2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
208 #define PRIMARY_DOMAIN "win.mit.edu"
209 #define PRODUCTION_PRINCIPAL "sms"
210 #define TEST_PRINCIPAL "smstest"
219 #define MEMBER_REMOVE 2
220 #define MEMBER_CHANGE_NAME 3
221 #define MEMBER_ACTIVATE 4
222 #define MEMBER_DEACTIVATE 5
223 #define MEMBER_CREATE 6
225 #define MOIRA_ALL 0x0
226 #define MOIRA_USERS 0x1
227 #define MOIRA_KERBEROS 0x2
228 #define MOIRA_STRINGS 0x4
229 #define MOIRA_LISTS 0x8
231 #define CHECK_GROUPS 1
232 #define CLEANUP_GROUPS 2
234 #define AD_NO_GROUPS_FOUND -1
235 #define AD_WRONG_GROUP_DN_FOUND -2
236 #define AD_MULTIPLE_GROUPS_FOUND -3
237 #define AD_INVALID_NAME -4
238 #define AD_LDAP_FAILURE -5
239 #define AD_INVALID_FILESYS -6
240 #define AD_NO_ATTRIBUTE_FOUND -7
241 #define AD_NO_OU_FOUND -8
242 #define AD_NO_USER_FOUND -9
244 /* container arguments */
245 #define CONTAINER_NAME 0
246 #define CONTAINER_DESC 1
247 #define CONTAINER_LOCATION 2
248 #define CONTAINER_CONTACT 3
249 #define CONTAINER_TYPE 4
250 #define CONTAINER_ID 5
251 #define CONTAINER_ROWID 6
252 #define CONTAINER_GROUP_NAME 7
254 /*mcntmap arguments*/
255 #define OU_MACHINE_NAME 0
256 #define OU_CONTAINER_NAME 1
257 #define OU_MACHINE_ID 2
258 #define OU_CONTAINER_ID 3
259 #define OU_CONTAINER_GROUP 4
261 typedef struct lk_entry {
271 struct lk_entry *next;
274 #define STOP_FILE "/moira/winad/nowinad"
275 #define file_exists(file) (access((file), F_OK) == 0)
277 #define N_SD_BER_BYTES 5
278 #define LDAP_BERVAL struct berval
279 #define MAX_SERVER_NAMES 32
281 #define HIDDEN_GROUP "HiddenGroup.g"
282 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
283 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
284 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
286 #define ADD_ATTR(t, v, o) \
287 mods[n] = malloc(sizeof(LDAPMod)); \
288 mods[n]->mod_op = o; \
289 mods[n]->mod_type = t; \
290 mods[n++]->mod_values = v
292 #define DEL_ATTR(t, o) \
293 DelMods[i] = malloc(sizeof(LDAPMod)); \
294 DelMods[i]->mod_op = o; \
295 DelMods[i]->mod_type = t; \
296 DelMods[i++]->mod_values = NULL
298 #define DOMAIN_SUFFIX "MIT.EDU"
299 #define DOMAIN "DOMAIN:"
300 #define PRINCIPALNAME "PRINCIPAL:"
301 #define SERVER "SERVER:"
305 char PrincipalName[128];
307 #define KRB5CCNAME "KRB5CCNAME=/tmp/krb5cc_winad.incr"
308 #define KRBTKFILE "KRBTKFILE=/tmp/tkt_winad.incr"
309 #define KEYTABFILE "/etc/krb5.keytab"
311 #define KRB5CCNAME "KRB5CCNAME=\\tmp\\krb5cc_winad.incr"
312 #define KRBTKFILE "KRBTKFILE=\\tmp\\tkt_winad.incr"
313 #define KEYTABFILE "\\keytabs\\krb5.keytab"
316 LK_ENTRY *member_base = NULL;
317 LK_ENTRY *sid_base = NULL;
318 LK_ENTRY **sid_ptr = NULL;
319 static char tbl_buf[1024];
320 char kerberos_ou[] = "OU=kerberos,OU=moira";
321 char contact_ou[] = "OU=strings,OU=moira";
322 char user_ou[] = "OU=users,OU=moira";
323 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
324 char group_ou_root[] = "OU=lists,OU=moira";
325 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
326 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
327 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
328 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
329 char orphans_other_ou[] = "OU=Other,OU=Orphans";
330 char security_template_ou[] = "OU=security_templates";
332 char ldap_domain[256];
333 char *ServerList[MAX_SERVER_NAMES];
334 int mr_connections = 0;
336 char default_server[256];
337 static char tbl_buf[1024];
339 int NoChangeConfigFile;
341 extern int set_password(char *user, char *password, char *domain);
343 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
344 char *group_membership, char *MoiraId, char *attribute,
345 LK_ENTRY **linklist_base, int *linklist_count,
347 void AfsToWinAfs(char* path, char* winPath);
348 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
349 char *Win2kPassword, char *Win2kUser, char *default_server,
350 int connect_to_kdc, char **ServerList);
351 void ad_kdc_disconnect();
352 int ad_server_connect(char *connectedServer, char *domain);
353 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
354 char *attribute_value, char *attribute, char *user_name);
355 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
356 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
357 void check_winad(void);
358 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
360 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
361 char *distinguishedName, int count, char **av);
362 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
363 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
364 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
365 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
366 char *distinguishedName, int count, char **av);
367 void container_get_dn(char *src, char *dest);
368 void container_get_name(char *src, char *dest);
369 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
370 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
371 int afterc, char **after);
372 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
373 int afterc, char **after);
375 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
376 char *fs_type, char *fs_pack, int operation);
377 int GetAceInfo(int ac, char **av, void *ptr);
378 int GetServerList(char *ldap_domain, char **MasterServe);
379 int get_group_membership(char *group_membership, char *group_ou,
380 int *security_flag, char **av);
381 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
382 int Moira_container_group_create(char **after);
383 int Moira_container_group_delete(char **before);
384 int Moira_groupname_create(char *GroupName, char *ContainerName,
385 char *ContainerRowID);
386 int Moira_container_group_update(char **before, char **after);
387 int Moira_process_machine_container_group(char *MachineName, char* groupName,
389 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
390 int Moira_getContainerGroup(int ac, char **av, void *ptr);
391 int Moira_getGroupName(char *origContainerName, char *GroupName,
393 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
394 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
395 int UpdateGroup, int *ProcessGroup);
396 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
397 char *group_name, char *group_ou, char *group_membership,
398 int group_security_flag, int type);
399 int process_lists(int ac, char **av, void *ptr);
400 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
401 int HiddenGroup, char *AceType, char *AceName);
402 int ProcessMachineName(int ac, char **av, void *ptr);
403 void ReadConfigFile();
404 void StringTrim(char *StringToTrim);
405 int user_create(int ac, char **av, void *ptr);
406 int user_change_status(LDAP *ldap_handle, char *dn_path,
407 char *user_name, char *MoiraId, int operation);
408 int user_delete(LDAP *ldap_handle, char *dn_path,
409 char *u_name, char *MoiraId);
410 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
412 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
413 char *uid, char *MitId, char *MoiraId, int State,
414 char *WinHomeDir, char *WinProfileDir);
415 void change_to_lower_case(char *ptr);
416 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
417 int group_create(int ac, char **av, void *ptr);
418 int group_delete(LDAP *ldap_handle, char *dn_path,
419 char *group_name, char *group_membership, char *MoiraId);
420 int group_rename(LDAP *ldap_handle, char *dn_path,
421 char *before_group_name, char *before_group_membership,
422 char *before_group_ou, int before_security_flag, char *before_desc,
423 char *after_group_name, char *after_group_membership,
424 char *after_group_ou, int after_security_flag, char *after_desc,
425 char *MoiraId, char *filter);
426 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
427 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
428 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
429 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
430 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
431 char *group_name, char *group_ou, char *group_membership,
432 int group_security_flag, int updateGroup);
433 int member_list_build(int ac, char **av, void *ptr);
434 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
435 char *group_ou, char *group_membership,
436 char *user_name, char *pUserOu, char *MoiraId);
437 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
438 char *group_ou, char *group_membership, char *user_name,
439 char *pUserOu, char *MoiraId);
440 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
441 char *group_ou, char *group_membership,
442 int group_security_flag, char *MoiraId);
443 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
444 char *WinHomeDir, char *WinProfileDir,
445 char **homedir_v, char **winProfile_v,
446 char **drives_v, LDAPMod **mods,
448 int sid_update(LDAP *ldap_handle, char *dn_path);
449 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
450 int check_string(char *s);
451 int check_container_name(char* s);
452 void convert_b_to_a(char *string, UCHAR *binary, int length);
453 int mr_connect_cl(char *server, char *client, int version, int auth);
455 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
456 char **before, int beforec, char **after, int afterc);
457 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
458 char **before, int beforec, char **after, int afterc);
459 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
460 char **before, int beforec, char **after, int afterc);
461 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
462 char **before, int beforec, char **after, int afterc);
463 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
464 char **before, int beforec, char **after, int afterc);
465 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
466 char **before, int beforec, char **after, int afterc);
467 int linklist_create_entry(char *attribute, char *value,
468 LK_ENTRY **linklist_entry);
469 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
470 char **attr_array, LK_ENTRY **linklist_base,
471 int *linklist_count, unsigned long ScopeType);
472 void linklist_free(LK_ENTRY *linklist_base);
474 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
475 char *distinguished_name, LK_ENTRY **linklist_current);
476 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
477 LK_ENTRY **linklist_base, int *linklist_count);
478 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
479 char *Attribute, char *distinguished_name,
480 LK_ENTRY **linklist_current);
482 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
483 char *oldValue, char *newValue,
484 char ***modvalues, int type);
485 void free_values(char **modvalues);
487 int convert_domain_to_dn(char *domain, char **bind_path);
488 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
489 char *distinguished_name);
490 int moira_disconnect(void);
491 int moira_connect(void);
492 void print_to_screen(const char *fmt, ...);
493 int GetMachineName(char *MachineName);
494 int tickets_get_k5();
496 int destroy_cache(void);
499 int main(int argc, char **argv)
513 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
517 com_err(whoami, 0, "Unable to process %s", "argc < 4");
520 beforec = atoi(argv[2]);
521 afterc = atoi(argv[3]);
523 if (argc < (4 + beforec + afterc))
525 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
531 after = &argv[4 + beforec];
538 for (i = 1; i < argc; i++)
540 strcat(tbl_buf, argv[i]);
541 strcat(tbl_buf, " ");
543 com_err(whoami, 0, "%s", tbl_buf);
545 memset(PrincipalName, '\0', sizeof(PrincipalName));
546 memset(ldap_domain, '\0', sizeof(ldap_domain));
547 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
549 NoChangeConfigFile = 0;
554 OldUseSFU30 = UseSFU30;
558 initialize_sms_error_table();
559 initialize_krb_error_table();
561 memset(default_server, '\0', sizeof(default_server));
562 memset(dn_path, '\0', sizeof(dn_path));
563 for (i = 0; i < 5; i++)
565 ldap_handle = (LDAP *)NULL;
566 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
567 default_server, 1, ServerList)))
569 if (ldap_handle == NULL)
571 if (!NoChangeConfigFile)
573 for (j = 0; j < MAX_SERVER_NAMES; j++)
575 if (ServerList[j] != NULL)
578 ServerList[j] = NULL;
581 GetServerList(ldap_domain, ServerList);
586 if ((rc) || (ldap_handle == NULL))
588 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
593 for (i = 0; i < (int)strlen(table); i++)
594 table[i] = tolower(table[i]);
596 if (!strcmp(table, "users"))
597 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
599 else if (!strcmp(table, "list"))
600 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
602 else if (!strcmp(table, "imembers"))
603 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
605 else if (!strcmp(table, "filesys"))
606 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
608 else if (!strcmp(table, "containers"))
609 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
611 else if (!strcmp(table, "mcntmap"))
612 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
614 if (OldUseSFU30 != UseSFU30)
616 if (!NoChangeConfigFile)
617 GetServerList(ldap_domain, ServerList);
620 for (i = 0; i < MAX_SERVER_NAMES; i++)
622 if (ServerList[i] != NULL)
625 ServerList[i] = NULL;
628 rc = ldap_unbind_s(ldap_handle);
633 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
634 char **before, int beforec, char **after, int afterc)
636 char MoiraContainerName[128];
637 char ADContainerName[128];
638 char MachineName[1024];
639 char OriginalMachineName[1024];
642 char MoiraContainerGroup[64];
645 memset(ADContainerName, '\0', sizeof(ADContainerName));
646 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
648 if ((beforec == 0) && (afterc == 0))
651 if (rc = moira_connect())
653 critical_alert("AD incremental",
654 "Error contacting Moira server : %s",
659 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
661 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
662 strcpy(MachineName, before[OU_MACHINE_NAME]);
663 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
665 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
667 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
669 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
670 strcpy(MachineName, after[OU_MACHINE_NAME]);
671 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
672 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
680 rc = GetMachineName(MachineName);
681 if (strlen(MachineName) == 0)
684 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
687 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
689 if (machine_check(ldap_handle, dn_path, MachineName))
691 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
695 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
696 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
697 if (strlen(MoiraContainerName) == 0)
699 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
700 OriginalMachineName, MachineName);
701 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
705 container_get_dn(MoiraContainerName, ADContainerName);
706 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
707 strcat(MoiraContainerName, "/");
708 container_check(ldap_handle, dn_path, MoiraContainerName);
709 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
714 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
715 char **before, int beforec, char **after, int afterc)
719 if ((beforec == 0) && (afterc == 0))
722 if (rc = moira_connect())
724 critical_alert("AD incremental", "Error contacting Moira server : %s",
729 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
731 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
732 container_delete(ldap_handle, dn_path, beforec, before);
733 Moira_container_group_delete(before);
737 if ((beforec == 0) && (afterc != 0)) /*create a container*/
739 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
740 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
741 container_create(ldap_handle, dn_path, afterc, after);
742 Moira_container_group_create(after);
747 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
749 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
750 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
751 Moira_container_group_update(before, after);
755 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
756 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
757 Moira_container_group_update(before, after);
762 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
763 char **before, int beforec, char **after, int afterc)
776 if (afterc < FS_CREATE)
780 atype = !strcmp(after[FS_TYPE], "AFS");
781 acreate = atoi(after[FS_CREATE]);
784 if (beforec < FS_CREATE)
786 if (acreate == 0 || atype == 0)
788 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
792 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
793 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
795 if (rc != LDAP_SUCCESS)
796 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
803 if (rc = moira_connect())
805 critical_alert("AD incremental",
806 "Error contacting Moira server : %s",
810 av[0] = after[FS_NAME];
811 call_args[0] = (char *)ldap_handle;
812 call_args[1] = dn_path;
818 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
822 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
828 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
831 if (sid_base != NULL)
833 sid_update(ldap_handle, dn_path);
834 linklist_free(sid_base);
842 btype = !strcmp(before[FS_TYPE], "AFS");
843 bcreate = atoi(before[FS_CREATE]);
844 if (afterc < FS_CREATE)
846 if (btype && bcreate)
848 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
849 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
851 com_err(whoami, 0, "Unable to delete filesys %s", before[FS_NAME]);
860 if (!atype && !btype)
862 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
864 com_err(whoami, 0, "Unable to process Filesystem %s or %s is not AFS",
865 before[FS_NAME], after[FS_NAME]);
869 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
873 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
874 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
876 if (rc != LDAP_SUCCESS)
877 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
884 if (rc = moira_connect())
886 critical_alert("AD incremental",
887 "Error contacting Moira server : %s",
891 av[0] = after[FS_NAME];
892 call_args[0] = (char *)ldap_handle;
893 call_args[1] = dn_path;
899 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
903 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
909 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
912 if (sid_base != NULL)
914 sid_update(ldap_handle, dn_path);
915 linklist_free(sid_base);
925 #define L_LIST_DESC 9
928 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
929 char **before, int beforec, char **after, int afterc)
934 char group_membership[6];
939 char before_list_id[32];
940 char before_group_membership[1];
941 int before_security_flag;
942 char before_group_ou[256];
943 LK_ENTRY *ptr = NULL;
945 if (beforec == 0 && afterc == 0)
948 memset(list_id, '\0', sizeof(list_id));
949 memset(before_list_id, '\0', sizeof(before_list_id));
950 memset(before_group_ou, '\0', sizeof(before_group_ou));
951 memset(before_group_membership, '\0', sizeof(before_group_membership));
952 memset(group_ou, '\0', sizeof(group_ou));
953 memset(group_membership, '\0', sizeof(group_membership));
958 if (beforec < L_LIST_ID)
960 if (beforec > L_LIST_DESC)
962 strcpy(before_list_id, before[L_LIST_ID]);
964 before_security_flag = 0;
965 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
969 if (afterc < L_LIST_ID)
971 if (afterc > L_LIST_DESC)
973 strcpy(list_id, after[L_LIST_ID]);
976 get_group_membership(group_membership, group_ou, &security_flag, after);
979 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
986 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
987 before_group_ou, before_group_membership,
988 before_security_flag, CHECK_GROUPS)))
990 if (rc == AD_NO_GROUPS_FOUND)
994 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
996 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
997 before_group_ou, before_group_membership,
998 before_security_flag, CLEANUP_GROUPS);
1000 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1002 com_err(whoami, 0, "Unable to process list %s",
1006 if (rc == AD_NO_GROUPS_FOUND)
1012 if ((beforec != 0) && (afterc != 0))
1014 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1015 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1016 (strcmp(before_group_ou, group_ou)))) &&
1019 com_err(whoami, 0, "Changing list name from %s to %s",
1020 before[L_NAME], after[L_NAME]);
1021 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1022 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1024 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1027 memset(filter, '\0', sizeof(filter));
1028 if ((rc = group_rename(ldap_handle, dn_path,
1029 before[L_NAME], before_group_membership,
1030 before_group_ou, before_security_flag, before[L_LIST_DESC],
1031 after[L_NAME], group_membership,
1032 group_ou, security_flag, after[L_LIST_DESC],
1035 if (rc != AD_NO_GROUPS_FOUND)
1037 com_err(whoami, 0, "Unable to change list name from %s to %s",
1038 before[L_NAME], after[L_NAME]);
1051 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1053 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
1056 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1057 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1058 before_group_membership, before_list_id);
1065 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1066 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1067 group_ou, group_membership,
1068 security_flag, CHECK_GROUPS))
1070 if (rc != AD_NO_GROUPS_FOUND)
1072 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1074 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1075 group_ou, group_membership,
1076 security_flag, CLEANUP_GROUPS);
1080 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
1087 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1089 if (rc = moira_connect())
1091 critical_alert("AD incremental",
1092 "Error contacting Moira server : %s",
1098 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1102 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1105 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1106 group_ou, group_membership, security_flag, updateGroup))
1111 if (atoi(after[L_ACTIVE]))
1113 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1114 group_membership, security_flag, list_id);
1121 #define LM_EXTRA_ACTIVE (LM_END)
1122 #define LM_EXTRA_PUBLIC (LM_END+1)
1123 #define LM_EXTRA_HIDDEN (LM_END+2)
1124 #define LM_EXTRA_MAILLIST (LM_END+3)
1125 #define LM_EXTRA_GROUP (LM_END+4)
1126 #define LM_EXTRA_GID (LM_END+5)
1127 #define LMN_LIST_ID (LM_END+6)
1128 #define LM_LIST_ID (LM_END+7)
1129 #define LM_USER_ID (LM_END+8)
1130 #define LM_EXTRA_END (LM_END+9)
1132 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1133 char **before, int beforec, char **after, int afterc)
1135 char group_name[128];
1136 char user_name[128];
1137 char user_type[128];
1138 char moira_list_id[32];
1139 char moira_user_id[32];
1140 char group_membership[1];
1142 char machine_ou[256];
1148 char NewMachineName[1024];
1155 memset(moira_list_id, '\0', sizeof(moira_list_id));
1156 memset(moira_user_id, '\0', sizeof(moira_user_id));
1159 if (afterc < LM_EXTRA_GID)
1161 if (!atoi(after[LM_EXTRA_ACTIVE]))
1163 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1167 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1169 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1170 after[2], after[0], after[0]);
1173 strcpy(user_name, after[LM_MEMBER]);
1174 strcpy(group_name, after[LM_LIST]);
1175 strcpy(user_type, after[LM_TYPE]);
1176 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1178 if (afterc > LM_EXTRA_GROUP)
1180 strcpy(moira_list_id, after[LMN_LIST_ID]);
1181 strcpy(moira_user_id, after[LM_LIST_ID]);
1184 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1186 if (afterc > LMN_LIST_ID)
1188 strcpy(moira_list_id, after[LM_LIST_ID]);
1189 strcpy(moira_user_id, after[LM_USER_ID]);
1194 if (afterc > LM_EXTRA_GID)
1195 strcpy(moira_list_id, after[LMN_LIST_ID]);
1200 if (beforec < LM_EXTRA_GID)
1202 if (!atoi(before[LM_EXTRA_ACTIVE]))
1204 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1208 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1210 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1211 before[2], before[0], before[0]);
1214 strcpy(user_name, before[LM_MEMBER]);
1215 strcpy(group_name, before[LM_LIST]);
1216 strcpy(user_type, before[LM_TYPE]);
1217 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1219 if (beforec > LM_EXTRA_GROUP)
1221 strcpy(moira_list_id, before[LMN_LIST_ID]);
1222 strcpy(moira_user_id, before[LM_LIST_ID]);
1225 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1227 if (beforec > LMN_LIST_ID)
1229 strcpy(moira_list_id, before[LM_LIST_ID]);
1230 strcpy(moira_user_id, before[LM_USER_ID]);
1235 if (beforec > LM_EXTRA_GID)
1236 strcpy(moira_list_id, before[LMN_LIST_ID]);
1242 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1246 args[L_NAME] = ptr[LM_LIST];
1247 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1248 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1249 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1250 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1251 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1252 args[L_GID] = ptr[LM_EXTRA_GID];
1255 memset(group_ou, '\0', sizeof(group_ou));
1256 get_group_membership(group_membership, group_ou, &security_flag, args);
1257 if (strlen(group_ou) == 0)
1259 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1262 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1264 if (rc != AD_NO_GROUPS_FOUND)
1266 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1268 if (rc != AD_NO_GROUPS_FOUND)
1271 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1273 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1279 if (rc == AD_NO_GROUPS_FOUND)
1281 if (rc = moira_connect())
1283 critical_alert("AD incremental",
1284 "Error contacting Moira server : %s",
1289 com_err(whoami, 0, "creating group %s", group_name);
1291 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1295 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1298 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1299 group_ou, group_membership, security_flag, 0))
1304 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1306 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1307 group_membership, security_flag, moira_list_id);
1314 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1316 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1318 memset(machine_ou, '\0', sizeof(machine_ou));
1319 memset(NewMachineName, '\0', sizeof(NewMachineName));
1320 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1322 ptr[LM_MEMBER] = NewMachineName;
1323 pUserOu = machine_ou;
1325 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1327 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1329 pUserOu = contact_ou;
1331 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1333 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1335 pUserOu = kerberos_ou;
1337 if (rc = member_remove(ldap_handle, dn_path, group_name,
1338 group_ou, group_membership, ptr[LM_MEMBER],
1339 pUserOu, moira_list_id))
1340 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1344 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1347 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1349 memset(machine_ou, '\0', sizeof(machine_ou));
1350 memset(NewMachineName, '\0', sizeof(NewMachineName));
1351 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1353 ptr[LM_MEMBER] = NewMachineName;
1354 pUserOu = machine_ou;
1356 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1358 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1360 pUserOu = contact_ou;
1362 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1364 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1366 pUserOu = kerberos_ou;
1368 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1370 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1371 moira_user_id)) == AD_NO_USER_FOUND)
1373 if (rc = moira_connect())
1375 critical_alert("AD incremental",
1376 "Error connection to Moira : %s",
1380 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1381 av[0] = ptr[LM_MEMBER];
1382 call_args[0] = (char *)ldap_handle;
1383 call_args[1] = dn_path;
1384 call_args[2] = moira_user_id;
1385 call_args[3] = NULL;
1387 sid_ptr = &sid_base;
1389 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1393 com_err(whoami, 0, "Unable to create user %s : %s",
1394 ptr[LM_MEMBER], error_message(rc));
1400 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1404 if (sid_base != NULL)
1406 sid_update(ldap_handle, dn_path);
1407 linklist_free(sid_base);
1418 if (rc = member_add(ldap_handle, dn_path, group_name,
1419 group_ou, group_membership, ptr[LM_MEMBER],
1420 pUserOu, moira_list_id))
1422 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1428 #define U_USER_ID 10
1429 #define U_HOMEDIR 11
1430 #define U_PROFILEDIR 12
1432 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1433 char **before, int beforec, char **after,
1438 char after_user_id[32];
1439 char before_user_id[32];
1442 if ((beforec == 0) && (afterc == 0))
1445 memset(after_user_id, '\0', sizeof(after_user_id));
1446 memset(before_user_id, '\0', sizeof(before_user_id));
1447 if (beforec > U_USER_ID)
1448 strcpy(before_user_id, before[U_USER_ID]);
1449 if (afterc > U_USER_ID)
1450 strcpy(after_user_id, after[U_USER_ID]);
1452 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1455 if ((beforec == 0) && (afterc != 0))
1457 /*this case only happens when the account*/
1458 /*account is first created but not usable*/
1459 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1462 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1464 if (atoi(before[U_STATE]) == 0)
1466 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1467 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1471 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1476 /*process anything that gets here*/
1477 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1478 before_user_id)) == AD_NO_USER_FOUND)
1480 if (!check_string(after[U_NAME]))
1482 if (rc = moira_connect())
1484 critical_alert("AD incremental",
1485 "Error connection to Moira : %s",
1489 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1491 av[0] = after[U_NAME];
1492 call_args[0] = (char *)ldap_handle;
1493 call_args[1] = dn_path;
1494 call_args[2] = after_user_id;
1495 call_args[3] = NULL;
1497 sid_ptr = &sid_base;
1499 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1503 com_err(whoami, 0, "Unable to create user %s : %s",
1504 after[U_NAME], error_message(rc));
1510 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1514 if (sid_base != NULL)
1516 sid_update(ldap_handle, dn_path);
1517 linklist_free(sid_base);
1526 if (strcmp(before[U_NAME], after[U_NAME]))
1528 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1530 com_err(whoami, 0, "changing user %s to %s",
1531 before[U_NAME], after[U_NAME]);
1532 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1533 after[U_NAME])) != LDAP_SUCCESS)
1539 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1540 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1541 after[U_UID], after[U_MITID],
1542 after_user_id, atoi(after[U_STATE]),
1543 after[U_HOMEDIR], after[U_PROFILEDIR]);
1547 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1548 char *oldValue, char *newValue,
1549 char ***modvalues, int type)
1551 LK_ENTRY *linklist_ptr;
1555 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1560 for (i = 0; i < (modvalue_count + 1); i++)
1561 (*modvalues)[i] = NULL;
1562 if (modvalue_count != 0)
1564 linklist_ptr = linklist_base;
1565 for (i = 0; i < modvalue_count; i++)
1567 if ((oldValue != NULL) && (newValue != NULL))
1569 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1572 if (type == REPLACE)
1574 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1577 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1578 strcpy((*modvalues)[i], newValue);
1582 if (((*modvalues)[i] = calloc(1,
1583 (int)(cPtr - linklist_ptr->value) +
1584 (linklist_ptr->length - strlen(oldValue)) +
1585 strlen(newValue) + 1)) == NULL)
1587 memset((*modvalues)[i], '\0',
1588 (int)(cPtr - linklist_ptr->value) +
1589 (linklist_ptr->length - strlen(oldValue)) +
1590 strlen(newValue) + 1);
1591 memcpy((*modvalues)[i], linklist_ptr->value,
1592 (int)(cPtr - linklist_ptr->value));
1593 strcat((*modvalues)[i], newValue);
1594 strcat((*modvalues)[i],
1595 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1600 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1601 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1602 memcpy((*modvalues)[i], linklist_ptr->value,
1603 linklist_ptr->length);
1608 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1609 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1610 memcpy((*modvalues)[i], linklist_ptr->value,
1611 linklist_ptr->length);
1613 linklist_ptr = linklist_ptr->next;
1615 (*modvalues)[i] = NULL;
1621 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1622 char **attr_array, LK_ENTRY **linklist_base,
1623 int *linklist_count, unsigned long ScopeType)
1626 LDAPMessage *ldap_entry;
1630 (*linklist_base) = NULL;
1631 (*linklist_count) = 0;
1632 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1633 search_exp, attr_array, 0, &ldap_entry))
1636 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1640 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1642 ldap_msgfree(ldap_entry);
1647 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1648 LK_ENTRY **linklist_base, int *linklist_count)
1650 char distinguished_name[1024];
1651 LK_ENTRY *linklist_ptr;
1654 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1657 memset(distinguished_name, '\0', sizeof(distinguished_name));
1658 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1660 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1661 linklist_base)) != 0)
1664 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1666 memset(distinguished_name, '\0', sizeof(distinguished_name));
1667 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1669 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1670 linklist_base)) != 0)
1674 linklist_ptr = (*linklist_base);
1675 (*linklist_count) = 0;
1676 while (linklist_ptr != NULL)
1678 ++(*linklist_count);
1679 linklist_ptr = linklist_ptr->next;
1684 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1685 char *distinguished_name, LK_ENTRY **linklist_current)
1691 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1693 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1695 ldap_memfree(Attribute);
1696 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1699 retrieve_values(ldap_handle, ldap_entry, Attribute,
1700 distinguished_name, linklist_current);
1701 ldap_memfree(Attribute);
1704 ldap_ber_free(ptr, 0);
1708 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1709 char *Attribute, char *distinguished_name,
1710 LK_ENTRY **linklist_current)
1716 LK_ENTRY *linklist_previous;
1717 LDAP_BERVAL **ber_value;
1725 SID_IDENTIFIER_AUTHORITY *sid_auth;
1726 unsigned char *subauth_count;
1727 #endif /*LDAP_BEGUG*/
1730 memset(temp, '\0', sizeof(temp));
1731 if ((!strcmp(Attribute, "objectSid")) ||
1732 (!strcmp(Attribute, "objectGUID")))
1737 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1738 Ptr = (void **)ber_value;
1743 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1744 Ptr = (void **)str_value;
1751 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1753 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1754 linklist_previous->next = (*linklist_current);
1755 (*linklist_current) = linklist_previous;
1757 if (((*linklist_current)->attribute = calloc(1,
1758 strlen(Attribute) + 1)) == NULL)
1760 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1761 strcpy((*linklist_current)->attribute, Attribute);
1764 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1765 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1767 memset((*linklist_current)->value, '\0', ber_length);
1768 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1770 (*linklist_current)->length = ber_length;
1774 if (((*linklist_current)->value = calloc(1,
1775 strlen(*Ptr) + 1)) == NULL)
1777 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1778 (*linklist_current)->length = strlen(*Ptr);
1779 strcpy((*linklist_current)->value, *Ptr);
1781 (*linklist_current)->ber_value = use_bervalue;
1782 if (((*linklist_current)->dn = calloc(1,
1783 strlen(distinguished_name) + 1)) == NULL)
1785 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1786 strcpy((*linklist_current)->dn, distinguished_name);
1789 if (!strcmp(Attribute, "objectGUID"))
1791 guid = (GUID *)((*linklist_current)->value);
1792 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1793 guid->Data1, guid->Data2, guid->Data3,
1794 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1795 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1796 guid->Data4[6], guid->Data4[7]);
1797 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1799 else if (!strcmp(Attribute, "objectSid"))
1801 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1803 print_to_screen(" Revision = %d\n", sid->Revision);
1804 print_to_screen(" SID Identifier Authority:\n");
1805 sid_auth = &sid->IdentifierAuthority;
1806 if (sid_auth->Value[0])
1807 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1808 else if (sid_auth->Value[1])
1809 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1810 else if (sid_auth->Value[2])
1811 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1812 else if (sid_auth->Value[3])
1813 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1814 else if (sid_auth->Value[5])
1815 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1817 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1818 subauth_count = GetSidSubAuthorityCount(sid);
1819 print_to_screen(" SidSubAuthorityCount = %d\n",
1821 print_to_screen(" SidSubAuthority:\n");
1822 for (i = 0; i < *subauth_count; i++)
1824 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1825 print_to_screen(" %u\n", *subauth);
1829 else if ((!memcmp(Attribute, "userAccountControl",
1830 strlen("userAccountControl"))) ||
1831 (!memcmp(Attribute, "sAMAccountType",
1832 strlen("sAmAccountType"))))
1834 intValue = atoi(*Ptr);
1835 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1836 if (!memcmp(Attribute, "userAccountControl",
1837 strlen("userAccountControl")))
1839 if (intValue & UF_ACCOUNTDISABLE)
1840 print_to_screen(" %20s : %s\n",
1841 "", "Account disabled");
1843 print_to_screen(" %20s : %s\n",
1844 "", "Account active");
1845 if (intValue & UF_HOMEDIR_REQUIRED)
1846 print_to_screen(" %20s : %s\n",
1847 "", "Home directory required");
1848 if (intValue & UF_LOCKOUT)
1849 print_to_screen(" %20s : %s\n",
1850 "", "Account locked out");
1851 if (intValue & UF_PASSWD_NOTREQD)
1852 print_to_screen(" %20s : %s\n",
1853 "", "No password required");
1854 if (intValue & UF_PASSWD_CANT_CHANGE)
1855 print_to_screen(" %20s : %s\n",
1856 "", "Cannot change password");
1857 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1858 print_to_screen(" %20s : %s\n",
1859 "", "Temp duplicate account");
1860 if (intValue & UF_NORMAL_ACCOUNT)
1861 print_to_screen(" %20s : %s\n",
1862 "", "Normal account");
1863 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1864 print_to_screen(" %20s : %s\n",
1865 "", "Interdomain trust account");
1866 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1867 print_to_screen(" %20s : %s\n",
1868 "", "Workstation trust account");
1869 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1870 print_to_screen(" %20s : %s\n",
1871 "", "Server trust account");
1876 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1878 #endif /*LDAP_DEBUG*/
1880 if (str_value != NULL)
1881 ldap_value_free(str_value);
1882 if (ber_value != NULL)
1883 ldap_value_free_len(ber_value);
1885 (*linklist_current) = linklist_previous;
1889 int moira_connect(void)
1894 if (!mr_connections++)
1897 memset(HostName, '\0', sizeof(HostName));
1898 strcpy(HostName, "ttsp");
1899 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1901 rc = mr_connect(HostName);
1906 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1908 rc = mr_connect(uts.nodename);
1913 rc = mr_auth("winad.incr");
1920 void check_winad(void)
1924 for (i = 0; file_exists(STOP_FILE); i++)
1928 critical_alert("AD incremental",
1929 "WINAD incremental failed (%s exists): %s",
1930 STOP_FILE, tbl_buf);
1937 int moira_disconnect(void)
1940 if (!--mr_connections)
1947 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1948 char *distinguished_name)
1952 CName = ldap_get_dn(ldap_handle, ldap_entry);
1955 strcpy(distinguished_name, CName);
1956 ldap_memfree(CName);
1959 int linklist_create_entry(char *attribute, char *value,
1960 LK_ENTRY **linklist_entry)
1962 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1963 if (!(*linklist_entry))
1967 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1968 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1969 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1970 strcpy((*linklist_entry)->attribute, attribute);
1971 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1972 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1973 strcpy((*linklist_entry)->value, value);
1974 (*linklist_entry)->length = strlen(value);
1975 (*linklist_entry)->next = NULL;
1979 void print_to_screen(const char *fmt, ...)
1983 va_start(pvar, fmt);
1984 vfprintf(stderr, fmt, pvar);
1989 int get_group_membership(char *group_membership, char *group_ou,
1990 int *security_flag, char **av)
1995 maillist_flag = atoi(av[L_MAILLIST]);
1996 group_flag = atoi(av[L_GROUP]);
1997 if (security_flag != NULL)
1998 (*security_flag) = 0;
2000 if ((maillist_flag) && (group_flag))
2002 if (group_membership != NULL)
2003 group_membership[0] = 'B';
2004 if (security_flag != NULL)
2005 (*security_flag) = 1;
2006 if (group_ou != NULL)
2007 strcpy(group_ou, group_ou_both);
2009 else if ((!maillist_flag) && (group_flag))
2011 if (group_membership != NULL)
2012 group_membership[0] = 'S';
2013 if (security_flag != NULL)
2014 (*security_flag) = 1;
2015 if (group_ou != NULL)
2016 strcpy(group_ou, group_ou_security);
2018 else if ((maillist_flag) && (!group_flag))
2020 if (group_membership != NULL)
2021 group_membership[0] = 'D';
2022 if (group_ou != NULL)
2023 strcpy(group_ou, group_ou_distribution);
2027 if (group_membership != NULL)
2028 group_membership[0] = 'N';
2029 if (group_ou != NULL)
2030 strcpy(group_ou, group_ou_neither);
2035 int group_rename(LDAP *ldap_handle, char *dn_path,
2036 char *before_group_name, char *before_group_membership,
2037 char *before_group_ou, int before_security_flag, char *before_desc,
2038 char *after_group_name, char *after_group_membership,
2039 char *after_group_ou, int after_security_flag, char *after_desc,
2040 char *MoiraId, char *filter)
2045 char new_dn_path[512];
2047 char *attr_array[3];
2048 char *mitMoiraId_v[] = {NULL, NULL};
2049 char *name_v[] = {NULL, NULL};
2050 char *samAccountName_v[] = {NULL, NULL};
2051 char *groupTypeControl_v[] = {NULL, NULL};
2052 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2053 char groupTypeControlStr[80];
2057 LK_ENTRY *group_base;
2060 if (!check_string(before_group_name))
2062 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
2063 return(AD_INVALID_NAME);
2065 if (!check_string(after_group_name))
2067 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
2068 return(AD_INVALID_NAME);
2073 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2074 before_group_membership,
2075 MoiraId, "distinguishedName", &group_base,
2076 &group_count, filter))
2079 if (group_count == 0)
2081 return(AD_NO_GROUPS_FOUND);
2083 if (group_count != 1)
2086 "Unable to process multiple groups with MoiraId = %s exist in the AD",
2088 return(AD_MULTIPLE_GROUPS_FOUND);
2090 strcpy(old_dn, group_base->value);
2092 linklist_free(group_base);
2095 attr_array[0] = "sAMAccountName";
2096 attr_array[1] = NULL;
2097 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2098 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2100 com_err(whoami, 0, "Unable to get list %s dn : %s",
2101 after_group_name, ldap_err2string(rc));
2104 if (group_count != 1)
2107 "Unable to get sAMAccountName for group %s",
2109 return(AD_LDAP_FAILURE);
2112 strcpy(sam_name, group_base->value);
2113 linklist_free(group_base);
2117 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2118 sprintf(new_dn, "cn=%s", after_group_name);
2119 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2120 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2122 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2123 before_group_name, after_group_name, ldap_err2string(rc));
2127 name_v[0] = after_group_name;
2128 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2130 sprintf(sam_name, "%s_group", after_group_name);
2134 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2135 before_group_name, after_group_name);
2138 samAccountName_v[0] = sam_name;
2139 if (after_security_flag)
2140 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2141 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2142 groupTypeControl_v[0] = groupTypeControlStr;
2143 mitMoiraId_v[0] = MoiraId;
2145 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2146 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2148 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2149 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2150 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2151 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2153 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2155 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2156 after_group_name, ldap_err2string(rc));
2158 for (i = 0; i < n; i++)
2163 int group_create(int ac, char **av, void *ptr)
2166 LK_ENTRY *group_base;
2169 char new_group_name[256];
2170 char sam_group_name[256];
2171 char cn_group_name[256];
2172 char *cn_v[] = {NULL, NULL};
2173 char *objectClass_v[] = {"top", "group", NULL};
2175 char *samAccountName_v[] = {NULL, NULL};
2176 char *altSecurityIdentities_v[] = {NULL, NULL};
2177 char *member_v[] = {NULL, NULL};
2178 char *name_v[] = {NULL, NULL};
2179 char *desc_v[] = {NULL, NULL};
2180 char *info_v[] = {NULL, NULL};
2181 char *mitMoiraId_v[] = {NULL, NULL};
2182 char *groupTypeControl_v[] = {NULL, NULL};
2183 char groupTypeControlStr[80];
2184 char group_membership[1];
2187 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2193 char *attr_array[3];
2198 if (!check_string(av[L_NAME]))
2200 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2201 return(AD_INVALID_NAME);
2204 updateGroup = (int)call_args[4];
2205 memset(group_ou, 0, sizeof(group_ou));
2206 memset(group_membership, 0, sizeof(group_membership));
2208 get_group_membership(group_membership, group_ou, &security_flag, av);
2209 strcpy(new_group_name, av[L_NAME]);
2210 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2212 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2214 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2219 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2220 groupTypeControl_v[0] = groupTypeControlStr;
2222 strcpy(cn_group_name, av[L_NAME]);
2224 samAccountName_v[0] = sam_group_name;
2225 name_v[0] = new_group_name;
2226 cn_v[0] = new_group_name;
2229 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2230 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2231 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2232 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2233 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2234 if (strlen(av[L_DESC]) != 0)
2236 desc_v[0] = av[L_DESC];
2237 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2239 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2240 if (strlen(av[L_ACE_NAME]) != 0)
2242 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2244 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2246 if (strlen(call_args[5]) != 0)
2248 mitMoiraId_v[0] = call_args[5];
2249 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2253 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2255 for (i = 0; i < n; i++)
2257 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2259 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2260 av[L_NAME], ldap_err2string(rc));
2265 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2267 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2268 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2269 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2271 if (strlen(call_args[5]) != 0)
2273 mitMoiraId_v[0] = call_args[5];
2274 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2276 if (!(atoi(av[L_ACTIVE])))
2279 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2285 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2286 for (i = 0; i < n; i++)
2288 if (rc != LDAP_SUCCESS)
2290 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2291 av[L_NAME], ldap_err2string(rc));
2298 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2299 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2301 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2302 if (strlen(call_args[5]) != 0)
2303 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2304 attr_array[0] = "objectSid";
2305 attr_array[1] = NULL;
2308 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2309 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2311 if (group_count != 1)
2313 if (strlen(call_args[5]) != 0)
2315 linklist_free(group_base);
2318 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2319 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2320 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2323 if (group_count == 1)
2325 (*sid_ptr) = group_base;
2326 (*sid_ptr)->member = strdup(av[L_NAME]);
2327 (*sid_ptr)->type = (char *)GROUPS;
2328 sid_ptr = &(*sid_ptr)->next;
2332 if (group_base != NULL)
2333 linklist_free(group_base);
2338 if (group_base != NULL)
2339 linklist_free(group_base);
2341 return(LDAP_SUCCESS);
2344 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2345 int HiddenGroup, char *AceType, char *AceName)
2347 char filter_exp[1024];
2348 char *attr_array[5];
2349 char search_path[512];
2351 char TemplateDn[512];
2352 char TemplateSamName[128];
2354 char TargetSamName[128];
2355 char AceSamAccountName[128];
2357 unsigned char AceSid[128];
2358 unsigned char UserTemplateSid[128];
2359 char acBERBuf[N_SD_BER_BYTES];
2360 char GroupSecurityTemplate[256];
2362 int UserTemplateSidCount;
2369 int array_count = 0;
2371 LK_ENTRY *group_base;
2372 LDAP_BERVAL **ppsValues;
2373 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2374 { N_SD_BER_BYTES, acBERBuf },
2377 LDAPControl *apsServerControls[] = {&sControl, NULL};
2380 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2381 BEREncodeSecurityBits(dwInfo, acBERBuf);
2383 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2384 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2385 attr_array[0] = "sAMAccountName";
2386 attr_array[1] = NULL;
2389 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2390 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2392 if (group_count != 1)
2394 linklist_free(group_base);
2397 strcpy(TargetDn, group_base->dn);
2398 strcpy(TargetSamName, group_base->value);
2399 linklist_free(group_base);
2403 UserTemplateSidCount = 0;
2404 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2405 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2406 memset(AceSid, '\0', sizeof(AceSid));
2410 if (strlen(AceName) != 0)
2412 if (!strcmp(AceType, "LIST"))
2414 sprintf(AceSamAccountName, "%s_group", AceName);
2415 strcpy(root_ou, group_ou_root);
2417 else if (!strcmp(AceType, "USER"))
2419 sprintf(AceSamAccountName, "%s", AceName);
2420 strcpy(root_ou, user_ou);
2422 if (strlen(AceSamAccountName) != 0)
2424 sprintf(search_path, "%s", dn_path);
2425 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2426 attr_array[0] = "objectSid";
2427 attr_array[1] = NULL;
2430 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2431 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2433 if (group_count == 1)
2435 strcpy(AceDn, group_base->dn);
2436 AceSidCount = group_base->length;
2437 memcpy(AceSid, group_base->value, AceSidCount);
2439 linklist_free(group_base);
2444 if (AceSidCount == 0)
2446 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2447 com_err(whoami, 0, " Non-admin security group template will be used.");
2451 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2452 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2453 attr_array[0] = "objectSid";
2454 attr_array[1] = NULL;
2458 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2459 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2461 if ((rc != 0) || (group_count != 1))
2463 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2468 UserTemplateSidCount = group_base->length;
2469 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2471 linklist_free(group_base);
2478 if (AceSidCount == 0)
2480 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2481 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2485 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2486 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2491 if (AceSidCount == 0)
2493 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2494 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2498 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2499 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2503 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2504 attr_array[0] = "sAMAccountName";
2505 attr_array[1] = NULL;
2508 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2509 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2511 if (group_count != 1)
2513 linklist_free(group_base);
2514 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2517 strcpy(TemplateDn, group_base->dn);
2518 strcpy(TemplateSamName, group_base->value);
2519 linklist_free(group_base);
2523 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2524 rc = ldap_search_ext_s(ldap_handle,
2536 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2538 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2541 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2542 if (ppsValues == NULL)
2544 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2548 if (AceSidCount != 0)
2550 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2552 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2554 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2556 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2564 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2567 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2568 for (i = 0; i < n; i++)
2570 ldap_value_free_len(ppsValues);
2571 ldap_msgfree(psMsg);
2572 if (rc != LDAP_SUCCESS)
2574 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2575 TargetGroupName, ldap_err2string(rc));
2576 if (AceSidCount != 0)
2578 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2580 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2581 HiddenGroup, "", ""))
2583 com_err(whoami, 0, "Unable to set security for group %s.",
2593 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2594 char *group_membership, char *MoiraId)
2596 LK_ENTRY *group_base;
2602 if (!check_string(group_name))
2604 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2605 return(AD_INVALID_NAME);
2608 memset(filter, '\0', sizeof(filter));
2611 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2612 if (rc = ad_get_group(ldap_handle, temp, group_name,
2613 group_membership, MoiraId,
2614 "distinguishedName", &group_base,
2615 &group_count, filter))
2618 if (group_count == 1)
2620 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2622 linklist_free(group_base);
2623 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2624 group_name, ldap_err2string(rc));
2627 linklist_free(group_base);
2631 linklist_free(group_base);
2632 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2633 return(AD_NO_GROUPS_FOUND);
2639 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2645 return(N_SD_BER_BYTES);
2648 int process_lists(int ac, char **av, void *ptr)
2653 char group_membership[2];
2659 memset(group_ou, '\0', sizeof(group_ou));
2660 memset(group_membership, '\0', sizeof(group_membership));
2661 get_group_membership(group_membership, group_ou, &security_flag, av);
2662 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2663 group_ou, group_membership, call_args[2],
2664 (char *)call_args[3], "");
2668 int member_list_build(int ac, char **av, void *ptr)
2676 strcpy(temp, av[ACE_NAME]);
2677 if (!check_string(temp))
2679 if (!strcmp(av[ACE_TYPE], "USER"))
2681 if (!((int)call_args[3] & MOIRA_USERS))
2684 else if (!strcmp(av[ACE_TYPE], "STRING"))
2686 if (!((int)call_args[3] & MOIRA_STRINGS))
2688 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2691 else if (!strcmp(av[ACE_TYPE], "LIST"))
2693 if (!((int)call_args[3] & MOIRA_LISTS))
2696 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2698 if (!((int)call_args[3] & MOIRA_KERBEROS))
2700 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2706 linklist = member_base;
2709 if (!strcasecmp(temp, linklist->member))
2711 linklist = linklist->next;
2713 linklist = calloc(1, sizeof(LK_ENTRY));
2715 linklist->dn = NULL;
2716 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2717 strcpy(linklist->list, call_args[2]);
2718 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2719 strcpy(linklist->type, av[ACE_TYPE]);
2720 linklist->member = calloc(1, strlen(temp) + 1);
2721 strcpy(linklist->member, temp);
2722 linklist->next = member_base;
2723 member_base = linklist;
2727 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2728 char *group_ou, char *group_membership, char *user_name,
2729 char *UserOu, char *MoiraId)
2731 char distinguished_name[1024];
2739 LK_ENTRY *group_base;
2742 if (!check_string(group_name))
2743 return(AD_INVALID_NAME);
2745 memset(filter, '\0', sizeof(filter));
2748 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2749 group_membership, MoiraId,
2750 "distinguishedName", &group_base,
2751 &group_count, filter))
2754 if (group_count != 1)
2756 com_err(whoami, 0, "Unable to find list %s in AD",
2758 linklist_free(group_base);
2763 strcpy(distinguished_name, group_base->value);
2764 linklist_free(group_base);
2768 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2769 modvalues[0] = temp;
2770 modvalues[1] = NULL;
2773 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2775 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2776 for (i = 0; i < n; i++)
2778 if (rc == LDAP_UNWILLING_TO_PERFORM)
2780 if (rc != LDAP_SUCCESS)
2782 com_err(whoami, 0, "Unable to modify list %s members : %s",
2783 group_name, ldap_err2string(rc));
2791 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2792 char *group_ou, char *group_membership, char *user_name,
2793 char *UserOu, char *MoiraId)
2795 char distinguished_name[1024];
2803 LK_ENTRY *group_base;
2806 if (!check_string(group_name))
2807 return(AD_INVALID_NAME);
2810 memset(filter, '\0', sizeof(filter));
2813 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2814 group_membership, MoiraId,
2815 "distinguishedName", &group_base,
2816 &group_count, filter))
2819 if (group_count != 1)
2821 linklist_free(group_base);
2824 com_err(whoami, 0, "Unable to find list %s in AD",
2826 return(AD_MULTIPLE_GROUPS_FOUND);
2829 strcpy(distinguished_name, group_base->value);
2830 linklist_free(group_base);
2834 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2835 modvalues[0] = temp;
2836 modvalues[1] = NULL;
2839 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2841 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2842 if (rc == LDAP_ALREADY_EXISTS)
2844 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2846 if (rc == LDAP_UNWILLING_TO_PERFORM)
2849 for (i = 0; i < n; i++)
2851 if (rc != LDAP_SUCCESS)
2853 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2854 user_name, group_name, ldap_err2string(rc));
2860 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2864 char cn_user_name[256];
2865 char contact_name[256];
2866 char *email_v[] = {NULL, NULL};
2867 char *cn_v[] = {NULL, NULL};
2868 char *contact_v[] = {NULL, NULL};
2869 char *objectClass_v[] = {"top", "person",
2870 "organizationalPerson",
2872 char *name_v[] = {NULL, NULL};
2873 char *desc_v[] = {NULL, NULL};
2878 if (!check_string(user))
2880 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2881 return(AD_INVALID_NAME);
2883 strcpy(contact_name, user);
2884 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2885 cn_v[0] = cn_user_name;
2886 contact_v[0] = contact_name;
2888 desc_v[0] = "Auto account created by Moira";
2891 strcpy(new_dn, cn_user_name);
2893 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2894 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2895 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2896 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2897 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2898 if (!strcmp(group_ou, contact_ou))
2900 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2904 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2905 for (i = 0; i < n; i++)
2907 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2910 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2911 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2912 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2913 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2914 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2916 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2917 for (i = 0; i < n; i++)
2920 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2922 com_err(whoami, 0, "Unable to create contact %s : %s",
2923 user, ldap_err2string(rc));
2929 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2930 char *Uid, char *MitId, char *MoiraId, int State,
2931 char *WinHomeDir, char *WinProfileDir)
2934 LK_ENTRY *group_base;
2936 char distinguished_name[512];
2937 char *mitMoiraId_v[] = {NULL, NULL};
2938 char *uid_v[] = {NULL, NULL};
2939 char *mitid_v[] = {NULL, NULL};
2940 char *homedir_v[] = {NULL, NULL};
2941 char *winProfile_v[] = {NULL, NULL};
2942 char *drives_v[] = {NULL, NULL};
2943 char *userAccountControl_v[] = {NULL, NULL};
2944 char userAccountControlStr[80];
2949 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2951 char *attr_array[3];
2954 if (!check_string(user_name))
2956 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2957 return(AD_INVALID_NAME);
2963 if (strlen(MoiraId) != 0)
2965 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2966 attr_array[0] = "cn";
2967 attr_array[1] = NULL;
2968 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2969 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2971 com_err(whoami, 0, "Unable to process user %s : %s",
2972 user_name, ldap_err2string(rc));
2976 if (group_count != 1)
2978 linklist_free(group_base);
2981 sprintf(filter, "(sAMAccountName=%s)", user_name);
2982 attr_array[0] = "cn";
2983 attr_array[1] = NULL;
2984 sprintf(temp, "%s,%s", user_ou, dn_path);
2985 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2986 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2988 com_err(whoami, 0, "Unable to process user %s : %s",
2989 user_name, ldap_err2string(rc));
2994 if (group_count != 1)
2996 com_err(whoami, 0, "Unable to find user %s in AD",
2998 linklist_free(group_base);
2999 return(AD_NO_USER_FOUND);
3001 strcpy(distinguished_name, group_base->dn);
3003 linklist_free(group_base);
3006 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
3007 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
3009 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
3010 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
3011 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
3016 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3020 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3024 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3025 userAccountControl |= UF_ACCOUNTDISABLE;
3026 sprintf(userAccountControlStr, "%ld", userAccountControl);
3027 userAccountControl_v[0] = userAccountControlStr;
3028 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3030 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3031 WinProfileDir, homedir_v, winProfile_v,
3032 drives_v, mods, LDAP_MOD_REPLACE, n);
3035 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3037 OldUseSFU30 = UseSFU30;
3038 SwitchSFU(mods, &UseSFU30, n);
3039 if (OldUseSFU30 != UseSFU30)
3040 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3043 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3044 user_name, ldap_err2string(rc));
3047 for (i = 0; i < n; i++)
3052 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3060 char *userPrincipalName_v[] = {NULL, NULL};
3061 char *altSecurityIdentities_v[] = {NULL, NULL};
3062 char *name_v[] = {NULL, NULL};
3063 char *samAccountName_v[] = {NULL, NULL};
3068 if (!check_string(before_user_name))
3070 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
3071 return(AD_INVALID_NAME);
3073 if (!check_string(user_name))
3075 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3076 return(AD_INVALID_NAME);
3079 strcpy(user_name, user_name);
3080 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3081 sprintf(new_dn, "cn=%s", user_name);
3082 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3083 NULL, NULL)) != LDAP_SUCCESS)
3085 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
3086 before_user_name, user_name, ldap_err2string(rc));
3090 name_v[0] = user_name;
3091 sprintf(upn, "%s@%s", user_name, ldap_domain);
3092 userPrincipalName_v[0] = upn;
3093 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3094 altSecurityIdentities_v[0] = temp;
3095 samAccountName_v[0] = user_name;
3098 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3099 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3100 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3101 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3103 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3104 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3106 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
3107 user_name, ldap_err2string(rc));
3109 for (i = 0; i < n; i++)
3114 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3115 char *fs_type, char *fs_pack, int operation)
3117 char distinguished_name[256];
3119 char winProfile[256];
3121 char *attr_array[3];
3122 char *homedir_v[] = {NULL, NULL};
3123 char *winProfile_v[] = {NULL, NULL};
3124 char *drives_v[] = {NULL, NULL};
3130 LK_ENTRY *group_base;
3132 if (!check_string(fs_name))
3134 com_err(whoami, 0, "Unable to process invalid filesys name %s", fs_name);
3135 return(AD_INVALID_NAME);
3138 if (strcmp(fs_type, "AFS"))
3140 com_err(whoami, 0, "Unable to process invalid filesys type %s", fs_type);
3141 return(AD_INVALID_FILESYS);
3146 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3147 attr_array[0] = "cn";
3148 attr_array[1] = NULL;
3149 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3150 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3152 com_err(whoami, 0, "Unable to process filesys %s : %s",
3153 fs_name, ldap_err2string(rc));
3157 if (group_count != 1)
3159 linklist_free(group_base);
3160 com_err(whoami, 0, "Unable to find user %s in AD",
3162 return(LDAP_NO_SUCH_OBJECT);
3164 strcpy(distinguished_name, group_base->dn);
3165 linklist_free(group_base);
3169 if (operation == LDAP_MOD_ADD)
3171 memset(winPath, 0, sizeof(winPath));
3172 AfsToWinAfs(fs_pack, winPath);
3173 homedir_v[0] = winPath;
3175 memset(winProfile, 0, sizeof(winProfile));
3176 strcpy(winProfile, winPath);
3177 strcat(winProfile, "\\.winprofile");
3178 winProfile_v[0] = winProfile;
3182 homedir_v[0] = NULL;
3184 winProfile_v[0] = NULL;
3186 ADD_ATTR("profilePath", winProfile_v, operation);
3187 ADD_ATTR("homeDrive", drives_v, operation);
3188 ADD_ATTR("homeDirectory", homedir_v, operation);
3191 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3192 if (rc != LDAP_SUCCESS)
3194 com_err(whoami, 0, "Unable to modify user data for filesys %s : %s",
3195 fs_name, ldap_err2string(rc));
3197 for (i = 0; i < n; i++)
3203 int user_create(int ac, char **av, void *ptr)
3205 LK_ENTRY *group_base;
3208 char user_name[256];
3211 char *cn_v[] = {NULL, NULL};
3212 char *objectClass_v[] = {"top", "person",
3213 "organizationalPerson",
3216 char *samAccountName_v[] = {NULL, NULL};
3217 char *altSecurityIdentities_v[] = {NULL, NULL};
3218 char *mitMoiraId_v[] = {NULL, NULL};
3219 char *name_v[] = {NULL, NULL};
3220 char *desc_v[] = {NULL, NULL};
3221 char *userPrincipalName_v[] = {NULL, NULL};
3222 char *userAccountControl_v[] = {NULL, NULL};
3223 char *uid_v[] = {NULL, NULL};
3224 char *mitid_v[] = {NULL, NULL};
3225 char *homedir_v[] = {NULL, NULL};
3226 char *winProfile_v[] = {NULL, NULL};
3227 char *drives_v[] = {NULL, NULL};
3228 char userAccountControlStr[80];
3230 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3237 char *attr_array[3];
3239 char WinHomeDir[1024];
3240 char WinProfileDir[1024];
3244 if (!check_string(av[U_NAME]))
3246 callback_rc = AD_INVALID_NAME;
3247 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
3248 return(AD_INVALID_NAME);
3251 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3252 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3253 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3254 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3255 strcpy(user_name, av[U_NAME]);
3256 sprintf(upn, "%s@%s", user_name, ldap_domain);
3257 sprintf(sam_name, "%s", av[U_NAME]);
3258 samAccountName_v[0] = sam_name;
3259 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3260 userAccountControl |= UF_ACCOUNTDISABLE;
3261 sprintf(userAccountControlStr, "%ld", userAccountControl);
3262 userAccountControl_v[0] = userAccountControlStr;
3263 userPrincipalName_v[0] = upn;
3265 cn_v[0] = user_name;
3266 name_v[0] = user_name;
3267 desc_v[0] = "Auto account created by Moira";
3268 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3269 altSecurityIdentities_v[0] = temp;
3270 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3273 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3274 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3275 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3276 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3277 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3278 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3279 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3280 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3281 if (strlen(call_args[2]) != 0)
3283 mitMoiraId_v[0] = call_args[2];
3284 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3286 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3287 if (strlen(av[U_UID]) != 0)
3289 uid_v[0] = av[U_UID];
3290 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3293 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3297 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3300 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
3301 mitid_v[0] = av[U_MITID];
3303 mitid_v[0] = "none";
3304 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3306 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3307 WinProfileDir, homedir_v, winProfile_v,
3308 drives_v, mods, LDAP_MOD_ADD, n);
3312 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3313 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3315 OldUseSFU30 = UseSFU30;
3316 SwitchSFU(mods, &UseSFU30, n);
3317 if (OldUseSFU30 != UseSFU30)
3318 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3321 for (i = 0; i < n; i++)
3323 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3325 com_err(whoami, 0, "Unable to create user %s : %s",
3326 user_name, ldap_err2string(rc));
3330 if (rc == LDAP_SUCCESS)
3332 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3334 ad_kdc_disconnect();
3336 if (!ad_server_connect(default_server, ldap_domain))
3338 com_err(whoami, 0, "Unable to set password for user %s : %s",
3339 user_name, "cannot get changepw ticket from windows domain");
3343 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3345 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3351 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3352 if (strlen(call_args[2]) != 0)
3353 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3354 attr_array[0] = "objectSid";
3355 attr_array[1] = NULL;
3358 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3359 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3361 if (group_count != 1)
3363 if (strlen(call_args[2]) != 0)
3365 linklist_free(group_base);
3368 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3369 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3370 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3373 if (group_count == 1)
3375 (*sid_ptr) = group_base;
3376 (*sid_ptr)->member = strdup(av[U_NAME]);
3377 (*sid_ptr)->type = (char *)GROUPS;
3378 sid_ptr = &(*sid_ptr)->next;
3382 if (group_base != NULL)
3383 linklist_free(group_base);
3388 if (group_base != NULL)
3389 linklist_free(group_base);
3394 int user_change_status(LDAP *ldap_handle, char *dn_path,
3395 char *user_name, char *MoiraId,
3399 char *attr_array[3];
3401 char distinguished_name[1024];
3403 char *mitMoiraId_v[] = {NULL, NULL};
3405 LK_ENTRY *group_base;
3412 if (!check_string(user_name))
3414 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3415 return(AD_INVALID_NAME);
3421 if (strlen(MoiraId) != 0)
3423 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3424 attr_array[0] = "UserAccountControl";
3425 attr_array[1] = NULL;
3426 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3427 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3429 com_err(whoami, 0, "Unable to process user %s : %s",
3430 user_name, ldap_err2string(rc));
3434 if (group_count != 1)
3436 linklist_free(group_base);
3439 sprintf(filter, "(sAMAccountName=%s)", user_name);
3440 attr_array[0] = "UserAccountControl";
3441 attr_array[1] = NULL;
3442 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3443 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3445 com_err(whoami, 0, "Unable to process user %s : %s",
3446 user_name, ldap_err2string(rc));
3451 if (group_count != 1)
3453 linklist_free(group_base);
3454 com_err(whoami, 0, "Unable to find user %s in AD",
3456 return(LDAP_NO_SUCH_OBJECT);
3459 strcpy(distinguished_name, group_base->dn);
3460 ulongValue = atoi((*group_base).value);
3461 if (operation == MEMBER_DEACTIVATE)
3462 ulongValue |= UF_ACCOUNTDISABLE;
3464 ulongValue &= ~UF_ACCOUNTDISABLE;
3465 sprintf(temp, "%ld", ulongValue);
3466 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3467 temp, &modvalues, REPLACE)) == 1)
3469 linklist_free(group_base);
3473 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3474 if (strlen(MoiraId) != 0)
3476 mitMoiraId_v[0] = MoiraId;
3477 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3480 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3481 for (i = 0; i < n; i++)
3483 free_values(modvalues);
3484 if (rc != LDAP_SUCCESS)
3486 com_err(whoami, 0, "Unable to change status of user %s : %s",
3487 user_name, ldap_err2string(rc));
3493 int user_delete(LDAP *ldap_handle, char *dn_path,
3494 char *u_name, char *MoiraId)
3497 char *attr_array[3];
3498 char distinguished_name[1024];
3499 char user_name[512];
3500 LK_ENTRY *group_base;
3504 if (!check_string(u_name))
3505 return(AD_INVALID_NAME);
3507 strcpy(user_name, u_name);
3511 if (strlen(MoiraId) != 0)
3513 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3514 attr_array[0] = "name";
3515 attr_array[1] = NULL;
3516 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3517 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3519 com_err(whoami, 0, "Unable to process user %s : %s",
3520 user_name, ldap_err2string(rc));
3524 if (group_count != 1)
3526 linklist_free(group_base);
3529 sprintf(filter, "(sAMAccountName=%s)", user_name);
3530 attr_array[0] = "name";
3531 attr_array[1] = NULL;
3532 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3533 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3535 com_err(whoami, 0, "Unable to process user %s : %s",
3536 user_name, ldap_err2string(rc));
3541 if (group_count != 1)
3543 com_err(whoami, 0, "Unable to find user %s in AD",
3548 strcpy(distinguished_name, group_base->dn);
3549 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3551 com_err(whoami, 0, "Unable to process user %s : %s",
3552 user_name, ldap_err2string(rc));
3556 linklist_free(group_base);
3560 void linklist_free(LK_ENTRY *linklist_base)
3562 LK_ENTRY *linklist_previous;
3564 while (linklist_base != NULL)
3566 if (linklist_base->dn != NULL)
3567 free(linklist_base->dn);
3568 if (linklist_base->attribute != NULL)
3569 free(linklist_base->attribute);
3570 if (linklist_base->value != NULL)
3571 free(linklist_base->value);
3572 if (linklist_base->member != NULL)
3573 free(linklist_base->member);
3574 if (linklist_base->type != NULL)
3575 free(linklist_base->type);
3576 if (linklist_base->list != NULL)
3577 free(linklist_base->list);
3578 linklist_previous = linklist_base;
3579 linklist_base = linklist_previous->next;
3580 free(linklist_previous);
3584 void free_values(char **modvalues)
3589 if (modvalues != NULL)
3591 while (modvalues[i] != NULL)
3594 modvalues[i] = NULL;
3601 int sid_update(LDAP *ldap_handle, char *dn_path)
3605 unsigned char temp[126];
3612 memset(temp, 0, sizeof(temp));
3613 convert_b_to_a(temp, ptr->value, ptr->length);
3616 av[0] = ptr->member;
3618 if (ptr->type == (char *)GROUPS)
3621 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3623 else if (ptr->type == (char *)USERS)
3626 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3633 void convert_b_to_a(char *string, UCHAR *binary, int length)
3640 for (i = 0; i < length; i++)
3647 if (string[j] > '9')
3650 string[j] = tmp & 0x0f;
3652 if (string[j] > '9')
3659 static int illegalchars[] = {
3660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3662 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3663 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3664 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3665 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3666 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3667 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3669 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3670 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3674 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3678 int check_string(char *s)
3685 if (isupper(character))
3686 character = tolower(character);
3687 if (illegalchars[(unsigned) character])
3693 int check_container_name(char *s)
3700 if (isupper(character))
3701 character = tolower(character);
3703 if (character == ' ')
3705 if (illegalchars[(unsigned) character])
3711 int mr_connect_cl(char *server, char *client, int version, int auth)
3717 status = mr_connect(server);
3720 com_err(whoami, status, "while connecting to Moira");
3724 status = mr_motd(&motd);
3728 com_err(whoami, status, "while checking server status");
3733 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3734 com_err(whoami, status, temp);
3739 status = mr_version(version);
3742 if (status == MR_UNKNOWN_PROC)
3745 status = MR_VERSION_HIGH;
3747 status = MR_SUCCESS;
3750 if (status == MR_VERSION_HIGH)
3752 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3753 com_err(whoami, 0, "Some operations may not work.");
3755 else if (status && status != MR_VERSION_LOW)
3757 com_err(whoami, status, "while setting query version number.");
3765 status = mr_auth(client);
3768 com_err(whoami, status, "while authenticating to Moira.");
3777 void AfsToWinAfs(char* path, char* winPath)
3781 strcpy(winPath, WINAFS);
3782 pathPtr = path + strlen(AFS);
3783 winPathPtr = winPath + strlen(WINAFS);
3787 if (*pathPtr == '/')
3790 *winPathPtr = *pathPtr;
3797 int GetAceInfo(int ac, char **av, void *ptr)
3804 strcpy(call_args[0], av[L_ACE_TYPE]);
3805 strcpy(call_args[1], av[L_ACE_NAME]);
3807 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3808 return(LDAP_SUCCESS);
3812 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3815 char *attr_array[3];
3818 LK_ENTRY *group_base;
3823 sprintf(filter, "(sAMAccountName=%s)", Name);
3824 attr_array[0] = "sAMAccountName";
3825 attr_array[1] = NULL;
3826 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3827 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3829 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3830 Name, ldap_err2string(rc));
3834 linklist_free(group_base);
3836 if (group_count == 0)
3843 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3846 char GroupName[256];
3852 char AceMembership[2];
3856 strcpy(GroupName, Name);
3858 if (strcasecmp(Type, "LIST"))
3863 AceInfo[0] = AceType;
3864 AceInfo[1] = AceName;
3865 AceInfo[2] = AceMembership;
3867 memset(AceType, '\0', sizeof(AceType));
3868 memset(AceName, '\0', sizeof(AceName));
3869 memset(AceMembership, '\0', sizeof(AceMembership));
3870 memset(AceOu, '\0', sizeof(AceOu));
3872 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3874 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3879 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3882 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3884 strcpy(temp, AceName);
3885 if (!strcasecmp(AceType, "LIST"))
3886 sprintf(temp, "%s_group", AceName);
3889 if (checkADname(ldap_handle, dn_path, temp))
3891 (*ProcessGroup) = 1;
3893 if (!strcasecmp(AceInfo[0], "LIST"))
3895 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3898 else if (!strcasecmp(AceInfo[0], "USER"))
3901 call_args[0] = (char *)ldap_handle;
3902 call_args[1] = dn_path;
3904 call_args[3] = NULL;
3906 sid_ptr = &sid_base;
3908 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3910 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3915 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3918 if (sid_base != NULL)
3920 sid_update(ldap_handle, dn_path);
3921 linklist_free(sid_base);
3928 if (!strcasecmp(AceType, "LIST"))
3930 if (!strcasecmp(GroupName, AceName))
3933 strcpy(GroupName, AceName);
3938 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3939 char *group_name, char *group_ou, char *group_membership,
3940 int group_security_flag, int updateGroup)
3947 call_args[0] = (char *)ldap_handle;
3948 call_args[1] = dn_path;
3949 call_args[2] = group_name;
3950 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3951 call_args[4] = (char *)updateGroup;
3952 call_args[5] = MoiraId;
3953 call_args[6] = NULL;
3955 sid_ptr = &sid_base;
3957 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3960 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3966 com_err(whoami, 0, "Unable to create list %s", group_name);
3967 return(callback_rc);
3970 if (sid_base != NULL)
3972 sid_update(ldap_handle, dn_path);
3973 linklist_free(sid_base);
3979 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3980 char *group_ou, char *group_membership,
3981 int group_security_flag, char *MoiraId)
3989 com_err(whoami, 0, "Populating group %s", group_name);
3991 call_args[0] = (char *)ldap_handle;
3992 call_args[1] = dn_path;
3993 call_args[2] = group_name;
3994 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3995 call_args[4] = NULL;
3997 if (rc = mr_query("get_end_members_of_list", 1, av,
3998 member_list_build, call_args))
4000 com_err(whoami, 0, "Unable to populate list %s : %s",
4001 group_name, error_message(rc));
4004 if (member_base != NULL)
4009 if (!strcasecmp(ptr->type, "LIST"))
4015 if (!strcasecmp(ptr->type, "STRING"))
4017 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4019 pUserOu = contact_ou;
4021 else if (!strcasecmp(ptr->type, "KERBEROS"))
4023 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4025 pUserOu = kerberos_ou;
4027 rc = member_add(ldap_handle, dn_path, group_name,
4028 group_ou, group_membership, ptr->member,
4032 linklist_free(member_base);
4038 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4039 char *group_name, char *group_ou, char *group_membership,
4040 int group_security_flag, int type)
4042 char before_desc[512];
4043 char before_name[256];
4044 char before_group_ou[256];
4045 char before_group_membership[2];
4046 char distinguishedName[256];
4047 char ad_distinguishedName[256];
4049 char *attr_array[3];
4050 int before_security_flag;
4053 LK_ENTRY *group_base;
4056 char ou_security[512];
4057 char ou_distribution[512];
4058 char ou_neither[512];
4060 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4061 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4064 memset(filter, '\0', sizeof(filter));
4067 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4069 "distinguishedName", &group_base,
4070 &group_count, filter))
4073 if (type == CHECK_GROUPS)
4075 if (group_count == 1)
4077 if (!strcasecmp(group_base->value, distinguishedName))
4079 linklist_free(group_base);
4083 linklist_free(group_base);
4084 if (group_count == 0)
4085 return(AD_NO_GROUPS_FOUND);
4086 if (group_count == 1)
4087 return(AD_WRONG_GROUP_DN_FOUND);
4088 return(AD_MULTIPLE_GROUPS_FOUND);
4090 if (group_count == 0)
4092 return(AD_NO_GROUPS_FOUND);
4094 if (group_count > 1)
4099 if (!strcasecmp(distinguishedName, ptr->value))
4105 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4109 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4112 linklist_free(group_base);
4113 return(AD_MULTIPLE_GROUPS_FOUND);
4118 if (strcasecmp(distinguishedName, ptr->value))
4119 rc = ldap_delete_s(ldap_handle, ptr->value);
4122 linklist_free(group_base);
4123 memset(filter, '\0', sizeof(filter));
4126 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4128 "distinguishedName", &group_base,
4129 &group_count, filter))
4131 if (group_count == 0)
4132 return(AD_NO_GROUPS_FOUND);
4133 if (group_count > 1)
4134 return(AD_MULTIPLE_GROUPS_FOUND);
4137 strcpy(ad_distinguishedName, group_base->value);
4138 linklist_free(group_base);
4142 attr_array[0] = "sAMAccountName";
4143 attr_array[1] = NULL;
4144 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4145 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4147 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4148 MoiraId, ldap_err2string(rc));
4151 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4153 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4155 linklist_free(group_base);
4160 linklist_free(group_base);
4163 memset(ou_both, '\0', sizeof(ou_both));
4164 memset(ou_security, '\0', sizeof(ou_security));
4165 memset(ou_distribution, '\0', sizeof(ou_distribution));
4166 memset(ou_neither, '\0', sizeof(ou_neither));
4167 memset(before_name, '\0', sizeof(before_name));
4168 memset(before_desc, '\0', sizeof(before_desc));
4169 memset(before_group_membership, '\0', sizeof(before_group_membership));
4170 attr_array[0] = "name";
4171 attr_array[1] = NULL;
4172 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4173 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4175 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
4176 MoiraId, ldap_err2string(rc));
4179 strcpy(before_name, group_base->value);
4180 linklist_free(group_base);
4183 attr_array[0] = "description";
4184 attr_array[1] = NULL;
4185 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4186 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4189 "Unable to get list description with MoiraId = %s: %s",
4190 MoiraId, ldap_err2string(rc));
4193 if (group_count != 0)
4195 strcpy(before_desc, group_base->value);
4196 linklist_free(group_base);
4200 change_to_lower_case(ad_distinguishedName);
4201 strcpy(ou_both, group_ou_both);
4202 change_to_lower_case(ou_both);
4203 strcpy(ou_security, group_ou_security);
4204 change_to_lower_case(ou_security);
4205 strcpy(ou_distribution, group_ou_distribution);
4206 change_to_lower_case(ou_distribution);
4207 strcpy(ou_neither, group_ou_neither);
4208 change_to_lower_case(ou_neither);
4209 if (strstr(ad_distinguishedName, ou_both))
4211 strcpy(before_group_ou, group_ou_both);
4212 before_group_membership[0] = 'B';
4213 before_security_flag = 1;
4215 else if (strstr(ad_distinguishedName, ou_security))
4217 strcpy(before_group_ou, group_ou_security);
4218 before_group_membership[0] = 'S';
4219 before_security_flag = 1;
4221 else if (strstr(ad_distinguishedName, ou_distribution))
4223 strcpy(before_group_ou, group_ou_distribution);
4224 before_group_membership[0] = 'D';
4225 before_security_flag = 0;
4227 else if (strstr(ad_distinguishedName, ou_neither))
4229 strcpy(before_group_ou, group_ou_neither);
4230 before_group_membership[0] = 'N';
4231 before_security_flag = 0;
4234 return(AD_NO_OU_FOUND);
4235 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4236 before_group_ou, before_security_flag, before_desc,
4237 group_name, group_membership, group_ou, group_security_flag,
4238 before_desc, MoiraId, filter);
4242 void change_to_lower_case(char *ptr)
4246 for (i = 0; i < (int)strlen(ptr); i++)
4248 ptr[i] = tolower(ptr[i]);
4252 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4253 char *group_name, char *group_membership,
4254 char *MoiraId, char *attribute,
4255 LK_ENTRY **linklist_base, int *linklist_count,
4260 char *attr_array[3];
4263 (*linklist_base) = NULL;
4264 (*linklist_count) = 0;
4265 if (strlen(rFilter) != 0)
4267 strcpy(filter, rFilter);
4268 attr_array[0] = attribute;
4269 attr_array[1] = NULL;
4270 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4271 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4273 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4274 MoiraId, ldap_err2string(rc));
4277 if ((*linklist_count) == 1)
4279 strcpy(rFilter, filter);
4284 linklist_free((*linklist_base));
4285 (*linklist_base) = NULL;
4286 (*linklist_count) = 0;
4287 if (strlen(MoiraId) != 0)
4289 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4290 attr_array[0] = attribute;
4291 attr_array[1] = NULL;
4292 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4293 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4295 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4296 MoiraId, ldap_err2string(rc));
4300 if ((*linklist_count) > 1)
4302 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4303 pPtr = (*linklist_base);
4306 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4309 linklist_free((*linklist_base));
4310 (*linklist_base) = NULL;
4311 (*linklist_count) = 0;
4313 if ((*linklist_count) == 1)
4315 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4317 strcpy(rFilter, filter);
4322 linklist_free((*linklist_base));
4323 (*linklist_base) = NULL;
4324 (*linklist_count) = 0;
4325 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4326 attr_array[0] = attribute;
4327 attr_array[1] = NULL;
4328 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4329 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4331 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4332 MoiraId, ldap_err2string(rc));
4335 if ((*linklist_count) == 1)
4337 strcpy(rFilter, filter);
4344 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4347 char *attr_array[3];
4348 char SamAccountName[64];
4351 LK_ENTRY *group_base;
4357 if (strlen(MoiraId) != 0)
4359 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4360 attr_array[0] = "sAMAccountName";
4361 attr_array[1] = NULL;
4362 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4363 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4365 com_err(whoami, 0, "Unable to process user %s : %s",
4366 UserName, ldap_err2string(rc));
4369 if (group_count > 1)
4371 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4376 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4377 gPtr->value, MoiraId);
4382 if (group_count != 1)
4384 linklist_free(group_base);
4387 sprintf(filter, "(sAMAccountName=%s)", UserName);
4388 attr_array[0] = "sAMAccountName";
4389 attr_array[1] = NULL;
4390 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4391 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4393 com_err(whoami, 0, "Unable to process user %s : %s",
4394 UserName, ldap_err2string(rc));
4399 if (group_count != 1)
4401 linklist_free(group_base);
4402 return(AD_NO_USER_FOUND);
4404 strcpy(SamAccountName, group_base->value);
4405 linklist_free(group_base);
4408 if (strcmp(SamAccountName, UserName))
4410 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4416 void container_get_dn(char *src, char *dest)
4423 memset(array, '\0', 20 * sizeof(array[0]));
4425 if (strlen(src) == 0)
4444 strcpy(dest, "OU=");
4447 strcat(dest, array[n-1]);
4451 strcat(dest, ",OU=");
4457 void container_get_name(char *src, char *dest)
4462 if (strlen(src) == 0)
4479 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4486 strcpy(cName, name);
4487 for (i = 0; i < (int)strlen(cName); i++)
4489 if (cName[i] == '/')
4492 av[CONTAINER_NAME] = cName;
4493 av[CONTAINER_DESC] = "";
4494 av[CONTAINER_LOCATION] = "";
4495 av[CONTAINER_CONTACT] = "";
4496 av[CONTAINER_TYPE] = "";
4497 av[CONTAINER_ID] = "";
4498 av[CONTAINER_ROWID] = "";
4499 rc = container_create(ldap_handle, dn_path, 7, av);
4500 if (rc == LDAP_SUCCESS)
4502 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4510 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4511 int afterc, char **after)
4516 char new_dn_path[256];
4518 char distinguishedName[256];
4523 memset(cName, '\0', sizeof(cName));
4524 container_get_name(after[CONTAINER_NAME], cName);
4525 if (!check_container_name(cName))
4527 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4528 return(AD_INVALID_NAME);
4531 memset(distinguishedName, '\0', sizeof(distinguishedName));
4532 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4534 if (strlen(distinguishedName) == 0)
4536 rc = container_create(ldap_handle, dn_path, afterc, after);
4540 strcpy(temp, after[CONTAINER_NAME]);
4542 for (i = 0; i < (int)strlen(temp); i++)
4551 container_get_dn(temp, dName);
4552 if (strlen(temp) != 0)
4553 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4555 sprintf(new_dn_path, "%s", dn_path);
4556 sprintf(new_cn, "OU=%s", cName);
4558 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4560 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4561 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4563 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4564 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4568 memset(dName, '\0', sizeof(dName));
4569 container_get_dn(after[CONTAINER_NAME], dName);
4570 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4574 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4576 char distinguishedName[256];
4579 memset(distinguishedName, '\0', sizeof(distinguishedName));
4580 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4582 if (strlen(distinguishedName) == 0)
4584 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4586 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4587 container_move_objects(ldap_handle, dn_path, distinguishedName);
4589 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4590 av[CONTAINER_NAME], ldap_err2string(rc));
4595 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4597 char *attr_array[3];
4598 LK_ENTRY *group_base;
4601 char *objectClass_v[] = {"top",
4602 "organizationalUnit",
4605 char *ou_v[] = {NULL, NULL};
4606 char *name_v[] = {NULL, NULL};
4607 char *moiraId_v[] = {NULL, NULL};
4608 char *desc_v[] = {NULL, NULL};
4609 char *managedBy_v[] = {NULL, NULL};
4612 char managedByDN[256];
4619 memset(filter, '\0', sizeof(filter));
4620 memset(dName, '\0', sizeof(dName));
4621 memset(cName, '\0', sizeof(cName));
4622 memset(managedByDN, '\0', sizeof(managedByDN));
4623 container_get_dn(av[CONTAINER_NAME], dName);
4624 container_get_name(av[CONTAINER_NAME], cName);
4626 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4628 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4629 return(AD_INVALID_NAME);
4632 if (!check_container_name(cName))
4634 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4635 return(AD_INVALID_NAME);
4639 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4641 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4643 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4644 if (strlen(av[CONTAINER_ROWID]) != 0)
4646 moiraId_v[0] = av[CONTAINER_ROWID];
4647 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4649 if (strlen(av[CONTAINER_DESC]) != 0)
4651 desc_v[0] = av[CONTAINER_DESC];
4652 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4654 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4656 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4658 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4660 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4661 managedBy_v[0] = managedByDN;
4662 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4667 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4669 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4671 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4673 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4675 if (strlen(filter) != 0)
4677 attr_array[0] = "distinguishedName";
4678 attr_array[1] = NULL;
4681 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4682 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4684 if (group_count == 1)
4686 strcpy(managedByDN, group_base->value);
4687 managedBy_v[0] = managedByDN;
4688 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4690 linklist_free(group_base);
4699 sprintf(temp, "%s,%s", dName, dn_path);
4700 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4701 for (i = 0; i < n; i++)
4703 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4705 com_err(whoami, 0, "Unable to create container %s : %s",
4706 cName, ldap_err2string(rc));
4709 if (rc == LDAP_ALREADY_EXISTS)
4711 if (strlen(av[CONTAINER_ROWID]) != 0)
4712 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4717 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4718 int afterc, char **after)
4720 char distinguishedName[256];
4723 memset(distinguishedName, '\0', sizeof(distinguishedName));
4724 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4726 if (strlen(distinguishedName) == 0)
4728 rc = container_create(ldap_handle, dn_path, afterc, after);
4732 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4733 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4738 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4740 char *attr_array[3];
4741 LK_ENTRY *group_base;
4748 memset(filter, '\0', sizeof(filter));
4749 memset(dName, '\0', sizeof(dName));
4750 memset(cName, '\0', sizeof(cName));
4751 container_get_dn(av[CONTAINER_NAME], dName);
4752 container_get_name(av[CONTAINER_NAME], cName);
4754 if (strlen(dName) == 0)
4756 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4757 return(AD_INVALID_NAME);
4760 if (!check_container_name(cName))
4762 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4763 return(AD_INVALID_NAME);
4766 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4767 attr_array[0] = "distinguishedName";
4768 attr_array[1] = NULL;
4771 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4772 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4774 if (group_count == 1)
4776 strcpy(distinguishedName, group_base->value);
4778 linklist_free(group_base);
4782 if (strlen(distinguishedName) == 0)
4784 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4785 attr_array[0] = "distinguishedName";
4786 attr_array[1] = NULL;
4789 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4790 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4792 if (group_count == 1)
4794 strcpy(distinguishedName, group_base->value);
4796 linklist_free(group_base);
4804 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4805 char *distinguishedName, int count, char **av)
4807 char *attr_array[5];
4808 LK_ENTRY *group_base;
4813 char *moiraId_v[] = {NULL, NULL};
4814 char *desc_v[] = {NULL, NULL};
4815 char *managedBy_v[] = {NULL, NULL};
4816 char managedByDN[256];
4825 strcpy(ad_path, distinguishedName);
4826 if (strlen(dName) != 0)
4827 sprintf(ad_path, "%s,%s", dName, dn_path);
4829 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4830 if (strlen(av[CONTAINER_ID]) != 0)
4831 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4832 attr_array[0] = "mitMoiraId";
4833 attr_array[1] = "description";
4834 attr_array[2] = "managedBy";
4835 attr_array[3] = NULL;
4838 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4839 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4841 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4842 av[CONTAINER_NAME], ldap_err2string(rc));
4845 memset(managedByDN, '\0', sizeof(managedByDN));
4846 memset(moiraId, '\0', sizeof(moiraId));
4847 memset(desc, '\0', sizeof(desc));
4851 if (!strcasecmp(pPtr->attribute, "description"))
4852 strcpy(desc, pPtr->value);
4853 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4854 strcpy(managedByDN, pPtr->value);
4855 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4856 strcpy(moiraId, pPtr->value);
4859 linklist_free(group_base);
4864 if (strlen(av[CONTAINER_ROWID]) != 0)
4866 moiraId_v[0] = av[CONTAINER_ROWID];
4867 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4869 if (strlen(av[CONTAINER_DESC]) != 0)
4871 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4875 if (strlen(desc) != 0)
4877 attribute_update(ldap_handle, ad_path, "", "description", dName);
4880 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4882 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4884 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4886 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4887 managedBy_v[0] = managedByDN;
4888 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4892 if (strlen(managedByDN) != 0)
4894 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4900 memset(filter, '\0', sizeof(filter));
4901 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4903 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4905 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4907 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4909 if (strlen(filter) != 0)
4911 attr_array[0] = "distinguishedName";
4912 attr_array[1] = NULL;
4915 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4916 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4918 if (group_count == 1)
4920 strcpy(managedByDN, group_base->value);
4921 managedBy_v[0] = managedByDN;
4922 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4926 if (strlen(managedByDN) != 0)
4928 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4931 linklist_free(group_base);
4938 if (strlen(managedByDN) != 0)
4940 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4947 return(LDAP_SUCCESS);
4949 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4950 for (i = 0; i < n; i++)
4952 if (rc != LDAP_SUCCESS)
4954 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4955 av[CONTAINER_NAME], ldap_err2string(rc));
4961 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4963 char *attr_array[3];
4964 LK_ENTRY *group_base;
4971 int NumberOfEntries = 10;
4975 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4977 for (i = 0; i < 3; i++)
4979 memset(filter, '\0', sizeof(filter));
4982 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4983 attr_array[0] = "cn";
4984 attr_array[1] = NULL;
4988 strcpy(filter, "(objectClass=computer)");
4989 attr_array[0] = "cn";
4990 attr_array[1] = NULL;
4994 strcpy(filter, "(objectClass=organizationalUnit)");
4995 attr_array[0] = "ou";
4996 attr_array[1] = NULL;
5001 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5002 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5006 if (group_count == 0)
5011 if (!strcasecmp(pPtr->attribute, "cn"))
5013 sprintf(new_cn, "cn=%s", pPtr->value);
5015 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5017 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5021 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5023 if (rc == LDAP_ALREADY_EXISTS)
5025 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5032 else if (!strcasecmp(pPtr->attribute, "ou"))
5034 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5038 linklist_free(group_base);
5046 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5048 LK_ENTRY *group_base;
5052 char *attr_array[3];
5059 strcpy(NewMachineName, member);
5060 rc = moira_connect();
5061 rc = GetMachineName(NewMachineName);
5063 if (strlen(NewMachineName) == 0)
5065 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5070 pPtr = strchr(NewMachineName, '.');
5076 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5077 attr_array[0] = "cn";
5078 attr_array[1] = NULL;
5079 sprintf(temp, "%s", dn_path);
5080 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5081 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5083 com_err(whoami, 0, "Unable to process machine %s : %s",
5084 member, ldap_err2string(rc));
5087 if (group_count != 1)
5089 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
5093 strcpy(dn, group_base->dn);
5094 strcpy(cn, group_base->value);
5095 for (i = 0; i < (int)strlen(dn); i++)
5096 dn[i] = tolower(dn[i]);
5097 for (i = 0; i < (int)strlen(cn); i++)
5098 cn[i] = tolower(cn[i]);
5099 linklist_free(group_base);
5101 pPtr = strstr(dn, cn);
5104 com_err(whoami, 0, "Unable to process machine %s",
5108 pPtr += strlen(cn) + 1;
5109 strcpy(machine_ou, pPtr);
5111 pPtr = strstr(machine_ou, "dc=");
5114 com_err(whoami, 0, "Unable to process machine %s",
5123 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5128 char MachineName[128];
5130 char *attr_array[3];
5135 LK_ENTRY *group_base;
5140 strcpy(MachineName, MoiraMachineName);
5141 rc = GetMachineName(MachineName);
5142 if (strlen(MachineName) == 0)
5144 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5148 cPtr = strchr(MachineName, '.');
5151 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5152 attr_array[0] = "sAMAccountName";
5153 attr_array[1] = NULL;
5154 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5155 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5157 com_err(whoami, 0, "Unable to process machine %s : %s",
5158 MoiraMachineName, ldap_err2string(rc));
5162 if (group_count == 1)
5163 strcpy(OldDn, group_base->dn);
5164 linklist_free(group_base);
5166 if (group_count != 1)
5168 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5171 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5172 cPtr = strchr(OldDn, ',');
5176 if (!strcasecmp(cPtr, NewOu))
5179 sprintf(NewCn, "CN=%s", MachineName);
5180 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5184 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5190 memset(Name, '\0', sizeof(Name));
5191 strcpy(Name, machine_name);
5193 pPtr = strchr(Name, '.');
5197 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5200 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5206 av[0] = machine_name;
5207 call_args[0] = (char *)container_name;
5208 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5213 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5218 strcpy(call_args[0], av[1]);
5222 int Moira_container_group_create(char **after)
5228 memset(GroupName, '\0', sizeof(GroupName));
5229 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5230 after[CONTAINER_ROWID]);
5234 argv[L_NAME] = GroupName;
5235 argv[L_ACTIVE] = "1";
5236 argv[L_PUBLIC] = "0";
5237 argv[L_HIDDEN] = "0";
5238 argv[L_MAILLIST] = "0";
5239 argv[L_GROUP] = "1";
5240 argv[L_GID] = UNIQUE_GID;
5241 argv[L_NFSGROUP] = "0";
5242 argv[L_MAILMAN] = "0";
5243 argv[L_MAILMAN_SERVER] = "[NONE]";
5244 argv[L_DESC] = "auto created container group";
5245 argv[L_ACE_TYPE] = "USER";
5246 argv[L_MEMACE_TYPE] = "USER";
5247 argv[L_ACE_NAME] = "sms";
5248 argv[L_MEMACE_NAME] = "sms";
5250 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5252 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
5253 GroupName, after[CONTAINER_NAME], error_message(rc));
5256 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5257 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5262 int Moira_container_group_update(char **before, char **after)
5265 char BeforeGroupName[64];
5266 char AfterGroupName[64];
5269 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5272 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5273 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5274 if (strlen(BeforeGroupName) == 0)
5277 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5278 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5279 after[CONTAINER_ROWID]);
5283 if (strcasecmp(BeforeGroupName, AfterGroupName))
5285 argv[L_NAME] = BeforeGroupName;
5286 argv[L_NAME + 1] = AfterGroupName;
5287 argv[L_ACTIVE + 1] = "1";
5288 argv[L_PUBLIC + 1] = "0";
5289 argv[L_HIDDEN + 1] = "1";
5290 argv[L_MAILLIST + 1] = "0";
5291 argv[L_GROUP + 1] = "1";
5292 argv[L_GID + 1] = UNIQUE_GID;
5293 argv[L_NFSGROUP + 1] = "0";
5294 argv[L_MAILMAN + 1] = "0";
5295 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5296 argv[L_DESC + 1] = "auto created container group";
5297 argv[L_ACE_TYPE + 1] = "USER";
5298 argv[L_MEMACE_TYPE + 1] = "USER";
5299 argv[L_ACE_NAME + 1] = "sms";
5300 argv[L_MEMACE_NAME + 1] = "sms";
5302 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5304 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
5305 BeforeGroupName, AfterGroupName, error_message(rc));
5312 int Moira_container_group_delete(char **before)
5317 char ParentGroupName[64];
5319 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5320 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5322 memset(GroupName, '\0', sizeof(GroupName));
5323 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5324 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5326 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5328 argv[0] = ParentGroupName;
5330 argv[2] = GroupName;
5331 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5333 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
5334 GroupName, ParentGroupName, error_message(rc));
5338 if (strlen(GroupName) != 0)
5340 argv[0] = GroupName;
5341 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5343 com_err(whoami, 0, "Unable to delete container group %s : %s",
5344 GroupName, error_message(rc));
5351 int Moira_groupname_create(char *GroupName, char *ContainerName,
5352 char *ContainerRowID)
5357 char newGroupName[64];
5358 char tempGroupName[64];
5363 strcpy(temp, ContainerName);
5365 ptr1 = strrchr(temp, '/');
5371 if (strlen(ptr) > 25)
5374 sprintf(newGroupName, "cnt-%s", ptr);
5376 /* change everything to lower case */
5381 *ptr = tolower(*ptr);
5387 strcpy(tempGroupName, newGroupName);
5389 /* append 0-9 then a-z if a duplicate is found */
5392 argv[0] = newGroupName;
5393 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5395 if (rc == MR_NO_MATCH)
5397 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5398 ContainerName, error_message(rc));
5401 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5404 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5414 strcpy(GroupName, newGroupName);
5418 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5423 argv[0] = origContainerName;
5424 argv[1] = GroupName;
5426 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5428 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5429 GroupName, origContainerName, error_message(rc));
5435 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5437 char ContainerName[64];
5438 char ParentGroupName[64];
5442 strcpy(ContainerName, origContainerName);
5444 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5445 /* top-level container */
5446 if (strlen(ParentGroupName) == 0)
5449 argv[0] = ParentGroupName;
5451 argv[2] = GroupName;
5452 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5454 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5455 GroupName, ParentGroupName, error_message(rc));
5460 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5465 strcpy(call_args[0], av[1]);
5469 int Moira_getGroupName(char *origContainerName, char *GroupName,
5472 char ContainerName[64];
5478 strcpy(ContainerName, origContainerName);
5482 ptr = strrchr(ContainerName, '/');
5489 argv[0] = ContainerName;
5491 call_args[0] = GroupName;
5492 call_args[1] = NULL;
5494 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5497 if (strlen(GroupName) != 0)
5502 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5503 ContainerName, error_message(rc));
5505 com_err(whoami, 0, "Unable to get container group from container %s",
5510 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5516 if (strcmp(GroupName, "[none]") == 0)
5519 argv[0] = GroupName;
5520 argv[1] = "MACHINE";
5521 argv[2] = MachineName;
5523 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5525 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5528 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5529 MachineName, GroupName, error_message(rc));
5534 int GetMachineName(char *MachineName)
5537 char NewMachineName[1024];
5544 // If the address happens to be in the top-level MIT domain, great!
5545 strcpy(NewMachineName, MachineName);
5546 for (i = 0; i < (int)strlen(NewMachineName); i++)
5547 NewMachineName[i] = toupper(NewMachineName[i]);
5548 szDot = strchr(NewMachineName,'.');
5549 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5554 // If not, see if it has a Moira alias in the top-level MIT domain.
5555 memset(NewMachineName, '\0', sizeof(NewMachineName));
5557 args[1] = MachineName;
5558 call_args[0] = NewMachineName;
5559 call_args[1] = NULL;
5560 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5562 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5563 MachineName, error_message(rc));
5564 strcpy(MachineName, "");
5568 if (strlen(NewMachineName) != 0)
5569 strcpy(MachineName, NewMachineName);
5571 strcpy(MachineName, "");
5576 int ProcessMachineName(int ac, char **av, void *ptr)
5579 char MachineName[1024];
5584 if (strlen(call_args[0]) == 0)
5586 strcpy(MachineName, av[0]);
5587 for (i = 0; i < (int)strlen(MachineName); i++)
5588 MachineName[i] = toupper(MachineName[i]);
5589 szDot = strchr(MachineName,'.');
5590 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5592 strcpy(call_args[0], MachineName);
5598 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5604 for (i = 0; i < n; i++)
5606 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5607 mods[i]->mod_type = "uidNumber";
5613 for (i = 0; i < n; i++)
5615 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5616 mods[i]->mod_type = "msSFU30UidNumber";
5622 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5623 char *WinHomeDir, char *WinProfileDir,
5624 char **homedir_v, char **winProfile_v,
5625 char **drives_v, LDAPMod **mods,
5633 char winProfile[1024];
5638 LDAPMod *DelMods[20];
5640 memset(homeDrive, '\0', sizeof(homeDrive));
5641 memset(path, '\0', sizeof(path));
5642 memset(winPath, '\0', sizeof(winPath));
5643 memset(winProfile, '\0', sizeof(winProfile));
5645 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5647 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5649 memset(cWeight, 0, sizeof(cWeight));
5650 memset(cPath, 0, sizeof(cPath));
5653 while (hp[i] != NULL)
5655 if (sscanf(hp[i], "%*s %s", cPath))
5657 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5659 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5661 if (atoi(cWeight) < last_weight)
5663 strcpy(path, cPath);
5664 last_weight = (int)atoi(cWeight);
5668 strcpy(path, cPath);
5675 if (!strnicmp(path, AFS, strlen(AFS)))
5677 AfsToWinAfs(path, winPath);
5678 strcpy(winProfile, winPath);
5679 strcat(winProfile, "\\.winprofile");
5695 if (!strcasecmp(WinHomeDir, "[local]"))
5696 memset(winPath, '\0', sizeof(winPath));
5697 else if (!strcasecmp(WinHomeDir, "[afs]"))
5699 strcpy(homeDrive, "H:");
5703 strcpy(winPath, WinHomeDir);
5704 if (!strncmp(WinHomeDir, "\\\\", 2))
5706 strcpy(homeDrive, "H:");
5710 // nothing needs to be done if WinProfileDir is [afs].
5711 if (!strcasecmp(WinProfileDir, "[local]"))
5712 memset(winProfile, '\0', sizeof(winProfile));
5713 else if (strcasecmp(WinProfileDir, "[afs]"))
5715 strcpy(winProfile, WinProfileDir);
5718 if (strlen(winProfile) != 0)
5720 if (winProfile[strlen(winProfile) - 1] == '\\')
5721 winProfile[strlen(winProfile) - 1] = '\0';
5723 if (strlen(winPath) != 0)
5725 if (winPath[strlen(winPath) - 1] == '\\')
5726 winPath[strlen(winPath) - 1] = '\0';
5729 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5730 strcat(winProfile, "\\");
5731 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5732 strcat(winPath, "\\");
5734 if (strlen(winPath) == 0)
5736 if (OpType == LDAP_MOD_REPLACE)
5739 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5741 //unset homeDirectory attribute for user.
5742 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5748 homedir_v[0] = strdup(winPath);
5749 ADD_ATTR("homeDirectory", homedir_v, OpType);
5752 if (strlen(winProfile) == 0)
5754 if (OpType == LDAP_MOD_REPLACE)
5757 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5759 //unset profilePate attribute for user.
5760 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5766 winProfile_v[0] = strdup(winProfile);
5767 ADD_ATTR("profilePath", winProfile_v, OpType);
5770 if (strlen(homeDrive) == 0)
5772 if (OpType == LDAP_MOD_REPLACE)
5775 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5777 //unset homeDrive attribute for user
5778 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5784 drives_v[0] = strdup(homeDrive);
5785 ADD_ATTR("homeDrive", drives_v, OpType);
5791 int GetServerList(char *ldap_domain, char **ServerList)
5799 int ServerListFound;
5800 char default_server[256];
5802 char *attr_array[3];
5806 LK_ENTRY *group_base;
5811 memset(default_server, '\0', sizeof(default_server));
5812 memset(dn_path, '\0', sizeof(dn_path));
5813 for (i = 0; i < MAX_SERVER_NAMES; i++)
5815 if (ServerList[i] != NULL)
5817 free(ServerList[i]);
5818 ServerList[i] = NULL;
5821 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5824 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5828 ServerListFound = 0;
5830 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5831 attr_array[0] = "fSMORoleOwner";
5832 attr_array[1] = NULL;
5833 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5834 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5836 if (group_count != 0)
5838 sPtr = strstr(group_base->value, ",CN=");
5841 sPtr += strlen(",CN=");
5842 if (ServerList[0] == NULL)
5843 ServerList[0] = calloc(1, 256);
5844 strcpy(ServerList[0], sPtr);
5845 sPtr = strstr(ServerList[0], ",");
5849 ServerListFound = 1;
5853 linklist_free(group_base);
5857 attr_array[0] = "cn";
5858 attr_array[1] = NULL;
5859 strcpy(filter, "(cn=*)");
5860 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5862 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5863 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5865 if (group_count != 0)
5868 while (gPtr != NULL)
5870 if (ServerListFound != 0)
5872 if (!strcasecmp(ServerList[0], gPtr->value))
5878 if (Count < MAX_SERVER_NAMES)
5880 if (ServerList[Count] == NULL)
5881 ServerList[Count] = calloc(1, 256);
5882 strcpy(ServerList[Count], gPtr->value);
5889 linklist_free(group_base);
5895 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5896 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5898 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5899 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5901 if (group_count != 0)
5906 linklist_free(group_base);
5910 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5912 fprintf(fptr, "%s %s\n", DOMAIN, ldap_domain);
5913 if (strlen(PrincipalName) != 0)
5914 fprintf(fptr, "%s %s\n", PRINCIPALNAME, PrincipalName);
5916 fprintf(fptr, "%s %s\n", MSSFU, SFUTYPE);
5917 for (i = 0; i < MAX_SERVER_NAMES; i++)
5919 if (ServerList[i] != NULL)
5921 fprintf(fptr, "%s %s\n", SERVER, ServerList[i]);
5926 ldap_unbind_s(ldap_handle);
5928 for (i = 0; i < MAX_SERVER_NAMES; i++)
5930 if (ServerList[i] != NULL)
5932 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
5933 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
5934 strcat(ServerList[i], ".");
5935 strcat(ServerList[i], ldap_domain);
5936 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5937 ServerList[i][k] = toupper(ServerList[i][k]);
5944 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5945 char *attribute_value, char *attribute, char *user_name)
5947 char *mod_v[] = {NULL, NULL};
5948 LDAPMod *DelMods[20];
5954 if (strlen(attribute_value) == 0)
5957 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5959 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5965 mod_v[0] = attribute_value;
5966 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5968 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5972 mod_v[0] = attribute_value;
5973 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5975 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5977 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5978 attribute, user_name, ldap_err2string(rc));
5986 int tickets_get_k5()
5989 char KinitPath[128];
5992 static char EnvVar[128];
5993 static char EnvVar1[128];
5995 strcpy(EnvVar, KRB5CCNAME);
5996 retval = putenv(EnvVar);
5997 strcpy(EnvVar1, KRBTKFILE);
5998 retval = putenv(EnvVar1);
6000 for (i = 0; i < (int)strlen(PrincipalName); i++)
6001 PrincipalName[i] = tolower(PrincipalName[i]);
6002 if (strlen(PrincipalName) == 0)
6004 strcpy(PrincipalName, PRODUCTION_PRINCIPAL);
6005 if (strcmp(ldap_domain, PRIMARY_DOMAIN))
6006 strcpy(PrincipalName, TEST_PRINCIPAL);
6009 memset(KinitPath, '\0',sizeof(KinitPath));
6011 strcpy(KinitPath, "/usr/athena/bin/");
6013 sprintf(temp, "%skinit -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
6014 retval = system(temp);
6023 if (tickets_get_k5())
6026 if (tickets_get_k5())
6028 critical_alert("AD incremental", "%s",
6029 "winad.incr incremental failed (unable to get kerberos tickets)");
6036 int destroy_cache(void)
6038 krb5_context context;
6044 if (!krb5_init_context(&context))
6046 if (!krb5_cc_default(context, &cache))
6047 rc = krb5_cc_destroy(context, cache);
6049 if (context != NULL)
6050 krb5_free_context(context);
6057 void StringTrim(char *StringToTrim)
6063 if (strlen(StringToTrim) == 0)
6066 cPtr = StringToTrim;
6067 while (isspace(*cPtr))
6072 if (strlen(temp) == 0)
6074 strcpy(StringToTrim, temp);
6082 if (!isspace(temp[i-1]))
6087 strcpy(StringToTrim, temp);
6091 void ReadConfigFile()
6102 if ((fptr = fopen(WINADCFG, "r")) != NULL)
6104 while (fgets(temp, sizeof(temp), fptr) != 0)
6106 for (i = 0; i < (int)strlen(temp); i++)
6107 temp[i] = toupper(temp[i]);
6108 if (temp[strlen(temp) - 1] == '\n')
6109 temp[strlen(temp) - 1] = '\0';
6111 if (strlen(temp) == 0)
6113 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
6115 if (strlen(temp) > (strlen(DOMAIN)))
6117 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
6118 StringTrim(ldap_domain);
6121 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
6123 if (strlen(temp) > (strlen(PRINCIPALNAME)))
6125 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
6126 StringTrim(PrincipalName);
6129 else if (!strncmp(temp, SERVER, strlen(SERVER)))
6131 if (strlen(temp) > (strlen(SERVER)))
6133 ServerList[Count] = calloc(1, 256);
6134 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
6135 StringTrim(ServerList[Count]);
6139 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
6141 if (strlen(temp) > (strlen(MSSFU)))
6143 strcpy(temp1, &temp[strlen(MSSFU)]);
6145 if (!strcmp(temp1, SFUTYPE))
6149 else if (!strcasecmp(temp, "NOCHANGE"))
6151 NoChangeConfigFile = 1;
6155 if (strlen(ldap_domain) != 0)
6157 memset(ldap_domain, '\0', sizeof(ldap_domain));
6160 if (strlen(temp) != 0)
6161 strcpy(ldap_domain, temp);
6167 if (strlen(ldap_domain) == 0)
6169 critical_alert("incremental", "%s",
6170 "winad.incr cannot run due to a configuration error in winad.cfg");
6175 for (i = 0; i < Count; i++)
6177 if (ServerList[i] != 0)
6179 strcat(ServerList[i], ".");
6180 strcat(ServerList[i], ldap_domain);
6181 for (k = 0; k < (int)strlen(ServerList[i]); k++)
6182 ServerList[i][k] = toupper(ServerList[i][k]);