2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
295 #define CHECK_GROUPS 1
296 #define CLEANUP_GROUPS 2
298 #define AD_NO_GROUPS_FOUND -1
299 #define AD_WRONG_GROUP_DN_FOUND -2
300 #define AD_MULTIPLE_GROUPS_FOUND -3
301 #define AD_INVALID_NAME -4
302 #define AD_LDAP_FAILURE -5
303 #define AD_INVALID_FILESYS -6
304 #define AD_NO_ATTRIBUTE_FOUND -7
305 #define AD_NO_OU_FOUND -8
306 #define AD_NO_USER_FOUND -9
308 /* container arguments */
309 #define CONTAINER_NAME 0
310 #define CONTAINER_DESC 1
311 #define CONTAINER_LOCATION 2
312 #define CONTAINER_CONTACT 3
313 #define CONTAINER_TYPE 4
314 #define CONTAINER_ID 5
315 #define CONTAINER_ROWID 6
316 #define CONTAINER_GROUP_NAME 7
318 /*mcntmap arguments*/
319 #define OU_MACHINE_NAME 0
320 #define OU_CONTAINER_NAME 1
321 #define OU_MACHINE_ID 2
322 #define OU_CONTAINER_ID 3
323 #define OU_CONTAINER_GROUP 4
325 typedef struct lk_entry {
335 struct lk_entry *next;
338 #define STOP_FILE "/moira/ldap/noldap"
339 #define file_exists(file) (access((file), F_OK) == 0)
341 #define N_SD_BER_BYTES 5
342 #define LDAP_BERVAL struct berval
343 #define MAX_SERVER_NAMES 32
345 #define HIDDEN_GROUP "HiddenGroup.g"
346 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
347 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
348 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
350 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
351 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
352 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
354 #define ADD_ATTR(t, v, o) \
355 mods[n] = malloc(sizeof(LDAPMod)); \
356 mods[n]->mod_op = o; \
357 mods[n]->mod_type = t; \
358 mods[n++]->mod_values = v
360 #define DEL_ATTR(t, o) \
361 DelMods[i] = malloc(sizeof(LDAPMod)); \
362 DelMods[i]->mod_op = o; \
363 DelMods[i]->mod_type = t; \
364 DelMods[i++]->mod_values = NULL
366 #define DOMAIN_SUFFIX "MIT.EDU"
367 #define DOMAIN "DOMAIN:"
368 #define PRINCIPALNAME "PRINCIPAL:"
369 #define SERVER "SERVER:"
372 #define GROUP_SUFFIX "GROUP_SUFFIX:"
373 #define GROUP_TYPE "GROUP_TYPE:"
374 #define SET_GROUP_ACE "SET_GROUP_ACE:"
375 #define SET_PASSWORD "SET_PASSWORD:"
376 #define EXCHANGE "EXCHANGE:"
377 #define REALM "REALM:"
378 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
380 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
381 #define MAX_DOMAINS 10
382 char DomainNames[MAX_DOMAINS][128];
384 LK_ENTRY *member_base = NULL;
386 char PrincipalName[128];
387 static char tbl_buf[1024];
388 char kerberos_ou[] = "OU=kerberos,OU=moira";
389 char contact_ou[] = "OU=strings,OU=moira";
390 char user_ou[] = "OU=users,OU=moira";
391 char group_ou_distribution[1024];
392 char group_ou_root[1024];
393 char group_ou_security[1024];
394 char group_ou_neither[1024];
395 char group_ou_both[1024];
396 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
397 char orphans_other_ou[] = "OU=Other,OU=Orphans";
398 char security_template_ou[] = "OU=security_templates";
400 char ldap_domain[256];
401 char ldap_realm[256];
403 char *ServerList[MAX_SERVER_NAMES];
404 char default_server[256];
405 static char tbl_buf[1024];
406 char group_suffix[256];
407 char exchange_acl[256];
408 int mr_connections = 0;
411 int UseGroupSuffix = 1;
412 int UseGroupUniversal = 0;
416 int ProcessMachineContainer = 1;
417 int ActiveDirectory = 1;
418 int UpdateDomainList;
421 extern int set_password(char *user, char *password, char *domain);
423 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
424 char *group_membership, char *MoiraId, char *attribute,
425 LK_ENTRY **linklist_base, int *linklist_count,
427 void AfsToWinAfs(char* path, char* winPath);
428 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
429 char *Win2kPassword, char *Win2kUser, char *default_server,
430 int connect_to_kdc, char **ServerList, char *ldap_realm,
432 void ad_kdc_disconnect();
433 int ad_server_connect(char *connectedServer, char *domain);
434 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
435 char *attribute_value, char *attribute, char *user_name);
436 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
437 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
438 int check_winad(void);
439 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
442 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
443 char *distinguishedName, int count, char **av);
444 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
445 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
446 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
447 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
448 char *distinguishedName, int count,
450 void container_get_dn(char *src, char *dest);
451 void container_get_name(char *src, char *dest);
452 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
453 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
454 char **before, int afterc, char **after);
455 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
456 char **before, int afterc, char **after);
458 int GetAceInfo(int ac, char **av, void *ptr);
459 int get_group_membership(char *group_membership, char *group_ou,
460 int *security_flag, char **av);
461 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
462 char *machine_ou, char *pPtr);
463 int Moira_container_group_create(char **after);
464 int Moira_container_group_delete(char **before);
465 int Moira_groupname_create(char *GroupName, char *ContainerName,
466 char *ContainerRowID);
467 int Moira_container_group_update(char **before, char **after);
468 int Moira_process_machine_container_group(char *MachineName, char* groupName,
470 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
471 int Moira_getContainerGroup(int ac, char **av, void *ptr);
472 int Moira_getGroupName(char *origContainerName, char *GroupName,
474 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
475 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
476 int UpdateGroup, int *ProcessGroup, char *maillist);
477 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
478 char *group_name, char *group_ou, char *group_membership,
479 int group_security_flag, int type, char *maillist);
480 int process_lists(int ac, char **av, void *ptr);
481 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
482 char *TargetGroupName, int HiddenGroup,
483 char *AceType, char *AceName);
484 int ProcessMachineName(int ac, char **av, void *ptr);
485 int ReadConfigFile(char *DomainName);
486 int ReadDomainList();
487 void StringTrim(char *StringToTrim);
488 char *escape_string(char *s);
489 int save_query_info(int argc, char **argv, void *hint);
490 int save_fsgroup_info(int argc, char **argv, void *hint);
491 int user_create(int ac, char **av, void *ptr);
492 int user_change_status(LDAP *ldap_handle, char *dn_path,
493 char *user_name, char *MoiraId, int operation);
494 int user_delete(LDAP *ldap_handle, char *dn_path,
495 char *u_name, char *MoiraId);
496 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
498 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
499 char *uid, char *MitId, char *MoiraId, int State,
500 char *WinHomeDir, char *WinProfileDir, char *first,
501 char *middle, char *last, char *shell, char *class);
502 void change_to_lower_case(char *ptr);
503 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
504 int contact_remove_email(LDAP *ld, char *bind_path,
505 LK_ENTRY **linklist_entry, int linklist_current);
506 int group_create(int ac, char **av, void *ptr);
507 int group_delete(LDAP *ldap_handle, char *dn_path,
508 char *group_name, char *group_membership, char *MoiraId);
509 int group_rename(LDAP *ldap_handle, char *dn_path,
510 char *before_group_name, char *before_group_membership,
511 char *before_group_ou, int before_security_flag,
512 char *before_desc, char *after_group_name,
513 char *after_group_membership, char *after_group_ou,
514 int after_security_flag, char *after_desc,
515 char *MoiraId, char *filter, char *maillist);
516 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
517 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
518 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
519 char *machine_name, char *container_name);
520 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
521 char *MoiraMachineName, char *DestinationOu);
522 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
523 char *group_name, char *group_ou, char *group_membership,
524 int group_security_flag, int updateGroup, char *maillist);
525 int member_list_build(int ac, char **av, void *ptr);
526 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
527 char *group_ou, char *group_membership,
528 char *user_name, char *pUserOu, char *MoiraId);
529 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership, char *user_name,
531 char *pUserOu, char *MoiraId);
532 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership,
534 int group_security_flag, char *MoiraId);
535 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
536 char *DistinguishedName,
537 char *WinHomeDir, char *WinProfileDir,
538 char **homedir_v, char **winProfile_v,
539 char **drives_v, LDAPMod **mods,
541 int sid_update(LDAP *ldap_handle, char *dn_path);
542 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
543 int check_string(char *s);
544 int check_container_name(char* s);
546 int mr_connect_cl(char *server, char *client, int version, int auth);
547 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
548 char **before, int beforec, char **after, int afterc);
549 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
550 char **before, int beforec, char **after, int afterc);
551 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
552 char **before, int beforec, char **after, int afterc);
553 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
554 char **before, int beforec, char **after, int afterc);
555 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
558 char **before, int beforec, char **after, int afterc);
559 int linklist_create_entry(char *attribute, char *value,
560 LK_ENTRY **linklist_entry);
561 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
562 char **attr_array, LK_ENTRY **linklist_base,
563 int *linklist_count, unsigned long ScopeType);
564 void linklist_free(LK_ENTRY *linklist_base);
566 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
567 char *distinguished_name, LK_ENTRY **linklist_current);
568 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
569 LK_ENTRY **linklist_base, int *linklist_count);
570 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
571 char *Attribute, char *distinguished_name,
572 LK_ENTRY **linklist_current);
574 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
575 char *oldValue, char *newValue,
576 char ***modvalues, int type);
577 void free_values(char **modvalues);
579 int convert_domain_to_dn(char *domain, char **bind_path);
580 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
581 char *distinguished_name);
582 int moira_disconnect(void);
583 int moira_connect(void);
584 void print_to_screen(const char *fmt, ...);
585 int GetMachineName(char *MachineName);
586 int tickets_get_k5();
587 int destroy_cache(void);
590 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
591 char **homeServerName);
593 int main(int argc, char **argv)
609 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
613 com_err(whoami, 0, "Unable to process %s", "argc < 4");
617 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
619 com_err(whoami, 0, "Unable to process %s",
620 "argc < (4 + beforec + afterc)");
624 if (!strcmp(argv[1], "filesys"))
627 for (i = 1; i < argc; i++)
629 strcat(tbl_buf, argv[i]);
630 strcat(tbl_buf, " ");
633 com_err(whoami, 0, "%s", tbl_buf);
637 com_err(whoami, 0, "%s failed", "check_winad()");
641 initialize_sms_error_table();
642 initialize_krb_error_table();
644 UpdateDomainList = 0;
645 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
647 if (ReadDomainList())
649 com_err(whoami, 0, "%s failed", "ReadDomainList()");
653 for (i = 0; i < argc; i++)
656 for (k = 0; k < MAX_DOMAINS; k++)
658 if (strlen(DomainNames[k]) == 0)
660 for (i = 0; i < argc; i++)
662 if (orig_argv[i] != NULL)
664 orig_argv[i] = strdup(argv[i]);
667 memset(PrincipalName, '\0', sizeof(PrincipalName));
668 memset(ldap_domain, '\0', sizeof(ldap_domain));
669 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
670 memset(default_server, '\0', sizeof(default_server));
671 memset(dn_path, '\0', sizeof(dn_path));
672 memset(group_suffix, '\0', sizeof(group_suffix));
673 memset(exchange_acl, '\0', sizeof(exchange_acl));
677 UseGroupUniversal = 0;
681 ProcessMachineContainer = 1;
684 sprintf(group_suffix, "%s", "_group");
685 sprintf(exchange_acl, "%s", "exchange-acl");
687 beforec = atoi(orig_argv[2]);
688 afterc = atoi(orig_argv[3]);
689 table = orig_argv[1];
690 before = &orig_argv[4];
691 after = &orig_argv[4 + beforec];
699 if (ReadConfigFile(DomainNames[k]))
704 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
705 sprintf(group_ou_root, "OU=lists,OU=moira");
706 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
707 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
708 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
712 sprintf(group_ou_distribution, "OU=lists,OU=moira");
713 sprintf(group_ou_root, "OU=lists,OU=moira");
714 sprintf(group_ou_security, "OU=lists,OU=moira");
715 sprintf(group_ou_neither, "OU=lists,OU=moira");
716 sprintf(group_ou_both, "OU=lists,OU=moira");
719 OldUseSFU30 = UseSFU30;
721 for (i = 0; i < 5; i++)
723 ldap_handle = (LDAP *)NULL;
724 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
725 default_server, SetPassword, ServerList,
726 ldap_realm, ldap_port)))
728 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
733 if ((rc) || (ldap_handle == NULL))
735 critical_alert("incremental",
736 "ldap.incr cannot connect to any server in "
737 "domain %s", DomainNames[k]);
741 for (i = 0; i < (int)strlen(table); i++)
742 table[i] = tolower(table[i]);
744 if (!strcmp(table, "users"))
745 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
747 else if (!strcmp(table, "list"))
748 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "imembers"))
751 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "containers"))
754 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "mcntmap"))
757 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
763 for (i = 0; i < MAX_SERVER_NAMES; i++)
765 if (ServerList[i] != NULL)
768 ServerList[i] = NULL;
772 rc = ldap_unbind_s(ldap_handle);
778 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
779 char **before, int beforec, char **after, int afterc)
781 char MoiraContainerName[128];
782 char ADContainerName[128];
783 char MachineName[1024];
784 char OriginalMachineName[1024];
787 char MoiraContainerGroup[64];
789 if (!ProcessMachineContainer)
791 com_err(whoami, 0, "Process machines and containers disabled, skipping");
796 memset(ADContainerName, '\0', sizeof(ADContainerName));
797 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
799 if ((beforec == 0) && (afterc == 0))
802 if (rc = moira_connect())
804 critical_alert("AD incremental",
805 "Error contacting Moira server : %s",
810 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
812 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
813 strcpy(MachineName, before[OU_MACHINE_NAME]);
814 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
816 com_err(whoami, 0, "removing machine %s from %s",
817 OriginalMachineName, before[OU_CONTAINER_NAME]);
819 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
821 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
822 strcpy(MachineName, after[OU_MACHINE_NAME]);
823 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
824 com_err(whoami, 0, "adding machine %s to container %s",
825 OriginalMachineName, after[OU_CONTAINER_NAME]);
833 rc = GetMachineName(MachineName);
835 if (strlen(MachineName) == 0)
838 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
839 OriginalMachineName);
843 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
846 if (machine_check(ldap_handle, dn_path, MachineName))
848 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.",
849 OriginalMachineName, MachineName);
854 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
855 machine_get_moira_container(ldap_handle, dn_path, MachineName,
858 if (strlen(MoiraContainerName) == 0)
860 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
861 "in Moira - moving to orphans OU.",
862 OriginalMachineName, MachineName);
863 machine_move_to_ou(ldap_handle, dn_path, MachineName,
864 orphans_machines_ou);
869 container_get_dn(MoiraContainerName, ADContainerName);
871 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
872 strcat(MoiraContainerName, "/");
874 container_check(ldap_handle, dn_path, MoiraContainerName);
875 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
880 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
881 char **before, int beforec, char **after, int afterc)
885 if (!ProcessMachineContainer)
887 com_err(whoami, 0, "Process machines and containers disabled, skipping");
891 if ((beforec == 0) && (afterc == 0))
894 if (rc = moira_connect())
896 critical_alert("AD incremental", "Error contacting Moira server : %s",
901 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
903 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
904 container_delete(ldap_handle, dn_path, beforec, before);
905 Moira_container_group_delete(before);
910 if ((beforec == 0) && (afterc != 0)) /*create a container*/
912 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
913 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
914 container_create(ldap_handle, dn_path, afterc, after);
915 Moira_container_group_create(after);
920 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
922 com_err(whoami, 0, "renaming container %s to %s",
923 before[CONTAINER_NAME], after[CONTAINER_NAME]);
924 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
925 Moira_container_group_update(before, after);
930 com_err(whoami, 0, "updating container %s information",
931 after[CONTAINER_NAME]);
932 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
933 Moira_container_group_update(before, after);
938 #define L_LIST_DESC 9
941 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
942 char **before, int beforec, char **after, int afterc)
947 char group_membership[6];
952 char before_list_id[32];
953 char before_group_membership[1];
954 int before_security_flag;
955 char before_group_ou[256];
956 LK_ENTRY *ptr = NULL;
958 if (beforec == 0 && afterc == 0)
961 memset(list_id, '\0', sizeof(list_id));
962 memset(before_list_id, '\0', sizeof(before_list_id));
963 memset(before_group_ou, '\0', sizeof(before_group_ou));
964 memset(before_group_membership, '\0', sizeof(before_group_membership));
965 memset(group_ou, '\0', sizeof(group_ou));
966 memset(group_membership, '\0', sizeof(group_membership));
971 if (beforec < L_LIST_ID)
973 if (beforec > L_LIST_DESC)
975 strcpy(before_list_id, before[L_LIST_ID]);
977 before_security_flag = 0;
978 get_group_membership(before_group_membership, before_group_ou,
979 &before_security_flag, before);
984 if (afterc < L_LIST_ID)
986 if (afterc > L_LIST_DESC)
988 strcpy(list_id, after[L_LIST_ID]);
991 get_group_membership(group_membership, group_ou, &security_flag, after);
994 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1003 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1004 before[L_NAME], before_group_ou,
1005 before_group_membership,
1006 before_security_flag, CHECK_GROUPS,
1007 before[L_MAILLIST])))
1009 if (rc == AD_NO_GROUPS_FOUND)
1013 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1014 (rc == AD_MULTIPLE_GROUPS_FOUND))
1016 rc = process_group(ldap_handle, dn_path, before_list_id,
1017 before[L_NAME], before_group_ou,
1018 before_group_membership,
1019 before_security_flag, CLEANUP_GROUPS,
1020 before[L_MAILLIST]);
1022 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1024 com_err(whoami, 0, "Unable to process list %s",
1028 if (rc == AD_NO_GROUPS_FOUND)
1034 if ((beforec != 0) && (afterc != 0))
1036 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1037 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1038 (strcmp(before_group_ou, group_ou)))) &&
1041 com_err(whoami, 0, "Changing list name from %s to %s",
1042 before[L_NAME], after[L_NAME]);
1044 if ((strlen(before_group_ou) == 0) ||
1045 (strlen(before_group_membership) == 0) ||
1046 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1048 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1052 memset(filter, '\0', sizeof(filter));
1054 if ((rc = group_rename(ldap_handle, dn_path,
1055 before[L_NAME], before_group_membership,
1056 before_group_ou, before_security_flag,
1057 before[L_LIST_DESC], after[L_NAME],
1058 group_membership, group_ou, security_flag,
1060 list_id, filter, after[L_MAILLIST])))
1062 if (rc != AD_NO_GROUPS_FOUND)
1065 "Unable to change list name from %s to %s",
1066 before[L_NAME], after[L_NAME]);
1079 if ((strlen(before_group_ou) == 0) ||
1080 (strlen(before_group_membership) == 0))
1083 "Unable to find the group OU for group %s", before[L_NAME]);
1087 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1088 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1089 before_group_membership, before_list_id);
1097 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1099 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1100 group_ou, group_membership,
1101 security_flag, CHECK_GROUPS,
1104 if (rc != AD_NO_GROUPS_FOUND)
1106 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1107 (rc == AD_MULTIPLE_GROUPS_FOUND))
1109 rc = process_group(ldap_handle, dn_path, list_id,
1111 group_ou, group_membership,
1112 security_flag, CLEANUP_GROUPS,
1119 "Unable to create list %s", after[L_NAME]);
1126 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1128 if (rc = moira_connect())
1130 critical_alert("AD incremental",
1131 "Error contacting Moira server : %s",
1138 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1139 &ProcessGroup, after[L_MAILLIST]))
1144 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1145 &ProcessGroup, after[L_MAILLIST]))
1149 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1150 group_ou, group_membership, security_flag,
1151 updateGroup, after[L_MAILLIST]))
1157 if (atoi(after[L_ACTIVE]))
1159 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1160 group_membership, security_flag, list_id);
1168 #define LM_EXTRA_ACTIVE (LM_END)
1169 #define LM_EXTRA_PUBLIC (LM_END+1)
1170 #define LM_EXTRA_HIDDEN (LM_END+2)
1171 #define LM_EXTRA_MAILLIST (LM_END+3)
1172 #define LM_EXTRA_GROUP (LM_END+4)
1173 #define LM_EXTRA_GID (LM_END+5)
1174 #define LMN_LIST_ID (LM_END+6)
1175 #define LM_LIST_ID (LM_END+7)
1176 #define LM_USER_ID (LM_END+8)
1177 #define LM_EXTRA_END (LM_END+9)
1179 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1180 char **before, int beforec, char **after, int afterc)
1182 LK_ENTRY *group_base;
1185 char *attr_array[3];
1186 char group_name[128];
1187 char user_name[128];
1188 char user_type[128];
1189 char moira_list_id[32];
1190 char moira_user_id[32];
1191 char group_membership[1];
1193 char machine_ou[256];
1201 char NewMachineName[1024];
1205 char *save_argv[U_END];
1209 memset(moira_list_id, '\0', sizeof(moira_list_id));
1210 memset(moira_user_id, '\0', sizeof(moira_user_id));
1214 if (afterc < LM_EXTRA_GID)
1217 if (!atoi(after[LM_EXTRA_ACTIVE]))
1220 "Unable to add %s to group %s : group not active",
1221 after[2], after[0]);
1227 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1230 strcpy(user_name, after[LM_MEMBER]);
1231 strcpy(group_name, after[LM_LIST]);
1232 strcpy(user_type, after[LM_TYPE]);
1234 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1236 if (afterc > LM_EXTRA_GROUP)
1238 strcpy(moira_list_id, after[LMN_LIST_ID]);
1239 strcpy(moira_user_id, after[LM_LIST_ID]);
1242 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1244 if (afterc > LMN_LIST_ID)
1246 strcpy(moira_list_id, after[LM_LIST_ID]);
1247 strcpy(moira_user_id, after[LM_USER_ID]);
1252 if (afterc > LM_EXTRA_GID)
1253 strcpy(moira_list_id, after[LMN_LIST_ID]);
1258 if (beforec < LM_EXTRA_GID)
1260 if (!atoi(before[LM_EXTRA_ACTIVE]))
1263 "Unable to add %s to group %s : group not active",
1264 before[2], before[0]);
1270 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1273 strcpy(user_name, before[LM_MEMBER]);
1274 strcpy(group_name, before[LM_LIST]);
1275 strcpy(user_type, before[LM_TYPE]);
1277 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1279 if (beforec > LM_EXTRA_GROUP)
1281 strcpy(moira_list_id, before[LMN_LIST_ID]);
1282 strcpy(moira_user_id, before[LM_LIST_ID]);
1285 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1287 if (beforec > LMN_LIST_ID)
1289 strcpy(moira_list_id, before[LM_LIST_ID]);
1290 strcpy(moira_user_id, before[LM_USER_ID]);
1295 if (beforec > LM_EXTRA_GID)
1296 strcpy(moira_list_id, before[LMN_LIST_ID]);
1303 "Unable to process group : beforec = %d, afterc = %d",
1308 args[L_NAME] = ptr[LM_LIST];
1309 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1310 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1311 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1312 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1313 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1314 args[L_GID] = ptr[LM_EXTRA_GID];
1317 memset(group_ou, '\0', sizeof(group_ou));
1318 get_group_membership(group_membership, group_ou, &security_flag, args);
1320 if (strlen(group_ou) == 0)
1322 com_err(whoami, 0, "Unable to find the group OU for group %s",
1327 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1328 group_ou, group_membership, security_flag,
1329 CHECK_GROUPS, args[L_MAILLIST]))
1331 if (rc != AD_NO_GROUPS_FOUND)
1333 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1334 group_name, group_ou, group_membership,
1335 security_flag, CLEANUP_GROUPS,
1338 if (rc != AD_NO_GROUPS_FOUND)
1341 com_err(whoami, 0, "Unable to add %s to group %s - "
1342 "unable to process group", user_name, group_name);
1344 com_err(whoami, 0, "Unable to remove %s from group %s - "
1345 "unable to process group", user_name, group_name);
1352 if (rc == AD_NO_GROUPS_FOUND)
1354 if (rc = moira_connect())
1356 critical_alert("AD incremental",
1357 "Error contacting Moira server : %s",
1362 com_err(whoami, 0, "creating group %s", group_name);
1365 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1366 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1371 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1372 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1376 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1377 group_ou, group_membership, security_flag, 0,
1378 ptr[LM_EXTRA_MAILLIST]))
1384 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1386 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1387 group_membership, security_flag, moira_list_id);
1397 com_err(whoami, 0, "removing user %s from list %s", user_name,
1401 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1403 memset(machine_ou, '\0', sizeof(machine_ou));
1404 memset(NewMachineName, '\0', sizeof(NewMachineName));
1405 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1406 machine_ou, NewMachineName))
1408 if (ptr[LM_MEMBER] != NULL)
1409 free(ptr[LM_MEMBER]);
1410 ptr[LM_MEMBER] = strdup(NewMachineName);
1411 pUserOu = machine_ou;
1414 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1416 strcpy(member, ptr[LM_MEMBER]);
1420 if((s = strchr(member, '@')) == (char *) NULL)
1422 strcat(member, "@mit.edu");
1424 if (ptr[LM_MEMBER] != NULL)
1425 free(ptr[LM_MEMBER]);
1426 ptr[LM_MEMBER] = strdup(member);
1429 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1431 s = strrchr(member, '.');
1433 strcat(s, ".mit.edu");
1435 if (ptr[LM_MEMBER] != NULL)
1436 free(ptr[LM_MEMBER]);
1437 ptr[LM_MEMBER] = strdup(member);
1441 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1445 pUserOu = contact_ou;
1447 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1449 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1453 pUserOu = kerberos_ou;
1456 if (rc = moira_connect()) {
1457 critical_alert("AD incremental",
1458 "Error contacting Moira server : %s",
1463 if (rc = populate_group(ldap_handle, dn_path, group_name,
1464 group_ou, group_membership,
1465 security_flag, moira_list_id))
1466 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1471 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1473 if (rc = moira_connect())
1475 critical_alert("AD incremental",
1476 "Error contacting Moira server : %s",
1481 if (rc = populate_group(ldap_handle, dn_path, group_name,
1482 group_ou, group_membership, security_flag,
1484 com_err(whoami, 0, "Unable to remove %s from group %s",
1485 user_name, group_name);
1492 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1495 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1497 memset(machine_ou, '\0', sizeof(machine_ou));
1498 memset(NewMachineName, '\0', sizeof(NewMachineName));
1500 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1504 if (ptr[LM_MEMBER] != NULL)
1505 free(ptr[LM_MEMBER]);
1507 ptr[LM_MEMBER] = strdup(NewMachineName);
1508 pUserOu = machine_ou;
1510 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1512 strcpy(member, ptr[LM_MEMBER]);
1516 if((s = strchr(member, '@')) == (char *) NULL)
1518 strcat(member, "@mit.edu");
1520 if (ptr[LM_MEMBER] != NULL)
1521 free(ptr[LM_MEMBER]);
1522 ptr[LM_MEMBER] = strdup(member);
1525 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1527 s = strrchr(member, '.');
1529 strcat(s, ".mit.edu");
1531 if (ptr[LM_MEMBER] != NULL)
1532 free(ptr[LM_MEMBER]);
1533 ptr[LM_MEMBER] = strdup(member);
1537 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1541 pUserOu = contact_ou;
1543 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1545 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1549 pUserOu = kerberos_ou;
1551 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1553 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1554 moira_user_id)) == AD_NO_USER_FOUND)
1556 if (rc = moira_connect())
1558 critical_alert("AD incremental",
1559 "Error connection to Moira : %s",
1564 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1565 av[0] = ptr[LM_MEMBER];
1566 call_args[0] = (char *)ldap_handle;
1567 call_args[1] = dn_path;
1568 call_args[2] = moira_user_id;
1569 call_args[3] = NULL;
1578 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1579 attr_array[0] = "cn";
1580 attr_array[1] = NULL;
1581 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1582 attr_array, &group_base, &group_count,
1583 LDAP_SCOPE_SUBTREE)) != 0)
1585 com_err(whoami, 0, "Unable to process user %s : %s",
1586 ptr[LM_MEMBER], ldap_err2string(rc));
1592 com_err(whoami, 0, "Object already exists with name %s",
1597 linklist_free(group_base);
1602 if (rc = mr_query("get_user_account_by_login", 1, av,
1603 save_query_info, save_argv))
1606 com_err(whoami, 0, "Unable to create user %s : %s",
1607 ptr[LM_MEMBER], error_message(rc));
1611 if (rc = user_create(U_END, save_argv, call_args))
1614 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1621 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1633 if (rc = moira_connect()) {
1634 critical_alert("AD incremental",
1635 "Error contacting Moira server : %s",
1640 if (rc = populate_group(ldap_handle, dn_path, group_name,
1641 group_ou, group_membership, security_flag,
1643 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1648 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1650 if (rc = moira_connect())
1652 critical_alert("AD incremental",
1653 "Error contacting Moira server : %s",
1658 if (rc = populate_group(ldap_handle, dn_path, group_name,
1659 group_ou, group_membership, security_flag,
1661 com_err(whoami, 0, "Unable to add %s to group %s",
1662 user_name, group_name);
1671 #define U_USER_ID 10
1672 #define U_HOMEDIR 11
1673 #define U_PROFILEDIR 12
1675 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1676 char **before, int beforec, char **after,
1679 LK_ENTRY *group_base;
1682 char *attr_array[3];
1685 char after_user_id[32];
1686 char before_user_id[32];
1688 char *save_argv[U_END];
1690 if ((beforec == 0) && (afterc == 0))
1693 memset(after_user_id, '\0', sizeof(after_user_id));
1694 memset(before_user_id, '\0', sizeof(before_user_id));
1696 if (beforec > U_USER_ID)
1697 strcpy(before_user_id, before[U_USER_ID]);
1699 if (afterc > U_USER_ID)
1700 strcpy(after_user_id, after[U_USER_ID]);
1702 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1705 if ((beforec == 0) && (afterc != 0))
1707 /*this case only happens when the account*/
1708 /*account is first created but not usable*/
1710 com_err(whoami, 0, "Unable to process user %s because the user account "
1711 "is not yet usable", after[U_NAME]);
1715 /*this case only happens when the account is expunged */
1717 if ((beforec != 0) && (afterc == 0))
1719 if (atoi(before[U_STATE]) == 0)
1721 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1722 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1726 com_err(whoami, 0, "Unable to process because user %s has been "
1727 "previously expungeded", before[U_NAME]);
1732 /*process anything that gets here*/
1734 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1735 before_user_id)) == AD_NO_USER_FOUND)
1737 if (!check_string(after[U_NAME]))
1740 if (rc = moira_connect())
1742 critical_alert("AD incremental",
1743 "Error connection to Moira : %s",
1748 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1750 av[0] = after[U_NAME];
1751 call_args[0] = (char *)ldap_handle;
1752 call_args[1] = dn_path;
1753 call_args[2] = after_user_id;
1754 call_args[3] = NULL;
1762 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1763 attr_array[0] = "cn";
1764 attr_array[1] = NULL;
1766 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1767 &group_base, &group_count,
1768 LDAP_SCOPE_SUBTREE)) != 0)
1770 com_err(whoami, 0, "Unable to process user %s : %s",
1771 after[U_NAME], ldap_err2string(rc));
1775 if (group_count >= 1)
1777 com_err(whoami, 0, "Object already exists with name %s",
1782 linklist_free(group_base);
1787 if (rc = mr_query("get_user_account_by_login", 1, av,
1788 save_query_info, save_argv))
1791 com_err(whoami, 0, "Unable to create user %s : %s",
1792 after[U_NAME], error_message(rc));
1796 if (rc = user_create(U_END, save_argv, call_args))
1798 com_err(whoami, 0, "Unable to create user %s : %s",
1799 after[U_NAME], error_message(rc));
1806 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1818 if (strcmp(before[U_NAME], after[U_NAME]))
1820 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1822 com_err(whoami, 0, "changing user %s to %s",
1823 before[U_NAME], after[U_NAME]);
1825 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1826 after[U_NAME])) != LDAP_SUCCESS)
1833 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1834 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1835 after[U_UID], after[U_MITID],
1836 after_user_id, atoi(after[U_STATE]),
1837 after[U_HOMEDIR], after[U_PROFILEDIR],
1838 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1839 after[U_SHELL], after[U_CLASS]);
1844 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1845 char *oldValue, char *newValue,
1846 char ***modvalues, int type)
1848 LK_ENTRY *linklist_ptr;
1852 if (((*modvalues) = calloc(1,
1853 (modvalue_count + 1) * sizeof(char *))) == NULL)
1858 for (i = 0; i < (modvalue_count + 1); i++)
1859 (*modvalues)[i] = NULL;
1861 if (modvalue_count != 0)
1863 linklist_ptr = linklist_base;
1864 for (i = 0; i < modvalue_count; i++)
1866 if ((oldValue != NULL) && (newValue != NULL))
1868 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1871 if (type == REPLACE)
1873 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1876 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1877 strcpy((*modvalues)[i], newValue);
1881 if (((*modvalues)[i] = calloc(1,
1882 (int)(cPtr - linklist_ptr->value) +
1883 (linklist_ptr->length -
1885 strlen(newValue) + 1)) == NULL)
1887 memset((*modvalues)[i], '\0',
1888 (int)(cPtr - linklist_ptr->value) +
1889 (linklist_ptr->length - strlen(oldValue)) +
1890 strlen(newValue) + 1);
1891 memcpy((*modvalues)[i], linklist_ptr->value,
1892 (int)(cPtr - linklist_ptr->value));
1893 strcat((*modvalues)[i], newValue);
1894 strcat((*modvalues)[i],
1895 &linklist_ptr->value[(int)(cPtr -
1896 linklist_ptr->value) + strlen(oldValue)]);
1901 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1902 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1903 memcpy((*modvalues)[i], linklist_ptr->value,
1904 linklist_ptr->length);
1909 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1910 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1911 memcpy((*modvalues)[i], linklist_ptr->value,
1912 linklist_ptr->length);
1914 linklist_ptr = linklist_ptr->next;
1916 (*modvalues)[i] = NULL;
1922 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1923 char **attr_array, LK_ENTRY **linklist_base,
1924 int *linklist_count, unsigned long ScopeType)
1927 LDAPMessage *ldap_entry;
1931 (*linklist_base) = NULL;
1932 (*linklist_count) = 0;
1934 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1935 search_exp, attr_array, 0,
1936 &ldap_entry)) != LDAP_SUCCESS)
1938 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1942 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1945 ldap_msgfree(ldap_entry);
1949 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1950 LK_ENTRY **linklist_base, int *linklist_count)
1952 char distinguished_name[1024];
1953 LK_ENTRY *linklist_ptr;
1956 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1959 memset(distinguished_name, '\0', sizeof(distinguished_name));
1960 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1962 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1963 linklist_base)) != 0)
1966 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1968 memset(distinguished_name, '\0', sizeof(distinguished_name));
1969 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1971 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1972 distinguished_name, linklist_base)) != 0)
1976 linklist_ptr = (*linklist_base);
1977 (*linklist_count) = 0;
1979 while (linklist_ptr != NULL)
1981 ++(*linklist_count);
1982 linklist_ptr = linklist_ptr->next;
1988 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1989 char *distinguished_name, LK_ENTRY **linklist_current)
1996 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1999 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2001 ldap_memfree(Attribute);
2002 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2005 retrieve_values(ldap_handle, ldap_entry, Attribute,
2006 distinguished_name, linklist_current);
2007 ldap_memfree(Attribute);
2011 ldap_ber_free(ptr, 0);
2016 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2017 char *Attribute, char *distinguished_name,
2018 LK_ENTRY **linklist_current)
2024 LK_ENTRY *linklist_previous;
2025 LDAP_BERVAL **ber_value;
2034 SID_IDENTIFIER_AUTHORITY *sid_auth;
2035 unsigned char *subauth_count;
2036 #endif /*LDAP_BEGUG*/
2039 memset(temp, '\0', sizeof(temp));
2041 if ((!strcmp(Attribute, "objectSid")) ||
2042 (!strcmp(Attribute, "objectGUID")))
2047 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2048 Ptr = (void **)ber_value;
2053 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2054 Ptr = (void **)str_value;
2062 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2065 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2066 linklist_previous->next = (*linklist_current);
2067 (*linklist_current) = linklist_previous;
2069 if (((*linklist_current)->attribute = calloc(1,
2070 strlen(Attribute) + 1)) == NULL)
2073 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2074 strcpy((*linklist_current)->attribute, Attribute);
2078 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2080 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2083 memset((*linklist_current)->value, '\0', ber_length);
2084 memcpy((*linklist_current)->value,
2085 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2086 (*linklist_current)->length = ber_length;
2090 if (((*linklist_current)->value = calloc(1,
2091 strlen(*Ptr) + 1)) == NULL)
2094 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2095 (*linklist_current)->length = strlen(*Ptr);
2096 strcpy((*linklist_current)->value, *Ptr);
2099 (*linklist_current)->ber_value = use_bervalue;
2101 if (((*linklist_current)->dn = calloc(1,
2102 strlen(distinguished_name) + 1)) == NULL)
2105 memset((*linklist_current)->dn, '\0',
2106 strlen(distinguished_name) + 1);
2107 strcpy((*linklist_current)->dn, distinguished_name);
2110 if (!strcmp(Attribute, "objectGUID"))
2112 guid = (GUID *)((*linklist_current)->value);
2114 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2115 guid->Data1, guid->Data2, guid->Data3,
2116 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2117 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2118 guid->Data4[6], guid->Data4[7]);
2119 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2121 else if (!strcmp(Attribute, "objectSid"))
2123 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2126 print_to_screen(" Revision = %d\n", sid->Revision);
2127 print_to_screen(" SID Identifier Authority:\n");
2128 sid_auth = &sid->IdentifierAuthority;
2129 if (sid_auth->Value[0])
2130 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2131 else if (sid_auth->Value[1])
2132 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2133 else if (sid_auth->Value[2])
2134 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2135 else if (sid_auth->Value[3])
2136 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2137 else if (sid_auth->Value[5])
2138 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2140 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2141 subauth_count = GetSidSubAuthorityCount(sid);
2142 print_to_screen(" SidSubAuthorityCount = %d\n",
2144 print_to_screen(" SidSubAuthority:\n");
2145 for (i = 0; i < *subauth_count; i++)
2147 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2148 print_to_screen(" %u\n", *subauth);
2152 else if ((!memcmp(Attribute, "userAccountControl",
2153 strlen("userAccountControl"))) ||
2154 (!memcmp(Attribute, "sAMAccountType",
2155 strlen("sAmAccountType"))))
2157 intValue = atoi(*Ptr);
2158 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2160 if (!memcmp(Attribute, "userAccountControl",
2161 strlen("userAccountControl")))
2163 if (intValue & UF_ACCOUNTDISABLE)
2164 print_to_screen(" %20s : %s\n",
2165 "", "Account disabled");
2167 print_to_screen(" %20s : %s\n",
2168 "", "Account active");
2169 if (intValue & UF_HOMEDIR_REQUIRED)
2170 print_to_screen(" %20s : %s\n",
2171 "", "Home directory required");
2172 if (intValue & UF_LOCKOUT)
2173 print_to_screen(" %20s : %s\n",
2174 "", "Account locked out");
2175 if (intValue & UF_PASSWD_NOTREQD)
2176 print_to_screen(" %20s : %s\n",
2177 "", "No password required");
2178 if (intValue & UF_PASSWD_CANT_CHANGE)
2179 print_to_screen(" %20s : %s\n",
2180 "", "Cannot change password");
2181 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2182 print_to_screen(" %20s : %s\n",
2183 "", "Temp duplicate account");
2184 if (intValue & UF_NORMAL_ACCOUNT)
2185 print_to_screen(" %20s : %s\n",
2186 "", "Normal account");
2187 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2188 print_to_screen(" %20s : %s\n",
2189 "", "Interdomain trust account");
2190 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2191 print_to_screen(" %20s : %s\n",
2192 "", "Workstation trust account");
2193 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2194 print_to_screen(" %20s : %s\n",
2195 "", "Server trust account");
2200 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2202 #endif /*LDAP_DEBUG*/
2205 if (str_value != NULL)
2206 ldap_value_free(str_value);
2208 if (ber_value != NULL)
2209 ldap_value_free_len(ber_value);
2212 (*linklist_current) = linklist_previous;
2217 int moira_connect(void)
2222 if (!mr_connections++)
2226 memset(HostName, '\0', sizeof(HostName));
2227 strcpy(HostName, "ttsp");
2228 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2232 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2241 int check_winad(void)
2245 for (i = 0; file_exists(STOP_FILE); i++)
2249 critical_alert("AD incremental",
2250 "WINAD incremental failed (%s exists): %s",
2251 STOP_FILE, tbl_buf);
2261 int moira_disconnect(void)
2264 if (!--mr_connections)
2272 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2273 char *distinguished_name)
2277 CName = ldap_get_dn(ldap_handle, ldap_entry);
2282 strcpy(distinguished_name, CName);
2283 ldap_memfree(CName);
2286 int linklist_create_entry(char *attribute, char *value,
2287 LK_ENTRY **linklist_entry)
2289 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2291 if (!(*linklist_entry))
2296 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2297 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2298 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2299 strcpy((*linklist_entry)->attribute, attribute);
2300 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2301 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2302 strcpy((*linklist_entry)->value, value);
2303 (*linklist_entry)->length = strlen(value);
2304 (*linklist_entry)->next = NULL;
2309 void print_to_screen(const char *fmt, ...)
2313 va_start(pvar, fmt);
2314 vfprintf(stderr, fmt, pvar);
2319 int get_group_membership(char *group_membership, char *group_ou,
2320 int *security_flag, char **av)
2325 maillist_flag = atoi(av[L_MAILLIST]);
2326 group_flag = atoi(av[L_GROUP]);
2328 if (security_flag != NULL)
2329 (*security_flag) = 0;
2331 if ((maillist_flag) && (group_flag))
2333 if (group_membership != NULL)
2334 group_membership[0] = 'B';
2336 if (security_flag != NULL)
2337 (*security_flag) = 1;
2339 if (group_ou != NULL)
2340 strcpy(group_ou, group_ou_both);
2342 else if ((!maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'S';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_security);
2353 else if ((maillist_flag) && (!group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'D';
2358 if (group_ou != NULL)
2359 strcpy(group_ou, group_ou_distribution);
2363 if (group_membership != NULL)
2364 group_membership[0] = 'N';
2366 if (group_ou != NULL)
2367 strcpy(group_ou, group_ou_neither);
2373 int group_rename(LDAP *ldap_handle, char *dn_path,
2374 char *before_group_name, char *before_group_membership,
2375 char *before_group_ou, int before_security_flag,
2376 char *before_desc, char *after_group_name,
2377 char *after_group_membership, char *after_group_ou,
2378 int after_security_flag, char *after_desc,
2379 char *MoiraId, char *filter, char *maillist)
2384 char new_dn_path[512];
2387 char mail_nickname[256];
2388 char proxy_address[256];
2389 char address_book[256];
2390 char *attr_array[3];
2391 char *mitMoiraId_v[] = {NULL, NULL};
2392 char *name_v[] = {NULL, NULL};
2393 char *samAccountName_v[] = {NULL, NULL};
2394 char *groupTypeControl_v[] = {NULL, NULL};
2395 char *mail_v[] = {NULL, NULL};
2396 char *proxy_address_v[] = {NULL, NULL};
2397 char *mail_nickname_v[] = {NULL, NULL};
2398 char *report_to_originator_v[] = {NULL, NULL};
2399 char *address_book_v[] = {NULL, NULL};
2400 char *legacy_exchange_dn_v[] = {NULL, NULL};
2401 u_int groupTypeControl;
2402 char groupTypeControlStr[80];
2403 char contact_mail[256];
2407 LK_ENTRY *group_base;
2409 int MailDisabled = 0;
2411 if(UseGroupUniversal)
2412 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2414 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2416 if (!check_string(before_group_name))
2419 "Unable to process invalid LDAP list name %s",
2421 return(AD_INVALID_NAME);
2424 if (!check_string(after_group_name))
2427 "Unable to process invalid LDAP list name %s", after_group_name);
2428 return(AD_INVALID_NAME);
2438 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2439 attr_array[0] = "cn";
2440 attr_array[1] = NULL;
2442 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2443 &group_base, &group_count,
2444 LDAP_SCOPE_SUBTREE)) != 0)
2446 com_err(whoami, 0, "Unable to process group %s : %s",
2447 after_group_name, ldap_err2string(rc));
2453 com_err(whoami, 0, "Object already exists with name %s",
2458 linklist_free(group_base);
2467 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2468 before_group_membership,
2469 MoiraId, "samAccountName", &group_base,
2470 &group_count, filter))
2473 if (group_count == 0)
2475 return(AD_NO_GROUPS_FOUND);
2478 if (group_count != 1)
2480 com_err(whoami, 0, "Unable to process multiple groups with "
2481 "MoiraId = %s exist in the AD", MoiraId);
2482 return(AD_MULTIPLE_GROUPS_FOUND);
2485 strcpy(old_dn, group_base->dn);
2487 linklist_free(group_base);
2490 attr_array[0] = "sAMAccountName";
2491 attr_array[1] = NULL;
2493 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2494 &group_base, &group_count,
2495 LDAP_SCOPE_SUBTREE)) != 0)
2497 com_err(whoami, 0, "Unable to get list %s dn : %s",
2498 after_group_name, ldap_err2string(rc));
2502 if (group_count != 1)
2505 "Unable to get sAMAccountName for group %s",
2507 return(AD_LDAP_FAILURE);
2510 strcpy(sam_name, group_base->value);
2511 linklist_free(group_base);
2515 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2516 sprintf(new_dn, "cn=%s", after_group_name);
2517 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2518 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2519 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2520 lowercase(ldap_domain));
2521 sprintf(mail_nickname, "%s", after_group_name);
2523 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2525 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2526 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2528 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2529 before_group_name, after_group_name, ldap_err2string(rc));
2533 name_v[0] = after_group_name;
2535 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2536 group_suffix, strlen(group_suffix)))
2538 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2543 "Unable to rename list from %s to %s : sAMAccountName not found",
2544 before_group_name, after_group_name);
2548 samAccountName_v[0] = sam_name;
2550 if (after_security_flag)
2551 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2553 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2554 groupTypeControl_v[0] = groupTypeControlStr;
2555 mitMoiraId_v[0] = MoiraId;
2557 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2558 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2561 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2562 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2563 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2564 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2568 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2570 mail_nickname_v[0] = mail_nickname;
2571 proxy_address_v[0] = proxy_address;
2573 report_to_originator_v[0] = "TRUE";
2575 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2577 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2578 ADD_ATTR("reportToOriginator", report_to_originator_v,
2583 mail_nickname_v[0] = NULL;
2584 proxy_address_v[0] = NULL;
2586 legacy_exchange_dn_v[0] = NULL;
2587 address_book_v[0] = NULL;
2588 report_to_originator_v[0] = NULL;
2590 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2593 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2594 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2595 ADD_ATTR("reportToOriginator", report_to_originator_v,
2601 if(atoi(maillist) && email_isvalid(contact_mail))
2603 mail_v[0] = contact_mail;
2604 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2610 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2613 "Unable to modify list data for %s after renaming: %s",
2614 after_group_name, ldap_err2string(rc));
2617 for (i = 0; i < n; i++)
2623 int group_create(int ac, char **av, void *ptr)
2628 char new_group_name[256];
2629 char sam_group_name[256];
2630 char cn_group_name[256];
2632 char contact_mail[256];
2633 char mail_nickname[256];
2634 char proxy_address[256];
2635 char address_book[256];
2636 char *cn_v[] = {NULL, NULL};
2637 char *objectClass_v[] = {"top", "group", NULL};
2638 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2639 "group", "mailRecipient", NULL};
2641 char *samAccountName_v[] = {NULL, NULL};
2642 char *altSecurityIdentities_v[] = {NULL, NULL};
2643 char *member_v[] = {NULL, NULL};
2644 char *name_v[] = {NULL, NULL};
2645 char *desc_v[] = {NULL, NULL};
2646 char *info_v[] = {NULL, NULL};
2647 char *mitMoiraId_v[] = {NULL, NULL};
2648 char *mitMoiraPublic_v[] = {NULL, NULL};
2649 char *mitMoiraHidden_v[] = {NULL, NULL};
2650 char *groupTypeControl_v[] = {NULL, NULL};
2651 char *mail_v[] = {NULL, NULL};
2652 char *proxy_address_v[] = {NULL, NULL};
2653 char *mail_nickname_v[] = {NULL, NULL};
2654 char *report_to_originator_v[] = {NULL, NULL};
2655 char *address_book_v[] = {NULL, NULL};
2656 char *legacy_exchange_dn_v[] = {NULL, NULL};
2657 char *gidNumber_v[] = {NULL, NULL};
2658 char groupTypeControlStr[80];
2659 char group_membership[1];
2662 u_int groupTypeControl;
2666 int MailDisabled = 0;
2668 LK_ENTRY *group_base;
2671 char *attr_array[3];
2675 if(UseGroupUniversal)
2676 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2678 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2680 if (!check_string(av[L_NAME]))
2682 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2684 return(AD_INVALID_NAME);
2687 updateGroup = (int)call_args[4];
2688 memset(group_ou, 0, sizeof(group_ou));
2689 memset(group_membership, 0, sizeof(group_membership));
2692 get_group_membership(group_membership, group_ou, &security_flag, av);
2694 strcpy(new_group_name, av[L_NAME]);
2695 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2696 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2697 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2698 sprintf(mail_nickname, "%s", av[L_NAME]);
2701 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2703 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2707 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2708 groupTypeControl_v[0] = groupTypeControlStr;
2710 strcpy(cn_group_name, av[L_NAME]);
2712 samAccountName_v[0] = sam_group_name;
2713 name_v[0] = new_group_name;
2714 cn_v[0] = new_group_name;
2717 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2721 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2725 mitMoiraPublic_v[0] = av[L_PUBLIC];
2726 mitMoiraHidden_v[0] = av[L_HIDDEN];
2727 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2728 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2729 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2731 if(atoi(av[L_GROUP]))
2733 gidNumber_v[0] = av[L_GID];
2734 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2738 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2739 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2740 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2744 if(atoi(av[L_MAILLIST]))
2749 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2750 attr_array[0] = "cn";
2751 attr_array[1] = NULL;
2753 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2754 filter, attr_array, &group_base,
2756 LDAP_SCOPE_SUBTREE)) != 0)
2758 com_err(whoami, 0, "Unable to process group %s : %s",
2759 av[L_NAME], ldap_err2string(rc));
2765 com_err(whoami, 0, "Object already exists with name %s",
2770 linklist_free(group_base);
2775 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2777 mail_nickname_v[0] = mail_nickname;
2778 report_to_originator_v[0] = "TRUE";
2780 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2781 ADD_ATTR("reportToOriginator", report_to_originator_v,
2787 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2789 mail_v[0] = contact_mail;
2790 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2794 if (strlen(av[L_DESC]) != 0)
2796 desc_v[0] = av[L_DESC];
2797 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2800 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2802 if (strlen(av[L_ACE_NAME]) != 0)
2804 sprintf(info, "The Administrator of this list is: %s",
2807 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2810 if (strlen(call_args[5]) != 0)
2812 mitMoiraId_v[0] = call_args[5];
2813 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2818 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2820 for (i = 0; i < n; i++)
2823 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2825 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2826 av[L_NAME], ldap_err2string(rc));
2832 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2834 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2835 "description", av[L_NAME]);
2836 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2838 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2843 if (strlen(call_args[5]) != 0)
2845 mitMoiraId_v[0] = call_args[5];
2846 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2849 if (!(atoi(av[L_ACTIVE])))
2852 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2855 if (!ActiveDirectory)
2857 mitMoiraPublic_v[0] = av[L_PUBLIC];
2858 mitMoiraHidden_v[0] = av[L_HIDDEN];
2859 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2860 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2862 if(atoi(av[L_GROUP]))
2864 gidNumber_v[0] = av[L_GID];
2865 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2869 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2875 if(atoi(av[L_MAILLIST]))
2880 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2881 attr_array[0] = "cn";
2882 attr_array[1] = NULL;
2884 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2885 filter, attr_array, &group_base,
2887 LDAP_SCOPE_SUBTREE)) != 0)
2889 com_err(whoami, 0, "Unable to process group %s : %s",
2890 av[L_NAME], ldap_err2string(rc));
2896 com_err(whoami, 0, "Object already exists with name %s",
2901 linklist_free(group_base);
2906 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2908 mail_nickname_v[0] = mail_nickname;
2909 report_to_originator_v[0] = "TRUE";
2911 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2912 ADD_ATTR("reportToOriginator", report_to_originator_v,
2918 mail_nickname_v[0] = NULL;
2919 proxy_address_v[0] = NULL;
2920 legacy_exchange_dn_v[0] = NULL;
2921 address_book_v[0] = NULL;
2922 report_to_originator_v[0] = NULL;
2924 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2925 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2926 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2927 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2929 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2930 ADD_ATTR("reportToOriginator", report_to_originator_v,
2936 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2938 mail_v[0] = contact_mail;
2939 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2944 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2953 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2955 for (i = 0; i < n; i++)
2958 if (rc != LDAP_SUCCESS)
2960 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2961 av[L_NAME], ldap_err2string(rc));
2968 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2969 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2971 return(LDAP_SUCCESS);
2974 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2975 char *TargetGroupName, int HiddenGroup,
2976 char *AceType, char *AceName)
2978 char filter_exp[1024];
2979 char *attr_array[5];
2980 char search_path[512];
2982 char TemplateDn[512];
2983 char TemplateSamName[128];
2985 char TargetSamName[128];
2986 char AceSamAccountName[128];
2988 unsigned char AceSid[128];
2989 unsigned char UserTemplateSid[128];
2990 char acBERBuf[N_SD_BER_BYTES];
2991 char GroupSecurityTemplate[256];
2992 char hide_addres_lists[256];
2993 char address_book[256];
2994 char *hide_address_lists_v[] = {NULL, NULL};
2995 char *address_book_v[] = {NULL, NULL};
2996 char *owner_v[] = {NULL, NULL};
2998 int UserTemplateSidCount;
3005 int array_count = 0;
3007 LK_ENTRY *group_base;
3008 LDAP_BERVAL **ppsValues;
3009 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3010 { N_SD_BER_BYTES, acBERBuf },
3013 LDAPControl *apsServerControls[] = {&sControl, NULL};
3016 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3017 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3018 BEREncodeSecurityBits(dwInfo, acBERBuf);
3020 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3021 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3022 attr_array[0] = "sAMAccountName";
3023 attr_array[1] = NULL;
3027 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3028 &group_base, &group_count,
3029 LDAP_SCOPE_SUBTREE) != 0))
3032 if (group_count != 1)
3034 linklist_free(group_base);
3038 strcpy(TargetDn, group_base->dn);
3039 strcpy(TargetSamName, group_base->value);
3040 linklist_free(group_base);
3044 UserTemplateSidCount = 0;
3045 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3046 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3047 memset(AceSid, '\0', sizeof(AceSid));
3052 if (strlen(AceName) != 0)
3054 if (!strcmp(AceType, "LIST"))
3056 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3057 strcpy(root_ou, group_ou_root);
3059 else if (!strcmp(AceType, "USER"))
3061 sprintf(AceSamAccountName, "%s", AceName);
3062 strcpy(root_ou, user_ou);
3065 if (ActiveDirectory)
3067 if (strlen(AceSamAccountName) != 0)
3069 sprintf(search_path, "%s", dn_path);
3070 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3071 attr_array[0] = "objectSid";
3072 attr_array[1] = NULL;
3076 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3077 attr_array, &group_base, &group_count,
3078 LDAP_SCOPE_SUBTREE) != 0))
3080 if (group_count == 1)
3082 strcpy(AceDn, group_base->dn);
3083 AceSidCount = group_base->length;
3084 memcpy(AceSid, group_base->value, AceSidCount);
3086 linklist_free(group_base);
3093 if (strlen(AceSamAccountName) != 0)
3095 sprintf(search_path, "%s", dn_path);
3096 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3097 attr_array[0] = "samAccountName";
3098 attr_array[1] = NULL;
3102 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3103 attr_array, &group_base, &group_count,
3104 LDAP_SCOPE_SUBTREE) != 0))
3106 if (group_count == 1)
3108 strcpy(AceDn, group_base->dn);
3110 linklist_free(group_base);
3117 if (!ActiveDirectory)
3119 if (strlen(AceDn) != 0)
3121 owner_v[0] = strdup(AceDn);
3123 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3127 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3129 for (i = 0; i < n; i++)
3132 if (rc != LDAP_SUCCESS)
3133 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3134 TargetGroupName, ldap_err2string(rc));
3140 if (AceSidCount == 0)
3142 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3143 "have an AD SID.", TargetGroupName, AceName, AceType);
3144 com_err(whoami, 0, " Non-admin security group template will be used.");
3148 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3149 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3150 attr_array[0] = "objectSid";
3151 attr_array[1] = NULL;
3156 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3157 attr_array, &group_base, &group_count,
3158 LDAP_SCOPE_SUBTREE) != 0))
3161 if ((rc != 0) || (group_count != 1))
3163 com_err(whoami, 0, "Unable to process user security template: %s",
3169 UserTemplateSidCount = group_base->length;
3170 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3172 linklist_free(group_base);
3179 if (AceSidCount == 0)
3181 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3182 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3186 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3187 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3192 if (AceSidCount == 0)
3194 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3195 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3199 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3200 sprintf(filter_exp, "(sAMAccountName=%s)",
3201 NOT_HIDDEN_GROUP_WITH_ADMIN);
3205 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3206 attr_array[0] = "sAMAccountName";
3207 attr_array[1] = NULL;
3211 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3212 &group_base, &group_count,
3213 LDAP_SCOPE_SUBTREE) != 0))
3216 if (group_count != 1)
3218 linklist_free(group_base);
3219 com_err(whoami, 0, "Unable to process group security template: %s - "
3220 "security not set", GroupSecurityTemplate);
3224 strcpy(TemplateDn, group_base->dn);
3225 strcpy(TemplateSamName, group_base->value);
3226 linklist_free(group_base);
3230 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3231 rc = ldap_search_ext_s(ldap_handle,
3243 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3245 com_err(whoami, 0, "Unable to find group security template: %s - "
3246 "security not set", GroupSecurityTemplate);
3250 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3252 if (ppsValues == NULL)
3254 com_err(whoami, 0, "Unable to find group security descriptor for group "
3255 "%s - security not set", GroupSecurityTemplate);
3259 if (AceSidCount != 0)
3261 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3264 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3266 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3267 UserTemplateSidCount))
3269 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3277 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3278 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3284 hide_address_lists_v[0] = "TRUE";
3285 address_book_v[0] = NULL;
3286 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3288 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3290 hide_address_lists_v[0] = NULL;
3291 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3298 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3300 for (i = 0; i < n; i++)
3303 ldap_value_free_len(ppsValues);
3304 ldap_msgfree(psMsg);
3306 if (rc != LDAP_SUCCESS)
3308 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3309 TargetGroupName, ldap_err2string(rc));
3311 if (AceSidCount != 0)
3314 "Trying to set security for group %s without admin.",
3317 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3318 HiddenGroup, "", ""))
3320 com_err(whoami, 0, "Unable to set security for group %s.",
3331 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3332 char *group_membership, char *MoiraId)
3334 LK_ENTRY *group_base;
3340 if (!check_string(group_name))
3343 "Unable to process invalid LDAP list name %s", group_name);
3344 return(AD_INVALID_NAME);
3347 memset(filter, '\0', sizeof(filter));
3350 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3352 if (rc = ad_get_group(ldap_handle, temp, group_name,
3353 group_membership, MoiraId,
3354 "samAccountName", &group_base,
3355 &group_count, filter))
3358 if (group_count == 1)
3360 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3362 linklist_free(group_base);
3363 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
3364 group_name, ldap_err2string(rc));
3367 linklist_free(group_base);
3371 linklist_free(group_base);
3372 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
3373 return(AD_NO_GROUPS_FOUND);
3379 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3385 return(N_SD_BER_BYTES);
3388 int process_lists(int ac, char **av, void *ptr)
3393 char group_membership[2];
3399 memset(group_ou, '\0', sizeof(group_ou));
3400 memset(group_membership, '\0', sizeof(group_membership));
3401 get_group_membership(group_membership, group_ou, &security_flag, av);
3402 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3403 av[L_NAME], group_ou, group_membership,
3409 int member_list_build(int ac, char **av, void *ptr)
3417 strcpy(temp, av[ACE_NAME]);
3419 if (!check_string(temp))
3422 if (!strcmp(av[ACE_TYPE], "USER"))
3424 if (!((int)call_args[3] & MOIRA_USERS))
3427 else if (!strcmp(av[ACE_TYPE], "STRING"))
3431 if((s = strchr(temp, '@')) == (char *) NULL)
3433 strcat(temp, "@mit.edu");
3436 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3438 s = strrchr(temp, '.');
3440 strcat(s, ".mit.edu");
3444 if (!((int)call_args[3] & MOIRA_STRINGS))
3447 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3451 else if (!strcmp(av[ACE_TYPE], "LIST"))
3453 if (!((int)call_args[3] & MOIRA_LISTS))
3456 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3458 if (!((int)call_args[3] & MOIRA_KERBEROS))
3461 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3469 linklist = member_base;
3473 if (!strcasecmp(temp, linklist->member))
3476 linklist = linklist->next;
3479 linklist = calloc(1, sizeof(LK_ENTRY));
3481 linklist->dn = NULL;
3482 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3483 strcpy(linklist->list, call_args[2]);
3484 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3485 strcpy(linklist->type, av[ACE_TYPE]);
3486 linklist->member = calloc(1, strlen(temp) + 1);
3487 strcpy(linklist->member, temp);
3488 linklist->next = member_base;
3489 member_base = linklist;
3494 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3495 char *group_ou, char *group_membership, char *user_name,
3496 char *UserOu, char *MoiraId)
3498 char distinguished_name[1024];
3502 char *attr_array[3];
3507 LK_ENTRY *group_base;
3511 if (!check_string(group_name))
3512 return(AD_INVALID_NAME);
3514 memset(filter, '\0', sizeof(filter));
3518 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3519 group_membership, MoiraId,
3520 "samAccountName", &group_base,
3521 &group_count, filter))
3524 if (group_count != 1)
3526 com_err(whoami, 0, "Unable to find list %s in AD",
3528 linklist_free(group_base);
3534 strcpy(distinguished_name, group_base->dn);
3535 linklist_free(group_base);
3541 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3545 if(!strcmp(UserOu, user_ou))
3546 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3548 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3551 modvalues[0] = temp;
3552 modvalues[1] = NULL;
3555 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3557 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3559 for (i = 0; i < n; i++)
3562 if (rc == LDAP_UNWILLING_TO_PERFORM)
3565 if (rc != LDAP_SUCCESS)
3567 com_err(whoami, 0, "Unable to modify list %s members : %s",
3568 group_name, ldap_err2string(rc));
3572 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3576 if(!strcmp(UserOu, contact_ou) &&
3577 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3579 memset(temp, '\0', sizeof(temp));
3580 strcpy(temp, user_name);
3581 s = strchr(temp, '@');
3584 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3586 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3587 &group_base, &group_count,
3588 LDAP_SCOPE_SUBTREE) != 0))
3594 linklist_free(group_base);
3599 sprintf(filter, "(distinguishedName=%s)", temp);
3600 attr_array[0] = "memberOf";
3601 attr_array[1] = NULL;
3603 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3604 &group_base, &group_count,
3605 LDAP_SCOPE_SUBTREE) != 0))
3611 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3613 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3623 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3624 char *group_ou, char *group_membership, char *user_name,
3625 char *UserOu, char *MoiraId)
3627 char distinguished_name[1024];
3635 LK_ENTRY *group_base;
3638 if (!check_string(group_name))
3639 return(AD_INVALID_NAME);
3642 memset(filter, '\0', sizeof(filter));
3646 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3647 group_membership, MoiraId,
3648 "samAccountName", &group_base,
3649 &group_count, filter))
3652 if (group_count != 1)
3654 linklist_free(group_base);
3657 com_err(whoami, 0, "Unable to find list %s %d in AD",
3658 group_name, group_count);
3659 return(AD_MULTIPLE_GROUPS_FOUND);
3662 strcpy(distinguished_name, group_base->dn);
3663 linklist_free(group_base);
3669 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3673 if(!strcmp(UserOu, user_ou))
3674 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3676 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3679 modvalues[0] = temp;
3680 modvalues[1] = NULL;
3683 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3685 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3687 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3690 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3692 if (rc == LDAP_UNWILLING_TO_PERFORM)
3696 for (i = 0; i < n; i++)
3699 if (rc != LDAP_SUCCESS)
3701 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3702 user_name, group_name, ldap_err2string(rc));
3708 int contact_remove_email(LDAP *ld, char *bind_path,
3709 LK_ENTRY **linklist_base, int linklist_current)
3713 char *mail_v[] = {NULL, NULL};
3721 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3722 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3723 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3724 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3727 gPtr = (*linklist_base);
3730 rc = ldap_modify_s(ld, gPtr->dn, mods);
3732 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3734 com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
3735 gPtr->dn, ldap_err2string(rc));
3742 for (i = 0; i < n; i++)
3748 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3751 LK_ENTRY *group_base;
3754 char cn_user_name[256];
3755 char contact_name[256];
3756 char mail_nickname[256];
3757 char proxy_address_internal[256];
3758 char proxy_address_external[256];
3759 char target_address[256];
3760 char internal_contact_name[256];
3763 char principal[256];
3764 char mit_address_book[256];
3765 char default_address_book[256];
3766 char contact_address_book[256];
3768 char *email_v[] = {NULL, NULL};
3769 char *cn_v[] = {NULL, NULL};
3770 char *contact_v[] = {NULL, NULL};
3771 char *uid_v[] = {NULL, NULL};
3772 char *mail_nickname_v[] = {NULL, NULL};
3773 char *proxy_address_internal_v[] = {NULL, NULL};
3774 char *proxy_address_external_v[] = {NULL, NULL};
3775 char *target_address_v[] = {NULL, NULL};
3776 char *mit_address_book_v[] = {NULL, NULL};
3777 char *default_address_book_v[] = {NULL, NULL};
3778 char *contact_address_book_v[] = {NULL, NULL};
3779 char *hide_address_lists_v[] = {NULL, NULL};
3780 char *attr_array[3];
3781 char *objectClass_v[] = {"top", "person",
3782 "organizationalPerson",
3784 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3785 "inetOrgPerson", "organizationalPerson",
3786 "contact", "mailRecipient", "eduPerson",
3788 char *name_v[] = {NULL, NULL};
3789 char *desc_v[] = {NULL, NULL};
3796 char *mail_routing_v[] = {NULL, NULL};
3797 char *principal_v[] = {NULL, NULL};
3799 if (!check_string(user))
3801 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3802 return(AD_INVALID_NAME);
3806 strcpy(contact_name, mail);
3807 strcpy(internal_contact_name, mail);
3809 if((s = strchr(internal_contact_name, '@')) != NULL) {
3813 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3816 sprintf(target_address, "SMTP:%s", contact_name);
3817 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3818 sprintf(mail_nickname, "%s", internal_contact_name);
3820 cn_v[0] = cn_user_name;
3821 contact_v[0] = contact_name;
3824 desc_v[0] = "Auto account created by Moira";
3826 proxy_address_internal_v[0] = proxy_address_internal;
3827 proxy_address_external_v[0] = proxy_address_external;
3828 mail_nickname_v[0] = mail_nickname;
3829 target_address_v[0] = target_address;
3830 mit_address_book_v[0] = mit_address_book;
3831 default_address_book_v[0] = default_address_book;
3832 contact_address_book_v[0] = contact_address_book;
3833 strcpy(new_dn, cn_user_name);
3836 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3838 if(!ActiveDirectory)
3840 if(!strcmp(group_ou, contact_ou))
3841 sprintf(uid, "%s%s", contact_name, "_strings");
3843 if(!strcmp(group_ou, kerberos_ou))
3844 sprintf(uid, "%s%s", contact_name, "_kerberos");
3848 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3849 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3854 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3858 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3861 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3862 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3863 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3867 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3872 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3873 attr_array[0] = "cn";
3874 attr_array[1] = NULL;
3876 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3877 &group_base, &group_count,
3878 LDAP_SCOPE_SUBTREE)) != 0)
3880 com_err(whoami, 0, "Unable to process contact %s : %s",
3881 user, ldap_err2string(rc));
3887 com_err(whoami, 0, "Object already exists with name %s",
3892 linklist_free(group_base);
3896 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3897 attr_array[0] = "cn";
3898 attr_array[1] = NULL;
3900 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3901 &group_base, &group_count,
3902 LDAP_SCOPE_SUBTREE)) != 0)
3904 com_err(whoami, 0, "Unable to process contact %s : %s",
3905 user, ldap_err2string(rc));
3911 com_err(whoami, 0, "Object already exists with name %s",
3916 linklist_free(group_base);
3920 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3921 attr_array[0] = "cn";
3922 attr_array[1] = NULL;
3924 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3925 &group_base, &group_count,
3926 LDAP_SCOPE_SUBTREE)) != 0)
3928 com_err(whoami, 0, "Unable to process contact %s : %s",
3929 user, ldap_err2string(rc));
3935 com_err(whoami, 0, "Object already exists with name %s",
3940 linklist_free(group_base);
3944 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3945 attr_array[0] = "cn";
3946 attr_array[1] = NULL;
3948 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3949 &group_base, &group_count,
3950 LDAP_SCOPE_SUBTREE)) != 0)
3952 com_err(whoami, 0, "Unable to process contact %s : %s",
3953 user, ldap_err2string(rc));
3959 com_err(whoami, 0, "Object already exists with name %s",
3964 linklist_free(group_base);
3968 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3969 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3970 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3971 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
3973 hide_address_lists_v[0] = "TRUE";
3974 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3979 if(!ActiveDirectory)
3981 if((c = strchr(mail, '@')) == NULL)
3982 sprintf(temp, "%s@mit.edu", mail);
3984 sprintf(temp, "%s", mail);
3986 mail_routing_v[0] = temp;
3988 principal_v[0] = principal;
3990 if(!strcmp(group_ou, contact_ou))
3992 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
3995 if(!strcmp(group_ou, contact_ou))
3997 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4003 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4005 for (i = 0; i < n; i++)
4010 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4011 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4015 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4016 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4017 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4019 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4021 hide_address_lists_v[0] = "TRUE";
4022 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4026 rc = ldap_modify_s(ld, new_dn, mods);
4030 com_err(whoami, 0, "Unable to update contact %s", mail);
4033 for (i = 0; i < n; i++)
4038 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4041 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
4045 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4049 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
4052 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4053 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
4054 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4056 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4058 for (i = 0; i < n; i++)
4062 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4064 com_err(whoami, 0, "Unable to create contact %s : %s",
4065 user, ldap_err2string(rc));
4072 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4073 char *Uid, char *MitId, char *MoiraId, int State,
4074 char *WinHomeDir, char *WinProfileDir, char *first,
4075 char *middle, char *last, char *shell, char *class)
4078 LK_ENTRY *group_base;
4080 char distinguished_name[512];
4081 char displayName[256];
4082 char *mitMoiraId_v[] = {NULL, NULL};
4083 char *mitMoiraClass_v[] = {NULL, NULL};
4084 char *mitMoiraStatus_v[] = {NULL, NULL};
4085 char *uid_v[] = {NULL, NULL};
4086 char *mitid_v[] = {NULL, NULL};
4087 char *homedir_v[] = {NULL, NULL};
4088 char *winProfile_v[] = {NULL, NULL};
4089 char *drives_v[] = {NULL, NULL};
4090 char *userAccountControl_v[] = {NULL, NULL};
4091 char *alt_recipient_v[] = {NULL, NULL};
4092 char *hide_address_lists_v[] = {NULL, NULL};
4093 char *mail_v[] = {NULL, NULL};
4094 char *gid_v[] = {NULL, NULL};
4095 char *loginshell_v[] = {NULL, NULL};
4096 char *principal_v[] = {NULL, NULL};
4097 char userAccountControlStr[80];
4102 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4103 UF_PASSWD_CANT_CHANGE;
4105 char *attr_array[3];
4108 char contact_mail[256];
4109 char filter_exp[1024];
4110 char search_path[512];
4111 char TemplateDn[512];
4112 char TemplateSamName[128];
4113 char alt_recipient[256];
4114 char principal[256];
4116 char acBERBuf[N_SD_BER_BYTES];
4117 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4118 { N_SD_BER_BYTES, acBERBuf },
4120 LDAPControl *apsServerControls[] = {&sControl, NULL};
4122 LDAP_BERVAL **ppsValues;
4126 char *homeServerName;
4128 char search_string[256];
4130 char *mail_routing_v[] = {NULL, NULL};
4133 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4134 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4135 BEREncodeSecurityBits(dwInfo, acBERBuf);
4137 if (!check_string(user_name))
4139 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4141 return(AD_INVALID_NAME);
4144 memset(contact_mail, '\0', sizeof(contact_mail));
4145 sprintf(contact_mail, "%s@mit.edu", user_name);
4146 memset(mail, '\0', sizeof(mail));
4147 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4148 memset(alt_recipient, '\0', sizeof(alt_recipient));
4149 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4151 sprintf(search_string, "@%s", uppercase(ldap_domain));
4155 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4157 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4164 memset(displayName, '\0', sizeof(displayName));
4166 if (strlen(MoiraId) != 0)
4170 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4175 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4178 attr_array[0] = "cn";
4179 attr_array[1] = NULL;
4180 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4181 &group_base, &group_count,
4182 LDAP_SCOPE_SUBTREE)) != 0)
4184 com_err(whoami, 0, "Unable to process user %s : %s",
4185 user_name, ldap_err2string(rc));
4190 if (group_count != 1)
4192 linklist_free(group_base);
4195 sprintf(filter, "(sAMAccountName=%s)", user_name);
4196 attr_array[0] = "cn";
4197 attr_array[1] = NULL;
4198 sprintf(temp, "%s,%s", user_ou, dn_path);
4199 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4200 &group_base, &group_count,
4201 LDAP_SCOPE_SUBTREE)) != 0)
4203 com_err(whoami, 0, "Unable to process user %s : %s",
4204 user_name, ldap_err2string(rc));
4209 if (group_count != 1)
4211 com_err(whoami, 0, "Unable to find user %s in AD",
4213 linklist_free(group_base);
4214 return(AD_NO_USER_FOUND);
4217 strcpy(distinguished_name, group_base->dn);
4219 linklist_free(group_base);
4222 if(!ActiveDirectory)
4224 if (rc = moira_connect())
4226 critical_alert("AD incremental",
4227 "Error contacting Moira server : %s",
4232 argv[0] = user_name;
4234 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4237 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4239 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4241 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4246 "Unable to set the mailRoutingAddress for %s : %s",
4247 user_name, ldap_err2string(rc));
4249 p = strdup(save_argv[3]);
4251 if((c = strchr(p, ',')) != NULL)
4256 if ((c = strchr(q, '@')) == NULL)
4257 sprintf(temp, "%s@mit.edu", q);
4259 sprintf(temp, "%s", q);
4261 if(email_isvalid(temp) && State != US_DELETED)
4263 mail_routing_v[0] = temp;
4266 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4268 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4270 if (rc == LDAP_ALREADY_EXISTS ||
4271 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4276 "Unable to set the mailRoutingAddress for %s : %s",
4277 user_name, ldap_err2string(rc));
4280 while((q = strtok(NULL, ",")) != NULL) {
4283 if((c = strchr(q, '@')) == NULL)
4284 sprintf(temp, "%s@mit.edu", q);
4286 sprintf(temp, "%s", q);
4288 if(email_isvalid(temp) && State != US_DELETED)
4290 mail_routing_v[0] = temp;
4293 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4296 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4298 if (rc == LDAP_ALREADY_EXISTS ||
4299 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4304 "Unable to set the mailRoutingAddress for "
4306 user_name, ldap_err2string(rc));
4312 if((c = strchr(p, '@')) == NULL)
4313 sprintf(temp, "%s@mit.edu", p);
4315 sprintf(temp, "%s", p);
4317 if(email_isvalid(temp) && State != US_DELETED)
4319 mail_routing_v[0] = temp;
4322 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4324 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4326 if (rc == LDAP_ALREADY_EXISTS ||
4327 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4332 "Unable to set the mailRoutingAddress for %s : %s",
4333 user_name, ldap_err2string(rc));
4340 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4341 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4342 "employeeID", user_name);
4344 rc = attribute_update(ldap_handle, distinguished_name, "none",
4345 "employeeID", user_name);
4348 strcat(displayName, first);
4351 if(strlen(middle)) {
4353 strcat(displayName, " ");
4355 strcat(displayName, middle);
4359 if(strlen(middle) || strlen(first))
4360 strcat(displayName, " ");
4362 strcat(displayName, last);
4365 if(strlen(displayName))
4366 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4367 "displayName", user_name);
4369 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4370 "displayName", user_name);
4372 if(!ActiveDirectory)
4374 if(strlen(displayName))
4375 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4378 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4382 if(!ActiveDirectory)
4384 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4385 "eduPersonNickname", user_name);
4389 rc = attribute_update(ldap_handle, distinguished_name, first,
4390 "givenName", user_name);
4392 rc = attribute_update(ldap_handle, distinguished_name, "",
4393 "givenName", user_name);
4395 if(strlen(middle) == 1)
4396 rc = attribute_update(ldap_handle, distinguished_name, middle,
4397 "initials", user_name);
4399 rc = attribute_update(ldap_handle, distinguished_name, "",
4400 "initials", user_name);
4403 rc = attribute_update(ldap_handle, distinguished_name, last,
4406 rc = attribute_update(ldap_handle, distinguished_name, "",
4411 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4416 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4420 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4421 "mitMoiraId", user_name);
4430 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4434 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4439 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4440 sprintf(status, "%d", State);
4441 principal_v[0] = principal;
4442 loginshell_v[0] = shell;
4443 mitMoiraClass_v[0] = class;
4444 mitMoiraStatus_v[0] = status;
4446 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4448 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4450 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4451 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4454 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4456 userAccountControl |= UF_ACCOUNTDISABLE;
4460 hide_address_lists_v[0] = "TRUE";
4461 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4469 hide_address_lists_v[0] = NULL;
4470 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4475 sprintf(userAccountControlStr, "%ld", userAccountControl);
4476 userAccountControl_v[0] = userAccountControlStr;
4477 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4481 if (rc = moira_connect())
4483 critical_alert("AD incremental",
4484 "Error contacting Moira server : %s",
4489 argv[0] = user_name;
4491 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4493 if(!strcmp(save_argv[1], "EXCHANGE") ||
4494 (strstr(save_argv[3], search_string) != NULL))
4496 alt_recipient_v[0] = NULL;
4497 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4499 argv[0] = exchange_acl;
4501 argv[2] = user_name;
4503 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4505 if ((rc) && (rc != MR_EXISTS))
4507 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4508 user_name, exchange_acl, error_message(rc));
4513 alt_recipient_v[0] = alt_recipient;
4514 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4516 argv[0] = exchange_acl;
4518 argv[2] = user_name;
4520 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4522 if ((rc) && (rc != MR_NO_MATCH))
4525 "Unable to remove user %s from %s: %s, %d",
4526 user_name, exchange_acl, error_message(rc), rc);
4532 alt_recipient_v[0] = alt_recipient;
4533 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4535 argv[0] = exchange_acl;
4537 argv[2] = user_name;
4539 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4541 if ((rc) && (rc != MR_NO_MATCH))
4544 "Unable to remove user %s from %s: %s, %d",
4545 user_name, exchange_acl, error_message(rc), rc);
4553 mail_v[0] = contact_mail;
4554 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4557 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4558 WinProfileDir, homedir_v, winProfile_v,
4559 drives_v, mods, LDAP_MOD_REPLACE, n);
4563 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4564 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4565 attr_array[0] = "sAMAccountName";
4566 attr_array[1] = NULL;
4570 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4572 &group_base, &group_count,
4573 LDAP_SCOPE_SUBTREE) != 0))
4576 if (group_count != 1)
4578 com_err(whoami, 0, "Unable to process user security template: %s - "
4579 "security not set", "UserTemplate.u");
4583 strcpy(TemplateDn, group_base->dn);
4584 strcpy(TemplateSamName, group_base->value);
4585 linklist_free(group_base);
4589 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4590 filter_exp, NULL, 0, apsServerControls, NULL,
4593 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4595 com_err(whoami, 0, "Unable to find user security template: %s - "
4596 "security not set", "UserTemplate.u");
4600 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4601 "ntSecurityDescriptor");
4603 if (ppsValues == NULL)
4605 com_err(whoami, 0, "Unable to find user security template: %s - "
4606 "security not set", "UserTemplate.u");
4610 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4611 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4616 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4617 mods)) != LDAP_SUCCESS)
4619 OldUseSFU30 = UseSFU30;
4620 SwitchSFU(mods, &UseSFU30, n);
4621 if (OldUseSFU30 != UseSFU30)
4622 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4625 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4626 user_name, ldap_err2string(rc));
4630 for (i = 0; i < n; i++)
4636 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4644 char contact_mail[256];
4645 char proxy_address[256];
4646 char query_base_dn[256];
4648 char *userPrincipalName_v[] = {NULL, NULL};
4649 char *altSecurityIdentities_v[] = {NULL, NULL};
4650 char *name_v[] = {NULL, NULL};
4651 char *samAccountName_v[] = {NULL, NULL};
4652 char *mail_v[] = {NULL, NULL};
4653 char *mail_nickname_v[] = {NULL, NULL};
4654 char *proxy_address_v[] = {NULL, NULL};
4655 char *query_base_dn_v[] = {NULL, NULL};
4656 char *principal_v[] = {NULL, NULL};
4657 char principal[256];
4662 if (!check_string(before_user_name))
4665 "Unable to process invalid LDAP user name %s", before_user_name);
4666 return(AD_INVALID_NAME);
4669 if (!check_string(user_name))
4672 "Unable to process invalid LDAP user name %s", user_name);
4673 return(AD_INVALID_NAME);
4676 strcpy(user_name, user_name);
4679 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4681 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4684 sprintf(new_dn, "cn=%s", user_name);
4686 sprintf(new_dn, "uid=%s", user_name);
4688 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4689 sprintf(contact_mail, "%s@mit.edu", user_name);
4690 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4691 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4693 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4694 NULL, NULL)) != LDAP_SUCCESS)
4696 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4697 before_user_name, user_name, ldap_err2string(rc));
4703 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4706 if(rc = ldap_delete_s(ldap_handle, temp))
4708 com_err(whoami, 0, "Unable to delete user contact for %s",
4712 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4714 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4718 name_v[0] = user_name;
4719 sprintf(upn, "%s@%s", user_name, ldap_domain);
4720 userPrincipalName_v[0] = upn;
4721 principal_v[0] = principal;
4722 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4723 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4724 altSecurityIdentities_v[0] = temp;
4725 samAccountName_v[0] = user_name;
4727 mail_nickname_v[0] = user_name;
4728 proxy_address_v[0] = proxy_address;
4729 query_base_dn_v[0] = query_base_dn;
4732 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4733 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4734 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4735 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4737 if(!ActiveDirectory)
4739 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4740 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4741 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4742 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4747 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4749 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4750 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4754 mail_v[0] = contact_mail;
4755 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4761 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4763 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4765 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4768 "Unable to modify user data for %s after renaming : %s",
4769 user_name, ldap_err2string(rc));
4772 for (i = 0; i < n; i++)
4778 int user_create(int ac, char **av, void *ptr)
4782 char user_name[256];
4786 char contact_mail[256];
4787 char proxy_address[256];
4788 char mail_nickname[256];
4789 char query_base_dn[256];
4790 char displayName[256];
4791 char address_book[256];
4792 char alt_recipient[256];
4793 char *cn_v[] = {NULL, NULL};
4794 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4796 char *objectClass_ldap_v[] = {"top",
4797 "eduPerson", "posixAccount",
4798 "apple-user", "shadowAccount",
4799 "microsoftComTop", "securityPrincipal",
4800 "inetOrgPerson", "user",
4801 "organizationalPerson", "person",
4802 "mailRecipient", NULL};
4804 char *samAccountName_v[] = {NULL, NULL};
4805 char *altSecurityIdentities_v[] = {NULL, NULL};
4806 char *mitMoiraId_v[] = {NULL, NULL};
4807 char *mitMoiraClass_v[] = {NULL, NULL};
4808 char *mitMoiraStatus_v[] = {NULL, NULL};
4809 char *name_v[] = {NULL, NULL};
4810 char *desc_v[] = {NULL, NULL};
4811 char *userPrincipalName_v[] = {NULL, NULL};
4812 char *userAccountControl_v[] = {NULL, NULL};
4813 char *uid_v[] = {NULL, NULL};
4814 char *gid_v[] = {NULL, NULL};
4815 char *mitid_v[] = {NULL, NULL};
4816 char *homedir_v[] = {NULL, NULL};
4817 char *winProfile_v[] = {NULL, NULL};
4818 char *drives_v[] = {NULL, NULL};
4819 char *mail_v[] = {NULL, NULL};
4820 char *givenName_v[] = {NULL, NULL};
4821 char *sn_v[] = {NULL, NULL};
4822 char *initials_v[] = {NULL, NULL};
4823 char *displayName_v[] = {NULL, NULL};
4824 char *proxy_address_v[] = {NULL, NULL};
4825 char *mail_nickname_v[] = {NULL, NULL};
4826 char *query_base_dn_v[] = {NULL, NULL};
4827 char *address_book_v[] = {NULL, NULL};
4828 char *homeMDB_v[] = {NULL, NULL};
4829 char *homeServerName_v[] = {NULL, NULL};
4830 char *mdbUseDefaults_v[] = {NULL, NULL};
4831 char *mailbox_guid_v[] = {NULL, NULL};
4832 char *user_culture_v[] = {NULL, NULL};
4833 char *user_account_control_v[] = {NULL, NULL};
4834 char *msexch_version_v[] = {NULL, NULL};
4835 char *alt_recipient_v[] = {NULL, NULL};
4836 char *hide_address_lists_v[] = {NULL, NULL};
4837 char *principal_v[] = {NULL, NULL};
4838 char *loginshell_v[] = {NULL, NULL};
4839 char userAccountControlStr[80];
4841 char principal[256];
4842 char filter_exp[1024];
4843 char search_path[512];
4844 char *attr_array[3];
4845 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4846 UF_PASSWD_CANT_CHANGE;
4852 char WinHomeDir[1024];
4853 char WinProfileDir[1024];
4855 char *homeServerName;
4857 char acBERBuf[N_SD_BER_BYTES];
4858 LK_ENTRY *group_base;
4860 char TemplateDn[512];
4861 char TemplateSamName[128];
4862 LDAP_BERVAL **ppsValues;
4863 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4864 { N_SD_BER_BYTES, acBERBuf },
4866 LDAPControl *apsServerControls[] = {&sControl, NULL};
4870 char search_string[256];
4871 char *o_v[] = {NULL, NULL};
4873 char *mail_routing_v[] = {NULL, NULL};
4878 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4879 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4880 BEREncodeSecurityBits(dwInfo, acBERBuf);
4882 if (!check_string(av[U_NAME]))
4884 callback_rc = AD_INVALID_NAME;
4885 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4887 return(AD_INVALID_NAME);
4890 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4891 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4892 memset(displayName, '\0', sizeof(displayName));
4893 memset(query_base_dn, '\0', sizeof(query_base_dn));
4894 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4895 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4896 strcpy(user_name, av[U_NAME]);
4897 sprintf(upn, "%s@%s", user_name, ldap_domain);
4898 sprintf(sam_name, "%s", av[U_NAME]);
4900 if(strlen(av[U_FIRST])) {
4901 strcat(displayName, av[U_FIRST]);
4904 if(strlen(av[U_MIDDLE])) {
4905 if(strlen(av[U_FIRST]))
4906 strcat(displayName, " ");
4908 strcat(displayName, av[U_MIDDLE]);
4911 if(strlen(av[U_LAST])) {
4912 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4913 strcat(displayName, " ");
4915 strcat(displayName, av[U_LAST]);
4918 samAccountName_v[0] = sam_name;
4919 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4920 (atoi(av[U_STATE]) != US_REGISTERED))
4922 userAccountControl |= UF_ACCOUNTDISABLE;
4926 hide_address_lists_v[0] = "TRUE";
4927 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4932 sprintf(userAccountControlStr, "%ld", userAccountControl);
4933 userAccountControl_v[0] = userAccountControlStr;
4934 userPrincipalName_v[0] = upn;
4937 cn_v[0] = user_name;
4939 cn_v[0] = displayName;
4941 name_v[0] = user_name;
4942 desc_v[0] = "Auto account created by Moira";
4944 givenName_v[0] = av[U_FIRST];
4947 sn_v[0] = av[U_LAST];
4949 if(strlen(av[U_LAST]))
4950 sn_v[0] = av[U_LAST];
4952 sn_v[0] = av[U_NAME];
4954 displayName_v[0] = displayName;
4955 mail_nickname_v[0] = user_name;
4956 o_v[0] = "Massachusetts Institute of Technology";
4958 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4959 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4960 altSecurityIdentities_v[0] = temp;
4961 principal_v[0] = principal;
4964 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4966 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4968 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4969 sprintf(contact_mail, "%s@mit.edu", user_name);
4970 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4971 query_base_dn_v[0] = query_base_dn;
4972 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4974 sprintf(search_string, "@%s", uppercase(ldap_domain));
4978 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4981 com_err(whoami, 0, "Unable to create user contact %s",
4985 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4988 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
4992 com_err(whoami, 0, "homeMDB:%s", homeMDB);
4993 com_err(whoami, 0, "homeServerName:%s", homeServerName);
4995 homeMDB_v[0] = homeMDB;
4996 homeServerName_v[0] = homeServerName;
5001 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5005 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5009 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5012 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5013 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5014 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5015 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5016 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5020 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5021 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5022 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5023 mdbUseDefaults_v[0] = "TRUE";
5024 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5025 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5027 argv[0] = user_name;
5029 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5031 if(!strcmp(save_argv[1], "EXCHANGE") ||
5032 (strstr(save_argv[3], search_string) != NULL))
5034 argv[0] = exchange_acl;
5036 argv[2] = user_name;
5038 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5040 if ((rc) && (rc != MR_EXISTS))
5042 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5043 user_name, exchange_acl, error_message(rc));
5048 alt_recipient_v[0] = alt_recipient;
5049 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5054 alt_recipient_v[0] = alt_recipient;
5055 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5057 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5062 mail_v[0] = contact_mail;
5063 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5066 if(strlen(av[U_FIRST])) {
5067 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5070 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5071 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5074 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5075 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5077 if(!ActiveDirectory)
5079 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5082 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5084 if(!ActiveDirectory)
5086 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5090 if (strlen(av[U_MIDDLE]) == 1) {
5091 initials_v[0] = av[U_MIDDLE];
5092 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5095 if (strlen(call_args[2]) != 0)
5097 mitMoiraId_v[0] = call_args[2];
5098 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5101 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5103 if(!ActiveDirectory)
5105 loginshell_v[0] = av[U_SHELL];
5106 mitMoiraClass_v[0] = av[U_CLASS];
5107 mitMoiraStatus_v[0] = av[U_STATE];
5108 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5109 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5110 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5111 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5112 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5113 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5116 if (strlen(av[U_UID]) != 0)
5118 uid_v[0] = av[U_UID];
5122 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5127 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5128 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5135 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5139 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5144 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5145 mitid_v[0] = av[U_MITID];
5147 mitid_v[0] = "none";
5149 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5151 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5152 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5153 drives_v, mods, LDAP_MOD_ADD, n);
5157 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5158 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5159 attr_array[0] = "sAMAccountName";
5160 attr_array[1] = NULL;
5164 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5165 attr_array, &group_base, &group_count,
5166 LDAP_SCOPE_SUBTREE) != 0))
5169 if (group_count != 1)
5171 com_err(whoami, 0, "Unable to process user security template: %s - "
5172 "security not set", "UserTemplate.u");
5176 strcpy(TemplateDn, group_base->dn);
5177 strcpy(TemplateSamName, group_base->value);
5178 linklist_free(group_base);
5182 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5183 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5184 apsServerControls, NULL,
5187 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5189 com_err(whoami, 0, "Unable to find user security template: %s - "
5190 "security not set", "UserTemplate.u");
5194 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5195 "ntSecurityDescriptor");
5196 if (ppsValues == NULL)
5198 com_err(whoami, 0, "Unable to find user security template: %s - "
5199 "security not set", "UserTemplate.u");
5203 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5204 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5209 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5211 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5213 OldUseSFU30 = UseSFU30;
5214 SwitchSFU(mods, &UseSFU30, n);
5215 if (OldUseSFU30 != UseSFU30)
5216 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5219 for (i = 0; i < n; i++)
5222 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5224 com_err(whoami, 0, "Unable to create user %s : %s",
5225 user_name, ldap_err2string(rc));
5230 if ((rc == LDAP_SUCCESS) && (SetPassword))
5232 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5234 ad_kdc_disconnect();
5235 if (!ad_server_connect(default_server, ldap_domain))
5237 com_err(whoami, 0, "Unable to set password for user %s : %s",
5239 "cannot get changepw ticket from windows domain");
5243 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5245 com_err(whoami, 0, "Unable to set password for user %s "
5246 ": %ld", user_name, rc);
5252 if(!ActiveDirectory)
5254 if (rc = moira_connect())
5256 critical_alert("AD incremental",
5257 "Error contacting Moira server : %s",
5262 argv[0] = user_name;
5264 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5266 p = strdup(save_argv[3]);
5268 if((c = strchr(p, ',')) != NULL) {
5272 if ((c = strchr(q, '@')) == NULL)
5273 sprintf(temp, "%s@mit.edu", q);
5275 sprintf(temp, "%s", q);
5277 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5279 mail_routing_v[0] = temp;
5282 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5284 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5286 if (rc == LDAP_ALREADY_EXISTS ||
5287 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5292 "Unable to set the mailRoutingAddress for %s : %s",
5293 user_name, ldap_err2string(rc));
5296 while((q = strtok(NULL, ",")) != NULL) {
5299 if((c = strchr(q, '@')) == NULL)
5300 sprintf(temp, "%s@mit.edu", q);
5302 sprintf(temp, "%s", q);
5304 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5306 mail_routing_v[0] = temp;
5309 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5311 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5313 if (rc == LDAP_ALREADY_EXISTS ||
5314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5319 "Unable to set the mailRoutingAddress for %s : %s",
5320 user_name, ldap_err2string(rc));
5326 if((c = strchr(p, '@')) == NULL)
5327 sprintf(temp, "%s@mit.edu", p);
5329 sprintf(temp, "%s", p);
5331 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5333 mail_routing_v[0] = temp;
5336 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5338 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5340 if (rc == LDAP_ALREADY_EXISTS ||
5341 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5346 "Unable to set the mailRoutingAddress for %s : %s",
5347 user_name, ldap_err2string(rc));
5357 int user_change_status(LDAP *ldap_handle, char *dn_path,
5358 char *user_name, char *MoiraId,
5362 char *attr_array[3];
5364 char distinguished_name[1024];
5366 char *mitMoiraId_v[] = {NULL, NULL};
5368 LK_ENTRY *group_base;
5375 if (!check_string(user_name))
5377 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5379 return(AD_INVALID_NAME);
5385 if (strlen(MoiraId) != 0)
5387 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5388 attr_array[0] = "UserAccountControl";
5389 attr_array[1] = NULL;
5390 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5391 &group_base, &group_count,
5392 LDAP_SCOPE_SUBTREE)) != 0)
5394 com_err(whoami, 0, "Unable to process user %s : %s",
5395 user_name, ldap_err2string(rc));
5400 if (group_count != 1)
5402 linklist_free(group_base);
5405 sprintf(filter, "(sAMAccountName=%s)", user_name);
5406 attr_array[0] = "UserAccountControl";
5407 attr_array[1] = NULL;
5408 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5409 &group_base, &group_count,
5410 LDAP_SCOPE_SUBTREE)) != 0)
5412 com_err(whoami, 0, "Unable to process user %s : %s",
5413 user_name, ldap_err2string(rc));
5418 if (group_count != 1)
5420 linklist_free(group_base);
5421 com_err(whoami, 0, "Unable to find user %s in AD",
5423 return(LDAP_NO_SUCH_OBJECT);
5426 strcpy(distinguished_name, group_base->dn);
5427 ulongValue = atoi((*group_base).value);
5429 if (operation == MEMBER_DEACTIVATE)
5430 ulongValue |= UF_ACCOUNTDISABLE;
5432 ulongValue &= ~UF_ACCOUNTDISABLE;
5434 sprintf(temp, "%ld", ulongValue);
5436 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5437 temp, &modvalues, REPLACE)) == 1)
5440 linklist_free(group_base);
5444 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5446 if (strlen(MoiraId) != 0)
5448 mitMoiraId_v[0] = MoiraId;
5449 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5453 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5455 for (i = 0; i < n; i++)
5458 free_values(modvalues);
5460 if (rc != LDAP_SUCCESS)
5462 com_err(whoami, 0, "Unable to change status of user %s : %s",
5463 user_name, ldap_err2string(rc));
5470 int user_delete(LDAP *ldap_handle, char *dn_path,
5471 char *u_name, char *MoiraId)
5474 char *attr_array[3];
5475 char distinguished_name[1024];
5476 char user_name[512];
5477 LK_ENTRY *group_base;
5482 if (!check_string(u_name))
5483 return(AD_INVALID_NAME);
5485 strcpy(user_name, u_name);
5489 if (strlen(MoiraId) != 0)
5491 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5492 attr_array[0] = "name";
5493 attr_array[1] = NULL;
5494 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5495 &group_base, &group_count,
5496 LDAP_SCOPE_SUBTREE)) != 0)
5498 com_err(whoami, 0, "Unable to process user %s : %s",
5499 user_name, ldap_err2string(rc));
5504 if (group_count != 1)
5506 linklist_free(group_base);
5509 sprintf(filter, "(sAMAccountName=%s)", user_name);
5510 attr_array[0] = "name";
5511 attr_array[1] = NULL;
5512 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5513 &group_base, &group_count,
5514 LDAP_SCOPE_SUBTREE)) != 0)
5516 com_err(whoami, 0, "Unable to process user %s : %s",
5517 user_name, ldap_err2string(rc));
5522 if (group_count != 1)
5524 com_err(whoami, 0, "Unable to find user %s in AD",
5529 strcpy(distinguished_name, group_base->dn);
5531 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5533 com_err(whoami, 0, "Unable to process user %s : %s",
5534 user_name, ldap_err2string(rc));
5537 /* Need to add code to delete mit.edu contact */
5541 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5543 if(rc = ldap_delete_s(ldap_handle, temp))
5545 com_err(whoami, 0, "Unable to delete user contact for %s",
5551 linklist_free(group_base);
5556 void linklist_free(LK_ENTRY *linklist_base)
5558 LK_ENTRY *linklist_previous;
5560 while (linklist_base != NULL)
5562 if (linklist_base->dn != NULL)
5563 free(linklist_base->dn);
5565 if (linklist_base->attribute != NULL)
5566 free(linklist_base->attribute);
5568 if (linklist_base->value != NULL)
5569 free(linklist_base->value);
5571 if (linklist_base->member != NULL)
5572 free(linklist_base->member);
5574 if (linklist_base->type != NULL)
5575 free(linklist_base->type);
5577 if (linklist_base->list != NULL)
5578 free(linklist_base->list);
5580 linklist_previous = linklist_base;
5581 linklist_base = linklist_previous->next;
5582 free(linklist_previous);
5586 void free_values(char **modvalues)
5592 if (modvalues != NULL)
5594 while (modvalues[i] != NULL)
5597 modvalues[i] = NULL;
5604 static int illegalchars[] = {
5605 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5606 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5607 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5608 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5609 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5610 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5611 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5612 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5613 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5614 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5615 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5616 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5617 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5618 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5619 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5620 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5623 static int illegalchars_ldap[] = {
5624 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5625 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5626 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5627 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5628 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5629 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5630 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5631 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5635 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5637 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5638 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5639 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5642 int check_string(char *s)
5650 if (isupper(character))
5651 character = tolower(character);
5655 if (illegalchars[(unsigned) character])
5660 if (illegalchars_ldap[(unsigned) character])
5668 int check_container_name(char *s)
5676 if (isupper(character))
5677 character = tolower(character);
5679 if (character == ' ')
5682 if (illegalchars[(unsigned) character])
5689 int mr_connect_cl(char *server, char *client, int version, int auth)
5695 status = mr_connect(server);
5699 com_err(whoami, status, "while connecting to Moira");
5703 status = mr_motd(&motd);
5708 com_err(whoami, status, "while checking server status");
5714 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5715 com_err(whoami, status, temp);
5720 status = mr_version(version);
5724 if (status == MR_UNKNOWN_PROC)
5727 status = MR_VERSION_HIGH;
5729 status = MR_SUCCESS;
5732 if (status == MR_VERSION_HIGH)
5734 com_err(whoami, 0, "Warning: This client is running newer code "
5735 "than the server.");
5736 com_err(whoami, 0, "Some operations may not work.");
5738 else if (status && status != MR_VERSION_LOW)
5740 com_err(whoami, status, "while setting query version number.");
5748 status = mr_krb5_auth(client);
5751 com_err(whoami, status, "while authenticating to Moira.");
5760 void AfsToWinAfs(char* path, char* winPath)
5764 strcpy(winPath, WINAFS);
5765 pathPtr = path + strlen(AFS);
5766 winPathPtr = winPath + strlen(WINAFS);
5770 if (*pathPtr == '/')
5773 *winPathPtr = *pathPtr;
5780 int GetAceInfo(int ac, char **av, void *ptr)
5787 strcpy(call_args[0], av[L_ACE_TYPE]);
5788 strcpy(call_args[1], av[L_ACE_NAME]);
5790 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5791 return(LDAP_SUCCESS);
5794 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5797 char *attr_array[3];
5800 LK_ENTRY *group_base;
5805 sprintf(filter, "(sAMAccountName=%s)", Name);
5806 attr_array[0] = "sAMAccountName";
5807 attr_array[1] = NULL;
5809 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5810 &group_base, &group_count,
5811 LDAP_SCOPE_SUBTREE)) != 0)
5813 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5814 Name, ldap_err2string(rc));
5818 linklist_free(group_base);
5821 if (group_count == 0)
5829 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5830 int UpdateGroup, int *ProcessGroup, char *maillist)
5833 char GroupName[256];
5839 char AceMembership[2];
5842 char *save_argv[U_END];
5846 com_err(whoami, 0, "ProcessAce disabled, skipping");
5850 strcpy(GroupName, Name);
5852 if (strcasecmp(Type, "LIST"))
5858 AceInfo[0] = AceType;
5859 AceInfo[1] = AceName;
5860 AceInfo[2] = AceMembership;
5862 memset(AceType, '\0', sizeof(AceType));
5863 memset(AceName, '\0', sizeof(AceName));
5864 memset(AceMembership, '\0', sizeof(AceMembership));
5865 memset(AceOu, '\0', sizeof(AceOu));
5868 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5870 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5871 GroupName, error_message(rc));
5877 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5881 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5884 strcpy(temp, AceName);
5886 if (!strcasecmp(AceType, "LIST"))
5887 sprintf(temp, "%s%s", AceName, group_suffix);
5891 if (checkADname(ldap_handle, dn_path, temp))
5894 (*ProcessGroup) = 1;
5897 if (!strcasecmp(AceInfo[0], "LIST"))
5899 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5900 AceMembership, 0, UpdateGroup, maillist))
5903 else if (!strcasecmp(AceInfo[0], "USER"))
5906 call_args[0] = (char *)ldap_handle;
5907 call_args[1] = dn_path;
5909 call_args[3] = NULL;
5912 if (rc = mr_query("get_user_account_by_login", 1, av,
5913 save_query_info, save_argv))
5915 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5920 if (rc = user_create(U_END, save_argv, call_args))
5922 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5929 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5939 if (!strcasecmp(AceType, "LIST"))
5941 if (!strcasecmp(GroupName, AceName))
5945 strcpy(GroupName, AceName);
5951 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5952 char *group_name, char *group_ou, char *group_membership,
5953 int group_security_flag, int updateGroup, char *maillist)
5958 LK_ENTRY *group_base;
5961 char *attr_array[3];
5964 call_args[0] = (char *)ldap_handle;
5965 call_args[1] = dn_path;
5966 call_args[2] = group_name;
5967 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
5968 call_args[4] = (char *)updateGroup;
5969 call_args[5] = MoiraId;
5971 call_args[7] = NULL;
5977 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
5980 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
5988 com_err(whoami, 0, "Unable to create list %s", group_name);
5989 return(callback_rc);
5995 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
5996 char *group_ou, char *group_membership,
5997 int group_security_flag, char *MoiraId)
6012 char *save_argv[U_END];
6014 com_err(whoami, 0, "Populating group %s", group_name);
6016 call_args[0] = (char *)ldap_handle;
6017 call_args[1] = dn_path;
6018 call_args[2] = group_name;
6019 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6020 call_args[4] = NULL;
6023 if (rc = mr_query("get_end_members_of_list", 1, av,
6024 member_list_build, call_args))
6026 com_err(whoami, 0, "Unable to populate list %s : %s",
6027 group_name, error_message(rc));
6031 members = (char **)malloc(sizeof(char *) * 2);
6033 if (member_base != NULL)
6039 if (!strcasecmp(ptr->type, "LIST"))
6045 if(!strcasecmp(ptr->type, "USER"))
6047 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6048 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6054 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6055 "")) == AD_NO_USER_FOUND)
6057 com_err(whoami, 0, "creating user %s", ptr->member);
6059 av[0] = ptr->member;
6060 call_args[0] = (char *)ldap_handle;
6061 call_args[1] = dn_path;
6063 call_args[3] = NULL;
6066 if (rc = mr_query("get_user_account_by_login", 1, av,
6067 save_query_info, save_argv))
6069 com_err(whoami, 0, "Unable to create user %s "
6070 "while populating group %s.", ptr->member,
6076 if (rc = user_create(U_END, save_argv, call_args))
6078 com_err(whoami, 0, "Unable to create user %s "
6079 "while populating group %s.", ptr->member,
6087 com_err(whoami, 0, "Unable to create user %s "
6088 "while populating group %s", ptr->member,
6099 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6104 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6109 else if (!strcasecmp(ptr->type, "STRING"))
6111 if (contact_create(ldap_handle, dn_path, ptr->member,
6115 pUserOu = contact_ou;
6116 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6119 else if (!strcasecmp(ptr->type, "KERBEROS"))
6121 if (contact_create(ldap_handle, dn_path, ptr->member,
6125 pUserOu = kerberos_ou;
6126 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6131 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6132 members[i++] = strdup(member);
6137 linklist_free(member_base);
6144 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6147 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6149 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6150 mods)) != LDAP_SUCCESS)
6153 "Unable to populate group membership for %s: %s",
6154 group_dn, ldap_err2string(rc));
6157 for (i = 0; i < n; i++)
6165 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6166 char *group_name, char *group_ou, char *group_membership,
6167 int group_security_flag, int type, char *maillist)
6169 char before_desc[512];
6170 char before_name[256];
6171 char before_group_ou[256];
6172 char before_group_membership[2];
6173 char distinguishedName[256];
6174 char ad_distinguishedName[256];
6176 char *attr_array[3];
6177 int before_security_flag;
6180 LK_ENTRY *group_base;
6183 char ou_security[512];
6184 char ou_distribution[512];
6185 char ou_neither[512];
6188 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6189 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6191 memset(filter, '\0', sizeof(filter));
6195 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6197 "samAccountName", &group_base,
6198 &group_count, filter))
6201 if (type == CHECK_GROUPS)
6203 if (group_count == 1)
6205 strcpy(group_dn, group_base->dn);
6207 if (!strcasecmp(group_dn, distinguishedName))
6209 linklist_free(group_base);
6214 linklist_free(group_base);
6216 if (group_count == 0)
6217 return(AD_NO_GROUPS_FOUND);
6219 if (group_count == 1)
6220 return(AD_WRONG_GROUP_DN_FOUND);
6222 return(AD_MULTIPLE_GROUPS_FOUND);
6225 if (group_count == 0)
6227 return(AD_NO_GROUPS_FOUND);
6230 if (group_count > 1)
6234 strcpy(group_dn, ptr->dn);
6238 if (!strcasecmp(group_dn, ptr->value))
6246 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6252 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6256 linklist_free(group_base);
6257 return(AD_MULTIPLE_GROUPS_FOUND);
6264 strcpy(group_dn, ptr->dn);
6266 if (strcasecmp(group_dn, ptr->value))
6267 rc = ldap_delete_s(ldap_handle, ptr->value);
6272 linklist_free(group_base);
6273 memset(filter, '\0', sizeof(filter));
6277 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6279 "samAccountName", &group_base,
6280 &group_count, filter))
6283 if (group_count == 0)
6284 return(AD_NO_GROUPS_FOUND);
6286 if (group_count > 1)
6287 return(AD_MULTIPLE_GROUPS_FOUND);
6290 strcpy(ad_distinguishedName, group_base->dn);
6291 linklist_free(group_base);
6295 attr_array[0] = "sAMAccountName";
6296 attr_array[1] = NULL;
6298 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6299 &group_base, &group_count,
6300 LDAP_SCOPE_SUBTREE)) != 0)
6302 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6303 MoiraId, ldap_err2string(rc));
6307 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6309 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6311 linklist_free(group_base);
6317 linklist_free(group_base);
6320 memset(ou_both, '\0', sizeof(ou_both));
6321 memset(ou_security, '\0', sizeof(ou_security));
6322 memset(ou_distribution, '\0', sizeof(ou_distribution));
6323 memset(ou_neither, '\0', sizeof(ou_neither));
6324 memset(before_name, '\0', sizeof(before_name));
6325 memset(before_desc, '\0', sizeof(before_desc));
6326 memset(before_group_membership, '\0', sizeof(before_group_membership));
6328 attr_array[0] = "name";
6329 attr_array[1] = NULL;
6331 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6332 &group_base, &group_count,
6333 LDAP_SCOPE_SUBTREE)) != 0)
6335 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6336 MoiraId, ldap_err2string(rc));
6340 strcpy(before_name, group_base->value);
6341 linklist_free(group_base);
6345 attr_array[0] = "description";
6346 attr_array[1] = NULL;
6348 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6349 &group_base, &group_count,
6350 LDAP_SCOPE_SUBTREE)) != 0)
6353 "Unable to get list description with MoiraId = %s: %s",
6354 MoiraId, ldap_err2string(rc));
6358 if (group_count != 0)
6360 strcpy(before_desc, group_base->value);
6361 linklist_free(group_base);
6366 change_to_lower_case(ad_distinguishedName);
6367 strcpy(ou_both, group_ou_both);
6368 change_to_lower_case(ou_both);
6369 strcpy(ou_security, group_ou_security);
6370 change_to_lower_case(ou_security);
6371 strcpy(ou_distribution, group_ou_distribution);
6372 change_to_lower_case(ou_distribution);
6373 strcpy(ou_neither, group_ou_neither);
6374 change_to_lower_case(ou_neither);
6376 if (strstr(ad_distinguishedName, ou_both))
6378 strcpy(before_group_ou, group_ou_both);
6379 before_group_membership[0] = 'B';
6380 before_security_flag = 1;
6382 else if (strstr(ad_distinguishedName, ou_security))
6384 strcpy(before_group_ou, group_ou_security);
6385 before_group_membership[0] = 'S';
6386 before_security_flag = 1;
6388 else if (strstr(ad_distinguishedName, ou_distribution))
6390 strcpy(before_group_ou, group_ou_distribution);
6391 before_group_membership[0] = 'D';
6392 before_security_flag = 0;
6394 else if (strstr(ad_distinguishedName, ou_neither))
6396 strcpy(before_group_ou, group_ou_neither);
6397 before_group_membership[0] = 'N';
6398 before_security_flag = 0;
6401 return(AD_NO_OU_FOUND);
6403 rc = group_rename(ldap_handle, dn_path, before_name,
6404 before_group_membership,
6405 before_group_ou, before_security_flag, before_desc,
6406 group_name, group_membership, group_ou,
6407 group_security_flag,
6408 before_desc, MoiraId, filter, maillist);
6413 void change_to_lower_case(char *ptr)
6417 for (i = 0; i < (int)strlen(ptr); i++)
6419 ptr[i] = tolower(ptr[i]);
6423 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6424 char *group_name, char *group_membership,
6425 char *MoiraId, char *attribute,
6426 LK_ENTRY **linklist_base, int *linklist_count,
6431 char *attr_array[3];
6435 (*linklist_base) = NULL;
6436 (*linklist_count) = 0;
6438 if (strlen(rFilter) != 0)
6440 strcpy(filter, rFilter);
6441 attr_array[0] = attribute;
6442 attr_array[1] = NULL;
6444 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6445 linklist_base, linklist_count,
6446 LDAP_SCOPE_SUBTREE)) != 0)
6448 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6449 MoiraId, ldap_err2string(rc));
6453 if ((*linklist_count) == 1)
6455 strcpy(rFilter, filter);
6460 linklist_free((*linklist_base));
6461 (*linklist_base) = NULL;
6462 (*linklist_count) = 0;
6464 if (strlen(MoiraId) != 0)
6466 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6468 attr_array[0] = attribute;
6469 attr_array[1] = NULL;
6471 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6472 linklist_base, linklist_count,
6473 LDAP_SCOPE_SUBTREE)) != 0)
6475 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6476 MoiraId, ldap_err2string(rc));
6481 if ((*linklist_count) > 1)
6483 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6484 pPtr = (*linklist_base);
6488 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6493 linklist_free((*linklist_base));
6494 (*linklist_base) = NULL;
6495 (*linklist_count) = 0;
6498 if ((*linklist_count) == 1)
6501 pPtr = (*linklist_base);
6502 dn = strdup(pPtr->dn);
6505 if (!memcmp(dn, group_name, strlen(group_name)))
6507 strcpy(rFilter, filter);
6512 linklist_free((*linklist_base));
6513 (*linklist_base) = NULL;
6514 (*linklist_count) = 0;
6515 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6517 attr_array[0] = attribute;
6518 attr_array[1] = NULL;
6520 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6521 linklist_base, linklist_count,
6522 LDAP_SCOPE_SUBTREE)) != 0)
6524 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6525 MoiraId, ldap_err2string(rc));
6529 if ((*linklist_count) == 1)
6531 strcpy(rFilter, filter);
6538 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6541 char *attr_array[3];
6542 char SamAccountName[64];
6545 LK_ENTRY *group_base;
6551 if (strlen(MoiraId) != 0)
6553 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6555 attr_array[0] = "sAMAccountName";
6556 attr_array[1] = NULL;
6557 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6558 &group_base, &group_count,
6559 LDAP_SCOPE_SUBTREE)) != 0)
6561 com_err(whoami, 0, "Unable to process user %s : %s",
6562 UserName, ldap_err2string(rc));
6566 if (group_count > 1)
6568 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6574 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6575 gPtr->value, MoiraId);
6581 if (group_count != 1)
6583 linklist_free(group_base);
6586 sprintf(filter, "(sAMAccountName=%s)", UserName);
6587 attr_array[0] = "sAMAccountName";
6588 attr_array[1] = NULL;
6590 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6591 &group_base, &group_count,
6592 LDAP_SCOPE_SUBTREE)) != 0)
6594 com_err(whoami, 0, "Unable to process user %s : %s",
6595 UserName, ldap_err2string(rc));
6600 if (group_count != 1)
6602 linklist_free(group_base);
6603 return(AD_NO_USER_FOUND);
6606 strcpy(SamAccountName, group_base->value);
6607 linklist_free(group_base);
6611 if (strcmp(SamAccountName, UserName))
6614 "User object %s with MoiraId %s has mismatched usernames "
6615 "(LDAP username %s, Moira username %s)", SamAccountName,
6616 MoiraId, SamAccountName, UserName);
6622 void container_get_dn(char *src, char *dest)
6629 memset(array, '\0', 20 * sizeof(array[0]));
6631 if (strlen(src) == 0)
6653 strcpy(dest, "OU=");
6657 strcat(dest, array[n-1]);
6661 strcat(dest, ",OU=");
6668 void container_get_name(char *src, char *dest)
6673 if (strlen(src) == 0)
6693 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6700 strcpy(cName, name);
6702 for (i = 0; i < (int)strlen(cName); i++)
6704 if (cName[i] == '/')
6707 av[CONTAINER_NAME] = cName;
6708 av[CONTAINER_DESC] = "";
6709 av[CONTAINER_LOCATION] = "";
6710 av[CONTAINER_CONTACT] = "";
6711 av[CONTAINER_TYPE] = "";
6712 av[CONTAINER_ID] = "";
6713 av[CONTAINER_ROWID] = "";
6714 rc = container_create(ldap_handle, dn_path, 7, av);
6716 if (rc == LDAP_SUCCESS)
6718 com_err(whoami, 0, "container %s created without a mitMoiraId",
6727 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6728 char **before, int afterc, char **after)
6733 char new_dn_path[256];
6735 char distinguishedName[256];
6740 memset(cName, '\0', sizeof(cName));
6741 container_get_name(after[CONTAINER_NAME], cName);
6743 if (!check_container_name(cName))
6745 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6747 return(AD_INVALID_NAME);
6750 memset(distinguishedName, '\0', sizeof(distinguishedName));
6752 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6753 distinguishedName, beforec, before))
6756 if (strlen(distinguishedName) == 0)
6758 rc = container_create(ldap_handle, dn_path, afterc, after);
6762 strcpy(temp, after[CONTAINER_NAME]);
6765 for (i = 0; i < (int)strlen(temp); i++)
6775 container_get_dn(temp, dName);
6777 if (strlen(temp) != 0)
6778 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6780 sprintf(new_dn_path, "%s", dn_path);
6782 sprintf(new_cn, "OU=%s", cName);
6784 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6786 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6787 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6789 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6790 before[CONTAINER_NAME], after[CONTAINER_NAME],
6791 ldap_err2string(rc));
6795 memset(dName, '\0', sizeof(dName));
6796 container_get_dn(after[CONTAINER_NAME], dName);
6797 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6802 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6804 char distinguishedName[256];
6807 memset(distinguishedName, '\0', sizeof(distinguishedName));
6809 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6810 distinguishedName, count, av))
6813 if (strlen(distinguishedName) == 0)
6816 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6818 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6819 container_move_objects(ldap_handle, dn_path, distinguishedName);
6821 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6822 av[CONTAINER_NAME], ldap_err2string(rc));
6828 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6830 char *attr_array[3];
6831 LK_ENTRY *group_base;
6834 char *objectClass_v[] = {"top",
6835 "organizationalUnit",
6838 char *ou_v[] = {NULL, NULL};
6839 char *name_v[] = {NULL, NULL};
6840 char *moiraId_v[] = {NULL, NULL};
6841 char *desc_v[] = {NULL, NULL};
6842 char *managedBy_v[] = {NULL, NULL};
6845 char managedByDN[256];
6852 memset(filter, '\0', sizeof(filter));
6853 memset(dName, '\0', sizeof(dName));
6854 memset(cName, '\0', sizeof(cName));
6855 memset(managedByDN, '\0', sizeof(managedByDN));
6856 container_get_dn(av[CONTAINER_NAME], dName);
6857 container_get_name(av[CONTAINER_NAME], cName);
6859 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6861 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6863 return(AD_INVALID_NAME);
6866 if (!check_container_name(cName))
6868 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6870 return(AD_INVALID_NAME);
6874 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6876 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6878 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6880 if (strlen(av[CONTAINER_ROWID]) != 0)
6882 moiraId_v[0] = av[CONTAINER_ROWID];
6883 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6886 if (strlen(av[CONTAINER_DESC]) != 0)
6888 desc_v[0] = av[CONTAINER_DESC];
6889 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6892 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6894 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6896 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6899 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6900 kerberos_ou, dn_path);
6901 managedBy_v[0] = managedByDN;
6902 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6907 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6909 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6910 "(objectClass=user)))", av[CONTAINER_ID]);
6913 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6915 sprintf(filter, "(&(objectClass=group)(cn=%s))",
6919 if (strlen(filter) != 0)
6921 attr_array[0] = "distinguishedName";
6922 attr_array[1] = NULL;
6925 if ((rc = linklist_build(ldap_handle, dn_path, filter,
6927 &group_base, &group_count,
6928 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6930 if (group_count == 1)
6932 strcpy(managedByDN, group_base->value);
6933 managedBy_v[0] = managedByDN;
6934 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6936 linklist_free(group_base);
6946 sprintf(temp, "%s,%s", dName, dn_path);
6947 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
6949 for (i = 0; i < n; i++)
6952 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
6954 com_err(whoami, 0, "Unable to create container %s : %s",
6955 cName, ldap_err2string(rc));
6959 if (rc == LDAP_ALREADY_EXISTS)
6961 if (strlen(av[CONTAINER_ROWID]) != 0)
6962 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
6968 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
6969 char **before, int afterc, char **after)
6971 char distinguishedName[256];
6974 memset(distinguishedName, '\0', sizeof(distinguishedName));
6976 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6977 distinguishedName, afterc, after))
6980 if (strlen(distinguishedName) == 0)
6982 rc = container_create(ldap_handle, dn_path, afterc, after);
6986 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6987 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
6993 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
6994 char *distinguishedName, int count,
6997 char *attr_array[3];
6998 LK_ENTRY *group_base;
7005 memset(filter, '\0', sizeof(filter));
7006 memset(dName, '\0', sizeof(dName));
7007 memset(cName, '\0', sizeof(cName));
7008 container_get_dn(av[CONTAINER_NAME], dName);
7009 container_get_name(av[CONTAINER_NAME], cName);
7011 if (strlen(dName) == 0)
7013 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7014 av[CONTAINER_NAME]);
7015 return(AD_INVALID_NAME);
7018 if (!check_container_name(cName))
7020 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7022 return(AD_INVALID_NAME);
7025 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7026 av[CONTAINER_ROWID]);
7027 attr_array[0] = "distinguishedName";
7028 attr_array[1] = NULL;
7032 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7033 &group_base, &group_count,
7034 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7036 if (group_count == 1)
7038 strcpy(distinguishedName, group_base->value);
7041 linklist_free(group_base);
7046 if (strlen(distinguishedName) == 0)
7048 sprintf(filter, "(&(objectClass=organizationalUnit)"
7049 "(distinguishedName=%s,%s))", dName, dn_path);
7050 attr_array[0] = "distinguishedName";
7051 attr_array[1] = NULL;
7055 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7056 &group_base, &group_count,
7057 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7059 if (group_count == 1)
7061 strcpy(distinguishedName, group_base->value);
7064 linklist_free(group_base);
7073 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7074 char *distinguishedName, int count, char **av)
7076 char *attr_array[5];
7077 LK_ENTRY *group_base;
7082 char *moiraId_v[] = {NULL, NULL};
7083 char *desc_v[] = {NULL, NULL};
7084 char *managedBy_v[] = {NULL, NULL};
7085 char managedByDN[256];
7094 strcpy(ad_path, distinguishedName);
7096 if (strlen(dName) != 0)
7097 sprintf(ad_path, "%s,%s", dName, dn_path);
7099 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7102 if (strlen(av[CONTAINER_ID]) != 0)
7103 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7104 av[CONTAINER_ROWID]);
7106 attr_array[0] = "mitMoiraId";
7107 attr_array[1] = "description";
7108 attr_array[2] = "managedBy";
7109 attr_array[3] = NULL;
7113 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7114 &group_base, &group_count,
7115 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7117 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7118 av[CONTAINER_NAME], ldap_err2string(rc));
7122 memset(managedByDN, '\0', sizeof(managedByDN));
7123 memset(moiraId, '\0', sizeof(moiraId));
7124 memset(desc, '\0', sizeof(desc));
7129 if (!strcasecmp(pPtr->attribute, "description"))
7130 strcpy(desc, pPtr->value);
7131 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7132 strcpy(managedByDN, pPtr->value);
7133 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7134 strcpy(moiraId, pPtr->value);
7138 linklist_free(group_base);
7143 if (strlen(av[CONTAINER_ROWID]) != 0)
7145 moiraId_v[0] = av[CONTAINER_ROWID];
7146 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7149 if (strlen(av[CONTAINER_DESC]) != 0)
7151 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7156 if (strlen(desc) != 0)
7158 attribute_update(ldap_handle, ad_path, "", "description", dName);
7162 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7164 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7166 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7169 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7170 kerberos_ou, dn_path);
7171 managedBy_v[0] = managedByDN;
7172 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7176 if (strlen(managedByDN) != 0)
7178 attribute_update(ldap_handle, ad_path, "", "managedBy",
7185 memset(filter, '\0', sizeof(filter));
7187 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7189 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7190 "(objectClass=user)))", av[CONTAINER_ID]);
7193 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7195 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7199 if (strlen(filter) != 0)
7201 attr_array[0] = "distinguishedName";
7202 attr_array[1] = NULL;
7205 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7206 attr_array, &group_base, &group_count,
7207 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7209 if (group_count == 1)
7211 strcpy(managedByDN, group_base->value);
7212 managedBy_v[0] = managedByDN;
7213 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7217 if (strlen(managedByDN) != 0)
7219 attribute_update(ldap_handle, ad_path, "",
7220 "managedBy", dName);
7224 linklist_free(group_base);
7231 if (strlen(managedByDN) != 0)
7233 attribute_update(ldap_handle, ad_path, "", "managedBy",
7243 return(LDAP_SUCCESS);
7245 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7247 for (i = 0; i < n; i++)
7250 if (rc != LDAP_SUCCESS)
7252 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7253 av[CONTAINER_NAME], ldap_err2string(rc));
7260 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7262 char *attr_array[3];
7263 LK_ENTRY *group_base;
7270 int NumberOfEntries = 10;
7274 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7276 for (i = 0; i < 3; i++)
7278 memset(filter, '\0', sizeof(filter));
7282 strcpy(filter, "(!(|(objectClass=computer)"
7283 "(objectClass=organizationalUnit)))");
7284 attr_array[0] = "cn";
7285 attr_array[1] = NULL;
7289 strcpy(filter, "(objectClass=computer)");
7290 attr_array[0] = "cn";
7291 attr_array[1] = NULL;
7295 strcpy(filter, "(objectClass=organizationalUnit)");
7296 attr_array[0] = "ou";
7297 attr_array[1] = NULL;
7302 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7303 &group_base, &group_count,
7304 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7309 if (group_count == 0)
7316 if (!strcasecmp(pPtr->attribute, "cn"))
7318 sprintf(new_cn, "cn=%s", pPtr->value);
7320 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7322 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7327 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7329 if (rc == LDAP_ALREADY_EXISTS)
7331 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7338 else if (!strcasecmp(pPtr->attribute, "ou"))
7340 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7346 linklist_free(group_base);
7355 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7356 char *machine_ou, char *NewMachineName)
7358 LK_ENTRY *group_base;
7362 char *attr_array[3];
7369 strcpy(NewMachineName, member);
7370 rc = moira_connect();
7371 rc = GetMachineName(NewMachineName);
7374 if (strlen(NewMachineName) == 0)
7376 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7382 pPtr = strchr(NewMachineName, '.');
7389 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7390 attr_array[0] = "cn";
7391 attr_array[1] = NULL;
7392 sprintf(temp, "%s", dn_path);
7394 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7395 &group_base, &group_count,
7396 LDAP_SCOPE_SUBTREE)) != 0)
7398 com_err(whoami, 0, "Unable to process machine %s : %s",
7399 member, ldap_err2string(rc));
7403 if (group_count != 1)
7406 "Unable to process machine %s : machine not found in AD",
7411 strcpy(dn, group_base->dn);
7412 strcpy(cn, group_base->value);
7414 for (i = 0; i < (int)strlen(dn); i++)
7415 dn[i] = tolower(dn[i]);
7417 for (i = 0; i < (int)strlen(cn); i++)
7418 cn[i] = tolower(cn[i]);
7420 linklist_free(group_base);
7422 pPtr = strstr(dn, cn);
7426 com_err(whoami, 0, "Unable to process machine %s",
7431 pPtr += strlen(cn) + 1;
7432 strcpy(machine_ou, pPtr);
7434 pPtr = strstr(machine_ou, "dc=");
7438 com_err(whoami, 0, "Unable to process machine %s",
7449 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7450 char *MoiraMachineName, char *DestinationOu)
7454 char MachineName[128];
7456 char *attr_array[3];
7461 LK_ENTRY *group_base;
7466 strcpy(MachineName, MoiraMachineName);
7467 rc = GetMachineName(MachineName);
7469 if (strlen(MachineName) == 0)
7471 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7476 cPtr = strchr(MachineName, '.');
7481 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7482 attr_array[0] = "sAMAccountName";
7483 attr_array[1] = NULL;
7485 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7487 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7489 com_err(whoami, 0, "Unable to process machine %s : %s",
7490 MoiraMachineName, ldap_err2string(rc));
7494 if (group_count == 1)
7495 strcpy(OldDn, group_base->dn);
7497 linklist_free(group_base);
7500 if (group_count != 1)
7502 com_err(whoami, 0, "Unable to find machine %s in AD: %s",
7507 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7508 cPtr = strchr(OldDn, ',');
7513 if (!strcasecmp(cPtr, NewOu))
7517 sprintf(NewCn, "CN=%s", MachineName);
7518 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7523 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7529 memset(Name, '\0', sizeof(Name));
7530 strcpy(Name, machine_name);
7532 pPtr = strchr(Name, '.');
7538 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7541 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7542 char *machine_name, char *container_name)
7548 av[0] = machine_name;
7549 call_args[0] = (char *)container_name;
7550 rc = mr_query("get_machine_to_container_map", 1, av,
7551 machine_GetMoiraContainer, call_args);
7555 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7560 strcpy(call_args[0], av[1]);
7564 int Moira_container_group_create(char **after)
7570 memset(GroupName, '\0', sizeof(GroupName));
7571 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7572 after[CONTAINER_ROWID]);
7576 argv[L_NAME] = GroupName;
7577 argv[L_ACTIVE] = "1";
7578 argv[L_PUBLIC] = "0";
7579 argv[L_HIDDEN] = "0";
7580 argv[L_MAILLIST] = "0";
7581 argv[L_GROUP] = "1";
7582 argv[L_GID] = UNIQUE_GID;
7583 argv[L_NFSGROUP] = "0";
7584 argv[L_MAILMAN] = "0";
7585 argv[L_MAILMAN_SERVER] = "[NONE]";
7586 argv[L_DESC] = "auto created container group";
7587 argv[L_ACE_TYPE] = "USER";
7588 argv[L_MEMACE_TYPE] = "USER";
7589 argv[L_ACE_NAME] = "sms";
7590 argv[L_MEMACE_NAME] = "sms";
7592 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7595 "Unable to create container group %s for container %s: %s",
7596 GroupName, after[CONTAINER_NAME], error_message(rc));
7599 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7600 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7605 int Moira_container_group_update(char **before, char **after)
7608 char BeforeGroupName[64];
7609 char AfterGroupName[64];
7612 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7615 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7616 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7617 if (strlen(BeforeGroupName) == 0)
7620 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7621 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7622 after[CONTAINER_ROWID]);
7626 if (strcasecmp(BeforeGroupName, AfterGroupName))
7628 argv[L_NAME] = BeforeGroupName;
7629 argv[L_NAME + 1] = AfterGroupName;
7630 argv[L_ACTIVE + 1] = "1";
7631 argv[L_PUBLIC + 1] = "0";
7632 argv[L_HIDDEN + 1] = "0";
7633 argv[L_MAILLIST + 1] = "0";
7634 argv[L_GROUP + 1] = "1";
7635 argv[L_GID + 1] = UNIQUE_GID;
7636 argv[L_NFSGROUP + 1] = "0";
7637 argv[L_MAILMAN + 1] = "0";
7638 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7639 argv[L_DESC + 1] = "auto created container group";
7640 argv[L_ACE_TYPE + 1] = "USER";
7641 argv[L_MEMACE_TYPE + 1] = "USER";
7642 argv[L_ACE_NAME + 1] = "sms";
7643 argv[L_MEMACE_NAME + 1] = "sms";
7645 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7648 "Unable to rename container group from %s to %s: %s",
7649 BeforeGroupName, AfterGroupName, error_message(rc));
7656 int Moira_container_group_delete(char **before)
7661 char ParentGroupName[64];
7663 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7664 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7666 memset(GroupName, '\0', sizeof(GroupName));
7668 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7669 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7671 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7673 argv[0] = ParentGroupName;
7675 argv[2] = GroupName;
7677 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7680 "Unable to delete container group %s from list: %s",
7681 GroupName, ParentGroupName, error_message(rc));
7685 if (strlen(GroupName) != 0)
7687 argv[0] = GroupName;
7689 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7691 com_err(whoami, 0, "Unable to delete container group %s : %s",
7692 GroupName, error_message(rc));
7699 int Moira_groupname_create(char *GroupName, char *ContainerName,
7700 char *ContainerRowID)
7705 char newGroupName[64];
7706 char tempGroupName[64];
7712 strcpy(temp, ContainerName);
7714 ptr1 = strrchr(temp, '/');
7720 ptr1 = strrchr(temp, '/');
7724 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7727 strcpy(tempgname, ptr);
7730 strcpy(tempgname, temp);
7732 if (strlen(tempgname) > 25)
7733 tempgname[25] ='\0';
7735 sprintf(newGroupName, "cnt-%s", tempgname);
7737 /* change everything to lower case */
7743 *ptr = tolower(*ptr);
7751 strcpy(tempGroupName, newGroupName);
7754 /* append 0-9 then a-z if a duplicate is found */
7757 argv[0] = newGroupName;
7759 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7761 if (rc == MR_NO_MATCH)
7763 com_err(whoami, 0, "Moira error while creating group name for "
7764 "container %s : %s", ContainerName, error_message(rc));
7768 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7772 com_err(whoami, 0, "Unable to find a unique group name for "
7773 "container %s: too many duplicate container names",
7784 strcpy(GroupName, newGroupName);
7788 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7793 argv[0] = origContainerName;
7794 argv[1] = GroupName;
7796 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7799 "Unable to set container group %s in container %s: %s",
7800 GroupName, origContainerName, error_message(rc));
7806 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7808 char ContainerName[64];
7809 char ParentGroupName[64];
7813 strcpy(ContainerName, origContainerName);
7815 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7817 /* top-level container */
7818 if (strlen(ParentGroupName) == 0)
7821 argv[0] = ParentGroupName;
7823 argv[2] = GroupName;
7825 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7828 "Unable to add container group %s to parent group %s: %s",
7829 GroupName, ParentGroupName, error_message(rc));
7835 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7840 strcpy(call_args[0], av[1]);
7845 int Moira_getGroupName(char *origContainerName, char *GroupName,
7848 char ContainerName[64];
7854 strcpy(ContainerName, origContainerName);
7858 ptr = strrchr(ContainerName, '/');
7866 argv[0] = ContainerName;
7868 call_args[0] = GroupName;
7869 call_args[1] = NULL;
7871 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7874 if (strlen(GroupName) != 0)
7879 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7880 ContainerName, error_message(rc));
7882 com_err(whoami, 0, "Unable to get container group from container %s",
7888 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7894 if (strcmp(GroupName, "[none]") == 0)
7897 argv[0] = GroupName;
7898 argv[1] = "MACHINE";
7899 argv[2] = MachineName;
7902 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7904 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7908 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7909 MachineName, GroupName, error_message(rc));
7915 int GetMachineName(char *MachineName)
7918 char NewMachineName[1024];
7925 // If the address happens to be in the top-level MIT domain, great!
7926 strcpy(NewMachineName, MachineName);
7928 for (i = 0; i < (int)strlen(NewMachineName); i++)
7929 NewMachineName[i] = toupper(NewMachineName[i]);
7931 szDot = strchr(NewMachineName,'.');
7933 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
7938 // If not, see if it has a Moira alias in the top-level MIT domain.
7939 memset(NewMachineName, '\0', sizeof(NewMachineName));
7941 args[1] = MachineName;
7942 call_args[0] = NewMachineName;
7943 call_args[1] = NULL;
7945 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
7947 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
7948 MachineName, error_message(rc));
7949 strcpy(MachineName, "");
7953 if (strlen(NewMachineName) != 0)
7954 strcpy(MachineName, NewMachineName);
7956 strcpy(MachineName, "");
7961 int ProcessMachineName(int ac, char **av, void *ptr)
7964 char MachineName[1024];
7970 if (strlen(call_args[0]) == 0)
7972 strcpy(MachineName, av[0]);
7974 for (i = 0; i < (int)strlen(MachineName); i++)
7975 MachineName[i] = toupper(MachineName[i]);
7977 szDot = strchr(MachineName,'.');
7979 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
7981 strcpy(call_args[0], MachineName);
7988 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
7994 for (i = 0; i < n; i++)
7996 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
7997 mods[i]->mod_type = "uidNumber";
8004 for (i = 0; i < n; i++)
8006 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8007 mods[i]->mod_type = "msSFU30UidNumber";
8014 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8015 char *DistinguishedName,
8016 char *WinHomeDir, char *WinProfileDir,
8017 char **homedir_v, char **winProfile_v,
8018 char **drives_v, LDAPMod **mods,
8025 char winProfile[1024];
8028 char apple_homedir[1024];
8029 char *apple_homedir_v[] = {NULL, NULL};
8033 LDAPMod *DelMods[20];
8035 char *save_argv[FS_END];
8036 char *fsgroup_save_argv[2];
8038 memset(homeDrive, '\0', sizeof(homeDrive));
8039 memset(path, '\0', sizeof(path));
8040 memset(winPath, '\0', sizeof(winPath));
8041 memset(winProfile, '\0', sizeof(winProfile));
8043 if(!ActiveDirectory)
8045 if (rc = moira_connect())
8047 critical_alert("AD incremental",
8048 "Error contacting Moira server : %s",
8053 argv[0] = user_name;
8055 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8058 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8059 !strcmp(save_argv[FS_TYPE], "MUL"))
8062 argv[0] = save_argv[FS_NAME];
8065 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8066 save_fsgroup_info, fsgroup_save_argv)))
8070 argv[0] = fsgroup_save_argv[0];
8072 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8073 save_query_info, save_argv)))
8075 strcpy(path, save_argv[FS_PACK]);
8082 strcpy(path, save_argv[FS_PACK]);
8090 if (!strnicmp(path, AFS, strlen(AFS)))
8092 sprintf(homedir, "%s", path);
8093 sprintf(apple_homedir, "%s/MacData", path);
8094 homedir_v[0] = homedir;
8095 apple_homedir_v[0] = apple_homedir;
8096 ADD_ATTR("homeDirectory", homedir_v, OpType);
8097 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8103 homedir_v[0] = "NONE";
8104 apple_homedir_v[0] = "NONE";
8105 ADD_ATTR("homeDirectory", homedir_v, OpType);
8106 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8113 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8114 (!strcasecmp(WinProfileDir, "[afs]")))
8116 if (rc = moira_connect())
8118 critical_alert("AD incremental",
8119 "Error contacting Moira server : %s",
8124 argv[0] = user_name;
8126 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8129 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8130 !strcmp(save_argv[FS_TYPE], "MUL"))
8133 argv[0] = save_argv[FS_NAME];
8136 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8137 save_fsgroup_info, fsgroup_save_argv)))
8141 argv[0] = fsgroup_save_argv[0];
8143 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8144 save_query_info, save_argv)))
8146 strcpy(path, save_argv[FS_PACK]);
8153 strcpy(path, save_argv[FS_PACK]);
8161 if (!strnicmp(path, AFS, strlen(AFS)))
8163 AfsToWinAfs(path, winPath);
8164 strcpy(winProfile, winPath);
8165 strcat(winProfile, "\\.winprofile");
8172 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8173 (!strcasecmp(WinProfileDir, "[dfs]")))
8175 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8176 user_name[0], user_name);
8178 if (!strcasecmp(WinProfileDir, "[dfs]"))
8180 strcpy(winProfile, path);
8181 strcat(winProfile, "\\.winprofile");
8184 if (!strcasecmp(WinHomeDir, "[dfs]"))
8185 strcpy(winPath, path);
8188 if (!strcasecmp(WinHomeDir, "[local]"))
8189 memset(winPath, '\0', sizeof(winPath));
8190 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8191 !strcasecmp(WinHomeDir, "[dfs]"))
8193 strcpy(homeDrive, "H:");
8197 strcpy(winPath, WinHomeDir);
8198 if (!strncmp(WinHomeDir, "\\\\", 2))
8200 strcpy(homeDrive, "H:");
8204 // nothing needs to be done if WinProfileDir is [afs].
8205 if (!strcasecmp(WinProfileDir, "[local]"))
8206 memset(winProfile, '\0', sizeof(winProfile));
8207 else if (strcasecmp(WinProfileDir, "[afs]") &&
8208 strcasecmp(WinProfileDir, "[dfs]"))
8210 strcpy(winProfile, WinProfileDir);
8213 if (strlen(winProfile) != 0)
8215 if (winProfile[strlen(winProfile) - 1] == '\\')
8216 winProfile[strlen(winProfile) - 1] = '\0';
8219 if (strlen(winPath) != 0)
8221 if (winPath[strlen(winPath) - 1] == '\\')
8222 winPath[strlen(winPath) - 1] = '\0';
8225 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8226 strcat(winProfile, "\\");
8228 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8229 strcat(winPath, "\\");
8231 if (strlen(winPath) == 0)
8233 if (OpType == LDAP_MOD_REPLACE)
8236 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8238 //unset homeDirectory attribute for user.
8239 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8245 homedir_v[0] = strdup(winPath);
8246 ADD_ATTR("homeDirectory", homedir_v, OpType);
8249 if (strlen(winProfile) == 0)
8251 if (OpType == LDAP_MOD_REPLACE)
8254 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8256 //unset profilePate attribute for user.
8257 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8263 winProfile_v[0] = strdup(winProfile);
8264 ADD_ATTR("profilePath", winProfile_v, OpType);
8267 if (strlen(homeDrive) == 0)
8269 if (OpType == LDAP_MOD_REPLACE)
8272 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8274 //unset homeDrive attribute for user
8275 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8281 drives_v[0] = strdup(homeDrive);
8282 ADD_ATTR("homeDrive", drives_v, OpType);
8288 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8289 char *attribute_value, char *attribute, char *user_name)
8291 char *mod_v[] = {NULL, NULL};
8292 LDAPMod *DelMods[20];
8298 if (strlen(attribute_value) == 0)
8301 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8303 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8309 mod_v[0] = attribute_value;
8310 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8313 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8314 mods)) != LDAP_SUCCESS)
8318 mod_v[0] = attribute_value;
8319 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8322 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8323 mods)) != LDAP_SUCCESS)
8325 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8327 attribute, user_name, ldap_err2string(rc));
8337 void StringTrim(char *StringToTrim)
8342 save = strdup(StringToTrim);
8349 /* skip to end of string */
8354 strcpy(StringToTrim, save);
8358 for (t = s; *t; t++)
8374 strcpy(StringToTrim, s);
8378 int ReadConfigFile(char *DomainName)
8389 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8391 if ((fptr = fopen(temp, "r")) != NULL)
8393 while (fgets(temp, sizeof(temp), fptr) != 0)
8395 for (i = 0; i < (int)strlen(temp); i++)
8396 temp[i] = toupper(temp[i]);
8398 if (temp[strlen(temp) - 1] == '\n')
8399 temp[strlen(temp) - 1] = '\0';
8403 if (strlen(temp) == 0)
8406 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8408 if (strlen(temp) > (strlen(DOMAIN)))
8410 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8411 StringTrim(ldap_domain);
8414 else if (!strncmp(temp, REALM, strlen(REALM)))
8416 if (strlen(temp) > (strlen(REALM)))
8418 strcpy(ldap_realm, &temp[strlen(REALM)]);
8419 StringTrim(ldap_realm);
8422 else if (!strncmp(temp, PORT, strlen(PORT)))
8424 if (strlen(temp) > (strlen(PORT)))
8426 strcpy(ldap_port, &temp[strlen(PORT)]);
8427 StringTrim(ldap_port);
8430 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8432 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8434 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8435 StringTrim(PrincipalName);
8438 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8440 if (strlen(temp) > (strlen(SERVER)))
8442 ServerList[Count] = calloc(1, 256);
8443 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8444 StringTrim(ServerList[Count]);
8448 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8450 if (strlen(temp) > (strlen(MSSFU)))
8452 strcpy(temp1, &temp[strlen(MSSFU)]);
8454 if (!strcmp(temp1, SFUTYPE))
8458 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8460 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8462 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8464 if (!strcasecmp(temp1, "NO"))
8467 memset(group_suffix, '\0', sizeof(group_suffix));
8471 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8473 if (strlen(temp) > (strlen(GROUP_TYPE)))
8475 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8477 if (!strcasecmp(temp1, "UNIVERSAL"))
8478 UseGroupUniversal = 1;
8481 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8483 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8485 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8487 if (!strcasecmp(temp1, "NO"))
8491 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8493 if (strlen(temp) > (strlen(SET_PASSWORD)))
8495 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8497 if (!strcasecmp(temp1, "NO"))
8501 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8503 if (strlen(temp) > (strlen(EXCHANGE)))
8505 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8507 if (!strcasecmp(temp1, "YES"))
8511 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8512 strlen(PROCESS_MACHINE_CONTAINER)))
8514 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8516 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8518 if (!strcasecmp(temp1, "NO"))
8519 ProcessMachineContainer = 0;
8522 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8523 strlen(ACTIVE_DIRECTORY)))
8525 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8527 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8529 if (!strcasecmp(temp1, "NO"))
8530 ActiveDirectory = 0;
8535 if (strlen(ldap_domain) != 0)
8537 memset(ldap_domain, '\0', sizeof(ldap_domain));
8541 if (strlen(temp) != 0)
8542 strcpy(ldap_domain, temp);
8548 if (strlen(ldap_domain) == 0)
8550 strcpy(ldap_domain, DomainName);
8556 for (i = 0; i < Count; i++)
8558 if (ServerList[i] != 0)
8560 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8561 ServerList[i][k] = toupper(ServerList[i][k]);
8568 int ReadDomainList()
8575 unsigned char c[11];
8576 unsigned char stuff[256];
8581 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8583 if ((fptr = fopen(temp, "r")) != NULL)
8585 while (fgets(temp, sizeof(temp), fptr) != 0)
8587 for (i = 0; i < (int)strlen(temp); i++)
8588 temp[i] = toupper(temp[i]);
8590 if (temp[strlen(temp) - 1] == '\n')
8591 temp[strlen(temp) - 1] = '\0';
8595 if (strlen(temp) == 0)
8598 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8600 if (strlen(temp) > (strlen(DOMAIN)))
8602 strcpy(temp1, &temp[strlen(DOMAIN)]);
8604 strcpy(temp, temp1);
8608 strcpy(DomainNames[Count], temp);
8609 StringTrim(DomainNames[Count]);
8618 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8619 "configuration error in ldap.cfg");
8626 int email_isvalid(const char *address) {
8628 const char *c, *domain;
8629 static char *rfc822_specials = "()<>@,;:\\\"[]";
8631 if(address[strlen(address) - 1] == '.')
8634 /* first we validate the name portion (name@domain) */
8635 for (c = address; *c; c++) {
8636 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8641 if (*c == '\\' && (*++c == ' '))
8643 if (*c <= ' ' || *c >= 127)
8658 if (*c <= ' ' || *c >= 127)
8660 if (strchr(rfc822_specials, *c))
8664 if (c == address || *(c - 1) == '.')
8667 /* next we validate the domain portion (name@domain) */
8668 if (!*(domain = ++c)) return 0;
8671 if (c == domain || *(c - 1) == '.')
8675 if (*c <= ' ' || *c >= 127)
8677 if (strchr(rfc822_specials, *c))
8681 return (count >= 1);
8684 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8685 char **homeServerName)
8687 LK_ENTRY *group_base;
8688 LK_ENTRY *sub_group_base;
8692 int sub_group_count;
8694 char sub_filter[1024];
8695 char search_path[1024];
8697 char *attr_array[3];
8699 int homeMDB_count = -1;
8703 int rangeStep = 1500;
8705 int rangeHigh = rangeLow + (rangeStep - 1);
8708 /* Grumble..... microsoft not making it searchable from the root *grr* */
8710 memset(filter, '\0', sizeof(filter));
8711 memset(search_path, '\0', sizeof(search_path));
8713 sprintf(filter, "(objectClass=msExchMDB)");
8714 sprintf(search_path, "CN=Configuration,%s", dn_path);
8715 attr_array[0] = "distinguishedName";
8716 attr_array[1] = NULL;
8721 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8722 &group_base, &group_count,
8723 LDAP_SCOPE_SUBTREE)) != 0)
8725 com_err(whoami, 0, "Unable to find msExchMDB %s",
8726 ldap_err2string(rc));
8735 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8736 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8737 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8744 * Due to limits in active directory we need to use the LDAP
8745 * range semantics to query and return all the values in
8746 * large lists, we will stop increasing the range when
8747 * the result count is 0.
8755 memset(sub_filter, '\0', sizeof(sub_filter));
8756 memset(range, '\0', sizeof(range));
8757 sprintf(sub_filter, "(objectClass=msExchMDB)");
8760 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8762 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8764 attr_array[0] = range;
8765 attr_array[1] = NULL;
8767 sub_group_base = NULL;
8768 sub_group_count = 0;
8770 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8771 attr_array, &sub_group_base,
8773 LDAP_SCOPE_SUBTREE)) != 0)
8775 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8776 ldap_err2string(rc));
8780 if(!sub_group_count)
8786 rangeHigh = rangeLow + (rangeStep - 1);
8793 mdbbl_count += sub_group_count;
8794 rangeLow = rangeHigh + 1;
8795 rangeHigh = rangeLow + (rangeStep - 1);
8798 /* First time through, need to initialize or update the least used */
8800 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8803 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8805 homeMDB_count = mdbbl_count;
8806 *homeMDB = strdup(gPtr->dn);
8810 linklist_free(sub_group_base);
8814 linklist_free(group_base);
8817 * Ok found the server least allocated need to now query to get its
8818 * msExchHomeServerName so we can set it as a user attribute
8821 attr_array[0] = "legacyExchangeDN";
8822 attr_array[1] = NULL;
8827 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8828 attr_array, &group_base,
8830 LDAP_SCOPE_SUBTREE)) != 0)
8832 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8833 ldap_err2string(rc));
8839 *homeServerName = strdup(group_base->value);
8840 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8846 linklist_free(group_base);
8851 char *lowercase(char *s)
8855 for (p = s; *p; p++)
8863 char *uppercase(char *s)
8867 for (p = s; *p; p++)
8875 char *escape_string(char *s)
8883 memset(string, '\0', sizeof(string));
8887 /* Replace leading spaces */
8889 while(isspace(*q)) {
8896 /* Escape any special characters */
8898 for(; *q != '\0'; q++) {
8921 return strdup(string);
8924 int save_query_info(int argc, char **argv, void *hint)
8927 char **nargv = hint;
8929 for(i = 0; i < argc; i++)
8930 nargv[i] = strdup(argv[i]);
8935 int save_fsgroup_info(int argc, char **argv, void *hint)
8938 char **nargv = hint;
8942 for(i = 0; i < argc; i++)
8943 nargv[i] = strdup(argv[i]);