2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_MEMBERS "MAX_MEMBERS:"
384 #define MAX_DOMAINS 10
385 char DomainNames[MAX_DOMAINS][128];
387 LK_ENTRY *member_base = NULL;
389 char PrincipalName[128];
390 static char tbl_buf[1024];
391 char kerberos_ou[] = "OU=kerberos,OU=moira";
392 char contact_ou[] = "OU=strings,OU=moira";
393 char user_ou[] = "OU=users,OU=moira";
394 char group_ou_distribution[1024];
395 char group_ou_root[1024];
396 char group_ou_security[1024];
397 char group_ou_neither[1024];
398 char group_ou_both[1024];
399 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
400 char orphans_other_ou[] = "OU=Other,OU=Orphans";
401 char security_template_ou[] = "OU=security_templates";
403 char ldap_domain[256];
404 char ldap_realm[256];
406 char *ServerList[MAX_SERVER_NAMES];
407 char default_server[256];
408 static char tbl_buf[1024];
409 char group_suffix[256];
410 char exchange_acl[256];
411 int mr_connections = 0;
414 int UseGroupSuffix = 1;
415 int UseGroupUniversal = 0;
419 int ProcessMachineContainer = 1;
420 int ActiveDirectory = 1;
421 int UpdateDomainList;
423 int GroupPopulateDelete = 0;
424 int group_members = 0;
425 int max_group_members = 0;
427 extern int set_password(char *user, char *password, char *domain);
429 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
430 char *group_membership, char *MoiraId, char *attribute,
431 LK_ENTRY **linklist_base, int *linklist_count,
433 void AfsToWinAfs(char* path, char* winPath);
434 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
435 char *Win2kPassword, char *Win2kUser, char *default_server,
436 int connect_to_kdc, char **ServerList, char *ldap_realm,
438 void ad_kdc_disconnect();
439 int ad_server_connect(char *connectedServer, char *domain);
440 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
441 char *attribute_value, char *attribute, char *user_name);
442 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
443 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
444 int check_winad(void);
445 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
448 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
449 char *distinguishedName, int count, char **av);
450 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
451 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
452 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
453 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
454 char *distinguishedName, int count,
456 void container_get_dn(char *src, char *dest);
457 void container_get_name(char *src, char *dest);
458 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
459 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
460 char **before, int afterc, char **after);
461 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
462 char **before, int afterc, char **after);
464 int GetAceInfo(int ac, char **av, void *ptr);
465 int get_group_membership(char *group_membership, char *group_ou,
466 int *security_flag, char **av);
467 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
468 char *machine_ou, char *pPtr);
469 int Moira_container_group_create(char **after);
470 int Moira_container_group_delete(char **before);
471 int Moira_groupname_create(char *GroupName, char *ContainerName,
472 char *ContainerRowID);
473 int Moira_container_group_update(char **before, char **after);
474 int Moira_process_machine_container_group(char *MachineName, char* groupName,
476 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
477 int Moira_getContainerGroup(int ac, char **av, void *ptr);
478 int Moira_getGroupName(char *origContainerName, char *GroupName,
480 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
481 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
482 int UpdateGroup, int *ProcessGroup, char *maillist);
483 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
484 char *group_name, char *group_ou, char *group_membership,
485 int group_security_flag, int type, char *maillist);
486 int process_lists(int ac, char **av, void *ptr);
487 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
488 char *TargetGroupName, int HiddenGroup,
489 char *AceType, char *AceName);
490 int ProcessMachineName(int ac, char **av, void *ptr);
491 int ReadConfigFile(char *DomainName);
492 int ReadDomainList();
493 void StringTrim(char *StringToTrim);
494 char *escape_string(char *s);
495 int save_query_info(int argc, char **argv, void *hint);
496 int save_fsgroup_info(int argc, char **argv, void *hint);
497 int user_create(int ac, char **av, void *ptr);
498 int user_change_status(LDAP *ldap_handle, char *dn_path,
499 char *user_name, char *MoiraId, int operation);
500 int user_delete(LDAP *ldap_handle, char *dn_path,
501 char *u_name, char *MoiraId);
502 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
504 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
505 char *uid, char *MitId, char *MoiraId, int State,
506 char *WinHomeDir, char *WinProfileDir, char *first,
507 char *middle, char *last, char *shell, char *class);
508 void change_to_lower_case(char *ptr);
509 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
510 int contact_remove_email(LDAP *ld, char *bind_path,
511 LK_ENTRY **linklist_entry, int linklist_current);
512 int group_create(int ac, char **av, void *ptr);
513 int group_delete(LDAP *ldap_handle, char *dn_path,
514 char *group_name, char *group_membership, char *MoiraId);
515 int group_rename(LDAP *ldap_handle, char *dn_path,
516 char *before_group_name, char *before_group_membership,
517 char *before_group_ou, int before_security_flag,
518 char *before_desc, char *after_group_name,
519 char *after_group_membership, char *after_group_ou,
520 int after_security_flag, char *after_desc,
521 char *MoiraId, char *filter, char *maillist);
522 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
523 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
524 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
525 char *machine_name, char *container_name);
526 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
527 char *MoiraMachineName, char *DestinationOu);
528 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
529 char *group_name, char *group_ou, char *group_membership,
530 int group_security_flag, int updateGroup, char *maillist);
531 int member_list_build(int ac, char **av, void *ptr);
532 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership,
534 char *user_name, char *pUserOu, char *MoiraId);
535 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership, char *user_name,
537 char *pUserOu, char *MoiraId);
538 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
539 char *UserOu, char *member);
540 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
541 char *group_ou, char *group_membership,
542 int group_security_flag, char *MoiraId, int synchronize);
543 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
544 char *DistinguishedName,
545 char *WinHomeDir, char *WinProfileDir,
546 char **homedir_v, char **winProfile_v,
547 char **drives_v, LDAPMod **mods,
549 int sid_update(LDAP *ldap_handle, char *dn_path);
550 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
551 int check_string(char *s);
552 int check_container_name(char* s);
554 int mr_connect_cl(char *server, char *client, int version, int auth);
555 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
558 char **before, int beforec, char **after, int afterc);
559 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
560 char **before, int beforec, char **after, int afterc);
561 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
562 char **before, int beforec, char **after, int afterc);
563 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
564 char **before, int beforec, char **after, int afterc);
565 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
566 char **before, int beforec, char **after, int afterc);
567 int linklist_create_entry(char *attribute, char *value,
568 LK_ENTRY **linklist_entry);
569 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
570 char **attr_array, LK_ENTRY **linklist_base,
571 int *linklist_count, unsigned long ScopeType);
572 void linklist_free(LK_ENTRY *linklist_base);
574 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
575 char *distinguished_name, LK_ENTRY **linklist_current);
576 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
577 LK_ENTRY **linklist_base, int *linklist_count);
578 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
579 char *Attribute, char *distinguished_name,
580 LK_ENTRY **linklist_current);
582 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
583 char *oldValue, char *newValue,
584 char ***modvalues, int type);
585 void free_values(char **modvalues);
587 int convert_domain_to_dn(char *domain, char **bind_path);
588 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
589 char *distinguished_name);
590 int moira_disconnect(void);
591 int moira_connect(void);
592 void print_to_screen(const char *fmt, ...);
593 int GetMachineName(char *MachineName);
594 int tickets_get_k5();
595 int destroy_cache(void);
598 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
599 char **homeServerName);
601 int main(int argc, char **argv)
617 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
621 com_err(whoami, 0, "Unable to process %s", "argc < 4");
625 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
627 com_err(whoami, 0, "Unable to process %s",
628 "argc < (4 + beforec + afterc)");
632 if (!strcmp(argv[1], "filesys"))
635 for (i = 1; i < argc; i++)
637 strcat(tbl_buf, argv[i]);
638 strcat(tbl_buf, " ");
641 com_err(whoami, 0, "%s", tbl_buf);
645 com_err(whoami, 0, "%s failed", "check_winad()");
649 initialize_sms_error_table();
650 initialize_krb_error_table();
652 UpdateDomainList = 0;
653 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
655 if (ReadDomainList())
657 com_err(whoami, 0, "%s failed", "ReadDomainList()");
661 for (i = 0; i < argc; i++)
664 for (k = 0; k < MAX_DOMAINS; k++)
666 if (strlen(DomainNames[k]) == 0)
668 for (i = 0; i < argc; i++)
670 if (orig_argv[i] != NULL)
672 orig_argv[i] = strdup(argv[i]);
675 memset(PrincipalName, '\0', sizeof(PrincipalName));
676 memset(ldap_domain, '\0', sizeof(ldap_domain));
677 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
678 memset(default_server, '\0', sizeof(default_server));
679 memset(dn_path, '\0', sizeof(dn_path));
680 memset(group_suffix, '\0', sizeof(group_suffix));
681 memset(exchange_acl, '\0', sizeof(exchange_acl));
685 UseGroupUniversal = 0;
689 ProcessMachineContainer = 1;
692 sprintf(group_suffix, "%s", "_group");
693 sprintf(exchange_acl, "%s", "exchange-acl");
695 beforec = atoi(orig_argv[2]);
696 afterc = atoi(orig_argv[3]);
697 table = orig_argv[1];
698 before = &orig_argv[4];
699 after = &orig_argv[4 + beforec];
707 if (ReadConfigFile(DomainNames[k]))
712 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
713 sprintf(group_ou_root, "OU=lists,OU=moira");
714 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
716 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
720 sprintf(group_ou_distribution, "OU=lists,OU=moira");
721 sprintf(group_ou_root, "OU=lists,OU=moira");
722 sprintf(group_ou_security, "OU=lists,OU=moira");
723 sprintf(group_ou_neither, "OU=lists,OU=moira");
724 sprintf(group_ou_both, "OU=lists,OU=moira");
727 OldUseSFU30 = UseSFU30;
729 for (i = 0; i < 5; i++)
731 ldap_handle = (LDAP *)NULL;
732 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
733 default_server, SetPassword, ServerList,
734 ldap_realm, ldap_port)))
736 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
741 if ((rc) || (ldap_handle == NULL))
743 critical_alert("incremental",
744 "ldap.incr cannot connect to any server in "
745 "domain %s", DomainNames[k]);
749 for (i = 0; i < (int)strlen(table); i++)
750 table[i] = tolower(table[i]);
752 if (!strcmp(table, "users"))
753 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
755 else if (!strcmp(table, "list"))
756 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
758 else if (!strcmp(table, "imembers"))
759 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
761 else if (!strcmp(table, "containers"))
762 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
764 else if (!strcmp(table, "mcntmap"))
765 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
771 for (i = 0; i < MAX_SERVER_NAMES; i++)
773 if (ServerList[i] != NULL)
776 ServerList[i] = NULL;
780 rc = ldap_unbind_s(ldap_handle);
786 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
787 char **before, int beforec, char **after, int afterc)
789 char MoiraContainerName[128];
790 char ADContainerName[128];
791 char MachineName[1024];
792 char OriginalMachineName[1024];
795 char MoiraContainerGroup[64];
797 if (!ProcessMachineContainer)
799 com_err(whoami, 0, "Process machines and containers disabled, skipping");
804 memset(ADContainerName, '\0', sizeof(ADContainerName));
805 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
807 if ((beforec == 0) && (afterc == 0))
810 if (rc = moira_connect())
812 critical_alert("Ldap incremental",
813 "Error contacting Moira server : %s",
818 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
820 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
821 strcpy(MachineName, before[OU_MACHINE_NAME]);
822 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
824 com_err(whoami, 0, "removing machine %s from %s",
825 OriginalMachineName, before[OU_CONTAINER_NAME]);
827 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
829 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
830 strcpy(MachineName, after[OU_MACHINE_NAME]);
831 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
832 com_err(whoami, 0, "adding machine %s to container %s",
833 OriginalMachineName, after[OU_CONTAINER_NAME]);
841 rc = GetMachineName(MachineName);
843 if (strlen(MachineName) == 0)
846 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
847 OriginalMachineName);
851 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
854 if (machine_check(ldap_handle, dn_path, MachineName))
856 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
857 OriginalMachineName, MachineName);
862 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
863 machine_get_moira_container(ldap_handle, dn_path, MachineName,
866 if (strlen(MoiraContainerName) == 0)
868 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
869 "in Moira - moving to orphans OU.",
870 OriginalMachineName, MachineName);
871 machine_move_to_ou(ldap_handle, dn_path, MachineName,
872 orphans_machines_ou);
877 container_get_dn(MoiraContainerName, ADContainerName);
879 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
880 strcat(MoiraContainerName, "/");
882 container_check(ldap_handle, dn_path, MoiraContainerName);
883 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
888 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
889 char **before, int beforec, char **after, int afterc)
893 if (!ProcessMachineContainer)
895 com_err(whoami, 0, "Process machines and containers disabled, skipping");
899 if ((beforec == 0) && (afterc == 0))
902 if (rc = moira_connect())
904 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
909 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
911 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
912 container_delete(ldap_handle, dn_path, beforec, before);
913 Moira_container_group_delete(before);
918 if ((beforec == 0) && (afterc != 0)) /*create a container*/
920 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
921 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
922 container_create(ldap_handle, dn_path, afterc, after);
923 Moira_container_group_create(after);
928 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
930 com_err(whoami, 0, "renaming container %s to %s",
931 before[CONTAINER_NAME], after[CONTAINER_NAME]);
932 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
933 Moira_container_group_update(before, after);
938 com_err(whoami, 0, "updating container %s information",
939 after[CONTAINER_NAME]);
940 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
941 Moira_container_group_update(before, after);
946 #define L_LIST_DESC 9
949 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
950 char **before, int beforec, char **after, int afterc)
955 char group_membership[6];
960 char before_list_id[32];
961 char before_group_membership[1];
962 int before_security_flag;
963 char before_group_ou[256];
964 LK_ENTRY *ptr = NULL;
966 if (beforec == 0 && afterc == 0)
969 memset(list_id, '\0', sizeof(list_id));
970 memset(before_list_id, '\0', sizeof(before_list_id));
971 memset(before_group_ou, '\0', sizeof(before_group_ou));
972 memset(before_group_membership, '\0', sizeof(before_group_membership));
973 memset(group_ou, '\0', sizeof(group_ou));
974 memset(group_membership, '\0', sizeof(group_membership));
979 if (beforec < L_LIST_ID)
981 if (beforec > L_LIST_DESC)
983 strcpy(before_list_id, before[L_LIST_ID]);
985 before_security_flag = 0;
986 get_group_membership(before_group_membership, before_group_ou,
987 &before_security_flag, before);
992 if (afterc < L_LIST_ID)
994 if (afterc > L_LIST_DESC)
996 strcpy(list_id, after[L_LIST_ID]);
999 get_group_membership(group_membership, group_ou, &security_flag, after);
1002 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1011 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1012 before[L_NAME], before_group_ou,
1013 before_group_membership,
1014 before_security_flag, CHECK_GROUPS,
1015 before[L_MAILLIST])))
1017 if (rc == AD_NO_GROUPS_FOUND)
1021 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1022 (rc == AD_MULTIPLE_GROUPS_FOUND))
1024 rc = process_group(ldap_handle, dn_path, before_list_id,
1025 before[L_NAME], before_group_ou,
1026 before_group_membership,
1027 before_security_flag, CLEANUP_GROUPS,
1028 before[L_MAILLIST]);
1030 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1032 com_err(whoami, 0, "Unable to process list %s",
1036 if (rc == AD_NO_GROUPS_FOUND)
1042 if ((beforec != 0) && (afterc != 0))
1044 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1045 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1046 (strcmp(before_group_ou, group_ou)))) &&
1049 com_err(whoami, 0, "Changing list name from %s to %s",
1050 before[L_NAME], after[L_NAME]);
1052 if ((strlen(before_group_ou) == 0) ||
1053 (strlen(before_group_membership) == 0) ||
1054 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1056 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1060 memset(filter, '\0', sizeof(filter));
1062 if ((rc = group_rename(ldap_handle, dn_path,
1063 before[L_NAME], before_group_membership,
1064 before_group_ou, before_security_flag,
1065 before[L_LIST_DESC], after[L_NAME],
1066 group_membership, group_ou, security_flag,
1068 list_id, filter, after[L_MAILLIST])))
1070 if (rc != AD_NO_GROUPS_FOUND)
1073 "Unable to change list name from %s to %s",
1074 before[L_NAME], after[L_NAME]);
1087 if ((strlen(before_group_ou) == 0) ||
1088 (strlen(before_group_membership) == 0))
1091 "Unable to find the group OU for group %s", before[L_NAME]);
1095 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1096 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1097 before_group_membership, before_list_id);
1105 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1107 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1108 group_ou, group_membership,
1109 security_flag, CHECK_GROUPS,
1112 if (rc != AD_NO_GROUPS_FOUND)
1114 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1115 (rc == AD_MULTIPLE_GROUPS_FOUND))
1117 rc = process_group(ldap_handle, dn_path, list_id,
1119 group_ou, group_membership,
1120 security_flag, CLEANUP_GROUPS,
1127 "Unable to create list %s", after[L_NAME]);
1134 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1136 if (rc = moira_connect())
1138 critical_alert("Ldap incremental",
1139 "Error contacting Moira server : %s",
1146 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1147 &ProcessGroup, after[L_MAILLIST]))
1152 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1153 &ProcessGroup, after[L_MAILLIST]))
1157 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1158 group_ou, group_membership, security_flag,
1159 updateGroup, after[L_MAILLIST]))
1165 if (atoi(after[L_ACTIVE]))
1167 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1168 group_membership, security_flag, list_id, 1);
1176 #define LM_EXTRA_ACTIVE (LM_END)
1177 #define LM_EXTRA_PUBLIC (LM_END+1)
1178 #define LM_EXTRA_HIDDEN (LM_END+2)
1179 #define LM_EXTRA_MAILLIST (LM_END+3)
1180 #define LM_EXTRA_GROUP (LM_END+4)
1181 #define LM_EXTRA_GID (LM_END+5)
1182 #define LMN_LIST_ID (LM_END+6)
1183 #define LM_LIST_ID (LM_END+7)
1184 #define LM_USER_ID (LM_END+8)
1185 #define LM_EXTRA_END (LM_END+9)
1187 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1188 char **before, int beforec, char **after, int afterc)
1190 LK_ENTRY *group_base;
1193 char *attr_array[3];
1194 char group_name[128];
1195 char user_name[128];
1196 char user_type[128];
1197 char moira_list_id[32];
1198 char moira_user_id[32];
1199 char group_membership[1];
1201 char machine_ou[256];
1209 char NewMachineName[1024];
1213 char *save_argv[U_END];
1217 memset(moira_list_id, '\0', sizeof(moira_list_id));
1218 memset(moira_user_id, '\0', sizeof(moira_user_id));
1222 if (afterc < LM_EXTRA_GID)
1225 if (!atoi(after[LM_EXTRA_ACTIVE]))
1228 "Unable to add %s to group %s : group not active",
1229 after[2], after[0]);
1235 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1238 strcpy(user_name, after[LM_MEMBER]);
1239 strcpy(group_name, after[LM_LIST]);
1240 strcpy(user_type, after[LM_TYPE]);
1242 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1244 if (afterc > LM_EXTRA_GROUP)
1246 strcpy(moira_list_id, after[LMN_LIST_ID]);
1247 strcpy(moira_user_id, after[LM_LIST_ID]);
1250 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1252 if (afterc > LMN_LIST_ID)
1254 strcpy(moira_list_id, after[LM_LIST_ID]);
1255 strcpy(moira_user_id, after[LM_USER_ID]);
1260 if (afterc > LM_EXTRA_GID)
1261 strcpy(moira_list_id, after[LMN_LIST_ID]);
1266 if (beforec < LM_EXTRA_GID)
1268 if (!atoi(before[LM_EXTRA_ACTIVE]))
1271 "Unable to remove %s from group %s : group not active",
1272 before[2], before[0]);
1278 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1281 strcpy(user_name, before[LM_MEMBER]);
1282 strcpy(group_name, before[LM_LIST]);
1283 strcpy(user_type, before[LM_TYPE]);
1285 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1287 if (beforec > LM_EXTRA_GROUP)
1289 strcpy(moira_list_id, before[LMN_LIST_ID]);
1290 strcpy(moira_user_id, before[LM_LIST_ID]);
1293 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1295 if (beforec > LMN_LIST_ID)
1297 strcpy(moira_list_id, before[LM_LIST_ID]);
1298 strcpy(moira_user_id, before[LM_USER_ID]);
1303 if (beforec > LM_EXTRA_GID)
1304 strcpy(moira_list_id, before[LMN_LIST_ID]);
1311 "Unable to process group : beforec = %d, afterc = %d",
1316 args[L_NAME] = ptr[LM_LIST];
1317 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1318 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1319 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1320 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1321 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1322 args[L_GID] = ptr[LM_EXTRA_GID];
1325 memset(group_ou, '\0', sizeof(group_ou));
1326 get_group_membership(group_membership, group_ou, &security_flag, args);
1328 if (strlen(group_ou) == 0)
1330 com_err(whoami, 0, "Unable to find the group OU for group %s",
1335 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1336 group_ou, group_membership, security_flag,
1337 CHECK_GROUPS, args[L_MAILLIST]))
1339 if (rc != AD_NO_GROUPS_FOUND)
1341 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1342 group_name, group_ou, group_membership,
1343 security_flag, CLEANUP_GROUPS,
1346 if (rc != AD_NO_GROUPS_FOUND)
1349 com_err(whoami, 0, "Unable to add %s to group %s - "
1350 "unable to process group", user_name, group_name);
1352 com_err(whoami, 0, "Unable to remove %s from group %s - "
1353 "unable to process group", user_name, group_name);
1360 if (rc == AD_NO_GROUPS_FOUND)
1362 if (rc = moira_connect())
1364 critical_alert("Ldap incremental",
1365 "Error contacting Moira server : %s",
1370 com_err(whoami, 0, "creating group %s", group_name);
1373 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1374 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1380 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1384 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1385 group_ou, group_membership, security_flag, 0,
1386 ptr[LM_EXTRA_MAILLIST]))
1392 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1394 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1395 group_membership, security_flag, moira_list_id, 1);
1405 com_err(whoami, 0, "removing user %s from list %s", user_name,
1409 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1411 if (!ProcessMachineContainer)
1413 com_err(whoami, 0, "Process machines and containers disabled, "
1418 memset(machine_ou, '\0', sizeof(machine_ou));
1419 memset(NewMachineName, '\0', sizeof(NewMachineName));
1420 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1421 machine_ou, NewMachineName))
1423 if (ptr[LM_MEMBER] != NULL)
1424 free(ptr[LM_MEMBER]);
1425 ptr[LM_MEMBER] = strdup(NewMachineName);
1426 pUserOu = machine_ou;
1429 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1431 strcpy(member, ptr[LM_MEMBER]);
1435 if((s = strchr(member, '@')) == (char *) NULL)
1437 strcat(member, "@mit.edu");
1439 if (ptr[LM_MEMBER] != NULL)
1440 free(ptr[LM_MEMBER]);
1441 ptr[LM_MEMBER] = strdup(member);
1444 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1446 s = strrchr(member, '.');
1448 strcat(s, ".mit.edu");
1450 if (ptr[LM_MEMBER] != NULL)
1451 free(ptr[LM_MEMBER]);
1452 ptr[LM_MEMBER] = strdup(member);
1456 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1460 pUserOu = contact_ou;
1462 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1464 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1468 pUserOu = kerberos_ou;
1471 if (rc = moira_connect()) {
1472 critical_alert("Ldap incremental",
1473 "Error contacting Moira server : %s",
1478 if (rc = populate_group(ldap_handle, dn_path, group_name,
1479 group_ou, group_membership,
1480 security_flag, moira_list_id, 0))
1481 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1486 if (rc = member_remove(ldap_handle, dn_path, group_name,
1487 group_ou, group_membership, ptr[LM_MEMBER],
1488 pUserOu, moira_list_id))
1489 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1495 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1498 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1500 memset(machine_ou, '\0', sizeof(machine_ou));
1501 memset(NewMachineName, '\0', sizeof(NewMachineName));
1503 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1507 if (ptr[LM_MEMBER] != NULL)
1508 free(ptr[LM_MEMBER]);
1510 ptr[LM_MEMBER] = strdup(NewMachineName);
1511 pUserOu = machine_ou;
1513 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1515 strcpy(member, ptr[LM_MEMBER]);
1519 if((s = strchr(member, '@')) == (char *) NULL)
1521 strcat(member, "@mit.edu");
1523 if (ptr[LM_MEMBER] != NULL)
1524 free(ptr[LM_MEMBER]);
1525 ptr[LM_MEMBER] = strdup(member);
1528 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1530 s = strrchr(member, '.');
1532 strcat(s, ".mit.edu");
1534 if (ptr[LM_MEMBER] != NULL)
1535 free(ptr[LM_MEMBER]);
1536 ptr[LM_MEMBER] = strdup(member);
1540 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1544 pUserOu = contact_ou;
1546 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1548 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1552 pUserOu = kerberos_ou;
1554 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1556 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1557 moira_user_id)) == AD_NO_USER_FOUND)
1559 if (rc = moira_connect())
1561 critical_alert("Ldap incremental",
1562 "Error connection to Moira : %s",
1567 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1568 av[0] = ptr[LM_MEMBER];
1569 call_args[0] = (char *)ldap_handle;
1570 call_args[1] = dn_path;
1571 call_args[2] = moira_user_id;
1572 call_args[3] = NULL;
1581 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1582 attr_array[0] = "cn";
1583 attr_array[1] = NULL;
1584 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1585 attr_array, &group_base, &group_count,
1586 LDAP_SCOPE_SUBTREE)) != 0)
1588 com_err(whoami, 0, "Unable to process user %s : %s",
1589 ptr[LM_MEMBER], ldap_err2string(rc));
1595 com_err(whoami, 0, "Object already exists with name %s",
1600 linklist_free(group_base);
1605 if (rc = mr_query("get_user_account_by_login", 1, av,
1606 save_query_info, save_argv))
1609 com_err(whoami, 0, "Unable to create user %s : %s",
1610 ptr[LM_MEMBER], error_message(rc));
1614 if (rc = user_create(U_END, save_argv, call_args))
1617 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1636 if (rc = moira_connect()) {
1637 critical_alert("Ldap incremental",
1638 "Error contacting Moira server : %s",
1643 if (rc = populate_group(ldap_handle, dn_path, group_name,
1644 group_ou, group_membership, security_flag,
1646 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1651 if (rc = member_add(ldap_handle, dn_path, group_name,
1652 group_ou, group_membership, ptr[LM_MEMBER],
1653 pUserOu, moira_list_id))
1654 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1660 #define U_USER_ID 10
1661 #define U_HOMEDIR 11
1662 #define U_PROFILEDIR 12
1664 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1665 char **before, int beforec, char **after,
1668 LK_ENTRY *group_base;
1671 char *attr_array[3];
1674 char after_user_id[32];
1675 char before_user_id[32];
1677 char *save_argv[U_END];
1679 if ((beforec == 0) && (afterc == 0))
1682 memset(after_user_id, '\0', sizeof(after_user_id));
1683 memset(before_user_id, '\0', sizeof(before_user_id));
1685 if (beforec > U_USER_ID)
1686 strcpy(before_user_id, before[U_USER_ID]);
1688 if (afterc > U_USER_ID)
1689 strcpy(after_user_id, after[U_USER_ID]);
1691 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1694 if ((beforec == 0) && (afterc != 0))
1696 /*this case only happens when the account*/
1697 /*account is first created but not usable*/
1699 com_err(whoami, 0, "Unable to process user %s because the user account "
1700 "is not yet usable", after[U_NAME]);
1704 /*this case only happens when the account is expunged */
1706 if ((beforec != 0) && (afterc == 0))
1708 if (atoi(before[U_STATE]) == 0)
1710 com_err(whoami, 0, "expunging user %s from directory",
1712 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1716 com_err(whoami, 0, "Unable to process because user %s has been "
1717 "previously expungeded", before[U_NAME]);
1722 /*process anything that gets here*/
1724 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1725 before_user_id)) == AD_NO_USER_FOUND)
1727 if (!check_string(after[U_NAME]))
1730 if (rc = moira_connect())
1732 critical_alert("Ldap incremental",
1733 "Error connection to Moira : %s",
1738 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1740 av[0] = after[U_NAME];
1741 call_args[0] = (char *)ldap_handle;
1742 call_args[1] = dn_path;
1743 call_args[2] = after_user_id;
1744 call_args[3] = NULL;
1752 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1753 attr_array[0] = "cn";
1754 attr_array[1] = NULL;
1756 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1757 &group_base, &group_count,
1758 LDAP_SCOPE_SUBTREE)) != 0)
1760 com_err(whoami, 0, "Unable to process user %s : %s",
1761 after[U_NAME], ldap_err2string(rc));
1765 if (group_count >= 1)
1767 com_err(whoami, 0, "Object already exists with name %s",
1772 linklist_free(group_base);
1777 if (rc = mr_query("get_user_account_by_login", 1, av,
1778 save_query_info, save_argv))
1781 com_err(whoami, 0, "Unable to create user %s : %s",
1782 after[U_NAME], error_message(rc));
1786 if (rc = user_create(U_END, save_argv, call_args))
1788 com_err(whoami, 0, "Unable to create user %s : %s",
1789 after[U_NAME], error_message(rc));
1796 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1808 if (strcmp(before[U_NAME], after[U_NAME]))
1810 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1812 com_err(whoami, 0, "changing user %s to %s",
1813 before[U_NAME], after[U_NAME]);
1815 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1816 after[U_NAME])) != LDAP_SUCCESS)
1823 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1824 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1825 after[U_UID], after[U_MITID],
1826 after_user_id, atoi(after[U_STATE]),
1827 after[U_HOMEDIR], after[U_PROFILEDIR],
1828 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1829 after[U_SHELL], after[U_CLASS]);
1834 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1835 char *oldValue, char *newValue,
1836 char ***modvalues, int type)
1838 LK_ENTRY *linklist_ptr;
1842 if (((*modvalues) = calloc(1,
1843 (modvalue_count + 1) * sizeof(char *))) == NULL)
1848 for (i = 0; i < (modvalue_count + 1); i++)
1849 (*modvalues)[i] = NULL;
1851 if (modvalue_count != 0)
1853 linklist_ptr = linklist_base;
1854 for (i = 0; i < modvalue_count; i++)
1856 if ((oldValue != NULL) && (newValue != NULL))
1858 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1861 if (type == REPLACE)
1863 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1866 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1867 strcpy((*modvalues)[i], newValue);
1871 if (((*modvalues)[i] = calloc(1,
1872 (int)(cPtr - linklist_ptr->value) +
1873 (linklist_ptr->length -
1875 strlen(newValue) + 1)) == NULL)
1877 memset((*modvalues)[i], '\0',
1878 (int)(cPtr - linklist_ptr->value) +
1879 (linklist_ptr->length - strlen(oldValue)) +
1880 strlen(newValue) + 1);
1881 memcpy((*modvalues)[i], linklist_ptr->value,
1882 (int)(cPtr - linklist_ptr->value));
1883 strcat((*modvalues)[i], newValue);
1884 strcat((*modvalues)[i],
1885 &linklist_ptr->value[(int)(cPtr -
1886 linklist_ptr->value) + strlen(oldValue)]);
1891 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1892 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1893 memcpy((*modvalues)[i], linklist_ptr->value,
1894 linklist_ptr->length);
1899 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1900 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 linklist_ptr->length);
1904 linklist_ptr = linklist_ptr->next;
1906 (*modvalues)[i] = NULL;
1912 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1913 char **attr_array, LK_ENTRY **linklist_base,
1914 int *linklist_count, unsigned long ScopeType)
1917 LDAPMessage *ldap_entry;
1921 (*linklist_base) = NULL;
1922 (*linklist_count) = 0;
1924 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1925 search_exp, attr_array, 0,
1926 &ldap_entry)) != LDAP_SUCCESS)
1928 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1932 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1935 ldap_msgfree(ldap_entry);
1939 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1940 LK_ENTRY **linklist_base, int *linklist_count)
1942 char distinguished_name[1024];
1943 LK_ENTRY *linklist_ptr;
1946 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1949 memset(distinguished_name, '\0', sizeof(distinguished_name));
1950 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1952 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1953 linklist_base)) != 0)
1956 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1958 memset(distinguished_name, '\0', sizeof(distinguished_name));
1959 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1961 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1962 distinguished_name, linklist_base)) != 0)
1966 linklist_ptr = (*linklist_base);
1967 (*linklist_count) = 0;
1969 while (linklist_ptr != NULL)
1971 ++(*linklist_count);
1972 linklist_ptr = linklist_ptr->next;
1978 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1979 char *distinguished_name, LK_ENTRY **linklist_current)
1986 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1989 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1991 ldap_memfree(Attribute);
1992 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1995 retrieve_values(ldap_handle, ldap_entry, Attribute,
1996 distinguished_name, linklist_current);
1997 ldap_memfree(Attribute);
2001 ldap_ber_free(ptr, 0);
2006 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2007 char *Attribute, char *distinguished_name,
2008 LK_ENTRY **linklist_current)
2014 LK_ENTRY *linklist_previous;
2015 LDAP_BERVAL **ber_value;
2024 SID_IDENTIFIER_AUTHORITY *sid_auth;
2025 unsigned char *subauth_count;
2026 #endif /*LDAP_BEGUG*/
2029 memset(temp, '\0', sizeof(temp));
2031 if ((!strcmp(Attribute, "objectSid")) ||
2032 (!strcmp(Attribute, "objectGUID")))
2037 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2038 Ptr = (void **)ber_value;
2043 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2044 Ptr = (void **)str_value;
2052 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2055 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2056 linklist_previous->next = (*linklist_current);
2057 (*linklist_current) = linklist_previous;
2059 if (((*linklist_current)->attribute = calloc(1,
2060 strlen(Attribute) + 1)) == NULL)
2063 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2064 strcpy((*linklist_current)->attribute, Attribute);
2068 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2070 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2073 memset((*linklist_current)->value, '\0', ber_length);
2074 memcpy((*linklist_current)->value,
2075 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2076 (*linklist_current)->length = ber_length;
2080 if (((*linklist_current)->value = calloc(1,
2081 strlen(*Ptr) + 1)) == NULL)
2084 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2085 (*linklist_current)->length = strlen(*Ptr);
2086 strcpy((*linklist_current)->value, *Ptr);
2089 (*linklist_current)->ber_value = use_bervalue;
2091 if (((*linklist_current)->dn = calloc(1,
2092 strlen(distinguished_name) + 1)) == NULL)
2095 memset((*linklist_current)->dn, '\0',
2096 strlen(distinguished_name) + 1);
2097 strcpy((*linklist_current)->dn, distinguished_name);
2100 if (!strcmp(Attribute, "objectGUID"))
2102 guid = (GUID *)((*linklist_current)->value);
2104 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2105 guid->Data1, guid->Data2, guid->Data3,
2106 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2107 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2108 guid->Data4[6], guid->Data4[7]);
2109 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2111 else if (!strcmp(Attribute, "objectSid"))
2113 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2116 print_to_screen(" Revision = %d\n", sid->Revision);
2117 print_to_screen(" SID Identifier Authority:\n");
2118 sid_auth = &sid->IdentifierAuthority;
2119 if (sid_auth->Value[0])
2120 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2121 else if (sid_auth->Value[1])
2122 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2123 else if (sid_auth->Value[2])
2124 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2125 else if (sid_auth->Value[3])
2126 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2127 else if (sid_auth->Value[5])
2128 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2130 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2131 subauth_count = GetSidSubAuthorityCount(sid);
2132 print_to_screen(" SidSubAuthorityCount = %d\n",
2134 print_to_screen(" SidSubAuthority:\n");
2135 for (i = 0; i < *subauth_count; i++)
2137 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2138 print_to_screen(" %u\n", *subauth);
2142 else if ((!memcmp(Attribute, "userAccountControl",
2143 strlen("userAccountControl"))) ||
2144 (!memcmp(Attribute, "sAMAccountType",
2145 strlen("sAmAccountType"))))
2147 intValue = atoi(*Ptr);
2148 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2150 if (!memcmp(Attribute, "userAccountControl",
2151 strlen("userAccountControl")))
2153 if (intValue & UF_ACCOUNTDISABLE)
2154 print_to_screen(" %20s : %s\n",
2155 "", "Account disabled");
2157 print_to_screen(" %20s : %s\n",
2158 "", "Account active");
2159 if (intValue & UF_HOMEDIR_REQUIRED)
2160 print_to_screen(" %20s : %s\n",
2161 "", "Home directory required");
2162 if (intValue & UF_LOCKOUT)
2163 print_to_screen(" %20s : %s\n",
2164 "", "Account locked out");
2165 if (intValue & UF_PASSWD_NOTREQD)
2166 print_to_screen(" %20s : %s\n",
2167 "", "No password required");
2168 if (intValue & UF_PASSWD_CANT_CHANGE)
2169 print_to_screen(" %20s : %s\n",
2170 "", "Cannot change password");
2171 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2172 print_to_screen(" %20s : %s\n",
2173 "", "Temp duplicate account");
2174 if (intValue & UF_NORMAL_ACCOUNT)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Normal account");
2177 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2178 print_to_screen(" %20s : %s\n",
2179 "", "Interdomain trust account");
2180 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Workstation trust account");
2183 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Server trust account");
2190 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2192 #endif /*LDAP_DEBUG*/
2195 if (str_value != NULL)
2196 ldap_value_free(str_value);
2198 if (ber_value != NULL)
2199 ldap_value_free_len(ber_value);
2202 (*linklist_current) = linklist_previous;
2207 int moira_connect(void)
2212 if (!mr_connections++)
2216 memset(HostName, '\0', sizeof(HostName));
2217 strcpy(HostName, "ttsp");
2218 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2222 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2231 int check_winad(void)
2235 for (i = 0; file_exists(STOP_FILE); i++)
2239 critical_alert("Ldap incremental",
2240 "Ldap incremental failed (%s exists): %s",
2241 STOP_FILE, tbl_buf);
2251 int moira_disconnect(void)
2254 if (!--mr_connections)
2262 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2263 char *distinguished_name)
2267 CName = ldap_get_dn(ldap_handle, ldap_entry);
2272 strcpy(distinguished_name, CName);
2273 ldap_memfree(CName);
2276 int linklist_create_entry(char *attribute, char *value,
2277 LK_ENTRY **linklist_entry)
2279 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2281 if (!(*linklist_entry))
2286 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2287 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2288 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2289 strcpy((*linklist_entry)->attribute, attribute);
2290 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2291 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2292 strcpy((*linklist_entry)->value, value);
2293 (*linklist_entry)->length = strlen(value);
2294 (*linklist_entry)->next = NULL;
2299 void print_to_screen(const char *fmt, ...)
2303 va_start(pvar, fmt);
2304 vfprintf(stderr, fmt, pvar);
2309 int get_group_membership(char *group_membership, char *group_ou,
2310 int *security_flag, char **av)
2315 maillist_flag = atoi(av[L_MAILLIST]);
2316 group_flag = atoi(av[L_GROUP]);
2318 if (security_flag != NULL)
2319 (*security_flag) = 0;
2321 if ((maillist_flag) && (group_flag))
2323 if (group_membership != NULL)
2324 group_membership[0] = 'B';
2326 if (security_flag != NULL)
2327 (*security_flag) = 1;
2329 if (group_ou != NULL)
2330 strcpy(group_ou, group_ou_both);
2332 else if ((!maillist_flag) && (group_flag))
2334 if (group_membership != NULL)
2335 group_membership[0] = 'S';
2337 if (security_flag != NULL)
2338 (*security_flag) = 1;
2340 if (group_ou != NULL)
2341 strcpy(group_ou, group_ou_security);
2343 else if ((maillist_flag) && (!group_flag))
2345 if (group_membership != NULL)
2346 group_membership[0] = 'D';
2348 if (group_ou != NULL)
2349 strcpy(group_ou, group_ou_distribution);
2353 if (group_membership != NULL)
2354 group_membership[0] = 'N';
2356 if (group_ou != NULL)
2357 strcpy(group_ou, group_ou_neither);
2363 int group_rename(LDAP *ldap_handle, char *dn_path,
2364 char *before_group_name, char *before_group_membership,
2365 char *before_group_ou, int before_security_flag,
2366 char *before_desc, char *after_group_name,
2367 char *after_group_membership, char *after_group_ou,
2368 int after_security_flag, char *after_desc,
2369 char *MoiraId, char *filter, char *maillist)
2374 char new_dn_path[512];
2377 char mail_nickname[256];
2378 char proxy_address[256];
2379 char address_book[256];
2380 char *attr_array[3];
2381 char *mitMoiraId_v[] = {NULL, NULL};
2382 char *name_v[] = {NULL, NULL};
2383 char *samAccountName_v[] = {NULL, NULL};
2384 char *groupTypeControl_v[] = {NULL, NULL};
2385 char *mail_v[] = {NULL, NULL};
2386 char *proxy_address_v[] = {NULL, NULL};
2387 char *mail_nickname_v[] = {NULL, NULL};
2388 char *report_to_originator_v[] = {NULL, NULL};
2389 char *address_book_v[] = {NULL, NULL};
2390 char *legacy_exchange_dn_v[] = {NULL, NULL};
2391 char *null_v[] = {NULL, NULL};
2392 u_int groupTypeControl;
2393 char groupTypeControlStr[80];
2394 char contact_mail[256];
2398 LK_ENTRY *group_base;
2400 int MailDisabled = 0;
2401 char search_filter[1024];
2403 if(UseGroupUniversal)
2404 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2406 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2408 if (!check_string(before_group_name))
2411 "Unable to process invalid LDAP list name %s",
2413 return(AD_INVALID_NAME);
2416 if (!check_string(after_group_name))
2419 "Unable to process invalid LDAP list name %s", after_group_name);
2420 return(AD_INVALID_NAME);
2430 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2432 attr_array[0] = "cn";
2433 attr_array[1] = NULL;
2435 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2436 attr_array, &group_base, &group_count,
2437 LDAP_SCOPE_SUBTREE)) != 0)
2439 com_err(whoami, 0, "Unable to process group %s : %s",
2440 after_group_name, ldap_err2string(rc));
2446 com_err(whoami, 0, "Object already exists with name %s",
2451 linklist_free(group_base);
2460 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2461 before_group_membership,
2462 MoiraId, "samAccountName", &group_base,
2463 &group_count, filter))
2466 if (group_count == 0)
2468 return(AD_NO_GROUPS_FOUND);
2471 if (group_count != 1)
2473 com_err(whoami, 0, "Unable to process multiple groups with "
2474 "MoiraId = %s exist in the directory", MoiraId);
2475 return(AD_MULTIPLE_GROUPS_FOUND);
2478 strcpy(old_dn, group_base->dn);
2480 linklist_free(group_base);
2483 attr_array[0] = "sAMAccountName";
2484 attr_array[1] = NULL;
2486 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2487 &group_base, &group_count,
2488 LDAP_SCOPE_SUBTREE)) != 0)
2490 com_err(whoami, 0, "Unable to get list %s dn : %s",
2491 after_group_name, ldap_err2string(rc));
2495 if (group_count != 1)
2498 "Unable to get sAMAccountName for group %s",
2500 return(AD_LDAP_FAILURE);
2503 strcpy(sam_name, group_base->value);
2504 linklist_free(group_base);
2508 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2509 sprintf(new_dn, "cn=%s", after_group_name);
2510 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2511 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2512 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2513 lowercase(ldap_domain));
2514 sprintf(mail_nickname, "%s", after_group_name);
2516 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2518 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2519 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2521 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2522 before_group_name, after_group_name, ldap_err2string(rc));
2526 name_v[0] = after_group_name;
2528 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2529 group_suffix, strlen(group_suffix)))
2531 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2536 "Unable to rename list from %s to %s : sAMAccountName not found",
2537 before_group_name, after_group_name);
2541 samAccountName_v[0] = sam_name;
2543 if (after_security_flag)
2544 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2546 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2547 groupTypeControl_v[0] = groupTypeControlStr;
2548 mitMoiraId_v[0] = MoiraId;
2550 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2551 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2554 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2555 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2556 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2557 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2561 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2563 mail_nickname_v[0] = mail_nickname;
2564 proxy_address_v[0] = proxy_address;
2566 report_to_originator_v[0] = "TRUE";
2568 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2569 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2570 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2571 ADD_ATTR("reportToOriginator", report_to_originator_v,
2576 mail_nickname_v[0] = NULL;
2577 proxy_address_v[0] = NULL;
2579 legacy_exchange_dn_v[0] = NULL;
2580 address_book_v[0] = NULL;
2581 report_to_originator_v[0] = NULL;
2583 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2584 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2585 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2587 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("reportToOriginator", report_to_originator_v,
2594 if(atoi(maillist) && email_isvalid(contact_mail))
2596 mail_v[0] = contact_mail;
2597 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2599 if(!ActiveDirectory)
2601 null_v[0] = "/dev/null";
2602 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2609 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2612 "Unable to modify list data for %s after renaming: %s",
2613 after_group_name, ldap_err2string(rc));
2616 for (i = 0; i < n; i++)
2622 int group_create(int ac, char **av, void *ptr)
2627 char new_group_name[256];
2628 char sam_group_name[256];
2629 char cn_group_name[256];
2631 char contact_mail[256];
2632 char mail_nickname[256];
2633 char proxy_address[256];
2634 char address_book[256];
2635 char *cn_v[] = {NULL, NULL};
2636 char *objectClass_v[] = {"top", "group", NULL};
2637 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2638 "group", "mailRecipient", NULL};
2640 char *samAccountName_v[] = {NULL, NULL};
2641 char *altSecurityIdentities_v[] = {NULL, NULL};
2642 char *member_v[] = {NULL, NULL};
2643 char *name_v[] = {NULL, NULL};
2644 char *desc_v[] = {NULL, NULL};
2645 char *info_v[] = {NULL, NULL};
2646 char *mitMoiraId_v[] = {NULL, NULL};
2647 char *mitMoiraPublic_v[] = {NULL, NULL};
2648 char *mitMoiraHidden_v[] = {NULL, NULL};
2649 char *mitMoiraActive_v[] = {NULL, NULL};
2650 char *groupTypeControl_v[] = {NULL, NULL};
2651 char *mail_v[] = {NULL, NULL};
2652 char *proxy_address_v[] = {NULL, NULL};
2653 char *mail_nickname_v[] = {NULL, NULL};
2654 char *report_to_originator_v[] = {NULL, NULL};
2655 char *address_book_v[] = {NULL, NULL};
2656 char *legacy_exchange_dn_v[] = {NULL, NULL};
2657 char *gidNumber_v[] = {NULL, NULL};
2658 char *null_v[] = {NULL, NULL};
2659 char groupTypeControlStr[80];
2660 char group_membership[1];
2663 u_int groupTypeControl;
2667 int MailDisabled = 0;
2669 LK_ENTRY *group_base;
2672 char *attr_array[3];
2676 if(UseGroupUniversal)
2677 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2679 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2681 if (!check_string(av[L_NAME]))
2683 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2685 return(AD_INVALID_NAME);
2688 updateGroup = (int)call_args[4];
2689 memset(group_ou, 0, sizeof(group_ou));
2690 memset(group_membership, 0, sizeof(group_membership));
2693 get_group_membership(group_membership, group_ou, &security_flag, av);
2695 strcpy(new_group_name, av[L_NAME]);
2696 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2697 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2698 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2699 sprintf(mail_nickname, "%s", av[L_NAME]);
2702 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2704 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2708 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2709 groupTypeControl_v[0] = groupTypeControlStr;
2711 strcpy(cn_group_name, av[L_NAME]);
2713 samAccountName_v[0] = sam_group_name;
2714 name_v[0] = new_group_name;
2715 cn_v[0] = new_group_name;
2718 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2722 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2726 mitMoiraPublic_v[0] = av[L_PUBLIC];
2727 mitMoiraHidden_v[0] = av[L_HIDDEN];
2728 mitMoiraActive_v[0] = av[L_ACTIVE];
2729 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2730 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2731 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2732 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD);
2734 if(atoi(av[L_GROUP]))
2736 gidNumber_v[0] = av[L_GID];
2737 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2741 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2742 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2743 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2747 if(atoi(av[L_MAILLIST]))
2752 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2753 attr_array[0] = "cn";
2754 attr_array[1] = NULL;
2756 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2757 filter, attr_array, &group_base,
2759 LDAP_SCOPE_SUBTREE)) != 0)
2761 com_err(whoami, 0, "Unable to process group %s : %s",
2762 av[L_NAME], ldap_err2string(rc));
2768 com_err(whoami, 0, "Object already exists with name %s",
2773 linklist_free(group_base);
2778 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2780 mail_nickname_v[0] = mail_nickname;
2781 report_to_originator_v[0] = "TRUE";
2783 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2784 ADD_ATTR("reportToOriginator", report_to_originator_v,
2790 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2792 mail_v[0] = contact_mail;
2793 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2795 if(!ActiveDirectory)
2797 null_v[0] = "/dev/null";
2798 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2803 if (strlen(av[L_DESC]) != 0)
2805 desc_v[0] = av[L_DESC];
2806 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2809 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2811 if (strlen(av[L_ACE_NAME]) != 0)
2813 sprintf(info, "The Administrator of this list is: %s",
2816 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2819 if (strlen(call_args[5]) != 0)
2821 mitMoiraId_v[0] = call_args[5];
2822 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2827 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2829 for (i = 0; i < n; i++)
2832 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2834 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2835 av[L_NAME], ldap_err2string(rc));
2841 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2843 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2844 "description", av[L_NAME]);
2845 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2847 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2852 if (strlen(call_args[5]) != 0)
2854 mitMoiraId_v[0] = call_args[5];
2855 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2858 if (!(atoi(av[L_ACTIVE])))
2861 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2864 if (!ActiveDirectory)
2866 mitMoiraPublic_v[0] = av[L_PUBLIC];
2867 mitMoiraHidden_v[0] = av[L_HIDDEN];
2868 mitMoiraActive_v[0] = av[L_ACTIVE];
2869 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2870 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2871 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE);
2873 if(atoi(av[L_GROUP]))
2875 gidNumber_v[0] = av[L_GID];
2876 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2880 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2886 if(atoi(av[L_MAILLIST]))
2891 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2892 attr_array[0] = "cn";
2893 attr_array[1] = NULL;
2895 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2896 filter, attr_array, &group_base,
2898 LDAP_SCOPE_SUBTREE)) != 0)
2900 com_err(whoami, 0, "Unable to process group %s : %s",
2901 av[L_NAME], ldap_err2string(rc));
2907 com_err(whoami, 0, "Object already exists with name %s",
2912 linklist_free(group_base);
2917 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2919 mail_nickname_v[0] = mail_nickname;
2920 report_to_originator_v[0] = "TRUE";
2922 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2923 ADD_ATTR("reportToOriginator", report_to_originator_v,
2929 mail_nickname_v[0] = NULL;
2930 proxy_address_v[0] = NULL;
2931 legacy_exchange_dn_v[0] = NULL;
2932 address_book_v[0] = NULL;
2933 report_to_originator_v[0] = NULL;
2935 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2936 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2938 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2940 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2941 ADD_ATTR("reportToOriginator", report_to_originator_v,
2947 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2949 mail_v[0] = contact_mail;
2950 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2952 if(!ActiveDirectory)
2954 null_v[0] = "/dev/null";
2955 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2961 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2963 if(!ActiveDirectory)
2966 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2976 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2978 for (i = 0; i < n; i++)
2981 if (rc != LDAP_SUCCESS)
2983 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2984 av[L_NAME], ldap_err2string(rc));
2991 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2992 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2994 return(LDAP_SUCCESS);
2997 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2998 char *TargetGroupName, int HiddenGroup,
2999 char *AceType, char *AceName)
3001 char filter_exp[1024];
3002 char *attr_array[5];
3003 char search_path[512];
3005 char TemplateDn[512];
3006 char TemplateSamName[128];
3008 char TargetSamName[128];
3009 char AceSamAccountName[128];
3011 unsigned char AceSid[128];
3012 unsigned char UserTemplateSid[128];
3013 char acBERBuf[N_SD_BER_BYTES];
3014 char GroupSecurityTemplate[256];
3015 char hide_addres_lists[256];
3016 char address_book[256];
3017 char *hide_address_lists_v[] = {NULL, NULL};
3018 char *address_book_v[] = {NULL, NULL};
3019 char *owner_v[] = {NULL, NULL};
3021 int UserTemplateSidCount;
3028 int array_count = 0;
3030 LK_ENTRY *group_base;
3031 LDAP_BERVAL **ppsValues;
3032 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3033 { N_SD_BER_BYTES, acBERBuf },
3036 LDAPControl *apsServerControls[] = {&sControl, NULL};
3039 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3040 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3041 BEREncodeSecurityBits(dwInfo, acBERBuf);
3043 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3044 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3045 attr_array[0] = "sAMAccountName";
3046 attr_array[1] = NULL;
3050 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3051 &group_base, &group_count,
3052 LDAP_SCOPE_SUBTREE) != 0))
3055 if (group_count != 1)
3057 linklist_free(group_base);
3061 strcpy(TargetDn, group_base->dn);
3062 strcpy(TargetSamName, group_base->value);
3063 linklist_free(group_base);
3067 UserTemplateSidCount = 0;
3068 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3069 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3070 memset(AceSid, '\0', sizeof(AceSid));
3075 if (strlen(AceName) != 0)
3077 if (!strcmp(AceType, "LIST"))
3079 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3080 strcpy(root_ou, group_ou_root);
3082 else if (!strcmp(AceType, "USER"))
3084 sprintf(AceSamAccountName, "%s", AceName);
3085 strcpy(root_ou, user_ou);
3088 if (ActiveDirectory)
3090 if (strlen(AceSamAccountName) != 0)
3092 sprintf(search_path, "%s", dn_path);
3093 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3094 attr_array[0] = "objectSid";
3095 attr_array[1] = NULL;
3099 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3100 attr_array, &group_base, &group_count,
3101 LDAP_SCOPE_SUBTREE) != 0))
3103 if (group_count == 1)
3105 strcpy(AceDn, group_base->dn);
3106 AceSidCount = group_base->length;
3107 memcpy(AceSid, group_base->value, AceSidCount);
3109 linklist_free(group_base);
3116 if (strlen(AceSamAccountName) != 0)
3118 sprintf(search_path, "%s", dn_path);
3119 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3120 attr_array[0] = "samAccountName";
3121 attr_array[1] = NULL;
3125 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3126 attr_array, &group_base, &group_count,
3127 LDAP_SCOPE_SUBTREE) != 0))
3129 if (group_count == 1)
3131 strcpy(AceDn, group_base->dn);
3133 linklist_free(group_base);
3140 if (!ActiveDirectory)
3142 if (strlen(AceDn) != 0)
3144 owner_v[0] = strdup(AceDn);
3146 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3150 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3152 for (i = 0; i < n; i++)
3155 if (rc != LDAP_SUCCESS)
3156 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3157 TargetGroupName, ldap_err2string(rc));
3163 if (AceSidCount == 0)
3165 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3166 "have a directory SID.", TargetGroupName, AceName, AceType);
3167 com_err(whoami, 0, " Non-admin security group template will be used.");
3171 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3172 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3173 attr_array[0] = "objectSid";
3174 attr_array[1] = NULL;
3179 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3180 attr_array, &group_base, &group_count,
3181 LDAP_SCOPE_SUBTREE) != 0))
3184 if ((rc != 0) || (group_count != 1))
3186 com_err(whoami, 0, "Unable to process user security template: %s",
3192 UserTemplateSidCount = group_base->length;
3193 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3195 linklist_free(group_base);
3202 if (AceSidCount == 0)
3204 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3205 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3209 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3210 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3215 if (AceSidCount == 0)
3217 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3218 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3222 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3223 sprintf(filter_exp, "(sAMAccountName=%s)",
3224 NOT_HIDDEN_GROUP_WITH_ADMIN);
3228 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3229 attr_array[0] = "sAMAccountName";
3230 attr_array[1] = NULL;
3234 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3235 &group_base, &group_count,
3236 LDAP_SCOPE_SUBTREE) != 0))
3239 if (group_count != 1)
3241 linklist_free(group_base);
3242 com_err(whoami, 0, "Unable to process group security template: %s - "
3243 "security not set", GroupSecurityTemplate);
3247 strcpy(TemplateDn, group_base->dn);
3248 strcpy(TemplateSamName, group_base->value);
3249 linklist_free(group_base);
3253 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3254 rc = ldap_search_ext_s(ldap_handle,
3266 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3268 com_err(whoami, 0, "Unable to find group security template: %s - "
3269 "security not set", GroupSecurityTemplate);
3273 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3275 if (ppsValues == NULL)
3277 com_err(whoami, 0, "Unable to find group security descriptor for group "
3278 "%s - security not set", GroupSecurityTemplate);
3282 if (AceSidCount != 0)
3284 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3287 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3289 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3290 UserTemplateSidCount))
3292 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3300 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3301 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3307 hide_address_lists_v[0] = "TRUE";
3308 address_book_v[0] = NULL;
3309 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3311 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3313 hide_address_lists_v[0] = NULL;
3314 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3321 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3323 for (i = 0; i < n; i++)
3326 ldap_value_free_len(ppsValues);
3327 ldap_msgfree(psMsg);
3329 if (rc != LDAP_SUCCESS)
3331 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3332 TargetGroupName, ldap_err2string(rc));
3334 if (AceSidCount != 0)
3337 "Trying to set security for group %s without admin.",
3340 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3341 HiddenGroup, "", ""))
3343 com_err(whoami, 0, "Unable to set security for group %s.",
3354 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3355 char *group_membership, char *MoiraId)
3357 LK_ENTRY *group_base;
3363 if (!check_string(group_name))
3366 "Unable to process invalid LDAP list name %s", group_name);
3367 return(AD_INVALID_NAME);
3370 memset(filter, '\0', sizeof(filter));
3373 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3375 if (rc = ad_get_group(ldap_handle, temp, group_name,
3376 group_membership, MoiraId,
3377 "samAccountName", &group_base,
3378 &group_count, filter))
3381 if (group_count == 1)
3383 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3385 linklist_free(group_base);
3386 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3387 group_name, ldap_err2string(rc));
3390 linklist_free(group_base);
3394 linklist_free(group_base);
3395 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3396 return(AD_NO_GROUPS_FOUND);
3402 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3408 return(N_SD_BER_BYTES);
3411 int process_lists(int ac, char **av, void *ptr)
3416 char group_membership[2];
3422 memset(group_ou, '\0', sizeof(group_ou));
3423 memset(group_membership, '\0', sizeof(group_membership));
3424 get_group_membership(group_membership, group_ou, &security_flag, av);
3425 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3426 av[L_NAME], group_ou, group_membership,
3427 security_flag, "", 1);
3432 int member_list_build(int ac, char **av, void *ptr)
3440 strcpy(temp, av[ACE_NAME]);
3443 if (!check_string(temp))
3446 if (!strcmp(av[ACE_TYPE], "USER"))
3448 if (!((int)call_args[3] & MOIRA_USERS))
3451 else if (!strcmp(av[ACE_TYPE], "STRING"))
3455 if((s = strchr(temp, '@')) == (char *) NULL)
3457 strcat(temp, "@mit.edu");
3460 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3462 s = strrchr(temp, '.');
3464 strcat(s, ".mit.edu");
3468 if (!((int)call_args[3] & MOIRA_STRINGS))
3471 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3474 else if (!strcmp(av[ACE_TYPE], "LIST"))
3476 if (!((int)call_args[3] & MOIRA_LISTS))
3479 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3481 if (!((int)call_args[3] & MOIRA_KERBEROS))
3484 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3489 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3491 if (!((int)call_args[3] & MOIRA_MACHINE))
3497 linklist = member_base;
3501 if (!strcasecmp(temp, linklist->member) &&
3502 !strcasecmp(av[ACE_TYPE], linklist->type))
3505 linklist = linklist->next;
3508 linklist = calloc(1, sizeof(LK_ENTRY));
3510 linklist->dn = NULL;
3511 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3512 strcpy(linklist->list, call_args[2]);
3513 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3514 strcpy(linklist->type, av[ACE_TYPE]);
3515 linklist->member = calloc(1, strlen(temp) + 1);
3516 strcpy(linklist->member, temp);
3517 linklist->next = member_base;
3518 member_base = linklist;
3523 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3524 char *group_ou, char *group_membership, char *user_name,
3525 char *UserOu, char *MoiraId)
3527 char distinguished_name[1024];
3531 char *attr_array[3];
3536 LK_ENTRY *group_base;
3540 if (max_group_members && (group_members < max_group_members))
3543 if (!check_string(group_name))
3544 return(AD_INVALID_NAME);
3546 if(!contains_member(ldap_handle, dn_path, group_name, UserOu, user_name))
3549 memset(filter, '\0', sizeof(filter));
3553 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3554 group_membership, MoiraId,
3555 "samAccountName", &group_base,
3556 &group_count, filter))
3559 if (group_count != 1)
3561 com_err(whoami, 0, "Unable to find list %s in directory",
3563 linklist_free(group_base);
3569 strcpy(distinguished_name, group_base->dn);
3570 linklist_free(group_base);
3576 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3580 if(!strcmp(UserOu, user_ou))
3581 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3583 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3586 modvalues[0] = temp;
3587 modvalues[1] = NULL;
3590 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3592 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3594 for (i = 0; i < n; i++)
3597 if (rc == LDAP_UNWILLING_TO_PERFORM)
3600 if (rc != LDAP_SUCCESS)
3602 com_err(whoami, 0, "Unable to modify list %s members : %s",
3603 group_name, ldap_err2string(rc));
3607 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3611 if(!strcmp(UserOu, contact_ou) &&
3612 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3614 memset(temp, '\0', sizeof(temp));
3615 strcpy(temp, user_name);
3616 s = strchr(temp, '@');
3619 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3621 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3622 &group_base, &group_count,
3623 LDAP_SCOPE_SUBTREE) != 0))
3629 linklist_free(group_base);
3634 sprintf(filter, "(distinguishedName=%s)", temp);
3635 attr_array[0] = "memberOf";
3636 attr_array[1] = NULL;
3638 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3639 &group_base, &group_count,
3640 LDAP_SCOPE_SUBTREE) != 0))
3646 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3648 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3658 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3659 char *group_ou, char *group_membership, char *user_name,
3660 char *UserOu, char *MoiraId)
3662 char distinguished_name[1024];
3670 LK_ENTRY *group_base;
3673 if (max_group_members && (group_members < max_group_members))
3676 if (!check_string(group_name))
3677 return(AD_INVALID_NAME);
3679 if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0)
3683 memset(filter, '\0', sizeof(filter));
3687 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3688 group_membership, MoiraId,
3689 "samAccountName", &group_base,
3690 &group_count, filter))
3693 if (group_count != 1)
3695 linklist_free(group_base);
3698 com_err(whoami, 0, "Unable to find list %s %d in directory",
3699 group_name, group_count);
3700 return(AD_MULTIPLE_GROUPS_FOUND);
3703 strcpy(distinguished_name, group_base->dn);
3704 linklist_free(group_base);
3710 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3714 if(!strcmp(UserOu, user_ou))
3715 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3717 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3720 modvalues[0] = temp;
3721 modvalues[1] = NULL;
3724 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3726 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3728 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3731 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3733 if (rc == LDAP_UNWILLING_TO_PERFORM)
3737 for (i = 0; i < n; i++)
3740 if (rc != LDAP_SUCCESS)
3742 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3743 user_name, group_name, ldap_err2string(rc));
3749 int contact_remove_email(LDAP *ld, char *bind_path,
3750 LK_ENTRY **linklist_base, int linklist_current)
3754 char *mail_v[] = {NULL, NULL};
3762 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3763 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3764 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3765 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3768 gPtr = (*linklist_base);
3771 rc = ldap_modify_s(ld, gPtr->dn, mods);
3773 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3775 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3776 gPtr->dn, ldap_err2string(rc));
3783 for (i = 0; i < n; i++)
3789 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3792 LK_ENTRY *group_base;
3795 char cn_user_name[256];
3796 char contact_name[256];
3797 char mail_nickname[256];
3798 char proxy_address_internal[256];
3799 char proxy_address_external[256];
3800 char target_address[256];
3801 char internal_contact_name[256];
3804 char principal[256];
3805 char mit_address_book[256];
3806 char default_address_book[256];
3807 char contact_address_book[256];
3809 char *email_v[] = {NULL, NULL};
3810 char *cn_v[] = {NULL, NULL};
3811 char *contact_v[] = {NULL, NULL};
3812 char *uid_v[] = {NULL, NULL};
3813 char *mail_nickname_v[] = {NULL, NULL};
3814 char *proxy_address_internal_v[] = {NULL, NULL};
3815 char *proxy_address_external_v[] = {NULL, NULL};
3816 char *target_address_v[] = {NULL, NULL};
3817 char *mit_address_book_v[] = {NULL, NULL};
3818 char *default_address_book_v[] = {NULL, NULL};
3819 char *contact_address_book_v[] = {NULL, NULL};
3820 char *hide_address_lists_v[] = {NULL, NULL};
3821 char *attr_array[3];
3822 char *objectClass_v[] = {"top", "person",
3823 "organizationalPerson",
3825 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3826 "inetOrgPerson", "organizationalPerson",
3827 "contact", "mailRecipient", "eduPerson",
3829 char *name_v[] = {NULL, NULL};
3830 char *desc_v[] = {NULL, NULL};
3837 char *mail_routing_v[] = {NULL, NULL};
3838 char *principal_v[] = {NULL, NULL};
3840 if (!check_string(user))
3842 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3843 return(AD_INVALID_NAME);
3847 strcpy(contact_name, mail);
3848 strcpy(internal_contact_name, mail);
3850 if((s = strchr(internal_contact_name, '@')) != NULL) {
3854 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3857 sprintf(target_address, "SMTP:%s", contact_name);
3858 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3859 sprintf(mail_nickname, "%s", internal_contact_name);
3861 cn_v[0] = cn_user_name;
3862 contact_v[0] = contact_name;
3865 desc_v[0] = "Auto account created by Moira";
3867 proxy_address_internal_v[0] = proxy_address_internal;
3868 proxy_address_external_v[0] = proxy_address_external;
3869 mail_nickname_v[0] = mail_nickname;
3870 target_address_v[0] = target_address;
3871 mit_address_book_v[0] = mit_address_book;
3872 default_address_book_v[0] = default_address_book;
3873 contact_address_book_v[0] = contact_address_book;
3874 strcpy(new_dn, cn_user_name);
3877 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3879 if(!ActiveDirectory)
3881 if(!strcmp(group_ou, contact_ou))
3882 sprintf(uid, "%s%s", contact_name, "_strings");
3884 if(!strcmp(group_ou, kerberos_ou))
3885 sprintf(uid, "%s%s", contact_name, "_kerberos");
3889 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3890 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3895 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3899 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3902 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3903 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3904 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3908 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3913 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3914 attr_array[0] = "cn";
3915 attr_array[1] = NULL;
3917 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3918 &group_base, &group_count,
3919 LDAP_SCOPE_SUBTREE)) != 0)
3921 com_err(whoami, 0, "Unable to process contact %s : %s",
3922 user, ldap_err2string(rc));
3928 com_err(whoami, 0, "Object already exists with name %s",
3933 linklist_free(group_base);
3937 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3938 attr_array[0] = "cn";
3939 attr_array[1] = NULL;
3941 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3942 &group_base, &group_count,
3943 LDAP_SCOPE_SUBTREE)) != 0)
3945 com_err(whoami, 0, "Unable to process contact %s : %s",
3946 user, ldap_err2string(rc));
3952 com_err(whoami, 0, "Object already exists with name %s",
3957 linklist_free(group_base);
3961 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3962 attr_array[0] = "cn";
3963 attr_array[1] = NULL;
3965 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3966 &group_base, &group_count,
3967 LDAP_SCOPE_SUBTREE)) != 0)
3969 com_err(whoami, 0, "Unable to process contact %s : %s",
3970 user, ldap_err2string(rc));
3976 com_err(whoami, 0, "Object already exists with name %s",
3981 linklist_free(group_base);
3985 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3986 attr_array[0] = "cn";
3987 attr_array[1] = NULL;
3989 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3990 &group_base, &group_count,
3991 LDAP_SCOPE_SUBTREE)) != 0)
3993 com_err(whoami, 0, "Unable to process contact %s : %s",
3994 user, ldap_err2string(rc));
4000 com_err(whoami, 0, "Object already exists with name %s",
4005 linklist_free(group_base);
4009 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4010 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4011 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4012 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4014 hide_address_lists_v[0] = "TRUE";
4015 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4020 if(!ActiveDirectory)
4022 if((c = strchr(mail, '@')) == NULL)
4023 sprintf(temp, "%s@mit.edu", mail);
4025 sprintf(temp, "%s", mail);
4027 mail_routing_v[0] = temp;
4029 principal_v[0] = principal;
4031 if(!strcmp(group_ou, contact_ou))
4033 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4034 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4040 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4042 for (i = 0; i < n; i++)
4047 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4048 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4052 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4053 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4054 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4056 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4058 hide_address_lists_v[0] = "TRUE";
4059 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4063 rc = ldap_modify_s(ld, new_dn, mods);
4067 com_err(whoami, 0, "Unable to update contact %s", mail);
4070 for (i = 0; i < n; i++)
4075 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4077 com_err(whoami, 0, "Unable to create contact %s : %s",
4078 user, ldap_err2string(rc));
4085 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4086 char *Uid, char *MitId, char *MoiraId, int State,
4087 char *WinHomeDir, char *WinProfileDir, char *first,
4088 char *middle, char *last, char *shell, char *class)
4091 LK_ENTRY *group_base;
4093 char distinguished_name[512];
4094 char displayName[256];
4095 char *mitMoiraId_v[] = {NULL, NULL};
4096 char *mitMoiraClass_v[] = {NULL, NULL};
4097 char *mitMoiraStatus_v[] = {NULL, NULL};
4098 char *uid_v[] = {NULL, NULL};
4099 char *mitid_v[] = {NULL, NULL};
4100 char *homedir_v[] = {NULL, NULL};
4101 char *winProfile_v[] = {NULL, NULL};
4102 char *drives_v[] = {NULL, NULL};
4103 char *userAccountControl_v[] = {NULL, NULL};
4104 char *alt_recipient_v[] = {NULL, NULL};
4105 char *hide_address_lists_v[] = {NULL, NULL};
4106 char *mail_v[] = {NULL, NULL};
4107 char *gid_v[] = {NULL, NULL};
4108 char *loginshell_v[] = {NULL, NULL};
4109 char *principal_v[] = {NULL, NULL};
4110 char userAccountControlStr[80];
4115 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4116 UF_PASSWD_CANT_CHANGE;
4118 char *attr_array[3];
4121 char contact_mail[256];
4122 char filter_exp[1024];
4123 char search_path[512];
4124 char TemplateDn[512];
4125 char TemplateSamName[128];
4126 char alt_recipient[256];
4127 char principal[256];
4129 char acBERBuf[N_SD_BER_BYTES];
4130 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4131 { N_SD_BER_BYTES, acBERBuf },
4133 LDAPControl *apsServerControls[] = {&sControl, NULL};
4135 LDAP_BERVAL **ppsValues;
4139 char *homeServerName;
4141 char search_string[256];
4143 char *mail_routing_v[] = {NULL, NULL};
4146 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4147 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4148 BEREncodeSecurityBits(dwInfo, acBERBuf);
4150 if (!check_string(user_name))
4152 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4154 return(AD_INVALID_NAME);
4157 memset(contact_mail, '\0', sizeof(contact_mail));
4158 sprintf(contact_mail, "%s@mit.edu", user_name);
4159 memset(mail, '\0', sizeof(mail));
4160 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4161 memset(alt_recipient, '\0', sizeof(alt_recipient));
4162 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4164 sprintf(search_string, "@%s", uppercase(ldap_domain));
4168 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4170 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4177 memset(displayName, '\0', sizeof(displayName));
4179 if (strlen(MoiraId) != 0)
4183 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4188 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4191 attr_array[0] = "cn";
4192 attr_array[1] = NULL;
4193 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4194 &group_base, &group_count,
4195 LDAP_SCOPE_SUBTREE)) != 0)
4197 com_err(whoami, 0, "Unable to process user %s : %s",
4198 user_name, ldap_err2string(rc));
4203 if (group_count != 1)
4205 linklist_free(group_base);
4208 sprintf(filter, "(sAMAccountName=%s)", user_name);
4209 attr_array[0] = "cn";
4210 attr_array[1] = NULL;
4211 sprintf(temp, "%s,%s", user_ou, dn_path);
4212 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4213 &group_base, &group_count,
4214 LDAP_SCOPE_SUBTREE)) != 0)
4216 com_err(whoami, 0, "Unable to process user %s : %s",
4217 user_name, ldap_err2string(rc));
4222 if (group_count != 1)
4224 com_err(whoami, 0, "Unable to find user %s in directory",
4226 linklist_free(group_base);
4227 return(AD_NO_USER_FOUND);
4230 strcpy(distinguished_name, group_base->dn);
4232 linklist_free(group_base);
4235 if(!ActiveDirectory)
4237 if (rc = moira_connect())
4239 critical_alert("Ldap incremental",
4240 "Error contacting Moira server : %s",
4245 argv[0] = user_name;
4247 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4250 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4252 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4254 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4259 "Unable to set the mailRoutingAddress for %s : %s",
4260 user_name, ldap_err2string(rc));
4262 p = strdup(save_argv[3]);
4264 if((c = strchr(p, ',')) != NULL)
4269 if ((c = strchr(q, '@')) == NULL)
4270 sprintf(temp, "%s@mit.edu", q);
4272 sprintf(temp, "%s", q);
4274 if(email_isvalid(temp) && State != US_DELETED)
4276 mail_routing_v[0] = temp;
4279 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4281 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4283 if (rc == LDAP_ALREADY_EXISTS ||
4284 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4289 "Unable to set the mailRoutingAddress for %s : %s",
4290 user_name, ldap_err2string(rc));
4293 while((q = strtok(NULL, ",")) != NULL) {
4296 if((c = strchr(q, '@')) == NULL)
4297 sprintf(temp, "%s@mit.edu", q);
4299 sprintf(temp, "%s", q);
4301 if(email_isvalid(temp) && State != US_DELETED)
4303 mail_routing_v[0] = temp;
4306 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4309 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4311 if (rc == LDAP_ALREADY_EXISTS ||
4312 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4317 "Unable to set the mailRoutingAddress for "
4319 user_name, ldap_err2string(rc));
4325 if((c = strchr(p, '@')) == NULL)
4326 sprintf(temp, "%s@mit.edu", p);
4328 sprintf(temp, "%s", p);
4330 if(email_isvalid(temp) && State != US_DELETED)
4332 mail_routing_v[0] = temp;
4335 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4337 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4339 if (rc == LDAP_ALREADY_EXISTS ||
4340 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4345 "Unable to set the mailRoutingAddress for %s : %s",
4346 user_name, ldap_err2string(rc));
4353 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4354 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4355 "employeeID", user_name);
4357 rc = attribute_update(ldap_handle, distinguished_name, "none",
4358 "employeeID", user_name);
4361 strcat(displayName, first);
4364 if(strlen(middle)) {
4366 strcat(displayName, " ");
4368 strcat(displayName, middle);
4372 if(strlen(middle) || strlen(first))
4373 strcat(displayName, " ");
4375 strcat(displayName, last);
4378 if(strlen(displayName))
4379 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4380 "displayName", user_name);
4382 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4383 "displayName", user_name);
4385 if(!ActiveDirectory)
4387 if(strlen(displayName))
4388 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4391 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4395 if(!ActiveDirectory)
4397 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4398 "eduPersonNickname", user_name);
4402 rc = attribute_update(ldap_handle, distinguished_name, first,
4403 "givenName", user_name);
4405 rc = attribute_update(ldap_handle, distinguished_name, "",
4406 "givenName", user_name);
4408 if(strlen(middle) == 1)
4409 rc = attribute_update(ldap_handle, distinguished_name, middle,
4410 "initials", user_name);
4412 rc = attribute_update(ldap_handle, distinguished_name, "",
4413 "initials", user_name);
4416 rc = attribute_update(ldap_handle, distinguished_name, last,
4419 rc = attribute_update(ldap_handle, distinguished_name, "",
4424 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4429 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4433 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4434 "mitMoiraId", user_name);
4443 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4452 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4453 sprintf(status, "%d", State);
4454 principal_v[0] = principal;
4455 loginshell_v[0] = shell;
4456 mitMoiraClass_v[0] = class;
4457 mitMoiraStatus_v[0] = status;
4459 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4460 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4461 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4462 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4463 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4464 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4467 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4469 userAccountControl |= UF_ACCOUNTDISABLE;
4473 hide_address_lists_v[0] = "TRUE";
4474 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4482 hide_address_lists_v[0] = NULL;
4483 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4488 sprintf(userAccountControlStr, "%ld", userAccountControl);
4489 userAccountControl_v[0] = userAccountControlStr;
4490 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4494 if (rc = moira_connect())
4496 critical_alert("Ldap incremental",
4497 "Error contacting Moira server : %s",
4502 argv[0] = user_name;
4504 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4506 if(!strcmp(save_argv[1], "EXCHANGE") ||
4507 (strstr(save_argv[3], search_string) != NULL))
4509 alt_recipient_v[0] = NULL;
4510 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4512 argv[0] = exchange_acl;
4514 argv[2] = user_name;
4516 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4518 if ((rc) && (rc != MR_EXISTS))
4520 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4521 user_name, exchange_acl, error_message(rc));
4526 alt_recipient_v[0] = alt_recipient;
4527 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4529 argv[0] = exchange_acl;
4531 argv[2] = user_name;
4533 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4535 if ((rc) && (rc != MR_NO_MATCH))
4538 "Unable to remove user %s from %s: %s, %d",
4539 user_name, exchange_acl, error_message(rc), rc);
4545 alt_recipient_v[0] = alt_recipient;
4546 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4548 argv[0] = exchange_acl;
4550 argv[2] = user_name;
4552 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4554 if ((rc) && (rc != MR_NO_MATCH))
4557 "Unable to remove user %s from %s: %s, %d",
4558 user_name, exchange_acl, error_message(rc), rc);
4566 mail_v[0] = contact_mail;
4567 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4569 if(!ActiveDirectory)
4571 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4575 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4576 WinProfileDir, homedir_v, winProfile_v,
4577 drives_v, mods, LDAP_MOD_REPLACE, n);
4581 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4582 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4583 attr_array[0] = "sAMAccountName";
4584 attr_array[1] = NULL;
4588 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4590 &group_base, &group_count,
4591 LDAP_SCOPE_SUBTREE) != 0))
4594 if (group_count != 1)
4596 com_err(whoami, 0, "Unable to process user security template: %s - "
4597 "security not set", "UserTemplate.u");
4601 strcpy(TemplateDn, group_base->dn);
4602 strcpy(TemplateSamName, group_base->value);
4603 linklist_free(group_base);
4607 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4608 filter_exp, NULL, 0, apsServerControls, NULL,
4611 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4613 com_err(whoami, 0, "Unable to find user security template: %s - "
4614 "security not set", "UserTemplate.u");
4618 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4619 "ntSecurityDescriptor");
4621 if (ppsValues == NULL)
4623 com_err(whoami, 0, "Unable to find user security template: %s - "
4624 "security not set", "UserTemplate.u");
4628 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4629 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4634 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4635 mods)) != LDAP_SUCCESS)
4637 OldUseSFU30 = UseSFU30;
4638 SwitchSFU(mods, &UseSFU30, n);
4639 if (OldUseSFU30 != UseSFU30)
4640 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4643 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4644 user_name, ldap_err2string(rc));
4648 for (i = 0; i < n; i++)
4654 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4662 char contact_mail[256];
4663 char proxy_address[256];
4664 char query_base_dn[256];
4666 char *userPrincipalName_v[] = {NULL, NULL};
4667 char *altSecurityIdentities_v[] = {NULL, NULL};
4668 char *name_v[] = {NULL, NULL};
4669 char *samAccountName_v[] = {NULL, NULL};
4670 char *mail_v[] = {NULL, NULL};
4671 char *mail_nickname_v[] = {NULL, NULL};
4672 char *proxy_address_v[] = {NULL, NULL};
4673 char *query_base_dn_v[] = {NULL, NULL};
4674 char *principal_v[] = {NULL, NULL};
4675 char principal[256];
4680 if (!check_string(before_user_name))
4683 "Unable to process invalid LDAP user name %s", before_user_name);
4684 return(AD_INVALID_NAME);
4687 if (!check_string(user_name))
4690 "Unable to process invalid LDAP user name %s", user_name);
4691 return(AD_INVALID_NAME);
4694 strcpy(user_name, user_name);
4697 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4699 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4702 sprintf(new_dn, "cn=%s", user_name);
4704 sprintf(new_dn, "uid=%s", user_name);
4706 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4707 sprintf(contact_mail, "%s@mit.edu", user_name);
4708 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4709 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4711 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4712 NULL, NULL)) != LDAP_SUCCESS)
4714 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4715 before_user_name, user_name, ldap_err2string(rc));
4721 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4724 if(rc = ldap_delete_s(ldap_handle, temp))
4726 com_err(whoami, 0, "Unable to delete user contact for %s",
4730 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4732 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4736 name_v[0] = user_name;
4737 sprintf(upn, "%s@%s", user_name, ldap_domain);
4738 userPrincipalName_v[0] = upn;
4739 principal_v[0] = principal;
4740 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4741 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4742 altSecurityIdentities_v[0] = temp;
4743 samAccountName_v[0] = user_name;
4745 mail_nickname_v[0] = user_name;
4746 proxy_address_v[0] = proxy_address;
4747 query_base_dn_v[0] = query_base_dn;
4750 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4751 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4752 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4753 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4755 if(!ActiveDirectory)
4757 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4758 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4759 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4760 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4765 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4766 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4767 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4768 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4772 mail_v[0] = contact_mail;
4773 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4775 if(!ActiveDirectory)
4777 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4784 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4786 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4788 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4791 "Unable to modify user data for %s after renaming : %s",
4792 user_name, ldap_err2string(rc));
4795 for (i = 0; i < n; i++)
4801 int user_create(int ac, char **av, void *ptr)
4805 char user_name[256];
4809 char contact_mail[256];
4810 char proxy_address[256];
4811 char mail_nickname[256];
4812 char query_base_dn[256];
4813 char displayName[256];
4814 char address_book[256];
4815 char alt_recipient[256];
4816 char *cn_v[] = {NULL, NULL};
4817 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4819 char *objectClass_ldap_v[] = {"top",
4820 "eduPerson", "posixAccount",
4821 "apple-user", "shadowAccount",
4822 "microsoftComTop", "securityPrincipal",
4823 "inetOrgPerson", "user",
4824 "organizationalPerson", "person",
4825 "mailRecipient", NULL};
4827 char *samAccountName_v[] = {NULL, NULL};
4828 char *altSecurityIdentities_v[] = {NULL, NULL};
4829 char *mitMoiraId_v[] = {NULL, NULL};
4830 char *mitMoiraClass_v[] = {NULL, NULL};
4831 char *mitMoiraStatus_v[] = {NULL, NULL};
4832 char *name_v[] = {NULL, NULL};
4833 char *desc_v[] = {NULL, NULL};
4834 char *userPrincipalName_v[] = {NULL, NULL};
4835 char *userAccountControl_v[] = {NULL, NULL};
4836 char *uid_v[] = {NULL, NULL};
4837 char *gid_v[] = {NULL, NULL};
4838 char *mitid_v[] = {NULL, NULL};
4839 char *homedir_v[] = {NULL, NULL};
4840 char *winProfile_v[] = {NULL, NULL};
4841 char *drives_v[] = {NULL, NULL};
4842 char *mail_v[] = {NULL, NULL};
4843 char *givenName_v[] = {NULL, NULL};
4844 char *sn_v[] = {NULL, NULL};
4845 char *initials_v[] = {NULL, NULL};
4846 char *displayName_v[] = {NULL, NULL};
4847 char *proxy_address_v[] = {NULL, NULL};
4848 char *mail_nickname_v[] = {NULL, NULL};
4849 char *query_base_dn_v[] = {NULL, NULL};
4850 char *address_book_v[] = {NULL, NULL};
4851 char *homeMDB_v[] = {NULL, NULL};
4852 char *homeServerName_v[] = {NULL, NULL};
4853 char *mdbUseDefaults_v[] = {NULL, NULL};
4854 char *mailbox_guid_v[] = {NULL, NULL};
4855 char *user_culture_v[] = {NULL, NULL};
4856 char *user_account_control_v[] = {NULL, NULL};
4857 char *msexch_version_v[] = {NULL, NULL};
4858 char *alt_recipient_v[] = {NULL, NULL};
4859 char *hide_address_lists_v[] = {NULL, NULL};
4860 char *principal_v[] = {NULL, NULL};
4861 char *loginshell_v[] = {NULL, NULL};
4862 char userAccountControlStr[80];
4864 char principal[256];
4865 char filter_exp[1024];
4866 char search_path[512];
4867 char *attr_array[3];
4868 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4869 UF_PASSWD_CANT_CHANGE;
4875 char WinHomeDir[1024];
4876 char WinProfileDir[1024];
4878 char *homeServerName;
4880 char acBERBuf[N_SD_BER_BYTES];
4881 LK_ENTRY *group_base;
4883 char TemplateDn[512];
4884 char TemplateSamName[128];
4885 LDAP_BERVAL **ppsValues;
4886 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4887 { N_SD_BER_BYTES, acBERBuf },
4889 LDAPControl *apsServerControls[] = {&sControl, NULL};
4893 char search_string[256];
4894 char *o_v[] = {NULL, NULL};
4896 char *mail_routing_v[] = {NULL, NULL};
4901 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4902 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4903 BEREncodeSecurityBits(dwInfo, acBERBuf);
4905 if (!check_string(av[U_NAME]))
4907 callback_rc = AD_INVALID_NAME;
4908 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4910 return(AD_INVALID_NAME);
4913 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4914 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4915 memset(displayName, '\0', sizeof(displayName));
4916 memset(query_base_dn, '\0', sizeof(query_base_dn));
4917 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4918 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4919 strcpy(user_name, av[U_NAME]);
4920 sprintf(upn, "%s@%s", user_name, ldap_domain);
4921 sprintf(sam_name, "%s", av[U_NAME]);
4923 if(strlen(av[U_FIRST])) {
4924 strcat(displayName, av[U_FIRST]);
4927 if(strlen(av[U_MIDDLE])) {
4928 if(strlen(av[U_FIRST]))
4929 strcat(displayName, " ");
4931 strcat(displayName, av[U_MIDDLE]);
4934 if(strlen(av[U_LAST])) {
4935 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4936 strcat(displayName, " ");
4938 strcat(displayName, av[U_LAST]);
4941 samAccountName_v[0] = sam_name;
4942 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4943 (atoi(av[U_STATE]) != US_REGISTERED))
4945 userAccountControl |= UF_ACCOUNTDISABLE;
4949 hide_address_lists_v[0] = "TRUE";
4950 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4955 sprintf(userAccountControlStr, "%ld", userAccountControl);
4956 userAccountControl_v[0] = userAccountControlStr;
4957 userPrincipalName_v[0] = upn;
4960 cn_v[0] = user_name;
4962 cn_v[0] = displayName;
4964 name_v[0] = user_name;
4965 desc_v[0] = "Auto account created by Moira";
4967 givenName_v[0] = av[U_FIRST];
4970 sn_v[0] = av[U_LAST];
4972 if(strlen(av[U_LAST]))
4973 sn_v[0] = av[U_LAST];
4975 sn_v[0] = av[U_NAME];
4977 displayName_v[0] = displayName;
4978 mail_nickname_v[0] = user_name;
4979 o_v[0] = "Massachusetts Institute of Technology";
4981 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4982 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4983 altSecurityIdentities_v[0] = temp;
4984 principal_v[0] = principal;
4987 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4989 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4991 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4992 sprintf(contact_mail, "%s@mit.edu", user_name);
4993 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4994 query_base_dn_v[0] = query_base_dn;
4995 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4997 sprintf(search_string, "@%s", uppercase(ldap_domain));
5001 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5004 com_err(whoami, 0, "Unable to create user contact %s",
5008 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5011 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5015 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5016 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5018 homeMDB_v[0] = homeMDB;
5019 homeServerName_v[0] = homeServerName;
5024 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5028 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5032 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5035 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5036 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5037 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5038 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5039 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5043 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5044 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5045 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5046 mdbUseDefaults_v[0] = "TRUE";
5047 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5048 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5050 argv[0] = user_name;
5052 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5054 if(!strcmp(save_argv[1], "EXCHANGE") ||
5055 (strstr(save_argv[3], search_string) != NULL))
5057 argv[0] = exchange_acl;
5059 argv[2] = user_name;
5061 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5063 if ((rc) && (rc != MR_EXISTS))
5065 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5066 user_name, exchange_acl, error_message(rc));
5071 alt_recipient_v[0] = alt_recipient;
5072 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5077 alt_recipient_v[0] = alt_recipient;
5078 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5080 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5085 mail_v[0] = contact_mail;
5086 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5088 if(!ActiveDirectory)
5090 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5094 if(strlen(av[U_FIRST])) {
5095 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5098 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5099 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5102 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5103 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5105 if(!ActiveDirectory)
5107 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5110 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5112 if(!ActiveDirectory)
5114 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5118 if (strlen(av[U_MIDDLE]) == 1) {
5119 initials_v[0] = av[U_MIDDLE];
5120 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5123 if (strlen(call_args[2]) != 0)
5125 mitMoiraId_v[0] = call_args[2];
5126 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5129 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5131 if(!ActiveDirectory)
5133 loginshell_v[0] = av[U_SHELL];
5134 mitMoiraClass_v[0] = av[U_CLASS];
5135 mitMoiraStatus_v[0] = av[U_STATE];
5136 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5137 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5138 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5139 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5140 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5141 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5144 if (strlen(av[U_UID]) != 0)
5146 uid_v[0] = av[U_UID];
5150 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5155 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5156 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5163 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5167 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5172 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5173 mitid_v[0] = av[U_MITID];
5175 mitid_v[0] = "none";
5177 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5179 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5180 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5181 drives_v, mods, LDAP_MOD_ADD, n);
5185 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5186 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5187 attr_array[0] = "sAMAccountName";
5188 attr_array[1] = NULL;
5192 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5193 attr_array, &group_base, &group_count,
5194 LDAP_SCOPE_SUBTREE) != 0))
5197 if (group_count != 1)
5199 com_err(whoami, 0, "Unable to process user security template: %s - "
5200 "security not set", "UserTemplate.u");
5204 strcpy(TemplateDn, group_base->dn);
5205 strcpy(TemplateSamName, group_base->value);
5206 linklist_free(group_base);
5210 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5211 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5212 apsServerControls, NULL,
5215 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5217 com_err(whoami, 0, "Unable to find user security template: %s - "
5218 "security not set", "UserTemplate.u");
5222 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5223 "ntSecurityDescriptor");
5224 if (ppsValues == NULL)
5226 com_err(whoami, 0, "Unable to find user security template: %s - "
5227 "security not set", "UserTemplate.u");
5231 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5232 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5237 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5239 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5241 OldUseSFU30 = UseSFU30;
5242 SwitchSFU(mods, &UseSFU30, n);
5243 if (OldUseSFU30 != UseSFU30)
5244 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5247 for (i = 0; i < n; i++)
5250 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5252 com_err(whoami, 0, "Unable to create user %s : %s",
5253 user_name, ldap_err2string(rc));
5258 if ((rc == LDAP_SUCCESS) && (SetPassword))
5260 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5262 ad_kdc_disconnect();
5263 if (!ad_server_connect(default_server, ldap_domain))
5265 com_err(whoami, 0, "Unable to set password for user %s : %s",
5267 "cannot get changepw ticket from windows domain");
5271 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5273 com_err(whoami, 0, "Unable to set password for user %s "
5274 ": %ld", user_name, rc);
5280 if(!ActiveDirectory)
5282 if (rc = moira_connect())
5284 critical_alert("Ldap incremental",
5285 "Error contacting Moira server : %s",
5290 argv[0] = user_name;
5292 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5295 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5297 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5299 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5304 "Unable to set the mailRoutingAddress for %s : %s",
5305 user_name, ldap_err2string(rc));
5307 p = strdup(save_argv[3]);
5309 if((c = strchr(p, ',')) != NULL) {
5313 if ((c = strchr(q, '@')) == NULL)
5314 sprintf(temp, "%s@mit.edu", q);
5316 sprintf(temp, "%s", q);
5318 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5320 mail_routing_v[0] = temp;
5323 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5325 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5327 if (rc == LDAP_ALREADY_EXISTS ||
5328 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5333 "Unable to set the mailRoutingAddress for %s : %s",
5334 user_name, ldap_err2string(rc));
5337 while((q = strtok(NULL, ",")) != NULL) {
5340 if((c = strchr(q, '@')) == NULL)
5341 sprintf(temp, "%s@mit.edu", q);
5343 sprintf(temp, "%s", q);
5345 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5347 mail_routing_v[0] = temp;
5350 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5352 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5354 if (rc == LDAP_ALREADY_EXISTS ||
5355 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5360 "Unable to set the mailRoutingAddress for %s : %s",
5361 user_name, ldap_err2string(rc));
5367 if((c = strchr(p, '@')) == NULL)
5368 sprintf(temp, "%s@mit.edu", p);
5370 sprintf(temp, "%s", p);
5372 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5374 mail_routing_v[0] = temp;
5377 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5379 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5381 if (rc == LDAP_ALREADY_EXISTS ||
5382 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5387 "Unable to set the mailRoutingAddress for %s : %s",
5388 user_name, ldap_err2string(rc));
5398 int user_change_status(LDAP *ldap_handle, char *dn_path,
5399 char *user_name, char *MoiraId,
5403 char *attr_array[3];
5405 char distinguished_name[1024];
5407 char *mitMoiraId_v[] = {NULL, NULL};
5409 LK_ENTRY *group_base;
5416 if (!check_string(user_name))
5418 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5420 return(AD_INVALID_NAME);
5426 if (strlen(MoiraId) != 0)
5428 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5429 attr_array[0] = "UserAccountControl";
5430 attr_array[1] = NULL;
5431 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5432 &group_base, &group_count,
5433 LDAP_SCOPE_SUBTREE)) != 0)
5435 com_err(whoami, 0, "Unable to process user %s : %s",
5436 user_name, ldap_err2string(rc));
5441 if (group_count != 1)
5443 linklist_free(group_base);
5446 sprintf(filter, "(sAMAccountName=%s)", user_name);
5447 attr_array[0] = "UserAccountControl";
5448 attr_array[1] = NULL;
5449 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5450 &group_base, &group_count,
5451 LDAP_SCOPE_SUBTREE)) != 0)
5453 com_err(whoami, 0, "Unable to process user %s : %s",
5454 user_name, ldap_err2string(rc));
5459 if (group_count != 1)
5461 linklist_free(group_base);
5462 com_err(whoami, 0, "Unable to find user %s in directory",
5464 return(LDAP_NO_SUCH_OBJECT);
5467 strcpy(distinguished_name, group_base->dn);
5468 ulongValue = atoi((*group_base).value);
5470 if (operation == MEMBER_DEACTIVATE)
5471 ulongValue |= UF_ACCOUNTDISABLE;
5473 ulongValue &= ~UF_ACCOUNTDISABLE;
5475 sprintf(temp, "%ld", ulongValue);
5477 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5478 temp, &modvalues, REPLACE)) == 1)
5481 linklist_free(group_base);
5485 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5487 if (strlen(MoiraId) != 0)
5489 mitMoiraId_v[0] = MoiraId;
5490 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5494 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5496 for (i = 0; i < n; i++)
5499 free_values(modvalues);
5501 if (rc != LDAP_SUCCESS)
5503 com_err(whoami, 0, "Unable to change status of user %s : %s",
5504 user_name, ldap_err2string(rc));
5511 int user_delete(LDAP *ldap_handle, char *dn_path,
5512 char *u_name, char *MoiraId)
5515 char *attr_array[3];
5516 char distinguished_name[1024];
5517 char user_name[512];
5518 LK_ENTRY *group_base;
5523 if (!check_string(u_name))
5524 return(AD_INVALID_NAME);
5526 strcpy(user_name, u_name);
5530 if (strlen(MoiraId) != 0)
5532 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5533 attr_array[0] = "name";
5534 attr_array[1] = NULL;
5535 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5536 &group_base, &group_count,
5537 LDAP_SCOPE_SUBTREE)) != 0)
5539 com_err(whoami, 0, "Unable to process user %s : %s",
5540 user_name, ldap_err2string(rc));
5545 if (group_count != 1)
5547 linklist_free(group_base);
5550 sprintf(filter, "(sAMAccountName=%s)", user_name);
5551 attr_array[0] = "name";
5552 attr_array[1] = NULL;
5553 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5554 &group_base, &group_count,
5555 LDAP_SCOPE_SUBTREE)) != 0)
5557 com_err(whoami, 0, "Unable to process user %s : %s",
5558 user_name, ldap_err2string(rc));
5563 if (group_count != 1)
5568 strcpy(distinguished_name, group_base->dn);
5570 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5572 com_err(whoami, 0, "Unable to process user %s : %s",
5573 user_name, ldap_err2string(rc));
5576 /* Need to add code to delete mit.edu contact */
5580 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5582 if(rc = ldap_delete_s(ldap_handle, temp))
5584 com_err(whoami, 0, "Unable to delete user contact for %s",
5590 linklist_free(group_base);
5595 void linklist_free(LK_ENTRY *linklist_base)
5597 LK_ENTRY *linklist_previous;
5599 while (linklist_base != NULL)
5601 if (linklist_base->dn != NULL)
5602 free(linklist_base->dn);
5604 if (linklist_base->attribute != NULL)
5605 free(linklist_base->attribute);
5607 if (linklist_base->value != NULL)
5608 free(linklist_base->value);
5610 if (linklist_base->member != NULL)
5611 free(linklist_base->member);
5613 if (linklist_base->type != NULL)
5614 free(linklist_base->type);
5616 if (linklist_base->list != NULL)
5617 free(linklist_base->list);
5619 linklist_previous = linklist_base;
5620 linklist_base = linklist_previous->next;
5621 free(linklist_previous);
5625 void free_values(char **modvalues)
5631 if (modvalues != NULL)
5633 while (modvalues[i] != NULL)
5636 modvalues[i] = NULL;
5643 static int illegalchars[] = {
5644 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5645 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5646 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5647 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5648 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5649 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5650 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5651 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5652 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5654 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5655 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5656 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 static int illegalchars_ldap[] = {
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5664 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5665 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5666 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5667 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5669 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5670 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5674 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5676 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5677 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5681 int check_string(char *s)
5692 if (isupper(character))
5693 character = tolower(character);
5697 if (illegalchars[(unsigned) character])
5699 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5700 character, (unsigned) character, string);
5706 if (illegalchars_ldap[(unsigned) character])
5708 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5709 character, (unsigned) character, string);
5718 int check_container_name(char *s)
5726 if (isupper(character))
5727 character = tolower(character);
5729 if (character == ' ')
5732 if (illegalchars[(unsigned) character])
5739 int mr_connect_cl(char *server, char *client, int version, int auth)
5745 status = mr_connect(server);
5749 com_err(whoami, status, "while connecting to Moira");
5753 status = mr_motd(&motd);
5758 com_err(whoami, status, "while checking server status");
5764 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5765 com_err(whoami, status, temp);
5770 status = mr_version(version);
5774 if (status == MR_UNKNOWN_PROC)
5777 status = MR_VERSION_HIGH;
5779 status = MR_SUCCESS;
5782 if (status == MR_VERSION_HIGH)
5784 com_err(whoami, 0, "Warning: This client is running newer code "
5785 "than the server.");
5786 com_err(whoami, 0, "Some operations may not work.");
5788 else if (status && status != MR_VERSION_LOW)
5790 com_err(whoami, status, "while setting query version number.");
5798 status = mr_krb5_auth(client);
5801 com_err(whoami, status, "while authenticating to Moira.");
5810 void AfsToWinAfs(char* path, char* winPath)
5814 strcpy(winPath, WINAFS);
5815 pathPtr = path + strlen(AFS);
5816 winPathPtr = winPath + strlen(WINAFS);
5820 if (*pathPtr == '/')
5823 *winPathPtr = *pathPtr;
5830 int GetAceInfo(int ac, char **av, void *ptr)
5837 strcpy(call_args[0], av[L_ACE_TYPE]);
5838 strcpy(call_args[1], av[L_ACE_NAME]);
5840 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5841 return(LDAP_SUCCESS);
5844 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5847 char *attr_array[3];
5850 LK_ENTRY *group_base;
5855 sprintf(filter, "(sAMAccountName=%s)", Name);
5856 attr_array[0] = "sAMAccountName";
5857 attr_array[1] = NULL;
5859 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5860 &group_base, &group_count,
5861 LDAP_SCOPE_SUBTREE)) != 0)
5863 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5864 Name, ldap_err2string(rc));
5868 linklist_free(group_base);
5871 if (group_count == 0)
5879 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5880 int UpdateGroup, int *ProcessGroup, char *maillist)
5883 char GroupName[256];
5889 char AceMembership[2];
5892 char *save_argv[U_END];
5896 com_err(whoami, 0, "ProcessAce disabled, skipping");
5900 strcpy(GroupName, Name);
5902 if (strcasecmp(Type, "LIST"))
5908 AceInfo[0] = AceType;
5909 AceInfo[1] = AceName;
5910 AceInfo[2] = AceMembership;
5912 memset(AceType, '\0', sizeof(AceType));
5913 memset(AceName, '\0', sizeof(AceName));
5914 memset(AceMembership, '\0', sizeof(AceMembership));
5915 memset(AceOu, '\0', sizeof(AceOu));
5918 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5920 if(rc != MR_NO_MATCH)
5921 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5922 GroupName, error_message(rc));
5929 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5933 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5936 strcpy(temp, AceName);
5938 if (!strcasecmp(AceType, "LIST"))
5939 sprintf(temp, "%s%s", AceName, group_suffix);
5943 if (checkADname(ldap_handle, dn_path, temp))
5946 (*ProcessGroup) = 1;
5949 if (!strcasecmp(AceInfo[0], "LIST"))
5951 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5952 AceMembership, 0, UpdateGroup, maillist))
5955 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5958 else if (!strcasecmp(AceInfo[0], "USER"))
5961 call_args[0] = (char *)ldap_handle;
5962 call_args[1] = dn_path;
5964 call_args[3] = NULL;
5967 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5968 !strcasecmp(AceName, TEST_PRINCIPAL))
5973 if (rc = mr_query("get_user_account_by_login", 1, av,
5974 save_query_info, save_argv))
5976 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5981 if (rc = user_create(U_END, save_argv, call_args))
5983 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5990 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6000 if (!strcasecmp(AceType, "LIST"))
6002 if (!strcasecmp(GroupName, AceName))
6006 strcpy(GroupName, AceName);
6012 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6013 char *group_name, char *group_ou, char *group_membership,
6014 int group_security_flag, int updateGroup, char *maillist)
6019 LK_ENTRY *group_base;
6022 char *attr_array[3];
6025 call_args[0] = (char *)ldap_handle;
6026 call_args[1] = dn_path;
6027 call_args[2] = group_name;
6028 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6029 call_args[4] = (char *)updateGroup;
6030 call_args[5] = MoiraId;
6032 call_args[7] = NULL;
6038 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6041 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6049 com_err(whoami, 0, "Unable to create list %s", group_name);
6050 return(callback_rc);
6056 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6057 char *group_ou, char *group_membership,
6058 int group_security_flag, char *MoiraId,
6074 char *member_v[] = {NULL, NULL};
6075 char *save_argv[U_END];
6076 char machine_ou[256];
6077 char NewMachineName[1024];
6079 com_err(whoami, 0, "Populating group %s", group_name);
6081 call_args[0] = (char *)ldap_handle;
6082 call_args[1] = dn_path;
6083 call_args[2] = group_name;
6084 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6086 call_args[4] = NULL;
6090 if (rc = mr_query("get_end_members_of_list", 1, av,
6091 member_list_build, call_args))
6096 com_err(whoami, 0, "Unable to populate list %s : %s",
6097 group_name, error_message(rc));
6101 if (member_base != NULL)
6107 if (!strcasecmp(ptr->type, "LIST"))
6113 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6119 if(!strcasecmp(ptr->type, "USER"))
6121 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6122 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6134 if(max_group_members && !synchronize && (group_members > max_group_members))
6137 "Group %s membership of %d exceeds maximum %d, skipping",
6138 group_name, group_members, max_group_members);
6142 members = (char **)malloc(sizeof(char *) * 2);
6144 if (member_base != NULL)
6150 if (!strcasecmp(ptr->type, "LIST"))
6156 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6162 if(!strcasecmp(ptr->type, "USER"))
6164 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6165 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6171 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6172 "")) == AD_NO_USER_FOUND)
6174 com_err(whoami, 0, "creating user %s", ptr->member);
6176 av[0] = ptr->member;
6177 call_args[0] = (char *)ldap_handle;
6178 call_args[1] = dn_path;
6180 call_args[3] = NULL;
6183 if (rc = mr_query("get_user_account_by_login", 1, av,
6184 save_query_info, save_argv))
6186 com_err(whoami, 0, "Unable to create user %s "
6187 "while populating group %s.", ptr->member,
6193 if (rc = user_create(U_END, save_argv, call_args))
6195 com_err(whoami, 0, "Unable to create user %s "
6196 "while populating group %s.", ptr->member,
6204 com_err(whoami, 0, "Unable to create user %s "
6205 "while populating group %s", ptr->member,
6216 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6221 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6225 else if (!strcasecmp(ptr->type, "STRING"))
6227 if (contact_create(ldap_handle, dn_path, ptr->member,
6231 pUserOu = contact_ou;
6232 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6235 else if (!strcasecmp(ptr->type, "KERBEROS"))
6237 if (contact_create(ldap_handle, dn_path, ptr->member,
6241 pUserOu = kerberos_ou;
6242 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6245 else if (!strcasecmp(ptr->type, "MACHINE"))
6247 memset(machine_ou, '\0', sizeof(machine_ou));
6248 memset(NewMachineName, '\0', sizeof(NewMachineName));
6250 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6251 machine_ou, NewMachineName))
6253 pUserOu = machine_ou;
6254 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6265 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6266 members[i++] = strdup(member);
6271 linklist_free(member_base);
6277 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6279 if(GroupPopulateDelete)
6282 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6285 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6286 mods)) != LDAP_SUCCESS)
6289 "Unable to populate group membership for %s: %s",
6290 group_dn, ldap_err2string(rc));
6293 for (i = 0; i < n; i++)
6298 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6301 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6302 mods)) != LDAP_SUCCESS)
6305 "Unable to populate group membership for %s: %s",
6306 group_dn, ldap_err2string(rc));
6309 for (i = 0; i < n; i++)
6317 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6318 char *group_name, char *group_ou, char *group_membership,
6319 int group_security_flag, int type, char *maillist)
6321 char before_desc[512];
6322 char before_name[256];
6323 char before_group_ou[256];
6324 char before_group_membership[2];
6325 char distinguishedName[256];
6326 char ad_distinguishedName[256];
6328 char *attr_array[3];
6329 int before_security_flag;
6332 LK_ENTRY *group_base;
6335 char ou_security[512];
6336 char ou_distribution[512];
6337 char ou_neither[512];
6340 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6341 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6343 memset(filter, '\0', sizeof(filter));
6347 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6349 "samAccountName", &group_base,
6350 &group_count, filter))
6353 if (type == CHECK_GROUPS)
6355 if (group_count == 1)
6357 strcpy(group_dn, group_base->dn);
6359 if (!strcasecmp(group_dn, distinguishedName))
6361 linklist_free(group_base);
6366 linklist_free(group_base);
6368 if (group_count == 0)
6369 return(AD_NO_GROUPS_FOUND);
6371 if (group_count == 1)
6372 return(AD_WRONG_GROUP_DN_FOUND);
6374 return(AD_MULTIPLE_GROUPS_FOUND);
6377 if (group_count == 0)
6379 return(AD_NO_GROUPS_FOUND);
6382 if (group_count > 1)
6386 strcpy(group_dn, ptr->dn);
6390 if (!strcasecmp(group_dn, ptr->value))
6398 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6404 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6408 linklist_free(group_base);
6409 return(AD_MULTIPLE_GROUPS_FOUND);
6416 strcpy(group_dn, ptr->dn);
6418 if (strcasecmp(group_dn, ptr->value))
6419 rc = ldap_delete_s(ldap_handle, ptr->value);
6424 linklist_free(group_base);
6425 memset(filter, '\0', sizeof(filter));
6429 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6431 "samAccountName", &group_base,
6432 &group_count, filter))
6435 if (group_count == 0)
6436 return(AD_NO_GROUPS_FOUND);
6438 if (group_count > 1)
6439 return(AD_MULTIPLE_GROUPS_FOUND);
6442 strcpy(ad_distinguishedName, group_base->dn);
6443 linklist_free(group_base);
6447 attr_array[0] = "sAMAccountName";
6448 attr_array[1] = NULL;
6450 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6451 &group_base, &group_count,
6452 LDAP_SCOPE_SUBTREE)) != 0)
6454 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6455 MoiraId, ldap_err2string(rc));
6459 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6461 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6463 linklist_free(group_base);
6469 linklist_free(group_base);
6472 memset(ou_both, '\0', sizeof(ou_both));
6473 memset(ou_security, '\0', sizeof(ou_security));
6474 memset(ou_distribution, '\0', sizeof(ou_distribution));
6475 memset(ou_neither, '\0', sizeof(ou_neither));
6476 memset(before_name, '\0', sizeof(before_name));
6477 memset(before_desc, '\0', sizeof(before_desc));
6478 memset(before_group_membership, '\0', sizeof(before_group_membership));
6480 attr_array[0] = "name";
6481 attr_array[1] = NULL;
6483 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6484 &group_base, &group_count,
6485 LDAP_SCOPE_SUBTREE)) != 0)
6487 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6488 MoiraId, ldap_err2string(rc));
6492 strcpy(before_name, group_base->value);
6493 linklist_free(group_base);
6497 attr_array[0] = "description";
6498 attr_array[1] = NULL;
6500 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6501 &group_base, &group_count,
6502 LDAP_SCOPE_SUBTREE)) != 0)
6505 "Unable to get list description with MoiraId = %s: %s",
6506 MoiraId, ldap_err2string(rc));
6510 if (group_count != 0)
6512 strcpy(before_desc, group_base->value);
6513 linklist_free(group_base);
6518 change_to_lower_case(ad_distinguishedName);
6519 strcpy(ou_both, group_ou_both);
6520 change_to_lower_case(ou_both);
6521 strcpy(ou_security, group_ou_security);
6522 change_to_lower_case(ou_security);
6523 strcpy(ou_distribution, group_ou_distribution);
6524 change_to_lower_case(ou_distribution);
6525 strcpy(ou_neither, group_ou_neither);
6526 change_to_lower_case(ou_neither);
6528 if (strstr(ad_distinguishedName, ou_both))
6530 strcpy(before_group_ou, group_ou_both);
6531 before_group_membership[0] = 'B';
6532 before_security_flag = 1;
6534 else if (strstr(ad_distinguishedName, ou_security))
6536 strcpy(before_group_ou, group_ou_security);
6537 before_group_membership[0] = 'S';
6538 before_security_flag = 1;
6540 else if (strstr(ad_distinguishedName, ou_distribution))
6542 strcpy(before_group_ou, group_ou_distribution);
6543 before_group_membership[0] = 'D';
6544 before_security_flag = 0;
6546 else if (strstr(ad_distinguishedName, ou_neither))
6548 strcpy(before_group_ou, group_ou_neither);
6549 before_group_membership[0] = 'N';
6550 before_security_flag = 0;
6553 return(AD_NO_OU_FOUND);
6555 rc = group_rename(ldap_handle, dn_path, before_name,
6556 before_group_membership,
6557 before_group_ou, before_security_flag, before_desc,
6558 group_name, group_membership, group_ou,
6559 group_security_flag,
6560 before_desc, MoiraId, filter, maillist);
6565 void change_to_lower_case(char *ptr)
6569 for (i = 0; i < (int)strlen(ptr); i++)
6571 ptr[i] = tolower(ptr[i]);
6575 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6576 char *group_name, char *group_membership,
6577 char *MoiraId, char *attribute,
6578 LK_ENTRY **linklist_base, int *linklist_count,
6583 char *attr_array[3];
6587 (*linklist_base) = NULL;
6588 (*linklist_count) = 0;
6590 if (strlen(rFilter) != 0)
6592 strcpy(filter, rFilter);
6593 attr_array[0] = attribute;
6594 attr_array[1] = NULL;
6596 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6597 linklist_base, linklist_count,
6598 LDAP_SCOPE_SUBTREE)) != 0)
6600 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6601 MoiraId, ldap_err2string(rc));
6605 if ((*linklist_count) == 1)
6607 strcpy(rFilter, filter);
6612 linklist_free((*linklist_base));
6613 (*linklist_base) = NULL;
6614 (*linklist_count) = 0;
6616 if (strlen(MoiraId) != 0)
6618 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6620 attr_array[0] = attribute;
6621 attr_array[1] = NULL;
6623 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6624 linklist_base, linklist_count,
6625 LDAP_SCOPE_SUBTREE)) != 0)
6627 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6628 MoiraId, ldap_err2string(rc));
6633 if ((*linklist_count) > 1)
6635 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6636 pPtr = (*linklist_base);
6640 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6645 linklist_free((*linklist_base));
6646 (*linklist_base) = NULL;
6647 (*linklist_count) = 0;
6650 if ((*linklist_count) == 1)
6653 pPtr = (*linklist_base);
6654 dn = strdup(pPtr->dn);
6657 if (!memcmp(dn, group_name, strlen(group_name)))
6659 strcpy(rFilter, filter);
6664 linklist_free((*linklist_base));
6665 (*linklist_base) = NULL;
6666 (*linklist_count) = 0;
6667 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6669 attr_array[0] = attribute;
6670 attr_array[1] = NULL;
6672 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6673 linklist_base, linklist_count,
6674 LDAP_SCOPE_SUBTREE)) != 0)
6676 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6677 MoiraId, ldap_err2string(rc));
6681 if ((*linklist_count) == 1)
6683 strcpy(rFilter, filter);
6690 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6693 char *attr_array[3];
6694 char SamAccountName[64];
6697 LK_ENTRY *group_base;
6703 if (strlen(MoiraId) != 0)
6705 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6707 attr_array[0] = "sAMAccountName";
6708 attr_array[1] = NULL;
6709 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6710 &group_base, &group_count,
6711 LDAP_SCOPE_SUBTREE)) != 0)
6713 com_err(whoami, 0, "Unable to process user %s : %s",
6714 UserName, ldap_err2string(rc));
6718 if (group_count > 1)
6720 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6726 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6727 gPtr->value, MoiraId);
6733 if (group_count != 1)
6735 linklist_free(group_base);
6738 sprintf(filter, "(sAMAccountName=%s)", UserName);
6739 attr_array[0] = "sAMAccountName";
6740 attr_array[1] = NULL;
6742 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6743 &group_base, &group_count,
6744 LDAP_SCOPE_SUBTREE)) != 0)
6746 com_err(whoami, 0, "Unable to process user %s : %s",
6747 UserName, ldap_err2string(rc));
6752 if (group_count != 1)
6754 linklist_free(group_base);
6755 return(AD_NO_USER_FOUND);
6758 strcpy(SamAccountName, group_base->value);
6759 linklist_free(group_base);
6763 if (strcmp(SamAccountName, UserName))
6766 "User object %s with MoiraId %s has mismatched usernames "
6767 "(LDAP username %s, Moira username %s)", SamAccountName,
6768 MoiraId, SamAccountName, UserName);
6774 void container_get_dn(char *src, char *dest)
6781 memset(array, '\0', 20 * sizeof(array[0]));
6783 if (strlen(src) == 0)
6805 strcpy(dest, "OU=");
6809 strcat(dest, array[n-1]);
6813 strcat(dest, ",OU=");
6820 void container_get_name(char *src, char *dest)
6825 if (strlen(src) == 0)
6845 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6852 strcpy(cName, name);
6854 for (i = 0; i < (int)strlen(cName); i++)
6856 if (cName[i] == '/')
6859 av[CONTAINER_NAME] = cName;
6860 av[CONTAINER_DESC] = "";
6861 av[CONTAINER_LOCATION] = "";
6862 av[CONTAINER_CONTACT] = "";
6863 av[CONTAINER_TYPE] = "";
6864 av[CONTAINER_ID] = "";
6865 av[CONTAINER_ROWID] = "";
6866 rc = container_create(ldap_handle, dn_path, 7, av);
6868 if (rc == LDAP_SUCCESS)
6870 com_err(whoami, 0, "container %s created without a mitMoiraId",
6879 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6880 char **before, int afterc, char **after)
6885 char new_dn_path[256];
6887 char distinguishedName[256];
6892 memset(cName, '\0', sizeof(cName));
6893 container_get_name(after[CONTAINER_NAME], cName);
6895 if (!check_container_name(cName))
6897 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6899 return(AD_INVALID_NAME);
6902 memset(distinguishedName, '\0', sizeof(distinguishedName));
6904 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6905 distinguishedName, beforec, before))
6908 if (strlen(distinguishedName) == 0)
6910 rc = container_create(ldap_handle, dn_path, afterc, after);
6914 strcpy(temp, after[CONTAINER_NAME]);
6917 for (i = 0; i < (int)strlen(temp); i++)
6927 container_get_dn(temp, dName);
6929 if (strlen(temp) != 0)
6930 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6932 sprintf(new_dn_path, "%s", dn_path);
6934 sprintf(new_cn, "OU=%s", cName);
6936 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6938 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6939 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6941 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6942 before[CONTAINER_NAME], after[CONTAINER_NAME],
6943 ldap_err2string(rc));
6947 memset(dName, '\0', sizeof(dName));
6948 container_get_dn(after[CONTAINER_NAME], dName);
6949 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6954 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6956 char distinguishedName[256];
6959 memset(distinguishedName, '\0', sizeof(distinguishedName));
6961 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6962 distinguishedName, count, av))
6965 if (strlen(distinguishedName) == 0)
6968 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6970 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6971 container_move_objects(ldap_handle, dn_path, distinguishedName);
6973 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6974 av[CONTAINER_NAME], ldap_err2string(rc));
6980 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6982 char *attr_array[3];
6983 LK_ENTRY *group_base;
6986 char *objectClass_v[] = {"top",
6987 "organizationalUnit",
6990 char *ou_v[] = {NULL, NULL};
6991 char *name_v[] = {NULL, NULL};
6992 char *moiraId_v[] = {NULL, NULL};
6993 char *desc_v[] = {NULL, NULL};
6994 char *managedBy_v[] = {NULL, NULL};
6997 char managedByDN[256];
7004 memset(filter, '\0', sizeof(filter));
7005 memset(dName, '\0', sizeof(dName));
7006 memset(cName, '\0', sizeof(cName));
7007 memset(managedByDN, '\0', sizeof(managedByDN));
7008 container_get_dn(av[CONTAINER_NAME], dName);
7009 container_get_name(av[CONTAINER_NAME], cName);
7011 if ((strlen(cName) == 0) || (strlen(dName) == 0))
7013 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7015 return(AD_INVALID_NAME);
7018 if (!check_container_name(cName))
7020 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7022 return(AD_INVALID_NAME);
7026 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
7028 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
7030 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
7032 if (strlen(av[CONTAINER_ROWID]) != 0)
7034 moiraId_v[0] = av[CONTAINER_ROWID];
7035 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7038 if (strlen(av[CONTAINER_DESC]) != 0)
7040 desc_v[0] = av[CONTAINER_DESC];
7041 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7044 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7046 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7048 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7051 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7052 kerberos_ou, dn_path);
7053 managedBy_v[0] = managedByDN;
7054 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7059 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7061 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7062 "(objectClass=user)))", av[CONTAINER_ID]);
7065 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7067 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7071 if (strlen(filter) != 0)
7073 attr_array[0] = "distinguishedName";
7074 attr_array[1] = NULL;
7077 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7079 &group_base, &group_count,
7080 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7082 if (group_count == 1)
7084 strcpy(managedByDN, group_base->value);
7085 managedBy_v[0] = managedByDN;
7086 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7088 linklist_free(group_base);
7098 sprintf(temp, "%s,%s", dName, dn_path);
7099 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7101 for (i = 0; i < n; i++)
7104 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7106 com_err(whoami, 0, "Unable to create container %s : %s",
7107 cName, ldap_err2string(rc));
7111 if (rc == LDAP_ALREADY_EXISTS)
7113 if (strlen(av[CONTAINER_ROWID]) != 0)
7114 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7120 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7121 char **before, int afterc, char **after)
7123 char distinguishedName[256];
7126 memset(distinguishedName, '\0', sizeof(distinguishedName));
7128 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7129 distinguishedName, afterc, after))
7132 if (strlen(distinguishedName) == 0)
7134 rc = container_create(ldap_handle, dn_path, afterc, after);
7138 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7139 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7145 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7146 char *distinguishedName, int count,
7149 char *attr_array[3];
7150 LK_ENTRY *group_base;
7157 memset(filter, '\0', sizeof(filter));
7158 memset(dName, '\0', sizeof(dName));
7159 memset(cName, '\0', sizeof(cName));
7160 container_get_dn(av[CONTAINER_NAME], dName);
7161 container_get_name(av[CONTAINER_NAME], cName);
7163 if (strlen(dName) == 0)
7165 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7166 av[CONTAINER_NAME]);
7167 return(AD_INVALID_NAME);
7170 if (!check_container_name(cName))
7172 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7174 return(AD_INVALID_NAME);
7177 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7178 av[CONTAINER_ROWID]);
7179 attr_array[0] = "distinguishedName";
7180 attr_array[1] = NULL;
7184 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7185 &group_base, &group_count,
7186 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7188 if (group_count == 1)
7190 strcpy(distinguishedName, group_base->value);
7193 linklist_free(group_base);
7198 if (strlen(distinguishedName) == 0)
7200 sprintf(filter, "(&(objectClass=organizationalUnit)"
7201 "(distinguishedName=%s,%s))", dName, dn_path);
7202 attr_array[0] = "distinguishedName";
7203 attr_array[1] = NULL;
7207 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7208 &group_base, &group_count,
7209 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7211 if (group_count == 1)
7213 strcpy(distinguishedName, group_base->value);
7216 linklist_free(group_base);
7225 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7226 char *distinguishedName, int count, char **av)
7228 char *attr_array[5];
7229 LK_ENTRY *group_base;
7234 char *moiraId_v[] = {NULL, NULL};
7235 char *desc_v[] = {NULL, NULL};
7236 char *managedBy_v[] = {NULL, NULL};
7237 char managedByDN[256];
7246 strcpy(ad_path, distinguishedName);
7248 if (strlen(dName) != 0)
7249 sprintf(ad_path, "%s,%s", dName, dn_path);
7251 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7254 if (strlen(av[CONTAINER_ID]) != 0)
7255 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7256 av[CONTAINER_ROWID]);
7258 attr_array[0] = "mitMoiraId";
7259 attr_array[1] = "description";
7260 attr_array[2] = "managedBy";
7261 attr_array[3] = NULL;
7265 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7266 &group_base, &group_count,
7267 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7269 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7270 av[CONTAINER_NAME], ldap_err2string(rc));
7274 memset(managedByDN, '\0', sizeof(managedByDN));
7275 memset(moiraId, '\0', sizeof(moiraId));
7276 memset(desc, '\0', sizeof(desc));
7281 if (!strcasecmp(pPtr->attribute, "description"))
7282 strcpy(desc, pPtr->value);
7283 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7284 strcpy(managedByDN, pPtr->value);
7285 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7286 strcpy(moiraId, pPtr->value);
7290 linklist_free(group_base);
7295 if (strlen(av[CONTAINER_ROWID]) != 0)
7297 moiraId_v[0] = av[CONTAINER_ROWID];
7298 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7301 if (strlen(av[CONTAINER_DESC]) != 0)
7303 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7308 if (strlen(desc) != 0)
7310 attribute_update(ldap_handle, ad_path, "", "description", dName);
7314 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7316 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7318 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7321 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7322 kerberos_ou, dn_path);
7323 managedBy_v[0] = managedByDN;
7324 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7328 if (strlen(managedByDN) != 0)
7330 attribute_update(ldap_handle, ad_path, "", "managedBy",
7337 memset(filter, '\0', sizeof(filter));
7339 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7341 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7342 "(objectClass=user)))", av[CONTAINER_ID]);
7345 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7347 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7351 if (strlen(filter) != 0)
7353 attr_array[0] = "distinguishedName";
7354 attr_array[1] = NULL;
7357 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7358 attr_array, &group_base, &group_count,
7359 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7361 if (group_count == 1)
7363 strcpy(managedByDN, group_base->value);
7364 managedBy_v[0] = managedByDN;
7365 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7369 if (strlen(managedByDN) != 0)
7371 attribute_update(ldap_handle, ad_path, "",
7372 "managedBy", dName);
7376 linklist_free(group_base);
7383 if (strlen(managedByDN) != 0)
7385 attribute_update(ldap_handle, ad_path, "", "managedBy",
7395 return(LDAP_SUCCESS);
7397 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7399 for (i = 0; i < n; i++)
7402 if (rc != LDAP_SUCCESS)
7404 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7405 av[CONTAINER_NAME], ldap_err2string(rc));
7412 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7414 char *attr_array[3];
7415 LK_ENTRY *group_base;
7422 int NumberOfEntries = 10;
7426 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7428 for (i = 0; i < 3; i++)
7430 memset(filter, '\0', sizeof(filter));
7434 strcpy(filter, "(!(|(objectClass=computer)"
7435 "(objectClass=organizationalUnit)))");
7436 attr_array[0] = "cn";
7437 attr_array[1] = NULL;
7441 strcpy(filter, "(objectClass=computer)");
7442 attr_array[0] = "cn";
7443 attr_array[1] = NULL;
7447 strcpy(filter, "(objectClass=organizationalUnit)");
7448 attr_array[0] = "ou";
7449 attr_array[1] = NULL;
7454 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7455 &group_base, &group_count,
7456 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7461 if (group_count == 0)
7468 if (!strcasecmp(pPtr->attribute, "cn"))
7470 sprintf(new_cn, "cn=%s", pPtr->value);
7472 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7474 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7479 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7481 if (rc == LDAP_ALREADY_EXISTS)
7483 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7490 else if (!strcasecmp(pPtr->attribute, "ou"))
7492 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7498 linklist_free(group_base);
7507 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7508 char *machine_ou, char *NewMachineName)
7510 LK_ENTRY *group_base;
7514 char *attr_array[3];
7521 strcpy(NewMachineName, member);
7522 rc = moira_connect();
7523 rc = GetMachineName(NewMachineName);
7526 if (strlen(NewMachineName) == 0)
7528 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7534 pPtr = strchr(NewMachineName, '.');
7541 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7542 attr_array[0] = "cn";
7543 attr_array[1] = NULL;
7544 sprintf(temp, "%s", dn_path);
7546 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7547 &group_base, &group_count,
7548 LDAP_SCOPE_SUBTREE)) != 0)
7550 com_err(whoami, 0, "Unable to process machine %s : %s",
7551 member, ldap_err2string(rc));
7555 if (group_count != 1)
7560 strcpy(dn, group_base->dn);
7561 strcpy(cn, group_base->value);
7563 for (i = 0; i < (int)strlen(dn); i++)
7564 dn[i] = tolower(dn[i]);
7566 for (i = 0; i < (int)strlen(cn); i++)
7567 cn[i] = tolower(cn[i]);
7569 linklist_free(group_base);
7571 pPtr = strstr(dn, cn);
7575 com_err(whoami, 0, "Unable to process machine %s",
7580 pPtr += strlen(cn) + 1;
7581 strcpy(machine_ou, pPtr);
7583 pPtr = strstr(machine_ou, "dc=");
7587 com_err(whoami, 0, "Unable to process machine %s",
7598 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7599 char *MoiraMachineName, char *DestinationOu)
7603 char MachineName[128];
7605 char *attr_array[3];
7610 LK_ENTRY *group_base;
7615 strcpy(MachineName, MoiraMachineName);
7616 rc = GetMachineName(MachineName);
7618 if (strlen(MachineName) == 0)
7620 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7625 cPtr = strchr(MachineName, '.');
7630 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7631 attr_array[0] = "sAMAccountName";
7632 attr_array[1] = NULL;
7634 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7636 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7638 com_err(whoami, 0, "Unable to process machine %s : %s",
7639 MoiraMachineName, ldap_err2string(rc));
7643 if (group_count == 1)
7644 strcpy(OldDn, group_base->dn);
7646 linklist_free(group_base);
7649 if (group_count != 1)
7651 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7656 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7657 cPtr = strchr(OldDn, ',');
7662 if (!strcasecmp(cPtr, NewOu))
7666 sprintf(NewCn, "CN=%s", MachineName);
7667 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7672 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7678 memset(Name, '\0', sizeof(Name));
7679 strcpy(Name, machine_name);
7681 pPtr = strchr(Name, '.');
7687 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7690 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7691 char *machine_name, char *container_name)
7697 av[0] = machine_name;
7698 call_args[0] = (char *)container_name;
7699 rc = mr_query("get_machine_to_container_map", 1, av,
7700 machine_GetMoiraContainer, call_args);
7704 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7709 strcpy(call_args[0], av[1]);
7713 int Moira_container_group_create(char **after)
7719 memset(GroupName, '\0', sizeof(GroupName));
7720 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7721 after[CONTAINER_ROWID]);
7725 argv[L_NAME] = GroupName;
7726 argv[L_ACTIVE] = "1";
7727 argv[L_PUBLIC] = "0";
7728 argv[L_HIDDEN] = "0";
7729 argv[L_MAILLIST] = "0";
7730 argv[L_GROUP] = "1";
7731 argv[L_GID] = UNIQUE_GID;
7732 argv[L_NFSGROUP] = "0";
7733 argv[L_MAILMAN] = "0";
7734 argv[L_MAILMAN_SERVER] = "[NONE]";
7735 argv[L_DESC] = "auto created container group";
7736 argv[L_ACE_TYPE] = "USER";
7737 argv[L_MEMACE_TYPE] = "USER";
7738 argv[L_ACE_NAME] = "sms";
7739 argv[L_MEMACE_NAME] = "sms";
7741 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7744 "Unable to create container group %s for container %s: %s",
7745 GroupName, after[CONTAINER_NAME], error_message(rc));
7748 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7749 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7754 int Moira_container_group_update(char **before, char **after)
7757 char BeforeGroupName[64];
7758 char AfterGroupName[64];
7761 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7764 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7765 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7766 if (strlen(BeforeGroupName) == 0)
7769 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7770 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7771 after[CONTAINER_ROWID]);
7775 if (strcasecmp(BeforeGroupName, AfterGroupName))
7777 argv[L_NAME] = BeforeGroupName;
7778 argv[L_NAME + 1] = AfterGroupName;
7779 argv[L_ACTIVE + 1] = "1";
7780 argv[L_PUBLIC + 1] = "0";
7781 argv[L_HIDDEN + 1] = "0";
7782 argv[L_MAILLIST + 1] = "0";
7783 argv[L_GROUP + 1] = "1";
7784 argv[L_GID + 1] = UNIQUE_GID;
7785 argv[L_NFSGROUP + 1] = "0";
7786 argv[L_MAILMAN + 1] = "0";
7787 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7788 argv[L_DESC + 1] = "auto created container group";
7789 argv[L_ACE_TYPE + 1] = "USER";
7790 argv[L_MEMACE_TYPE + 1] = "USER";
7791 argv[L_ACE_NAME + 1] = "sms";
7792 argv[L_MEMACE_NAME + 1] = "sms";
7794 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7797 "Unable to rename container group from %s to %s: %s",
7798 BeforeGroupName, AfterGroupName, error_message(rc));
7805 int Moira_container_group_delete(char **before)
7810 char ParentGroupName[64];
7812 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7813 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7815 memset(GroupName, '\0', sizeof(GroupName));
7817 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7818 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7820 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7822 argv[0] = ParentGroupName;
7824 argv[2] = GroupName;
7826 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7829 "Unable to delete container group %s from list: %s",
7830 GroupName, ParentGroupName, error_message(rc));
7834 if (strlen(GroupName) != 0)
7836 argv[0] = GroupName;
7838 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7840 com_err(whoami, 0, "Unable to delete container group %s : %s",
7841 GroupName, error_message(rc));
7848 int Moira_groupname_create(char *GroupName, char *ContainerName,
7849 char *ContainerRowID)
7854 char newGroupName[64];
7855 char tempGroupName[64];
7861 strcpy(temp, ContainerName);
7863 ptr1 = strrchr(temp, '/');
7869 ptr1 = strrchr(temp, '/');
7873 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7876 strcpy(tempgname, ptr);
7879 strcpy(tempgname, temp);
7881 if (strlen(tempgname) > 25)
7882 tempgname[25] ='\0';
7884 sprintf(newGroupName, "cnt-%s", tempgname);
7886 /* change everything to lower case */
7892 *ptr = tolower(*ptr);
7900 strcpy(tempGroupName, newGroupName);
7903 /* append 0-9 then a-z if a duplicate is found */
7906 argv[0] = newGroupName;
7908 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7910 if (rc == MR_NO_MATCH)
7912 com_err(whoami, 0, "Moira error while creating group name for "
7913 "container %s : %s", ContainerName, error_message(rc));
7917 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7921 com_err(whoami, 0, "Unable to find a unique group name for "
7922 "container %s: too many duplicate container names",
7933 strcpy(GroupName, newGroupName);
7937 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7942 argv[0] = origContainerName;
7943 argv[1] = GroupName;
7945 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7948 "Unable to set container group %s in container %s: %s",
7949 GroupName, origContainerName, error_message(rc));
7955 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7957 char ContainerName[64];
7958 char ParentGroupName[64];
7962 strcpy(ContainerName, origContainerName);
7964 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7966 /* top-level container */
7967 if (strlen(ParentGroupName) == 0)
7970 argv[0] = ParentGroupName;
7972 argv[2] = GroupName;
7974 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7977 "Unable to add container group %s to parent group %s: %s",
7978 GroupName, ParentGroupName, error_message(rc));
7984 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7989 strcpy(call_args[0], av[1]);
7994 int Moira_getGroupName(char *origContainerName, char *GroupName,
7997 char ContainerName[64];
8003 strcpy(ContainerName, origContainerName);
8007 ptr = strrchr(ContainerName, '/');
8015 argv[0] = ContainerName;
8017 call_args[0] = GroupName;
8018 call_args[1] = NULL;
8020 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
8023 if (strlen(GroupName) != 0)
8028 com_err(whoami, 0, "Unable to get container group from container %s: %s",
8029 ContainerName, error_message(rc));
8031 com_err(whoami, 0, "Unable to get container group from container %s",
8037 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8043 if (strcmp(GroupName, "[none]") == 0)
8046 argv[0] = GroupName;
8047 argv[1] = "MACHINE";
8048 argv[2] = MachineName;
8051 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8053 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8057 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8058 MachineName, GroupName, error_message(rc));
8064 int GetMachineName(char *MachineName)
8067 char NewMachineName[1024];
8074 // If the address happens to be in the top-level MIT domain, great!
8075 strcpy(NewMachineName, MachineName);
8077 for (i = 0; i < (int)strlen(NewMachineName); i++)
8078 NewMachineName[i] = toupper(NewMachineName[i]);
8080 szDot = strchr(NewMachineName,'.');
8082 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8087 // If not, see if it has a Moira alias in the top-level MIT domain.
8088 memset(NewMachineName, '\0', sizeof(NewMachineName));
8090 args[1] = MachineName;
8091 call_args[0] = NewMachineName;
8092 call_args[1] = NULL;
8094 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8096 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8097 MachineName, error_message(rc));
8098 strcpy(MachineName, "");
8102 if (strlen(NewMachineName) != 0)
8103 strcpy(MachineName, NewMachineName);
8105 strcpy(MachineName, "");
8110 int ProcessMachineName(int ac, char **av, void *ptr)
8113 char MachineName[1024];
8119 if (strlen(call_args[0]) == 0)
8121 strcpy(MachineName, av[0]);
8123 for (i = 0; i < (int)strlen(MachineName); i++)
8124 MachineName[i] = toupper(MachineName[i]);
8126 szDot = strchr(MachineName,'.');
8128 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8130 strcpy(call_args[0], MachineName);
8137 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8143 for (i = 0; i < n; i++)
8145 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8146 mods[i]->mod_type = "uidNumber";
8153 for (i = 0; i < n; i++)
8155 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8156 mods[i]->mod_type = "msSFU30UidNumber";
8163 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8164 char *DistinguishedName,
8165 char *WinHomeDir, char *WinProfileDir,
8166 char **homedir_v, char **winProfile_v,
8167 char **drives_v, LDAPMod **mods,
8174 char winProfile[1024];
8177 char apple_homedir[1024];
8178 char *apple_homedir_v[] = {NULL, NULL};
8182 LDAPMod *DelMods[20];
8184 char *save_argv[FS_END];
8185 char *fsgroup_save_argv[2];
8187 memset(homeDrive, '\0', sizeof(homeDrive));
8188 memset(path, '\0', sizeof(path));
8189 memset(winPath, '\0', sizeof(winPath));
8190 memset(winProfile, '\0', sizeof(winProfile));
8192 if(!ActiveDirectory)
8194 if (rc = moira_connect())
8196 critical_alert("Ldap incremental",
8197 "Error contacting Moira server : %s",
8202 argv[0] = user_name;
8204 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8207 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8208 !strcmp(save_argv[FS_TYPE], "MUL"))
8211 argv[0] = save_argv[FS_NAME];
8214 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8215 save_fsgroup_info, fsgroup_save_argv)))
8219 argv[0] = fsgroup_save_argv[0];
8221 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8222 save_query_info, save_argv)))
8224 strcpy(path, save_argv[FS_PACK]);
8231 strcpy(path, save_argv[FS_PACK]);
8239 if (!strnicmp(path, AFS, strlen(AFS)))
8241 sprintf(homedir, "%s", path);
8242 sprintf(apple_homedir, "%s/MacData", path);
8243 homedir_v[0] = homedir;
8244 apple_homedir_v[0] = apple_homedir;
8245 ADD_ATTR("homeDirectory", homedir_v, OpType);
8246 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8252 homedir_v[0] = "NONE";
8253 apple_homedir_v[0] = "NONE";
8254 ADD_ATTR("homeDirectory", homedir_v, OpType);
8255 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8262 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8263 (!strcasecmp(WinProfileDir, "[afs]")))
8265 if (rc = moira_connect())
8267 critical_alert("Ldap incremental",
8268 "Error contacting Moira server : %s",
8273 argv[0] = user_name;
8275 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8278 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8279 !strcmp(save_argv[FS_TYPE], "MUL"))
8282 argv[0] = save_argv[FS_NAME];
8285 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8286 save_fsgroup_info, fsgroup_save_argv)))
8290 argv[0] = fsgroup_save_argv[0];
8292 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8293 save_query_info, save_argv)))
8295 strcpy(path, save_argv[FS_PACK]);
8302 strcpy(path, save_argv[FS_PACK]);
8310 if (!strnicmp(path, AFS, strlen(AFS)))
8312 AfsToWinAfs(path, winPath);
8313 strcpy(winProfile, winPath);
8314 strcat(winProfile, "\\.winprofile");
8321 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8322 (!strcasecmp(WinProfileDir, "[dfs]")))
8324 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8325 user_name[0], user_name);
8327 if (!strcasecmp(WinProfileDir, "[dfs]"))
8329 strcpy(winProfile, path);
8330 strcat(winProfile, "\\.winprofile");
8333 if (!strcasecmp(WinHomeDir, "[dfs]"))
8334 strcpy(winPath, path);
8337 if (!strcasecmp(WinHomeDir, "[local]"))
8338 memset(winPath, '\0', sizeof(winPath));
8339 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8340 !strcasecmp(WinHomeDir, "[dfs]"))
8342 strcpy(homeDrive, "H:");
8346 strcpy(winPath, WinHomeDir);
8347 if (!strncmp(WinHomeDir, "\\\\", 2))
8349 strcpy(homeDrive, "H:");
8353 // nothing needs to be done if WinProfileDir is [afs].
8354 if (!strcasecmp(WinProfileDir, "[local]"))
8355 memset(winProfile, '\0', sizeof(winProfile));
8356 else if (strcasecmp(WinProfileDir, "[afs]") &&
8357 strcasecmp(WinProfileDir, "[dfs]"))
8359 strcpy(winProfile, WinProfileDir);
8362 if (strlen(winProfile) != 0)
8364 if (winProfile[strlen(winProfile) - 1] == '\\')
8365 winProfile[strlen(winProfile) - 1] = '\0';
8368 if (strlen(winPath) != 0)
8370 if (winPath[strlen(winPath) - 1] == '\\')
8371 winPath[strlen(winPath) - 1] = '\0';
8374 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8375 strcat(winProfile, "\\");
8377 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8378 strcat(winPath, "\\");
8380 if (strlen(winPath) == 0)
8382 if (OpType == LDAP_MOD_REPLACE)
8385 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8387 //unset homeDirectory attribute for user.
8388 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8394 homedir_v[0] = strdup(winPath);
8395 ADD_ATTR("homeDirectory", homedir_v, OpType);
8398 if (strlen(winProfile) == 0)
8400 if (OpType == LDAP_MOD_REPLACE)
8403 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8405 //unset profilePate attribute for user.
8406 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8412 winProfile_v[0] = strdup(winProfile);
8413 ADD_ATTR("profilePath", winProfile_v, OpType);
8416 if (strlen(homeDrive) == 0)
8418 if (OpType == LDAP_MOD_REPLACE)
8421 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8423 //unset homeDrive attribute for user
8424 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8430 drives_v[0] = strdup(homeDrive);
8431 ADD_ATTR("homeDrive", drives_v, OpType);
8437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8438 char *attribute_value, char *attribute, char *user_name)
8440 char *mod_v[] = {NULL, NULL};
8441 LDAPMod *DelMods[20];
8447 if (strlen(attribute_value) == 0)
8450 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8452 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8458 mod_v[0] = attribute_value;
8459 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8462 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8463 mods)) != LDAP_SUCCESS)
8467 mod_v[0] = attribute_value;
8468 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8471 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8472 mods)) != LDAP_SUCCESS)
8474 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8475 "in the directory : %s",
8476 attribute, user_name, ldap_err2string(rc));
8486 void StringTrim(char *StringToTrim)
8491 save = strdup(StringToTrim);
8498 /* skip to end of string */
8503 strcpy(StringToTrim, save);
8507 for (t = s; *t; t++)
8523 strcpy(StringToTrim, s);
8527 int ReadConfigFile(char *DomainName)
8538 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8540 if ((fptr = fopen(temp, "r")) != NULL)
8542 while (fgets(temp, sizeof(temp), fptr) != 0)
8544 for (i = 0; i < (int)strlen(temp); i++)
8545 temp[i] = toupper(temp[i]);
8547 if (temp[strlen(temp) - 1] == '\n')
8548 temp[strlen(temp) - 1] = '\0';
8552 if (strlen(temp) == 0)
8555 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8557 if (strlen(temp) > (strlen(DOMAIN)))
8559 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8560 StringTrim(ldap_domain);
8563 else if (!strncmp(temp, REALM, strlen(REALM)))
8565 if (strlen(temp) > (strlen(REALM)))
8567 strcpy(ldap_realm, &temp[strlen(REALM)]);
8568 StringTrim(ldap_realm);
8571 else if (!strncmp(temp, PORT, strlen(PORT)))
8573 if (strlen(temp) > (strlen(PORT)))
8575 strcpy(ldap_port, &temp[strlen(PORT)]);
8576 StringTrim(ldap_port);
8579 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8581 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8583 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8584 StringTrim(PrincipalName);
8587 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8589 if (strlen(temp) > (strlen(SERVER)))
8591 ServerList[Count] = calloc(1, 256);
8592 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8593 StringTrim(ServerList[Count]);
8597 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8599 if (strlen(temp) > (strlen(MSSFU)))
8601 strcpy(temp1, &temp[strlen(MSSFU)]);
8603 if (!strcmp(temp1, SFUTYPE))
8607 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8609 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8611 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8613 if (!strcasecmp(temp1, "NO"))
8616 memset(group_suffix, '\0', sizeof(group_suffix));
8620 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8622 if (strlen(temp) > (strlen(GROUP_TYPE)))
8624 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8626 if (!strcasecmp(temp1, "UNIVERSAL"))
8627 UseGroupUniversal = 1;
8630 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8632 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8634 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8636 if (!strcasecmp(temp1, "NO"))
8640 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8642 if (strlen(temp) > (strlen(SET_PASSWORD)))
8644 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8646 if (!strcasecmp(temp1, "NO"))
8650 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8652 if (strlen(temp) > (strlen(EXCHANGE)))
8654 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8656 if (!strcasecmp(temp1, "YES"))
8660 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8661 strlen(PROCESS_MACHINE_CONTAINER)))
8663 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8665 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8667 if (!strcasecmp(temp1, "NO"))
8668 ProcessMachineContainer = 0;
8671 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8672 strlen(ACTIVE_DIRECTORY)))
8674 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8676 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8678 if (!strcasecmp(temp1, "NO"))
8679 ActiveDirectory = 0;
8682 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8683 strlen(GROUP_POPULATE_MEMBERS)))
8685 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8687 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8689 if (!strcasecmp(temp1, "DELETE"))
8691 GroupPopulateDelete = 1;
8695 else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
8697 if (strlen(temp) > (strlen(MAX_MEMBERS)))
8699 strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
8701 max_group_members = atoi(temp1);
8706 if (strlen(ldap_domain) != 0)
8708 memset(ldap_domain, '\0', sizeof(ldap_domain));
8712 if (strlen(temp) != 0)
8713 strcpy(ldap_domain, temp);
8719 if (strlen(ldap_domain) == 0)
8721 strcpy(ldap_domain, DomainName);
8727 for (i = 0; i < Count; i++)
8729 if (ServerList[i] != 0)
8731 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8732 ServerList[i][k] = toupper(ServerList[i][k]);
8739 int ReadDomainList()
8746 unsigned char c[11];
8747 unsigned char stuff[256];
8752 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8754 if ((fptr = fopen(temp, "r")) != NULL)
8756 while (fgets(temp, sizeof(temp), fptr) != 0)
8758 for (i = 0; i < (int)strlen(temp); i++)
8759 temp[i] = toupper(temp[i]);
8761 if (temp[strlen(temp) - 1] == '\n')
8762 temp[strlen(temp) - 1] = '\0';
8766 if (strlen(temp) == 0)
8769 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8771 if (strlen(temp) > (strlen(DOMAIN)))
8773 strcpy(temp1, &temp[strlen(DOMAIN)]);
8775 strcpy(temp, temp1);
8779 strcpy(DomainNames[Count], temp);
8780 StringTrim(DomainNames[Count]);
8789 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8790 "configuration error in ldap.cfg");
8797 int email_isvalid(const char *address) {
8799 const char *c, *domain;
8800 static char *rfc822_specials = "()<>@,;:\\\"[]";
8802 if(address[strlen(address) - 1] == '.')
8805 /* first we validate the name portion (name@domain) */
8806 for (c = address; *c; c++) {
8807 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8812 if (*c == '\\' && (*++c == ' '))
8814 if (*c <= ' ' || *c >= 127)
8829 if (*c <= ' ' || *c >= 127)
8831 if (strchr(rfc822_specials, *c))
8835 if (c == address || *(c - 1) == '.')
8838 /* next we validate the domain portion (name@domain) */
8839 if (!*(domain = ++c)) return 0;
8842 if (c == domain || *(c - 1) == '.')
8846 if (*c <= ' ' || *c >= 127)
8848 if (strchr(rfc822_specials, *c))
8852 return (count >= 1);
8855 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8856 char **homeServerName)
8858 LK_ENTRY *group_base;
8859 LK_ENTRY *sub_group_base;
8863 int sub_group_count;
8865 char sub_filter[1024];
8866 char search_path[1024];
8868 char *attr_array[3];
8870 int homeMDB_count = -1;
8874 int rangeStep = 1500;
8876 int rangeHigh = rangeLow + (rangeStep - 1);
8879 /* Grumble..... microsoft not making it searchable from the root *grr* */
8881 memset(filter, '\0', sizeof(filter));
8882 memset(search_path, '\0', sizeof(search_path));
8884 sprintf(filter, "(objectClass=msExchMDB)");
8885 sprintf(search_path, "CN=Configuration,%s", dn_path);
8886 attr_array[0] = "distinguishedName";
8887 attr_array[1] = NULL;
8892 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8893 &group_base, &group_count,
8894 LDAP_SCOPE_SUBTREE)) != 0)
8896 com_err(whoami, 0, "Unable to find msExchMDB %s",
8897 ldap_err2string(rc));
8906 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8907 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8908 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8915 * Due to limits in active directory we need to use the LDAP
8916 * range semantics to query and return all the values in
8917 * large lists, we will stop increasing the range when
8918 * the result count is 0.
8926 memset(sub_filter, '\0', sizeof(sub_filter));
8927 memset(range, '\0', sizeof(range));
8928 sprintf(sub_filter, "(objectClass=msExchMDB)");
8931 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8933 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8935 attr_array[0] = range;
8936 attr_array[1] = NULL;
8938 sub_group_base = NULL;
8939 sub_group_count = 0;
8941 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8942 attr_array, &sub_group_base,
8944 LDAP_SCOPE_SUBTREE)) != 0)
8946 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8947 ldap_err2string(rc));
8951 if(!sub_group_count)
8957 rangeHigh = rangeLow + (rangeStep - 1);
8964 mdbbl_count += sub_group_count;
8965 rangeLow = rangeHigh + 1;
8966 rangeHigh = rangeLow + (rangeStep - 1);
8969 /* First time through, need to initialize or update the least used */
8971 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8974 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8976 homeMDB_count = mdbbl_count;
8977 *homeMDB = strdup(gPtr->dn);
8981 linklist_free(sub_group_base);
8985 linklist_free(group_base);
8988 * Ok found the server least allocated need to now query to get its
8989 * msExchHomeServerName so we can set it as a user attribute
8992 attr_array[0] = "legacyExchangeDN";
8993 attr_array[1] = NULL;
8998 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8999 attr_array, &group_base,
9001 LDAP_SCOPE_SUBTREE)) != 0)
9003 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
9004 ldap_err2string(rc));
9010 *homeServerName = strdup(group_base->value);
9011 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
9017 linklist_free(group_base);
9022 char *lowercase(char *s)
9026 for (p = s; *p; p++)
9034 char *uppercase(char *s)
9038 for (p = s; *p; p++)
9046 char *escape_string(char *s)
9054 memset(string, '\0', sizeof(string));
9058 /* Escape any special characters */
9060 for(; *q != '\0'; q++) {
9083 return strdup(string);
9086 int save_query_info(int argc, char **argv, void *hint)
9089 char **nargv = hint;
9091 for(i = 0; i < argc; i++)
9092 nargv[i] = strdup(argv[i]);
9097 int save_fsgroup_info(int argc, char **argv, void *hint)
9100 char **nargv = hint;
9104 for(i = 0; i < argc; i++)
9105 nargv[i] = strdup(argv[i]);
9113 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
9114 char *UserOu, char *user_name)
9116 char search_filter[1024];
9117 char *attr_array[3];
9118 LK_ENTRY *group_base;
9125 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9129 if(!strcmp(UserOu, user_ou))
9130 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
9132 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9138 sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))",
9141 attr_array[0] = "mitMoiraId";
9142 attr_array[1] = NULL;
9144 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
9145 attr_array, &group_base, &group_count,
9146 LDAP_SCOPE_SUBTREE)) != 0)
9148 com_err(whoami, 0, "Unable to check group %s for membership of %s : %s",
9149 group_name, user_name, ldap_err2string(rc));
9158 linklist_free(group_base);