2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_MEMBERS "MAX_MEMBERS:"
384 #define MAX_DOMAINS 10
385 char DomainNames[MAX_DOMAINS][128];
387 LK_ENTRY *member_base = NULL;
389 char PrincipalName[128];
390 static char tbl_buf[1024];
391 char kerberos_ou[] = "OU=kerberos,OU=moira";
392 char contact_ou[] = "OU=strings,OU=moira";
393 char user_ou[] = "OU=users,OU=moira";
394 char group_ou_distribution[1024];
395 char group_ou_root[1024];
396 char group_ou_security[1024];
397 char group_ou_neither[1024];
398 char group_ou_both[1024];
399 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
400 char orphans_other_ou[] = "OU=Other,OU=Orphans";
401 char security_template_ou[] = "OU=security_templates";
403 char ldap_domain[256];
404 char ldap_realm[256];
406 char *ServerList[MAX_SERVER_NAMES];
407 char default_server[256];
408 static char tbl_buf[1024];
409 char group_suffix[256];
410 char exchange_acl[256];
411 int mr_connections = 0;
414 int UseGroupSuffix = 1;
415 int UseGroupUniversal = 0;
419 int ProcessMachineContainer = 1;
420 int ActiveDirectory = 1;
421 int UpdateDomainList;
423 int GroupPopulateDelete = 0;
424 int group_members = 0;
425 int max_group_members = 0;
427 extern int set_password(char *user, char *password, char *domain);
429 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
430 char *group_membership, char *MoiraId, char *attribute,
431 LK_ENTRY **linklist_base, int *linklist_count,
433 void AfsToWinAfs(char* path, char* winPath);
434 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
435 char *Win2kPassword, char *Win2kUser, char *default_server,
436 int connect_to_kdc, char **ServerList, char *ldap_realm,
438 void ad_kdc_disconnect();
439 int ad_server_connect(char *connectedServer, char *domain);
440 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
441 char *attribute_value, char *attribute, char *user_name);
442 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
443 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
444 int check_winad(void);
445 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
448 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
449 char *distinguishedName, int count, char **av);
450 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
451 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
452 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
453 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
454 char *distinguishedName, int count,
456 void container_get_dn(char *src, char *dest);
457 void container_get_name(char *src, char *dest);
458 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
459 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
460 char **before, int afterc, char **after);
461 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
462 char **before, int afterc, char **after);
464 int GetAceInfo(int ac, char **av, void *ptr);
465 int get_group_membership(char *group_membership, char *group_ou,
466 int *security_flag, char **av);
467 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
468 char *machine_ou, char *pPtr);
469 int Moira_container_group_create(char **after);
470 int Moira_container_group_delete(char **before);
471 int Moira_groupname_create(char *GroupName, char *ContainerName,
472 char *ContainerRowID);
473 int Moira_container_group_update(char **before, char **after);
474 int Moira_process_machine_container_group(char *MachineName, char* groupName,
476 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
477 int Moira_getContainerGroup(int ac, char **av, void *ptr);
478 int Moira_getGroupName(char *origContainerName, char *GroupName,
480 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
481 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
482 int UpdateGroup, int *ProcessGroup, char *maillist);
483 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
484 char *group_name, char *group_ou, char *group_membership,
485 int group_security_flag, int type, char *maillist);
486 int process_lists(int ac, char **av, void *ptr);
487 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
488 char *TargetGroupName, int HiddenGroup,
489 char *AceType, char *AceName);
490 int ProcessMachineName(int ac, char **av, void *ptr);
491 int ReadConfigFile(char *DomainName);
492 int ReadDomainList();
493 void StringTrim(char *StringToTrim);
494 char *escape_string(char *s);
495 int save_query_info(int argc, char **argv, void *hint);
496 int save_fsgroup_info(int argc, char **argv, void *hint);
497 int user_create(int ac, char **av, void *ptr);
498 int user_change_status(LDAP *ldap_handle, char *dn_path,
499 char *user_name, char *MoiraId, int operation);
500 int user_delete(LDAP *ldap_handle, char *dn_path,
501 char *u_name, char *MoiraId);
502 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
504 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
505 char *uid, char *MitId, char *MoiraId, int State,
506 char *WinHomeDir, char *WinProfileDir, char *first,
507 char *middle, char *last, char *shell, char *class);
508 void change_to_lower_case(char *ptr);
509 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
510 int contact_remove_email(LDAP *ld, char *bind_path,
511 LK_ENTRY **linklist_entry, int linklist_current);
512 int group_create(int ac, char **av, void *ptr);
513 int group_delete(LDAP *ldap_handle, char *dn_path,
514 char *group_name, char *group_membership, char *MoiraId);
515 int group_rename(LDAP *ldap_handle, char *dn_path,
516 char *before_group_name, char *before_group_membership,
517 char *before_group_ou, int before_security_flag,
518 char *before_desc, char *after_group_name,
519 char *after_group_membership, char *after_group_ou,
520 int after_security_flag, char *after_desc,
521 char *MoiraId, char *filter, char *maillist);
522 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
523 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
524 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
525 char *machine_name, char *container_name);
526 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
527 char *MoiraMachineName, char *DestinationOu);
528 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
529 char *group_name, char *group_ou, char *group_membership,
530 int group_security_flag, int updateGroup, char *maillist);
531 int member_list_build(int ac, char **av, void *ptr);
532 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership,
534 char *user_name, char *pUserOu, char *MoiraId);
535 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership, char *user_name,
537 char *pUserOu, char *MoiraId);
538 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
539 char *group_ou, char *group_membership,
540 int group_security_flag, char *MoiraId, int synchronize);
541 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
542 char *DistinguishedName,
543 char *WinHomeDir, char *WinProfileDir,
544 char **homedir_v, char **winProfile_v,
545 char **drives_v, LDAPMod **mods,
547 int sid_update(LDAP *ldap_handle, char *dn_path);
548 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
549 int check_string(char *s);
550 int check_container_name(char* s);
552 int mr_connect_cl(char *server, char *client, int version, int auth);
553 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
554 char **before, int beforec, char **after, int afterc);
555 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
558 char **before, int beforec, char **after, int afterc);
559 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
560 char **before, int beforec, char **after, int afterc);
561 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
562 char **before, int beforec, char **after, int afterc);
563 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
564 char **before, int beforec, char **after, int afterc);
565 int linklist_create_entry(char *attribute, char *value,
566 LK_ENTRY **linklist_entry);
567 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
568 char **attr_array, LK_ENTRY **linklist_base,
569 int *linklist_count, unsigned long ScopeType);
570 void linklist_free(LK_ENTRY *linklist_base);
572 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
573 char *distinguished_name, LK_ENTRY **linklist_current);
574 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
575 LK_ENTRY **linklist_base, int *linklist_count);
576 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
577 char *Attribute, char *distinguished_name,
578 LK_ENTRY **linklist_current);
580 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
581 char *oldValue, char *newValue,
582 char ***modvalues, int type);
583 void free_values(char **modvalues);
585 int convert_domain_to_dn(char *domain, char **bind_path);
586 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
587 char *distinguished_name);
588 int moira_disconnect(void);
589 int moira_connect(void);
590 void print_to_screen(const char *fmt, ...);
591 int GetMachineName(char *MachineName);
592 int tickets_get_k5();
593 int destroy_cache(void);
596 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
597 char **homeServerName);
599 int main(int argc, char **argv)
615 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
619 com_err(whoami, 0, "Unable to process %s", "argc < 4");
623 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
625 com_err(whoami, 0, "Unable to process %s",
626 "argc < (4 + beforec + afterc)");
630 if (!strcmp(argv[1], "filesys"))
633 for (i = 1; i < argc; i++)
635 strcat(tbl_buf, argv[i]);
636 strcat(tbl_buf, " ");
639 com_err(whoami, 0, "%s", tbl_buf);
643 com_err(whoami, 0, "%s failed", "check_winad()");
647 initialize_sms_error_table();
648 initialize_krb_error_table();
650 UpdateDomainList = 0;
651 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
653 if (ReadDomainList())
655 com_err(whoami, 0, "%s failed", "ReadDomainList()");
659 for (i = 0; i < argc; i++)
662 for (k = 0; k < MAX_DOMAINS; k++)
664 if (strlen(DomainNames[k]) == 0)
666 for (i = 0; i < argc; i++)
668 if (orig_argv[i] != NULL)
670 orig_argv[i] = strdup(argv[i]);
673 memset(PrincipalName, '\0', sizeof(PrincipalName));
674 memset(ldap_domain, '\0', sizeof(ldap_domain));
675 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
676 memset(default_server, '\0', sizeof(default_server));
677 memset(dn_path, '\0', sizeof(dn_path));
678 memset(group_suffix, '\0', sizeof(group_suffix));
679 memset(exchange_acl, '\0', sizeof(exchange_acl));
683 UseGroupUniversal = 0;
687 ProcessMachineContainer = 1;
690 sprintf(group_suffix, "%s", "_group");
691 sprintf(exchange_acl, "%s", "exchange-acl");
693 beforec = atoi(orig_argv[2]);
694 afterc = atoi(orig_argv[3]);
695 table = orig_argv[1];
696 before = &orig_argv[4];
697 after = &orig_argv[4 + beforec];
705 if (ReadConfigFile(DomainNames[k]))
710 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
711 sprintf(group_ou_root, "OU=lists,OU=moira");
712 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
713 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
714 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
718 sprintf(group_ou_distribution, "OU=lists,OU=moira");
719 sprintf(group_ou_root, "OU=lists,OU=moira");
720 sprintf(group_ou_security, "OU=lists,OU=moira");
721 sprintf(group_ou_neither, "OU=lists,OU=moira");
722 sprintf(group_ou_both, "OU=lists,OU=moira");
725 OldUseSFU30 = UseSFU30;
727 for (i = 0; i < 5; i++)
729 ldap_handle = (LDAP *)NULL;
730 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
731 default_server, SetPassword, ServerList,
732 ldap_realm, ldap_port)))
734 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
739 if ((rc) || (ldap_handle == NULL))
741 critical_alert("incremental",
742 "ldap.incr cannot connect to any server in "
743 "domain %s", DomainNames[k]);
747 for (i = 0; i < (int)strlen(table); i++)
748 table[i] = tolower(table[i]);
750 if (!strcmp(table, "users"))
751 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "list"))
754 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "imembers"))
757 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "containers"))
760 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
762 else if (!strcmp(table, "mcntmap"))
763 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
769 for (i = 0; i < MAX_SERVER_NAMES; i++)
771 if (ServerList[i] != NULL)
774 ServerList[i] = NULL;
778 rc = ldap_unbind_s(ldap_handle);
784 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
785 char **before, int beforec, char **after, int afterc)
787 char MoiraContainerName[128];
788 char ADContainerName[128];
789 char MachineName[1024];
790 char OriginalMachineName[1024];
793 char MoiraContainerGroup[64];
795 if (!ProcessMachineContainer)
797 com_err(whoami, 0, "Process machines and containers disabled, skipping");
802 memset(ADContainerName, '\0', sizeof(ADContainerName));
803 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
805 if ((beforec == 0) && (afterc == 0))
808 if (rc = moira_connect())
810 critical_alert("Ldap incremental",
811 "Error contacting Moira server : %s",
816 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
818 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
819 strcpy(MachineName, before[OU_MACHINE_NAME]);
820 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
822 com_err(whoami, 0, "removing machine %s from %s",
823 OriginalMachineName, before[OU_CONTAINER_NAME]);
825 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
827 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
828 strcpy(MachineName, after[OU_MACHINE_NAME]);
829 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
830 com_err(whoami, 0, "adding machine %s to container %s",
831 OriginalMachineName, after[OU_CONTAINER_NAME]);
839 rc = GetMachineName(MachineName);
841 if (strlen(MachineName) == 0)
844 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
845 OriginalMachineName);
849 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
852 if (machine_check(ldap_handle, dn_path, MachineName))
854 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
855 OriginalMachineName, MachineName);
860 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
861 machine_get_moira_container(ldap_handle, dn_path, MachineName,
864 if (strlen(MoiraContainerName) == 0)
866 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
867 "in Moira - moving to orphans OU.",
868 OriginalMachineName, MachineName);
869 machine_move_to_ou(ldap_handle, dn_path, MachineName,
870 orphans_machines_ou);
875 container_get_dn(MoiraContainerName, ADContainerName);
877 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
878 strcat(MoiraContainerName, "/");
880 container_check(ldap_handle, dn_path, MoiraContainerName);
881 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
886 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
887 char **before, int beforec, char **after, int afterc)
891 if (!ProcessMachineContainer)
893 com_err(whoami, 0, "Process machines and containers disabled, skipping");
897 if ((beforec == 0) && (afterc == 0))
900 if (rc = moira_connect())
902 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
907 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
909 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
910 container_delete(ldap_handle, dn_path, beforec, before);
911 Moira_container_group_delete(before);
916 if ((beforec == 0) && (afterc != 0)) /*create a container*/
918 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
919 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
920 container_create(ldap_handle, dn_path, afterc, after);
921 Moira_container_group_create(after);
926 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
928 com_err(whoami, 0, "renaming container %s to %s",
929 before[CONTAINER_NAME], after[CONTAINER_NAME]);
930 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
931 Moira_container_group_update(before, after);
936 com_err(whoami, 0, "updating container %s information",
937 after[CONTAINER_NAME]);
938 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
939 Moira_container_group_update(before, after);
944 #define L_LIST_DESC 9
947 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
948 char **before, int beforec, char **after, int afterc)
953 char group_membership[6];
958 char before_list_id[32];
959 char before_group_membership[1];
960 int before_security_flag;
961 char before_group_ou[256];
962 LK_ENTRY *ptr = NULL;
964 if (beforec == 0 && afterc == 0)
967 memset(list_id, '\0', sizeof(list_id));
968 memset(before_list_id, '\0', sizeof(before_list_id));
969 memset(before_group_ou, '\0', sizeof(before_group_ou));
970 memset(before_group_membership, '\0', sizeof(before_group_membership));
971 memset(group_ou, '\0', sizeof(group_ou));
972 memset(group_membership, '\0', sizeof(group_membership));
977 if (beforec < L_LIST_ID)
979 if (beforec > L_LIST_DESC)
981 strcpy(before_list_id, before[L_LIST_ID]);
983 before_security_flag = 0;
984 get_group_membership(before_group_membership, before_group_ou,
985 &before_security_flag, before);
990 if (afterc < L_LIST_ID)
992 if (afterc > L_LIST_DESC)
994 strcpy(list_id, after[L_LIST_ID]);
997 get_group_membership(group_membership, group_ou, &security_flag, after);
1000 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1009 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1010 before[L_NAME], before_group_ou,
1011 before_group_membership,
1012 before_security_flag, CHECK_GROUPS,
1013 before[L_MAILLIST])))
1015 if (rc == AD_NO_GROUPS_FOUND)
1019 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1020 (rc == AD_MULTIPLE_GROUPS_FOUND))
1022 rc = process_group(ldap_handle, dn_path, before_list_id,
1023 before[L_NAME], before_group_ou,
1024 before_group_membership,
1025 before_security_flag, CLEANUP_GROUPS,
1026 before[L_MAILLIST]);
1028 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1030 com_err(whoami, 0, "Unable to process list %s",
1034 if (rc == AD_NO_GROUPS_FOUND)
1040 if ((beforec != 0) && (afterc != 0))
1042 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1043 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1044 (strcmp(before_group_ou, group_ou)))) &&
1047 com_err(whoami, 0, "Changing list name from %s to %s",
1048 before[L_NAME], after[L_NAME]);
1050 if ((strlen(before_group_ou) == 0) ||
1051 (strlen(before_group_membership) == 0) ||
1052 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1054 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1058 memset(filter, '\0', sizeof(filter));
1060 if ((rc = group_rename(ldap_handle, dn_path,
1061 before[L_NAME], before_group_membership,
1062 before_group_ou, before_security_flag,
1063 before[L_LIST_DESC], after[L_NAME],
1064 group_membership, group_ou, security_flag,
1066 list_id, filter, after[L_MAILLIST])))
1068 if (rc != AD_NO_GROUPS_FOUND)
1071 "Unable to change list name from %s to %s",
1072 before[L_NAME], after[L_NAME]);
1085 if ((strlen(before_group_ou) == 0) ||
1086 (strlen(before_group_membership) == 0))
1089 "Unable to find the group OU for group %s", before[L_NAME]);
1093 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1094 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1095 before_group_membership, before_list_id);
1103 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1105 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1106 group_ou, group_membership,
1107 security_flag, CHECK_GROUPS,
1110 if (rc != AD_NO_GROUPS_FOUND)
1112 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1113 (rc == AD_MULTIPLE_GROUPS_FOUND))
1115 rc = process_group(ldap_handle, dn_path, list_id,
1117 group_ou, group_membership,
1118 security_flag, CLEANUP_GROUPS,
1125 "Unable to create list %s", after[L_NAME]);
1132 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1134 if (rc = moira_connect())
1136 critical_alert("Ldap incremental",
1137 "Error contacting Moira server : %s",
1144 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1145 &ProcessGroup, after[L_MAILLIST]))
1150 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1151 &ProcessGroup, after[L_MAILLIST]))
1155 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1156 group_ou, group_membership, security_flag,
1157 updateGroup, after[L_MAILLIST]))
1163 if (atoi(after[L_ACTIVE]))
1165 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1166 group_membership, security_flag, list_id, 1);
1174 #define LM_EXTRA_ACTIVE (LM_END)
1175 #define LM_EXTRA_PUBLIC (LM_END+1)
1176 #define LM_EXTRA_HIDDEN (LM_END+2)
1177 #define LM_EXTRA_MAILLIST (LM_END+3)
1178 #define LM_EXTRA_GROUP (LM_END+4)
1179 #define LM_EXTRA_GID (LM_END+5)
1180 #define LMN_LIST_ID (LM_END+6)
1181 #define LM_LIST_ID (LM_END+7)
1182 #define LM_USER_ID (LM_END+8)
1183 #define LM_EXTRA_END (LM_END+9)
1185 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1186 char **before, int beforec, char **after, int afterc)
1188 LK_ENTRY *group_base;
1191 char *attr_array[3];
1192 char group_name[128];
1193 char user_name[128];
1194 char user_type[128];
1195 char moira_list_id[32];
1196 char moira_user_id[32];
1197 char group_membership[1];
1199 char machine_ou[256];
1207 char NewMachineName[1024];
1211 char *save_argv[U_END];
1215 memset(moira_list_id, '\0', sizeof(moira_list_id));
1216 memset(moira_user_id, '\0', sizeof(moira_user_id));
1220 if (afterc < LM_EXTRA_GID)
1223 if (!atoi(after[LM_EXTRA_ACTIVE]))
1226 "Unable to add %s to group %s : group not active",
1227 after[2], after[0]);
1233 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1236 strcpy(user_name, after[LM_MEMBER]);
1237 strcpy(group_name, after[LM_LIST]);
1238 strcpy(user_type, after[LM_TYPE]);
1240 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1242 if (afterc > LM_EXTRA_GROUP)
1244 strcpy(moira_list_id, after[LMN_LIST_ID]);
1245 strcpy(moira_user_id, after[LM_LIST_ID]);
1248 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1250 if (afterc > LMN_LIST_ID)
1252 strcpy(moira_list_id, after[LM_LIST_ID]);
1253 strcpy(moira_user_id, after[LM_USER_ID]);
1258 if (afterc > LM_EXTRA_GID)
1259 strcpy(moira_list_id, after[LMN_LIST_ID]);
1264 if (beforec < LM_EXTRA_GID)
1266 if (!atoi(before[LM_EXTRA_ACTIVE]))
1269 "Unable to remove %s from group %s : group not active",
1270 before[2], before[0]);
1276 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1279 strcpy(user_name, before[LM_MEMBER]);
1280 strcpy(group_name, before[LM_LIST]);
1281 strcpy(user_type, before[LM_TYPE]);
1283 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1285 if (beforec > LM_EXTRA_GROUP)
1287 strcpy(moira_list_id, before[LMN_LIST_ID]);
1288 strcpy(moira_user_id, before[LM_LIST_ID]);
1291 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1293 if (beforec > LMN_LIST_ID)
1295 strcpy(moira_list_id, before[LM_LIST_ID]);
1296 strcpy(moira_user_id, before[LM_USER_ID]);
1301 if (beforec > LM_EXTRA_GID)
1302 strcpy(moira_list_id, before[LMN_LIST_ID]);
1309 "Unable to process group : beforec = %d, afterc = %d",
1314 args[L_NAME] = ptr[LM_LIST];
1315 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1316 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1317 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1318 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1319 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1320 args[L_GID] = ptr[LM_EXTRA_GID];
1323 memset(group_ou, '\0', sizeof(group_ou));
1324 get_group_membership(group_membership, group_ou, &security_flag, args);
1326 if (strlen(group_ou) == 0)
1328 com_err(whoami, 0, "Unable to find the group OU for group %s",
1333 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1334 group_ou, group_membership, security_flag,
1335 CHECK_GROUPS, args[L_MAILLIST]))
1337 if (rc != AD_NO_GROUPS_FOUND)
1339 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1340 group_name, group_ou, group_membership,
1341 security_flag, CLEANUP_GROUPS,
1344 if (rc != AD_NO_GROUPS_FOUND)
1347 com_err(whoami, 0, "Unable to add %s to group %s - "
1348 "unable to process group", user_name, group_name);
1350 com_err(whoami, 0, "Unable to remove %s from group %s - "
1351 "unable to process group", user_name, group_name);
1358 if (rc == AD_NO_GROUPS_FOUND)
1360 if (rc = moira_connect())
1362 critical_alert("Ldap incremental",
1363 "Error contacting Moira server : %s",
1368 com_err(whoami, 0, "creating group %s", group_name);
1371 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1372 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1377 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1378 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1382 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1383 group_ou, group_membership, security_flag, 0,
1384 ptr[LM_EXTRA_MAILLIST]))
1390 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1392 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1393 group_membership, security_flag, moira_list_id, 1);
1403 com_err(whoami, 0, "removing user %s from list %s", user_name,
1407 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1409 if (!ProcessMachineContainer)
1411 com_err(whoami, 0, "Process machines and containers disabled, "
1416 memset(machine_ou, '\0', sizeof(machine_ou));
1417 memset(NewMachineName, '\0', sizeof(NewMachineName));
1418 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1419 machine_ou, NewMachineName))
1421 if (ptr[LM_MEMBER] != NULL)
1422 free(ptr[LM_MEMBER]);
1423 ptr[LM_MEMBER] = strdup(NewMachineName);
1424 pUserOu = machine_ou;
1427 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1429 strcpy(member, ptr[LM_MEMBER]);
1433 if((s = strchr(member, '@')) == (char *) NULL)
1435 strcat(member, "@mit.edu");
1437 if (ptr[LM_MEMBER] != NULL)
1438 free(ptr[LM_MEMBER]);
1439 ptr[LM_MEMBER] = strdup(member);
1442 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1444 s = strrchr(member, '.');
1446 strcat(s, ".mit.edu");
1448 if (ptr[LM_MEMBER] != NULL)
1449 free(ptr[LM_MEMBER]);
1450 ptr[LM_MEMBER] = strdup(member);
1454 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1458 pUserOu = contact_ou;
1460 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1462 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1466 pUserOu = kerberos_ou;
1469 if (rc = moira_connect()) {
1470 critical_alert("Ldap incremental",
1471 "Error contacting Moira server : %s",
1476 if (rc = populate_group(ldap_handle, dn_path, group_name,
1477 group_ou, group_membership,
1478 security_flag, moira_list_id, 0))
1479 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1484 if (rc = member_remove(ldap_handle, dn_path, group_name,
1485 group_ou, group_membership, ptr[LM_MEMBER],
1486 pUserOu, moira_list_id))
1487 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1493 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1496 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1498 memset(machine_ou, '\0', sizeof(machine_ou));
1499 memset(NewMachineName, '\0', sizeof(NewMachineName));
1501 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1505 if (ptr[LM_MEMBER] != NULL)
1506 free(ptr[LM_MEMBER]);
1508 ptr[LM_MEMBER] = strdup(NewMachineName);
1509 pUserOu = machine_ou;
1511 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1513 strcpy(member, ptr[LM_MEMBER]);
1517 if((s = strchr(member, '@')) == (char *) NULL)
1519 strcat(member, "@mit.edu");
1521 if (ptr[LM_MEMBER] != NULL)
1522 free(ptr[LM_MEMBER]);
1523 ptr[LM_MEMBER] = strdup(member);
1526 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1528 s = strrchr(member, '.');
1530 strcat(s, ".mit.edu");
1532 if (ptr[LM_MEMBER] != NULL)
1533 free(ptr[LM_MEMBER]);
1534 ptr[LM_MEMBER] = strdup(member);
1538 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1542 pUserOu = contact_ou;
1544 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1546 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1550 pUserOu = kerberos_ou;
1552 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1554 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1555 moira_user_id)) == AD_NO_USER_FOUND)
1557 if (rc = moira_connect())
1559 critical_alert("Ldap incremental",
1560 "Error connection to Moira : %s",
1565 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1566 av[0] = ptr[LM_MEMBER];
1567 call_args[0] = (char *)ldap_handle;
1568 call_args[1] = dn_path;
1569 call_args[2] = moira_user_id;
1570 call_args[3] = NULL;
1579 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1580 attr_array[0] = "cn";
1581 attr_array[1] = NULL;
1582 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1583 attr_array, &group_base, &group_count,
1584 LDAP_SCOPE_SUBTREE)) != 0)
1586 com_err(whoami, 0, "Unable to process user %s : %s",
1587 ptr[LM_MEMBER], ldap_err2string(rc));
1593 com_err(whoami, 0, "Object already exists with name %s",
1598 linklist_free(group_base);
1603 if (rc = mr_query("get_user_account_by_login", 1, av,
1604 save_query_info, save_argv))
1607 com_err(whoami, 0, "Unable to create user %s : %s",
1608 ptr[LM_MEMBER], error_message(rc));
1612 if (rc = user_create(U_END, save_argv, call_args))
1615 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1622 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1634 if (rc = moira_connect()) {
1635 critical_alert("Ldap incremental",
1636 "Error contacting Moira server : %s",
1641 if (rc = populate_group(ldap_handle, dn_path, group_name,
1642 group_ou, group_membership, security_flag,
1644 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1649 if (rc = member_add(ldap_handle, dn_path, group_name,
1650 group_ou, group_membership, ptr[LM_MEMBER],
1651 pUserOu, moira_list_id))
1652 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1658 #define U_USER_ID 10
1659 #define U_HOMEDIR 11
1660 #define U_PROFILEDIR 12
1662 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1663 char **before, int beforec, char **after,
1666 LK_ENTRY *group_base;
1669 char *attr_array[3];
1672 char after_user_id[32];
1673 char before_user_id[32];
1675 char *save_argv[U_END];
1677 if ((beforec == 0) && (afterc == 0))
1680 memset(after_user_id, '\0', sizeof(after_user_id));
1681 memset(before_user_id, '\0', sizeof(before_user_id));
1683 if (beforec > U_USER_ID)
1684 strcpy(before_user_id, before[U_USER_ID]);
1686 if (afterc > U_USER_ID)
1687 strcpy(after_user_id, after[U_USER_ID]);
1689 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1692 if ((beforec == 0) && (afterc != 0))
1694 /*this case only happens when the account*/
1695 /*account is first created but not usable*/
1697 com_err(whoami, 0, "Unable to process user %s because the user account "
1698 "is not yet usable", after[U_NAME]);
1702 /*this case only happens when the account is expunged */
1704 if ((beforec != 0) && (afterc == 0))
1706 if (atoi(before[U_STATE]) == 0)
1708 com_err(whoami, 0, "expunging user %s from directory",
1710 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1714 com_err(whoami, 0, "Unable to process because user %s has been "
1715 "previously expungeded", before[U_NAME]);
1720 /*process anything that gets here*/
1722 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1723 before_user_id)) == AD_NO_USER_FOUND)
1725 if (!check_string(after[U_NAME]))
1728 if (rc = moira_connect())
1730 critical_alert("Ldap incremental",
1731 "Error connection to Moira : %s",
1736 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1738 av[0] = after[U_NAME];
1739 call_args[0] = (char *)ldap_handle;
1740 call_args[1] = dn_path;
1741 call_args[2] = after_user_id;
1742 call_args[3] = NULL;
1750 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1751 attr_array[0] = "cn";
1752 attr_array[1] = NULL;
1754 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1755 &group_base, &group_count,
1756 LDAP_SCOPE_SUBTREE)) != 0)
1758 com_err(whoami, 0, "Unable to process user %s : %s",
1759 after[U_NAME], ldap_err2string(rc));
1763 if (group_count >= 1)
1765 com_err(whoami, 0, "Object already exists with name %s",
1770 linklist_free(group_base);
1775 if (rc = mr_query("get_user_account_by_login", 1, av,
1776 save_query_info, save_argv))
1779 com_err(whoami, 0, "Unable to create user %s : %s",
1780 after[U_NAME], error_message(rc));
1784 if (rc = user_create(U_END, save_argv, call_args))
1786 com_err(whoami, 0, "Unable to create user %s : %s",
1787 after[U_NAME], error_message(rc));
1794 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1806 if (strcmp(before[U_NAME], after[U_NAME]))
1808 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1810 com_err(whoami, 0, "changing user %s to %s",
1811 before[U_NAME], after[U_NAME]);
1813 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1814 after[U_NAME])) != LDAP_SUCCESS)
1821 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1822 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1823 after[U_UID], after[U_MITID],
1824 after_user_id, atoi(after[U_STATE]),
1825 after[U_HOMEDIR], after[U_PROFILEDIR],
1826 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1827 after[U_SHELL], after[U_CLASS]);
1832 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1833 char *oldValue, char *newValue,
1834 char ***modvalues, int type)
1836 LK_ENTRY *linklist_ptr;
1840 if (((*modvalues) = calloc(1,
1841 (modvalue_count + 1) * sizeof(char *))) == NULL)
1846 for (i = 0; i < (modvalue_count + 1); i++)
1847 (*modvalues)[i] = NULL;
1849 if (modvalue_count != 0)
1851 linklist_ptr = linklist_base;
1852 for (i = 0; i < modvalue_count; i++)
1854 if ((oldValue != NULL) && (newValue != NULL))
1856 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1859 if (type == REPLACE)
1861 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1864 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1865 strcpy((*modvalues)[i], newValue);
1869 if (((*modvalues)[i] = calloc(1,
1870 (int)(cPtr - linklist_ptr->value) +
1871 (linklist_ptr->length -
1873 strlen(newValue) + 1)) == NULL)
1875 memset((*modvalues)[i], '\0',
1876 (int)(cPtr - linklist_ptr->value) +
1877 (linklist_ptr->length - strlen(oldValue)) +
1878 strlen(newValue) + 1);
1879 memcpy((*modvalues)[i], linklist_ptr->value,
1880 (int)(cPtr - linklist_ptr->value));
1881 strcat((*modvalues)[i], newValue);
1882 strcat((*modvalues)[i],
1883 &linklist_ptr->value[(int)(cPtr -
1884 linklist_ptr->value) + strlen(oldValue)]);
1889 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1890 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1891 memcpy((*modvalues)[i], linklist_ptr->value,
1892 linklist_ptr->length);
1897 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1898 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1899 memcpy((*modvalues)[i], linklist_ptr->value,
1900 linklist_ptr->length);
1902 linklist_ptr = linklist_ptr->next;
1904 (*modvalues)[i] = NULL;
1910 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1911 char **attr_array, LK_ENTRY **linklist_base,
1912 int *linklist_count, unsigned long ScopeType)
1915 LDAPMessage *ldap_entry;
1919 (*linklist_base) = NULL;
1920 (*linklist_count) = 0;
1922 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1923 search_exp, attr_array, 0,
1924 &ldap_entry)) != LDAP_SUCCESS)
1926 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1930 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1933 ldap_msgfree(ldap_entry);
1937 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1938 LK_ENTRY **linklist_base, int *linklist_count)
1940 char distinguished_name[1024];
1941 LK_ENTRY *linklist_ptr;
1944 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1947 memset(distinguished_name, '\0', sizeof(distinguished_name));
1948 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1950 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1951 linklist_base)) != 0)
1954 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1956 memset(distinguished_name, '\0', sizeof(distinguished_name));
1957 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1959 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1960 distinguished_name, linklist_base)) != 0)
1964 linklist_ptr = (*linklist_base);
1965 (*linklist_count) = 0;
1967 while (linklist_ptr != NULL)
1969 ++(*linklist_count);
1970 linklist_ptr = linklist_ptr->next;
1976 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1977 char *distinguished_name, LK_ENTRY **linklist_current)
1984 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1987 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1989 ldap_memfree(Attribute);
1990 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1993 retrieve_values(ldap_handle, ldap_entry, Attribute,
1994 distinguished_name, linklist_current);
1995 ldap_memfree(Attribute);
1999 ldap_ber_free(ptr, 0);
2004 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2005 char *Attribute, char *distinguished_name,
2006 LK_ENTRY **linklist_current)
2012 LK_ENTRY *linklist_previous;
2013 LDAP_BERVAL **ber_value;
2022 SID_IDENTIFIER_AUTHORITY *sid_auth;
2023 unsigned char *subauth_count;
2024 #endif /*LDAP_BEGUG*/
2027 memset(temp, '\0', sizeof(temp));
2029 if ((!strcmp(Attribute, "objectSid")) ||
2030 (!strcmp(Attribute, "objectGUID")))
2035 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2036 Ptr = (void **)ber_value;
2041 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2042 Ptr = (void **)str_value;
2050 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2053 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2054 linklist_previous->next = (*linklist_current);
2055 (*linklist_current) = linklist_previous;
2057 if (((*linklist_current)->attribute = calloc(1,
2058 strlen(Attribute) + 1)) == NULL)
2061 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2062 strcpy((*linklist_current)->attribute, Attribute);
2066 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2068 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2071 memset((*linklist_current)->value, '\0', ber_length);
2072 memcpy((*linklist_current)->value,
2073 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2074 (*linklist_current)->length = ber_length;
2078 if (((*linklist_current)->value = calloc(1,
2079 strlen(*Ptr) + 1)) == NULL)
2082 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2083 (*linklist_current)->length = strlen(*Ptr);
2084 strcpy((*linklist_current)->value, *Ptr);
2087 (*linklist_current)->ber_value = use_bervalue;
2089 if (((*linklist_current)->dn = calloc(1,
2090 strlen(distinguished_name) + 1)) == NULL)
2093 memset((*linklist_current)->dn, '\0',
2094 strlen(distinguished_name) + 1);
2095 strcpy((*linklist_current)->dn, distinguished_name);
2098 if (!strcmp(Attribute, "objectGUID"))
2100 guid = (GUID *)((*linklist_current)->value);
2102 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2103 guid->Data1, guid->Data2, guid->Data3,
2104 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2105 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2106 guid->Data4[6], guid->Data4[7]);
2107 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2109 else if (!strcmp(Attribute, "objectSid"))
2111 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2114 print_to_screen(" Revision = %d\n", sid->Revision);
2115 print_to_screen(" SID Identifier Authority:\n");
2116 sid_auth = &sid->IdentifierAuthority;
2117 if (sid_auth->Value[0])
2118 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2119 else if (sid_auth->Value[1])
2120 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2121 else if (sid_auth->Value[2])
2122 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2123 else if (sid_auth->Value[3])
2124 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2125 else if (sid_auth->Value[5])
2126 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2128 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2129 subauth_count = GetSidSubAuthorityCount(sid);
2130 print_to_screen(" SidSubAuthorityCount = %d\n",
2132 print_to_screen(" SidSubAuthority:\n");
2133 for (i = 0; i < *subauth_count; i++)
2135 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2136 print_to_screen(" %u\n", *subauth);
2140 else if ((!memcmp(Attribute, "userAccountControl",
2141 strlen("userAccountControl"))) ||
2142 (!memcmp(Attribute, "sAMAccountType",
2143 strlen("sAmAccountType"))))
2145 intValue = atoi(*Ptr);
2146 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2148 if (!memcmp(Attribute, "userAccountControl",
2149 strlen("userAccountControl")))
2151 if (intValue & UF_ACCOUNTDISABLE)
2152 print_to_screen(" %20s : %s\n",
2153 "", "Account disabled");
2155 print_to_screen(" %20s : %s\n",
2156 "", "Account active");
2157 if (intValue & UF_HOMEDIR_REQUIRED)
2158 print_to_screen(" %20s : %s\n",
2159 "", "Home directory required");
2160 if (intValue & UF_LOCKOUT)
2161 print_to_screen(" %20s : %s\n",
2162 "", "Account locked out");
2163 if (intValue & UF_PASSWD_NOTREQD)
2164 print_to_screen(" %20s : %s\n",
2165 "", "No password required");
2166 if (intValue & UF_PASSWD_CANT_CHANGE)
2167 print_to_screen(" %20s : %s\n",
2168 "", "Cannot change password");
2169 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2170 print_to_screen(" %20s : %s\n",
2171 "", "Temp duplicate account");
2172 if (intValue & UF_NORMAL_ACCOUNT)
2173 print_to_screen(" %20s : %s\n",
2174 "", "Normal account");
2175 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2176 print_to_screen(" %20s : %s\n",
2177 "", "Interdomain trust account");
2178 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2179 print_to_screen(" %20s : %s\n",
2180 "", "Workstation trust account");
2181 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2182 print_to_screen(" %20s : %s\n",
2183 "", "Server trust account");
2188 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2190 #endif /*LDAP_DEBUG*/
2193 if (str_value != NULL)
2194 ldap_value_free(str_value);
2196 if (ber_value != NULL)
2197 ldap_value_free_len(ber_value);
2200 (*linklist_current) = linklist_previous;
2205 int moira_connect(void)
2210 if (!mr_connections++)
2214 memset(HostName, '\0', sizeof(HostName));
2215 strcpy(HostName, "ttsp");
2216 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2220 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2229 int check_winad(void)
2233 for (i = 0; file_exists(STOP_FILE); i++)
2237 critical_alert("Ldap incremental",
2238 "Ldap incremental failed (%s exists): %s",
2239 STOP_FILE, tbl_buf);
2249 int moira_disconnect(void)
2252 if (!--mr_connections)
2260 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2261 char *distinguished_name)
2265 CName = ldap_get_dn(ldap_handle, ldap_entry);
2270 strcpy(distinguished_name, CName);
2271 ldap_memfree(CName);
2274 int linklist_create_entry(char *attribute, char *value,
2275 LK_ENTRY **linklist_entry)
2277 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2279 if (!(*linklist_entry))
2284 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2285 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2286 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2287 strcpy((*linklist_entry)->attribute, attribute);
2288 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2289 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2290 strcpy((*linklist_entry)->value, value);
2291 (*linklist_entry)->length = strlen(value);
2292 (*linklist_entry)->next = NULL;
2297 void print_to_screen(const char *fmt, ...)
2301 va_start(pvar, fmt);
2302 vfprintf(stderr, fmt, pvar);
2307 int get_group_membership(char *group_membership, char *group_ou,
2308 int *security_flag, char **av)
2313 maillist_flag = atoi(av[L_MAILLIST]);
2314 group_flag = atoi(av[L_GROUP]);
2316 if (security_flag != NULL)
2317 (*security_flag) = 0;
2319 if ((maillist_flag) && (group_flag))
2321 if (group_membership != NULL)
2322 group_membership[0] = 'B';
2324 if (security_flag != NULL)
2325 (*security_flag) = 1;
2327 if (group_ou != NULL)
2328 strcpy(group_ou, group_ou_both);
2330 else if ((!maillist_flag) && (group_flag))
2332 if (group_membership != NULL)
2333 group_membership[0] = 'S';
2335 if (security_flag != NULL)
2336 (*security_flag) = 1;
2338 if (group_ou != NULL)
2339 strcpy(group_ou, group_ou_security);
2341 else if ((maillist_flag) && (!group_flag))
2343 if (group_membership != NULL)
2344 group_membership[0] = 'D';
2346 if (group_ou != NULL)
2347 strcpy(group_ou, group_ou_distribution);
2351 if (group_membership != NULL)
2352 group_membership[0] = 'N';
2354 if (group_ou != NULL)
2355 strcpy(group_ou, group_ou_neither);
2361 int group_rename(LDAP *ldap_handle, char *dn_path,
2362 char *before_group_name, char *before_group_membership,
2363 char *before_group_ou, int before_security_flag,
2364 char *before_desc, char *after_group_name,
2365 char *after_group_membership, char *after_group_ou,
2366 int after_security_flag, char *after_desc,
2367 char *MoiraId, char *filter, char *maillist)
2372 char new_dn_path[512];
2375 char mail_nickname[256];
2376 char proxy_address[256];
2377 char address_book[256];
2378 char *attr_array[3];
2379 char *mitMoiraId_v[] = {NULL, NULL};
2380 char *name_v[] = {NULL, NULL};
2381 char *samAccountName_v[] = {NULL, NULL};
2382 char *groupTypeControl_v[] = {NULL, NULL};
2383 char *mail_v[] = {NULL, NULL};
2384 char *proxy_address_v[] = {NULL, NULL};
2385 char *mail_nickname_v[] = {NULL, NULL};
2386 char *report_to_originator_v[] = {NULL, NULL};
2387 char *address_book_v[] = {NULL, NULL};
2388 char *legacy_exchange_dn_v[] = {NULL, NULL};
2389 char *null_v[] = {NULL, NULL};
2390 u_int groupTypeControl;
2391 char groupTypeControlStr[80];
2392 char contact_mail[256];
2396 LK_ENTRY *group_base;
2398 int MailDisabled = 0;
2399 char search_filter[1024];
2401 if(UseGroupUniversal)
2402 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2404 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2406 if (!check_string(before_group_name))
2409 "Unable to process invalid LDAP list name %s",
2411 return(AD_INVALID_NAME);
2414 if (!check_string(after_group_name))
2417 "Unable to process invalid LDAP list name %s", after_group_name);
2418 return(AD_INVALID_NAME);
2428 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2430 attr_array[0] = "cn";
2431 attr_array[1] = NULL;
2433 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2434 attr_array, &group_base, &group_count,
2435 LDAP_SCOPE_SUBTREE)) != 0)
2437 com_err(whoami, 0, "Unable to process group %s : %s",
2438 after_group_name, ldap_err2string(rc));
2444 com_err(whoami, 0, "Object already exists with name %s",
2449 linklist_free(group_base);
2458 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2459 before_group_membership,
2460 MoiraId, "samAccountName", &group_base,
2461 &group_count, filter))
2464 if (group_count == 0)
2466 return(AD_NO_GROUPS_FOUND);
2469 if (group_count != 1)
2471 com_err(whoami, 0, "Unable to process multiple groups with "
2472 "MoiraId = %s exist in the directory", MoiraId);
2473 return(AD_MULTIPLE_GROUPS_FOUND);
2476 strcpy(old_dn, group_base->dn);
2478 linklist_free(group_base);
2481 attr_array[0] = "sAMAccountName";
2482 attr_array[1] = NULL;
2484 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2485 &group_base, &group_count,
2486 LDAP_SCOPE_SUBTREE)) != 0)
2488 com_err(whoami, 0, "Unable to get list %s dn : %s",
2489 after_group_name, ldap_err2string(rc));
2493 if (group_count != 1)
2496 "Unable to get sAMAccountName for group %s",
2498 return(AD_LDAP_FAILURE);
2501 strcpy(sam_name, group_base->value);
2502 linklist_free(group_base);
2506 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2507 sprintf(new_dn, "cn=%s", after_group_name);
2508 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2509 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2510 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2511 lowercase(ldap_domain));
2512 sprintf(mail_nickname, "%s", after_group_name);
2514 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2516 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2517 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2519 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2520 before_group_name, after_group_name, ldap_err2string(rc));
2524 name_v[0] = after_group_name;
2526 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2527 group_suffix, strlen(group_suffix)))
2529 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2534 "Unable to rename list from %s to %s : sAMAccountName not found",
2535 before_group_name, after_group_name);
2539 samAccountName_v[0] = sam_name;
2541 if (after_security_flag)
2542 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2544 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2545 groupTypeControl_v[0] = groupTypeControlStr;
2546 mitMoiraId_v[0] = MoiraId;
2548 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2549 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2552 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2553 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2554 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2555 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2559 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2561 mail_nickname_v[0] = mail_nickname;
2562 proxy_address_v[0] = proxy_address;
2564 report_to_originator_v[0] = "TRUE";
2566 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2567 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2568 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2569 ADD_ATTR("reportToOriginator", report_to_originator_v,
2574 mail_nickname_v[0] = NULL;
2575 proxy_address_v[0] = NULL;
2577 legacy_exchange_dn_v[0] = NULL;
2578 address_book_v[0] = NULL;
2579 report_to_originator_v[0] = NULL;
2581 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2582 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2583 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2584 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2585 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("reportToOriginator", report_to_originator_v,
2592 if(atoi(maillist) && email_isvalid(contact_mail))
2594 mail_v[0] = contact_mail;
2595 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2597 if(!ActiveDirectory)
2599 null_v[0] = "/dev/null";
2600 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2607 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2610 "Unable to modify list data for %s after renaming: %s",
2611 after_group_name, ldap_err2string(rc));
2614 for (i = 0; i < n; i++)
2620 int group_create(int ac, char **av, void *ptr)
2625 char new_group_name[256];
2626 char sam_group_name[256];
2627 char cn_group_name[256];
2629 char contact_mail[256];
2630 char mail_nickname[256];
2631 char proxy_address[256];
2632 char address_book[256];
2633 char *cn_v[] = {NULL, NULL};
2634 char *objectClass_v[] = {"top", "group", NULL};
2635 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2636 "group", "mailRecipient", NULL};
2638 char *samAccountName_v[] = {NULL, NULL};
2639 char *altSecurityIdentities_v[] = {NULL, NULL};
2640 char *member_v[] = {NULL, NULL};
2641 char *name_v[] = {NULL, NULL};
2642 char *desc_v[] = {NULL, NULL};
2643 char *info_v[] = {NULL, NULL};
2644 char *mitMoiraId_v[] = {NULL, NULL};
2645 char *mitMoiraPublic_v[] = {NULL, NULL};
2646 char *mitMoiraHidden_v[] = {NULL, NULL};
2647 char *groupTypeControl_v[] = {NULL, NULL};
2648 char *mail_v[] = {NULL, NULL};
2649 char *proxy_address_v[] = {NULL, NULL};
2650 char *mail_nickname_v[] = {NULL, NULL};
2651 char *report_to_originator_v[] = {NULL, NULL};
2652 char *address_book_v[] = {NULL, NULL};
2653 char *legacy_exchange_dn_v[] = {NULL, NULL};
2654 char *gidNumber_v[] = {NULL, NULL};
2655 char *null_v[] = {NULL, NULL};
2656 char groupTypeControlStr[80];
2657 char group_membership[1];
2660 u_int groupTypeControl;
2664 int MailDisabled = 0;
2666 LK_ENTRY *group_base;
2669 char *attr_array[3];
2673 if(UseGroupUniversal)
2674 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2676 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2678 if (!check_string(av[L_NAME]))
2680 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2682 return(AD_INVALID_NAME);
2685 updateGroup = (int)call_args[4];
2686 memset(group_ou, 0, sizeof(group_ou));
2687 memset(group_membership, 0, sizeof(group_membership));
2690 get_group_membership(group_membership, group_ou, &security_flag, av);
2692 strcpy(new_group_name, av[L_NAME]);
2693 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2694 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2695 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2696 sprintf(mail_nickname, "%s", av[L_NAME]);
2699 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2701 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2705 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2706 groupTypeControl_v[0] = groupTypeControlStr;
2708 strcpy(cn_group_name, av[L_NAME]);
2710 samAccountName_v[0] = sam_group_name;
2711 name_v[0] = new_group_name;
2712 cn_v[0] = new_group_name;
2715 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2719 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2723 mitMoiraPublic_v[0] = av[L_PUBLIC];
2724 mitMoiraHidden_v[0] = av[L_HIDDEN];
2725 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2726 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2727 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2729 if(atoi(av[L_GROUP]))
2731 gidNumber_v[0] = av[L_GID];
2732 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2736 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2737 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2738 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2742 if(atoi(av[L_MAILLIST]))
2747 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2748 attr_array[0] = "cn";
2749 attr_array[1] = NULL;
2751 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2752 filter, attr_array, &group_base,
2754 LDAP_SCOPE_SUBTREE)) != 0)
2756 com_err(whoami, 0, "Unable to process group %s : %s",
2757 av[L_NAME], ldap_err2string(rc));
2763 com_err(whoami, 0, "Object already exists with name %s",
2768 linklist_free(group_base);
2773 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2775 mail_nickname_v[0] = mail_nickname;
2776 report_to_originator_v[0] = "TRUE";
2778 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2779 ADD_ATTR("reportToOriginator", report_to_originator_v,
2785 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2787 mail_v[0] = contact_mail;
2788 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2790 if(!ActiveDirectory)
2792 null_v[0] = "/dev/null";
2793 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2798 if (strlen(av[L_DESC]) != 0)
2800 desc_v[0] = av[L_DESC];
2801 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2804 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2806 if (strlen(av[L_ACE_NAME]) != 0)
2808 sprintf(info, "The Administrator of this list is: %s",
2811 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2814 if (strlen(call_args[5]) != 0)
2816 mitMoiraId_v[0] = call_args[5];
2817 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2822 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2824 for (i = 0; i < n; i++)
2827 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2829 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2830 av[L_NAME], ldap_err2string(rc));
2836 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2838 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2839 "description", av[L_NAME]);
2840 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2842 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2847 if (strlen(call_args[5]) != 0)
2849 mitMoiraId_v[0] = call_args[5];
2850 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2853 if (!(atoi(av[L_ACTIVE])))
2856 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2859 if (!ActiveDirectory)
2861 mitMoiraPublic_v[0] = av[L_PUBLIC];
2862 mitMoiraHidden_v[0] = av[L_HIDDEN];
2863 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2864 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2866 if(atoi(av[L_GROUP]))
2868 gidNumber_v[0] = av[L_GID];
2869 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2873 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2879 if(atoi(av[L_MAILLIST]))
2884 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2885 attr_array[0] = "cn";
2886 attr_array[1] = NULL;
2888 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2889 filter, attr_array, &group_base,
2891 LDAP_SCOPE_SUBTREE)) != 0)
2893 com_err(whoami, 0, "Unable to process group %s : %s",
2894 av[L_NAME], ldap_err2string(rc));
2900 com_err(whoami, 0, "Object already exists with name %s",
2905 linklist_free(group_base);
2910 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2912 mail_nickname_v[0] = mail_nickname;
2913 report_to_originator_v[0] = "TRUE";
2915 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2916 ADD_ATTR("reportToOriginator", report_to_originator_v,
2922 mail_nickname_v[0] = NULL;
2923 proxy_address_v[0] = NULL;
2924 legacy_exchange_dn_v[0] = NULL;
2925 address_book_v[0] = NULL;
2926 report_to_originator_v[0] = NULL;
2928 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2929 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2930 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2931 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2933 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2934 ADD_ATTR("reportToOriginator", report_to_originator_v,
2940 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2942 mail_v[0] = contact_mail;
2943 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2945 if(!ActiveDirectory)
2947 null_v[0] = "/dev/null";
2948 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2954 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2956 if(!ActiveDirectory)
2959 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2969 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2971 for (i = 0; i < n; i++)
2974 if (rc != LDAP_SUCCESS)
2976 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2977 av[L_NAME], ldap_err2string(rc));
2984 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2985 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2987 return(LDAP_SUCCESS);
2990 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2991 char *TargetGroupName, int HiddenGroup,
2992 char *AceType, char *AceName)
2994 char filter_exp[1024];
2995 char *attr_array[5];
2996 char search_path[512];
2998 char TemplateDn[512];
2999 char TemplateSamName[128];
3001 char TargetSamName[128];
3002 char AceSamAccountName[128];
3004 unsigned char AceSid[128];
3005 unsigned char UserTemplateSid[128];
3006 char acBERBuf[N_SD_BER_BYTES];
3007 char GroupSecurityTemplate[256];
3008 char hide_addres_lists[256];
3009 char address_book[256];
3010 char *hide_address_lists_v[] = {NULL, NULL};
3011 char *address_book_v[] = {NULL, NULL};
3012 char *owner_v[] = {NULL, NULL};
3014 int UserTemplateSidCount;
3021 int array_count = 0;
3023 LK_ENTRY *group_base;
3024 LDAP_BERVAL **ppsValues;
3025 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3026 { N_SD_BER_BYTES, acBERBuf },
3029 LDAPControl *apsServerControls[] = {&sControl, NULL};
3032 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3033 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3034 BEREncodeSecurityBits(dwInfo, acBERBuf);
3036 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3037 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3038 attr_array[0] = "sAMAccountName";
3039 attr_array[1] = NULL;
3043 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3044 &group_base, &group_count,
3045 LDAP_SCOPE_SUBTREE) != 0))
3048 if (group_count != 1)
3050 linklist_free(group_base);
3054 strcpy(TargetDn, group_base->dn);
3055 strcpy(TargetSamName, group_base->value);
3056 linklist_free(group_base);
3060 UserTemplateSidCount = 0;
3061 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3062 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3063 memset(AceSid, '\0', sizeof(AceSid));
3068 if (strlen(AceName) != 0)
3070 if (!strcmp(AceType, "LIST"))
3072 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3073 strcpy(root_ou, group_ou_root);
3075 else if (!strcmp(AceType, "USER"))
3077 sprintf(AceSamAccountName, "%s", AceName);
3078 strcpy(root_ou, user_ou);
3081 if (ActiveDirectory)
3083 if (strlen(AceSamAccountName) != 0)
3085 sprintf(search_path, "%s", dn_path);
3086 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3087 attr_array[0] = "objectSid";
3088 attr_array[1] = NULL;
3092 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3093 attr_array, &group_base, &group_count,
3094 LDAP_SCOPE_SUBTREE) != 0))
3096 if (group_count == 1)
3098 strcpy(AceDn, group_base->dn);
3099 AceSidCount = group_base->length;
3100 memcpy(AceSid, group_base->value, AceSidCount);
3102 linklist_free(group_base);
3109 if (strlen(AceSamAccountName) != 0)
3111 sprintf(search_path, "%s", dn_path);
3112 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3113 attr_array[0] = "samAccountName";
3114 attr_array[1] = NULL;
3118 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3119 attr_array, &group_base, &group_count,
3120 LDAP_SCOPE_SUBTREE) != 0))
3122 if (group_count == 1)
3124 strcpy(AceDn, group_base->dn);
3126 linklist_free(group_base);
3133 if (!ActiveDirectory)
3135 if (strlen(AceDn) != 0)
3137 owner_v[0] = strdup(AceDn);
3139 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3143 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3145 for (i = 0; i < n; i++)
3148 if (rc != LDAP_SUCCESS)
3149 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3150 TargetGroupName, ldap_err2string(rc));
3156 if (AceSidCount == 0)
3158 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3159 "have a directory SID.", TargetGroupName, AceName, AceType);
3160 com_err(whoami, 0, " Non-admin security group template will be used.");
3164 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3165 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3166 attr_array[0] = "objectSid";
3167 attr_array[1] = NULL;
3172 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3173 attr_array, &group_base, &group_count,
3174 LDAP_SCOPE_SUBTREE) != 0))
3177 if ((rc != 0) || (group_count != 1))
3179 com_err(whoami, 0, "Unable to process user security template: %s",
3185 UserTemplateSidCount = group_base->length;
3186 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3188 linklist_free(group_base);
3195 if (AceSidCount == 0)
3197 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3198 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3202 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3203 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3208 if (AceSidCount == 0)
3210 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3211 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3215 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3216 sprintf(filter_exp, "(sAMAccountName=%s)",
3217 NOT_HIDDEN_GROUP_WITH_ADMIN);
3221 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3222 attr_array[0] = "sAMAccountName";
3223 attr_array[1] = NULL;
3227 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3228 &group_base, &group_count,
3229 LDAP_SCOPE_SUBTREE) != 0))
3232 if (group_count != 1)
3234 linklist_free(group_base);
3235 com_err(whoami, 0, "Unable to process group security template: %s - "
3236 "security not set", GroupSecurityTemplate);
3240 strcpy(TemplateDn, group_base->dn);
3241 strcpy(TemplateSamName, group_base->value);
3242 linklist_free(group_base);
3246 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3247 rc = ldap_search_ext_s(ldap_handle,
3259 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3261 com_err(whoami, 0, "Unable to find group security template: %s - "
3262 "security not set", GroupSecurityTemplate);
3266 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3268 if (ppsValues == NULL)
3270 com_err(whoami, 0, "Unable to find group security descriptor for group "
3271 "%s - security not set", GroupSecurityTemplate);
3275 if (AceSidCount != 0)
3277 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3280 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3282 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3283 UserTemplateSidCount))
3285 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3293 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3294 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3300 hide_address_lists_v[0] = "TRUE";
3301 address_book_v[0] = NULL;
3302 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3304 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3306 hide_address_lists_v[0] = NULL;
3307 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3314 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3316 for (i = 0; i < n; i++)
3319 ldap_value_free_len(ppsValues);
3320 ldap_msgfree(psMsg);
3322 if (rc != LDAP_SUCCESS)
3324 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3325 TargetGroupName, ldap_err2string(rc));
3327 if (AceSidCount != 0)
3330 "Trying to set security for group %s without admin.",
3333 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3334 HiddenGroup, "", ""))
3336 com_err(whoami, 0, "Unable to set security for group %s.",
3347 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3348 char *group_membership, char *MoiraId)
3350 LK_ENTRY *group_base;
3356 if (!check_string(group_name))
3359 "Unable to process invalid LDAP list name %s", group_name);
3360 return(AD_INVALID_NAME);
3363 memset(filter, '\0', sizeof(filter));
3366 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3368 if (rc = ad_get_group(ldap_handle, temp, group_name,
3369 group_membership, MoiraId,
3370 "samAccountName", &group_base,
3371 &group_count, filter))
3374 if (group_count == 1)
3376 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3378 linklist_free(group_base);
3379 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3380 group_name, ldap_err2string(rc));
3383 linklist_free(group_base);
3387 linklist_free(group_base);
3388 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3389 return(AD_NO_GROUPS_FOUND);
3395 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3401 return(N_SD_BER_BYTES);
3404 int process_lists(int ac, char **av, void *ptr)
3409 char group_membership[2];
3415 memset(group_ou, '\0', sizeof(group_ou));
3416 memset(group_membership, '\0', sizeof(group_membership));
3417 get_group_membership(group_membership, group_ou, &security_flag, av);
3418 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3419 av[L_NAME], group_ou, group_membership,
3420 security_flag, "", 1);
3425 int member_list_build(int ac, char **av, void *ptr)
3433 strcpy(temp, av[ACE_NAME]);
3436 if (!check_string(temp))
3439 if (!strcmp(av[ACE_TYPE], "USER"))
3441 if (!((int)call_args[3] & MOIRA_USERS))
3444 else if (!strcmp(av[ACE_TYPE], "STRING"))
3448 if((s = strchr(temp, '@')) == (char *) NULL)
3450 strcat(temp, "@mit.edu");
3453 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3455 s = strrchr(temp, '.');
3457 strcat(s, ".mit.edu");
3461 if (!((int)call_args[3] & MOIRA_STRINGS))
3464 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3467 else if (!strcmp(av[ACE_TYPE], "LIST"))
3469 if (!((int)call_args[3] & MOIRA_LISTS))
3472 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3474 if (!((int)call_args[3] & MOIRA_KERBEROS))
3477 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3482 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3484 if (!((int)call_args[3] & MOIRA_MACHINE))
3490 linklist = member_base;
3494 if (!strcasecmp(temp, linklist->member) &&
3495 !strcasecmp(av[ACE_TYPE], linklist->type))
3498 linklist = linklist->next;
3501 linklist = calloc(1, sizeof(LK_ENTRY));
3503 linklist->dn = NULL;
3504 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3505 strcpy(linklist->list, call_args[2]);
3506 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3507 strcpy(linklist->type, av[ACE_TYPE]);
3508 linklist->member = calloc(1, strlen(temp) + 1);
3509 strcpy(linklist->member, temp);
3510 linklist->next = member_base;
3511 member_base = linklist;
3516 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3517 char *group_ou, char *group_membership, char *user_name,
3518 char *UserOu, char *MoiraId)
3520 char distinguished_name[1024];
3524 char *attr_array[3];
3529 LK_ENTRY *group_base;
3533 if (max_group_members && (group_members < max_group_members))
3536 if (!check_string(group_name))
3537 return(AD_INVALID_NAME);
3539 memset(filter, '\0', sizeof(filter));
3543 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3544 group_membership, MoiraId,
3545 "samAccountName", &group_base,
3546 &group_count, filter))
3549 if (group_count != 1)
3551 com_err(whoami, 0, "Unable to find list %s in directory",
3553 linklist_free(group_base);
3559 strcpy(distinguished_name, group_base->dn);
3560 linklist_free(group_base);
3566 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3570 if(!strcmp(UserOu, user_ou))
3571 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3573 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3576 modvalues[0] = temp;
3577 modvalues[1] = NULL;
3580 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3582 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3584 for (i = 0; i < n; i++)
3587 if (rc == LDAP_UNWILLING_TO_PERFORM)
3590 if (rc != LDAP_SUCCESS)
3592 com_err(whoami, 0, "Unable to modify list %s members : %s",
3593 group_name, ldap_err2string(rc));
3597 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3601 if(!strcmp(UserOu, contact_ou) &&
3602 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3604 memset(temp, '\0', sizeof(temp));
3605 strcpy(temp, user_name);
3606 s = strchr(temp, '@');
3609 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3611 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3612 &group_base, &group_count,
3613 LDAP_SCOPE_SUBTREE) != 0))
3619 linklist_free(group_base);
3624 sprintf(filter, "(distinguishedName=%s)", temp);
3625 attr_array[0] = "memberOf";
3626 attr_array[1] = NULL;
3628 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3629 &group_base, &group_count,
3630 LDAP_SCOPE_SUBTREE) != 0))
3636 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3638 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3648 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3649 char *group_ou, char *group_membership, char *user_name,
3650 char *UserOu, char *MoiraId)
3652 char distinguished_name[1024];
3660 LK_ENTRY *group_base;
3663 if (max_group_members && (group_members < max_group_members))
3666 if (!check_string(group_name))
3667 return(AD_INVALID_NAME);
3670 memset(filter, '\0', sizeof(filter));
3674 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3675 group_membership, MoiraId,
3676 "samAccountName", &group_base,
3677 &group_count, filter))
3680 if (group_count != 1)
3682 linklist_free(group_base);
3685 com_err(whoami, 0, "Unable to find list %s %d in directory",
3686 group_name, group_count);
3687 return(AD_MULTIPLE_GROUPS_FOUND);
3690 strcpy(distinguished_name, group_base->dn);
3691 linklist_free(group_base);
3697 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3701 if(!strcmp(UserOu, user_ou))
3702 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3704 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3707 modvalues[0] = temp;
3708 modvalues[1] = NULL;
3711 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3713 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3715 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3718 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3720 if (rc == LDAP_UNWILLING_TO_PERFORM)
3724 for (i = 0; i < n; i++)
3727 if (rc != LDAP_SUCCESS)
3729 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3730 user_name, group_name, ldap_err2string(rc));
3736 int contact_remove_email(LDAP *ld, char *bind_path,
3737 LK_ENTRY **linklist_base, int linklist_current)
3741 char *mail_v[] = {NULL, NULL};
3749 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3750 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3751 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3752 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3755 gPtr = (*linklist_base);
3758 rc = ldap_modify_s(ld, gPtr->dn, mods);
3760 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3762 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3763 gPtr->dn, ldap_err2string(rc));
3770 for (i = 0; i < n; i++)
3776 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3779 LK_ENTRY *group_base;
3782 char cn_user_name[256];
3783 char contact_name[256];
3784 char mail_nickname[256];
3785 char proxy_address_internal[256];
3786 char proxy_address_external[256];
3787 char target_address[256];
3788 char internal_contact_name[256];
3791 char principal[256];
3792 char mit_address_book[256];
3793 char default_address_book[256];
3794 char contact_address_book[256];
3796 char *email_v[] = {NULL, NULL};
3797 char *cn_v[] = {NULL, NULL};
3798 char *contact_v[] = {NULL, NULL};
3799 char *uid_v[] = {NULL, NULL};
3800 char *mail_nickname_v[] = {NULL, NULL};
3801 char *proxy_address_internal_v[] = {NULL, NULL};
3802 char *proxy_address_external_v[] = {NULL, NULL};
3803 char *target_address_v[] = {NULL, NULL};
3804 char *mit_address_book_v[] = {NULL, NULL};
3805 char *default_address_book_v[] = {NULL, NULL};
3806 char *contact_address_book_v[] = {NULL, NULL};
3807 char *hide_address_lists_v[] = {NULL, NULL};
3808 char *attr_array[3];
3809 char *objectClass_v[] = {"top", "person",
3810 "organizationalPerson",
3812 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3813 "inetOrgPerson", "organizationalPerson",
3814 "contact", "mailRecipient", "eduPerson",
3816 char *name_v[] = {NULL, NULL};
3817 char *desc_v[] = {NULL, NULL};
3824 char *mail_routing_v[] = {NULL, NULL};
3825 char *principal_v[] = {NULL, NULL};
3827 if (!check_string(user))
3829 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3830 return(AD_INVALID_NAME);
3834 strcpy(contact_name, mail);
3835 strcpy(internal_contact_name, mail);
3837 if((s = strchr(internal_contact_name, '@')) != NULL) {
3841 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3844 sprintf(target_address, "SMTP:%s", contact_name);
3845 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3846 sprintf(mail_nickname, "%s", internal_contact_name);
3848 cn_v[0] = cn_user_name;
3849 contact_v[0] = contact_name;
3852 desc_v[0] = "Auto account created by Moira";
3854 proxy_address_internal_v[0] = proxy_address_internal;
3855 proxy_address_external_v[0] = proxy_address_external;
3856 mail_nickname_v[0] = mail_nickname;
3857 target_address_v[0] = target_address;
3858 mit_address_book_v[0] = mit_address_book;
3859 default_address_book_v[0] = default_address_book;
3860 contact_address_book_v[0] = contact_address_book;
3861 strcpy(new_dn, cn_user_name);
3864 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3866 if(!ActiveDirectory)
3868 if(!strcmp(group_ou, contact_ou))
3869 sprintf(uid, "%s%s", contact_name, "_strings");
3871 if(!strcmp(group_ou, kerberos_ou))
3872 sprintf(uid, "%s%s", contact_name, "_kerberos");
3876 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3877 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3882 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3886 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3889 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3890 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3891 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3895 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3900 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3901 attr_array[0] = "cn";
3902 attr_array[1] = NULL;
3904 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3905 &group_base, &group_count,
3906 LDAP_SCOPE_SUBTREE)) != 0)
3908 com_err(whoami, 0, "Unable to process contact %s : %s",
3909 user, ldap_err2string(rc));
3915 com_err(whoami, 0, "Object already exists with name %s",
3920 linklist_free(group_base);
3924 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3925 attr_array[0] = "cn";
3926 attr_array[1] = NULL;
3928 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3929 &group_base, &group_count,
3930 LDAP_SCOPE_SUBTREE)) != 0)
3932 com_err(whoami, 0, "Unable to process contact %s : %s",
3933 user, ldap_err2string(rc));
3939 com_err(whoami, 0, "Object already exists with name %s",
3944 linklist_free(group_base);
3948 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3949 attr_array[0] = "cn";
3950 attr_array[1] = NULL;
3952 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3953 &group_base, &group_count,
3954 LDAP_SCOPE_SUBTREE)) != 0)
3956 com_err(whoami, 0, "Unable to process contact %s : %s",
3957 user, ldap_err2string(rc));
3963 com_err(whoami, 0, "Object already exists with name %s",
3968 linklist_free(group_base);
3972 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3973 attr_array[0] = "cn";
3974 attr_array[1] = NULL;
3976 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3977 &group_base, &group_count,
3978 LDAP_SCOPE_SUBTREE)) != 0)
3980 com_err(whoami, 0, "Unable to process contact %s : %s",
3981 user, ldap_err2string(rc));
3987 com_err(whoami, 0, "Object already exists with name %s",
3992 linklist_free(group_base);
3996 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3997 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3998 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3999 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4001 hide_address_lists_v[0] = "TRUE";
4002 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4007 if(!ActiveDirectory)
4009 if((c = strchr(mail, '@')) == NULL)
4010 sprintf(temp, "%s@mit.edu", mail);
4012 sprintf(temp, "%s", mail);
4014 mail_routing_v[0] = temp;
4016 principal_v[0] = principal;
4018 if(!strcmp(group_ou, contact_ou))
4020 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4021 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4027 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4029 for (i = 0; i < n; i++)
4034 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4035 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4039 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4040 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4041 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4043 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4045 hide_address_lists_v[0] = "TRUE";
4046 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4050 rc = ldap_modify_s(ld, new_dn, mods);
4054 com_err(whoami, 0, "Unable to update contact %s", mail);
4057 for (i = 0; i < n; i++)
4062 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4064 com_err(whoami, 0, "Unable to create contact %s : %s",
4065 user, ldap_err2string(rc));
4072 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4073 char *Uid, char *MitId, char *MoiraId, int State,
4074 char *WinHomeDir, char *WinProfileDir, char *first,
4075 char *middle, char *last, char *shell, char *class)
4078 LK_ENTRY *group_base;
4080 char distinguished_name[512];
4081 char displayName[256];
4082 char *mitMoiraId_v[] = {NULL, NULL};
4083 char *mitMoiraClass_v[] = {NULL, NULL};
4084 char *mitMoiraStatus_v[] = {NULL, NULL};
4085 char *uid_v[] = {NULL, NULL};
4086 char *mitid_v[] = {NULL, NULL};
4087 char *homedir_v[] = {NULL, NULL};
4088 char *winProfile_v[] = {NULL, NULL};
4089 char *drives_v[] = {NULL, NULL};
4090 char *userAccountControl_v[] = {NULL, NULL};
4091 char *alt_recipient_v[] = {NULL, NULL};
4092 char *hide_address_lists_v[] = {NULL, NULL};
4093 char *mail_v[] = {NULL, NULL};
4094 char *gid_v[] = {NULL, NULL};
4095 char *loginshell_v[] = {NULL, NULL};
4096 char *principal_v[] = {NULL, NULL};
4097 char userAccountControlStr[80];
4102 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4103 UF_PASSWD_CANT_CHANGE;
4105 char *attr_array[3];
4108 char contact_mail[256];
4109 char filter_exp[1024];
4110 char search_path[512];
4111 char TemplateDn[512];
4112 char TemplateSamName[128];
4113 char alt_recipient[256];
4114 char principal[256];
4116 char acBERBuf[N_SD_BER_BYTES];
4117 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4118 { N_SD_BER_BYTES, acBERBuf },
4120 LDAPControl *apsServerControls[] = {&sControl, NULL};
4122 LDAP_BERVAL **ppsValues;
4126 char *homeServerName;
4128 char search_string[256];
4130 char *mail_routing_v[] = {NULL, NULL};
4133 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4134 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4135 BEREncodeSecurityBits(dwInfo, acBERBuf);
4137 if (!check_string(user_name))
4139 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4141 return(AD_INVALID_NAME);
4144 memset(contact_mail, '\0', sizeof(contact_mail));
4145 sprintf(contact_mail, "%s@mit.edu", user_name);
4146 memset(mail, '\0', sizeof(mail));
4147 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4148 memset(alt_recipient, '\0', sizeof(alt_recipient));
4149 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4151 sprintf(search_string, "@%s", uppercase(ldap_domain));
4155 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4157 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4164 memset(displayName, '\0', sizeof(displayName));
4166 if (strlen(MoiraId) != 0)
4170 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4175 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4178 attr_array[0] = "cn";
4179 attr_array[1] = NULL;
4180 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4181 &group_base, &group_count,
4182 LDAP_SCOPE_SUBTREE)) != 0)
4184 com_err(whoami, 0, "Unable to process user %s : %s",
4185 user_name, ldap_err2string(rc));
4190 if (group_count != 1)
4192 linklist_free(group_base);
4195 sprintf(filter, "(sAMAccountName=%s)", user_name);
4196 attr_array[0] = "cn";
4197 attr_array[1] = NULL;
4198 sprintf(temp, "%s,%s", user_ou, dn_path);
4199 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4200 &group_base, &group_count,
4201 LDAP_SCOPE_SUBTREE)) != 0)
4203 com_err(whoami, 0, "Unable to process user %s : %s",
4204 user_name, ldap_err2string(rc));
4209 if (group_count != 1)
4211 com_err(whoami, 0, "Unable to find user %s in directory",
4213 linklist_free(group_base);
4214 return(AD_NO_USER_FOUND);
4217 strcpy(distinguished_name, group_base->dn);
4219 linklist_free(group_base);
4222 if(!ActiveDirectory)
4224 if (rc = moira_connect())
4226 critical_alert("Ldap incremental",
4227 "Error contacting Moira server : %s",
4232 argv[0] = user_name;
4234 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4237 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4239 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4241 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4246 "Unable to set the mailRoutingAddress for %s : %s",
4247 user_name, ldap_err2string(rc));
4249 p = strdup(save_argv[3]);
4251 if((c = strchr(p, ',')) != NULL)
4256 if ((c = strchr(q, '@')) == NULL)
4257 sprintf(temp, "%s@mit.edu", q);
4259 sprintf(temp, "%s", q);
4261 if(email_isvalid(temp) && State != US_DELETED)
4263 mail_routing_v[0] = temp;
4266 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4268 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4270 if (rc == LDAP_ALREADY_EXISTS ||
4271 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4276 "Unable to set the mailRoutingAddress for %s : %s",
4277 user_name, ldap_err2string(rc));
4280 while((q = strtok(NULL, ",")) != NULL) {
4283 if((c = strchr(q, '@')) == NULL)
4284 sprintf(temp, "%s@mit.edu", q);
4286 sprintf(temp, "%s", q);
4288 if(email_isvalid(temp) && State != US_DELETED)
4290 mail_routing_v[0] = temp;
4293 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4296 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4298 if (rc == LDAP_ALREADY_EXISTS ||
4299 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4304 "Unable to set the mailRoutingAddress for "
4306 user_name, ldap_err2string(rc));
4312 if((c = strchr(p, '@')) == NULL)
4313 sprintf(temp, "%s@mit.edu", p);
4315 sprintf(temp, "%s", p);
4317 if(email_isvalid(temp) && State != US_DELETED)
4319 mail_routing_v[0] = temp;
4322 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4324 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4326 if (rc == LDAP_ALREADY_EXISTS ||
4327 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4332 "Unable to set the mailRoutingAddress for %s : %s",
4333 user_name, ldap_err2string(rc));
4340 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4341 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4342 "employeeID", user_name);
4344 rc = attribute_update(ldap_handle, distinguished_name, "none",
4345 "employeeID", user_name);
4348 strcat(displayName, first);
4351 if(strlen(middle)) {
4353 strcat(displayName, " ");
4355 strcat(displayName, middle);
4359 if(strlen(middle) || strlen(first))
4360 strcat(displayName, " ");
4362 strcat(displayName, last);
4365 if(strlen(displayName))
4366 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4367 "displayName", user_name);
4369 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4370 "displayName", user_name);
4372 if(!ActiveDirectory)
4374 if(strlen(displayName))
4375 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4378 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4382 if(!ActiveDirectory)
4384 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4385 "eduPersonNickname", user_name);
4389 rc = attribute_update(ldap_handle, distinguished_name, first,
4390 "givenName", user_name);
4392 rc = attribute_update(ldap_handle, distinguished_name, "",
4393 "givenName", user_name);
4395 if(strlen(middle) == 1)
4396 rc = attribute_update(ldap_handle, distinguished_name, middle,
4397 "initials", user_name);
4399 rc = attribute_update(ldap_handle, distinguished_name, "",
4400 "initials", user_name);
4403 rc = attribute_update(ldap_handle, distinguished_name, last,
4406 rc = attribute_update(ldap_handle, distinguished_name, "",
4411 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4416 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4420 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4421 "mitMoiraId", user_name);
4430 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4434 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4439 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4440 sprintf(status, "%d", State);
4441 principal_v[0] = principal;
4442 loginshell_v[0] = shell;
4443 mitMoiraClass_v[0] = class;
4444 mitMoiraStatus_v[0] = status;
4446 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4448 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4450 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4451 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4454 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4456 userAccountControl |= UF_ACCOUNTDISABLE;
4460 hide_address_lists_v[0] = "TRUE";
4461 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4469 hide_address_lists_v[0] = NULL;
4470 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4475 sprintf(userAccountControlStr, "%ld", userAccountControl);
4476 userAccountControl_v[0] = userAccountControlStr;
4477 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4481 if (rc = moira_connect())
4483 critical_alert("Ldap incremental",
4484 "Error contacting Moira server : %s",
4489 argv[0] = user_name;
4491 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4493 if(!strcmp(save_argv[1], "EXCHANGE") ||
4494 (strstr(save_argv[3], search_string) != NULL))
4496 alt_recipient_v[0] = NULL;
4497 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4499 argv[0] = exchange_acl;
4501 argv[2] = user_name;
4503 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4505 if ((rc) && (rc != MR_EXISTS))
4507 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4508 user_name, exchange_acl, error_message(rc));
4513 alt_recipient_v[0] = alt_recipient;
4514 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4516 argv[0] = exchange_acl;
4518 argv[2] = user_name;
4520 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4522 if ((rc) && (rc != MR_NO_MATCH))
4525 "Unable to remove user %s from %s: %s, %d",
4526 user_name, exchange_acl, error_message(rc), rc);
4532 alt_recipient_v[0] = alt_recipient;
4533 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4535 argv[0] = exchange_acl;
4537 argv[2] = user_name;
4539 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4541 if ((rc) && (rc != MR_NO_MATCH))
4544 "Unable to remove user %s from %s: %s, %d",
4545 user_name, exchange_acl, error_message(rc), rc);
4553 mail_v[0] = contact_mail;
4554 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4556 if(!ActiveDirectory)
4558 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4562 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4563 WinProfileDir, homedir_v, winProfile_v,
4564 drives_v, mods, LDAP_MOD_REPLACE, n);
4568 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4569 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4570 attr_array[0] = "sAMAccountName";
4571 attr_array[1] = NULL;
4575 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4577 &group_base, &group_count,
4578 LDAP_SCOPE_SUBTREE) != 0))
4581 if (group_count != 1)
4583 com_err(whoami, 0, "Unable to process user security template: %s - "
4584 "security not set", "UserTemplate.u");
4588 strcpy(TemplateDn, group_base->dn);
4589 strcpy(TemplateSamName, group_base->value);
4590 linklist_free(group_base);
4594 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4595 filter_exp, NULL, 0, apsServerControls, NULL,
4598 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4600 com_err(whoami, 0, "Unable to find user security template: %s - "
4601 "security not set", "UserTemplate.u");
4605 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4606 "ntSecurityDescriptor");
4608 if (ppsValues == NULL)
4610 com_err(whoami, 0, "Unable to find user security template: %s - "
4611 "security not set", "UserTemplate.u");
4615 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4616 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4621 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4622 mods)) != LDAP_SUCCESS)
4624 OldUseSFU30 = UseSFU30;
4625 SwitchSFU(mods, &UseSFU30, n);
4626 if (OldUseSFU30 != UseSFU30)
4627 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4630 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4631 user_name, ldap_err2string(rc));
4635 for (i = 0; i < n; i++)
4641 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4649 char contact_mail[256];
4650 char proxy_address[256];
4651 char query_base_dn[256];
4653 char *userPrincipalName_v[] = {NULL, NULL};
4654 char *altSecurityIdentities_v[] = {NULL, NULL};
4655 char *name_v[] = {NULL, NULL};
4656 char *samAccountName_v[] = {NULL, NULL};
4657 char *mail_v[] = {NULL, NULL};
4658 char *mail_nickname_v[] = {NULL, NULL};
4659 char *proxy_address_v[] = {NULL, NULL};
4660 char *query_base_dn_v[] = {NULL, NULL};
4661 char *principal_v[] = {NULL, NULL};
4662 char principal[256];
4667 if (!check_string(before_user_name))
4670 "Unable to process invalid LDAP user name %s", before_user_name);
4671 return(AD_INVALID_NAME);
4674 if (!check_string(user_name))
4677 "Unable to process invalid LDAP user name %s", user_name);
4678 return(AD_INVALID_NAME);
4681 strcpy(user_name, user_name);
4684 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4686 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4689 sprintf(new_dn, "cn=%s", user_name);
4691 sprintf(new_dn, "uid=%s", user_name);
4693 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4694 sprintf(contact_mail, "%s@mit.edu", user_name);
4695 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4696 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4698 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4699 NULL, NULL)) != LDAP_SUCCESS)
4701 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4702 before_user_name, user_name, ldap_err2string(rc));
4708 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4711 if(rc = ldap_delete_s(ldap_handle, temp))
4713 com_err(whoami, 0, "Unable to delete user contact for %s",
4717 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4719 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4723 name_v[0] = user_name;
4724 sprintf(upn, "%s@%s", user_name, ldap_domain);
4725 userPrincipalName_v[0] = upn;
4726 principal_v[0] = principal;
4727 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4728 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4729 altSecurityIdentities_v[0] = temp;
4730 samAccountName_v[0] = user_name;
4732 mail_nickname_v[0] = user_name;
4733 proxy_address_v[0] = proxy_address;
4734 query_base_dn_v[0] = query_base_dn;
4737 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4738 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4739 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4740 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4742 if(!ActiveDirectory)
4744 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4745 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4746 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4747 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4752 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4753 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4754 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4755 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4759 mail_v[0] = contact_mail;
4760 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4762 if(!ActiveDirectory)
4764 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4771 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4773 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4775 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4778 "Unable to modify user data for %s after renaming : %s",
4779 user_name, ldap_err2string(rc));
4782 for (i = 0; i < n; i++)
4788 int user_create(int ac, char **av, void *ptr)
4792 char user_name[256];
4796 char contact_mail[256];
4797 char proxy_address[256];
4798 char mail_nickname[256];
4799 char query_base_dn[256];
4800 char displayName[256];
4801 char address_book[256];
4802 char alt_recipient[256];
4803 char *cn_v[] = {NULL, NULL};
4804 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4806 char *objectClass_ldap_v[] = {"top",
4807 "eduPerson", "posixAccount",
4808 "apple-user", "shadowAccount",
4809 "microsoftComTop", "securityPrincipal",
4810 "inetOrgPerson", "user",
4811 "organizationalPerson", "person",
4812 "mailRecipient", NULL};
4814 char *samAccountName_v[] = {NULL, NULL};
4815 char *altSecurityIdentities_v[] = {NULL, NULL};
4816 char *mitMoiraId_v[] = {NULL, NULL};
4817 char *mitMoiraClass_v[] = {NULL, NULL};
4818 char *mitMoiraStatus_v[] = {NULL, NULL};
4819 char *name_v[] = {NULL, NULL};
4820 char *desc_v[] = {NULL, NULL};
4821 char *userPrincipalName_v[] = {NULL, NULL};
4822 char *userAccountControl_v[] = {NULL, NULL};
4823 char *uid_v[] = {NULL, NULL};
4824 char *gid_v[] = {NULL, NULL};
4825 char *mitid_v[] = {NULL, NULL};
4826 char *homedir_v[] = {NULL, NULL};
4827 char *winProfile_v[] = {NULL, NULL};
4828 char *drives_v[] = {NULL, NULL};
4829 char *mail_v[] = {NULL, NULL};
4830 char *givenName_v[] = {NULL, NULL};
4831 char *sn_v[] = {NULL, NULL};
4832 char *initials_v[] = {NULL, NULL};
4833 char *displayName_v[] = {NULL, NULL};
4834 char *proxy_address_v[] = {NULL, NULL};
4835 char *mail_nickname_v[] = {NULL, NULL};
4836 char *query_base_dn_v[] = {NULL, NULL};
4837 char *address_book_v[] = {NULL, NULL};
4838 char *homeMDB_v[] = {NULL, NULL};
4839 char *homeServerName_v[] = {NULL, NULL};
4840 char *mdbUseDefaults_v[] = {NULL, NULL};
4841 char *mailbox_guid_v[] = {NULL, NULL};
4842 char *user_culture_v[] = {NULL, NULL};
4843 char *user_account_control_v[] = {NULL, NULL};
4844 char *msexch_version_v[] = {NULL, NULL};
4845 char *alt_recipient_v[] = {NULL, NULL};
4846 char *hide_address_lists_v[] = {NULL, NULL};
4847 char *principal_v[] = {NULL, NULL};
4848 char *loginshell_v[] = {NULL, NULL};
4849 char userAccountControlStr[80];
4851 char principal[256];
4852 char filter_exp[1024];
4853 char search_path[512];
4854 char *attr_array[3];
4855 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4856 UF_PASSWD_CANT_CHANGE;
4862 char WinHomeDir[1024];
4863 char WinProfileDir[1024];
4865 char *homeServerName;
4867 char acBERBuf[N_SD_BER_BYTES];
4868 LK_ENTRY *group_base;
4870 char TemplateDn[512];
4871 char TemplateSamName[128];
4872 LDAP_BERVAL **ppsValues;
4873 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4874 { N_SD_BER_BYTES, acBERBuf },
4876 LDAPControl *apsServerControls[] = {&sControl, NULL};
4880 char search_string[256];
4881 char *o_v[] = {NULL, NULL};
4883 char *mail_routing_v[] = {NULL, NULL};
4888 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4889 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4890 BEREncodeSecurityBits(dwInfo, acBERBuf);
4892 if (!check_string(av[U_NAME]))
4894 callback_rc = AD_INVALID_NAME;
4895 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4897 return(AD_INVALID_NAME);
4900 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4901 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4902 memset(displayName, '\0', sizeof(displayName));
4903 memset(query_base_dn, '\0', sizeof(query_base_dn));
4904 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4905 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4906 strcpy(user_name, av[U_NAME]);
4907 sprintf(upn, "%s@%s", user_name, ldap_domain);
4908 sprintf(sam_name, "%s", av[U_NAME]);
4910 if(strlen(av[U_FIRST])) {
4911 strcat(displayName, av[U_FIRST]);
4914 if(strlen(av[U_MIDDLE])) {
4915 if(strlen(av[U_FIRST]))
4916 strcat(displayName, " ");
4918 strcat(displayName, av[U_MIDDLE]);
4921 if(strlen(av[U_LAST])) {
4922 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4923 strcat(displayName, " ");
4925 strcat(displayName, av[U_LAST]);
4928 samAccountName_v[0] = sam_name;
4929 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4930 (atoi(av[U_STATE]) != US_REGISTERED))
4932 userAccountControl |= UF_ACCOUNTDISABLE;
4936 hide_address_lists_v[0] = "TRUE";
4937 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4942 sprintf(userAccountControlStr, "%ld", userAccountControl);
4943 userAccountControl_v[0] = userAccountControlStr;
4944 userPrincipalName_v[0] = upn;
4947 cn_v[0] = user_name;
4949 cn_v[0] = displayName;
4951 name_v[0] = user_name;
4952 desc_v[0] = "Auto account created by Moira";
4954 givenName_v[0] = av[U_FIRST];
4957 sn_v[0] = av[U_LAST];
4959 if(strlen(av[U_LAST]))
4960 sn_v[0] = av[U_LAST];
4962 sn_v[0] = av[U_NAME];
4964 displayName_v[0] = displayName;
4965 mail_nickname_v[0] = user_name;
4966 o_v[0] = "Massachusetts Institute of Technology";
4968 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4969 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4970 altSecurityIdentities_v[0] = temp;
4971 principal_v[0] = principal;
4974 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4976 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4978 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4979 sprintf(contact_mail, "%s@mit.edu", user_name);
4980 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4981 query_base_dn_v[0] = query_base_dn;
4982 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4984 sprintf(search_string, "@%s", uppercase(ldap_domain));
4988 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4991 com_err(whoami, 0, "Unable to create user contact %s",
4995 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4998 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5002 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5003 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5005 homeMDB_v[0] = homeMDB;
5006 homeServerName_v[0] = homeServerName;
5011 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5015 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5019 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5022 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5023 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5024 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5025 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5026 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5030 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5031 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5032 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5033 mdbUseDefaults_v[0] = "TRUE";
5034 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5035 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5037 argv[0] = user_name;
5039 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5041 if(!strcmp(save_argv[1], "EXCHANGE") ||
5042 (strstr(save_argv[3], search_string) != NULL))
5044 argv[0] = exchange_acl;
5046 argv[2] = user_name;
5048 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5050 if ((rc) && (rc != MR_EXISTS))
5052 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5053 user_name, exchange_acl, error_message(rc));
5058 alt_recipient_v[0] = alt_recipient;
5059 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5064 alt_recipient_v[0] = alt_recipient;
5065 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5067 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5072 mail_v[0] = contact_mail;
5073 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5075 if(!ActiveDirectory)
5077 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5081 if(strlen(av[U_FIRST])) {
5082 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5085 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5086 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5089 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5090 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5092 if(!ActiveDirectory)
5094 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5097 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5099 if(!ActiveDirectory)
5101 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5105 if (strlen(av[U_MIDDLE]) == 1) {
5106 initials_v[0] = av[U_MIDDLE];
5107 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5110 if (strlen(call_args[2]) != 0)
5112 mitMoiraId_v[0] = call_args[2];
5113 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5116 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5118 if(!ActiveDirectory)
5120 loginshell_v[0] = av[U_SHELL];
5121 mitMoiraClass_v[0] = av[U_CLASS];
5122 mitMoiraStatus_v[0] = av[U_STATE];
5123 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5124 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5125 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5126 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5127 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5128 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5131 if (strlen(av[U_UID]) != 0)
5133 uid_v[0] = av[U_UID];
5137 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5142 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5143 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5150 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5154 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5159 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5160 mitid_v[0] = av[U_MITID];
5162 mitid_v[0] = "none";
5164 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5166 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5167 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5168 drives_v, mods, LDAP_MOD_ADD, n);
5172 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5173 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5174 attr_array[0] = "sAMAccountName";
5175 attr_array[1] = NULL;
5179 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5180 attr_array, &group_base, &group_count,
5181 LDAP_SCOPE_SUBTREE) != 0))
5184 if (group_count != 1)
5186 com_err(whoami, 0, "Unable to process user security template: %s - "
5187 "security not set", "UserTemplate.u");
5191 strcpy(TemplateDn, group_base->dn);
5192 strcpy(TemplateSamName, group_base->value);
5193 linklist_free(group_base);
5197 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5198 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5199 apsServerControls, NULL,
5202 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5204 com_err(whoami, 0, "Unable to find user security template: %s - "
5205 "security not set", "UserTemplate.u");
5209 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5210 "ntSecurityDescriptor");
5211 if (ppsValues == NULL)
5213 com_err(whoami, 0, "Unable to find user security template: %s - "
5214 "security not set", "UserTemplate.u");
5218 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5219 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5224 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5226 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5228 OldUseSFU30 = UseSFU30;
5229 SwitchSFU(mods, &UseSFU30, n);
5230 if (OldUseSFU30 != UseSFU30)
5231 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5234 for (i = 0; i < n; i++)
5237 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5239 com_err(whoami, 0, "Unable to create user %s : %s",
5240 user_name, ldap_err2string(rc));
5245 if ((rc == LDAP_SUCCESS) && (SetPassword))
5247 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5249 ad_kdc_disconnect();
5250 if (!ad_server_connect(default_server, ldap_domain))
5252 com_err(whoami, 0, "Unable to set password for user %s : %s",
5254 "cannot get changepw ticket from windows domain");
5258 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5260 com_err(whoami, 0, "Unable to set password for user %s "
5261 ": %ld", user_name, rc);
5267 if(!ActiveDirectory)
5269 if (rc = moira_connect())
5271 critical_alert("Ldap incremental",
5272 "Error contacting Moira server : %s",
5277 argv[0] = user_name;
5279 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5282 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5284 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5286 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5291 "Unable to set the mailRoutingAddress for %s : %s",
5292 user_name, ldap_err2string(rc));
5294 p = strdup(save_argv[3]);
5296 if((c = strchr(p, ',')) != NULL) {
5300 if ((c = strchr(q, '@')) == NULL)
5301 sprintf(temp, "%s@mit.edu", q);
5303 sprintf(temp, "%s", q);
5305 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5307 mail_routing_v[0] = temp;
5310 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5312 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5314 if (rc == LDAP_ALREADY_EXISTS ||
5315 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5320 "Unable to set the mailRoutingAddress for %s : %s",
5321 user_name, ldap_err2string(rc));
5324 while((q = strtok(NULL, ",")) != NULL) {
5327 if((c = strchr(q, '@')) == NULL)
5328 sprintf(temp, "%s@mit.edu", q);
5330 sprintf(temp, "%s", q);
5332 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5334 mail_routing_v[0] = temp;
5337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5339 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5341 if (rc == LDAP_ALREADY_EXISTS ||
5342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5347 "Unable to set the mailRoutingAddress for %s : %s",
5348 user_name, ldap_err2string(rc));
5354 if((c = strchr(p, '@')) == NULL)
5355 sprintf(temp, "%s@mit.edu", p);
5357 sprintf(temp, "%s", p);
5359 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5361 mail_routing_v[0] = temp;
5364 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5366 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5368 if (rc == LDAP_ALREADY_EXISTS ||
5369 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5374 "Unable to set the mailRoutingAddress for %s : %s",
5375 user_name, ldap_err2string(rc));
5385 int user_change_status(LDAP *ldap_handle, char *dn_path,
5386 char *user_name, char *MoiraId,
5390 char *attr_array[3];
5392 char distinguished_name[1024];
5394 char *mitMoiraId_v[] = {NULL, NULL};
5396 LK_ENTRY *group_base;
5403 if (!check_string(user_name))
5405 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5407 return(AD_INVALID_NAME);
5413 if (strlen(MoiraId) != 0)
5415 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5416 attr_array[0] = "UserAccountControl";
5417 attr_array[1] = NULL;
5418 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5419 &group_base, &group_count,
5420 LDAP_SCOPE_SUBTREE)) != 0)
5422 com_err(whoami, 0, "Unable to process user %s : %s",
5423 user_name, ldap_err2string(rc));
5428 if (group_count != 1)
5430 linklist_free(group_base);
5433 sprintf(filter, "(sAMAccountName=%s)", user_name);
5434 attr_array[0] = "UserAccountControl";
5435 attr_array[1] = NULL;
5436 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5437 &group_base, &group_count,
5438 LDAP_SCOPE_SUBTREE)) != 0)
5440 com_err(whoami, 0, "Unable to process user %s : %s",
5441 user_name, ldap_err2string(rc));
5446 if (group_count != 1)
5448 linklist_free(group_base);
5449 com_err(whoami, 0, "Unable to find user %s in directory",
5451 return(LDAP_NO_SUCH_OBJECT);
5454 strcpy(distinguished_name, group_base->dn);
5455 ulongValue = atoi((*group_base).value);
5457 if (operation == MEMBER_DEACTIVATE)
5458 ulongValue |= UF_ACCOUNTDISABLE;
5460 ulongValue &= ~UF_ACCOUNTDISABLE;
5462 sprintf(temp, "%ld", ulongValue);
5464 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5465 temp, &modvalues, REPLACE)) == 1)
5468 linklist_free(group_base);
5472 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5474 if (strlen(MoiraId) != 0)
5476 mitMoiraId_v[0] = MoiraId;
5477 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5481 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5483 for (i = 0; i < n; i++)
5486 free_values(modvalues);
5488 if (rc != LDAP_SUCCESS)
5490 com_err(whoami, 0, "Unable to change status of user %s : %s",
5491 user_name, ldap_err2string(rc));
5498 int user_delete(LDAP *ldap_handle, char *dn_path,
5499 char *u_name, char *MoiraId)
5502 char *attr_array[3];
5503 char distinguished_name[1024];
5504 char user_name[512];
5505 LK_ENTRY *group_base;
5510 if (!check_string(u_name))
5511 return(AD_INVALID_NAME);
5513 strcpy(user_name, u_name);
5517 if (strlen(MoiraId) != 0)
5519 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5520 attr_array[0] = "name";
5521 attr_array[1] = NULL;
5522 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5523 &group_base, &group_count,
5524 LDAP_SCOPE_SUBTREE)) != 0)
5526 com_err(whoami, 0, "Unable to process user %s : %s",
5527 user_name, ldap_err2string(rc));
5532 if (group_count != 1)
5534 linklist_free(group_base);
5537 sprintf(filter, "(sAMAccountName=%s)", user_name);
5538 attr_array[0] = "name";
5539 attr_array[1] = NULL;
5540 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5541 &group_base, &group_count,
5542 LDAP_SCOPE_SUBTREE)) != 0)
5544 com_err(whoami, 0, "Unable to process user %s : %s",
5545 user_name, ldap_err2string(rc));
5550 if (group_count != 1)
5555 strcpy(distinguished_name, group_base->dn);
5557 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5559 com_err(whoami, 0, "Unable to process user %s : %s",
5560 user_name, ldap_err2string(rc));
5563 /* Need to add code to delete mit.edu contact */
5567 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5569 if(rc = ldap_delete_s(ldap_handle, temp))
5571 com_err(whoami, 0, "Unable to delete user contact for %s",
5577 linklist_free(group_base);
5582 void linklist_free(LK_ENTRY *linklist_base)
5584 LK_ENTRY *linklist_previous;
5586 while (linklist_base != NULL)
5588 if (linklist_base->dn != NULL)
5589 free(linklist_base->dn);
5591 if (linklist_base->attribute != NULL)
5592 free(linklist_base->attribute);
5594 if (linklist_base->value != NULL)
5595 free(linklist_base->value);
5597 if (linklist_base->member != NULL)
5598 free(linklist_base->member);
5600 if (linklist_base->type != NULL)
5601 free(linklist_base->type);
5603 if (linklist_base->list != NULL)
5604 free(linklist_base->list);
5606 linklist_previous = linklist_base;
5607 linklist_base = linklist_previous->next;
5608 free(linklist_previous);
5612 void free_values(char **modvalues)
5618 if (modvalues != NULL)
5620 while (modvalues[i] != NULL)
5623 modvalues[i] = NULL;
5630 static int illegalchars[] = {
5631 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5633 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5634 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5635 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5637 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5638 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5639 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5640 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5641 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5642 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5643 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5644 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5645 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5646 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5649 static int illegalchars_ldap[] = {
5650 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5651 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5652 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5653 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5654 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5655 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5656 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5657 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5664 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5665 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5668 int check_string(char *s)
5679 if (isupper(character))
5680 character = tolower(character);
5684 if (illegalchars[(unsigned) character])
5686 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5687 character, (unsigned) character, string);
5693 if (illegalchars_ldap[(unsigned) character])
5695 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5696 character, (unsigned) character, string);
5705 int check_container_name(char *s)
5713 if (isupper(character))
5714 character = tolower(character);
5716 if (character == ' ')
5719 if (illegalchars[(unsigned) character])
5726 int mr_connect_cl(char *server, char *client, int version, int auth)
5732 status = mr_connect(server);
5736 com_err(whoami, status, "while connecting to Moira");
5740 status = mr_motd(&motd);
5745 com_err(whoami, status, "while checking server status");
5751 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5752 com_err(whoami, status, temp);
5757 status = mr_version(version);
5761 if (status == MR_UNKNOWN_PROC)
5764 status = MR_VERSION_HIGH;
5766 status = MR_SUCCESS;
5769 if (status == MR_VERSION_HIGH)
5771 com_err(whoami, 0, "Warning: This client is running newer code "
5772 "than the server.");
5773 com_err(whoami, 0, "Some operations may not work.");
5775 else if (status && status != MR_VERSION_LOW)
5777 com_err(whoami, status, "while setting query version number.");
5785 status = mr_krb5_auth(client);
5788 com_err(whoami, status, "while authenticating to Moira.");
5797 void AfsToWinAfs(char* path, char* winPath)
5801 strcpy(winPath, WINAFS);
5802 pathPtr = path + strlen(AFS);
5803 winPathPtr = winPath + strlen(WINAFS);
5807 if (*pathPtr == '/')
5810 *winPathPtr = *pathPtr;
5817 int GetAceInfo(int ac, char **av, void *ptr)
5824 strcpy(call_args[0], av[L_ACE_TYPE]);
5825 strcpy(call_args[1], av[L_ACE_NAME]);
5827 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5828 return(LDAP_SUCCESS);
5831 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5834 char *attr_array[3];
5837 LK_ENTRY *group_base;
5842 sprintf(filter, "(sAMAccountName=%s)", Name);
5843 attr_array[0] = "sAMAccountName";
5844 attr_array[1] = NULL;
5846 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5847 &group_base, &group_count,
5848 LDAP_SCOPE_SUBTREE)) != 0)
5850 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5851 Name, ldap_err2string(rc));
5855 linklist_free(group_base);
5858 if (group_count == 0)
5866 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5867 int UpdateGroup, int *ProcessGroup, char *maillist)
5870 char GroupName[256];
5876 char AceMembership[2];
5879 char *save_argv[U_END];
5883 com_err(whoami, 0, "ProcessAce disabled, skipping");
5887 strcpy(GroupName, Name);
5889 if (strcasecmp(Type, "LIST"))
5895 AceInfo[0] = AceType;
5896 AceInfo[1] = AceName;
5897 AceInfo[2] = AceMembership;
5899 memset(AceType, '\0', sizeof(AceType));
5900 memset(AceName, '\0', sizeof(AceName));
5901 memset(AceMembership, '\0', sizeof(AceMembership));
5902 memset(AceOu, '\0', sizeof(AceOu));
5905 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5907 if(rc != MR_NO_MATCH)
5908 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5909 GroupName, error_message(rc));
5916 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5920 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5923 strcpy(temp, AceName);
5925 if (!strcasecmp(AceType, "LIST"))
5926 sprintf(temp, "%s%s", AceName, group_suffix);
5930 if (checkADname(ldap_handle, dn_path, temp))
5933 (*ProcessGroup) = 1;
5936 if (!strcasecmp(AceInfo[0], "LIST"))
5938 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5939 AceMembership, 0, UpdateGroup, maillist))
5942 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5945 else if (!strcasecmp(AceInfo[0], "USER"))
5948 call_args[0] = (char *)ldap_handle;
5949 call_args[1] = dn_path;
5951 call_args[3] = NULL;
5954 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5955 !strcasecmp(AceName, TEST_PRINCIPAL))
5960 if (rc = mr_query("get_user_account_by_login", 1, av,
5961 save_query_info, save_argv))
5963 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5968 if (rc = user_create(U_END, save_argv, call_args))
5970 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5977 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5987 if (!strcasecmp(AceType, "LIST"))
5989 if (!strcasecmp(GroupName, AceName))
5993 strcpy(GroupName, AceName);
5999 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6000 char *group_name, char *group_ou, char *group_membership,
6001 int group_security_flag, int updateGroup, char *maillist)
6006 LK_ENTRY *group_base;
6009 char *attr_array[3];
6012 call_args[0] = (char *)ldap_handle;
6013 call_args[1] = dn_path;
6014 call_args[2] = group_name;
6015 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6016 call_args[4] = (char *)updateGroup;
6017 call_args[5] = MoiraId;
6019 call_args[7] = NULL;
6025 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6028 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6036 com_err(whoami, 0, "Unable to create list %s", group_name);
6037 return(callback_rc);
6043 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6044 char *group_ou, char *group_membership,
6045 int group_security_flag, char *MoiraId,
6061 char *member_v[] = {NULL, NULL};
6062 char *save_argv[U_END];
6063 char machine_ou[256];
6064 char NewMachineName[1024];
6066 com_err(whoami, 0, "Populating group %s", group_name);
6068 call_args[0] = (char *)ldap_handle;
6069 call_args[1] = dn_path;
6070 call_args[2] = group_name;
6071 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6073 call_args[4] = NULL;
6077 if (rc = mr_query("get_end_members_of_list", 1, av,
6078 member_list_build, call_args))
6083 com_err(whoami, 0, "Unable to populate list %s : %s",
6084 group_name, error_message(rc));
6088 if (member_base != NULL)
6094 if (!strcasecmp(ptr->type, "LIST"))
6100 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6106 if(!strcasecmp(ptr->type, "USER"))
6108 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6109 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6121 if(max_group_members && !synchronize && (group_members > max_group_members))
6124 "Group %s membership of %d exceeds maximum %d, skipping",
6125 group_name, group_members, max_group_members);
6129 members = (char **)malloc(sizeof(char *) * 2);
6131 if (member_base != NULL)
6137 if (!strcasecmp(ptr->type, "LIST"))
6143 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6149 if(!strcasecmp(ptr->type, "USER"))
6151 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6152 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6158 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6159 "")) == AD_NO_USER_FOUND)
6161 com_err(whoami, 0, "creating user %s", ptr->member);
6163 av[0] = ptr->member;
6164 call_args[0] = (char *)ldap_handle;
6165 call_args[1] = dn_path;
6167 call_args[3] = NULL;
6170 if (rc = mr_query("get_user_account_by_login", 1, av,
6171 save_query_info, save_argv))
6173 com_err(whoami, 0, "Unable to create user %s "
6174 "while populating group %s.", ptr->member,
6180 if (rc = user_create(U_END, save_argv, call_args))
6182 com_err(whoami, 0, "Unable to create user %s "
6183 "while populating group %s.", ptr->member,
6191 com_err(whoami, 0, "Unable to create user %s "
6192 "while populating group %s", ptr->member,
6203 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6208 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6212 else if (!strcasecmp(ptr->type, "STRING"))
6214 if (contact_create(ldap_handle, dn_path, ptr->member,
6218 pUserOu = contact_ou;
6219 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6222 else if (!strcasecmp(ptr->type, "KERBEROS"))
6224 if (contact_create(ldap_handle, dn_path, ptr->member,
6228 pUserOu = kerberos_ou;
6229 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6232 else if (!strcasecmp(ptr->type, "MACHINE"))
6234 memset(machine_ou, '\0', sizeof(machine_ou));
6235 memset(NewMachineName, '\0', sizeof(NewMachineName));
6237 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6238 machine_ou, NewMachineName))
6240 pUserOu = machine_ou;
6241 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6252 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6253 members[i++] = strdup(member);
6258 linklist_free(member_base);
6264 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6266 if(GroupPopulateDelete)
6269 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6272 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6273 mods)) != LDAP_SUCCESS)
6276 "Unable to populate group membership for %s: %s",
6277 group_dn, ldap_err2string(rc));
6280 for (i = 0; i < n; i++)
6285 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6288 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6289 mods)) != LDAP_SUCCESS)
6292 "Unable to populate group membership for %s: %s",
6293 group_dn, ldap_err2string(rc));
6296 for (i = 0; i < n; i++)
6304 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6305 char *group_name, char *group_ou, char *group_membership,
6306 int group_security_flag, int type, char *maillist)
6308 char before_desc[512];
6309 char before_name[256];
6310 char before_group_ou[256];
6311 char before_group_membership[2];
6312 char distinguishedName[256];
6313 char ad_distinguishedName[256];
6315 char *attr_array[3];
6316 int before_security_flag;
6319 LK_ENTRY *group_base;
6322 char ou_security[512];
6323 char ou_distribution[512];
6324 char ou_neither[512];
6327 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6328 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6330 memset(filter, '\0', sizeof(filter));
6334 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6336 "samAccountName", &group_base,
6337 &group_count, filter))
6340 if (type == CHECK_GROUPS)
6342 if (group_count == 1)
6344 strcpy(group_dn, group_base->dn);
6346 if (!strcasecmp(group_dn, distinguishedName))
6348 linklist_free(group_base);
6353 linklist_free(group_base);
6355 if (group_count == 0)
6356 return(AD_NO_GROUPS_FOUND);
6358 if (group_count == 1)
6359 return(AD_WRONG_GROUP_DN_FOUND);
6361 return(AD_MULTIPLE_GROUPS_FOUND);
6364 if (group_count == 0)
6366 return(AD_NO_GROUPS_FOUND);
6369 if (group_count > 1)
6373 strcpy(group_dn, ptr->dn);
6377 if (!strcasecmp(group_dn, ptr->value))
6385 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6391 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6395 linklist_free(group_base);
6396 return(AD_MULTIPLE_GROUPS_FOUND);
6403 strcpy(group_dn, ptr->dn);
6405 if (strcasecmp(group_dn, ptr->value))
6406 rc = ldap_delete_s(ldap_handle, ptr->value);
6411 linklist_free(group_base);
6412 memset(filter, '\0', sizeof(filter));
6416 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6418 "samAccountName", &group_base,
6419 &group_count, filter))
6422 if (group_count == 0)
6423 return(AD_NO_GROUPS_FOUND);
6425 if (group_count > 1)
6426 return(AD_MULTIPLE_GROUPS_FOUND);
6429 strcpy(ad_distinguishedName, group_base->dn);
6430 linklist_free(group_base);
6434 attr_array[0] = "sAMAccountName";
6435 attr_array[1] = NULL;
6437 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6438 &group_base, &group_count,
6439 LDAP_SCOPE_SUBTREE)) != 0)
6441 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6442 MoiraId, ldap_err2string(rc));
6446 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6448 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6450 linklist_free(group_base);
6456 linklist_free(group_base);
6459 memset(ou_both, '\0', sizeof(ou_both));
6460 memset(ou_security, '\0', sizeof(ou_security));
6461 memset(ou_distribution, '\0', sizeof(ou_distribution));
6462 memset(ou_neither, '\0', sizeof(ou_neither));
6463 memset(before_name, '\0', sizeof(before_name));
6464 memset(before_desc, '\0', sizeof(before_desc));
6465 memset(before_group_membership, '\0', sizeof(before_group_membership));
6467 attr_array[0] = "name";
6468 attr_array[1] = NULL;
6470 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6471 &group_base, &group_count,
6472 LDAP_SCOPE_SUBTREE)) != 0)
6474 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6475 MoiraId, ldap_err2string(rc));
6479 strcpy(before_name, group_base->value);
6480 linklist_free(group_base);
6484 attr_array[0] = "description";
6485 attr_array[1] = NULL;
6487 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6488 &group_base, &group_count,
6489 LDAP_SCOPE_SUBTREE)) != 0)
6492 "Unable to get list description with MoiraId = %s: %s",
6493 MoiraId, ldap_err2string(rc));
6497 if (group_count != 0)
6499 strcpy(before_desc, group_base->value);
6500 linklist_free(group_base);
6505 change_to_lower_case(ad_distinguishedName);
6506 strcpy(ou_both, group_ou_both);
6507 change_to_lower_case(ou_both);
6508 strcpy(ou_security, group_ou_security);
6509 change_to_lower_case(ou_security);
6510 strcpy(ou_distribution, group_ou_distribution);
6511 change_to_lower_case(ou_distribution);
6512 strcpy(ou_neither, group_ou_neither);
6513 change_to_lower_case(ou_neither);
6515 if (strstr(ad_distinguishedName, ou_both))
6517 strcpy(before_group_ou, group_ou_both);
6518 before_group_membership[0] = 'B';
6519 before_security_flag = 1;
6521 else if (strstr(ad_distinguishedName, ou_security))
6523 strcpy(before_group_ou, group_ou_security);
6524 before_group_membership[0] = 'S';
6525 before_security_flag = 1;
6527 else if (strstr(ad_distinguishedName, ou_distribution))
6529 strcpy(before_group_ou, group_ou_distribution);
6530 before_group_membership[0] = 'D';
6531 before_security_flag = 0;
6533 else if (strstr(ad_distinguishedName, ou_neither))
6535 strcpy(before_group_ou, group_ou_neither);
6536 before_group_membership[0] = 'N';
6537 before_security_flag = 0;
6540 return(AD_NO_OU_FOUND);
6542 rc = group_rename(ldap_handle, dn_path, before_name,
6543 before_group_membership,
6544 before_group_ou, before_security_flag, before_desc,
6545 group_name, group_membership, group_ou,
6546 group_security_flag,
6547 before_desc, MoiraId, filter, maillist);
6552 void change_to_lower_case(char *ptr)
6556 for (i = 0; i < (int)strlen(ptr); i++)
6558 ptr[i] = tolower(ptr[i]);
6562 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6563 char *group_name, char *group_membership,
6564 char *MoiraId, char *attribute,
6565 LK_ENTRY **linklist_base, int *linklist_count,
6570 char *attr_array[3];
6574 (*linklist_base) = NULL;
6575 (*linklist_count) = 0;
6577 if (strlen(rFilter) != 0)
6579 strcpy(filter, rFilter);
6580 attr_array[0] = attribute;
6581 attr_array[1] = NULL;
6583 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6584 linklist_base, linklist_count,
6585 LDAP_SCOPE_SUBTREE)) != 0)
6587 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6588 MoiraId, ldap_err2string(rc));
6592 if ((*linklist_count) == 1)
6594 strcpy(rFilter, filter);
6599 linklist_free((*linklist_base));
6600 (*linklist_base) = NULL;
6601 (*linklist_count) = 0;
6603 if (strlen(MoiraId) != 0)
6605 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6607 attr_array[0] = attribute;
6608 attr_array[1] = NULL;
6610 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6611 linklist_base, linklist_count,
6612 LDAP_SCOPE_SUBTREE)) != 0)
6614 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6615 MoiraId, ldap_err2string(rc));
6620 if ((*linklist_count) > 1)
6622 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6623 pPtr = (*linklist_base);
6627 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6632 linklist_free((*linklist_base));
6633 (*linklist_base) = NULL;
6634 (*linklist_count) = 0;
6637 if ((*linklist_count) == 1)
6640 pPtr = (*linklist_base);
6641 dn = strdup(pPtr->dn);
6644 if (!memcmp(dn, group_name, strlen(group_name)))
6646 strcpy(rFilter, filter);
6651 linklist_free((*linklist_base));
6652 (*linklist_base) = NULL;
6653 (*linklist_count) = 0;
6654 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6656 attr_array[0] = attribute;
6657 attr_array[1] = NULL;
6659 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6660 linklist_base, linklist_count,
6661 LDAP_SCOPE_SUBTREE)) != 0)
6663 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6664 MoiraId, ldap_err2string(rc));
6668 if ((*linklist_count) == 1)
6670 strcpy(rFilter, filter);
6677 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6680 char *attr_array[3];
6681 char SamAccountName[64];
6684 LK_ENTRY *group_base;
6690 if (strlen(MoiraId) != 0)
6692 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6694 attr_array[0] = "sAMAccountName";
6695 attr_array[1] = NULL;
6696 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6697 &group_base, &group_count,
6698 LDAP_SCOPE_SUBTREE)) != 0)
6700 com_err(whoami, 0, "Unable to process user %s : %s",
6701 UserName, ldap_err2string(rc));
6705 if (group_count > 1)
6707 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6713 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6714 gPtr->value, MoiraId);
6720 if (group_count != 1)
6722 linklist_free(group_base);
6725 sprintf(filter, "(sAMAccountName=%s)", UserName);
6726 attr_array[0] = "sAMAccountName";
6727 attr_array[1] = NULL;
6729 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6730 &group_base, &group_count,
6731 LDAP_SCOPE_SUBTREE)) != 0)
6733 com_err(whoami, 0, "Unable to process user %s : %s",
6734 UserName, ldap_err2string(rc));
6739 if (group_count != 1)
6741 linklist_free(group_base);
6742 return(AD_NO_USER_FOUND);
6745 strcpy(SamAccountName, group_base->value);
6746 linklist_free(group_base);
6750 if (strcmp(SamAccountName, UserName))
6753 "User object %s with MoiraId %s has mismatched usernames "
6754 "(LDAP username %s, Moira username %s)", SamAccountName,
6755 MoiraId, SamAccountName, UserName);
6761 void container_get_dn(char *src, char *dest)
6768 memset(array, '\0', 20 * sizeof(array[0]));
6770 if (strlen(src) == 0)
6792 strcpy(dest, "OU=");
6796 strcat(dest, array[n-1]);
6800 strcat(dest, ",OU=");
6807 void container_get_name(char *src, char *dest)
6812 if (strlen(src) == 0)
6832 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6839 strcpy(cName, name);
6841 for (i = 0; i < (int)strlen(cName); i++)
6843 if (cName[i] == '/')
6846 av[CONTAINER_NAME] = cName;
6847 av[CONTAINER_DESC] = "";
6848 av[CONTAINER_LOCATION] = "";
6849 av[CONTAINER_CONTACT] = "";
6850 av[CONTAINER_TYPE] = "";
6851 av[CONTAINER_ID] = "";
6852 av[CONTAINER_ROWID] = "";
6853 rc = container_create(ldap_handle, dn_path, 7, av);
6855 if (rc == LDAP_SUCCESS)
6857 com_err(whoami, 0, "container %s created without a mitMoiraId",
6866 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6867 char **before, int afterc, char **after)
6872 char new_dn_path[256];
6874 char distinguishedName[256];
6879 memset(cName, '\0', sizeof(cName));
6880 container_get_name(after[CONTAINER_NAME], cName);
6882 if (!check_container_name(cName))
6884 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6886 return(AD_INVALID_NAME);
6889 memset(distinguishedName, '\0', sizeof(distinguishedName));
6891 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6892 distinguishedName, beforec, before))
6895 if (strlen(distinguishedName) == 0)
6897 rc = container_create(ldap_handle, dn_path, afterc, after);
6901 strcpy(temp, after[CONTAINER_NAME]);
6904 for (i = 0; i < (int)strlen(temp); i++)
6914 container_get_dn(temp, dName);
6916 if (strlen(temp) != 0)
6917 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6919 sprintf(new_dn_path, "%s", dn_path);
6921 sprintf(new_cn, "OU=%s", cName);
6923 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6925 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6926 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6928 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6929 before[CONTAINER_NAME], after[CONTAINER_NAME],
6930 ldap_err2string(rc));
6934 memset(dName, '\0', sizeof(dName));
6935 container_get_dn(after[CONTAINER_NAME], dName);
6936 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6941 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6943 char distinguishedName[256];
6946 memset(distinguishedName, '\0', sizeof(distinguishedName));
6948 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6949 distinguishedName, count, av))
6952 if (strlen(distinguishedName) == 0)
6955 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6957 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6958 container_move_objects(ldap_handle, dn_path, distinguishedName);
6960 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6961 av[CONTAINER_NAME], ldap_err2string(rc));
6967 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6969 char *attr_array[3];
6970 LK_ENTRY *group_base;
6973 char *objectClass_v[] = {"top",
6974 "organizationalUnit",
6977 char *ou_v[] = {NULL, NULL};
6978 char *name_v[] = {NULL, NULL};
6979 char *moiraId_v[] = {NULL, NULL};
6980 char *desc_v[] = {NULL, NULL};
6981 char *managedBy_v[] = {NULL, NULL};
6984 char managedByDN[256];
6991 memset(filter, '\0', sizeof(filter));
6992 memset(dName, '\0', sizeof(dName));
6993 memset(cName, '\0', sizeof(cName));
6994 memset(managedByDN, '\0', sizeof(managedByDN));
6995 container_get_dn(av[CONTAINER_NAME], dName);
6996 container_get_name(av[CONTAINER_NAME], cName);
6998 if ((strlen(cName) == 0) || (strlen(dName) == 0))
7000 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7002 return(AD_INVALID_NAME);
7005 if (!check_container_name(cName))
7007 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7009 return(AD_INVALID_NAME);
7013 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
7015 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
7017 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
7019 if (strlen(av[CONTAINER_ROWID]) != 0)
7021 moiraId_v[0] = av[CONTAINER_ROWID];
7022 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7025 if (strlen(av[CONTAINER_DESC]) != 0)
7027 desc_v[0] = av[CONTAINER_DESC];
7028 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7031 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7033 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7035 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7038 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7039 kerberos_ou, dn_path);
7040 managedBy_v[0] = managedByDN;
7041 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7046 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7048 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7049 "(objectClass=user)))", av[CONTAINER_ID]);
7052 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7054 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7058 if (strlen(filter) != 0)
7060 attr_array[0] = "distinguishedName";
7061 attr_array[1] = NULL;
7064 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7066 &group_base, &group_count,
7067 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7069 if (group_count == 1)
7071 strcpy(managedByDN, group_base->value);
7072 managedBy_v[0] = managedByDN;
7073 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7075 linklist_free(group_base);
7085 sprintf(temp, "%s,%s", dName, dn_path);
7086 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7088 for (i = 0; i < n; i++)
7091 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7093 com_err(whoami, 0, "Unable to create container %s : %s",
7094 cName, ldap_err2string(rc));
7098 if (rc == LDAP_ALREADY_EXISTS)
7100 if (strlen(av[CONTAINER_ROWID]) != 0)
7101 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7107 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7108 char **before, int afterc, char **after)
7110 char distinguishedName[256];
7113 memset(distinguishedName, '\0', sizeof(distinguishedName));
7115 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7116 distinguishedName, afterc, after))
7119 if (strlen(distinguishedName) == 0)
7121 rc = container_create(ldap_handle, dn_path, afterc, after);
7125 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7126 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7132 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7133 char *distinguishedName, int count,
7136 char *attr_array[3];
7137 LK_ENTRY *group_base;
7144 memset(filter, '\0', sizeof(filter));
7145 memset(dName, '\0', sizeof(dName));
7146 memset(cName, '\0', sizeof(cName));
7147 container_get_dn(av[CONTAINER_NAME], dName);
7148 container_get_name(av[CONTAINER_NAME], cName);
7150 if (strlen(dName) == 0)
7152 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7153 av[CONTAINER_NAME]);
7154 return(AD_INVALID_NAME);
7157 if (!check_container_name(cName))
7159 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7161 return(AD_INVALID_NAME);
7164 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7165 av[CONTAINER_ROWID]);
7166 attr_array[0] = "distinguishedName";
7167 attr_array[1] = NULL;
7171 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7172 &group_base, &group_count,
7173 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7175 if (group_count == 1)
7177 strcpy(distinguishedName, group_base->value);
7180 linklist_free(group_base);
7185 if (strlen(distinguishedName) == 0)
7187 sprintf(filter, "(&(objectClass=organizationalUnit)"
7188 "(distinguishedName=%s,%s))", dName, dn_path);
7189 attr_array[0] = "distinguishedName";
7190 attr_array[1] = NULL;
7194 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7195 &group_base, &group_count,
7196 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7198 if (group_count == 1)
7200 strcpy(distinguishedName, group_base->value);
7203 linklist_free(group_base);
7212 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7213 char *distinguishedName, int count, char **av)
7215 char *attr_array[5];
7216 LK_ENTRY *group_base;
7221 char *moiraId_v[] = {NULL, NULL};
7222 char *desc_v[] = {NULL, NULL};
7223 char *managedBy_v[] = {NULL, NULL};
7224 char managedByDN[256];
7233 strcpy(ad_path, distinguishedName);
7235 if (strlen(dName) != 0)
7236 sprintf(ad_path, "%s,%s", dName, dn_path);
7238 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7241 if (strlen(av[CONTAINER_ID]) != 0)
7242 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7243 av[CONTAINER_ROWID]);
7245 attr_array[0] = "mitMoiraId";
7246 attr_array[1] = "description";
7247 attr_array[2] = "managedBy";
7248 attr_array[3] = NULL;
7252 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7253 &group_base, &group_count,
7254 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7256 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7257 av[CONTAINER_NAME], ldap_err2string(rc));
7261 memset(managedByDN, '\0', sizeof(managedByDN));
7262 memset(moiraId, '\0', sizeof(moiraId));
7263 memset(desc, '\0', sizeof(desc));
7268 if (!strcasecmp(pPtr->attribute, "description"))
7269 strcpy(desc, pPtr->value);
7270 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7271 strcpy(managedByDN, pPtr->value);
7272 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7273 strcpy(moiraId, pPtr->value);
7277 linklist_free(group_base);
7282 if (strlen(av[CONTAINER_ROWID]) != 0)
7284 moiraId_v[0] = av[CONTAINER_ROWID];
7285 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7288 if (strlen(av[CONTAINER_DESC]) != 0)
7290 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7295 if (strlen(desc) != 0)
7297 attribute_update(ldap_handle, ad_path, "", "description", dName);
7301 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7303 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7305 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7308 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7309 kerberos_ou, dn_path);
7310 managedBy_v[0] = managedByDN;
7311 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7315 if (strlen(managedByDN) != 0)
7317 attribute_update(ldap_handle, ad_path, "", "managedBy",
7324 memset(filter, '\0', sizeof(filter));
7326 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7328 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7329 "(objectClass=user)))", av[CONTAINER_ID]);
7332 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7334 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7338 if (strlen(filter) != 0)
7340 attr_array[0] = "distinguishedName";
7341 attr_array[1] = NULL;
7344 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7345 attr_array, &group_base, &group_count,
7346 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7348 if (group_count == 1)
7350 strcpy(managedByDN, group_base->value);
7351 managedBy_v[0] = managedByDN;
7352 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7356 if (strlen(managedByDN) != 0)
7358 attribute_update(ldap_handle, ad_path, "",
7359 "managedBy", dName);
7363 linklist_free(group_base);
7370 if (strlen(managedByDN) != 0)
7372 attribute_update(ldap_handle, ad_path, "", "managedBy",
7382 return(LDAP_SUCCESS);
7384 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7386 for (i = 0; i < n; i++)
7389 if (rc != LDAP_SUCCESS)
7391 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7392 av[CONTAINER_NAME], ldap_err2string(rc));
7399 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7401 char *attr_array[3];
7402 LK_ENTRY *group_base;
7409 int NumberOfEntries = 10;
7413 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7415 for (i = 0; i < 3; i++)
7417 memset(filter, '\0', sizeof(filter));
7421 strcpy(filter, "(!(|(objectClass=computer)"
7422 "(objectClass=organizationalUnit)))");
7423 attr_array[0] = "cn";
7424 attr_array[1] = NULL;
7428 strcpy(filter, "(objectClass=computer)");
7429 attr_array[0] = "cn";
7430 attr_array[1] = NULL;
7434 strcpy(filter, "(objectClass=organizationalUnit)");
7435 attr_array[0] = "ou";
7436 attr_array[1] = NULL;
7441 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7442 &group_base, &group_count,
7443 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7448 if (group_count == 0)
7455 if (!strcasecmp(pPtr->attribute, "cn"))
7457 sprintf(new_cn, "cn=%s", pPtr->value);
7459 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7461 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7466 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7468 if (rc == LDAP_ALREADY_EXISTS)
7470 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7477 else if (!strcasecmp(pPtr->attribute, "ou"))
7479 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7485 linklist_free(group_base);
7494 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7495 char *machine_ou, char *NewMachineName)
7497 LK_ENTRY *group_base;
7501 char *attr_array[3];
7508 strcpy(NewMachineName, member);
7509 rc = moira_connect();
7510 rc = GetMachineName(NewMachineName);
7513 if (strlen(NewMachineName) == 0)
7515 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7521 pPtr = strchr(NewMachineName, '.');
7528 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7529 attr_array[0] = "cn";
7530 attr_array[1] = NULL;
7531 sprintf(temp, "%s", dn_path);
7533 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7534 &group_base, &group_count,
7535 LDAP_SCOPE_SUBTREE)) != 0)
7537 com_err(whoami, 0, "Unable to process machine %s : %s",
7538 member, ldap_err2string(rc));
7542 if (group_count != 1)
7547 strcpy(dn, group_base->dn);
7548 strcpy(cn, group_base->value);
7550 for (i = 0; i < (int)strlen(dn); i++)
7551 dn[i] = tolower(dn[i]);
7553 for (i = 0; i < (int)strlen(cn); i++)
7554 cn[i] = tolower(cn[i]);
7556 linklist_free(group_base);
7558 pPtr = strstr(dn, cn);
7562 com_err(whoami, 0, "Unable to process machine %s",
7567 pPtr += strlen(cn) + 1;
7568 strcpy(machine_ou, pPtr);
7570 pPtr = strstr(machine_ou, "dc=");
7574 com_err(whoami, 0, "Unable to process machine %s",
7585 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7586 char *MoiraMachineName, char *DestinationOu)
7590 char MachineName[128];
7592 char *attr_array[3];
7597 LK_ENTRY *group_base;
7602 strcpy(MachineName, MoiraMachineName);
7603 rc = GetMachineName(MachineName);
7605 if (strlen(MachineName) == 0)
7607 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7612 cPtr = strchr(MachineName, '.');
7617 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7618 attr_array[0] = "sAMAccountName";
7619 attr_array[1] = NULL;
7621 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7623 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7625 com_err(whoami, 0, "Unable to process machine %s : %s",
7626 MoiraMachineName, ldap_err2string(rc));
7630 if (group_count == 1)
7631 strcpy(OldDn, group_base->dn);
7633 linklist_free(group_base);
7636 if (group_count != 1)
7638 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7643 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7644 cPtr = strchr(OldDn, ',');
7649 if (!strcasecmp(cPtr, NewOu))
7653 sprintf(NewCn, "CN=%s", MachineName);
7654 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7659 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7665 memset(Name, '\0', sizeof(Name));
7666 strcpy(Name, machine_name);
7668 pPtr = strchr(Name, '.');
7674 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7677 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7678 char *machine_name, char *container_name)
7684 av[0] = machine_name;
7685 call_args[0] = (char *)container_name;
7686 rc = mr_query("get_machine_to_container_map", 1, av,
7687 machine_GetMoiraContainer, call_args);
7691 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7696 strcpy(call_args[0], av[1]);
7700 int Moira_container_group_create(char **after)
7706 memset(GroupName, '\0', sizeof(GroupName));
7707 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7708 after[CONTAINER_ROWID]);
7712 argv[L_NAME] = GroupName;
7713 argv[L_ACTIVE] = "1";
7714 argv[L_PUBLIC] = "0";
7715 argv[L_HIDDEN] = "0";
7716 argv[L_MAILLIST] = "0";
7717 argv[L_GROUP] = "1";
7718 argv[L_GID] = UNIQUE_GID;
7719 argv[L_NFSGROUP] = "0";
7720 argv[L_MAILMAN] = "0";
7721 argv[L_MAILMAN_SERVER] = "[NONE]";
7722 argv[L_DESC] = "auto created container group";
7723 argv[L_ACE_TYPE] = "USER";
7724 argv[L_MEMACE_TYPE] = "USER";
7725 argv[L_ACE_NAME] = "sms";
7726 argv[L_MEMACE_NAME] = "sms";
7728 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7731 "Unable to create container group %s for container %s: %s",
7732 GroupName, after[CONTAINER_NAME], error_message(rc));
7735 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7736 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7741 int Moira_container_group_update(char **before, char **after)
7744 char BeforeGroupName[64];
7745 char AfterGroupName[64];
7748 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7751 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7752 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7753 if (strlen(BeforeGroupName) == 0)
7756 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7757 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7758 after[CONTAINER_ROWID]);
7762 if (strcasecmp(BeforeGroupName, AfterGroupName))
7764 argv[L_NAME] = BeforeGroupName;
7765 argv[L_NAME + 1] = AfterGroupName;
7766 argv[L_ACTIVE + 1] = "1";
7767 argv[L_PUBLIC + 1] = "0";
7768 argv[L_HIDDEN + 1] = "0";
7769 argv[L_MAILLIST + 1] = "0";
7770 argv[L_GROUP + 1] = "1";
7771 argv[L_GID + 1] = UNIQUE_GID;
7772 argv[L_NFSGROUP + 1] = "0";
7773 argv[L_MAILMAN + 1] = "0";
7774 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7775 argv[L_DESC + 1] = "auto created container group";
7776 argv[L_ACE_TYPE + 1] = "USER";
7777 argv[L_MEMACE_TYPE + 1] = "USER";
7778 argv[L_ACE_NAME + 1] = "sms";
7779 argv[L_MEMACE_NAME + 1] = "sms";
7781 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7784 "Unable to rename container group from %s to %s: %s",
7785 BeforeGroupName, AfterGroupName, error_message(rc));
7792 int Moira_container_group_delete(char **before)
7797 char ParentGroupName[64];
7799 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7800 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7802 memset(GroupName, '\0', sizeof(GroupName));
7804 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7805 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7807 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7809 argv[0] = ParentGroupName;
7811 argv[2] = GroupName;
7813 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7816 "Unable to delete container group %s from list: %s",
7817 GroupName, ParentGroupName, error_message(rc));
7821 if (strlen(GroupName) != 0)
7823 argv[0] = GroupName;
7825 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7827 com_err(whoami, 0, "Unable to delete container group %s : %s",
7828 GroupName, error_message(rc));
7835 int Moira_groupname_create(char *GroupName, char *ContainerName,
7836 char *ContainerRowID)
7841 char newGroupName[64];
7842 char tempGroupName[64];
7848 strcpy(temp, ContainerName);
7850 ptr1 = strrchr(temp, '/');
7856 ptr1 = strrchr(temp, '/');
7860 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7863 strcpy(tempgname, ptr);
7866 strcpy(tempgname, temp);
7868 if (strlen(tempgname) > 25)
7869 tempgname[25] ='\0';
7871 sprintf(newGroupName, "cnt-%s", tempgname);
7873 /* change everything to lower case */
7879 *ptr = tolower(*ptr);
7887 strcpy(tempGroupName, newGroupName);
7890 /* append 0-9 then a-z if a duplicate is found */
7893 argv[0] = newGroupName;
7895 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7897 if (rc == MR_NO_MATCH)
7899 com_err(whoami, 0, "Moira error while creating group name for "
7900 "container %s : %s", ContainerName, error_message(rc));
7904 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7908 com_err(whoami, 0, "Unable to find a unique group name for "
7909 "container %s: too many duplicate container names",
7920 strcpy(GroupName, newGroupName);
7924 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7929 argv[0] = origContainerName;
7930 argv[1] = GroupName;
7932 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7935 "Unable to set container group %s in container %s: %s",
7936 GroupName, origContainerName, error_message(rc));
7942 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7944 char ContainerName[64];
7945 char ParentGroupName[64];
7949 strcpy(ContainerName, origContainerName);
7951 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7953 /* top-level container */
7954 if (strlen(ParentGroupName) == 0)
7957 argv[0] = ParentGroupName;
7959 argv[2] = GroupName;
7961 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7964 "Unable to add container group %s to parent group %s: %s",
7965 GroupName, ParentGroupName, error_message(rc));
7971 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7976 strcpy(call_args[0], av[1]);
7981 int Moira_getGroupName(char *origContainerName, char *GroupName,
7984 char ContainerName[64];
7990 strcpy(ContainerName, origContainerName);
7994 ptr = strrchr(ContainerName, '/');
8002 argv[0] = ContainerName;
8004 call_args[0] = GroupName;
8005 call_args[1] = NULL;
8007 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
8010 if (strlen(GroupName) != 0)
8015 com_err(whoami, 0, "Unable to get container group from container %s: %s",
8016 ContainerName, error_message(rc));
8018 com_err(whoami, 0, "Unable to get container group from container %s",
8024 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8030 if (strcmp(GroupName, "[none]") == 0)
8033 argv[0] = GroupName;
8034 argv[1] = "MACHINE";
8035 argv[2] = MachineName;
8038 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8040 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8044 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8045 MachineName, GroupName, error_message(rc));
8051 int GetMachineName(char *MachineName)
8054 char NewMachineName[1024];
8061 // If the address happens to be in the top-level MIT domain, great!
8062 strcpy(NewMachineName, MachineName);
8064 for (i = 0; i < (int)strlen(NewMachineName); i++)
8065 NewMachineName[i] = toupper(NewMachineName[i]);
8067 szDot = strchr(NewMachineName,'.');
8069 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8074 // If not, see if it has a Moira alias in the top-level MIT domain.
8075 memset(NewMachineName, '\0', sizeof(NewMachineName));
8077 args[1] = MachineName;
8078 call_args[0] = NewMachineName;
8079 call_args[1] = NULL;
8081 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8083 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8084 MachineName, error_message(rc));
8085 strcpy(MachineName, "");
8089 if (strlen(NewMachineName) != 0)
8090 strcpy(MachineName, NewMachineName);
8092 strcpy(MachineName, "");
8097 int ProcessMachineName(int ac, char **av, void *ptr)
8100 char MachineName[1024];
8106 if (strlen(call_args[0]) == 0)
8108 strcpy(MachineName, av[0]);
8110 for (i = 0; i < (int)strlen(MachineName); i++)
8111 MachineName[i] = toupper(MachineName[i]);
8113 szDot = strchr(MachineName,'.');
8115 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8117 strcpy(call_args[0], MachineName);
8124 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8130 for (i = 0; i < n; i++)
8132 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8133 mods[i]->mod_type = "uidNumber";
8140 for (i = 0; i < n; i++)
8142 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8143 mods[i]->mod_type = "msSFU30UidNumber";
8150 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8151 char *DistinguishedName,
8152 char *WinHomeDir, char *WinProfileDir,
8153 char **homedir_v, char **winProfile_v,
8154 char **drives_v, LDAPMod **mods,
8161 char winProfile[1024];
8164 char apple_homedir[1024];
8165 char *apple_homedir_v[] = {NULL, NULL};
8169 LDAPMod *DelMods[20];
8171 char *save_argv[FS_END];
8172 char *fsgroup_save_argv[2];
8174 memset(homeDrive, '\0', sizeof(homeDrive));
8175 memset(path, '\0', sizeof(path));
8176 memset(winPath, '\0', sizeof(winPath));
8177 memset(winProfile, '\0', sizeof(winProfile));
8179 if(!ActiveDirectory)
8181 if (rc = moira_connect())
8183 critical_alert("Ldap incremental",
8184 "Error contacting Moira server : %s",
8189 argv[0] = user_name;
8191 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8194 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8195 !strcmp(save_argv[FS_TYPE], "MUL"))
8198 argv[0] = save_argv[FS_NAME];
8201 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8202 save_fsgroup_info, fsgroup_save_argv)))
8206 argv[0] = fsgroup_save_argv[0];
8208 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8209 save_query_info, save_argv)))
8211 strcpy(path, save_argv[FS_PACK]);
8218 strcpy(path, save_argv[FS_PACK]);
8226 if (!strnicmp(path, AFS, strlen(AFS)))
8228 sprintf(homedir, "%s", path);
8229 sprintf(apple_homedir, "%s/MacData", path);
8230 homedir_v[0] = homedir;
8231 apple_homedir_v[0] = apple_homedir;
8232 ADD_ATTR("homeDirectory", homedir_v, OpType);
8233 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8239 homedir_v[0] = "NONE";
8240 apple_homedir_v[0] = "NONE";
8241 ADD_ATTR("homeDirectory", homedir_v, OpType);
8242 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8249 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8250 (!strcasecmp(WinProfileDir, "[afs]")))
8252 if (rc = moira_connect())
8254 critical_alert("Ldap incremental",
8255 "Error contacting Moira server : %s",
8260 argv[0] = user_name;
8262 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8265 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8266 !strcmp(save_argv[FS_TYPE], "MUL"))
8269 argv[0] = save_argv[FS_NAME];
8272 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8273 save_fsgroup_info, fsgroup_save_argv)))
8277 argv[0] = fsgroup_save_argv[0];
8279 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8280 save_query_info, save_argv)))
8282 strcpy(path, save_argv[FS_PACK]);
8289 strcpy(path, save_argv[FS_PACK]);
8297 if (!strnicmp(path, AFS, strlen(AFS)))
8299 AfsToWinAfs(path, winPath);
8300 strcpy(winProfile, winPath);
8301 strcat(winProfile, "\\.winprofile");
8308 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8309 (!strcasecmp(WinProfileDir, "[dfs]")))
8311 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8312 user_name[0], user_name);
8314 if (!strcasecmp(WinProfileDir, "[dfs]"))
8316 strcpy(winProfile, path);
8317 strcat(winProfile, "\\.winprofile");
8320 if (!strcasecmp(WinHomeDir, "[dfs]"))
8321 strcpy(winPath, path);
8324 if (!strcasecmp(WinHomeDir, "[local]"))
8325 memset(winPath, '\0', sizeof(winPath));
8326 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8327 !strcasecmp(WinHomeDir, "[dfs]"))
8329 strcpy(homeDrive, "H:");
8333 strcpy(winPath, WinHomeDir);
8334 if (!strncmp(WinHomeDir, "\\\\", 2))
8336 strcpy(homeDrive, "H:");
8340 // nothing needs to be done if WinProfileDir is [afs].
8341 if (!strcasecmp(WinProfileDir, "[local]"))
8342 memset(winProfile, '\0', sizeof(winProfile));
8343 else if (strcasecmp(WinProfileDir, "[afs]") &&
8344 strcasecmp(WinProfileDir, "[dfs]"))
8346 strcpy(winProfile, WinProfileDir);
8349 if (strlen(winProfile) != 0)
8351 if (winProfile[strlen(winProfile) - 1] == '\\')
8352 winProfile[strlen(winProfile) - 1] = '\0';
8355 if (strlen(winPath) != 0)
8357 if (winPath[strlen(winPath) - 1] == '\\')
8358 winPath[strlen(winPath) - 1] = '\0';
8361 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8362 strcat(winProfile, "\\");
8364 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8365 strcat(winPath, "\\");
8367 if (strlen(winPath) == 0)
8369 if (OpType == LDAP_MOD_REPLACE)
8372 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8374 //unset homeDirectory attribute for user.
8375 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8381 homedir_v[0] = strdup(winPath);
8382 ADD_ATTR("homeDirectory", homedir_v, OpType);
8385 if (strlen(winProfile) == 0)
8387 if (OpType == LDAP_MOD_REPLACE)
8390 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8392 //unset profilePate attribute for user.
8393 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8399 winProfile_v[0] = strdup(winProfile);
8400 ADD_ATTR("profilePath", winProfile_v, OpType);
8403 if (strlen(homeDrive) == 0)
8405 if (OpType == LDAP_MOD_REPLACE)
8408 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8410 //unset homeDrive attribute for user
8411 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8417 drives_v[0] = strdup(homeDrive);
8418 ADD_ATTR("homeDrive", drives_v, OpType);
8424 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8425 char *attribute_value, char *attribute, char *user_name)
8427 char *mod_v[] = {NULL, NULL};
8428 LDAPMod *DelMods[20];
8434 if (strlen(attribute_value) == 0)
8437 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8439 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8445 mod_v[0] = attribute_value;
8446 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8449 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8450 mods)) != LDAP_SUCCESS)
8454 mod_v[0] = attribute_value;
8455 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8458 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8459 mods)) != LDAP_SUCCESS)
8461 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8462 "in the directory : %s",
8463 attribute, user_name, ldap_err2string(rc));
8473 void StringTrim(char *StringToTrim)
8478 save = strdup(StringToTrim);
8485 /* skip to end of string */
8490 strcpy(StringToTrim, save);
8494 for (t = s; *t; t++)
8510 strcpy(StringToTrim, s);
8514 int ReadConfigFile(char *DomainName)
8525 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8527 if ((fptr = fopen(temp, "r")) != NULL)
8529 while (fgets(temp, sizeof(temp), fptr) != 0)
8531 for (i = 0; i < (int)strlen(temp); i++)
8532 temp[i] = toupper(temp[i]);
8534 if (temp[strlen(temp) - 1] == '\n')
8535 temp[strlen(temp) - 1] = '\0';
8539 if (strlen(temp) == 0)
8542 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8544 if (strlen(temp) > (strlen(DOMAIN)))
8546 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8547 StringTrim(ldap_domain);
8550 else if (!strncmp(temp, REALM, strlen(REALM)))
8552 if (strlen(temp) > (strlen(REALM)))
8554 strcpy(ldap_realm, &temp[strlen(REALM)]);
8555 StringTrim(ldap_realm);
8558 else if (!strncmp(temp, PORT, strlen(PORT)))
8560 if (strlen(temp) > (strlen(PORT)))
8562 strcpy(ldap_port, &temp[strlen(PORT)]);
8563 StringTrim(ldap_port);
8566 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8568 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8570 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8571 StringTrim(PrincipalName);
8574 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8576 if (strlen(temp) > (strlen(SERVER)))
8578 ServerList[Count] = calloc(1, 256);
8579 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8580 StringTrim(ServerList[Count]);
8584 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8586 if (strlen(temp) > (strlen(MSSFU)))
8588 strcpy(temp1, &temp[strlen(MSSFU)]);
8590 if (!strcmp(temp1, SFUTYPE))
8594 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8596 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8598 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8600 if (!strcasecmp(temp1, "NO"))
8603 memset(group_suffix, '\0', sizeof(group_suffix));
8607 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8609 if (strlen(temp) > (strlen(GROUP_TYPE)))
8611 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8613 if (!strcasecmp(temp1, "UNIVERSAL"))
8614 UseGroupUniversal = 1;
8617 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8619 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8621 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8623 if (!strcasecmp(temp1, "NO"))
8627 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8629 if (strlen(temp) > (strlen(SET_PASSWORD)))
8631 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8633 if (!strcasecmp(temp1, "NO"))
8637 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8639 if (strlen(temp) > (strlen(EXCHANGE)))
8641 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8643 if (!strcasecmp(temp1, "YES"))
8647 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8648 strlen(PROCESS_MACHINE_CONTAINER)))
8650 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8652 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8654 if (!strcasecmp(temp1, "NO"))
8655 ProcessMachineContainer = 0;
8658 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8659 strlen(ACTIVE_DIRECTORY)))
8661 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8663 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8665 if (!strcasecmp(temp1, "NO"))
8666 ActiveDirectory = 0;
8669 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8670 strlen(GROUP_POPULATE_MEMBERS)))
8672 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8674 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8676 if (!strcasecmp(temp1, "DELETE"))
8678 GroupPopulateDelete = 1;
8682 else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
8684 if (strlen(temp) > (strlen(MAX_MEMBERS)))
8686 strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
8688 max_group_members = atoi(temp1);
8693 if (strlen(ldap_domain) != 0)
8695 memset(ldap_domain, '\0', sizeof(ldap_domain));
8699 if (strlen(temp) != 0)
8700 strcpy(ldap_domain, temp);
8706 if (strlen(ldap_domain) == 0)
8708 strcpy(ldap_domain, DomainName);
8714 for (i = 0; i < Count; i++)
8716 if (ServerList[i] != 0)
8718 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8719 ServerList[i][k] = toupper(ServerList[i][k]);
8726 int ReadDomainList()
8733 unsigned char c[11];
8734 unsigned char stuff[256];
8739 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8741 if ((fptr = fopen(temp, "r")) != NULL)
8743 while (fgets(temp, sizeof(temp), fptr) != 0)
8745 for (i = 0; i < (int)strlen(temp); i++)
8746 temp[i] = toupper(temp[i]);
8748 if (temp[strlen(temp) - 1] == '\n')
8749 temp[strlen(temp) - 1] = '\0';
8753 if (strlen(temp) == 0)
8756 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8758 if (strlen(temp) > (strlen(DOMAIN)))
8760 strcpy(temp1, &temp[strlen(DOMAIN)]);
8762 strcpy(temp, temp1);
8766 strcpy(DomainNames[Count], temp);
8767 StringTrim(DomainNames[Count]);
8776 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8777 "configuration error in ldap.cfg");
8784 int email_isvalid(const char *address) {
8786 const char *c, *domain;
8787 static char *rfc822_specials = "()<>@,;:\\\"[]";
8789 if(address[strlen(address) - 1] == '.')
8792 /* first we validate the name portion (name@domain) */
8793 for (c = address; *c; c++) {
8794 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8799 if (*c == '\\' && (*++c == ' '))
8801 if (*c <= ' ' || *c >= 127)
8816 if (*c <= ' ' || *c >= 127)
8818 if (strchr(rfc822_specials, *c))
8822 if (c == address || *(c - 1) == '.')
8825 /* next we validate the domain portion (name@domain) */
8826 if (!*(domain = ++c)) return 0;
8829 if (c == domain || *(c - 1) == '.')
8833 if (*c <= ' ' || *c >= 127)
8835 if (strchr(rfc822_specials, *c))
8839 return (count >= 1);
8842 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8843 char **homeServerName)
8845 LK_ENTRY *group_base;
8846 LK_ENTRY *sub_group_base;
8850 int sub_group_count;
8852 char sub_filter[1024];
8853 char search_path[1024];
8855 char *attr_array[3];
8857 int homeMDB_count = -1;
8861 int rangeStep = 1500;
8863 int rangeHigh = rangeLow + (rangeStep - 1);
8866 /* Grumble..... microsoft not making it searchable from the root *grr* */
8868 memset(filter, '\0', sizeof(filter));
8869 memset(search_path, '\0', sizeof(search_path));
8871 sprintf(filter, "(objectClass=msExchMDB)");
8872 sprintf(search_path, "CN=Configuration,%s", dn_path);
8873 attr_array[0] = "distinguishedName";
8874 attr_array[1] = NULL;
8879 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8880 &group_base, &group_count,
8881 LDAP_SCOPE_SUBTREE)) != 0)
8883 com_err(whoami, 0, "Unable to find msExchMDB %s",
8884 ldap_err2string(rc));
8893 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8894 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8895 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8902 * Due to limits in active directory we need to use the LDAP
8903 * range semantics to query and return all the values in
8904 * large lists, we will stop increasing the range when
8905 * the result count is 0.
8913 memset(sub_filter, '\0', sizeof(sub_filter));
8914 memset(range, '\0', sizeof(range));
8915 sprintf(sub_filter, "(objectClass=msExchMDB)");
8918 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8920 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8922 attr_array[0] = range;
8923 attr_array[1] = NULL;
8925 sub_group_base = NULL;
8926 sub_group_count = 0;
8928 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8929 attr_array, &sub_group_base,
8931 LDAP_SCOPE_SUBTREE)) != 0)
8933 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8934 ldap_err2string(rc));
8938 if(!sub_group_count)
8944 rangeHigh = rangeLow + (rangeStep - 1);
8951 mdbbl_count += sub_group_count;
8952 rangeLow = rangeHigh + 1;
8953 rangeHigh = rangeLow + (rangeStep - 1);
8956 /* First time through, need to initialize or update the least used */
8958 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8961 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8963 homeMDB_count = mdbbl_count;
8964 *homeMDB = strdup(gPtr->dn);
8968 linklist_free(sub_group_base);
8972 linklist_free(group_base);
8975 * Ok found the server least allocated need to now query to get its
8976 * msExchHomeServerName so we can set it as a user attribute
8979 attr_array[0] = "legacyExchangeDN";
8980 attr_array[1] = NULL;
8985 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8986 attr_array, &group_base,
8988 LDAP_SCOPE_SUBTREE)) != 0)
8990 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8991 ldap_err2string(rc));
8997 *homeServerName = strdup(group_base->value);
8998 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
9004 linklist_free(group_base);
9009 char *lowercase(char *s)
9013 for (p = s; *p; p++)
9021 char *uppercase(char *s)
9025 for (p = s; *p; p++)
9033 char *escape_string(char *s)
9041 memset(string, '\0', sizeof(string));
9045 /* Escape any special characters */
9047 for(; *q != '\0'; q++) {
9070 return strdup(string);
9073 int save_query_info(int argc, char **argv, void *hint)
9076 char **nargv = hint;
9078 for(i = 0; i < argc; i++)
9079 nargv[i] = strdup(argv[i]);
9084 int save_fsgroup_info(int argc, char **argv, void *hint)
9087 char **nargv = hint;
9091 for(i = 0; i < argc; i++)
9092 nargv[i] = strdup(argv[i]);