6928 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6929 distinguishedName, count, av))
6932 if (strlen(distinguishedName) == 0)
6935 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6937 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6938 container_move_objects(ldap_handle, dn_path, distinguishedName);
6940 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6941 av[CONTAINER_NAME], ldap_err2string(rc));
6947 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6949 char *attr_array[3];
6950 LK_ENTRY *group_base;
6953 char *objectClass_v[] = {"top",
6954 "organizationalUnit",
6957 char *ou_v[] = {NULL, NULL};
6958 char *name_v[] = {NULL, NULL};
6959 char *moiraId_v[] = {NULL, NULL};
6960 char *desc_v[] = {NULL, NULL};
6961 char *managedBy_v[] = {NULL, NULL};
6964 char managedByDN[256];
6971 memset(filter, '\0', sizeof(filter));
6972 memset(dName, '\0', sizeof(dName));
6973 memset(cName, '\0', sizeof(cName));
6974 memset(managedByDN, '\0', sizeof(managedByDN));
6975 container_get_dn(av[CONTAINER_NAME], dName);
6976 container_get_name(av[CONTAINER_NAME], cName);
6978 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6980 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6982 return(AD_INVALID_NAME);
6985 if (!check_container_name(cName))
6987 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6989 return(AD_INVALID_NAME);
6993 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6995 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6997 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6999 if (strlen(av[CONTAINER_ROWID]) != 0)
7001 moiraId_v[0] = av[CONTAINER_ROWID];
7002 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7005 if (strlen(av[CONTAINER_DESC]) != 0)
7007 desc_v[0] = av[CONTAINER_DESC];
7008 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7011 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7013 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7015 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7018 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7019 kerberos_ou, dn_path);
7020 managedBy_v[0] = managedByDN;
7021 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7026 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7028 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7029 "(objectClass=user)))", av[CONTAINER_ID]);
7032 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7034 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7038 if (strlen(filter) != 0)
7040 attr_array[0] = "distinguishedName";
7041 attr_array[1] = NULL;
7044 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7046 &group_base, &group_count,
7047 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7049 if (group_count == 1)
7051 strcpy(managedByDN, group_base->value);
7052 managedBy_v[0] = managedByDN;
7053 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7055 linklist_free(group_base);
7065 sprintf(temp, "%s,%s", dName, dn_path);
7066 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7068 for (i = 0; i < n; i++)
7071 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7073 com_err(whoami, 0, "Unable to create container %s : %s",
7074 cName, ldap_err2string(rc));
7078 if (rc == LDAP_ALREADY_EXISTS)
7080 if (strlen(av[CONTAINER_ROWID]) != 0)
7081 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7087 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7088 char **before, int afterc, char **after)
7090 char distinguishedName[256];
7093 memset(distinguishedName, '\0', sizeof(distinguishedName));
7095 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7096 distinguishedName, afterc, after))
7099 if (strlen(distinguishedName) == 0)
7101 rc = container_create(ldap_handle, dn_path, afterc, after);
7105 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7106 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7112 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7113 char *distinguishedName, int count,
7116 char *attr_array[3];
7117 LK_ENTRY *group_base;
7124 memset(filter, '\0', sizeof(filter));
7125 memset(dName, '\0', sizeof(dName));
7126 memset(cName, '\0', sizeof(cName));
7127 container_get_dn(av[CONTAINER_NAME], dName);
7128 container_get_name(av[CONTAINER_NAME], cName);
7130 if (strlen(dName) == 0)
7132 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7133 av[CONTAINER_NAME]);
7134 return(AD_INVALID_NAME);
7137 if (!check_container_name(cName))
7139 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7141 return(AD_INVALID_NAME);
7144 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7145 av[CONTAINER_ROWID]);
7146 attr_array[0] = "distinguishedName";
7147 attr_array[1] = NULL;
7151 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7152 &group_base, &group_count,
7153 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7155 if (group_count == 1)
7157 strcpy(distinguishedName, group_base->value);
7160 linklist_free(group_base);
7165 if (strlen(distinguishedName) == 0)
7167 sprintf(filter, "(&(objectClass=organizationalUnit)"
7168 "(distinguishedName=%s,%s))", dName, dn_path);
7169 attr_array[0] = "distinguishedName";
7170 attr_array[1] = NULL;
7174 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7175 &group_base, &group_count,
7176 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7178 if (group_count == 1)
7180 strcpy(distinguishedName, group_base->value);
7183 linklist_free(group_base);
7192 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7193 char *distinguishedName, int count, char **av)
7195 char *attr_array[5];
7196 LK_ENTRY *group_base;
7201 char *moiraId_v[] = {NULL, NULL};
7202 char *desc_v[] = {NULL, NULL};
7203 char *managedBy_v[] = {NULL, NULL};
7204 char managedByDN[256];
7213 strcpy(ad_path, distinguishedName);
7215 if (strlen(dName) != 0)
7216 sprintf(ad_path, "%s,%s", dName, dn_path);
7218 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7221 if (strlen(av[CONTAINER_ID]) != 0)
7222 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7223 av[CONTAINER_ROWID]);
7225 attr_array[0] = "mitMoiraId";
7226 attr_array[1] = "description";
7227 attr_array[2] = "managedBy";
7228 attr_array[3] = NULL;
7232 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7233 &group_base, &group_count,
7234 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7236 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7237 av[CONTAINER_NAME], ldap_err2string(rc));
7241 memset(managedByDN, '\0', sizeof(managedByDN));
7242 memset(moiraId, '\0', sizeof(moiraId));
7243 memset(desc, '\0', sizeof(desc));
7248 if (!strcasecmp(pPtr->attribute, "description"))
7249 strcpy(desc, pPtr->value);
7250 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7251 strcpy(managedByDN, pPtr->value);
7252 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7253 strcpy(moiraId, pPtr->value);
7257 linklist_free(group_base);
7262 if (strlen(av[CONTAINER_ROWID]) != 0)
7264 moiraId_v[0] = av[CONTAINER_ROWID];
7265 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7268 if (strlen(av[CONTAINER_DESC]) != 0)
7270 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7275 if (strlen(desc) != 0)
7277 attribute_update(ldap_handle, ad_path, "", "description", dName);
7281 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7283 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7285 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7288 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7289 kerberos_ou, dn_path);
7290 managedBy_v[0] = managedByDN;
7291 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7295 if (strlen(managedByDN) != 0)
7297 attribute_update(ldap_handle, ad_path, "", "managedBy",
7304 memset(filter, '\0', sizeof(filter));
7306 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7308 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7309 "(objectClass=user)))", av[CONTAINER_ID]);
7312 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7314 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7318 if (strlen(filter) != 0)
7320 attr_array[0] = "distinguishedName";
7321 attr_array[1] = NULL;
7324 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7325 attr_array, &group_base, &group_count,
7326 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7328 if (group_count == 1)
7330 strcpy(managedByDN, group_base->value);
7331 managedBy_v[0] = managedByDN;
7332 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7336 if (strlen(managedByDN) != 0)
7338 attribute_update(ldap_handle, ad_path, "",
7339 "managedBy", dName);
7343 linklist_free(group_base);
7350 if (strlen(managedByDN) != 0)
7352 attribute_update(ldap_handle, ad_path, "", "managedBy",
7362 return(LDAP_SUCCESS);
7364 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7366 for (i = 0; i < n; i++)
7369 if (rc != LDAP_SUCCESS)
7371 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7372 av[CONTAINER_NAME], ldap_err2string(rc));
7379 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7381 char *attr_array[3];
7382 LK_ENTRY *group_base;
7389 int NumberOfEntries = 10;
7393 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7395 for (i = 0; i < 3; i++)
7397 memset(filter, '\0', sizeof(filter));
7401 strcpy(filter, "(!(|(objectClass=computer)"
7402 "(objectClass=organizationalUnit)))");
7403 attr_array[0] = "cn";
7404 attr_array[1] = NULL;
7408 strcpy(filter, "(objectClass=computer)");
7409 attr_array[0] = "cn";
7410 attr_array[1] = NULL;
7414 strcpy(filter, "(objectClass=organizationalUnit)");
7415 attr_array[0] = "ou";
7416 attr_array[1] = NULL;
7421 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7422 &group_base, &group_count,
7423 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7428 if (group_count == 0)
7435 if (!strcasecmp(pPtr->attribute, "cn"))
7437 sprintf(new_cn, "cn=%s", pPtr->value);
7439 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7441 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7446 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7448 if (rc == LDAP_ALREADY_EXISTS)
7450 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7457 else if (!strcasecmp(pPtr->attribute, "ou"))
7459 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7465 linklist_free(group_base);
7474 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7475 char *machine_ou, char *NewMachineName)
7477 LK_ENTRY *group_base;
7481 char *attr_array[3];
7488 strcpy(NewMachineName, member);
7489 rc = moira_connect();
7490 rc = GetMachineName(NewMachineName);
7493 if (strlen(NewMachineName) == 0)
7495 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7501 pPtr = strchr(NewMachineName, '.');
7508 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7509 attr_array[0] = "cn";
7510 attr_array[1] = NULL;
7511 sprintf(temp, "%s", dn_path);
7513 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7514 &group_base, &group_count,
7515 LDAP_SCOPE_SUBTREE)) != 0)
7517 com_err(whoami, 0, "Unable to process machine %s : %s",
7518 member, ldap_err2string(rc));
7522 if (group_count != 1)
7527 strcpy(dn, group_base->dn);
7528 strcpy(cn, group_base->value);
7530 for (i = 0; i < (int)strlen(dn); i++)
7531 dn[i] = tolower(dn[i]);
7533 for (i = 0; i < (int)strlen(cn); i++)
7534 cn[i] = tolower(cn[i]);
7536 linklist_free(group_base);
7538 pPtr = strstr(dn, cn);
7542 com_err(whoami, 0, "Unable to process machine %s",
7547 pPtr += strlen(cn) + 1;
7548 strcpy(machine_ou, pPtr);
7550 pPtr = strstr(machine_ou, "dc=");
7554 com_err(whoami, 0, "Unable to process machine %s",
7565 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7566 char *MoiraMachineName, char *DestinationOu)
7570 char MachineName[128];
7572 char *attr_array[3];
7577 LK_ENTRY *group_base;
7582 strcpy(MachineName, MoiraMachineName);
7583 rc = GetMachineName(MachineName);
7585 if (strlen(MachineName) == 0)
7587 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7592 cPtr = strchr(MachineName, '.');
7597 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7598 attr_array[0] = "sAMAccountName";
7599 attr_array[1] = NULL;
7601 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7603 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7605 com_err(whoami, 0, "Unable to process machine %s : %s",
7606 MoiraMachineName, ldap_err2string(rc));
7610 if (group_count == 1)
7611 strcpy(OldDn, group_base->dn);
7613 linklist_free(group_base);
7616 if (group_count != 1)
7618 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7623 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7624 cPtr = strchr(OldDn, ',');
7629 if (!strcasecmp(cPtr, NewOu))
7633 sprintf(NewCn, "CN=%s", MachineName);
7634 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7639 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7645 memset(Name, '\0', sizeof(Name));
7646 strcpy(Name, machine_name);
7648 pPtr = strchr(Name, '.');
7654 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7657 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7658 char *machine_name, char *container_name)
7664 av[0] = machine_name;
7665 call_args[0] = (char *)container_name;
7666 rc = mr_query("get_machine_to_container_map", 1, av,
7667 machine_GetMoiraContainer, call_args);
7671 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7676 strcpy(call_args[0], av[1]);
7680 int Moira_container_group_create(char **after)
7686 memset(GroupName, '\0', sizeof(GroupName));
7687 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7688 after[CONTAINER_ROWID]);
7692 argv[L_NAME] = GroupName;
7693 argv[L_ACTIVE] = "1";
7694 argv[L_PUBLIC] = "0";
7695 argv[L_HIDDEN] = "0";
7696 argv[L_MAILLIST] = "0";
7697 argv[L_GROUP] = "1";
7698 argv[L_GID] = UNIQUE_GID;
7699 argv[L_NFSGROUP] = "0";
7700 argv[L_MAILMAN] = "0";
7701 argv[L_MAILMAN_SERVER] = "[NONE]";
7702 argv[L_DESC] = "auto created container group";
7703 argv[L_ACE_TYPE] = "USER";
7704 argv[L_MEMACE_TYPE] = "USER";
7705 argv[L_ACE_NAME] = "sms";
7706 argv[L_MEMACE_NAME] = "sms";
7708 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7711 "Unable to create container group %s for container %s: %s",
7712 GroupName, after[CONTAINER_NAME], error_message(rc));
7715 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7716 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7721 int Moira_container_group_update(char **before, char **after)
7724 char BeforeGroupName[64];
7725 char AfterGroupName[64];
7728 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7731 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7732 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7733 if (strlen(BeforeGroupName) == 0)
7736 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7737 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7738 after[CONTAINER_ROWID]);
7742 if (strcasecmp(BeforeGroupName, AfterGroupName))
7744 argv[L_NAME] = BeforeGroupName;
7745 argv[L_NAME + 1] = AfterGroupName;
7746 argv[L_ACTIVE + 1] = "1";
7747 argv[L_PUBLIC + 1] = "0";
7748 argv[L_HIDDEN + 1] = "0";
7749 argv[L_MAILLIST + 1] = "0";
7750 argv[L_GROUP + 1] = "1";
7751 argv[L_GID + 1] = UNIQUE_GID;
7752 argv[L_NFSGROUP + 1] = "0";
7753 argv[L_MAILMAN + 1] = "0";
7754 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7755 argv[L_DESC + 1] = "auto created container group";
7756 argv[L_ACE_TYPE + 1] = "USER";
7757 argv[L_MEMACE_TYPE + 1] = "USER";
7758 argv[L_ACE_NAME + 1] = "sms";
7759 argv[L_MEMACE_NAME + 1] = "sms";
7761 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7764 "Unable to rename container group from %s to %s: %s",
7765 BeforeGroupName, AfterGroupName, error_message(rc));
7772 int Moira_container_group_delete(char **before)
7777 char ParentGroupName[64];
7779 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7780 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7782 memset(GroupName, '\0', sizeof(GroupName));
7784 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7785 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7787 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7789 argv[0] = ParentGroupName;
7791 argv[2] = GroupName;
7793 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7796 "Unable to delete container group %s from list: %s",
7797 GroupName, ParentGroupName, error_message(rc));
7801 if (strlen(GroupName) != 0)
7803 argv[0] = GroupName;
7805 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7807 com_err(whoami, 0, "Unable to delete container group %s : %s",
7808 GroupName, error_message(rc));
7815 int Moira_groupname_create(char *GroupName, char *ContainerName,
7816 char *ContainerRowID)
7821 char newGroupName[64];
7822 char tempGroupName[64];
7828 strcpy(temp, ContainerName);
7830 ptr1 = strrchr(temp, '/');
7836 ptr1 = strrchr(temp, '/');
7840 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7843 strcpy(tempgname, ptr);
7846 strcpy(tempgname, temp);
7848 if (strlen(tempgname) > 25)
7849 tempgname[25] ='\0';
7851 sprintf(newGroupName, "cnt-%s", tempgname);
7853 /* change everything to lower case */
7859 *ptr = tolower(*ptr);
7867 strcpy(tempGroupName, newGroupName);
7870 /* append 0-9 then a-z if a duplicate is found */
7873 argv[0] = newGroupName;
7875 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7877 if (rc == MR_NO_MATCH)
7879 com_err(whoami, 0, "Moira error while creating group name for "
7880 "container %s : %s", ContainerName, error_message(rc));
7884 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7888 com_err(whoami, 0, "Unable to find a unique group name for "
7889 "container %s: too many duplicate container names",
7900 strcpy(GroupName, newGroupName);
7904 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7909 argv[0] = origContainerName;
7910 argv[1] = GroupName;
7912 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7915 "Unable to set container group %s in container %s: %s",
7916 GroupName, origContainerName, error_message(rc));
7922 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7924 char ContainerName[64];
7925 char ParentGroupName[64];
7929 strcpy(ContainerName, origContainerName);
7931 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7933 /* top-level container */
7934 if (strlen(ParentGroupName) == 0)
7937 argv[0] = ParentGroupName;
7939 argv[2] = GroupName;
7941 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7944 "Unable to add container group %s to parent group %s: %s",
7945 GroupName, ParentGroupName, error_message(rc));
7951 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7956 strcpy(call_args[0], av[1]);
7961 int Moira_getGroupName(char *origContainerName, char *GroupName,
7964 char ContainerName[64];
7970 strcpy(ContainerName, origContainerName);
7974 ptr = strrchr(ContainerName, '/');
7982 argv[0] = ContainerName;
7984 call_args[0] = GroupName;
7985 call_args[1] = NULL;
7987 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7990 if (strlen(GroupName) != 0)
7995 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7996 ContainerName, error_message(rc));
7998 com_err(whoami, 0, "Unable to get container group from container %s",
8004 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8010 if (strcmp(GroupName, "[none]") == 0)
8013 argv[0] = GroupName;
8014 argv[1] = "MACHINE";
8015 argv[2] = MachineName;
8018 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8020 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8024 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8025 MachineName, GroupName, error_message(rc));
8031 int GetMachineName(char *MachineName)
8034 char NewMachineName[1024];
8041 // If the address happens to be in the top-level MIT domain, great!
8042 strcpy(NewMachineName, MachineName);
8044 for (i = 0; i < (int)strlen(NewMachineName); i++)
8045 NewMachineName[i] = toupper(NewMachineName[i]);
8047 szDot = strchr(NewMachineName,'.');
8049 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8054 // If not, see if it has a Moira alias in the top-level MIT domain.
8055 memset(NewMachineName, '\0', sizeof(NewMachineName));
8057 args[1] = MachineName;
8058 call_args[0] = NewMachineName;
8059 call_args[1] = NULL;
8061 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8063 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8064 MachineName, error_message(rc));
8065 strcpy(MachineName, "");
8069 if (strlen(NewMachineName) != 0)
8070 strcpy(MachineName, NewMachineName);
8072 strcpy(MachineName, "");
8077 int ProcessMachineName(int ac, char **av, void *ptr)
8080 char MachineName[1024];
8086 if (strlen(call_args[0]) == 0)
8088 strcpy(MachineName, av[0]);
8090 for (i = 0; i < (int)strlen(MachineName); i++)
8091 MachineName[i] = toupper(MachineName[i]);
8093 szDot = strchr(MachineName,'.');
8095 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8097 strcpy(call_args[0], MachineName);
8104 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8110 for (i = 0; i < n; i++)
8112 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8113 mods[i]->mod_type = "uidNumber";
8120 for (i = 0; i < n; i++)
8122 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8123 mods[i]->mod_type = "msSFU30UidNumber";
8130 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8131 char *DistinguishedName,
8132 char *WinHomeDir, char *WinProfileDir,
8133 char **homedir_v, char **winProfile_v,
8134 char **drives_v, LDAPMod **mods,
8141 char winProfile[1024];
8144 char apple_homedir[1024];
8145 char *apple_homedir_v[] = {NULL, NULL};
8149 LDAPMod *DelMods[20];
8151 char *save_argv[FS_END];
8152 char *fsgroup_save_argv[2];
8154 memset(homeDrive, '\0', sizeof(homeDrive));
8155 memset(path, '\0', sizeof(path));
8156 memset(winPath, '\0', sizeof(winPath));
8157 memset(winProfile, '\0', sizeof(winProfile));
8159 if(!ActiveDirectory)
8161 if (rc = moira_connect())
8163 critical_alert("Ldap incremental",
8164 "Error contacting Moira server : %s",
8169 argv[0] = user_name;
8171 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8174 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8175 !strcmp(save_argv[FS_TYPE], "MUL"))
8178 argv[0] = save_argv[FS_NAME];
8181 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8182 save_fsgroup_info, fsgroup_save_argv)))
8186 argv[0] = fsgroup_save_argv[0];
8188 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8189 save_query_info, save_argv)))
8191 strcpy(path, save_argv[FS_PACK]);
8198 strcpy(path, save_argv[FS_PACK]);
8206 if (!strnicmp(path, AFS, strlen(AFS)))
8208 sprintf(homedir, "%s", path);
8209 sprintf(apple_homedir, "%s/MacData", path);
8210 homedir_v[0] = homedir;
8211 apple_homedir_v[0] = apple_homedir;
8212 ADD_ATTR("homeDirectory", homedir_v, OpType);
8213 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8219 homedir_v[0] = "NONE";
8220 apple_homedir_v[0] = "NONE";
8221 ADD_ATTR("homeDirectory", homedir_v, OpType);
8222 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8229 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8230 (!strcasecmp(WinProfileDir, "[afs]")))
8232 if (rc = moira_connect())
8234 critical_alert("Ldap incremental",
8235 "Error contacting Moira server : %s",
8240 argv[0] = user_name;
8242 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8245 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8246 !strcmp(save_argv[FS_TYPE], "MUL"))
8249 argv[0] = save_argv[FS_NAME];
8252 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8253 save_fsgroup_info, fsgroup_save_argv)))
8257 argv[0] = fsgroup_save_argv[0];
8259 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8260 save_query_info, save_argv)))
8262 strcpy(path, save_argv[FS_PACK]);
8269 strcpy(path, save_argv[FS_PACK]);
8277 if (!strnicmp(path, AFS, strlen(AFS)))
8279 AfsToWinAfs(path, winPath);
8280 strcpy(winProfile, winPath);
8281 strcat(winProfile, "\\.winprofile");
8288 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8289 (!strcasecmp(WinProfileDir, "[dfs]")))
8291 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8292 user_name[0], user_name);
8294 if (!strcasecmp(WinProfileDir, "[dfs]"))
8296 strcpy(winProfile, path);
8297 strcat(winProfile, "\\.winprofile");
8300 if (!strcasecmp(WinHomeDir, "[dfs]"))
8301 strcpy(winPath, path);
8304 if (!strcasecmp(WinHomeDir, "[local]"))
8305 memset(winPath, '\0', sizeof(winPath));
8306 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8307 !strcasecmp(WinHomeDir, "[dfs]"))
8309 strcpy(homeDrive, "H:");
8313 strcpy(winPath, WinHomeDir);
8314 if (!strncmp(WinHomeDir, "\\\\", 2))
8316 strcpy(homeDrive, "H:");
8320 // nothing needs to be done if WinProfileDir is [afs].
8321 if (!strcasecmp(WinProfileDir, "[local]"))
8322 memset(winProfile, '\0', sizeof(winProfile));
8323 else if (strcasecmp(WinProfileDir, "[afs]") &&
8324 strcasecmp(WinProfileDir, "[dfs]"))
8326 strcpy(winProfile, WinProfileDir);
8329 if (strlen(winProfile) != 0)
8331 if (winProfile[strlen(winProfile) - 1] == '\\')
8332 winProfile[strlen(winProfile) - 1] = '\0';
8335 if (strlen(winPath) != 0)
8337 if (winPath[strlen(winPath) - 1] == '\\')
8338 winPath[strlen(winPath) - 1] = '\0';
8341 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8342 strcat(winProfile, "\\");
8344 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8345 strcat(winPath, "\\");
8347 if (strlen(winPath) == 0)
8349 if (OpType == LDAP_MOD_REPLACE)
8352 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8354 //unset homeDirectory attribute for user.
8355 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8361 homedir_v[0] = strdup(winPath);
8362 ADD_ATTR("homeDirectory", homedir_v, OpType);
8365 if (strlen(winProfile) == 0)
8367 if (OpType == LDAP_MOD_REPLACE)
8370 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8372 //unset profilePate attribute for user.
8373 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8379 winProfile_v[0] = strdup(winProfile);
8380 ADD_ATTR("profilePath", winProfile_v, OpType);
8383 if (strlen(homeDrive) == 0)
8385 if (OpType == LDAP_MOD_REPLACE)
8388 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8390 //unset homeDrive attribute for user
8391 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8397 drives_v[0] = strdup(homeDrive);
8398 ADD_ATTR("homeDrive", drives_v, OpType);
8404 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8405 char *attribute_value, char *attribute, char *user_name)
8407 char *mod_v[] = {NULL, NULL};
8408 LDAPMod *DelMods[20];
8414 if (strlen(attribute_value) == 0)
8417 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8419 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8425 mod_v[0] = attribute_value;
8426 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8429 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8430 mods)) != LDAP_SUCCESS)
8434 mod_v[0] = attribute_value;
8435 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8438 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8439 mods)) != LDAP_SUCCESS)
8441 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8442 "in the directory : %s",
8443 attribute, user_name, ldap_err2string(rc));
8453 void StringTrim(char *StringToTrim)
8458 save = strdup(StringToTrim);
8465 /* skip to end of string */
8470 strcpy(StringToTrim, save);
8474 for (t = s; *t; t++)
8490 strcpy(StringToTrim, s);
8494 int ReadConfigFile(char *DomainName)
8505 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8507 if ((fptr = fopen(temp, "r")) != NULL)
8509 while (fgets(temp, sizeof(temp), fptr) != 0)
8511 for (i = 0; i < (int)strlen(temp); i++)
8512 temp[i] = toupper(temp[i]);
8514 if (temp[strlen(temp) - 1] == '\n')
8515 temp[strlen(temp) - 1] = '\0';
8519 if (strlen(temp) == 0)
8522 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8524 if (strlen(temp) > (strlen(DOMAIN)))
8526 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8527 StringTrim(ldap_domain);
8530 else if (!strncmp(temp, REALM, strlen(REALM)))
8532 if (strlen(temp) > (strlen(REALM)))
8534 strcpy(ldap_realm, &temp[strlen(REALM)]);
8535 StringTrim(ldap_realm);
8538 else if (!strncmp(temp, PORT, strlen(PORT)))
8540 if (strlen(temp) > (strlen(PORT)))
8542 strcpy(ldap_port, &temp[strlen(PORT)]);
8543 StringTrim(ldap_port);
8546 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8548 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8550 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8551 StringTrim(PrincipalName);
8554 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8556 if (strlen(temp) > (strlen(SERVER)))
8558 ServerList[Count] = calloc(1, 256);
8559 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8560 StringTrim(ServerList[Count]);
8564 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8566 if (strlen(temp) > (strlen(MSSFU)))
8568 strcpy(temp1, &temp[strlen(MSSFU)]);
8570 if (!strcmp(temp1, SFUTYPE))
8574 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8576 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8578 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8580 if (!strcasecmp(temp1, "NO"))
8583 memset(group_suffix, '\0', sizeof(group_suffix));
8587 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8589 if (strlen(temp) > (strlen(GROUP_TYPE)))
8591 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8593 if (!strcasecmp(temp1, "UNIVERSAL"))
8594 UseGroupUniversal = 1;
8597 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8599 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8601 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8603 if (!strcasecmp(temp1, "NO"))
8607 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8609 if (strlen(temp) > (strlen(SET_PASSWORD)))
8611 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8613 if (!strcasecmp(temp1, "NO"))
8617 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8619 if (strlen(temp) > (strlen(EXCHANGE)))
8621 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8623 if (!strcasecmp(temp1, "YES"))
8627 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8628 strlen(PROCESS_MACHINE_CONTAINER)))
8630 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8632 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8634 if (!strcasecmp(temp1, "NO"))
8635 ProcessMachineContainer = 0;
8638 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8639 strlen(ACTIVE_DIRECTORY)))
8641 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8643 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8645 if (!strcasecmp(temp1, "NO"))
8646 ActiveDirectory = 0;
8649 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8650 strlen(GROUP_POPULATE_MEMBERS)))
8652 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8654 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8656 if (!strcasecmp(temp1, "DELETE"))
8658 GroupPopulateDelete = 1;
8664 if (strlen(ldap_domain) != 0)
8666 memset(ldap_domain, '\0', sizeof(ldap_domain));
8670 if (strlen(temp) != 0)
8671 strcpy(ldap_domain, temp);
8677 if (strlen(ldap_domain) == 0)
8679 strcpy(ldap_domain, DomainName);
8685 for (i = 0; i < Count; i++)
8687 if (ServerList[i] != 0)
8689 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8690 ServerList[i][k] = toupper(ServerList[i][k]);
8697 int ReadDomainList()
8704 unsigned char c[11];
8705 unsigned char stuff[256];
8710 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8712 if ((fptr = fopen(temp, "r")) != NULL)
8714 while (fgets(temp, sizeof(temp), fptr) != 0)
8716 for (i = 0; i < (int)strlen(temp); i++)
8717 temp[i] = toupper(temp[i]);
8719 if (temp[strlen(temp) - 1] == '\n')
8720 temp[strlen(temp) - 1] = '\0';
8724 if (strlen(temp) == 0)
8727 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8729 if (strlen(temp) > (strlen(DOMAIN)))
8731 strcpy(temp1, &temp[strlen(DOMAIN)]);
8733 strcpy(temp, temp1);
8737 strcpy(DomainNames[Count], temp);
8738 StringTrim(DomainNames[Count]);
8747 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8748 "configuration error in ldap.cfg");
8755 int email_isvalid(const char *address) {
8757 const char *c, *domain;
8758 static char *rfc822_specials = "()<>@,;:\\\"[]";
8760 if(address[strlen(address) - 1] == '.')
8763 /* first we validate the name portion (name@domain) */
8764 for (c = address; *c; c++) {
8765 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8770 if (*c == '\\' && (*++c == ' '))
8772 if (*c <= ' ' || *c >= 127)
8787 if (*c <= ' ' || *c >= 127)
8789 if (strchr(rfc822_specials, *c))
8793 if (c == address || *(c - 1) == '.')
8796 /* next we validate the domain portion (name@domain) */
8797 if (!*(domain = ++c)) return 0;
8800 if (c == domain || *(c - 1) == '.')
8804 if (*c <= ' ' || *c >= 127)
8806 if (strchr(rfc822_specials, *c))
8810 return (count >= 1);
8813 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8814 char **homeServerName)
8816 LK_ENTRY *group_base;
8817 LK_ENTRY *sub_group_base;
8821 int sub_group_count;
8823 char sub_filter[1024];
8824 char search_path[1024];
8826 char *attr_array[3];
8828 int homeMDB_count = -1;
8832 int rangeStep = 1500;
8834 int rangeHigh = rangeLow + (rangeStep - 1);
8837 /* Grumble..... microsoft not making it searchable from the root *grr* */
8839 memset(filter, '\0', sizeof(filter));
8840 memset(search_path, '\0', sizeof(search_path));
8842 sprintf(filter, "(objectClass=msExchMDB)");
8843 sprintf(search_path, "CN=Configuration,%s", dn_path);
8844 attr_array[0] = "distinguishedName";
8845 attr_array[1] = NULL;
8850 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8851 &group_base, &group_count,
8852 LDAP_SCOPE_SUBTREE)) != 0)
8854 com_err(whoami, 0, "Unable to find msExchMDB %s",
8855 ldap_err2string(rc));
8864 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8865 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8866 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8873 * Due to limits in active directory we need to use the LDAP
8874 * range semantics to query and return all the values in
8875 * large lists, we will stop increasing the range when
8876 * the result count is 0.
8884 memset(sub_filter, '\0', sizeof(sub_filter));
8885 memset(range, '\0', sizeof(range));
8886 sprintf(sub_filter, "(objectClass=msExchMDB)");
8889 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8891 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8893 attr_array[0] = range;
8894 attr_array[1] = NULL;
8896 sub_group_base = NULL;
8897 sub_group_count = 0;
8899 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8900 attr_array, &sub_group_base,
8902 LDAP_SCOPE_SUBTREE)) != 0)
8904 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8905 ldap_err2string(rc));
8909 if(!sub_group_count)
8915 rangeHigh = rangeLow + (rangeStep - 1);
8922 mdbbl_count += sub_group_count;
8923 rangeLow = rangeHigh + 1;
8924 rangeHigh = rangeLow + (rangeStep - 1);
8927 /* First time through, need to initialize or update the least used */
8929 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8932 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8934 homeMDB_count = mdbbl_count;
8935 *homeMDB = strdup(gPtr->dn);
8939 linklist_free(sub_group_base);
8943 linklist_free(group_base);
8946 * Ok found the server least allocated need to now query to get its
8947 * msExchHomeServerName so we can set it as a user attribute
8950 attr_array[0] = "legacyExchangeDN";
8951 attr_array[1] = NULL;
8956 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8957 attr_array, &group_base,
8959 LDAP_SCOPE_SUBTREE)) != 0)
8961 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8962 ldap_err2string(rc));
8968 *homeServerName = strdup(group_base->value);
8969 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8975 linklist_free(group_base);
8980 char *lowercase(char *s)
8984 for (p = s; *p; p++)
8992 char *uppercase(char *s)
8996 for (p = s; *p; p++)
9004 char *escape_string(char *s)
9012 memset(string, '\0', sizeof(string));
9016 /* Escape any special characters */
9018 for(; *q != '\0'; q++) {
9041 return strdup(string);
9044 int save_query_info(int argc, char **argv, void *hint)
9047 char **nargv = hint;
9049 for(i = 0; i < argc; i++)
9050 nargv[i] = strdup(argv[i]);
9055 int save_fsgroup_info(int argc, char **argv, void *hint)
9058 char **nargv = hint;
9062 for(i = 0; i < argc; i++)
9063 nargv[i] = strdup(argv[i]);