2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 7 machines/test/bottom description location contact USER 105316 2222
86 * arguments when moira deletes a container (OU).
87 * containers 7 0 machines/test/bottom description location contact USER 105316 2222
89 * arguments when moira modifies a container information (OU).
90 * containers 7 7 machines/test/bottom description location contact USER 105316 2222 machines/test/bottom description1 location contact USER 105316 2222
92 #include <mit-copyright.h>
104 #include <moira_site.h>
105 #include <mrclient.h>
114 #define ECONNABORTED WSAECONNABORTED
117 #define ECONNREFUSED WSAECONNREFUSED
120 #define EHOSTUNREACH WSAEHOSTUNREACH
122 #define krb5_xfree free
124 #define sleep(A) Sleep(A * 1000);
128 #include <sys/types.h>
129 #include <netinet/in.h>
130 #include <arpa/nameser.h>
132 #include <sys/utsname.h>
135 #define WINADCFG "/moira/winad/winad.cfg"
136 #define strnicmp(A,B,C) strncasecmp(A,B,C)
137 #define UCHAR unsigned char
139 #define UF_SCRIPT 0x0001
140 #define UF_ACCOUNTDISABLE 0x0002
141 #define UF_HOMEDIR_REQUIRED 0x0008
142 #define UF_LOCKOUT 0x0010
143 #define UF_PASSWD_NOTREQD 0x0020
144 #define UF_PASSWD_CANT_CHANGE 0x0040
145 #define UF_DONT_EXPIRE_PASSWD 0x10000
147 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
148 #define UF_NORMAL_ACCOUNT 0x0200
149 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
150 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
151 #define UF_SERVER_TRUST_ACCOUNT 0x2000
154 #define BYTE unsigned char
156 typedef unsigned int DWORD;
157 typedef unsigned long ULONG;
162 unsigned short Data2;
163 unsigned short Data3;
164 unsigned char Data4[8];
167 typedef struct _SID_IDENTIFIER_AUTHORITY {
169 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
171 typedef struct _SID {
173 BYTE SubAuthorityCount;
174 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
175 DWORD SubAuthority[512];
180 #define WINADCFG "winad.cfg"
184 #define WINAFS "\\\\afs\\all\\"
186 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
187 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
188 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
189 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
190 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
192 #define QUERY_VERSION -1
193 #define PRIMARY_REALM "ATHENA.MIT.EDU"
202 #define MEMBER_REMOVE 2
203 #define MEMBER_CHANGE_NAME 3
204 #define MEMBER_ACTIVATE 4
205 #define MEMBER_DEACTIVATE 5
206 #define MEMBER_CREATE 6
208 #define MOIRA_ALL 0x0
209 #define MOIRA_USERS 0x1
210 #define MOIRA_KERBEROS 0x2
211 #define MOIRA_STRINGS 0x4
212 #define MOIRA_LISTS 0x8
214 #define CHECK_GROUPS 1
215 #define CLEANUP_GROUPS 2
217 #define AD_NO_GROUPS_FOUND -1
218 #define AD_WRONG_GROUP_DN_FOUND -2
219 #define AD_MULTIPLE_GROUPS_FOUND -3
220 #define AD_INVALID_NAME -4
221 #define AD_LDAP_FAILURE -5
222 #define AD_INVALID_FILESYS -6
223 #define AD_NO_ATTRIBUTE_FOUND -7
224 #define AD_NO_OU_FOUND -8
225 #define AD_NO_USER_FOUND -9
227 /* container arguments */
228 #define CONTAINER_NAME 0
229 #define CONTAINER_DESC 1
230 #define CONTAINER_LOCATION 2
231 #define CONTAINER_CONTACT 3
232 #define CONTAINER_TYPE 4
233 #define CONTAINER_ID 5
234 #define CONTAINER_ROWID 6
236 typedef struct lk_entry {
246 struct lk_entry *next;
249 #define STOP_FILE "/moira/winad/nowinad"
250 #define file_exists(file) (access((file), F_OK) == 0)
252 #define LDAP_BERVAL struct berval
253 #define MAX_SERVER_NAMES 32
255 #define ADD_ATTR(t, v, o) \
256 mods[n] = malloc(sizeof(LDAPMod)); \
257 mods[n]->mod_op = o; \
258 mods[n]->mod_type = t; \
259 mods[n++]->mod_values = v
261 LK_ENTRY *member_base = NULL;
262 LK_ENTRY *sid_base = NULL;
263 LK_ENTRY **sid_ptr = NULL;
264 static char tbl_buf[1024];
265 char kerberos_ou[] = "OU=kerberos,OU=moira";
266 char contact_ou[] = "OU=strings,OU=moira";
267 char user_ou[] = "OU=users,OU=moira";
268 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
269 char group_ou_root[] = "OU=lists,OU=moira";
270 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
271 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
272 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
273 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
274 char orphans_other_ou[] = "OU=Other,OU=Orphans";
276 char ldap_domain[256];
277 int mr_connections = 0;
279 char default_server[256];
280 static char tbl_buf[1024];
282 extern int set_password(char *user, char *password, char *domain);
284 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
285 char *group_membership, char *MoiraId, char *attribute,
286 LK_ENTRY **linklist_base, int *linklist_count,
288 void AfsToWinAfs(char* path, char* winPath);
289 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
290 char *Win2kPassword, char *Win2kUser, char *default_server,
292 void ad_kdc_disconnect();
293 void check_winad(void);
294 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
296 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
297 char *distinguishedName, int count, char **av);
298 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
299 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
300 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
301 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
302 char *distinguishedName, int count, char **av);
303 void container_get_dn(char *src, char *dest);
304 void container_get_name(char *src, char *dest);
305 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
306 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
307 int afterc, char **after);
308 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
309 int afterc, char **after);
311 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
312 char *fs_type, char *fs_pack, int operation);
313 int get_group_membership(char *group_membership, char *group_ou,
314 int *security_flag, char **av);
315 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
316 char *group_name, char *group_ou, char *group_membership,
317 int group_security_flag, int type);
318 int process_lists(int ac, char **av, void *ptr);
319 int user_create(int ac, char **av, void *ptr);
320 int user_change_status(LDAP *ldap_handle, char *dn_path,
321 char *user_name, char *MoiraId, int operation);
322 int user_delete(LDAP *ldap_handle, char *dn_path,
323 char *u_name, char *MoiraId);
324 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
326 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
327 char *uid, char *MitId, char *MoiraId, int State);
328 void change_to_lower_case(char *ptr);
329 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
330 int group_create(int ac, char **av, void *ptr);
331 int group_delete(LDAP *ldap_handle, char *dn_path,
332 char *group_name, char *group_membership, char *MoiraId);
333 int group_rename(LDAP *ldap_handle, char *dn_path,
334 char *before_group_name, char *before_group_membership,
335 char *before_group_ou, int before_security_flag, char *before_desc,
336 char *after_group_name, char *after_group_membership,
337 char *after_group_ou, int after_security_flag, char *after_desc,
338 char *MoiraId, char *filter);
339 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
340 char *group_name, char *group_ou, char *group_membership,
341 int group_security_flag, int updateGroup);
342 int member_list_build(int ac, char **av, void *ptr);
343 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
344 char *group_ou, char *group_membership,
345 char *user_name, char *pUserOu, char *MoiraId);
346 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
347 char *group_ou, char *group_membership, char *user_name,
348 char *pUserOu, char *MoiraId);
349 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
350 char *group_ou, char *group_membership,
351 int group_security_flag, char *MoiraId);
352 int sid_update(LDAP *ldap_handle, char *dn_path);
353 int check_string(char *s);
354 int check_container_name(char* s);
355 void convert_b_to_a(char *string, UCHAR *binary, int length);
356 int mr_connect_cl(char *server, char *client, int version, int auth);
358 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
359 char **before, int beforec, char **after, int afterc);
360 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
361 char **before, int beforec, char **after, int afterc);
362 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
363 char **before, int beforec, char **after, int afterc);
364 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
365 char **before, int beforec, char **after, int afterc);
366 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
367 char **before, int beforec, char **after, int afterc);
368 int linklist_create_entry(char *attribute, char *value,
369 LK_ENTRY **linklist_entry);
370 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
371 char **attr_array, LK_ENTRY **linklist_base,
372 int *linklist_count);
373 void linklist_free(LK_ENTRY *linklist_base);
375 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
376 char *distinguished_name, LK_ENTRY **linklist_current);
377 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
378 LK_ENTRY **linklist_base, int *linklist_count);
379 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
380 char *Attribute, char *distinguished_name,
381 LK_ENTRY **linklist_current);
383 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
384 char *oldValue, char *newValue,
385 char ***modvalues, int type);
386 void free_values(char **modvalues);
388 int convert_domain_to_dn(char *domain, char **bind_path);
389 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
390 char *distinguished_name);
391 int moira_disconnect(void);
392 int moira_connect(void);
393 void print_to_screen(const char *fmt, ...);
395 int main(int argc, char **argv)
408 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
412 com_err(whoami, 0, "%s", "argc < 4");
415 beforec = atoi(argv[2]);
416 afterc = atoi(argv[3]);
418 if (argc < (4 + beforec + afterc))
420 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
426 after = &argv[4 + beforec];
428 for (i = 1; i < argc; i++)
430 strcat(tbl_buf, argv[i]);
431 strcat(tbl_buf, " ");
433 com_err(whoami, 0, "%s", tbl_buf);
437 memset(ldap_domain, '\0', sizeof(ldap_domain));
438 if ((fptr = fopen(WINADCFG, "r")) != NULL)
440 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
443 if (strlen(ldap_domain) == 0)
444 strcpy(ldap_domain, "win.mit.edu");
445 initialize_sms_error_table();
446 initialize_krb_error_table();
448 memset(default_server, '\0', sizeof(default_server));
449 memset(dn_path, '\0', sizeof(dn_path));
450 for (i = 0; i < 5; i++)
452 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1)))
458 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
462 for (i = 0; i < (int)strlen(table); i++)
463 table[i] = tolower(table[i]);
464 if (!strcmp(table, "users"))
465 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
467 else if (!strcmp(table, "list"))
468 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
470 else if (!strcmp(table, "imembers"))
471 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
473 else if (!strcmp(table, "filesys"))
474 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
476 else if (!strcmp(table, "containers"))
477 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
480 rc = ldap_unbind_s(ldap_handle);
484 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
485 char **before, int beforec, char **after, int afterc)
488 if ((beforec == 0) && (afterc == 0))
491 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
493 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
494 container_delete(ldap_handle, dn_path, beforec, before);
497 if ((beforec == 0) && (afterc != 0)) /*create a container*/
499 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
500 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
501 container_create(ldap_handle, dn_path, afterc, after);
505 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
507 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
508 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
511 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
512 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
516 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
517 char **before, int beforec, char **after, int afterc)
530 if (afterc < FS_CREATE)
534 atype = !strcmp(after[FS_TYPE], "AFS");
535 acreate = atoi(after[FS_CREATE]);
538 if (beforec < FS_CREATE)
540 if (acreate == 0 || atype == 0)
542 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
546 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
547 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
549 if (rc != LDAP_SUCCESS)
550 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
557 if (rc = moira_connect())
559 critical_alert("AD incremental",
560 "Error contacting Moira server : %s",
564 av[0] = after[FS_NAME];
565 call_args[0] = (char *)ldap_handle;
566 call_args[1] = dn_path;
572 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
576 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
582 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
585 if (sid_base != NULL)
587 sid_update(ldap_handle, dn_path);
588 linklist_free(sid_base);
596 btype = !strcmp(before[FS_TYPE], "AFS");
597 bcreate = atoi(before[FS_CREATE]);
598 if (afterc < FS_CREATE)
600 if (btype && bcreate)
602 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
603 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
605 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
614 if (!atype && !btype)
616 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
618 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
619 before[FS_NAME], after[FS_NAME]);
623 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
627 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
628 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
630 if (rc != LDAP_SUCCESS)
631 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
638 if (rc = moira_connect())
640 critical_alert("AD incremental",
641 "Error contacting Moira server : %s",
645 av[0] = after[FS_NAME];
646 call_args[0] = (char *)ldap_handle;
647 call_args[1] = dn_path;
653 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
657 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
663 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
666 if (sid_base != NULL)
668 sid_update(ldap_handle, dn_path);
669 linklist_free(sid_base);
679 #define L_LIST_DESC 9
682 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
683 char **before, int beforec, char **after, int afterc)
687 char group_membership[6];
692 char before_list_id[32];
693 char before_group_membership[1];
694 int before_security_flag;
695 char before_group_ou[256];
696 LK_ENTRY *ptr = NULL;
698 if (beforec == 0 && afterc == 0)
701 memset(list_id, '\0', sizeof(list_id));
702 memset(before_list_id, '\0', sizeof(before_list_id));
703 memset(before_group_ou, '\0', sizeof(before_group_ou));
704 memset(before_group_membership, '\0', sizeof(before_group_membership));
705 memset(group_ou, '\0', sizeof(group_ou));
706 memset(group_membership, '\0', sizeof(group_membership));
711 if (beforec < L_LIST_ID)
713 if (beforec > L_LIST_DESC)
715 strcpy(before_list_id, before[L_LIST_ID]);
717 before_security_flag = 0;
718 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
722 if (afterc < L_LIST_ID)
724 if (afterc > L_LIST_DESC)
726 strcpy(list_id, before[L_LIST_ID]);
729 get_group_membership(group_membership, group_ou, &security_flag, after);
732 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
739 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
740 before_group_ou, before_group_membership,
741 before_security_flag, CHECK_GROUPS)))
743 if (rc == AD_NO_GROUPS_FOUND)
747 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
749 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
750 before_group_ou, before_group_membership,
751 before_security_flag, CLEANUP_GROUPS);
753 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
755 com_err(whoami, 0, "Could not change list name from %s to %s",
756 before[L_NAME], after[L_NAME]);
759 if (rc == AD_NO_GROUPS_FOUND)
765 if ((beforec != 0) && (afterc != 0))
767 if (((strcmp(after[L_NAME], before[L_NAME])) ||
768 ((!strcmp(after[L_NAME], before[L_NAME])) &&
769 (strcmp(before_group_ou, group_ou)))) &&
772 com_err(whoami, 0, "Changing list name from %s to %s",
773 before[L_NAME], after[L_NAME]);
774 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
775 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
777 com_err(whoami, 0, "%s", "couldn't find the group OU's");
780 memset(filter, '\0', sizeof(filter));
781 if ((rc = group_rename(ldap_handle, dn_path,
782 before[L_NAME], before_group_membership,
783 before_group_ou, before_security_flag, before[L_LIST_DESC],
784 after[L_NAME], group_membership,
785 group_ou, security_flag, after[L_LIST_DESC],
788 if (rc != AD_NO_GROUPS_FOUND)
790 com_err(whoami, 0, "Could not change list name from %s to %s",
791 before[L_NAME], after[L_NAME]);
804 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
806 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
809 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
810 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
811 before_group_membership, before_list_id);
818 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
819 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
820 group_ou, group_membership,
821 security_flag, CHECK_GROUPS))
823 if (rc != AD_NO_GROUPS_FOUND)
825 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
827 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
828 group_ou, group_membership,
829 security_flag, CLEANUP_GROUPS);
833 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
840 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
842 if (rc = moira_connect())
844 critical_alert("AD incremental",
845 "Error contacting Moira server : %s",
850 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
851 group_ou, group_membership, security_flag, updateGroup))
856 if (atoi(after[L_ACTIVE]))
858 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
859 group_membership, security_flag, list_id);
867 #define LM_EXTRA_ACTIVE (LM_END)
868 #define LM_EXTRA_PUBLIC (LM_END+1)
869 #define LM_EXTRA_HIDDEN (LM_END+2)
870 #define LM_EXTRA_MAILLIST (LM_END+3)
871 #define LM_EXTRA_GROUP (LM_END+4)
872 #define LM_EXTRA_GID (LM_END+5)
873 #define LMN_LIST_ID (LM_END+6)
874 #define LM_LIST_ID (LM_END+7)
875 #define LM_USER_ID (LM_END+8)
876 #define LM_EXTRA_END (LM_END+9)
878 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
879 char **before, int beforec, char **after, int afterc)
881 char group_name[128];
884 char moira_list_id[32];
885 char moira_user_id[32];
886 char group_membership[1];
898 memset(moira_list_id, '\0', sizeof(moira_list_id));
899 memset(moira_user_id, '\0', sizeof(moira_user_id));
902 if (afterc < LM_EXTRA_GID)
904 if (!atoi(after[LM_EXTRA_ACTIVE]))
907 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
909 strcpy(user_name, after[LM_MEMBER]);
910 strcpy(group_name, after[LM_LIST]);
911 strcpy(user_type, after[LM_TYPE]);
912 if (!strcasecmp(ptr[LM_TYPE], "USER"))
914 if (afterc > LMN_LIST_ID)
916 strcpy(moira_list_id, after[LM_LIST_ID]);
917 strcpy(moira_user_id, after[LM_USER_ID]);
922 if (afterc > LM_EXTRA_GID)
923 strcpy(moira_list_id, after[LMN_LIST_ID]);
928 if (beforec < LM_EXTRA_GID)
930 if (!atoi(before[LM_EXTRA_ACTIVE]))
933 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
935 strcpy(user_name, before[LM_MEMBER]);
936 strcpy(group_name, before[LM_LIST]);
937 strcpy(user_type, before[LM_TYPE]);
938 if (!strcasecmp(ptr[LM_TYPE], "USER"))
940 if (beforec > LMN_LIST_ID)
942 strcpy(moira_list_id, before[LM_LIST_ID]);
943 strcpy(moira_user_id, before[LM_USER_ID]);
948 if (beforec > LM_EXTRA_GID)
949 strcpy(moira_list_id, before[LMN_LIST_ID]);
956 args[L_NAME] = ptr[LM_LIST];
957 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
958 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
959 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
960 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
961 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
962 args[L_GID] = ptr[LM_EXTRA_GID];
965 memset(group_ou, '\0', sizeof(group_ou));
966 get_group_membership(group_membership, group_ou, &security_flag, args);
967 if (strlen(group_ou) == 0)
969 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
972 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
974 if (rc != AD_NO_GROUPS_FOUND)
976 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
978 if (rc != AD_NO_GROUPS_FOUND)
981 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
983 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
989 if (rc == AD_NO_GROUPS_FOUND)
991 if (rc = moira_connect())
993 critical_alert("AD incremental",
994 "Error contacting Moira server : %s",
999 com_err(whoami, 0, "creating group %s", group_name);
1000 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1001 group_ou, group_membership, security_flag, 0))
1006 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1008 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1009 group_membership, security_flag, moira_list_id);
1016 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1018 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1020 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1022 pUserOu = contact_ou;
1024 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1026 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1028 pUserOu = kerberos_ou;
1030 if (rc = member_remove(ldap_handle, dn_path, group_name,
1031 group_ou, group_membership, ptr[LM_MEMBER],
1032 pUserOu, moira_list_id))
1033 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
1037 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1039 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1041 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1043 pUserOu = contact_ou;
1045 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1047 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1049 pUserOu = kerberos_ou;
1051 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1053 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1054 moira_user_id)) == AD_NO_USER_FOUND)
1056 if (rc = moira_connect())
1058 critical_alert("AD incremental",
1059 "Error connection to Moira : %s",
1063 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1064 av[0] = ptr[LM_MEMBER];
1065 call_args[0] = (char *)ldap_handle;
1066 call_args[1] = dn_path;
1067 call_args[2] = moira_user_id;
1068 call_args[3] = NULL;
1070 sid_ptr = &sid_base;
1072 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1076 com_err(whoami, 0, "couldn't create user %s : %s",
1077 ptr[LM_MEMBER], error_message(rc));
1083 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1087 if (sid_base != NULL)
1089 sid_update(ldap_handle, dn_path);
1090 linklist_free(sid_base);
1101 if (rc = member_add(ldap_handle, dn_path, group_name,
1102 group_ou, group_membership, ptr[LM_MEMBER],
1103 pUserOu, moira_list_id))
1105 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1111 #define U_USER_ID 10
1113 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1114 char **before, int beforec, char **after,
1119 char after_user_id[32];
1120 char before_user_id[32];
1123 if ((beforec == 0) && (afterc == 0))
1126 memset(after_user_id, '\0', sizeof(after_user_id));
1127 memset(before_user_id, '\0', sizeof(before_user_id));
1128 if (beforec > U_USER_ID)
1129 strcpy(before_user_id, before[U_USER_ID]);
1130 if (afterc > U_USER_ID)
1131 strcpy(after_user_id, after[U_USER_ID]);
1133 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1136 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1137 return; /*account is first created but not usable*/
1139 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1141 if (atoi(before[U_STATE]) == 0)
1143 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1144 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1149 /*process anything that gets here*/
1150 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1151 before_user_id)) == AD_NO_USER_FOUND)
1153 if (!check_string(after[U_NAME]))
1155 if (rc = moira_connect())
1157 critical_alert("AD incremental",
1158 "Error connection to Moira : %s",
1162 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1164 av[0] = after[U_NAME];
1165 call_args[0] = (char *)ldap_handle;
1166 call_args[1] = dn_path;
1167 call_args[2] = after_user_id;
1168 call_args[3] = NULL;
1170 sid_ptr = &sid_base;
1172 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1176 com_err(whoami, 0, "couldn't create user %s : %s",
1177 after[U_NAME], error_message(rc));
1183 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1187 if (sid_base != NULL)
1189 sid_update(ldap_handle, dn_path);
1190 linklist_free(sid_base);
1199 if (strcmp(before[U_NAME], after[U_NAME]))
1201 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1203 com_err(whoami, 0, "changing user %s to %s",
1204 before[U_NAME], after[U_NAME]);
1205 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1206 after[U_NAME])) != LDAP_SUCCESS)
1212 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1213 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1214 after[U_UID], after[U_MITID],
1215 after_user_id, atoi(after[U_STATE]));
1219 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1220 char *oldValue, char *newValue,
1221 char ***modvalues, int type)
1223 LK_ENTRY *linklist_ptr;
1227 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1232 for (i = 0; i < (modvalue_count + 1); i++)
1233 (*modvalues)[i] = NULL;
1234 if (modvalue_count != 0)
1236 linklist_ptr = linklist_base;
1237 for (i = 0; i < modvalue_count; i++)
1239 if ((oldValue != NULL) && (newValue != NULL))
1241 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1244 if (type == REPLACE)
1246 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1249 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1250 strcpy((*modvalues)[i], newValue);
1254 if (((*modvalues)[i] = calloc(1,
1255 (int)(cPtr - linklist_ptr->value) +
1256 (linklist_ptr->length - strlen(oldValue)) +
1257 strlen(newValue) + 1)) == NULL)
1259 memset((*modvalues)[i], '\0',
1260 (int)(cPtr - linklist_ptr->value) +
1261 (linklist_ptr->length - strlen(oldValue)) +
1262 strlen(newValue) + 1);
1263 memcpy((*modvalues)[i], linklist_ptr->value,
1264 (int)(cPtr - linklist_ptr->value));
1265 strcat((*modvalues)[i], newValue);
1266 strcat((*modvalues)[i],
1267 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1272 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1273 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1274 memcpy((*modvalues)[i], linklist_ptr->value,
1275 linklist_ptr->length);
1280 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1281 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1282 memcpy((*modvalues)[i], linklist_ptr->value,
1283 linklist_ptr->length);
1285 linklist_ptr = linklist_ptr->next;
1287 (*modvalues)[i] = NULL;
1293 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1294 char **attr_array, LK_ENTRY **linklist_base,
1295 int *linklist_count)
1298 LDAPMessage *ldap_entry;
1302 (*linklist_base) = NULL;
1303 (*linklist_count) = 0;
1304 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1305 search_exp, attr_array, 0, &ldap_entry))
1308 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1312 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1314 ldap_msgfree(ldap_entry);
1319 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1320 LK_ENTRY **linklist_base, int *linklist_count)
1322 char distinguished_name[1024];
1323 LK_ENTRY *linklist_ptr;
1326 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1329 memset(distinguished_name, '\0', sizeof(distinguished_name));
1330 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1332 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1333 linklist_base)) != 0)
1336 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1338 memset(distinguished_name, '\0', sizeof(distinguished_name));
1339 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1341 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1342 linklist_base)) != 0)
1346 linklist_ptr = (*linklist_base);
1347 (*linklist_count) = 0;
1348 while (linklist_ptr != NULL)
1350 ++(*linklist_count);
1351 linklist_ptr = linklist_ptr->next;
1356 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1357 char *distinguished_name, LK_ENTRY **linklist_current)
1363 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1365 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1367 ldap_memfree(Attribute);
1368 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1371 retrieve_values(ldap_handle, ldap_entry, Attribute,
1372 distinguished_name, linklist_current);
1373 ldap_memfree(Attribute);
1376 ldap_ber_free(ptr, 0);
1380 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1381 char *Attribute, char *distinguished_name,
1382 LK_ENTRY **linklist_current)
1388 LK_ENTRY *linklist_previous;
1389 LDAP_BERVAL **ber_value;
1397 SID_IDENTIFIER_AUTHORITY *sid_auth;
1398 unsigned char *subauth_count;
1399 #endif /*LDAP_BEGUG*/
1402 memset(temp, '\0', sizeof(temp));
1403 if ((!strcmp(Attribute, "objectSid")) ||
1404 (!strcmp(Attribute, "objectGUID")))
1409 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1410 Ptr = (void **)ber_value;
1415 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1416 Ptr = (void **)str_value;
1423 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1425 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1426 linklist_previous->next = (*linklist_current);
1427 (*linklist_current) = linklist_previous;
1429 if (((*linklist_current)->attribute = calloc(1,
1430 strlen(Attribute) + 1)) == NULL)
1432 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1433 strcpy((*linklist_current)->attribute, Attribute);
1436 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1437 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1439 memset((*linklist_current)->value, '\0', ber_length);
1440 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1442 (*linklist_current)->length = ber_length;
1446 if (((*linklist_current)->value = calloc(1,
1447 strlen(*Ptr) + 1)) == NULL)
1449 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1450 (*linklist_current)->length = strlen(*Ptr);
1451 strcpy((*linklist_current)->value, *Ptr);
1453 (*linklist_current)->ber_value = use_bervalue;
1454 if (((*linklist_current)->dn = calloc(1,
1455 strlen(distinguished_name) + 1)) == NULL)
1457 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1458 strcpy((*linklist_current)->dn, distinguished_name);
1461 if (!strcmp(Attribute, "objectGUID"))
1463 guid = (GUID *)((*linklist_current)->value);
1464 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1465 guid->Data1, guid->Data2, guid->Data3,
1466 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1467 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1468 guid->Data4[6], guid->Data4[7]);
1469 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1471 else if (!strcmp(Attribute, "objectSid"))
1473 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1475 print_to_screen(" Revision = %d\n", sid->Revision);
1476 print_to_screen(" SID Identifier Authority:\n");
1477 sid_auth = &sid->IdentifierAuthority;
1478 if (sid_auth->Value[0])
1479 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1480 else if (sid_auth->Value[1])
1481 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1482 else if (sid_auth->Value[2])
1483 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1484 else if (sid_auth->Value[3])
1485 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1486 else if (sid_auth->Value[5])
1487 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1489 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1490 subauth_count = GetSidSubAuthorityCount(sid);
1491 print_to_screen(" SidSubAuthorityCount = %d\n",
1493 print_to_screen(" SidSubAuthority:\n");
1494 for (i = 0; i < *subauth_count; i++)
1496 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1497 print_to_screen(" %u\n", *subauth);
1501 else if ((!memcmp(Attribute, "userAccountControl",
1502 strlen("userAccountControl"))) ||
1503 (!memcmp(Attribute, "sAMAccountType",
1504 strlen("sAmAccountType"))))
1506 intValue = atoi(*Ptr);
1507 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1508 if (!memcmp(Attribute, "userAccountControl",
1509 strlen("userAccountControl")))
1511 if (intValue & UF_ACCOUNTDISABLE)
1512 print_to_screen(" %20s : %s\n",
1513 "", "Account disabled");
1515 print_to_screen(" %20s : %s\n",
1516 "", "Account active");
1517 if (intValue & UF_HOMEDIR_REQUIRED)
1518 print_to_screen(" %20s : %s\n",
1519 "", "Home directory required");
1520 if (intValue & UF_LOCKOUT)
1521 print_to_screen(" %20s : %s\n",
1522 "", "Account locked out");
1523 if (intValue & UF_PASSWD_NOTREQD)
1524 print_to_screen(" %20s : %s\n",
1525 "", "No password required");
1526 if (intValue & UF_PASSWD_CANT_CHANGE)
1527 print_to_screen(" %20s : %s\n",
1528 "", "Cannot change password");
1529 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1530 print_to_screen(" %20s : %s\n",
1531 "", "Temp duplicate account");
1532 if (intValue & UF_NORMAL_ACCOUNT)
1533 print_to_screen(" %20s : %s\n",
1534 "", "Normal account");
1535 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1536 print_to_screen(" %20s : %s\n",
1537 "", "Interdomain trust account");
1538 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1539 print_to_screen(" %20s : %s\n",
1540 "", "Workstation trust account");
1541 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1542 print_to_screen(" %20s : %s\n",
1543 "", "Server trust account");
1548 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1550 #endif /*LDAP_DEBUG*/
1552 if (str_value != NULL)
1553 ldap_value_free(str_value);
1554 if (ber_value != NULL)
1555 ldap_value_free_len(ber_value);
1557 (*linklist_current) = linklist_previous;
1561 int moira_connect(void)
1566 if (!mr_connections++)
1569 memset(HostName, '\0', sizeof(HostName));
1570 strcpy(HostName, "ttsp");
1571 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1573 rc = mr_connect(HostName);
1578 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1580 rc = mr_connect(uts.nodename);
1585 rc = mr_auth("winad.incr");
1592 void check_winad(void)
1596 for (i = 0; file_exists(STOP_FILE); i++)
1600 critical_alert("AD incremental",
1601 "WINAD incremental failed (%s exists): %s",
1602 STOP_FILE, tbl_buf);
1609 int moira_disconnect(void)
1612 if (!--mr_connections)
1619 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1620 char *distinguished_name)
1624 CName = ldap_get_dn(ldap_handle, ldap_entry);
1627 strcpy(distinguished_name, CName);
1628 ldap_memfree(CName);
1631 int linklist_create_entry(char *attribute, char *value,
1632 LK_ENTRY **linklist_entry)
1634 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1635 if (!(*linklist_entry))
1639 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1640 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1641 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1642 strcpy((*linklist_entry)->attribute, attribute);
1643 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1644 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1645 strcpy((*linklist_entry)->value, value);
1646 (*linklist_entry)->length = strlen(value);
1647 (*linklist_entry)->next = NULL;
1651 void print_to_screen(const char *fmt, ...)
1655 va_start(pvar, fmt);
1656 vfprintf(stderr, fmt, pvar);
1661 int get_group_membership(char *group_membership, char *group_ou,
1662 int *security_flag, char **av)
1667 maillist_flag = atoi(av[L_MAILLIST]);
1668 group_flag = atoi(av[L_GROUP]);
1669 if (security_flag != NULL)
1670 (*security_flag) = 0;
1672 if ((maillist_flag) && (group_flag))
1674 if (group_membership != NULL)
1675 group_membership[0] = 'B';
1676 if (security_flag != NULL)
1677 (*security_flag) = 1;
1678 if (group_ou != NULL)
1679 strcpy(group_ou, group_ou_both);
1681 else if ((!maillist_flag) && (group_flag))
1683 if (group_membership != NULL)
1684 group_membership[0] = 'S';
1685 if (security_flag != NULL)
1686 (*security_flag) = 1;
1687 if (group_ou != NULL)
1688 strcpy(group_ou, group_ou_security);
1690 else if ((maillist_flag) && (!group_flag))
1692 if (group_membership != NULL)
1693 group_membership[0] = 'D';
1694 if (group_ou != NULL)
1695 strcpy(group_ou, group_ou_distribution);
1699 if (group_membership != NULL)
1700 group_membership[0] = 'N';
1701 if (group_ou != NULL)
1702 strcpy(group_ou, group_ou_neither);
1707 int group_rename(LDAP *ldap_handle, char *dn_path,
1708 char *before_group_name, char *before_group_membership,
1709 char *before_group_ou, int before_security_flag, char *before_desc,
1710 char *after_group_name, char *after_group_membership,
1711 char *after_group_ou, int after_security_flag, char *after_desc,
1712 char *MoiraId, char *filter)
1717 char new_dn_path[512];
1719 char *attr_array[3];
1720 char *mitMoiraId_v[] = {NULL, NULL};
1721 char *name_v[] = {NULL, NULL};
1722 char *desc_v[] = {NULL, NULL};
1723 char *samAccountName_v[] = {NULL, NULL};
1724 char *groupTypeControl_v[] = {NULL, NULL};
1725 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1726 char groupTypeControlStr[80];
1730 LK_ENTRY *group_base;
1733 if (!check_string(before_group_name))
1735 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1736 return(AD_INVALID_NAME);
1738 if (!check_string(after_group_name))
1740 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1741 return(AD_INVALID_NAME);
1746 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1747 before_group_membership,
1748 MoiraId, "distinguishedName", &group_base,
1749 &group_count, filter))
1752 if (group_count == 0)
1754 return(AD_NO_GROUPS_FOUND);
1756 if (group_count != 1)
1759 "multiple groups with MoiraId = %s exist in the AD",
1761 return(AD_MULTIPLE_GROUPS_FOUND);
1763 strcpy(old_dn, group_base->value);
1765 linklist_free(group_base);
1768 attr_array[0] = "sAMAccountName";
1769 attr_array[1] = NULL;
1770 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1771 &group_base, &group_count)) != 0)
1773 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1774 after_group_name, ldap_err2string(rc));
1777 if (group_count != 1)
1780 "Unable to get sAMAccountName for group %s",
1782 return(AD_LDAP_FAILURE);
1785 strcpy(sam_name, group_base->value);
1786 linklist_free(group_base);
1790 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1791 sprintf(new_dn, "cn=%s", after_group_name);
1792 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1793 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1795 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1796 before_group_name, after_group_name, ldap_err2string(rc));
1800 name_v[0] = after_group_name;
1801 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
1803 sprintf(sam_name, "%s_group", after_group_name);
1807 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
1808 before_group_name, after_group_name);
1811 samAccountName_v[0] = sam_name;
1812 if (after_security_flag)
1813 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1814 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1815 groupTypeControl_v[0] = groupTypeControlStr;
1817 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1818 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1819 desc_v[0] = after_desc;
1820 if (strlen(after_desc) == 0)
1822 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1823 mitMoiraId_v[0] = MoiraId;
1824 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1825 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
1827 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1828 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1830 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1831 after_group_name, ldap_err2string(rc));
1833 for (i = 0; i < n; i++)
1838 int group_create(int ac, char **av, void *ptr)
1841 LK_ENTRY *group_base;
1844 char new_group_name[256];
1845 char sam_group_name[256];
1846 char cn_group_name[256];
1847 char *cn_v[] = {NULL, NULL};
1848 char *objectClass_v[] = {"top", "group", NULL};
1850 char *samAccountName_v[] = {NULL, NULL};
1851 char *altSecurityIdentities_v[] = {NULL, NULL};
1852 char *member_v[] = {NULL, NULL};
1853 char *name_v[] = {NULL, NULL};
1854 char *desc_v[] = {NULL, NULL};
1855 char *info_v[] = {NULL, NULL};
1856 char *mitMoiraId_v[] = {NULL, NULL};
1857 char *groupTypeControl_v[] = {NULL, NULL};
1858 char groupTypeControlStr[80];
1859 char group_membership[1];
1862 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1868 char *attr_array[3];
1873 if (!check_string(av[L_NAME]))
1875 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1876 return(AD_INVALID_NAME);
1879 updateGroup = (int)call_args[4];
1880 memset(group_ou, 0, sizeof(group_ou));
1881 memset(group_membership, 0, sizeof(group_membership));
1883 get_group_membership(group_membership, group_ou, &security_flag, av);
1884 strcpy(new_group_name, av[L_NAME]);
1885 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1887 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1889 sprintf(sam_group_name, "%s_group", av[L_NAME]);
1894 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1895 groupTypeControl_v[0] = groupTypeControlStr;
1897 strcpy(cn_group_name, av[L_NAME]);
1899 samAccountName_v[0] = sam_group_name;
1900 name_v[0] = new_group_name;
1901 cn_v[0] = new_group_name;
1904 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1905 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1906 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1907 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1908 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1909 if (strlen(av[L_DESC]) != 0)
1911 desc_v[0] = av[L_DESC];
1912 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1914 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1915 if (strlen(av[L_ACE_NAME]) != 0)
1917 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1919 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1921 if (strlen(call_args[5]) != 0)
1923 mitMoiraId_v[0] = call_args[5];
1924 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
1928 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1930 for (i = 0; i < n; i++)
1932 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1934 com_err(whoami, 0, "Unable to create/update list %s in AD : %s",
1935 av[L_NAME], ldap_err2string(rc));
1940 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
1944 if (strlen(av[L_DESC]) != 0)
1945 desc_v[0] = av[L_DESC];
1946 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1948 if (strlen(av[L_ACE_NAME]) != 0)
1950 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1953 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
1954 if (strlen(call_args[5]) != 0)
1956 mitMoiraId_v[0] = call_args[5];
1957 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1959 if (!(atoi(av[L_ACTIVE])))
1962 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
1965 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
1966 for (i = 0; i < n; i++)
1970 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
1971 if (strlen(call_args[5]) != 0)
1972 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
1973 attr_array[0] = "objectSid";
1974 attr_array[1] = NULL;
1977 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
1978 &group_base, &group_count)) == LDAP_SUCCESS)
1980 if (group_count != 1)
1982 if (strlen(call_args[5]) != 0)
1984 linklist_free(group_base);
1987 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
1988 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
1989 attr_array, &group_base, &group_count);
1992 if (group_count == 1)
1994 (*sid_ptr) = group_base;
1995 (*sid_ptr)->member = strdup(av[L_NAME]);
1996 (*sid_ptr)->type = (char *)GROUPS;
1997 sid_ptr = &(*sid_ptr)->next;
2001 if (group_base != NULL)
2002 linklist_free(group_base);
2007 if (group_base != NULL)
2008 linklist_free(group_base);
2010 return(LDAP_SUCCESS);
2013 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2014 char *group_membership, char *MoiraId)
2016 LK_ENTRY *group_base;
2022 if (!check_string(group_name))
2024 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
2025 return(AD_INVALID_NAME);
2028 memset(filter, '\0', sizeof(filter));
2031 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2032 if (rc = ad_get_group(ldap_handle, temp, group_name,
2033 group_membership, MoiraId,
2034 "distinguishedName", &group_base,
2035 &group_count, filter))
2038 if (group_count == 1)
2040 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2042 linklist_free(group_base);
2043 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2044 group_name, ldap_err2string(rc));
2047 linklist_free(group_base);
2051 linklist_free(group_base);
2052 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2053 return(AD_NO_GROUPS_FOUND);
2059 int process_lists(int ac, char **av, void *ptr)
2064 char group_membership[2];
2070 memset(group_ou, '\0', sizeof(group_ou));
2071 memset(group_membership, '\0', sizeof(group_membership));
2072 get_group_membership(group_membership, group_ou, &security_flag, av);
2073 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2074 group_ou, group_membership, call_args[2],
2075 (char *)call_args[3], "");
2079 int member_list_build(int ac, char **av, void *ptr)
2087 strcpy(temp, av[ACE_NAME]);
2088 if (!check_string(temp))
2090 if (!strcmp(av[ACE_TYPE], "USER"))
2092 if (!((int)call_args[3] & MOIRA_USERS))
2095 else if (!strcmp(av[ACE_TYPE], "STRING"))
2097 if (!((int)call_args[3] & MOIRA_STRINGS))
2099 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2102 else if (!strcmp(av[ACE_TYPE], "LIST"))
2104 if (!((int)call_args[3] & MOIRA_LISTS))
2107 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2109 if (!((int)call_args[3] & MOIRA_KERBEROS))
2111 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2117 linklist = member_base;
2120 if (!strcasecmp(temp, linklist->member))
2122 linklist = linklist->next;
2124 linklist = calloc(1, sizeof(LK_ENTRY));
2126 linklist->dn = NULL;
2127 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2128 strcpy(linklist->list, call_args[2]);
2129 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2130 strcpy(linklist->type, av[ACE_TYPE]);
2131 linklist->member = calloc(1, strlen(temp) + 1);
2132 strcpy(linklist->member, temp);
2133 linklist->next = member_base;
2134 member_base = linklist;
2138 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2139 char *group_ou, char *group_membership, char *user_name,
2140 char *UserOu, char *MoiraId)
2142 char distinguished_name[1024];
2150 LK_ENTRY *group_base;
2153 if (!check_string(group_name))
2154 return(AD_INVALID_NAME);
2156 memset(filter, '\0', sizeof(filter));
2159 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2160 group_membership, MoiraId,
2161 "distinguishedName", &group_base,
2162 &group_count, filter))
2165 if (group_count != 1)
2167 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2169 linklist_free(group_base);
2174 strcpy(distinguished_name, group_base->value);
2175 linklist_free(group_base);
2179 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2180 modvalues[0] = temp;
2181 modvalues[1] = NULL;
2184 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2186 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2187 for (i = 0; i < n; i++)
2189 if (rc == LDAP_UNWILLING_TO_PERFORM)
2191 if (rc != LDAP_SUCCESS)
2193 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2194 group_name, ldap_err2string(rc));
2202 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2203 char *group_ou, char *group_membership, char *user_name,
2204 char *UserOu, char *MoiraId)
2206 char distinguished_name[1024];
2214 LK_ENTRY *group_base;
2217 if (!check_string(group_name))
2218 return(AD_INVALID_NAME);
2221 memset(filter, '\0', sizeof(filter));
2224 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2225 group_membership, MoiraId,
2226 "distinguishedName", &group_base,
2227 &group_count, filter))
2230 if (group_count != 1)
2232 linklist_free(group_base);
2235 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2237 return(AD_MULTIPLE_GROUPS_FOUND);
2240 strcpy(distinguished_name, group_base->value);
2241 linklist_free(group_base);
2245 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2246 modvalues[0] = temp;
2247 modvalues[1] = NULL;
2250 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2252 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2253 if (rc == LDAP_ALREADY_EXISTS)
2255 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2257 if (rc == LDAP_UNWILLING_TO_PERFORM)
2260 for (i = 0; i < n; i++)
2262 if (rc != LDAP_SUCCESS)
2264 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2265 user_name, group_name, ldap_err2string(rc));
2271 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2275 char cn_user_name[256];
2276 char contact_name[256];
2277 char *email_v[] = {NULL, NULL};
2278 char *cn_v[] = {NULL, NULL};
2279 char *contact_v[] = {NULL, NULL};
2280 char *objectClass_v[] = {"top", "person",
2281 "organizationalPerson",
2283 char *name_v[] = {NULL, NULL};
2284 char *desc_v[] = {NULL, NULL};
2289 if (!check_string(user))
2291 com_err(whoami, 0, "invalid LDAP name %s", user);
2292 return(AD_INVALID_NAME);
2294 strcpy(contact_name, user);
2295 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2296 cn_v[0] = cn_user_name;
2297 contact_v[0] = contact_name;
2299 desc_v[0] = "Auto account created by Moira";
2302 strcpy(new_dn, cn_user_name);
2304 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2305 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2306 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2307 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2308 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2309 if (!strcmp(group_ou, contact_ou))
2311 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2315 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2316 for (i = 0; i < n; i++)
2318 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2321 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2322 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2323 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2324 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2325 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2327 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2328 for (i = 0; i < n; i++)
2331 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2333 com_err(whoami, 0, "could not create contact %s : %s",
2334 user, ldap_err2string(rc));
2340 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2341 char *Uid, char *MitId, char *MoiraId, int State)
2344 LK_ENTRY *group_base;
2346 char distinguished_name[256];
2347 char *mitMoiraId_v[] = {NULL, NULL};
2348 char *uid_v[] = {NULL, NULL};
2349 char *mitid_v[] = {NULL, NULL};
2350 char *homedir_v[] = {NULL, NULL};
2351 char *winProfile_v[] = {NULL, NULL};
2352 char *drives_v[] = {NULL, NULL};
2353 char *userAccountControl_v[] = {NULL, NULL};
2354 char userAccountControlStr[80];
2359 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2361 char *attr_array[3];
2368 char winProfile[256];
2370 if (!check_string(user_name))
2372 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2373 return(AD_INVALID_NAME);
2379 if (strlen(MoiraId) != 0)
2381 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2382 attr_array[0] = "cn";
2383 attr_array[1] = NULL;
2384 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2385 &group_base, &group_count)) != 0)
2387 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2388 user_name, ldap_err2string(rc));
2392 if (group_count != 1)
2394 linklist_free(group_base);
2397 sprintf(filter, "(sAMAccountName=%s)", user_name);
2398 attr_array[0] = "cn";
2399 attr_array[1] = NULL;
2400 sprintf(temp, "%s,%s", user_ou, dn_path);
2401 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2402 &group_base, &group_count)) != 0)
2404 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2405 user_name, ldap_err2string(rc));
2410 if (group_count != 1)
2412 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2414 linklist_free(group_base);
2415 return(AD_NO_USER_FOUND);
2417 strcpy(distinguished_name, group_base->dn);
2419 linklist_free(group_base);
2422 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2424 memset(cWeight, 0, sizeof(cWeight));
2425 memset(cPath, 0, sizeof(cPath));
2426 memset(path, 0, sizeof(path));
2427 memset(winPath, 0, sizeof(winPath));
2430 while (hp[i] != NULL)
2432 if (sscanf(hp[i], "%*s %s", cPath))
2434 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
2436 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
2438 if (atoi(cWeight) < last_weight)
2440 strcpy(path, cPath);
2441 last_weight = (int)atoi(cWeight);
2445 strcpy(path, cPath);
2452 if (!strnicmp(path, AFS, strlen(AFS)))
2454 AfsToWinAfs(path, winPath);
2455 homedir_v[0] = winPath;
2456 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2457 strcpy(winProfile, winPath);
2458 strcat(winProfile, "\\.winprofile");
2459 winProfile_v[0] = winProfile;
2460 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2462 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2467 if (strlen(Uid) == 0)
2469 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2470 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2472 if (strlen(MitId) == 0)
2474 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2475 mitMoiraId_v[0] = MoiraId;
2476 if (strlen(MoiraId) == 0)
2477 mitMoiraId_v[0] = NULL;
2478 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2479 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2480 userAccountControl |= UF_ACCOUNTDISABLE;
2481 sprintf(userAccountControlStr, "%ld", userAccountControl);
2482 userAccountControl_v[0] = userAccountControlStr;
2483 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2485 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2487 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2488 user_name, ldap_err2string(rc));
2490 for (i = 0; i < n; i++)
2506 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2514 char *userPrincipalName_v[] = {NULL, NULL};
2515 char *altSecurityIdentities_v[] = {NULL, NULL};
2516 char *name_v[] = {NULL, NULL};
2517 char *samAccountName_v[] = {NULL, NULL};
2522 if (!check_string(before_user_name))
2524 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2525 return(AD_INVALID_NAME);
2527 if (!check_string(user_name))
2529 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2530 return(AD_INVALID_NAME);
2533 strcpy(user_name, user_name);
2534 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2535 sprintf(new_dn, "cn=%s", user_name);
2536 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2537 NULL, NULL)) != LDAP_SUCCESS)
2539 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2540 before_user_name, user_name, ldap_err2string(rc));
2544 name_v[0] = user_name;
2545 sprintf(upn, "%s@%s", user_name, ldap_domain);
2546 userPrincipalName_v[0] = upn;
2547 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2548 altSecurityIdentities_v[0] = temp;
2549 samAccountName_v[0] = user_name;
2552 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2553 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2554 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2555 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2557 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2558 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2560 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2561 user_name, ldap_err2string(rc));
2563 for (i = 0; i < n; i++)
2568 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2569 char *fs_type, char *fs_pack, int operation)
2571 char distinguished_name[256];
2573 char winProfile[256];
2575 char *attr_array[3];
2576 char *homedir_v[] = {NULL, NULL};
2577 char *winProfile_v[] = {NULL, NULL};
2578 char *drives_v[] = {NULL, NULL};
2584 LK_ENTRY *group_base;
2586 if (!check_string(fs_name))
2588 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2589 return(AD_INVALID_NAME);
2592 if (strcmp(fs_type, "AFS"))
2594 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2595 return(AD_INVALID_FILESYS);
2600 sprintf(filter, "(sAMAccountName=%s)", fs_name);
2601 attr_array[0] = "cn";
2602 attr_array[1] = NULL;
2603 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2604 &group_base, &group_count)) != 0)
2606 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2607 fs_name, ldap_err2string(rc));
2611 if (group_count != 1)
2613 linklist_free(group_base);
2614 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2616 return(LDAP_NO_SUCH_OBJECT);
2618 strcpy(distinguished_name, group_base->dn);
2619 linklist_free(group_base);
2623 if (operation == LDAP_MOD_ADD)
2625 memset(winPath, 0, sizeof(winPath));
2626 AfsToWinAfs(fs_pack, winPath);
2627 homedir_v[0] = winPath;
2629 memset(winProfile, 0, sizeof(winProfile));
2630 strcpy(winProfile, winPath);
2631 strcat(winProfile, "\\.winprofile");
2632 winProfile_v[0] = winProfile;
2636 homedir_v[0] = NULL;
2638 winProfile_v[0] = NULL;
2640 ADD_ATTR("profilePath", winProfile_v, operation);
2641 ADD_ATTR("homeDrive", drives_v, operation);
2642 ADD_ATTR("homeDirectory", homedir_v, operation);
2645 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2646 if (rc != LDAP_SUCCESS)
2648 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2649 fs_name, ldap_err2string(rc));
2651 for (i = 0; i < n; i++)
2657 int user_create(int ac, char **av, void *ptr)
2659 LK_ENTRY *group_base;
2662 char user_name[256];
2665 char *cn_v[] = {NULL, NULL};
2666 char *objectClass_v[] = {"top", "person",
2667 "organizationalPerson",
2670 char *samAccountName_v[] = {NULL, NULL};
2671 char *altSecurityIdentities_v[] = {NULL, NULL};
2672 char *mitMoiraId_v[] = {NULL, NULL};
2673 char *name_v[] = {NULL, NULL};
2674 char *desc_v[] = {NULL, NULL};
2675 char *userPrincipalName_v[] = {NULL, NULL};
2676 char *userAccountControl_v[] = {NULL, NULL};
2677 char *uid_v[] = {NULL, NULL};
2678 char *mitid_v[] = {NULL, NULL};
2679 char userAccountControlStr[80];
2681 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2687 char *attr_array[3];
2692 if (!check_string(av[U_NAME]))
2694 callback_rc = AD_INVALID_NAME;
2695 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2696 return(AD_INVALID_NAME);
2699 strcpy(user_name, av[U_NAME]);
2700 sprintf(upn, "%s@%s", user_name, ldap_domain);
2701 sprintf(sam_name, "%s", av[U_NAME]);
2702 samAccountName_v[0] = sam_name;
2703 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
2704 userAccountControl |= UF_ACCOUNTDISABLE;
2705 sprintf(userAccountControlStr, "%ld", userAccountControl);
2706 userAccountControl_v[0] = userAccountControlStr;
2707 userPrincipalName_v[0] = upn;
2709 cn_v[0] = user_name;
2710 name_v[0] = user_name;
2711 desc_v[0] = "Auto account created by Moira";
2712 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2713 altSecurityIdentities_v[0] = temp;
2714 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2717 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2718 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2719 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2720 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2721 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2722 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2723 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2724 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2725 if (strlen(call_args[2]) != 0)
2727 mitMoiraId_v[0] = call_args[2];
2728 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2730 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2731 if (strlen(av[U_UID]) != 0)
2733 uid_v[0] = av[U_UID];
2734 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2735 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2737 if (strlen(av[U_MITID]) != 0)
2738 mitid_v[0] = av[U_MITID];
2740 mitid_v[0] = "none";
2741 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2744 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2745 for (i = 0; i < n; i++)
2747 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2749 com_err(whoami, 0, "could not create user %s : %s",
2750 user_name, ldap_err2string(rc));
2754 if (rc == LDAP_SUCCESS)
2756 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2758 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2762 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2763 if (strlen(call_args[2]) != 0)
2764 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
2765 attr_array[0] = "objectSid";
2766 attr_array[1] = NULL;
2769 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2770 &group_base, &group_count)) == LDAP_SUCCESS)
2772 if (group_count != 1)
2774 if (strlen(call_args[2]) != 0)
2776 linklist_free(group_base);
2779 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2780 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2781 attr_array, &group_base, &group_count);
2784 if (group_count == 1)
2786 (*sid_ptr) = group_base;
2787 (*sid_ptr)->member = strdup(av[U_NAME]);
2788 (*sid_ptr)->type = (char *)GROUPS;
2789 sid_ptr = &(*sid_ptr)->next;
2793 if (group_base != NULL)
2794 linklist_free(group_base);
2799 if (group_base != NULL)
2800 linklist_free(group_base);
2805 int user_change_status(LDAP *ldap_handle, char *dn_path,
2806 char *user_name, char *MoiraId,
2810 char *attr_array[3];
2812 char distinguished_name[1024];
2814 char *mitMoiraId_v[] = {NULL, NULL};
2816 LK_ENTRY *group_base;
2823 if (!check_string(user_name))
2825 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2826 return(AD_INVALID_NAME);
2832 if (strlen(MoiraId) != 0)
2834 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2835 attr_array[0] = "UserAccountControl";
2836 attr_array[1] = NULL;
2837 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2838 &group_base, &group_count)) != 0)
2840 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2841 user_name, ldap_err2string(rc));
2845 if (group_count != 1)
2847 linklist_free(group_base);
2850 sprintf(filter, "(sAMAccountName=%s)", user_name);
2851 attr_array[0] = "UserAccountControl";
2852 attr_array[1] = NULL;
2853 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2854 &group_base, &group_count)) != 0)
2856 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2857 user_name, ldap_err2string(rc));
2862 if (group_count != 1)
2864 linklist_free(group_base);
2865 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2867 return(LDAP_NO_SUCH_OBJECT);
2870 strcpy(distinguished_name, group_base->dn);
2871 ulongValue = atoi((*group_base).value);
2872 if (operation == MEMBER_DEACTIVATE)
2873 ulongValue |= UF_ACCOUNTDISABLE;
2875 ulongValue &= ~UF_ACCOUNTDISABLE;
2876 sprintf(temp, "%ld", ulongValue);
2877 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2878 temp, &modvalues, REPLACE)) == 1)
2880 linklist_free(group_base);
2884 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2885 if (strlen(MoiraId) != 0)
2887 mitMoiraId_v[0] = MoiraId;
2888 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2891 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2892 for (i = 0; i < n; i++)
2894 free_values(modvalues);
2895 if (rc != LDAP_SUCCESS)
2897 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2898 user_name, ldap_err2string(rc));
2904 int user_delete(LDAP *ldap_handle, char *dn_path,
2905 char *u_name, char *MoiraId)
2908 char *attr_array[3];
2909 char distinguished_name[1024];
2910 char user_name[512];
2911 LK_ENTRY *group_base;
2915 if (!check_string(u_name))
2916 return(AD_INVALID_NAME);
2918 strcpy(user_name, u_name);
2922 if (strlen(MoiraId) != 0)
2924 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2925 attr_array[0] = "name";
2926 attr_array[1] = NULL;
2927 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2928 &group_base, &group_count)) != 0)
2930 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2931 user_name, ldap_err2string(rc));
2935 if (group_count != 1)
2937 linklist_free(group_base);
2940 sprintf(filter, "(sAMAccountName=%s)", user_name);
2941 attr_array[0] = "name";
2942 attr_array[1] = NULL;
2943 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2944 &group_base, &group_count)) != 0)
2946 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2947 user_name, ldap_err2string(rc));
2952 if (group_count != 1)
2954 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2959 strcpy(distinguished_name, group_base->dn);
2960 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2962 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2963 user_name, ldap_err2string(rc));
2967 linklist_free(group_base);
2971 void linklist_free(LK_ENTRY *linklist_base)
2973 LK_ENTRY *linklist_previous;
2975 while (linklist_base != NULL)
2977 if (linklist_base->dn != NULL)
2978 free(linklist_base->dn);
2979 if (linklist_base->attribute != NULL)
2980 free(linklist_base->attribute);
2981 if (linklist_base->value != NULL)
2982 free(linklist_base->value);
2983 if (linklist_base->member != NULL)
2984 free(linklist_base->member);
2985 if (linklist_base->type != NULL)
2986 free(linklist_base->type);
2987 if (linklist_base->list != NULL)
2988 free(linklist_base->list);
2989 linklist_previous = linklist_base;
2990 linklist_base = linklist_previous->next;
2991 free(linklist_previous);
2995 void free_values(char **modvalues)
3000 if (modvalues != NULL)
3002 while (modvalues[i] != NULL)
3005 modvalues[i] = NULL;
3012 int sid_update(LDAP *ldap_handle, char *dn_path)
3016 unsigned char temp[126];
3023 memset(temp, 0, sizeof(temp));
3024 convert_b_to_a(temp, ptr->value, ptr->length);
3027 av[0] = ptr->member;
3029 if (ptr->type == (char *)GROUPS)
3032 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3034 else if (ptr->type == (char *)USERS)
3037 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3044 void convert_b_to_a(char *string, UCHAR *binary, int length)
3051 for (i = 0; i < length; i++)
3058 if (string[j] > '9')
3061 string[j] = tmp & 0x0f;
3063 if (string[j] > '9')
3070 static int illegalchars[] = {
3071 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3072 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3073 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3074 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3075 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3076 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3077 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3078 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3079 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3080 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3081 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3082 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3083 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3084 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3085 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3086 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3089 int check_string(char *s)
3096 if (isupper(character))
3097 character = tolower(character);
3098 if (illegalchars[(unsigned) character])
3104 int check_container_name(char *s)
3111 if (isupper(character))
3112 character = tolower(character);
3114 if (character == ' ')
3116 if (illegalchars[(unsigned) character])
3122 int mr_connect_cl(char *server, char *client, int version, int auth)
3128 status = mr_connect(server);
3131 com_err(whoami, status, "while connecting to Moira");
3135 status = mr_motd(&motd);
3139 com_err(whoami, status, "while checking server status");
3144 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3145 com_err(whoami, status, temp);
3150 status = mr_version(version);
3153 if (status == MR_UNKNOWN_PROC)
3156 status = MR_VERSION_HIGH;
3158 status = MR_SUCCESS;
3161 if (status == MR_VERSION_HIGH)
3163 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3164 com_err(whoami, 0, "Some operations may not work.");
3166 else if (status && status != MR_VERSION_LOW)
3168 com_err(whoami, status, "while setting query version number.");
3176 status = mr_auth(client);
3179 com_err(whoami, status, "while authenticating to Moira.");
3188 void AfsToWinAfs(char* path, char* winPath)
3192 strcpy(winPath, WINAFS);
3193 pathPtr = path + strlen(AFS);
3194 winPathPtr = winPath + strlen(WINAFS);
3198 if (*pathPtr == '/')
3201 *winPathPtr = *pathPtr;
3208 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3209 char *group_name, char *group_ou, char *group_membership,
3210 int group_security_flag, int updateGroup)
3217 call_args[0] = (char *)ldap_handle;
3218 call_args[1] = dn_path;
3219 call_args[2] = group_name;
3220 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3221 call_args[4] = (char *)updateGroup;
3222 call_args[5] = MoiraId;
3223 call_args[6] = NULL;
3225 sid_ptr = &sid_base;
3227 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3230 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3236 com_err(whoami, 0, "Couldn't create list %s", group_name);
3237 return(callback_rc);
3240 if (sid_base != NULL)
3242 sid_update(ldap_handle, dn_path);
3243 linklist_free(sid_base);
3249 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3250 char *group_ou, char *group_membership,
3251 int group_security_flag, char *MoiraId)
3259 com_err(whoami, 0, "Populating group %s", group_name);
3261 call_args[0] = (char *)ldap_handle;
3262 call_args[1] = dn_path;
3263 call_args[2] = group_name;
3264 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3265 call_args[4] = NULL;
3267 if (rc = mr_query("get_end_members_of_list", 1, av,
3268 member_list_build, call_args))
3270 com_err(whoami, 0, "Couldn't populate list %s : %s",
3271 group_name, error_message(rc));
3274 if (member_base != NULL)
3279 if (!strcasecmp(ptr->type, "LIST"))
3285 if (!strcasecmp(ptr->type, "STRING"))
3287 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3289 pUserOu = contact_ou;
3291 else if (!strcasecmp(ptr->type, "KERBEROS"))
3293 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3295 pUserOu = kerberos_ou;
3297 rc = member_add(ldap_handle, dn_path, group_name,
3298 group_ou, group_membership, ptr->member,
3302 linklist_free(member_base);
3308 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3309 char *group_name, char *group_ou, char *group_membership,
3310 int group_security_flag, int type)
3312 char before_desc[512];
3313 char before_name[256];
3314 char before_group_ou[256];
3315 char before_group_membership[2];
3316 char distinguishedName[256];
3317 char ad_distinguishedName[256];
3319 char *attr_array[3];
3320 int before_security_flag;
3323 LK_ENTRY *group_base;
3326 char ou_security[512];
3327 char ou_distribution[512];
3328 char ou_neither[512];
3330 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3331 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3334 memset(filter, '\0', sizeof(filter));
3337 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3339 "distinguishedName", &group_base,
3340 &group_count, filter))
3343 if (type == CHECK_GROUPS)
3345 if (group_count == 1)
3347 if (!strcasecmp(group_base->value, distinguishedName))
3349 linklist_free(group_base);
3353 linklist_free(group_base);
3354 if (group_count == 0)
3355 return(AD_NO_GROUPS_FOUND);
3356 if (group_count == 1)
3357 return(AD_WRONG_GROUP_DN_FOUND);
3358 return(AD_MULTIPLE_GROUPS_FOUND);
3360 if (group_count == 0)
3362 return(AD_NO_GROUPS_FOUND);
3364 if (group_count > 1)
3369 if (!strcasecmp(distinguishedName, ptr->value))
3375 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3379 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3382 linklist_free(group_base);
3383 return(AD_MULTIPLE_GROUPS_FOUND);
3388 if (strcasecmp(distinguishedName, ptr->value))
3389 rc = ldap_delete_s(ldap_handle, ptr->value);
3392 linklist_free(group_base);
3393 memset(filter, '\0', sizeof(filter));
3396 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3398 "distinguishedName", &group_base,
3399 &group_count, filter))
3401 if (group_count == 0)
3402 return(AD_NO_GROUPS_FOUND);
3403 if (group_count > 1)
3404 return(AD_MULTIPLE_GROUPS_FOUND);
3407 strcpy(ad_distinguishedName, group_base->value);
3408 linklist_free(group_base);
3412 attr_array[0] = "sAMAccountName";
3413 attr_array[1] = NULL;
3414 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3415 &group_base, &group_count)) != 0)
3417 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3418 MoiraId, ldap_err2string(rc));
3421 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3423 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3425 linklist_free(group_base);
3430 linklist_free(group_base);
3433 memset(ou_both, '\0', sizeof(ou_both));
3434 memset(ou_security, '\0', sizeof(ou_security));
3435 memset(ou_distribution, '\0', sizeof(ou_distribution));
3436 memset(ou_neither, '\0', sizeof(ou_neither));
3437 memset(before_name, '\0', sizeof(before_name));
3438 memset(before_desc, '\0', sizeof(before_desc));
3439 memset(before_group_membership, '\0', sizeof(before_group_membership));
3440 attr_array[0] = "name";
3441 attr_array[1] = NULL;
3442 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3443 &group_base, &group_count)) != 0)
3445 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
3446 MoiraId, ldap_err2string(rc));
3449 strcpy(before_name, group_base->value);
3450 linklist_free(group_base);
3453 attr_array[0] = "description";
3454 attr_array[1] = NULL;
3455 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3456 &group_base, &group_count)) != 0)
3459 "LDAP server unable to get list description with MoiraId = %s: %s",
3460 MoiraId, ldap_err2string(rc));
3463 if (group_count != 0)
3465 strcpy(before_desc, group_base->value);
3466 linklist_free(group_base);
3470 change_to_lower_case(ad_distinguishedName);
3471 strcpy(ou_both, group_ou_both);
3472 change_to_lower_case(ou_both);
3473 strcpy(ou_security, group_ou_security);
3474 change_to_lower_case(ou_security);
3475 strcpy(ou_distribution, group_ou_distribution);
3476 change_to_lower_case(ou_distribution);
3477 strcpy(ou_neither, group_ou_neither);
3478 change_to_lower_case(ou_neither);
3479 if (strstr(ad_distinguishedName, ou_both))
3481 strcpy(before_group_ou, group_ou_both);
3482 before_group_membership[0] = 'B';
3483 before_security_flag = 1;
3485 else if (strstr(ad_distinguishedName, ou_security))
3487 strcpy(before_group_ou, group_ou_security);
3488 before_group_membership[0] = 'S';
3489 before_security_flag = 1;
3491 else if (strstr(ad_distinguishedName, ou_distribution))
3493 strcpy(before_group_ou, group_ou_distribution);
3494 before_group_membership[0] = 'D';
3495 before_security_flag = 0;
3497 else if (strstr(ad_distinguishedName, ou_neither))
3499 strcpy(before_group_ou, group_ou_neither);
3500 before_group_membership[0] = 'N';
3501 before_security_flag = 0;
3504 return(AD_NO_OU_FOUND);
3505 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3506 before_group_ou, before_security_flag, before_desc,
3507 group_name, group_membership, group_ou, group_security_flag,
3508 before_desc, MoiraId, filter);
3512 void change_to_lower_case(char *ptr)
3516 for (i = 0; i < (int)strlen(ptr); i++)
3518 ptr[i] = tolower(ptr[i]);
3522 int ad_get_group(LDAP *ldap_handle, char *dn_path,
3523 char *group_name, char *group_membership,
3524 char *MoiraId, char *attribute,
3525 LK_ENTRY **linklist_base, int *linklist_count,
3530 char *attr_array[3];
3533 (*linklist_base) = NULL;
3534 (*linklist_count) = 0;
3535 if (strlen(rFilter) != 0)
3537 strcpy(filter, rFilter);
3538 attr_array[0] = attribute;
3539 attr_array[1] = NULL;
3540 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3541 linklist_base, linklist_count)) != 0)
3543 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3544 MoiraId, ldap_err2string(rc));
3547 if ((*linklist_count) == 1)
3549 strcpy(rFilter, filter);
3554 linklist_free((*linklist_base));
3555 (*linklist_base) = NULL;
3556 (*linklist_count) = 0;
3557 if (strlen(MoiraId) != 0)
3559 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
3560 attr_array[0] = attribute;
3561 attr_array[1] = NULL;
3562 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3563 linklist_base, linklist_count)) != 0)
3565 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3566 MoiraId, ldap_err2string(rc));
3570 if ((*linklist_count) > 1)
3572 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
3573 pPtr = (*linklist_base);
3576 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
3579 linklist_free((*linklist_base));
3580 (*linklist_base) = NULL;
3581 (*linklist_count) = 0;
3583 if ((*linklist_count) == 1)
3585 strcpy(rFilter, filter);
3589 linklist_free((*linklist_base));
3590 (*linklist_base) = NULL;
3591 (*linklist_count) = 0;
3592 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
3593 attr_array[0] = attribute;
3594 attr_array[1] = NULL;
3595 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3596 linklist_base, linklist_count)) != 0)
3598 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3599 MoiraId, ldap_err2string(rc));
3602 if ((*linklist_count) == 1)
3604 strcpy(rFilter, filter);
3611 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
3614 char *attr_array[3];
3615 char SamAccountName[64];
3618 LK_ENTRY *group_base;
3624 if (strlen(MoiraId) != 0)
3626 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3627 attr_array[0] = "sAMAccountName";
3628 attr_array[1] = NULL;
3629 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3630 &group_base, &group_count)) != 0)
3632 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3633 UserName, ldap_err2string(rc));
3636 if (group_count > 1)
3638 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
3643 com_err(whoami, 0, "user %s exist with MoiraId = %s",
3644 gPtr->value, MoiraId);
3649 if (group_count != 1)
3651 linklist_free(group_base);
3654 sprintf(filter, "(sAMAccountName=%s)", UserName);
3655 attr_array[0] = "sAMAccountName";
3656 attr_array[1] = NULL;
3657 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3658 &group_base, &group_count)) != 0)
3660 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3661 UserName, ldap_err2string(rc));
3666 if (group_count != 1)
3668 linklist_free(group_base);
3669 return(AD_NO_USER_FOUND);
3671 strcpy(SamAccountName, group_base->value);
3672 linklist_free(group_base);
3675 if (strcmp(SamAccountName, UserName))
3677 rc = user_rename(ldap_handle, dn_path, SamAccountName,
3683 void container_get_dn(char *src, char *dest)
3690 memset(array, '\0', 20 * sizeof(array[0]));
3692 if (strlen(src) == 0)
3711 strcpy(dest, "OU=");
3714 strcat(dest, array[n-1]);
3718 strcat(dest, ",OU=");
3724 void container_get_name(char *src, char *dest)
3729 if (strlen(src) == 0)
3746 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
3753 strcpy(cName, name);
3754 for (i = 0; i < (int)strlen(cName); i++)
3756 if (cName[i] == '/')
3759 av[CONTAINER_NAME] = cName;
3760 av[CONTAINER_DESC] = "";
3761 av[CONTAINER_LOCATION] = "";
3762 av[CONTAINER_CONTACT] = "";
3763 av[CONTAINER_TYPE] = "";
3764 av[CONTAINER_ID] = "";
3765 av[CONTAINER_ROWID] = "";
3766 rc = container_create(ldap_handle, dn_path, 7, av);
3767 if (rc == LDAP_SUCCESS)
3769 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
3777 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
3778 int afterc, char **after)
3783 char new_dn_path[256];
3785 char distinguishedName[256];
3790 memset(cName, '\0', sizeof(cName));
3791 container_get_name(after[CONTAINER_NAME], cName);
3792 if (!check_container_name(cName))
3794 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3795 return(AD_INVALID_NAME);
3798 memset(distinguishedName, '\0', sizeof(distinguishedName));
3799 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
3801 if (strlen(distinguishedName) == 0)
3803 rc = container_create(ldap_handle, dn_path, afterc, after);
3807 strcpy(temp, after[CONTAINER_NAME]);
3809 for (i = 0; i < (int)strlen(temp); i++)
3818 container_get_dn(temp, dName);
3819 if (strlen(temp) != 0)
3820 sprintf(new_dn_path, "%s,%s", dName, dn_path);
3822 sprintf(new_dn_path, "%s", dn_path);
3823 sprintf(new_cn, "OU=%s", cName);
3825 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
3827 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
3828 TRUE, NULL, NULL)) != LDAP_SUCCESS)
3830 com_err(whoami, 0, "couldn't rename container from %s to %s : %s",
3831 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
3835 memset(dName, '\0', sizeof(dName));
3836 container_get_dn(after[CONTAINER_NAME], dName);
3837 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
3841 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
3843 char distinguishedName[256];
3846 memset(distinguishedName, '\0', sizeof(distinguishedName));
3847 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
3849 if (strlen(distinguishedName) == 0)
3851 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
3853 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
3854 container_move_objects(ldap_handle, dn_path, distinguishedName);
3856 com_err(whoami, 0, "unable to delete container %s from AD : %s",
3857 av[CONTAINER_NAME], ldap_err2string(rc));
3861 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
3863 char *attr_array[3];
3864 LK_ENTRY *group_base;
3867 char *objectClass_v[] = {"top",
3868 "organizationalUnit",
3871 char *ou_v[] = {NULL, NULL};
3872 char *name_v[] = {NULL, NULL};
3873 char *moiraId_v[] = {NULL, NULL};
3874 char *desc_v[] = {NULL, NULL};
3875 char *managedBy_v[] = {NULL, NULL};
3878 char managedByDN[256];
3885 memset(filter, '\0', sizeof(filter));
3886 memset(dName, '\0', sizeof(dName));
3887 memset(cName, '\0', sizeof(cName));
3888 memset(managedByDN, '\0', sizeof(managedByDN));
3889 container_get_dn(av[CONTAINER_NAME], dName);
3890 container_get_name(av[CONTAINER_NAME], cName);
3892 if ((strlen(cName) == 0) || (strlen(dName) == 0))
3894 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3895 return(AD_INVALID_NAME);
3898 if (!check_container_name(cName))
3900 com_err(whoami, 0, "invalid LDAP container name %s", cName);
3901 return(AD_INVALID_NAME);
3905 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3907 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3909 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
3910 if (strlen(av[CONTAINER_ROWID]) != 0)
3912 moiraId_v[0] = av[CONTAINER_ROWID];
3913 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
3915 if (strlen(av[CONTAINER_DESC]) != 0)
3917 desc_v[0] = av[CONTAINER_DESC];
3918 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3920 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
3922 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
3924 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
3926 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
3927 managedBy_v[0] = managedByDN;
3928 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
3933 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
3935 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
3937 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
3939 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
3941 if (strlen(filter) != 0)
3943 attr_array[0] = "distinguishedName";
3944 attr_array[1] = NULL;
3947 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3948 &group_base, &group_count)) == LDAP_SUCCESS)
3950 if (group_count == 1)
3952 strcpy(managedByDN, group_base->value);
3953 managedBy_v[0] = managedByDN;
3954 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
3956 linklist_free(group_base);
3965 sprintf(temp, "%s,%s", dName, dn_path);
3966 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
3967 for (i = 0; i < n; i++)
3969 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3971 com_err(whoami, 0, "couldn't create container %s : %s",
3972 cName, ldap_err2string(rc));
3975 if (rc == LDAP_ALREADY_EXISTS)
3977 if (strlen(av[CONTAINER_ROWID]) != 0)
3978 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
3983 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
3984 int afterc, char **after)
3986 char distinguishedName[256];
3989 memset(distinguishedName, '\0', sizeof(distinguishedName));
3990 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
3992 if (strlen(distinguishedName) == 0)
3994 rc = container_create(ldap_handle, dn_path, afterc, after);
3998 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
3999 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4004 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4006 char *attr_array[3];
4007 LK_ENTRY *group_base;
4014 memset(filter, '\0', sizeof(filter));
4015 memset(dName, '\0', sizeof(dName));
4016 memset(cName, '\0', sizeof(cName));
4017 container_get_dn(av[CONTAINER_NAME], dName);
4018 container_get_name(av[CONTAINER_NAME], cName);
4020 if (strlen(dName) == 0)
4022 com_err(whoami, 0, "invalid LDAP container name %s", av[CONTAINER_NAME]);
4023 return(AD_INVALID_NAME);
4026 if (!check_container_name(cName))
4028 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4029 return(AD_INVALID_NAME);
4032 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4033 attr_array[0] = "distinguishedName";
4034 attr_array[1] = NULL;
4037 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4038 &group_base, &group_count)) == LDAP_SUCCESS)
4040 if (group_count == 1)
4042 strcpy(distinguishedName, group_base->value);
4044 linklist_free(group_base);
4048 if (strlen(distinguishedName) == 0)
4050 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4051 attr_array[0] = "distinguishedName";
4052 attr_array[1] = NULL;
4055 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4056 &group_base, &group_count)) == LDAP_SUCCESS)
4058 if (group_count == 1)
4060 strcpy(distinguishedName, group_base->value);
4062 linklist_free(group_base);
4070 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4071 char *distinguishedName, int count, char **av)
4073 char *attr_array[5];
4074 LK_ENTRY *group_base;
4080 char *moiraId_v[] = {NULL, NULL};
4081 char *desc_v[] = {NULL, NULL};
4082 char *managedBy_v[] = {NULL, NULL};
4083 char managedByDN[256];
4091 strcpy(temp, distinguishedName);
4092 if (strlen(dName) != 0)
4093 sprintf(temp, "%s,%s", dName, dn_path);
4095 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", temp);
4096 if (strlen(av[CONTAINER_ID]) != 0)
4097 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4098 attr_array[0] = "mitMoiraId";
4099 attr_array[1] = "description";
4100 attr_array[2] = "managedBy";
4101 attr_array[3] = NULL;
4104 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4105 &group_base, &group_count)) != LDAP_SUCCESS)
4107 com_err(whoami, 0, "couldn't retreive container info for %s : %s",
4108 av[CONTAINER_NAME], ldap_err2string(rc));
4111 memset(managedByDN, '\0', sizeof(managedByDN));
4112 memset(moiraId, '\0', sizeof(moiraId));
4113 memset(desc, '\0', sizeof(desc));
4117 if (!strcasecmp(pPtr->attribute, "description"))
4118 strcpy(desc, pPtr->value);
4119 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4120 strcpy(managedByDN, pPtr->value);
4121 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4122 strcpy(moiraId, pPtr->value);
4125 linklist_free(group_base);
4130 if (strlen(av[CONTAINER_ROWID]) != 0)
4132 moiraId_v[0] = av[CONTAINER_ROWID];
4133 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4135 if (strlen(av[CONTAINER_DESC]) != 0)
4137 desc_v[0] = av[CONTAINER_DESC];
4138 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4142 if (strlen(desc) != 0)
4145 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4148 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4150 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4152 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4154 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4155 managedBy_v[0] = managedByDN;
4156 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4160 if (strlen(managedByDN) != 0)
4162 managedBy_v[0] = NULL;
4163 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4169 memset(filter, '\0', sizeof(filter));
4170 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4172 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4174 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4176 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4178 if (strlen(filter) != 0)
4180 attr_array[0] = "distinguishedName";
4181 attr_array[1] = NULL;
4184 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4185 &group_base, &group_count)) == LDAP_SUCCESS)
4187 if (group_count == 1)
4189 strcpy(managedByDN, group_base->value);
4190 managedBy_v[0] = managedByDN;
4191 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4195 if (strlen(managedByDN) != 0)
4197 managedBy_v[0] = NULL;
4198 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4201 linklist_free(group_base);
4208 if (strlen(managedByDN) != 0)
4210 managedBy_v[0] = NULL;
4211 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4218 return(LDAP_SUCCESS);
4220 strcpy(temp, distinguishedName);
4221 if (strlen(dName) != 0)
4222 sprintf(temp, "%s,%s", dName, dn_path);
4223 rc = ldap_modify_s(ldap_handle, temp, mods);
4224 for (i = 0; i < n; i++)
4226 if (rc != LDAP_SUCCESS)
4228 com_err(whoami, 0, "couldn't modify container info for %s : %s",
4229 av[CONTAINER_NAME], ldap_err2string(rc));
4235 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4237 char *attr_array[3];
4238 LK_ENTRY *group_base;
4245 int NumberOfEntries = 10;
4249 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4251 for (i = 0; i < 3; i++)
4253 memset(filter, '\0', sizeof(filter));
4256 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4257 attr_array[0] = "cn";
4258 attr_array[1] = NULL;
4262 strcpy(filter, "(objectClass=computer)");
4263 attr_array[0] = "cn";
4264 attr_array[1] = NULL;
4268 strcpy(filter, "(objectClass=organizationalUnit)");
4269 attr_array[0] = "ou";
4270 attr_array[1] = NULL;
4275 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4276 &group_base, &group_count)) != LDAP_SUCCESS)
4280 if (group_count == 0)
4285 if (!strcasecmp(pPtr->attribute, "cn"))
4287 sprintf(new_cn, "cn=%s", pPtr->value);
4289 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4291 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4295 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4297 if (rc == LDAP_ALREADY_EXISTS)
4299 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4306 else if (!strcasecmp(pPtr->attribute, "ou"))
4308 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4312 linklist_free(group_base);