2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
106 #include <lmaccess.h>
113 #include <moira_site.h>
114 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
216 #define MEMBER_REMOVE 2
217 #define MEMBER_CHANGE_NAME 3
218 #define MEMBER_ACTIVATE 4
219 #define MEMBER_DEACTIVATE 5
220 #define MEMBER_CREATE 6
222 #define MOIRA_ALL 0x0
223 #define MOIRA_USERS 0x1
224 #define MOIRA_KERBEROS 0x2
225 #define MOIRA_STRINGS 0x4
226 #define MOIRA_LISTS 0x8
228 #define CHECK_GROUPS 1
229 #define CLEANUP_GROUPS 2
231 #define AD_NO_GROUPS_FOUND -1
232 #define AD_WRONG_GROUP_DN_FOUND -2
233 #define AD_MULTIPLE_GROUPS_FOUND -3
234 #define AD_INVALID_NAME -4
235 #define AD_LDAP_FAILURE -5
236 #define AD_INVALID_FILESYS -6
237 #define AD_NO_ATTRIBUTE_FOUND -7
238 #define AD_NO_OU_FOUND -8
239 #define AD_NO_USER_FOUND -9
241 /* container arguments */
242 #define CONTAINER_NAME 0
243 #define CONTAINER_DESC 1
244 #define CONTAINER_LOCATION 2
245 #define CONTAINER_CONTACT 3
246 #define CONTAINER_TYPE 4
247 #define CONTAINER_ID 5
248 #define CONTAINER_ROWID 6
249 #define CONTAINER_GROUP_NAME 7
251 /*mcntmap arguments*/
252 #define OU_MACHINE_NAME 0
253 #define OU_CONTAINER_NAME 1
254 #define OU_MACHINE_ID 2
255 #define OU_CONTAINER_ID 3
256 #define OU_CONTAINER_GROUP 4
258 typedef struct lk_entry {
268 struct lk_entry *next;
271 #define STOP_FILE "/moira/winad/nowinad"
272 #define file_exists(file) (access((file), F_OK) == 0)
274 #define N_SD_BER_BYTES 5
275 #define LDAP_BERVAL struct berval
276 #define MAX_SERVER_NAMES 32
278 #define HIDDEN_GROUP "HiddenGroup.g"
279 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
280 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
281 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
283 #define ADD_ATTR(t, v, o) \
284 mods[n] = malloc(sizeof(LDAPMod)); \
285 mods[n]->mod_op = o; \
286 mods[n]->mod_type = t; \
287 mods[n++]->mod_values = v
289 LK_ENTRY *member_base = NULL;
290 LK_ENTRY *sid_base = NULL;
291 LK_ENTRY **sid_ptr = NULL;
292 static char tbl_buf[1024];
293 char kerberos_ou[] = "OU=kerberos,OU=moira";
294 char contact_ou[] = "OU=strings,OU=moira";
295 char user_ou[] = "OU=users,OU=moira";
296 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
297 char group_ou_root[] = "OU=lists,OU=moira";
298 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
299 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
300 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
301 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
302 char orphans_other_ou[] = "OU=Other,OU=Orphans";
303 char security_template_ou[] = "OU=security_templates";
305 char ldap_domain[256];
306 int mr_connections = 0;
308 char default_server[256];
309 static char tbl_buf[1024];
311 extern int set_password(char *user, char *password, char *domain);
313 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
314 char *group_membership, char *MoiraId, char *attribute,
315 LK_ENTRY **linklist_base, int *linklist_count,
317 void AfsToWinAfs(char* path, char* winPath);
318 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
319 char *Win2kPassword, char *Win2kUser, char *default_server,
321 void ad_kdc_disconnect();
322 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
323 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
324 void check_winad(void);
325 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
327 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
328 char *distinguishedName, int count, char **av);
329 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
330 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
331 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
332 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
333 char *distinguishedName, int count, char **av);
334 void container_get_dn(char *src, char *dest);
335 void container_get_name(char *src, char *dest);
336 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
337 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
338 int afterc, char **after);
339 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
340 int afterc, char **after);
342 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
343 char *fs_type, char *fs_pack, int operation);
344 int GetAceInfo(int ac, char **av, void *ptr);
345 int get_group_membership(char *group_membership, char *group_ou,
346 int *security_flag, char **av);
347 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou);
348 int Moira_container_group_create(char **after);
349 int Moira_container_group_delete(char **before);
350 int Moira_groupname_create(char *GroupName, char *ContainerName,
351 char *ContainerRowID);
352 int Moira_container_group_update(char **before, char **after);
353 int Moira_process_machine_container_group(char *MachineName, char* groupName,
355 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
356 int Moira_getContainerGroup(int ac, char **av, void *ptr);
357 int Moira_getGroupName(char *origContainerName, char *GroupName,
359 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
360 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
361 int UpdateGroup, int *ProcessGroup);
362 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
363 char *group_name, char *group_ou, char *group_membership,
364 int group_security_flag, int type);
365 int process_lists(int ac, char **av, void *ptr);
366 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
367 int HiddenGroup, char *AceType, char *AceName);
368 int user_create(int ac, char **av, void *ptr);
369 int user_change_status(LDAP *ldap_handle, char *dn_path,
370 char *user_name, char *MoiraId, int operation);
371 int user_delete(LDAP *ldap_handle, char *dn_path,
372 char *u_name, char *MoiraId);
373 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
375 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
376 char *uid, char *MitId, char *MoiraId, int State);
377 void change_to_lower_case(char *ptr);
378 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
379 int group_create(int ac, char **av, void *ptr);
380 int group_delete(LDAP *ldap_handle, char *dn_path,
381 char *group_name, char *group_membership, char *MoiraId);
382 int group_rename(LDAP *ldap_handle, char *dn_path,
383 char *before_group_name, char *before_group_membership,
384 char *before_group_ou, int before_security_flag, char *before_desc,
385 char *after_group_name, char *after_group_membership,
386 char *after_group_ou, int after_security_flag, char *after_desc,
387 char *MoiraId, char *filter);
388 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
389 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
390 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
391 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
392 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
393 char *group_name, char *group_ou, char *group_membership,
394 int group_security_flag, int updateGroup);
395 int member_list_build(int ac, char **av, void *ptr);
396 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
397 char *group_ou, char *group_membership,
398 char *user_name, char *pUserOu, char *MoiraId);
399 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
400 char *group_ou, char *group_membership, char *user_name,
401 char *pUserOu, char *MoiraId);
402 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
403 char *group_ou, char *group_membership,
404 int group_security_flag, char *MoiraId);
405 int sid_update(LDAP *ldap_handle, char *dn_path);
406 int check_string(char *s);
407 int check_container_name(char* s);
408 void convert_b_to_a(char *string, UCHAR *binary, int length);
409 int mr_connect_cl(char *server, char *client, int version, int auth);
411 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
412 char **before, int beforec, char **after, int afterc);
413 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
414 char **before, int beforec, char **after, int afterc);
415 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
416 char **before, int beforec, char **after, int afterc);
417 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
418 char **before, int beforec, char **after, int afterc);
419 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
420 char **before, int beforec, char **after, int afterc);
421 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
422 char **before, int beforec, char **after, int afterc);
423 int linklist_create_entry(char *attribute, char *value,
424 LK_ENTRY **linklist_entry);
425 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
426 char **attr_array, LK_ENTRY **linklist_base,
427 int *linklist_count);
428 void linklist_free(LK_ENTRY *linklist_base);
430 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
431 char *distinguished_name, LK_ENTRY **linklist_current);
432 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
433 LK_ENTRY **linklist_base, int *linklist_count);
434 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
435 char *Attribute, char *distinguished_name,
436 LK_ENTRY **linklist_current);
438 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
439 char *oldValue, char *newValue,
440 char ***modvalues, int type);
441 void free_values(char **modvalues);
443 int convert_domain_to_dn(char *domain, char **bind_path);
444 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
445 char *distinguished_name);
446 int moira_disconnect(void);
447 int moira_connect(void);
448 void print_to_screen(const char *fmt, ...);
450 int main(int argc, char **argv)
463 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
467 com_err(whoami, 0, "%s", "argc < 4");
470 beforec = atoi(argv[2]);
471 afterc = atoi(argv[3]);
473 if (argc < (4 + beforec + afterc))
475 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
481 after = &argv[4 + beforec];
483 for (i = 1; i < argc; i++)
485 strcat(tbl_buf, argv[i]);
486 strcat(tbl_buf, " ");
488 com_err(whoami, 0, "%s", tbl_buf);
492 memset(ldap_domain, '\0', sizeof(ldap_domain));
493 if ((fptr = fopen(WINADCFG, "r")) != NULL)
495 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
498 if (strlen(ldap_domain) == 0)
499 strcpy(ldap_domain, "win.mit.edu");
500 initialize_sms_error_table();
501 initialize_krb_error_table();
503 memset(default_server, '\0', sizeof(default_server));
504 memset(dn_path, '\0', sizeof(dn_path));
505 for (i = 0; i < 5; i++)
507 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1)))
513 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
517 for (i = 0; i < (int)strlen(table); i++)
518 table[i] = tolower(table[i]);
519 if (!strcmp(table, "users"))
520 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
522 else if (!strcmp(table, "list"))
523 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
525 else if (!strcmp(table, "imembers"))
526 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
528 else if (!strcmp(table, "filesys"))
529 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
531 else if (!strcmp(table, "containers"))
532 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
534 else if (!strcmp(table, "mcntmap"))
535 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
538 rc = ldap_unbind_s(ldap_handle);
542 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
543 char **before, int beforec, char **after, int afterc)
545 char MoiraContainerName[128];
546 char ADContainerName[128];
547 char MachineName[128];
550 char MoiraContainerGroup[64];
553 memset(ADContainerName, '\0', sizeof(ADContainerName));
554 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
556 if ((beforec == 0) && (afterc == 0))
559 if (rc = moira_connect())
561 critical_alert("AD incremental",
562 "Error contacting Moira server : %s",
567 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
569 strcpy(MachineName, before[OU_MACHINE_NAME]);
570 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
572 com_err(whoami, 0, "removing machine %s from %s", MachineName, before[OU_CONTAINER_NAME]);
574 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
576 strcpy(MachineName, after[OU_MACHINE_NAME]);
577 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
578 com_err(whoami, 0, "adding machine %s to container %s", MachineName, after[OU_CONTAINER_NAME]);
586 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
588 if (machine_check(ldap_handle, dn_path, MachineName))
590 com_err(whoami, 0, "machine %s not found in AD.", MachineName);
594 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
595 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
596 if (strlen(MoiraContainerName) == 0)
598 com_err(whoami, 0, "machine %s container not found in Moira - moving to orphans OU.", MachineName);
599 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
603 container_get_dn(MoiraContainerName, ADContainerName);
604 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
605 strcat(MoiraContainerName, "/");
606 container_check(ldap_handle, dn_path, MoiraContainerName);
607 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
612 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
613 char **before, int beforec, char **after, int afterc)
617 if ((beforec == 0) && (afterc == 0))
620 if (rc = moira_connect())
622 critical_alert("AD incremental", "Error contacting Moira server : %s",
627 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
629 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
630 container_delete(ldap_handle, dn_path, beforec, before);
631 Moira_container_group_delete(before);
635 if ((beforec == 0) && (afterc != 0)) /*create a container*/
637 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
638 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
639 container_create(ldap_handle, dn_path, afterc, after);
640 Moira_container_group_create(after);
645 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
647 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
648 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
649 Moira_container_group_update(before, after);
653 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
654 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
655 Moira_container_group_update(before, after);
660 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
661 char **before, int beforec, char **after, int afterc)
674 if (afterc < FS_CREATE)
678 atype = !strcmp(after[FS_TYPE], "AFS");
679 acreate = atoi(after[FS_CREATE]);
682 if (beforec < FS_CREATE)
684 if (acreate == 0 || atype == 0)
686 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
690 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
691 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
693 if (rc != LDAP_SUCCESS)
694 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
701 if (rc = moira_connect())
703 critical_alert("AD incremental",
704 "Error contacting Moira server : %s",
708 av[0] = after[FS_NAME];
709 call_args[0] = (char *)ldap_handle;
710 call_args[1] = dn_path;
716 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
720 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
726 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
729 if (sid_base != NULL)
731 sid_update(ldap_handle, dn_path);
732 linklist_free(sid_base);
740 btype = !strcmp(before[FS_TYPE], "AFS");
741 bcreate = atoi(before[FS_CREATE]);
742 if (afterc < FS_CREATE)
744 if (btype && bcreate)
746 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
747 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
749 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
758 if (!atype && !btype)
760 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
762 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
763 before[FS_NAME], after[FS_NAME]);
767 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
771 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
772 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
774 if (rc != LDAP_SUCCESS)
775 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
782 if (rc = moira_connect())
784 critical_alert("AD incremental",
785 "Error contacting Moira server : %s",
789 av[0] = after[FS_NAME];
790 call_args[0] = (char *)ldap_handle;
791 call_args[1] = dn_path;
797 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
801 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
807 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
810 if (sid_base != NULL)
812 sid_update(ldap_handle, dn_path);
813 linklist_free(sid_base);
823 #define L_LIST_DESC 9
826 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
827 char **before, int beforec, char **after, int afterc)
832 char group_membership[6];
837 char before_list_id[32];
838 char before_group_membership[1];
839 int before_security_flag;
840 char before_group_ou[256];
841 LK_ENTRY *ptr = NULL;
843 if (beforec == 0 && afterc == 0)
846 memset(list_id, '\0', sizeof(list_id));
847 memset(before_list_id, '\0', sizeof(before_list_id));
848 memset(before_group_ou, '\0', sizeof(before_group_ou));
849 memset(before_group_membership, '\0', sizeof(before_group_membership));
850 memset(group_ou, '\0', sizeof(group_ou));
851 memset(group_membership, '\0', sizeof(group_membership));
856 if (beforec < L_LIST_ID)
858 if (beforec > L_LIST_DESC)
860 strcpy(before_list_id, before[L_LIST_ID]);
862 before_security_flag = 0;
863 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
867 if (afterc < L_LIST_ID)
869 if (afterc > L_LIST_DESC)
871 strcpy(list_id, before[L_LIST_ID]);
874 get_group_membership(group_membership, group_ou, &security_flag, after);
877 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
884 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
885 before_group_ou, before_group_membership,
886 before_security_flag, CHECK_GROUPS)))
888 if (rc == AD_NO_GROUPS_FOUND)
892 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
894 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
895 before_group_ou, before_group_membership,
896 before_security_flag, CLEANUP_GROUPS);
898 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
900 com_err(whoami, 0, "Could not change list name from %s to %s",
901 before[L_NAME], after[L_NAME]);
904 if (rc == AD_NO_GROUPS_FOUND)
910 if ((beforec != 0) && (afterc != 0))
912 if (((strcmp(after[L_NAME], before[L_NAME])) ||
913 ((!strcmp(after[L_NAME], before[L_NAME])) &&
914 (strcmp(before_group_ou, group_ou)))) &&
917 com_err(whoami, 0, "Changing list name from %s to %s",
918 before[L_NAME], after[L_NAME]);
919 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
920 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
922 com_err(whoami, 0, "%s", "couldn't find the group OU's");
925 memset(filter, '\0', sizeof(filter));
926 if ((rc = group_rename(ldap_handle, dn_path,
927 before[L_NAME], before_group_membership,
928 before_group_ou, before_security_flag, before[L_LIST_DESC],
929 after[L_NAME], group_membership,
930 group_ou, security_flag, after[L_LIST_DESC],
933 if (rc != AD_NO_GROUPS_FOUND)
935 com_err(whoami, 0, "Could not change list name from %s to %s",
936 before[L_NAME], after[L_NAME]);
949 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
951 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
954 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
955 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
956 before_group_membership, before_list_id);
963 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
964 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
965 group_ou, group_membership,
966 security_flag, CHECK_GROUPS))
968 if (rc != AD_NO_GROUPS_FOUND)
970 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
972 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
973 group_ou, group_membership,
974 security_flag, CLEANUP_GROUPS);
978 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
985 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
987 if (rc = moira_connect())
989 critical_alert("AD incremental",
990 "Error contacting Moira server : %s",
996 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1000 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1003 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1004 group_ou, group_membership, security_flag, updateGroup))
1009 if (atoi(after[L_ACTIVE]))
1011 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1012 group_membership, security_flag, list_id);
1019 #define LM_EXTRA_ACTIVE (LM_END)
1020 #define LM_EXTRA_PUBLIC (LM_END+1)
1021 #define LM_EXTRA_HIDDEN (LM_END+2)
1022 #define LM_EXTRA_MAILLIST (LM_END+3)
1023 #define LM_EXTRA_GROUP (LM_END+4)
1024 #define LM_EXTRA_GID (LM_END+5)
1025 #define LMN_LIST_ID (LM_END+6)
1026 #define LM_LIST_ID (LM_END+7)
1027 #define LM_USER_ID (LM_END+8)
1028 #define LM_EXTRA_END (LM_END+9)
1030 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1031 char **before, int beforec, char **after, int afterc)
1033 char group_name[128];
1034 char user_name[128];
1035 char user_type[128];
1036 char moira_list_id[32];
1037 char moira_user_id[32];
1038 char group_membership[1];
1040 char machine_ou[256];
1052 memset(moira_list_id, '\0', sizeof(moira_list_id));
1053 memset(moira_user_id, '\0', sizeof(moira_user_id));
1056 if (afterc < LM_EXTRA_GID)
1058 if (!atoi(after[LM_EXTRA_ACTIVE]))
1061 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1063 strcpy(user_name, after[LM_MEMBER]);
1064 strcpy(group_name, after[LM_LIST]);
1065 strcpy(user_type, after[LM_TYPE]);
1066 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1068 if (afterc > LM_EXTRA_GROUP)
1070 strcpy(moira_list_id, after[LMN_LIST_ID]);
1071 strcpy(moira_user_id, after[LM_LIST_ID]);
1074 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1076 if (afterc > LMN_LIST_ID)
1078 strcpy(moira_list_id, after[LM_LIST_ID]);
1079 strcpy(moira_user_id, after[LM_USER_ID]);
1084 if (afterc > LM_EXTRA_GID)
1085 strcpy(moira_list_id, after[LMN_LIST_ID]);
1090 if (beforec < LM_EXTRA_GID)
1092 if (!atoi(before[LM_EXTRA_ACTIVE]))
1095 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1097 strcpy(user_name, before[LM_MEMBER]);
1098 strcpy(group_name, before[LM_LIST]);
1099 strcpy(user_type, before[LM_TYPE]);
1100 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1102 if (beforec > LM_EXTRA_GROUP)
1104 strcpy(moira_list_id, before[LMN_LIST_ID]);
1105 strcpy(moira_user_id, before[LM_LIST_ID]);
1108 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1110 if (beforec > LMN_LIST_ID)
1112 strcpy(moira_list_id, before[LM_LIST_ID]);
1113 strcpy(moira_user_id, before[LM_USER_ID]);
1118 if (beforec > LM_EXTRA_GID)
1119 strcpy(moira_list_id, before[LMN_LIST_ID]);
1126 args[L_NAME] = ptr[LM_LIST];
1127 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1128 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1129 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1130 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1131 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1132 args[L_GID] = ptr[LM_EXTRA_GID];
1135 memset(group_ou, '\0', sizeof(group_ou));
1136 get_group_membership(group_membership, group_ou, &security_flag, args);
1137 if (strlen(group_ou) == 0)
1139 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
1142 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1144 if (rc != AD_NO_GROUPS_FOUND)
1146 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1148 if (rc != AD_NO_GROUPS_FOUND)
1151 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
1153 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
1159 if (rc == AD_NO_GROUPS_FOUND)
1161 if (rc = moira_connect())
1163 critical_alert("AD incremental",
1164 "Error contacting Moira server : %s",
1169 com_err(whoami, 0, "creating group %s", group_name);
1171 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1175 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1178 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1179 group_ou, group_membership, security_flag, 0))
1184 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1186 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1187 group_membership, security_flag, moira_list_id);
1194 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1196 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1198 memset(machine_ou, '\0', sizeof(machine_ou));
1199 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1201 pUserOu = machine_ou;
1203 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1205 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1207 pUserOu = contact_ou;
1209 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1211 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1213 pUserOu = kerberos_ou;
1215 if (rc = member_remove(ldap_handle, dn_path, group_name,
1216 group_ou, group_membership, ptr[LM_MEMBER],
1217 pUserOu, moira_list_id))
1218 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
1222 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1225 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1227 memset(machine_ou, '\0', sizeof(machine_ou));
1228 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1230 pUserOu = machine_ou;
1232 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1234 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1236 pUserOu = contact_ou;
1238 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1240 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1242 pUserOu = kerberos_ou;
1244 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1246 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1247 moira_user_id)) == AD_NO_USER_FOUND)
1249 if (rc = moira_connect())
1251 critical_alert("AD incremental",
1252 "Error connection to Moira : %s",
1256 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1257 av[0] = ptr[LM_MEMBER];
1258 call_args[0] = (char *)ldap_handle;
1259 call_args[1] = dn_path;
1260 call_args[2] = moira_user_id;
1261 call_args[3] = NULL;
1263 sid_ptr = &sid_base;
1265 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1269 com_err(whoami, 0, "couldn't create user %s : %s",
1270 ptr[LM_MEMBER], error_message(rc));
1276 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1280 if (sid_base != NULL)
1282 sid_update(ldap_handle, dn_path);
1283 linklist_free(sid_base);
1294 if (rc = member_add(ldap_handle, dn_path, group_name,
1295 group_ou, group_membership, ptr[LM_MEMBER],
1296 pUserOu, moira_list_id))
1298 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1304 #define U_USER_ID 10
1306 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1307 char **before, int beforec, char **after,
1312 char after_user_id[32];
1313 char before_user_id[32];
1316 if ((beforec == 0) && (afterc == 0))
1319 memset(after_user_id, '\0', sizeof(after_user_id));
1320 memset(before_user_id, '\0', sizeof(before_user_id));
1321 if (beforec > U_USER_ID)
1322 strcpy(before_user_id, before[U_USER_ID]);
1323 if (afterc > U_USER_ID)
1324 strcpy(after_user_id, after[U_USER_ID]);
1326 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1329 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1330 return; /*account is first created but not usable*/
1332 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1334 if (atoi(before[U_STATE]) == 0)
1336 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1337 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1342 /*process anything that gets here*/
1343 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1344 before_user_id)) == AD_NO_USER_FOUND)
1346 if (!check_string(after[U_NAME]))
1348 if (rc = moira_connect())
1350 critical_alert("AD incremental",
1351 "Error connection to Moira : %s",
1355 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1357 av[0] = after[U_NAME];
1358 call_args[0] = (char *)ldap_handle;
1359 call_args[1] = dn_path;
1360 call_args[2] = after_user_id;
1361 call_args[3] = NULL;
1363 sid_ptr = &sid_base;
1365 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1369 com_err(whoami, 0, "couldn't create user %s : %s",
1370 after[U_NAME], error_message(rc));
1376 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1380 if (sid_base != NULL)
1382 sid_update(ldap_handle, dn_path);
1383 linklist_free(sid_base);
1392 if (strcmp(before[U_NAME], after[U_NAME]))
1394 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1396 com_err(whoami, 0, "changing user %s to %s",
1397 before[U_NAME], after[U_NAME]);
1398 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1399 after[U_NAME])) != LDAP_SUCCESS)
1405 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1406 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1407 after[U_UID], after[U_MITID],
1408 after_user_id, atoi(after[U_STATE]));
1412 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1413 char *oldValue, char *newValue,
1414 char ***modvalues, int type)
1416 LK_ENTRY *linklist_ptr;
1420 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1425 for (i = 0; i < (modvalue_count + 1); i++)
1426 (*modvalues)[i] = NULL;
1427 if (modvalue_count != 0)
1429 linklist_ptr = linklist_base;
1430 for (i = 0; i < modvalue_count; i++)
1432 if ((oldValue != NULL) && (newValue != NULL))
1434 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1437 if (type == REPLACE)
1439 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1442 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1443 strcpy((*modvalues)[i], newValue);
1447 if (((*modvalues)[i] = calloc(1,
1448 (int)(cPtr - linklist_ptr->value) +
1449 (linklist_ptr->length - strlen(oldValue)) +
1450 strlen(newValue) + 1)) == NULL)
1452 memset((*modvalues)[i], '\0',
1453 (int)(cPtr - linklist_ptr->value) +
1454 (linklist_ptr->length - strlen(oldValue)) +
1455 strlen(newValue) + 1);
1456 memcpy((*modvalues)[i], linklist_ptr->value,
1457 (int)(cPtr - linklist_ptr->value));
1458 strcat((*modvalues)[i], newValue);
1459 strcat((*modvalues)[i],
1460 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1465 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1466 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1467 memcpy((*modvalues)[i], linklist_ptr->value,
1468 linklist_ptr->length);
1473 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1474 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1475 memcpy((*modvalues)[i], linklist_ptr->value,
1476 linklist_ptr->length);
1478 linklist_ptr = linklist_ptr->next;
1480 (*modvalues)[i] = NULL;
1486 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1487 char **attr_array, LK_ENTRY **linklist_base,
1488 int *linklist_count)
1491 LDAPMessage *ldap_entry;
1495 (*linklist_base) = NULL;
1496 (*linklist_count) = 0;
1497 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1498 search_exp, attr_array, 0, &ldap_entry))
1501 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1505 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1507 ldap_msgfree(ldap_entry);
1512 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1513 LK_ENTRY **linklist_base, int *linklist_count)
1515 char distinguished_name[1024];
1516 LK_ENTRY *linklist_ptr;
1519 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1522 memset(distinguished_name, '\0', sizeof(distinguished_name));
1523 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1525 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1526 linklist_base)) != 0)
1529 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1531 memset(distinguished_name, '\0', sizeof(distinguished_name));
1532 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1534 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1535 linklist_base)) != 0)
1539 linklist_ptr = (*linklist_base);
1540 (*linklist_count) = 0;
1541 while (linklist_ptr != NULL)
1543 ++(*linklist_count);
1544 linklist_ptr = linklist_ptr->next;
1549 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1550 char *distinguished_name, LK_ENTRY **linklist_current)
1556 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1558 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1560 ldap_memfree(Attribute);
1561 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1564 retrieve_values(ldap_handle, ldap_entry, Attribute,
1565 distinguished_name, linklist_current);
1566 ldap_memfree(Attribute);
1569 ldap_ber_free(ptr, 0);
1573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1574 char *Attribute, char *distinguished_name,
1575 LK_ENTRY **linklist_current)
1581 LK_ENTRY *linklist_previous;
1582 LDAP_BERVAL **ber_value;
1590 SID_IDENTIFIER_AUTHORITY *sid_auth;
1591 unsigned char *subauth_count;
1592 #endif /*LDAP_BEGUG*/
1595 memset(temp, '\0', sizeof(temp));
1596 if ((!strcmp(Attribute, "objectSid")) ||
1597 (!strcmp(Attribute, "objectGUID")))
1602 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1603 Ptr = (void **)ber_value;
1608 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1609 Ptr = (void **)str_value;
1616 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1618 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1619 linklist_previous->next = (*linklist_current);
1620 (*linklist_current) = linklist_previous;
1622 if (((*linklist_current)->attribute = calloc(1,
1623 strlen(Attribute) + 1)) == NULL)
1625 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1626 strcpy((*linklist_current)->attribute, Attribute);
1629 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1630 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1632 memset((*linklist_current)->value, '\0', ber_length);
1633 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1635 (*linklist_current)->length = ber_length;
1639 if (((*linklist_current)->value = calloc(1,
1640 strlen(*Ptr) + 1)) == NULL)
1642 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1643 (*linklist_current)->length = strlen(*Ptr);
1644 strcpy((*linklist_current)->value, *Ptr);
1646 (*linklist_current)->ber_value = use_bervalue;
1647 if (((*linklist_current)->dn = calloc(1,
1648 strlen(distinguished_name) + 1)) == NULL)
1650 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1651 strcpy((*linklist_current)->dn, distinguished_name);
1654 if (!strcmp(Attribute, "objectGUID"))
1656 guid = (GUID *)((*linklist_current)->value);
1657 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1658 guid->Data1, guid->Data2, guid->Data3,
1659 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1660 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1661 guid->Data4[6], guid->Data4[7]);
1662 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1664 else if (!strcmp(Attribute, "objectSid"))
1666 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1668 print_to_screen(" Revision = %d\n", sid->Revision);
1669 print_to_screen(" SID Identifier Authority:\n");
1670 sid_auth = &sid->IdentifierAuthority;
1671 if (sid_auth->Value[0])
1672 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1673 else if (sid_auth->Value[1])
1674 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1675 else if (sid_auth->Value[2])
1676 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1677 else if (sid_auth->Value[3])
1678 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1679 else if (sid_auth->Value[5])
1680 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1682 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1683 subauth_count = GetSidSubAuthorityCount(sid);
1684 print_to_screen(" SidSubAuthorityCount = %d\n",
1686 print_to_screen(" SidSubAuthority:\n");
1687 for (i = 0; i < *subauth_count; i++)
1689 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1690 print_to_screen(" %u\n", *subauth);
1694 else if ((!memcmp(Attribute, "userAccountControl",
1695 strlen("userAccountControl"))) ||
1696 (!memcmp(Attribute, "sAMAccountType",
1697 strlen("sAmAccountType"))))
1699 intValue = atoi(*Ptr);
1700 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1701 if (!memcmp(Attribute, "userAccountControl",
1702 strlen("userAccountControl")))
1704 if (intValue & UF_ACCOUNTDISABLE)
1705 print_to_screen(" %20s : %s\n",
1706 "", "Account disabled");
1708 print_to_screen(" %20s : %s\n",
1709 "", "Account active");
1710 if (intValue & UF_HOMEDIR_REQUIRED)
1711 print_to_screen(" %20s : %s\n",
1712 "", "Home directory required");
1713 if (intValue & UF_LOCKOUT)
1714 print_to_screen(" %20s : %s\n",
1715 "", "Account locked out");
1716 if (intValue & UF_PASSWD_NOTREQD)
1717 print_to_screen(" %20s : %s\n",
1718 "", "No password required");
1719 if (intValue & UF_PASSWD_CANT_CHANGE)
1720 print_to_screen(" %20s : %s\n",
1721 "", "Cannot change password");
1722 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1723 print_to_screen(" %20s : %s\n",
1724 "", "Temp duplicate account");
1725 if (intValue & UF_NORMAL_ACCOUNT)
1726 print_to_screen(" %20s : %s\n",
1727 "", "Normal account");
1728 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1729 print_to_screen(" %20s : %s\n",
1730 "", "Interdomain trust account");
1731 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1732 print_to_screen(" %20s : %s\n",
1733 "", "Workstation trust account");
1734 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1735 print_to_screen(" %20s : %s\n",
1736 "", "Server trust account");
1741 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1743 #endif /*LDAP_DEBUG*/
1745 if (str_value != NULL)
1746 ldap_value_free(str_value);
1747 if (ber_value != NULL)
1748 ldap_value_free_len(ber_value);
1750 (*linklist_current) = linklist_previous;
1754 int moira_connect(void)
1759 if (!mr_connections++)
1762 memset(HostName, '\0', sizeof(HostName));
1763 strcpy(HostName, "ttsp");
1764 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1766 rc = mr_connect(HostName);
1771 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1773 rc = mr_connect(uts.nodename);
1778 rc = mr_auth("winad.incr");
1785 void check_winad(void)
1789 for (i = 0; file_exists(STOP_FILE); i++)
1793 critical_alert("AD incremental",
1794 "WINAD incremental failed (%s exists): %s",
1795 STOP_FILE, tbl_buf);
1802 int moira_disconnect(void)
1805 if (!--mr_connections)
1812 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1813 char *distinguished_name)
1817 CName = ldap_get_dn(ldap_handle, ldap_entry);
1820 strcpy(distinguished_name, CName);
1821 ldap_memfree(CName);
1824 int linklist_create_entry(char *attribute, char *value,
1825 LK_ENTRY **linklist_entry)
1827 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1828 if (!(*linklist_entry))
1832 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1833 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1834 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1835 strcpy((*linklist_entry)->attribute, attribute);
1836 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1837 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1838 strcpy((*linklist_entry)->value, value);
1839 (*linklist_entry)->length = strlen(value);
1840 (*linklist_entry)->next = NULL;
1844 void print_to_screen(const char *fmt, ...)
1848 va_start(pvar, fmt);
1849 vfprintf(stderr, fmt, pvar);
1854 int get_group_membership(char *group_membership, char *group_ou,
1855 int *security_flag, char **av)
1860 maillist_flag = atoi(av[L_MAILLIST]);
1861 group_flag = atoi(av[L_GROUP]);
1862 if (security_flag != NULL)
1863 (*security_flag) = 0;
1865 if ((maillist_flag) && (group_flag))
1867 if (group_membership != NULL)
1868 group_membership[0] = 'B';
1869 if (security_flag != NULL)
1870 (*security_flag) = 1;
1871 if (group_ou != NULL)
1872 strcpy(group_ou, group_ou_both);
1874 else if ((!maillist_flag) && (group_flag))
1876 if (group_membership != NULL)
1877 group_membership[0] = 'S';
1878 if (security_flag != NULL)
1879 (*security_flag) = 1;
1880 if (group_ou != NULL)
1881 strcpy(group_ou, group_ou_security);
1883 else if ((maillist_flag) && (!group_flag))
1885 if (group_membership != NULL)
1886 group_membership[0] = 'D';
1887 if (group_ou != NULL)
1888 strcpy(group_ou, group_ou_distribution);
1892 if (group_membership != NULL)
1893 group_membership[0] = 'N';
1894 if (group_ou != NULL)
1895 strcpy(group_ou, group_ou_neither);
1900 int group_rename(LDAP *ldap_handle, char *dn_path,
1901 char *before_group_name, char *before_group_membership,
1902 char *before_group_ou, int before_security_flag, char *before_desc,
1903 char *after_group_name, char *after_group_membership,
1904 char *after_group_ou, int after_security_flag, char *after_desc,
1905 char *MoiraId, char *filter)
1910 char new_dn_path[512];
1912 char *attr_array[3];
1913 char *mitMoiraId_v[] = {NULL, NULL};
1914 char *name_v[] = {NULL, NULL};
1915 char *desc_v[] = {NULL, NULL};
1916 char *samAccountName_v[] = {NULL, NULL};
1917 char *groupTypeControl_v[] = {NULL, NULL};
1918 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1919 char groupTypeControlStr[80];
1923 LK_ENTRY *group_base;
1926 if (!check_string(before_group_name))
1928 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1929 return(AD_INVALID_NAME);
1931 if (!check_string(after_group_name))
1933 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1934 return(AD_INVALID_NAME);
1939 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1940 before_group_membership,
1941 MoiraId, "distinguishedName", &group_base,
1942 &group_count, filter))
1945 if (group_count == 0)
1947 return(AD_NO_GROUPS_FOUND);
1949 if (group_count != 1)
1952 "multiple groups with MoiraId = %s exist in the AD",
1954 return(AD_MULTIPLE_GROUPS_FOUND);
1956 strcpy(old_dn, group_base->value);
1958 linklist_free(group_base);
1961 attr_array[0] = "sAMAccountName";
1962 attr_array[1] = NULL;
1963 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1964 &group_base, &group_count)) != 0)
1966 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1967 after_group_name, ldap_err2string(rc));
1970 if (group_count != 1)
1973 "Unable to get sAMAccountName for group %s",
1975 return(AD_LDAP_FAILURE);
1978 strcpy(sam_name, group_base->value);
1979 linklist_free(group_base);
1983 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1984 sprintf(new_dn, "cn=%s", after_group_name);
1985 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1986 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1988 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1989 before_group_name, after_group_name, ldap_err2string(rc));
1993 name_v[0] = after_group_name;
1994 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
1996 sprintf(sam_name, "%s_group", after_group_name);
2000 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
2001 before_group_name, after_group_name);
2004 samAccountName_v[0] = sam_name;
2005 if (after_security_flag)
2006 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2007 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2008 groupTypeControl_v[0] = groupTypeControlStr;
2010 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2011 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2012 desc_v[0] = after_desc;
2013 if (strlen(after_desc) == 0)
2015 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2016 mitMoiraId_v[0] = MoiraId;
2017 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2018 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2020 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2021 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2023 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
2024 after_group_name, ldap_err2string(rc));
2026 for (i = 0; i < n; i++)
2031 int group_create(int ac, char **av, void *ptr)
2034 LK_ENTRY *group_base;
2037 char new_group_name[256];
2038 char sam_group_name[256];
2039 char cn_group_name[256];
2040 char *cn_v[] = {NULL, NULL};
2041 char *objectClass_v[] = {"top", "group", NULL};
2043 char *samAccountName_v[] = {NULL, NULL};
2044 char *altSecurityIdentities_v[] = {NULL, NULL};
2045 char *member_v[] = {NULL, NULL};
2046 char *name_v[] = {NULL, NULL};
2047 char *desc_v[] = {NULL, NULL};
2048 char *info_v[] = {NULL, NULL};
2049 char *mitMoiraId_v[] = {NULL, NULL};
2050 char *groupTypeControl_v[] = {NULL, NULL};
2051 char groupTypeControlStr[80];
2052 char group_membership[1];
2055 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2061 char *attr_array[3];
2066 if (!check_string(av[L_NAME]))
2068 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
2069 return(AD_INVALID_NAME);
2072 updateGroup = (int)call_args[4];
2073 memset(group_ou, 0, sizeof(group_ou));
2074 memset(group_membership, 0, sizeof(group_membership));
2076 get_group_membership(group_membership, group_ou, &security_flag, av);
2077 strcpy(new_group_name, av[L_NAME]);
2078 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2080 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2082 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2087 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2088 groupTypeControl_v[0] = groupTypeControlStr;
2090 strcpy(cn_group_name, av[L_NAME]);
2092 samAccountName_v[0] = sam_group_name;
2093 name_v[0] = new_group_name;
2094 cn_v[0] = new_group_name;
2097 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2098 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2099 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2100 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2101 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2102 if (strlen(av[L_DESC]) != 0)
2104 desc_v[0] = av[L_DESC];
2105 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2107 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2108 if (strlen(av[L_ACE_NAME]) != 0)
2110 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2112 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2114 if (strlen(call_args[5]) != 0)
2116 mitMoiraId_v[0] = call_args[5];
2117 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2121 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2123 for (i = 0; i < n; i++)
2125 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2127 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2128 av[L_NAME], ldap_err2string(rc));
2133 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2137 if (strlen(av[L_DESC]) != 0)
2138 desc_v[0] = av[L_DESC];
2139 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2141 if (strlen(av[L_ACE_NAME]) != 0)
2143 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2146 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
2147 if (strlen(call_args[5]) != 0)
2149 mitMoiraId_v[0] = call_args[5];
2150 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2152 if (!(atoi(av[L_ACTIVE])))
2155 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2158 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2159 for (i = 0; i < n; i++)
2161 if (rc != LDAP_SUCCESS)
2163 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2164 av[L_NAME], ldap_err2string(rc));
2170 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2171 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2173 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2174 if (strlen(call_args[5]) != 0)
2175 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2176 attr_array[0] = "objectSid";
2177 attr_array[1] = NULL;
2180 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2181 &group_base, &group_count)) == LDAP_SUCCESS)
2183 if (group_count != 1)
2185 if (strlen(call_args[5]) != 0)
2187 linklist_free(group_base);
2190 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2191 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2192 attr_array, &group_base, &group_count);
2195 if (group_count == 1)
2197 (*sid_ptr) = group_base;
2198 (*sid_ptr)->member = strdup(av[L_NAME]);
2199 (*sid_ptr)->type = (char *)GROUPS;
2200 sid_ptr = &(*sid_ptr)->next;
2204 if (group_base != NULL)
2205 linklist_free(group_base);
2210 if (group_base != NULL)
2211 linklist_free(group_base);
2213 return(LDAP_SUCCESS);
2216 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2217 int HiddenGroup, char *AceType, char *AceName)
2219 char filter_exp[1024];
2220 char *attr_array[5];
2221 char search_path[512];
2223 char TemplateDn[512];
2224 char TemplateSamName[128];
2226 char TargetSamName[128];
2227 char AceSamAccountName[128];
2229 unsigned char AceSid[128];
2230 unsigned char UserTemplateSid[128];
2231 char acBERBuf[N_SD_BER_BYTES];
2232 char GroupSecurityTemplate[256];
2234 int UserTemplateSidCount;
2241 int array_count = 0;
2243 LK_ENTRY *group_base;
2244 LDAP_BERVAL **ppsValues;
2245 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2246 { N_SD_BER_BYTES, acBERBuf },
2249 LDAPControl *apsServerControls[] = {&sControl, NULL};
2252 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2253 BEREncodeSecurityBits(dwInfo, acBERBuf);
2255 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2256 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2257 attr_array[0] = "sAMAccountName";
2258 attr_array[1] = NULL;
2261 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2262 &group_base, &group_count) != 0))
2264 if (group_count != 1)
2266 linklist_free(group_base);
2269 strcpy(TargetDn, group_base->dn);
2270 strcpy(TargetSamName, group_base->value);
2271 linklist_free(group_base);
2275 UserTemplateSidCount = 0;
2276 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2277 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2278 memset(AceSid, '\0', sizeof(AceSid));
2282 if (strlen(AceName) != 0)
2284 if (!strcmp(AceType, "LIST"))
2286 sprintf(AceSamAccountName, "%s_group", AceName);
2287 strcpy(root_ou, group_ou_root);
2289 else if (!strcmp(AceType, "USER"))
2291 sprintf(AceSamAccountName, "%s", AceName);
2292 strcpy(root_ou, user_ou);
2294 if (strlen(AceSamAccountName) != 0)
2296 sprintf(search_path, "%s", dn_path);
2297 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2298 attr_array[0] = "objectSid";
2299 attr_array[1] = NULL;
2302 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2303 &group_base, &group_count) != 0))
2305 if (group_count == 1)
2307 strcpy(AceDn, group_base->dn);
2308 AceSidCount = group_base->length;
2309 memcpy(AceSid, group_base->value, AceSidCount);
2311 linklist_free(group_base);
2316 if (AceSidCount == 0)
2318 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2319 com_err(whoami, 0, " Non-admin security group template will be used.");
2323 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2324 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2325 attr_array[0] = "objectSid";
2326 attr_array[1] = NULL;
2330 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2331 &group_base, &group_count) != 0))
2333 if ((rc != 0) || (group_count != 1))
2335 com_err(whoami, 0, "Couldn't process user security template: %s", "UserTemplate");
2340 UserTemplateSidCount = group_base->length;
2341 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2343 linklist_free(group_base);
2350 if (AceSidCount == 0)
2352 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2353 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2357 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2358 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2363 if (AceSidCount == 0)
2365 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2366 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2370 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2371 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2375 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2376 attr_array[0] = "sAMAccountName";
2377 attr_array[1] = NULL;
2380 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2381 &group_base, &group_count) != 0))
2383 if (group_count != 1)
2385 linklist_free(group_base);
2386 com_err(whoami, 0, "Couldn't process group security template: %s - security not set", GroupSecurityTemplate);
2389 strcpy(TemplateDn, group_base->dn);
2390 strcpy(TemplateSamName, group_base->value);
2391 linklist_free(group_base);
2395 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2396 rc = ldap_search_ext_s(ldap_handle,
2408 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2410 com_err(whoami, 0, "Couldn't find group security template: %s - security not set", GroupSecurityTemplate);
2413 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2414 if (ppsValues == NULL)
2416 com_err(whoami, 0, "Couldn't find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2420 if (AceSidCount != 0)
2422 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2424 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2426 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2428 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2436 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2439 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2440 for (i = 0; i < n; i++)
2442 ldap_value_free_len(ppsValues);
2443 ldap_msgfree(psMsg);
2444 if (rc != LDAP_SUCCESS)
2446 com_err(whoami, 0, "Couldn't set security settings for group %s : %s",
2447 TargetGroupName, ldap_err2string(rc));
2448 if (AceSidCount != 0)
2450 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2452 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2453 HiddenGroup, "", ""))
2455 com_err(whoami, 0, "Unable to set security for group %s.",
2462 com_err(whoami, 0, "Security set for group %s.", TargetGroupName);
2466 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2467 char *group_membership, char *MoiraId)
2469 LK_ENTRY *group_base;
2475 if (!check_string(group_name))
2477 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
2478 return(AD_INVALID_NAME);
2481 memset(filter, '\0', sizeof(filter));
2484 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2485 if (rc = ad_get_group(ldap_handle, temp, group_name,
2486 group_membership, MoiraId,
2487 "distinguishedName", &group_base,
2488 &group_count, filter))
2491 if (group_count == 1)
2493 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2495 linklist_free(group_base);
2496 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2497 group_name, ldap_err2string(rc));
2500 linklist_free(group_base);
2504 linklist_free(group_base);
2505 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2506 return(AD_NO_GROUPS_FOUND);
2512 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2518 return(N_SD_BER_BYTES);
2521 int process_lists(int ac, char **av, void *ptr)
2526 char group_membership[2];
2532 memset(group_ou, '\0', sizeof(group_ou));
2533 memset(group_membership, '\0', sizeof(group_membership));
2534 get_group_membership(group_membership, group_ou, &security_flag, av);
2535 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2536 group_ou, group_membership, call_args[2],
2537 (char *)call_args[3], "");
2541 int member_list_build(int ac, char **av, void *ptr)
2549 strcpy(temp, av[ACE_NAME]);
2550 if (!check_string(temp))
2552 if (!strcmp(av[ACE_TYPE], "USER"))
2554 if (!((int)call_args[3] & MOIRA_USERS))
2557 else if (!strcmp(av[ACE_TYPE], "STRING"))
2559 if (!((int)call_args[3] & MOIRA_STRINGS))
2561 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2564 else if (!strcmp(av[ACE_TYPE], "LIST"))
2566 if (!((int)call_args[3] & MOIRA_LISTS))
2569 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2571 if (!((int)call_args[3] & MOIRA_KERBEROS))
2573 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2579 linklist = member_base;
2582 if (!strcasecmp(temp, linklist->member))
2584 linklist = linklist->next;
2586 linklist = calloc(1, sizeof(LK_ENTRY));
2588 linklist->dn = NULL;
2589 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2590 strcpy(linklist->list, call_args[2]);
2591 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2592 strcpy(linklist->type, av[ACE_TYPE]);
2593 linklist->member = calloc(1, strlen(temp) + 1);
2594 strcpy(linklist->member, temp);
2595 linklist->next = member_base;
2596 member_base = linklist;
2600 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2601 char *group_ou, char *group_membership, char *user_name,
2602 char *UserOu, char *MoiraId)
2604 char distinguished_name[1024];
2612 LK_ENTRY *group_base;
2615 if (!check_string(group_name))
2616 return(AD_INVALID_NAME);
2618 memset(filter, '\0', sizeof(filter));
2621 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2622 group_membership, MoiraId,
2623 "distinguishedName", &group_base,
2624 &group_count, filter))
2627 if (group_count != 1)
2629 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2631 linklist_free(group_base);
2636 strcpy(distinguished_name, group_base->value);
2637 linklist_free(group_base);
2641 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2642 modvalues[0] = temp;
2643 modvalues[1] = NULL;
2646 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2648 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2649 for (i = 0; i < n; i++)
2651 if (rc == LDAP_UNWILLING_TO_PERFORM)
2653 if (rc != LDAP_SUCCESS)
2655 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2656 group_name, ldap_err2string(rc));
2664 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2665 char *group_ou, char *group_membership, char *user_name,
2666 char *UserOu, char *MoiraId)
2668 char distinguished_name[1024];
2676 LK_ENTRY *group_base;
2679 if (!check_string(group_name))
2680 return(AD_INVALID_NAME);
2683 memset(filter, '\0', sizeof(filter));
2686 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2687 group_membership, MoiraId,
2688 "distinguishedName", &group_base,
2689 &group_count, filter))
2692 if (group_count != 1)
2694 linklist_free(group_base);
2697 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2699 return(AD_MULTIPLE_GROUPS_FOUND);
2702 strcpy(distinguished_name, group_base->value);
2703 linklist_free(group_base);
2707 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2708 modvalues[0] = temp;
2709 modvalues[1] = NULL;
2712 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2714 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2715 if (rc == LDAP_ALREADY_EXISTS)
2717 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2719 if (rc == LDAP_UNWILLING_TO_PERFORM)
2722 for (i = 0; i < n; i++)
2724 if (rc != LDAP_SUCCESS)
2726 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2727 user_name, group_name, ldap_err2string(rc));
2733 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2737 char cn_user_name[256];
2738 char contact_name[256];
2739 char *email_v[] = {NULL, NULL};
2740 char *cn_v[] = {NULL, NULL};
2741 char *contact_v[] = {NULL, NULL};
2742 char *objectClass_v[] = {"top", "person",
2743 "organizationalPerson",
2745 char *name_v[] = {NULL, NULL};
2746 char *desc_v[] = {NULL, NULL};
2751 if (!check_string(user))
2753 com_err(whoami, 0, "invalid LDAP name %s", user);
2754 return(AD_INVALID_NAME);
2756 strcpy(contact_name, user);
2757 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2758 cn_v[0] = cn_user_name;
2759 contact_v[0] = contact_name;
2761 desc_v[0] = "Auto account created by Moira";
2764 strcpy(new_dn, cn_user_name);
2766 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2767 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2768 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2769 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2770 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2771 if (!strcmp(group_ou, contact_ou))
2773 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2777 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2778 for (i = 0; i < n; i++)
2780 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2783 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2784 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2785 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2786 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2787 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2789 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2790 for (i = 0; i < n; i++)
2793 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2795 com_err(whoami, 0, "could not create contact %s : %s",
2796 user, ldap_err2string(rc));
2802 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2803 char *Uid, char *MitId, char *MoiraId, int State)
2806 LK_ENTRY *group_base;
2808 char distinguished_name[256];
2809 char *mitMoiraId_v[] = {NULL, NULL};
2810 char *uid_v[] = {NULL, NULL};
2811 char *mitid_v[] = {NULL, NULL};
2812 char *homedir_v[] = {NULL, NULL};
2813 char *winProfile_v[] = {NULL, NULL};
2814 char *drives_v[] = {NULL, NULL};
2815 char *userAccountControl_v[] = {NULL, NULL};
2816 char userAccountControlStr[80];
2821 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2823 char *attr_array[3];
2830 char winProfile[256];
2832 if (!check_string(user_name))
2834 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2835 return(AD_INVALID_NAME);
2841 if (strlen(MoiraId) != 0)
2843 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2844 attr_array[0] = "cn";
2845 attr_array[1] = NULL;
2846 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2847 &group_base, &group_count)) != 0)
2849 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2850 user_name, ldap_err2string(rc));
2854 if (group_count != 1)
2856 linklist_free(group_base);
2859 sprintf(filter, "(sAMAccountName=%s)", user_name);
2860 attr_array[0] = "cn";
2861 attr_array[1] = NULL;
2862 sprintf(temp, "%s,%s", user_ou, dn_path);
2863 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2864 &group_base, &group_count)) != 0)
2866 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2867 user_name, ldap_err2string(rc));
2872 if (group_count != 1)
2874 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2876 linklist_free(group_base);
2877 return(AD_NO_USER_FOUND);
2879 strcpy(distinguished_name, group_base->dn);
2881 linklist_free(group_base);
2884 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2886 memset(cWeight, 0, sizeof(cWeight));
2887 memset(cPath, 0, sizeof(cPath));
2888 memset(path, 0, sizeof(path));
2889 memset(winPath, 0, sizeof(winPath));
2892 while (hp[i] != NULL)
2894 if (sscanf(hp[i], "%*s %s", cPath))
2896 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
2898 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
2900 if (atoi(cWeight) < last_weight)
2902 strcpy(path, cPath);
2903 last_weight = (int)atoi(cWeight);
2907 strcpy(path, cPath);
2914 if (!strnicmp(path, AFS, strlen(AFS)))
2916 AfsToWinAfs(path, winPath);
2917 homedir_v[0] = winPath;
2918 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2919 strcpy(winProfile, winPath);
2920 strcat(winProfile, "\\.winprofile");
2921 winProfile_v[0] = winProfile;
2922 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2924 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2929 if (strlen(Uid) == 0)
2931 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2932 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2934 if (strlen(MitId) == 0)
2936 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2937 mitMoiraId_v[0] = MoiraId;
2938 if (strlen(MoiraId) == 0)
2939 mitMoiraId_v[0] = NULL;
2940 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2941 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2942 userAccountControl |= UF_ACCOUNTDISABLE;
2943 sprintf(userAccountControlStr, "%ld", userAccountControl);
2944 userAccountControl_v[0] = userAccountControlStr;
2945 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2947 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2949 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2950 user_name, ldap_err2string(rc));
2952 for (i = 0; i < n; i++)
2968 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2976 char *userPrincipalName_v[] = {NULL, NULL};
2977 char *altSecurityIdentities_v[] = {NULL, NULL};
2978 char *name_v[] = {NULL, NULL};
2979 char *samAccountName_v[] = {NULL, NULL};
2984 if (!check_string(before_user_name))
2986 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2987 return(AD_INVALID_NAME);
2989 if (!check_string(user_name))
2991 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2992 return(AD_INVALID_NAME);
2995 strcpy(user_name, user_name);
2996 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2997 sprintf(new_dn, "cn=%s", user_name);
2998 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2999 NULL, NULL)) != LDAP_SUCCESS)
3001 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
3002 before_user_name, user_name, ldap_err2string(rc));
3006 name_v[0] = user_name;
3007 sprintf(upn, "%s@%s", user_name, ldap_domain);
3008 userPrincipalName_v[0] = upn;
3009 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3010 altSecurityIdentities_v[0] = temp;
3011 samAccountName_v[0] = user_name;
3014 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3015 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3016 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3017 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3019 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3020 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3022 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
3023 user_name, ldap_err2string(rc));
3025 for (i = 0; i < n; i++)
3030 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3031 char *fs_type, char *fs_pack, int operation)
3033 char distinguished_name[256];
3035 char winProfile[256];
3037 char *attr_array[3];
3038 char *homedir_v[] = {NULL, NULL};
3039 char *winProfile_v[] = {NULL, NULL};
3040 char *drives_v[] = {NULL, NULL};
3046 LK_ENTRY *group_base;
3048 if (!check_string(fs_name))
3050 com_err(whoami, 0, "invalid filesys name %s", fs_name);
3051 return(AD_INVALID_NAME);
3054 if (strcmp(fs_type, "AFS"))
3056 com_err(whoami, 0, "invalid filesys type %s", fs_type);
3057 return(AD_INVALID_FILESYS);
3062 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3063 attr_array[0] = "cn";
3064 attr_array[1] = NULL;
3065 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3066 &group_base, &group_count)) != 0)
3068 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
3069 fs_name, ldap_err2string(rc));
3073 if (group_count != 1)
3075 linklist_free(group_base);
3076 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3078 return(LDAP_NO_SUCH_OBJECT);
3080 strcpy(distinguished_name, group_base->dn);
3081 linklist_free(group_base);
3085 if (operation == LDAP_MOD_ADD)
3087 memset(winPath, 0, sizeof(winPath));
3088 AfsToWinAfs(fs_pack, winPath);
3089 homedir_v[0] = winPath;
3091 memset(winProfile, 0, sizeof(winProfile));
3092 strcpy(winProfile, winPath);
3093 strcat(winProfile, "\\.winprofile");
3094 winProfile_v[0] = winProfile;
3098 homedir_v[0] = NULL;
3100 winProfile_v[0] = NULL;
3102 ADD_ATTR("profilePath", winProfile_v, operation);
3103 ADD_ATTR("homeDrive", drives_v, operation);
3104 ADD_ATTR("homeDirectory", homedir_v, operation);
3107 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3108 if (rc != LDAP_SUCCESS)
3110 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
3111 fs_name, ldap_err2string(rc));
3113 for (i = 0; i < n; i++)
3119 int user_create(int ac, char **av, void *ptr)
3121 LK_ENTRY *group_base;
3124 char user_name[256];
3127 char *cn_v[] = {NULL, NULL};
3128 char *objectClass_v[] = {"top", "person",
3129 "organizationalPerson",
3132 char *samAccountName_v[] = {NULL, NULL};
3133 char *altSecurityIdentities_v[] = {NULL, NULL};
3134 char *mitMoiraId_v[] = {NULL, NULL};
3135 char *name_v[] = {NULL, NULL};
3136 char *desc_v[] = {NULL, NULL};
3137 char *userPrincipalName_v[] = {NULL, NULL};
3138 char *userAccountControl_v[] = {NULL, NULL};
3139 char *uid_v[] = {NULL, NULL};
3140 char *mitid_v[] = {NULL, NULL};
3141 char userAccountControlStr[80];
3143 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3149 char *attr_array[3];
3154 if (!check_string(av[U_NAME]))
3156 callback_rc = AD_INVALID_NAME;
3157 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
3158 return(AD_INVALID_NAME);
3161 strcpy(user_name, av[U_NAME]);
3162 sprintf(upn, "%s@%s", user_name, ldap_domain);
3163 sprintf(sam_name, "%s", av[U_NAME]);
3164 samAccountName_v[0] = sam_name;
3165 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3166 userAccountControl |= UF_ACCOUNTDISABLE;
3167 sprintf(userAccountControlStr, "%ld", userAccountControl);
3168 userAccountControl_v[0] = userAccountControlStr;
3169 userPrincipalName_v[0] = upn;
3171 cn_v[0] = user_name;
3172 name_v[0] = user_name;
3173 desc_v[0] = "Auto account created by Moira";
3174 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3175 altSecurityIdentities_v[0] = temp;
3176 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3179 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3180 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3181 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3182 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3183 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3184 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3185 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3186 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3187 if (strlen(call_args[2]) != 0)
3189 mitMoiraId_v[0] = call_args[2];
3190 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3192 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3193 if (strlen(av[U_UID]) != 0)
3195 uid_v[0] = av[U_UID];
3196 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3197 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3199 if (strlen(av[U_MITID]) != 0)
3200 mitid_v[0] = av[U_MITID];
3202 mitid_v[0] = "none";
3203 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3206 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3207 for (i = 0; i < n; i++)
3209 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3211 com_err(whoami, 0, "could not create user %s : %s",
3212 user_name, ldap_err2string(rc));
3216 if (rc == LDAP_SUCCESS)
3218 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3220 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
3224 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3225 if (strlen(call_args[2]) != 0)
3226 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3227 attr_array[0] = "objectSid";
3228 attr_array[1] = NULL;
3231 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3232 &group_base, &group_count)) == LDAP_SUCCESS)
3234 if (group_count != 1)
3236 if (strlen(call_args[2]) != 0)
3238 linklist_free(group_base);
3241 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3242 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3243 attr_array, &group_base, &group_count);
3246 if (group_count == 1)
3248 (*sid_ptr) = group_base;
3249 (*sid_ptr)->member = strdup(av[U_NAME]);
3250 (*sid_ptr)->type = (char *)GROUPS;
3251 sid_ptr = &(*sid_ptr)->next;
3255 if (group_base != NULL)
3256 linklist_free(group_base);
3261 if (group_base != NULL)
3262 linklist_free(group_base);
3267 int user_change_status(LDAP *ldap_handle, char *dn_path,
3268 char *user_name, char *MoiraId,
3272 char *attr_array[3];
3274 char distinguished_name[1024];
3276 char *mitMoiraId_v[] = {NULL, NULL};
3278 LK_ENTRY *group_base;
3285 if (!check_string(user_name))
3287 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
3288 return(AD_INVALID_NAME);
3294 if (strlen(MoiraId) != 0)
3296 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3297 attr_array[0] = "UserAccountControl";
3298 attr_array[1] = NULL;
3299 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3300 &group_base, &group_count)) != 0)
3302 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3303 user_name, ldap_err2string(rc));
3307 if (group_count != 1)
3309 linklist_free(group_base);
3312 sprintf(filter, "(sAMAccountName=%s)", user_name);
3313 attr_array[0] = "UserAccountControl";
3314 attr_array[1] = NULL;
3315 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3316 &group_base, &group_count)) != 0)
3318 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3319 user_name, ldap_err2string(rc));
3324 if (group_count != 1)
3326 linklist_free(group_base);
3327 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3329 return(LDAP_NO_SUCH_OBJECT);
3332 strcpy(distinguished_name, group_base->dn);
3333 ulongValue = atoi((*group_base).value);
3334 if (operation == MEMBER_DEACTIVATE)
3335 ulongValue |= UF_ACCOUNTDISABLE;
3337 ulongValue &= ~UF_ACCOUNTDISABLE;
3338 sprintf(temp, "%ld", ulongValue);
3339 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3340 temp, &modvalues, REPLACE)) == 1)
3342 linklist_free(group_base);
3346 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3347 if (strlen(MoiraId) != 0)
3349 mitMoiraId_v[0] = MoiraId;
3350 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3353 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3354 for (i = 0; i < n; i++)
3356 free_values(modvalues);
3357 if (rc != LDAP_SUCCESS)
3359 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
3360 user_name, ldap_err2string(rc));
3366 int user_delete(LDAP *ldap_handle, char *dn_path,
3367 char *u_name, char *MoiraId)
3370 char *attr_array[3];
3371 char distinguished_name[1024];
3372 char user_name[512];
3373 LK_ENTRY *group_base;
3377 if (!check_string(u_name))
3378 return(AD_INVALID_NAME);
3380 strcpy(user_name, u_name);
3384 if (strlen(MoiraId) != 0)
3386 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3387 attr_array[0] = "name";
3388 attr_array[1] = NULL;
3389 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3390 &group_base, &group_count)) != 0)
3392 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3393 user_name, ldap_err2string(rc));
3397 if (group_count != 1)
3399 linklist_free(group_base);
3402 sprintf(filter, "(sAMAccountName=%s)", user_name);
3403 attr_array[0] = "name";
3404 attr_array[1] = NULL;
3405 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3406 &group_base, &group_count)) != 0)
3408 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3409 user_name, ldap_err2string(rc));
3414 if (group_count != 1)
3416 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3421 strcpy(distinguished_name, group_base->dn);
3422 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3424 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3425 user_name, ldap_err2string(rc));
3429 linklist_free(group_base);
3433 void linklist_free(LK_ENTRY *linklist_base)
3435 LK_ENTRY *linklist_previous;
3437 while (linklist_base != NULL)
3439 if (linklist_base->dn != NULL)
3440 free(linklist_base->dn);
3441 if (linklist_base->attribute != NULL)
3442 free(linklist_base->attribute);
3443 if (linklist_base->value != NULL)
3444 free(linklist_base->value);
3445 if (linklist_base->member != NULL)
3446 free(linklist_base->member);
3447 if (linklist_base->type != NULL)
3448 free(linklist_base->type);
3449 if (linklist_base->list != NULL)
3450 free(linklist_base->list);
3451 linklist_previous = linklist_base;
3452 linklist_base = linklist_previous->next;
3453 free(linklist_previous);
3457 void free_values(char **modvalues)
3462 if (modvalues != NULL)
3464 while (modvalues[i] != NULL)
3467 modvalues[i] = NULL;
3474 int sid_update(LDAP *ldap_handle, char *dn_path)
3478 unsigned char temp[126];
3485 memset(temp, 0, sizeof(temp));
3486 convert_b_to_a(temp, ptr->value, ptr->length);
3489 av[0] = ptr->member;
3491 if (ptr->type == (char *)GROUPS)
3494 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3496 else if (ptr->type == (char *)USERS)
3499 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3506 void convert_b_to_a(char *string, UCHAR *binary, int length)
3513 for (i = 0; i < length; i++)
3520 if (string[j] > '9')
3523 string[j] = tmp & 0x0f;
3525 if (string[j] > '9')
3532 static int illegalchars[] = {
3533 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3534 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3535 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3536 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3537 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3538 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3539 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3540 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3541 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3542 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3543 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3544 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3545 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3546 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3547 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3548 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3551 int check_string(char *s)
3558 if (isupper(character))
3559 character = tolower(character);
3560 if (illegalchars[(unsigned) character])
3566 int check_container_name(char *s)
3573 if (isupper(character))
3574 character = tolower(character);
3576 if (character == ' ')
3578 if (illegalchars[(unsigned) character])
3584 int mr_connect_cl(char *server, char *client, int version, int auth)
3590 status = mr_connect(server);
3593 com_err(whoami, status, "while connecting to Moira");
3597 status = mr_motd(&motd);
3601 com_err(whoami, status, "while checking server status");
3606 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3607 com_err(whoami, status, temp);
3612 status = mr_version(version);
3615 if (status == MR_UNKNOWN_PROC)
3618 status = MR_VERSION_HIGH;
3620 status = MR_SUCCESS;
3623 if (status == MR_VERSION_HIGH)
3625 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3626 com_err(whoami, 0, "Some operations may not work.");
3628 else if (status && status != MR_VERSION_LOW)
3630 com_err(whoami, status, "while setting query version number.");
3638 status = mr_auth(client);
3641 com_err(whoami, status, "while authenticating to Moira.");
3650 void AfsToWinAfs(char* path, char* winPath)
3654 strcpy(winPath, WINAFS);
3655 pathPtr = path + strlen(AFS);
3656 winPathPtr = winPath + strlen(WINAFS);
3660 if (*pathPtr == '/')
3663 *winPathPtr = *pathPtr;
3670 int GetAceInfo(int ac, char **av, void *ptr)
3677 strcpy(call_args[0], av[L_ACE_TYPE]);
3678 strcpy(call_args[1], av[L_ACE_NAME]);
3680 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3681 return(LDAP_SUCCESS);
3685 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3688 char *attr_array[3];
3691 LK_ENTRY *group_base;
3696 sprintf(filter, "(sAMAccountName=%s)", Name);
3697 attr_array[0] = "sAMAccountName";
3698 attr_array[1] = NULL;
3699 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3700 &group_base, &group_count)) != 0)
3702 com_err(whoami, 0, "LDAP server couldn't process ACE name %s : %s",
3703 Name, ldap_err2string(rc));
3707 linklist_free(group_base);
3709 if (group_count == 0)
3716 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3719 char GroupName[256];
3725 char AceMembership[2];
3729 strcpy(GroupName, Name);
3731 if (strcasecmp(Type, "LIST"))
3736 AceInfo[0] = AceType;
3737 AceInfo[1] = AceName;
3738 AceInfo[2] = AceMembership;
3740 memset(AceType, '\0', sizeof(AceType));
3741 memset(AceName, '\0', sizeof(AceName));
3742 memset(AceMembership, '\0', sizeof(AceMembership));
3743 memset(AceOu, '\0', sizeof(AceOu));
3745 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3747 com_err(whoami, 0, "Couldn't get ACE info for list %s : %s", GroupName, error_message(rc));
3752 com_err(whoami, 0, "Couldn't get ACE info for list %s", GroupName);
3755 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3757 strcpy(temp, AceName);
3758 if (!strcasecmp(AceType, "LIST"))
3759 sprintf(temp, "%s_group", AceName);
3762 if (checkADname(ldap_handle, dn_path, temp))
3764 (*ProcessGroup) = 1;
3766 if (!strcasecmp(AceInfo[0], "LIST"))
3768 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3771 else if (!strcasecmp(AceInfo[0], "USER"))
3774 call_args[0] = (char *)ldap_handle;
3775 call_args[1] = dn_path;
3777 call_args[3] = NULL;
3779 sid_ptr = &sid_base;
3781 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3783 com_err(whoami, 0, "Couldn't process user ACE %s for group %s.", Name, AceName);
3788 com_err(whoami, 0, "Couldn't process user Ace %s for group %s", Name, AceName);
3791 if (sid_base != NULL)
3793 sid_update(ldap_handle, dn_path);
3794 linklist_free(sid_base);
3801 if (!strcasecmp(AceType, "LIST"))
3803 if (!strcasecmp(GroupName, AceName))
3806 strcpy(GroupName, AceName);
3811 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3812 char *group_name, char *group_ou, char *group_membership,
3813 int group_security_flag, int updateGroup)
3820 call_args[0] = (char *)ldap_handle;
3821 call_args[1] = dn_path;
3822 call_args[2] = group_name;
3823 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3824 call_args[4] = (char *)updateGroup;
3825 call_args[5] = MoiraId;
3826 call_args[6] = NULL;
3828 sid_ptr = &sid_base;
3830 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3833 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3839 com_err(whoami, 0, "Couldn't create list %s", group_name);
3840 return(callback_rc);
3843 if (sid_base != NULL)
3845 sid_update(ldap_handle, dn_path);
3846 linklist_free(sid_base);
3852 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3853 char *group_ou, char *group_membership,
3854 int group_security_flag, char *MoiraId)
3862 com_err(whoami, 0, "Populating group %s", group_name);
3864 call_args[0] = (char *)ldap_handle;
3865 call_args[1] = dn_path;
3866 call_args[2] = group_name;
3867 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3868 call_args[4] = NULL;
3870 if (rc = mr_query("get_end_members_of_list", 1, av,
3871 member_list_build, call_args))
3873 com_err(whoami, 0, "Couldn't populate list %s : %s",
3874 group_name, error_message(rc));
3877 if (member_base != NULL)
3882 if (!strcasecmp(ptr->type, "LIST"))
3888 if (!strcasecmp(ptr->type, "STRING"))
3890 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3892 pUserOu = contact_ou;
3894 else if (!strcasecmp(ptr->type, "KERBEROS"))
3896 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3898 pUserOu = kerberos_ou;
3900 rc = member_add(ldap_handle, dn_path, group_name,
3901 group_ou, group_membership, ptr->member,
3905 linklist_free(member_base);
3911 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3912 char *group_name, char *group_ou, char *group_membership,
3913 int group_security_flag, int type)
3915 char before_desc[512];
3916 char before_name[256];
3917 char before_group_ou[256];
3918 char before_group_membership[2];
3919 char distinguishedName[256];
3920 char ad_distinguishedName[256];
3922 char *attr_array[3];
3923 int before_security_flag;
3926 LK_ENTRY *group_base;
3929 char ou_security[512];
3930 char ou_distribution[512];
3931 char ou_neither[512];
3933 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3934 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3937 memset(filter, '\0', sizeof(filter));
3940 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3942 "distinguishedName", &group_base,
3943 &group_count, filter))
3946 if (type == CHECK_GROUPS)
3948 if (group_count == 1)
3950 if (!strcasecmp(group_base->value, distinguishedName))
3952 linklist_free(group_base);
3956 linklist_free(group_base);
3957 if (group_count == 0)
3958 return(AD_NO_GROUPS_FOUND);
3959 if (group_count == 1)
3960 return(AD_WRONG_GROUP_DN_FOUND);
3961 return(AD_MULTIPLE_GROUPS_FOUND);
3963 if (group_count == 0)
3965 return(AD_NO_GROUPS_FOUND);
3967 if (group_count > 1)
3972 if (!strcasecmp(distinguishedName, ptr->value))
3978 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3982 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3985 linklist_free(group_base);
3986 return(AD_MULTIPLE_GROUPS_FOUND);
3991 if (strcasecmp(distinguishedName, ptr->value))
3992 rc = ldap_delete_s(ldap_handle, ptr->value);
3995 linklist_free(group_base);
3996 memset(filter, '\0', sizeof(filter));
3999 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4001 "distinguishedName", &group_base,
4002 &group_count, filter))
4004 if (group_count == 0)
4005 return(AD_NO_GROUPS_FOUND);
4006 if (group_count > 1)
4007 return(AD_MULTIPLE_GROUPS_FOUND);
4010 strcpy(ad_distinguishedName, group_base->value);
4011 linklist_free(group_base);
4015 attr_array[0] = "sAMAccountName";
4016 attr_array[1] = NULL;
4017 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4018 &group_base, &group_count)) != 0)
4020 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4021 MoiraId, ldap_err2string(rc));
4024 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4026 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4028 linklist_free(group_base);
4033 linklist_free(group_base);
4036 memset(ou_both, '\0', sizeof(ou_both));
4037 memset(ou_security, '\0', sizeof(ou_security));
4038 memset(ou_distribution, '\0', sizeof(ou_distribution));
4039 memset(ou_neither, '\0', sizeof(ou_neither));
4040 memset(before_name, '\0', sizeof(before_name));
4041 memset(before_desc, '\0', sizeof(before_desc));
4042 memset(before_group_membership, '\0', sizeof(before_group_membership));
4043 attr_array[0] = "name";
4044 attr_array[1] = NULL;
4045 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4046 &group_base, &group_count)) != 0)
4048 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
4049 MoiraId, ldap_err2string(rc));
4052 strcpy(before_name, group_base->value);
4053 linklist_free(group_base);
4056 attr_array[0] = "description";
4057 attr_array[1] = NULL;
4058 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4059 &group_base, &group_count)) != 0)
4062 "LDAP server unable to get list description with MoiraId = %s: %s",
4063 MoiraId, ldap_err2string(rc));
4066 if (group_count != 0)
4068 strcpy(before_desc, group_base->value);
4069 linklist_free(group_base);
4073 change_to_lower_case(ad_distinguishedName);
4074 strcpy(ou_both, group_ou_both);
4075 change_to_lower_case(ou_both);
4076 strcpy(ou_security, group_ou_security);
4077 change_to_lower_case(ou_security);
4078 strcpy(ou_distribution, group_ou_distribution);
4079 change_to_lower_case(ou_distribution);
4080 strcpy(ou_neither, group_ou_neither);
4081 change_to_lower_case(ou_neither);
4082 if (strstr(ad_distinguishedName, ou_both))
4084 strcpy(before_group_ou, group_ou_both);
4085 before_group_membership[0] = 'B';
4086 before_security_flag = 1;
4088 else if (strstr(ad_distinguishedName, ou_security))
4090 strcpy(before_group_ou, group_ou_security);
4091 before_group_membership[0] = 'S';
4092 before_security_flag = 1;
4094 else if (strstr(ad_distinguishedName, ou_distribution))
4096 strcpy(before_group_ou, group_ou_distribution);
4097 before_group_membership[0] = 'D';
4098 before_security_flag = 0;
4100 else if (strstr(ad_distinguishedName, ou_neither))
4102 strcpy(before_group_ou, group_ou_neither);
4103 before_group_membership[0] = 'N';
4104 before_security_flag = 0;
4107 return(AD_NO_OU_FOUND);
4108 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4109 before_group_ou, before_security_flag, before_desc,
4110 group_name, group_membership, group_ou, group_security_flag,
4111 before_desc, MoiraId, filter);
4115 void change_to_lower_case(char *ptr)
4119 for (i = 0; i < (int)strlen(ptr); i++)
4121 ptr[i] = tolower(ptr[i]);
4125 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4126 char *group_name, char *group_membership,
4127 char *MoiraId, char *attribute,
4128 LK_ENTRY **linklist_base, int *linklist_count,
4133 char *attr_array[3];
4136 (*linklist_base) = NULL;
4137 (*linklist_count) = 0;
4138 if (strlen(rFilter) != 0)
4140 strcpy(filter, rFilter);
4141 attr_array[0] = attribute;
4142 attr_array[1] = NULL;
4143 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4144 linklist_base, linklist_count)) != 0)
4146 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4147 MoiraId, ldap_err2string(rc));
4150 if ((*linklist_count) == 1)
4152 strcpy(rFilter, filter);
4157 linklist_free((*linklist_base));
4158 (*linklist_base) = NULL;
4159 (*linklist_count) = 0;
4160 if (strlen(MoiraId) != 0)
4162 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4163 attr_array[0] = attribute;
4164 attr_array[1] = NULL;
4165 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4166 linklist_base, linklist_count)) != 0)
4168 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4169 MoiraId, ldap_err2string(rc));
4173 if ((*linklist_count) > 1)
4175 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4176 pPtr = (*linklist_base);
4179 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4182 linklist_free((*linklist_base));
4183 (*linklist_base) = NULL;
4184 (*linklist_count) = 0;
4186 if ((*linklist_count) == 1)
4188 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4190 strcpy(rFilter, filter);
4195 linklist_free((*linklist_base));
4196 (*linklist_base) = NULL;
4197 (*linklist_count) = 0;
4198 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4199 attr_array[0] = attribute;
4200 attr_array[1] = NULL;
4201 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4202 linklist_base, linklist_count)) != 0)
4204 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4205 MoiraId, ldap_err2string(rc));
4208 if ((*linklist_count) == 1)
4210 strcpy(rFilter, filter);
4217 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4220 char *attr_array[3];
4221 char SamAccountName[64];
4224 LK_ENTRY *group_base;
4230 if (strlen(MoiraId) != 0)
4232 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4233 attr_array[0] = "sAMAccountName";
4234 attr_array[1] = NULL;
4235 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4236 &group_base, &group_count)) != 0)
4238 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4239 UserName, ldap_err2string(rc));
4242 if (group_count > 1)
4244 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4249 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4250 gPtr->value, MoiraId);
4255 if (group_count != 1)
4257 linklist_free(group_base);
4260 sprintf(filter, "(sAMAccountName=%s)", UserName);
4261 attr_array[0] = "sAMAccountName";
4262 attr_array[1] = NULL;
4263 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4264 &group_base, &group_count)) != 0)
4266 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4267 UserName, ldap_err2string(rc));
4272 if (group_count != 1)
4274 linklist_free(group_base);
4275 return(AD_NO_USER_FOUND);
4277 strcpy(SamAccountName, group_base->value);
4278 linklist_free(group_base);
4281 if (strcmp(SamAccountName, UserName))
4283 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4289 void container_get_dn(char *src, char *dest)
4296 memset(array, '\0', 20 * sizeof(array[0]));
4298 if (strlen(src) == 0)
4317 strcpy(dest, "OU=");
4320 strcat(dest, array[n-1]);
4324 strcat(dest, ",OU=");
4330 void container_get_name(char *src, char *dest)
4335 if (strlen(src) == 0)
4352 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4359 strcpy(cName, name);
4360 for (i = 0; i < (int)strlen(cName); i++)
4362 if (cName[i] == '/')
4365 av[CONTAINER_NAME] = cName;
4366 av[CONTAINER_DESC] = "";
4367 av[CONTAINER_LOCATION] = "";
4368 av[CONTAINER_CONTACT] = "";
4369 av[CONTAINER_TYPE] = "";
4370 av[CONTAINER_ID] = "";
4371 av[CONTAINER_ROWID] = "";
4372 rc = container_create(ldap_handle, dn_path, 7, av);
4373 if (rc == LDAP_SUCCESS)
4375 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4383 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4384 int afterc, char **after)
4389 char new_dn_path[256];
4391 char distinguishedName[256];
4396 memset(cName, '\0', sizeof(cName));
4397 container_get_name(after[CONTAINER_NAME], cName);
4398 if (!check_container_name(cName))
4400 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4401 return(AD_INVALID_NAME);
4404 memset(distinguishedName, '\0', sizeof(distinguishedName));
4405 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4407 if (strlen(distinguishedName) == 0)
4409 rc = container_create(ldap_handle, dn_path, afterc, after);
4413 strcpy(temp, after[CONTAINER_NAME]);
4415 for (i = 0; i < (int)strlen(temp); i++)
4424 container_get_dn(temp, dName);
4425 if (strlen(temp) != 0)
4426 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4428 sprintf(new_dn_path, "%s", dn_path);
4429 sprintf(new_cn, "OU=%s", cName);
4431 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4433 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4434 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4436 com_err(whoami, 0, "couldn't rename container from %s to %s : %s",
4437 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4441 memset(dName, '\0', sizeof(dName));
4442 container_get_dn(after[CONTAINER_NAME], dName);
4443 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4447 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4449 char distinguishedName[256];
4452 memset(distinguishedName, '\0', sizeof(distinguishedName));
4453 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4455 if (strlen(distinguishedName) == 0)
4457 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4459 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4460 container_move_objects(ldap_handle, dn_path, distinguishedName);
4462 com_err(whoami, 0, "unable to delete container %s from AD : %s",
4463 av[CONTAINER_NAME], ldap_err2string(rc));
4468 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4470 char *attr_array[3];
4471 LK_ENTRY *group_base;
4474 char *objectClass_v[] = {"top",
4475 "organizationalUnit",
4478 char *ou_v[] = {NULL, NULL};
4479 char *name_v[] = {NULL, NULL};
4480 char *moiraId_v[] = {NULL, NULL};
4481 char *desc_v[] = {NULL, NULL};
4482 char *managedBy_v[] = {NULL, NULL};
4485 char managedByDN[256];
4492 memset(filter, '\0', sizeof(filter));
4493 memset(dName, '\0', sizeof(dName));
4494 memset(cName, '\0', sizeof(cName));
4495 memset(managedByDN, '\0', sizeof(managedByDN));
4496 container_get_dn(av[CONTAINER_NAME], dName);
4497 container_get_name(av[CONTAINER_NAME], cName);
4499 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4501 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4502 return(AD_INVALID_NAME);
4505 if (!check_container_name(cName))
4507 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4508 return(AD_INVALID_NAME);
4512 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4514 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4516 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4517 if (strlen(av[CONTAINER_ROWID]) != 0)
4519 moiraId_v[0] = av[CONTAINER_ROWID];
4520 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4522 if (strlen(av[CONTAINER_DESC]) != 0)
4524 desc_v[0] = av[CONTAINER_DESC];
4525 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4527 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4529 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4531 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4533 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4534 managedBy_v[0] = managedByDN;
4535 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4540 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4542 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4544 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4546 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4548 if (strlen(filter) != 0)
4550 attr_array[0] = "distinguishedName";
4551 attr_array[1] = NULL;
4554 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4555 &group_base, &group_count)) == LDAP_SUCCESS)
4557 if (group_count == 1)
4559 strcpy(managedByDN, group_base->value);
4560 managedBy_v[0] = managedByDN;
4561 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4563 linklist_free(group_base);
4572 sprintf(temp, "%s,%s", dName, dn_path);
4573 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4574 for (i = 0; i < n; i++)
4576 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4578 com_err(whoami, 0, "couldn't create container %s : %s",
4579 cName, ldap_err2string(rc));
4582 if (rc == LDAP_ALREADY_EXISTS)
4584 if (strlen(av[CONTAINER_ROWID]) != 0)
4585 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4590 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4591 int afterc, char **after)
4593 char distinguishedName[256];
4596 memset(distinguishedName, '\0', sizeof(distinguishedName));
4597 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4599 if (strlen(distinguishedName) == 0)
4601 rc = container_create(ldap_handle, dn_path, afterc, after);
4605 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4606 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4611 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4613 char *attr_array[3];
4614 LK_ENTRY *group_base;
4621 memset(filter, '\0', sizeof(filter));
4622 memset(dName, '\0', sizeof(dName));
4623 memset(cName, '\0', sizeof(cName));
4624 container_get_dn(av[CONTAINER_NAME], dName);
4625 container_get_name(av[CONTAINER_NAME], cName);
4627 if (strlen(dName) == 0)
4629 com_err(whoami, 0, "invalid LDAP container name %s", av[CONTAINER_NAME]);
4630 return(AD_INVALID_NAME);
4633 if (!check_container_name(cName))
4635 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4636 return(AD_INVALID_NAME);
4639 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4640 attr_array[0] = "distinguishedName";
4641 attr_array[1] = NULL;
4644 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4645 &group_base, &group_count)) == LDAP_SUCCESS)
4647 if (group_count == 1)
4649 strcpy(distinguishedName, group_base->value);
4651 linklist_free(group_base);
4655 if (strlen(distinguishedName) == 0)
4657 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4658 attr_array[0] = "distinguishedName";
4659 attr_array[1] = NULL;
4662 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4663 &group_base, &group_count)) == LDAP_SUCCESS)
4665 if (group_count == 1)
4667 strcpy(distinguishedName, group_base->value);
4669 linklist_free(group_base);
4677 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4678 char *distinguishedName, int count, char **av)
4680 char *attr_array[5];
4681 LK_ENTRY *group_base;
4687 char *moiraId_v[] = {NULL, NULL};
4688 char *desc_v[] = {NULL, NULL};
4689 char *managedBy_v[] = {NULL, NULL};
4690 char managedByDN[256];
4698 strcpy(temp, distinguishedName);
4699 if (strlen(dName) != 0)
4700 sprintf(temp, "%s,%s", dName, dn_path);
4702 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", temp);
4703 if (strlen(av[CONTAINER_ID]) != 0)
4704 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4705 attr_array[0] = "mitMoiraId";
4706 attr_array[1] = "description";
4707 attr_array[2] = "managedBy";
4708 attr_array[3] = NULL;
4711 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4712 &group_base, &group_count)) != LDAP_SUCCESS)
4714 com_err(whoami, 0, "couldn't retreive container info for %s : %s",
4715 av[CONTAINER_NAME], ldap_err2string(rc));
4718 memset(managedByDN, '\0', sizeof(managedByDN));
4719 memset(moiraId, '\0', sizeof(moiraId));
4720 memset(desc, '\0', sizeof(desc));
4724 if (!strcasecmp(pPtr->attribute, "description"))
4725 strcpy(desc, pPtr->value);
4726 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4727 strcpy(managedByDN, pPtr->value);
4728 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4729 strcpy(moiraId, pPtr->value);
4732 linklist_free(group_base);
4737 if (strlen(av[CONTAINER_ROWID]) != 0)
4739 moiraId_v[0] = av[CONTAINER_ROWID];
4740 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4742 if (strlen(av[CONTAINER_DESC]) != 0)
4744 desc_v[0] = av[CONTAINER_DESC];
4745 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4749 if (strlen(desc) != 0)
4752 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4755 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4757 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4759 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4761 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4762 managedBy_v[0] = managedByDN;
4763 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4767 if (strlen(managedByDN) != 0)
4769 managedBy_v[0] = NULL;
4770 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4776 memset(filter, '\0', sizeof(filter));
4777 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4779 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4781 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4783 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4785 if (strlen(filter) != 0)
4787 attr_array[0] = "distinguishedName";
4788 attr_array[1] = NULL;
4791 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4792 &group_base, &group_count)) == LDAP_SUCCESS)
4794 if (group_count == 1)
4796 strcpy(managedByDN, group_base->value);
4797 managedBy_v[0] = managedByDN;
4798 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4802 if (strlen(managedByDN) != 0)
4804 managedBy_v[0] = NULL;
4805 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4808 linklist_free(group_base);
4815 if (strlen(managedByDN) != 0)
4817 managedBy_v[0] = NULL;
4818 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4825 return(LDAP_SUCCESS);
4827 strcpy(temp, distinguishedName);
4828 if (strlen(dName) != 0)
4829 sprintf(temp, "%s,%s", dName, dn_path);
4830 rc = ldap_modify_s(ldap_handle, temp, mods);
4831 for (i = 0; i < n; i++)
4833 if (rc != LDAP_SUCCESS)
4835 com_err(whoami, 0, "couldn't modify container info for %s : %s",
4836 av[CONTAINER_NAME], ldap_err2string(rc));
4842 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4844 char *attr_array[3];
4845 LK_ENTRY *group_base;
4852 int NumberOfEntries = 10;
4856 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4858 for (i = 0; i < 3; i++)
4860 memset(filter, '\0', sizeof(filter));
4863 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4864 attr_array[0] = "cn";
4865 attr_array[1] = NULL;
4869 strcpy(filter, "(objectClass=computer)");
4870 attr_array[0] = "cn";
4871 attr_array[1] = NULL;
4875 strcpy(filter, "(objectClass=organizationalUnit)");
4876 attr_array[0] = "ou";
4877 attr_array[1] = NULL;
4882 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4883 &group_base, &group_count)) != LDAP_SUCCESS)
4887 if (group_count == 0)
4892 if (!strcasecmp(pPtr->attribute, "cn"))
4894 sprintf(new_cn, "cn=%s", pPtr->value);
4896 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4898 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4902 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4904 if (rc == LDAP_ALREADY_EXISTS)
4906 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4913 else if (!strcasecmp(pPtr->attribute, "ou"))
4915 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4919 linklist_free(group_base);
4927 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou)
4929 LK_ENTRY *group_base;
4933 char *attr_array[3];
4941 pPtr = strchr(member, '.');
4947 sprintf(filter, "(sAMAccountName=%s$)", member);
4948 attr_array[0] = "cn";
4949 attr_array[1] = NULL;
4950 sprintf(temp, "%s", dn_path);
4951 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4952 &group_base, &group_count)) != 0)
4954 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
4955 member, ldap_err2string(rc));
4958 if (group_count != 1)
4960 com_err(whoami, 0, "LDAP server couldn't process machine %s : machine not found in AD",
4964 strcpy(dn, group_base->dn);
4965 strcpy(cn, group_base->value);
4966 for (i = 0; i < (int)strlen(dn); i++)
4967 dn[i] = tolower(dn[i]);
4968 for (i = 0; i < (int)strlen(cn); i++)
4969 cn[i] = tolower(cn[i]);
4970 linklist_free(group_base);
4972 pPtr = strstr(dn, cn);
4975 com_err(whoami, 0, "LDAP server couldn't process machine %s",
4979 pPtr += strlen(cn) + 1;
4980 strcpy(machine_ou, pPtr);
4982 pPtr = strstr(machine_ou, "dc=");
4985 com_err(whoami, 0, "LDAP server couldn't process machine %s",
4994 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
4999 char MachineName[128];
5001 char *attr_array[3];
5006 LK_ENTRY *group_base;
5011 strcpy(MachineName, MoiraMachineName);
5012 cPtr = strchr(MachineName, '.');
5015 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5016 attr_array[0] = "sAMAccountName";
5017 attr_array[1] = NULL;
5018 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base, &group_count)) != 0)
5020 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
5021 MachineName, ldap_err2string(rc));
5025 if (group_count == 1)
5026 strcpy(OldDn, group_base->dn);
5027 linklist_free(group_base);
5029 if (group_count != 1)
5031 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MachineName);
5034 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5035 cPtr = strchr(OldDn, ',');
5039 if (!strcasecmp(cPtr, NewOu))
5042 sprintf(NewCn, "CN=%s", MachineName);
5043 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5047 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5053 memset(Name, '\0', sizeof(Name));
5054 strcpy(Name, machine_name);
5056 pPtr = strchr(Name, '.');
5060 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5063 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5069 av[0] = machine_name;
5070 call_args[0] = (char *)container_name;
5071 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5076 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5081 strcpy(call_args[0], av[1]);
5085 int Moira_container_group_create(char **after)
5091 memset(GroupName, '\0', sizeof(GroupName));
5092 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5093 after[CONTAINER_ROWID]);
5097 argv[L_NAME] = GroupName;
5098 argv[L_ACTIVE] = "1";
5099 argv[L_PUBLIC] = "0";
5100 argv[L_HIDDEN] = "0";
5101 argv[L_MAILLIST] = "0";
5102 argv[L_GROUP] = "1";
5103 argv[L_GID] = UNIQUE_GID;
5104 argv[L_NFSGROUP] = "0";
5105 argv[L_DESC] = "auto created container group";
5106 argv[L_ACE_TYPE] = "USER";
5107 argv[L_MEMACE_TYPE] = "USER";
5108 argv[L_ACE_NAME] = "sms";
5109 argv[L_MEMACE_NAME] = "sms";
5111 if (rc = mr_query("add_list", 13, argv, NULL, NULL))
5113 com_err(whoami, 0, "couldn't create container group %s for container %s: %s",
5114 GroupName, after[CONTAINER_NAME], error_message(rc));
5117 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5118 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5123 int Moira_container_group_update(char **before, char **after)
5126 char BeforeGroupName[64];
5127 char AfterGroupName[64];
5130 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5133 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5134 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5135 if (strlen(BeforeGroupName) == 0)
5138 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5139 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5140 after[CONTAINER_ROWID]);
5144 if (strcasecmp(BeforeGroupName, AfterGroupName))
5146 argv[L_NAME] = BeforeGroupName;
5147 argv[L_NAME + 1] = AfterGroupName;
5148 argv[L_ACTIVE + 1] = "1";
5149 argv[L_PUBLIC + 1] = "0";
5150 argv[L_HIDDEN + 1] = "1";
5151 argv[L_MAILLIST + 1] = "0";
5152 argv[L_GROUP + 1] = "1";
5153 argv[L_GID + 1] = UNIQUE_GID;
5154 argv[L_NFSGROUP + 1] = "0";
5155 argv[L_DESC + 1] = "auto created container group";
5156 argv[L_ACE_TYPE + 1] = "USER";
5157 argv[L_MEMACE_TYPE + 1] = "USER";
5158 argv[L_ACE_NAME + 1] = "sms";
5159 argv[L_MEMACE_NAME + 1] = "sms";
5161 if (rc = mr_query("update_list", 14, argv, NULL, NULL))
5163 com_err(whoami, 0, "couldn't rename container group from %s to %s: %s",
5164 BeforeGroupName, AfterGroupName, error_message(rc));
5171 int Moira_container_group_delete(char **before)
5176 char ParentGroupName[64];
5178 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5179 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5181 memset(GroupName, '\0', sizeof(GroupName));
5182 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5183 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5185 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5187 argv[0] = ParentGroupName;
5189 argv[2] = GroupName;
5190 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5192 com_err(whoami, 0, "couldn't delete container group %s from list: %s",
5193 GroupName, ParentGroupName, error_message(rc));
5197 if (strlen(GroupName) != 0)
5199 argv[0] = GroupName;
5200 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5202 com_err(whoami, 0, "couldn't delete container group %s : %s",
5203 GroupName, error_message(rc));
5210 int Moira_groupname_create(char *GroupName, char *ContainerName,
5211 char *ContainerRowID)
5216 char newGroupName[64];
5217 char tempGroupName[64];
5222 strcpy(temp, ContainerName);
5224 ptr1 = strrchr(temp, '/');
5230 if (strlen(ptr) > 25)
5233 sprintf(newGroupName, "cnt-%s", ptr);
5235 /* change everything to lower case */
5240 *ptr = tolower(*ptr);
5246 strcpy(tempGroupName, newGroupName);
5248 /* append 0-9 then a-z if a duplicate is found */
5251 argv[0] = newGroupName;
5252 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5254 if (rc == MR_NO_MATCH)
5256 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5257 ContainerName, error_message(rc));
5260 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5263 com_err(whoami, 0, "Can not find a unique group name for container %s: too many duplicate container names",
5273 strcpy(GroupName, newGroupName);
5277 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5282 argv[0] = origContainerName;
5283 argv[1] = GroupName;
5285 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5287 com_err(whoami, 0, "couldn't set container group %s in container %s: %s",
5288 GroupName, origContainerName, error_message(rc));
5294 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5296 char ContainerName[64];
5297 char ParentGroupName[64];
5301 strcpy(ContainerName, origContainerName);
5303 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5304 /* top-level container */
5305 if (strlen(ParentGroupName) == 0)
5308 argv[0] = ParentGroupName;
5310 argv[2] = GroupName;
5311 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5313 com_err(whoami, 0, "couldn't add container group %s to parent group %s: %s",
5314 GroupName, ParentGroupName, error_message(rc));
5319 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5324 strcpy(call_args[0], av[1]);
5328 int Moira_getGroupName(char *origContainerName, char *GroupName,
5332 char ContainerName[64];
5338 strcpy(ContainerName, origContainerName);
5342 ptr = strrchr(ContainerName, '/');
5349 argv[0] = ContainerName;
5351 call_args[0] = GroupName;
5352 call_args[1] = NULL;
5354 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5357 if (strlen(GroupName) != 0)
5362 com_err(whoami, 0, "couldn't get container group from container %s: %s",
5363 ContainerName, error_message(rc));
5365 com_err(whoami, 0, "couldn't get container group from container %s",
5370 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5376 if (strcmp(GroupName, "[none]") == 0)
5379 argv[0] = GroupName;
5380 argv[1] = "MACHINE";
5381 argv[2] = MachineName;
5383 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5385 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5388 com_err(whoami, 0, "couldn't add machine %s to container group%s: %s",
5389 MachineName, GroupName, error_message(rc));