2 /* winad.incr arguments examples
5 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
6 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
7 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
9 * arguments for creating or updating a user account
10 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
11 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
12 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
14 * arguments for deactivating/deleting a user account
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
16 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058
17 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
19 * arguments for reactivating a user account
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
21 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
22 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
24 * arguments for changing user name
25 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
28 * arguments for expunging a user
29 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
32 * arguments for creating a "special" group/list
33 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
34 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
36 * arguments for creating a "mail" group/list
37 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
38 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
40 * arguments for creating a "group" group/list
41 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
42 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
44 * arguments for creating a "group/mail" group/list
45 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
46 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
48 * arguments to add a USER member to group/list
49 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
50 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
52 * arguments to add a STRING or KERBEROS member to group/list
53 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
54 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
55 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
57 * NOTE: group members of type LIST are ignored.
59 * arguments to remove a USER member to group/list
60 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
61 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
63 * arguments to remove a STRING or KERBEROS member to group/list
64 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
65 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
66 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
68 * NOTE: group members of type LIST are ignored.
70 * arguments for renaming a group/list
71 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
72 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
74 * arguments for deleting a group/list
75 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
76 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
78 * arguments for adding a file system
79 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
81 * arguments for deleting a file system
82 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
84 #include <mit-copyright.h>
96 #include <moira_site.h>
106 #define ECONNABORTED WSAECONNABORTED
109 #define ECONNREFUSED WSAECONNREFUSED
112 #define EHOSTUNREACH WSAEHOSTUNREACH
114 #define krb5_xfree free
116 #define sleep(A) Sleep(A * 1000);
120 #include <sys/types.h>
121 #include <netinet/in.h>
122 #include <arpa/nameser.h>
124 #include <sys/utsname.h>
127 #define WINADCFG "/moira/winad/winad.cfg"
128 #define strnicmp(A,B,C) strncasecmp(A,B,C)
129 #define UCHAR unsigned char
131 #define UF_SCRIPT 0x0001
132 #define UF_ACCOUNTDISABLE 0x0002
133 #define UF_HOMEDIR_REQUIRED 0x0008
134 #define UF_LOCKOUT 0x0010
135 #define UF_PASSWD_NOTREQD 0x0020
136 #define UF_PASSWD_CANT_CHANGE 0x0040
137 #define UF_DONT_EXPIRE_PASSWD 0x10000
139 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
140 #define UF_NORMAL_ACCOUNT 0x0200
141 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
142 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
143 #define UF_SERVER_TRUST_ACCOUNT 0x2000
146 #define BYTE unsigned char
148 typedef unsigned int DWORD;
149 typedef unsigned long ULONG;
154 unsigned short Data2;
155 unsigned short Data3;
156 unsigned char Data4[8];
159 typedef struct _SID_IDENTIFIER_AUTHORITY {
161 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
163 typedef struct _SID {
165 BYTE SubAuthorityCount;
166 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
167 DWORD SubAuthority[512];
172 #define WINADCFG "winad.cfg"
176 #define WINAFS "\\\\afs\\all\\"
178 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
179 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
180 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
181 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
182 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
184 #define QUERY_VERSION -1
185 #define PRIMARY_REALM "ATHENA.MIT.EDU"
194 #define MEMBER_REMOVE 2
195 #define MEMBER_CHANGE_NAME 3
196 #define MEMBER_ACTIVATE 4
197 #define MEMBER_DEACTIVATE 5
198 #define MEMBER_CREATE 6
200 #define MOIRA_ALL 0x0
201 #define MOIRA_USERS 0x1
202 #define MOIRA_KERBEROS 0x2
203 #define MOIRA_STRINGS 0x4
204 #define MOIRA_LISTS 0x8
206 #define CHECK_GROUPS 1
207 #define CLEANUP_GROUPS 2
209 #define AD_NO_GROUPS_FOUND -1
210 #define AD_WRONG_GROUP_DN_FOUND -2
211 #define AD_MULTIPLE_GROUPS_FOUND -3
212 #define AD_INVALID_NAME -4
213 #define AD_LDAP_FAILURE -5
214 #define AD_INVALID_FILESYS -6
215 #define AD_NO_ATTRIBUTE_FOUND -7
216 #define AD_NO_OU_FOUND -8
217 #define AD_NO_USER_FOUND -9
219 typedef struct lk_entry {
229 struct lk_entry *next;
232 #define STOP_FILE "/moira/winad/nowinad"
233 #define file_exists(file) (access((file), F_OK) == 0)
235 #define LDAP_BERVAL struct berval
236 #define MAX_SERVER_NAMES 32
238 #define ADD_ATTR(t, v, o) \
239 mods[n] = malloc(sizeof(LDAPMod)); \
240 mods[n]->mod_op = o; \
241 mods[n]->mod_type = t; \
242 mods[n++]->mod_values = v
244 LK_ENTRY *member_base = NULL;
245 LK_ENTRY *sid_base = NULL;
246 LK_ENTRY **sid_ptr = NULL;
247 static char tbl_buf[1024];
248 char kerberos_ou[] = "OU=kerberos,OU=moira";
249 char contact_ou[] = "OU=strings,OU=moira";
250 char user_ou[] = "OU=users,OU=moira";
251 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
252 char group_ou_root[] = "OU=lists,OU=moira";
253 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
254 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
255 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
257 char ldap_domain[256];
258 int mr_connections = 0;
260 char default_server[256];
261 static char tbl_buf[1024];
263 extern int set_password(char *user, char *password, char *domain);
265 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
266 char *group_membership, char *MoiraId, char *attribute,
267 LK_ENTRY **linklist_base, int *linklist_count,
269 void AfsToWinAfs(char* path, char* winPath);
270 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
271 char *Win2kPassword, char *Win2kUser, char *default_server,
273 void ad_kdc_disconnect();
274 void check_winad(void);
275 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
276 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
277 char *fs_type, char *fs_pack, int operation);
278 int get_group_membership(char *group_membership, char *group_ou,
279 int *security_flag, char **av);
280 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
281 char *group_name, char *group_ou, char *group_membership,
282 int group_security_flag, int type);
283 int process_lists(int ac, char **av, void *ptr);
284 int user_create(int ac, char **av, void *ptr);
285 int user_change_status(LDAP *ldap_handle, char *dn_path,
286 char *user_name, char *MoiraId, int operation);
287 int user_delete(LDAP *ldap_handle, char *dn_path,
288 char *u_name, char *MoiraId);
289 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
291 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
292 char *uid, char *MitId, char *MoiraId, int State);
293 void change_to_lower_case(char *ptr);
294 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
295 int group_create(int ac, char **av, void *ptr);
296 int group_delete(LDAP *ldap_handle, char *dn_path,
297 char *group_name, char *group_membership, char *MoiraId);
298 int group_rename(LDAP *ldap_handle, char *dn_path,
299 char *before_group_name, char *before_group_membership,
300 char *before_group_ou, int before_security_flag, char *before_desc,
301 char *after_group_name, char *after_group_membership,
302 char *after_group_ou, int after_security_flag, char *after_desc,
303 char *MoiraId, char *filter);
304 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
305 char *group_name, char *group_ou, char *group_membership,
306 int group_security_flag, int updateGroup);
307 int member_list_build(int ac, char **av, void *ptr);
308 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
309 char *group_ou, char *group_membership,
310 char *user_name, char *pUserOu, char *MoiraId);
311 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
312 char *group_ou, char *group_membership, char *user_name,
313 char *pUserOu, char *MoiraId);
314 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
315 char *group_ou, char *group_membership,
316 int group_security_flag, char *MoiraId);
317 int sid_update(LDAP *ldap_handle, char *dn_path);
318 int check_string(char *s);
319 void convert_b_to_a(char *string, UCHAR *binary, int length);
320 int mr_connect_cl(char *server, char *client, int version, int auth);
322 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
323 char **before, int beforec, char **after, int afterc);
324 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
325 char **before, int beforec, char **after, int afterc);
326 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
327 char **before, int beforec, char **after, int afterc);
328 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
329 char **before, int beforec, char **after, int afterc);
330 int linklist_create_entry(char *attribute, char *value,
331 LK_ENTRY **linklist_entry);
332 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
333 char **attr_array, LK_ENTRY **linklist_base,
334 int *linklist_count);
335 void linklist_free(LK_ENTRY *linklist_base);
337 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
338 char *distinguished_name, LK_ENTRY **linklist_current);
339 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
340 LK_ENTRY **linklist_base, int *linklist_count);
341 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
342 char *Attribute, char *distinguished_name,
343 LK_ENTRY **linklist_current);
345 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
346 char *oldValue, char *newValue,
347 char ***modvalues, int type);
348 void free_values(char **modvalues);
350 int convert_domain_to_dn(char *domain, char **bind_path);
351 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
352 char *distinguished_name);
353 int moira_disconnect(void);
354 int moira_connect(void);
355 void print_to_screen(const char *fmt, ...);
357 int main(int argc, char **argv)
370 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
374 com_err(whoami, 0, "%s", "argc < 4");
377 beforec = atoi(argv[2]);
378 afterc = atoi(argv[3]);
380 if (argc < (4 + beforec + afterc))
382 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
388 after = &argv[4 + beforec];
390 for (i = 1; i < argc; i++)
392 strcat(tbl_buf, argv[i]);
393 strcat(tbl_buf, " ");
395 com_err(whoami, 0, "%s", tbl_buf);
399 memset(ldap_domain, '\0', sizeof(ldap_domain));
400 if ((fptr = fopen(WINADCFG, "r")) != NULL)
402 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
405 if (strlen(ldap_domain) == 0)
406 strcpy(ldap_domain, "win.mit.edu");
407 initialize_sms_error_table();
408 initialize_krb_error_table();
410 memset(default_server, '\0', sizeof(default_server));
411 memset(dn_path, '\0', sizeof(dn_path));
412 for (i = 0; i < 5; i++)
414 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1)))
420 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
424 for (i = 0; i < (int)strlen(table); i++)
425 table[i] = tolower(table[i]);
426 if (!strcmp(table, "users"))
427 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
429 else if (!strcmp(table, "list"))
430 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
432 else if (!strcmp(table, "imembers"))
433 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
435 else if (!strcmp(table, "filesys"))
436 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
439 else if (!strcmp(table, "quota"))
440 do_quota(before, beforec, after, afterc);
444 rc = ldap_unbind_s(ldap_handle);
448 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
449 char **before, int beforec, char **after, int afterc)
462 if (afterc < FS_CREATE)
466 atype = !strcmp(after[FS_TYPE], "AFS");
467 acreate = atoi(after[FS_CREATE]);
470 if (beforec < FS_CREATE)
472 if (acreate == 0 || atype == 0)
474 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
478 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
479 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
481 if (rc != LDAP_SUCCESS)
482 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
489 if (rc = moira_connect())
491 critical_alert("AD incremental",
492 "Error contacting Moira server : %s",
496 av[0] = after[FS_NAME];
497 call_args[0] = (char *)ldap_handle;
498 call_args[1] = dn_path;
504 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
508 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
514 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
517 if (sid_base != NULL)
519 sid_update(ldap_handle, dn_path);
520 linklist_free(sid_base);
528 btype = !strcmp(before[FS_TYPE], "AFS");
529 bcreate = atoi(before[FS_CREATE]);
530 if (afterc < FS_CREATE)
532 if (btype && bcreate)
534 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
535 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
537 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
546 if (!atype && !btype)
548 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
550 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
551 before[FS_NAME], after[FS_NAME]);
555 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
559 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
560 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
562 if (rc != LDAP_SUCCESS)
563 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
570 if (rc = moira_connect())
572 critical_alert("AD incremental",
573 "Error contacting Moira server : %s",
577 av[0] = after[FS_NAME];
578 call_args[0] = (char *)ldap_handle;
579 call_args[1] = dn_path;
585 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
589 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
595 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
598 if (sid_base != NULL)
600 sid_update(ldap_handle, dn_path);
601 linklist_free(sid_base);
611 #define L_LIST_DESC 9
614 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
615 char **before, int beforec, char **after, int afterc)
619 char group_membership[6];
624 char before_list_id[32];
625 char before_group_membership[1];
626 int before_security_flag;
627 char before_group_ou[256];
628 LK_ENTRY *ptr = NULL;
630 if (beforec == 0 && afterc == 0)
633 memset(list_id, '\0', sizeof(list_id));
634 memset(before_list_id, '\0', sizeof(before_list_id));
635 memset(before_group_ou, '\0', sizeof(before_group_ou));
636 memset(before_group_membership, '\0', sizeof(before_group_membership));
637 memset(group_ou, '\0', sizeof(group_ou));
638 memset(group_membership, '\0', sizeof(group_membership));
643 if (beforec < L_LIST_ID)
645 if (beforec > L_LIST_DESC)
647 strcpy(before_list_id, before[L_LIST_ID]);
649 before_security_flag = 0;
650 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
654 if (afterc < L_LIST_ID)
656 if (afterc > L_LIST_DESC)
658 strcpy(list_id, before[L_LIST_ID]);
661 get_group_membership(group_membership, group_ou, &security_flag, after);
664 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
671 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
672 before_group_ou, before_group_membership,
673 before_security_flag, CHECK_GROUPS)))
675 if (rc == AD_NO_GROUPS_FOUND)
679 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
681 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
682 before_group_ou, before_group_membership,
683 before_security_flag, CLEANUP_GROUPS);
685 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
687 com_err(whoami, 0, "Could not change list name from %s to %s",
688 before[L_NAME], after[L_NAME]);
691 if (rc == AD_NO_GROUPS_FOUND)
697 if ((beforec != 0) && (afterc != 0))
699 if (((strcmp(after[L_NAME], before[L_NAME])) ||
700 ((!strcmp(after[L_NAME], before[L_NAME])) &&
701 (strcmp(before_group_ou, group_ou)))) &&
704 com_err(whoami, 0, "Changing list name from %s to %s",
705 before[L_NAME], after[L_NAME]);
706 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
707 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
709 com_err(whoami, 0, "%s", "couldn't find the group OU's");
712 memset(filter, '\0', sizeof(filter));
713 if ((rc = group_rename(ldap_handle, dn_path,
714 before[L_NAME], before_group_membership,
715 before_group_ou, before_security_flag, before[L_LIST_DESC],
716 after[L_NAME], group_membership,
717 group_ou, security_flag, after[L_LIST_DESC],
720 if (rc != AD_NO_GROUPS_FOUND)
722 com_err(whoami, 0, "Could not change list name from %s to %s",
723 before[L_NAME], after[L_NAME]);
736 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
738 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
741 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
742 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
743 before_group_membership, before_list_id);
750 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
751 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
752 group_ou, group_membership,
753 security_flag, CHECK_GROUPS))
755 if (rc != AD_NO_GROUPS_FOUND)
757 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
759 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
760 group_ou, group_membership,
761 security_flag, CLEANUP_GROUPS);
765 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
772 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
774 if (rc = moira_connect())
776 critical_alert("AD incremental",
777 "Error contacting Moira server : %s",
782 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
783 group_ou, group_membership, security_flag, updateGroup))
788 if (atoi(after[L_ACTIVE]))
790 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
791 group_membership, security_flag, list_id);
799 #define LM_EXTRA_ACTIVE (LM_END)
800 #define LM_EXTRA_PUBLIC (LM_END+1)
801 #define LM_EXTRA_HIDDEN (LM_END+2)
802 #define LM_EXTRA_MAILLIST (LM_END+3)
803 #define LM_EXTRA_GROUP (LM_END+4)
804 #define LM_EXTRA_GID (LM_END+5)
805 #define LMN_LIST_ID (LM_END+6)
806 #define LM_LIST_ID (LM_END+7)
807 #define LM_USER_ID (LM_END+8)
808 #define LM_EXTRA_END (LM_END+9)
810 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
811 char **before, int beforec, char **after, int afterc)
813 char group_name[128];
816 char moira_list_id[32];
817 char moira_user_id[32];
818 char group_membership[1];
830 memset(moira_list_id, '\0', sizeof(moira_list_id));
831 memset(moira_user_id, '\0', sizeof(moira_user_id));
834 if (afterc < LM_EXTRA_GID)
836 if (!atoi(after[LM_EXTRA_ACTIVE]))
839 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
841 strcpy(user_name, after[LM_MEMBER]);
842 strcpy(group_name, after[LM_LIST]);
843 strcpy(user_type, after[LM_TYPE]);
844 if (!strcasecmp(ptr[LM_TYPE], "USER"))
846 if (afterc > LMN_LIST_ID)
848 strcpy(moira_list_id, after[LM_LIST_ID]);
849 strcpy(moira_user_id, after[LM_USER_ID]);
854 if (afterc > LM_EXTRA_GID)
855 strcpy(moira_list_id, after[LMN_LIST_ID]);
860 if (beforec < LM_EXTRA_GID)
862 if (!atoi(before[LM_EXTRA_ACTIVE]))
865 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
867 strcpy(user_name, before[LM_MEMBER]);
868 strcpy(group_name, before[LM_LIST]);
869 strcpy(user_type, before[LM_TYPE]);
870 if (!strcasecmp(ptr[LM_TYPE], "USER"))
872 if (beforec > LMN_LIST_ID)
874 strcpy(moira_list_id, before[LM_LIST_ID]);
875 strcpy(moira_user_id, before[LM_USER_ID]);
880 if (beforec > LM_EXTRA_GID)
881 strcpy(moira_list_id, before[LMN_LIST_ID]);
888 args[L_NAME] = ptr[LM_LIST];
889 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
890 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
891 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
892 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
893 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
894 args[L_GID] = ptr[LM_EXTRA_GID];
897 memset(group_ou, '\0', sizeof(group_ou));
898 get_group_membership(group_membership, group_ou, &security_flag, args);
899 if (strlen(group_ou) == 0)
901 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
904 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
906 if (rc != AD_NO_GROUPS_FOUND)
908 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
910 if (rc != AD_NO_GROUPS_FOUND)
913 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
915 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
921 if (rc == AD_NO_GROUPS_FOUND)
923 if (rc = moira_connect())
925 critical_alert("AD incremental",
926 "Error contacting Moira server : %s",
931 com_err(whoami, 0, "creating group %s", group_name);
932 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
933 group_ou, group_membership, security_flag, 0))
938 if (atoi(ptr[LM_EXTRA_ACTIVE]))
940 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
941 group_membership, security_flag, moira_list_id);
948 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
950 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
952 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
954 pUserOu = contact_ou;
956 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
958 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
960 pUserOu = kerberos_ou;
962 if (rc = member_remove(ldap_handle, dn_path, group_name,
963 group_ou, group_membership, ptr[LM_MEMBER],
964 pUserOu, moira_list_id))
965 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
969 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
971 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
973 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
975 pUserOu = contact_ou;
977 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
979 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
981 pUserOu = kerberos_ou;
983 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
985 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
986 moira_user_id)) == AD_NO_USER_FOUND)
988 if (rc = moira_connect())
990 critical_alert("AD incremental",
991 "Error connection to Moira : %s",
995 com_err(whoami, 0, "creating user %s", after[U_NAME]);
996 av[0] = ptr[LM_MEMBER];
997 call_args[0] = (char *)ldap_handle;
998 call_args[1] = dn_path;
999 call_args[2] = moira_user_id;
1000 call_args[3] = NULL;
1002 sid_ptr = &sid_base;
1004 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1008 com_err(whoami, 0, "couldn't create user %s : %s",
1009 ptr[LM_MEMBER], error_message(rc));
1015 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1019 if (sid_base != NULL)
1021 sid_update(ldap_handle, dn_path);
1022 linklist_free(sid_base);
1033 if (rc = member_add(ldap_handle, dn_path, group_name,
1034 group_ou, group_membership, ptr[LM_MEMBER],
1035 pUserOu, moira_list_id))
1037 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1043 #define U_USER_ID 10
1045 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1046 char **before, int beforec, char **after,
1051 char after_user_id[32];
1052 char before_user_id[32];
1055 if ((beforec == 0) && (afterc == 0))
1058 memset(after_user_id, '\0', sizeof(after_user_id));
1059 memset(before_user_id, '\0', sizeof(before_user_id));
1060 if (beforec > U_USER_ID)
1061 strcpy(before_user_id, before[U_USER_ID]);
1062 if (afterc > U_USER_ID)
1063 strcpy(after_user_id, after[U_USER_ID]);
1065 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1068 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1069 return; /*account is first created but not usable*/
1071 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1073 if (atoi(before[U_STATE]) == 0)
1075 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1076 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1081 /*process anything that gets here*/
1082 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1083 before_user_id)) == AD_NO_USER_FOUND)
1085 if (rc = moira_connect())
1087 critical_alert("AD incremental",
1088 "Error connection to Moira : %s",
1092 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1094 av[0] = after[U_NAME];
1095 call_args[0] = (char *)ldap_handle;
1096 call_args[1] = dn_path;
1097 call_args[2] = after_user_id;
1098 call_args[3] = NULL;
1100 sid_ptr = &sid_base;
1102 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1106 com_err(whoami, 0, "couldn't create user %s : %s",
1107 after[U_NAME], error_message(rc));
1113 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1117 if (sid_base != NULL)
1119 sid_update(ldap_handle, dn_path);
1120 linklist_free(sid_base);
1129 if (strcmp(before[U_NAME], after[U_NAME]))
1131 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1133 com_err(whoami, 0, "changing user %s to %s",
1134 before[U_NAME], after[U_NAME]);
1135 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1136 after[U_NAME])) != LDAP_SUCCESS)
1142 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1143 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1144 after[U_UID], after[U_MITID],
1145 after_user_id, atoi(after[U_STATE]));
1149 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1150 char *oldValue, char *newValue,
1151 char ***modvalues, int type)
1153 LK_ENTRY *linklist_ptr;
1157 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1162 for (i = 0; i < (modvalue_count + 1); i++)
1163 (*modvalues)[i] = NULL;
1164 if (modvalue_count != 0)
1166 linklist_ptr = linklist_base;
1167 for (i = 0; i < modvalue_count; i++)
1169 if ((oldValue != NULL) && (newValue != NULL))
1171 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1174 if (type == REPLACE)
1176 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1179 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1180 strcpy((*modvalues)[i], newValue);
1184 if (((*modvalues)[i] = calloc(1,
1185 (int)(cPtr - linklist_ptr->value) +
1186 (linklist_ptr->length - strlen(oldValue)) +
1187 strlen(newValue) + 1)) == NULL)
1189 memset((*modvalues)[i], '\0',
1190 (int)(cPtr - linklist_ptr->value) +
1191 (linklist_ptr->length - strlen(oldValue)) +
1192 strlen(newValue) + 1);
1193 memcpy((*modvalues)[i], linklist_ptr->value,
1194 (int)(cPtr - linklist_ptr->value));
1195 strcat((*modvalues)[i], newValue);
1196 strcat((*modvalues)[i],
1197 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1202 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1203 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1204 memcpy((*modvalues)[i], linklist_ptr->value,
1205 linklist_ptr->length);
1210 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1211 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1212 memcpy((*modvalues)[i], linklist_ptr->value,
1213 linklist_ptr->length);
1215 linklist_ptr = linklist_ptr->next;
1217 (*modvalues)[i] = NULL;
1223 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1224 char **attr_array, LK_ENTRY **linklist_base,
1225 int *linklist_count)
1228 LDAPMessage *ldap_entry;
1232 (*linklist_base) = NULL;
1233 (*linklist_count) = 0;
1234 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1235 search_exp, attr_array, 0, &ldap_entry))
1238 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1240 ldap_msgfree(ldap_entry);
1245 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1246 LK_ENTRY **linklist_base, int *linklist_count)
1248 char distinguished_name[1024];
1249 LK_ENTRY *linklist_ptr;
1252 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1255 memset(distinguished_name, '\0', sizeof(distinguished_name));
1256 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1258 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1259 linklist_base)) != 0)
1262 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1264 memset(distinguished_name, '\0', sizeof(distinguished_name));
1265 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1267 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1268 linklist_base)) != 0)
1272 linklist_ptr = (*linklist_base);
1273 (*linklist_count) = 0;
1274 while (linklist_ptr != NULL)
1276 ++(*linklist_count);
1277 linklist_ptr = linklist_ptr->next;
1282 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1283 char *distinguished_name, LK_ENTRY **linklist_current)
1289 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1291 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1293 ldap_memfree(Attribute);
1294 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1297 retrieve_values(ldap_handle, ldap_entry, Attribute,
1298 distinguished_name, linklist_current);
1299 ldap_memfree(Attribute);
1302 ldap_ber_free(ptr, 0);
1306 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1307 char *Attribute, char *distinguished_name,
1308 LK_ENTRY **linklist_current)
1314 LK_ENTRY *linklist_previous;
1315 LDAP_BERVAL **ber_value;
1323 SID_IDENTIFIER_AUTHORITY *sid_auth;
1324 unsigned char *subauth_count;
1325 #endif /*LDAP_BEGUG*/
1328 memset(temp, '\0', sizeof(temp));
1329 if ((!strcmp(Attribute, "objectSid")) ||
1330 (!strcmp(Attribute, "objectGUID")))
1335 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1336 Ptr = (void **)ber_value;
1341 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1342 Ptr = (void **)str_value;
1349 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1351 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1352 linklist_previous->next = (*linklist_current);
1353 (*linklist_current) = linklist_previous;
1355 if (((*linklist_current)->attribute = calloc(1,
1356 strlen(Attribute) + 1)) == NULL)
1358 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1359 strcpy((*linklist_current)->attribute, Attribute);
1362 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1363 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1365 memset((*linklist_current)->value, '\0', ber_length);
1366 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1368 (*linklist_current)->length = ber_length;
1372 if (((*linklist_current)->value = calloc(1,
1373 strlen(*Ptr) + 1)) == NULL)
1375 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1376 (*linklist_current)->length = strlen(*Ptr);
1377 strcpy((*linklist_current)->value, *Ptr);
1379 (*linklist_current)->ber_value = use_bervalue;
1380 if (((*linklist_current)->dn = calloc(1,
1381 strlen(distinguished_name) + 1)) == NULL)
1383 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1384 strcpy((*linklist_current)->dn, distinguished_name);
1387 if (!strcmp(Attribute, "objectGUID"))
1389 guid = (GUID *)((*linklist_current)->value);
1390 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1391 guid->Data1, guid->Data2, guid->Data3,
1392 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1393 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1394 guid->Data4[6], guid->Data4[7]);
1395 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1397 else if (!strcmp(Attribute, "objectSid"))
1399 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1401 print_to_screen(" Revision = %d\n", sid->Revision);
1402 print_to_screen(" SID Identifier Authority:\n");
1403 sid_auth = &sid->IdentifierAuthority;
1404 if (sid_auth->Value[0])
1405 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1406 else if (sid_auth->Value[1])
1407 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1408 else if (sid_auth->Value[2])
1409 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1410 else if (sid_auth->Value[3])
1411 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1412 else if (sid_auth->Value[5])
1413 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1415 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1416 subauth_count = GetSidSubAuthorityCount(sid);
1417 print_to_screen(" SidSubAuthorityCount = %d\n",
1419 print_to_screen(" SidSubAuthority:\n");
1420 for (i = 0; i < *subauth_count; i++)
1422 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1423 print_to_screen(" %u\n", *subauth);
1427 else if ((!memcmp(Attribute, "userAccountControl",
1428 strlen("userAccountControl"))) ||
1429 (!memcmp(Attribute, "sAMAccountType",
1430 strlen("sAmAccountType"))))
1432 intValue = atoi(*Ptr);
1433 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1434 if (!memcmp(Attribute, "userAccountControl",
1435 strlen("userAccountControl")))
1437 if (intValue & UF_ACCOUNTDISABLE)
1438 print_to_screen(" %20s : %s\n",
1439 "", "Account disabled");
1441 print_to_screen(" %20s : %s\n",
1442 "", "Account active");
1443 if (intValue & UF_HOMEDIR_REQUIRED)
1444 print_to_screen(" %20s : %s\n",
1445 "", "Home directory required");
1446 if (intValue & UF_LOCKOUT)
1447 print_to_screen(" %20s : %s\n",
1448 "", "Account locked out");
1449 if (intValue & UF_PASSWD_NOTREQD)
1450 print_to_screen(" %20s : %s\n",
1451 "", "No password required");
1452 if (intValue & UF_PASSWD_CANT_CHANGE)
1453 print_to_screen(" %20s : %s\n",
1454 "", "Cannot change password");
1455 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1456 print_to_screen(" %20s : %s\n",
1457 "", "Temp duplicate account");
1458 if (intValue & UF_NORMAL_ACCOUNT)
1459 print_to_screen(" %20s : %s\n",
1460 "", "Normal account");
1461 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1462 print_to_screen(" %20s : %s\n",
1463 "", "Interdomain trust account");
1464 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1465 print_to_screen(" %20s : %s\n",
1466 "", "Workstation trust account");
1467 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1468 print_to_screen(" %20s : %s\n",
1469 "", "Server trust account");
1474 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1476 #endif /*LDAP_DEBUG*/
1478 if (str_value != NULL)
1479 ldap_value_free(str_value);
1480 if (ber_value != NULL)
1481 ldap_value_free_len(ber_value);
1483 (*linklist_current) = linklist_previous;
1487 int moira_connect(void)
1492 if (!mr_connections++)
1495 memset(HostName, '\0', sizeof(HostName));
1496 strcpy(HostName, "ttsp");
1497 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1499 rc = mr_connect(HostName);
1504 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1506 rc = mr_connect(uts.nodename);
1511 rc = mr_auth("winad.incr");
1518 void check_winad(void)
1522 for (i = 0; file_exists(STOP_FILE); i++)
1526 critical_alert("AD incremental",
1527 "WINAD incremental failed (%s exists): %s",
1528 STOP_FILE, tbl_buf);
1535 int moira_disconnect(void)
1538 if (!--mr_connections)
1545 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1546 char *distinguished_name)
1550 CName = ldap_get_dn(ldap_handle, ldap_entry);
1553 strcpy(distinguished_name, CName);
1554 ldap_memfree(CName);
1557 int linklist_create_entry(char *attribute, char *value,
1558 LK_ENTRY **linklist_entry)
1560 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1561 if (!(*linklist_entry))
1565 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1566 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1567 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1568 strcpy((*linklist_entry)->attribute, attribute);
1569 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1570 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1571 strcpy((*linklist_entry)->value, value);
1572 (*linklist_entry)->length = strlen(value);
1573 (*linklist_entry)->next = NULL;
1577 void print_to_screen(const char *fmt, ...)
1581 va_start(pvar, fmt);
1582 vfprintf(stderr, fmt, pvar);
1587 int get_group_membership(char *group_membership, char *group_ou,
1588 int *security_flag, char **av)
1593 maillist_flag = atoi(av[L_MAILLIST]);
1594 group_flag = atoi(av[L_GROUP]);
1595 if (security_flag != NULL)
1596 (*security_flag) = 0;
1598 if ((maillist_flag) && (group_flag))
1600 if (group_membership != NULL)
1601 group_membership[0] = 'B';
1602 if (security_flag != NULL)
1603 (*security_flag) = 1;
1604 if (group_ou != NULL)
1605 strcpy(group_ou, group_ou_both);
1607 else if ((!maillist_flag) && (group_flag))
1609 if (group_membership != NULL)
1610 group_membership[0] = 'S';
1611 if (security_flag != NULL)
1612 (*security_flag) = 1;
1613 if (group_ou != NULL)
1614 strcpy(group_ou, group_ou_security);
1616 else if ((maillist_flag) && (!group_flag))
1618 if (group_membership != NULL)
1619 group_membership[0] = 'D';
1620 if (group_ou != NULL)
1621 strcpy(group_ou, group_ou_distribution);
1625 if (group_membership != NULL)
1626 group_membership[0] = 'N';
1627 if (group_ou != NULL)
1628 strcpy(group_ou, group_ou_neither);
1633 int group_rename(LDAP *ldap_handle, char *dn_path,
1634 char *before_group_name, char *before_group_membership,
1635 char *before_group_ou, int before_security_flag, char *before_desc,
1636 char *after_group_name, char *after_group_membership,
1637 char *after_group_ou, int after_security_flag, char *after_desc,
1638 char *MoiraId, char *filter)
1643 char new_dn_path[512];
1645 char *attr_array[3];
1646 char *mitMoiraId_v[] = {NULL, NULL};
1647 char *name_v[] = {NULL, NULL};
1648 char *desc_v[] = {NULL, NULL};
1649 char *samAccountName_v[] = {NULL, NULL};
1650 char *groupTypeControl_v[] = {NULL, NULL};
1651 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1652 char groupTypeControlStr[80];
1656 LK_ENTRY *group_base;
1659 if (!check_string(before_group_name))
1661 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1662 return(AD_INVALID_NAME);
1664 if (!check_string(after_group_name))
1666 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1667 return(AD_INVALID_NAME);
1672 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1673 before_group_membership,
1674 MoiraId, "distinguishedName", &group_base,
1675 &group_count, filter))
1678 if (group_count == 0)
1680 return(AD_NO_GROUPS_FOUND);
1682 if (group_count != 1)
1685 "multiple groups with MoiraId = %s exist in the AD",
1687 return(AD_MULTIPLE_GROUPS_FOUND);
1689 strcpy(old_dn, group_base->value);
1691 linklist_free(group_base);
1694 attr_array[0] = "sAMAccountName";
1695 attr_array[1] = NULL;
1696 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1697 &group_base, &group_count)) != 0)
1699 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1700 after_group_name, ldap_err2string(rc));
1703 if (group_count != 1)
1706 "Unable to get sAMAccountName for group %s",
1708 return(AD_LDAP_FAILURE);
1711 strcpy(sam_name, group_base->value);
1712 linklist_free(group_base);
1716 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1717 sprintf(new_dn, "cn=%s", after_group_name);
1718 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1719 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1721 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1722 before_group_name, after_group_name, ldap_err2string(rc));
1726 name_v[0] = after_group_name;
1727 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
1729 sprintf(sam_name, "%s_group", after_group_name);
1733 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
1734 before_group_name, after_group_name);
1737 samAccountName_v[0] = sam_name;
1738 if (after_security_flag)
1739 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1740 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1741 groupTypeControl_v[0] = groupTypeControlStr;
1743 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1744 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1745 desc_v[0] = after_desc;
1746 if (strlen(after_desc) == 0)
1748 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1749 mitMoiraId_v[0] = MoiraId;
1750 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1751 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
1753 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1754 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1756 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1757 after_group_name, ldap_err2string(rc));
1759 for (i = 0; i < n; i++)
1764 int group_create(int ac, char **av, void *ptr)
1767 LK_ENTRY *group_base;
1770 char new_group_name[256];
1771 char sam_group_name[256];
1772 char cn_group_name[256];
1773 char *cn_v[] = {NULL, NULL};
1774 char *objectClass_v[] = {"top", "group", NULL};
1776 char *samAccountName_v[] = {NULL, NULL};
1777 char *managedBy_v[] = {NULL, NULL};
1778 char *altSecurityIdentities_v[] = {NULL, NULL};
1779 char *member_v[] = {NULL, NULL};
1780 char *name_v[] = {NULL, NULL};
1781 char *desc_v[] = {NULL, NULL};
1782 char *info_v[] = {NULL, NULL};
1783 char *mitMoiraId_v[] = {NULL, NULL};
1784 char *groupTypeControl_v[] = {NULL, NULL};
1785 char groupTypeControlStr[80];
1786 char group_membership[1];
1789 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1795 char *attr_array[3];
1800 if (!check_string(av[L_NAME]))
1802 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1803 return(AD_INVALID_NAME);
1806 updateGroup = (int)call_args[4];
1807 memset(group_ou, 0, sizeof(group_ou));
1808 memset(group_membership, 0, sizeof(group_membership));
1810 get_group_membership(group_membership, group_ou, &security_flag, av);
1811 strcpy(new_group_name, av[L_NAME]);
1812 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1814 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1816 sprintf(sam_group_name, "%s_group", av[L_NAME]);
1821 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1822 groupTypeControl_v[0] = groupTypeControlStr;
1824 strcpy(cn_group_name, av[L_NAME]);
1826 samAccountName_v[0] = sam_group_name;
1827 name_v[0] = new_group_name;
1828 cn_v[0] = new_group_name;
1831 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1832 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1833 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1834 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1835 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1836 if (strlen(av[L_DESC]) != 0)
1838 desc_v[0] = av[L_DESC];
1839 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1841 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1842 if (strlen(av[L_ACE_NAME]) != 0)
1844 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1846 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1848 if (strlen(call_args[5]) != 0)
1850 mitMoiraId_v[0] = call_args[5];
1851 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
1855 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1857 for (i = 0; i < n; i++)
1859 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1861 com_err(whoami, 0, "Unable to create/update list %s in AD : %s",
1862 av[L_NAME], ldap_err2string(rc));
1867 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
1871 if (strlen(av[L_DESC]) != 0)
1872 desc_v[0] = av[L_DESC];
1873 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1875 if (strlen(av[L_ACE_NAME]) != 0)
1877 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
1880 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
1881 if (strlen(call_args[5]) != 0)
1883 mitMoiraId_v[0] = call_args[5];
1884 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1886 if (!(atoi(av[L_ACTIVE])))
1889 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
1892 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
1893 for (i = 0; i < n; i++)
1897 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
1898 if (strlen(call_args[5]) != 0)
1899 sprintf(filter, "(&(objectClass=group) (mitMoiraId=%s))", call_args[5]);
1900 attr_array[0] = "objectSid";
1901 attr_array[1] = NULL;
1904 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
1905 &group_base, &group_count)) == LDAP_SUCCESS)
1907 if (group_count != 1)
1909 if (strlen(call_args[5]) != 0)
1911 linklist_free(group_base);
1914 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
1915 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
1916 attr_array, &group_base, &group_count);
1919 if (group_count == 1)
1921 (*sid_ptr) = group_base;
1922 (*sid_ptr)->member = strdup(av[L_NAME]);
1923 (*sid_ptr)->type = (char *)GROUPS;
1924 sid_ptr = &(*sid_ptr)->next;
1928 if (group_base != NULL)
1929 linklist_free(group_base);
1934 if (group_base != NULL)
1935 linklist_free(group_base);
1937 return(LDAP_SUCCESS);
1940 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
1941 char *group_membership, char *MoiraId)
1943 LK_ENTRY *group_base;
1949 if (!check_string(group_name))
1951 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
1952 return(AD_INVALID_NAME);
1955 memset(filter, '\0', sizeof(filter));
1958 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1959 if (rc = ad_get_group(ldap_handle, temp, group_name,
1960 group_membership, MoiraId,
1961 "distinguishedName", &group_base,
1962 &group_count, filter))
1965 if (group_count == 1)
1967 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1969 linklist_free(group_base);
1970 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
1971 group_name, ldap_err2string(rc));
1974 linklist_free(group_base);
1978 linklist_free(group_base);
1979 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
1980 return(AD_NO_GROUPS_FOUND);
1986 int process_lists(int ac, char **av, void *ptr)
1991 char group_membership[2];
1997 memset(group_ou, '\0', sizeof(group_ou));
1998 memset(group_membership, '\0', sizeof(group_membership));
1999 get_group_membership(group_membership, group_ou, &security_flag, av);
2000 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2001 group_ou, group_membership, call_args[2],
2002 (char *)call_args[3], "");
2006 int member_list_build(int ac, char **av, void *ptr)
2014 strcpy(temp, av[ACE_NAME]);
2015 if (!check_string(temp))
2017 if (!strcmp(av[ACE_TYPE], "USER"))
2019 if (!((int)call_args[3] & MOIRA_USERS))
2022 else if (!strcmp(av[ACE_TYPE], "STRING"))
2024 if (!((int)call_args[3] & MOIRA_STRINGS))
2026 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2029 else if (!strcmp(av[ACE_TYPE], "LIST"))
2031 if (!((int)call_args[3] & MOIRA_LISTS))
2034 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2036 if (!((int)call_args[3] & MOIRA_KERBEROS))
2038 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2044 linklist = member_base;
2047 if (!strcasecmp(temp, linklist->member))
2049 linklist = linklist->next;
2051 linklist = calloc(1, sizeof(LK_ENTRY));
2053 linklist->dn = NULL;
2054 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2055 strcpy(linklist->list, call_args[2]);
2056 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2057 strcpy(linklist->type, av[ACE_TYPE]);
2058 linklist->member = calloc(1, strlen(temp) + 1);
2059 strcpy(linklist->member, temp);
2060 linklist->next = member_base;
2061 member_base = linklist;
2065 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2066 char *group_ou, char *group_membership, char *user_name,
2067 char *UserOu, char *MoiraId)
2069 char distinguished_name[1024];
2077 LK_ENTRY *group_base;
2080 if (!check_string(group_name))
2081 return(AD_INVALID_NAME);
2083 memset(filter, '\0', sizeof(filter));
2086 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2087 group_membership, MoiraId,
2088 "distinguishedName", &group_base,
2089 &group_count, filter))
2092 if (group_count != 1)
2094 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2096 linklist_free(group_base);
2101 strcpy(distinguished_name, group_base->value);
2102 linklist_free(group_base);
2106 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2107 modvalues[0] = temp;
2108 modvalues[1] = NULL;
2111 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2113 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2114 for (i = 0; i < n; i++)
2116 if ((!strcmp(UserOu, kerberos_ou)) || (!strcmp(UserOu, contact_ou)))
2118 if (rc == LDAP_UNWILLING_TO_PERFORM)
2121 if (rc != LDAP_SUCCESS)
2123 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2124 group_name, ldap_err2string(rc));
2132 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2133 char *group_ou, char *group_membership, char *user_name,
2134 char *UserOu, char *MoiraId)
2136 char distinguished_name[1024];
2144 LK_ENTRY *group_base;
2147 if (!check_string(group_name))
2148 return(AD_INVALID_NAME);
2151 memset(filter, '\0', sizeof(filter));
2154 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2155 group_membership, MoiraId,
2156 "distinguishedName", &group_base,
2157 &group_count, filter))
2160 if (group_count != 1)
2162 linklist_free(group_base);
2165 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2167 return(AD_MULTIPLE_GROUPS_FOUND);
2170 strcpy(distinguished_name, group_base->value);
2171 linklist_free(group_base);
2175 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2176 modvalues[0] = temp;
2177 modvalues[1] = NULL;
2180 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2182 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2183 if (rc == LDAP_ALREADY_EXISTS)
2185 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2187 if (rc == LDAP_UNWILLING_TO_PERFORM)
2190 for (i = 0; i < n; i++)
2192 if (rc != LDAP_SUCCESS)
2194 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2195 user_name, group_name, ldap_err2string(rc));
2201 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2205 char cn_user_name[256];
2206 char contact_name[256];
2207 char *email_v[] = {NULL, NULL};
2208 char *cn_v[] = {NULL, NULL};
2209 char *contact_v[] = {NULL, NULL};
2210 char *objectClass_v[] = {"top", "person",
2211 "organizationalPerson",
2213 char *name_v[] = {NULL, NULL};
2214 char *desc_v[] = {NULL, NULL};
2219 if (!check_string(user))
2221 com_err(whoami, 0, "invalid LDAP name %s", user);
2222 return(AD_INVALID_NAME);
2224 strcpy(contact_name, user);
2225 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2226 cn_v[0] = cn_user_name;
2227 contact_v[0] = contact_name;
2229 desc_v[0] = "Auto account created by Moira";
2232 strcpy(new_dn, cn_user_name);
2234 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2235 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2236 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2237 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2238 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2239 if (!strcmp(group_ou, contact_ou))
2241 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2245 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2246 for (i = 0; i < n; i++)
2248 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2251 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2252 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2253 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2254 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2255 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2257 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2258 for (i = 0; i < n; i++)
2261 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2263 com_err(whoami, 0, "could not create contact %s : %s",
2264 user, ldap_err2string(rc));
2270 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2271 char *Uid, char *MitId, char *MoiraId, int State)
2274 LK_ENTRY *group_base;
2276 char distinguished_name[256];
2277 char *mitMoiraId_v[] = {NULL, NULL};
2278 char *uid_v[] = {NULL, NULL};
2279 char *mitid_v[] = {NULL, NULL};
2280 char *homedir_v[] = {NULL, NULL};
2281 char *winProfile_v[] = {NULL, NULL};
2282 char *drives_v[] = {NULL, NULL};
2283 char *userAccountControl_v[] = {NULL, NULL};
2284 char userAccountControlStr[80];
2288 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2290 char *attr_array[3];
2295 char winProfile[256];
2297 if (!check_string(user_name))
2299 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2300 return(AD_INVALID_NAME);
2306 if (strlen(MoiraId) != 0)
2308 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2309 attr_array[0] = "cn";
2310 attr_array[1] = NULL;
2311 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2312 &group_base, &group_count)) != 0)
2314 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2315 user_name, ldap_err2string(rc));
2319 if (group_count != 1)
2321 linklist_free(group_base);
2324 sprintf(filter, "(sAMAccountName=%s)", user_name);
2325 attr_array[0] = "cn";
2326 attr_array[1] = NULL;
2327 sprintf(temp, "%s,%s", user_ou, dn_path);
2328 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2329 &group_base, &group_count)) != 0)
2331 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2332 user_name, ldap_err2string(rc));
2337 if (group_count != 1)
2339 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2341 linklist_free(group_base);
2342 return(AD_NO_USER_FOUND);
2344 strcpy(distinguished_name, group_base->dn);
2346 linklist_free(group_base);
2349 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2351 memset(path, 0, sizeof(path));
2352 memset(winPath, 0, sizeof(winPath));
2353 sscanf(hp[0], "%*s %s", path);
2354 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2356 AfsToWinAfs(path, winPath);
2357 homedir_v[0] = winPath;
2358 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2359 strcpy(winProfile, winPath);
2360 strcat(winProfile, "\\.winprofile");
2361 winProfile_v[0] = winProfile;
2362 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2364 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2368 if (strlen(Uid) == 0)
2370 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2371 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2373 if (strlen(MitId) == 0)
2375 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2376 mitMoiraId_v[0] = MoiraId;
2377 if (strlen(MoiraId) == 0)
2378 mitMoiraId_v[0] = NULL;
2379 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2380 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2381 userAccountControl |= UF_ACCOUNTDISABLE;
2382 sprintf(userAccountControlStr, "%ld", userAccountControl);
2383 userAccountControl_v[0] = userAccountControlStr;
2384 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2386 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2388 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2389 user_name, ldap_err2string(rc));
2391 for (i = 0; i < n; i++)
2407 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2415 char *userPrincipalName_v[] = {NULL, NULL};
2416 char *altSecurityIdentities_v[] = {NULL, NULL};
2417 char *name_v[] = {NULL, NULL};
2418 char *samAccountName_v[] = {NULL, NULL};
2423 if (!check_string(before_user_name))
2425 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2426 return(AD_INVALID_NAME);
2428 if (!check_string(user_name))
2430 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2431 return(AD_INVALID_NAME);
2434 strcpy(user_name, user_name);
2435 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2436 sprintf(new_dn, "cn=%s", user_name);
2437 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2438 NULL, NULL)) != LDAP_SUCCESS)
2440 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2441 before_user_name, user_name, ldap_err2string(rc));
2445 name_v[0] = user_name;
2446 sprintf(upn, "%s@%s", user_name, ldap_domain);
2447 userPrincipalName_v[0] = upn;
2448 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2449 altSecurityIdentities_v[0] = temp;
2450 samAccountName_v[0] = user_name;
2453 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2454 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2455 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2456 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2458 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2459 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2461 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2462 user_name, ldap_err2string(rc));
2464 for (i = 0; i < n; i++)
2469 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2470 char *fs_type, char *fs_pack, int operation)
2472 char distinguished_name[256];
2474 char winProfile[256];
2476 char *attr_array[3];
2477 char *homedir_v[] = {NULL, NULL};
2478 char *winProfile_v[] = {NULL, NULL};
2479 char *drives_v[] = {NULL, NULL};
2485 LK_ENTRY *group_base;
2487 if (!check_string(fs_name))
2489 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2490 return(AD_INVALID_NAME);
2493 if (strcmp(fs_type, "AFS"))
2495 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2496 return(AD_INVALID_FILESYS);
2501 sprintf(filter, "(sAMAccountName=%s)", fs_name);
2502 attr_array[0] = "cn";
2503 attr_array[1] = NULL;
2504 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2505 &group_base, &group_count)) != 0)
2507 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2508 fs_name, ldap_err2string(rc));
2512 if (group_count != 1)
2514 linklist_free(group_base);
2515 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2517 return(LDAP_NO_SUCH_OBJECT);
2519 strcpy(distinguished_name, group_base->dn);
2520 linklist_free(group_base);
2524 if (operation == LDAP_MOD_ADD)
2526 memset(winPath, 0, sizeof(winPath));
2527 AfsToWinAfs(fs_pack, winPath);
2528 homedir_v[0] = winPath;
2530 memset(winProfile, 0, sizeof(winProfile));
2531 strcpy(winProfile, winPath);
2532 strcat(winProfile, "\\.winprofile");
2533 winProfile_v[0] = winProfile;
2537 homedir_v[0] = NULL;
2539 winProfile_v[0] = NULL;
2541 ADD_ATTR("profilePath", winProfile_v, operation);
2542 ADD_ATTR("homeDrive", drives_v, operation);
2543 ADD_ATTR("homeDirectory", homedir_v, operation);
2546 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2547 if (rc != LDAP_SUCCESS)
2549 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2550 fs_name, ldap_err2string(rc));
2552 for (i = 0; i < n; i++)
2558 int user_create(int ac, char **av, void *ptr)
2560 LK_ENTRY *group_base;
2563 char user_name[256];
2566 char *cn_v[] = {NULL, NULL};
2567 char *objectClass_v[] = {"top", "person",
2568 "organizationalPerson",
2571 char *samAccountName_v[] = {NULL, NULL};
2572 char *altSecurityIdentities_v[] = {NULL, NULL};
2573 char *mitMoiraId_v[] = {NULL, NULL};
2574 char *name_v[] = {NULL, NULL};
2575 char *desc_v[] = {NULL, NULL};
2576 char *userPrincipalName_v[] = {NULL, NULL};
2577 char *userAccountControl_v[] = {NULL, NULL};
2578 char *uid_v[] = {NULL, NULL};
2579 char *mitid_v[] = {NULL, NULL};
2580 char userAccountControlStr[80];
2582 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2588 char *attr_array[3];
2593 if (!check_string(av[U_NAME]))
2595 callback_rc = AD_INVALID_NAME;
2596 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2597 return(AD_INVALID_NAME);
2600 strcpy(user_name, av[U_NAME]);
2601 sprintf(upn, "%s@%s", user_name, ldap_domain);
2602 sprintf(sam_name, "%s", av[U_NAME]);
2603 samAccountName_v[0] = sam_name;
2604 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
2605 userAccountControl |= UF_ACCOUNTDISABLE;
2606 sprintf(userAccountControlStr, "%ld", userAccountControl);
2607 userAccountControl_v[0] = userAccountControlStr;
2608 userPrincipalName_v[0] = upn;
2610 cn_v[0] = user_name;
2611 name_v[0] = user_name;
2612 desc_v[0] = "Auto account created by Moira";
2613 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2614 altSecurityIdentities_v[0] = temp;
2615 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2618 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2619 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2620 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2621 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2622 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2623 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2624 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2625 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2626 if (strlen(call_args[2]) != 0)
2628 mitMoiraId_v[0] = call_args[2];
2629 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2631 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2632 if (strlen(av[U_UID]) != 0)
2634 uid_v[0] = av[U_UID];
2635 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2636 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2638 if (strlen(av[U_MITID]) != 0)
2639 mitid_v[0] = av[U_MITID];
2641 mitid_v[0] = "none";
2642 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2645 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2646 for (i = 0; i < n; i++)
2648 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2650 com_err(whoami, 0, "could not create user %s : %s",
2651 user_name, ldap_err2string(rc));
2655 if (rc == LDAP_SUCCESS)
2657 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2659 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2663 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2664 if (strlen(call_args[2]) != 0)
2665 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
2666 attr_array[0] = "objectSid";
2667 attr_array[1] = NULL;
2670 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2671 &group_base, &group_count)) == LDAP_SUCCESS)
2673 if (group_count != 1)
2675 if (strlen(call_args[2]) != 0)
2677 linklist_free(group_base);
2680 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
2681 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2682 attr_array, &group_base, &group_count);
2685 if (group_count == 1)
2687 (*sid_ptr) = group_base;
2688 (*sid_ptr)->member = strdup(av[U_NAME]);
2689 (*sid_ptr)->type = (char *)GROUPS;
2690 sid_ptr = &(*sid_ptr)->next;
2694 if (group_base != NULL)
2695 linklist_free(group_base);
2700 if (group_base != NULL)
2701 linklist_free(group_base);
2706 int user_change_status(LDAP *ldap_handle, char *dn_path,
2707 char *user_name, char *MoiraId,
2711 char *attr_array[3];
2713 char distinguished_name[1024];
2715 char *mitMoiraId_v[] = {NULL, NULL};
2717 LK_ENTRY *group_base;
2724 if (!check_string(user_name))
2726 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2727 return(AD_INVALID_NAME);
2733 if (strlen(MoiraId) != 0)
2735 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2736 attr_array[0] = "UserAccountControl";
2737 attr_array[1] = NULL;
2738 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2739 &group_base, &group_count)) != 0)
2741 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2742 user_name, ldap_err2string(rc));
2746 if (group_count != 1)
2748 linklist_free(group_base);
2751 sprintf(filter, "(sAMAccountName=%s)", user_name);
2752 attr_array[0] = "UserAccountControl";
2753 attr_array[1] = NULL;
2754 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2755 &group_base, &group_count)) != 0)
2757 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2758 user_name, ldap_err2string(rc));
2763 if (group_count != 1)
2765 linklist_free(group_base);
2766 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2768 return(LDAP_NO_SUCH_OBJECT);
2771 strcpy(distinguished_name, group_base->dn);
2772 ulongValue = atoi((*group_base).value);
2773 if (operation == MEMBER_DEACTIVATE)
2774 ulongValue |= UF_ACCOUNTDISABLE;
2776 ulongValue &= ~UF_ACCOUNTDISABLE;
2777 sprintf(temp, "%ld", ulongValue);
2778 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2779 temp, &modvalues, REPLACE)) == 1)
2781 linklist_free(group_base);
2785 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2786 if (strlen(MoiraId) != 0)
2788 mitMoiraId_v[0] = MoiraId;
2789 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2792 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2793 for (i = 0; i < n; i++)
2795 free_values(modvalues);
2796 if (rc != LDAP_SUCCESS)
2798 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2799 user_name, ldap_err2string(rc));
2805 int user_delete(LDAP *ldap_handle, char *dn_path,
2806 char *u_name, char *MoiraId)
2809 char *attr_array[3];
2810 char distinguished_name[1024];
2811 char user_name[512];
2812 LK_ENTRY *group_base;
2816 if (!check_string(u_name))
2817 return(AD_INVALID_NAME);
2819 strcpy(user_name, u_name);
2823 if (strlen(MoiraId) != 0)
2825 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2826 attr_array[0] = "name";
2827 attr_array[1] = NULL;
2828 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2829 &group_base, &group_count)) != 0)
2831 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2832 user_name, ldap_err2string(rc));
2836 if (group_count != 1)
2838 linklist_free(group_base);
2841 sprintf(filter, "(sAMAccountName=%s)", user_name);
2842 attr_array[0] = "name";
2843 attr_array[1] = NULL;
2844 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2845 &group_base, &group_count)) != 0)
2847 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2848 user_name, ldap_err2string(rc));
2853 if (group_count != 1)
2855 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2860 strcpy(distinguished_name, group_base->dn);
2861 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2863 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2864 user_name, ldap_err2string(rc));
2868 linklist_free(group_base);
2872 void linklist_free(LK_ENTRY *linklist_base)
2874 LK_ENTRY *linklist_previous;
2876 while (linklist_base != NULL)
2878 if (linklist_base->dn != NULL)
2879 free(linklist_base->dn);
2880 if (linklist_base->attribute != NULL)
2881 free(linklist_base->attribute);
2882 if (linklist_base->value != NULL)
2883 free(linklist_base->value);
2884 if (linklist_base->member != NULL)
2885 free(linklist_base->member);
2886 if (linklist_base->type != NULL)
2887 free(linklist_base->type);
2888 if (linklist_base->list != NULL)
2889 free(linklist_base->list);
2890 linklist_previous = linklist_base;
2891 linklist_base = linklist_previous->next;
2892 free(linklist_previous);
2896 void free_values(char **modvalues)
2901 if (modvalues != NULL)
2903 while (modvalues[i] != NULL)
2906 modvalues[i] = NULL;
2913 int sid_update(LDAP *ldap_handle, char *dn_path)
2917 unsigned char temp[126];
2924 memset(temp, 0, sizeof(temp));
2925 convert_b_to_a(temp, ptr->value, ptr->length);
2928 av[0] = ptr->member;
2930 if (ptr->type == (char *)GROUPS)
2933 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2935 else if (ptr->type == (char *)USERS)
2938 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2945 void convert_b_to_a(char *string, UCHAR *binary, int length)
2952 for (i = 0; i < length; i++)
2959 if (string[j] > '9')
2962 string[j] = tmp & 0x0f;
2964 if (string[j] > '9')
2971 static int illegalchars[] = {
2972 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2973 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2974 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2975 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2976 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2977 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2978 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2979 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2980 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2981 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2982 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2983 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2984 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2985 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2986 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2987 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2990 int check_string(char *s)
2997 if (isupper(character))
2998 character = tolower(character);
2999 if (illegalchars[(unsigned) character])
3005 int mr_connect_cl(char *server, char *client, int version, int auth)
3011 status = mr_connect(server);
3014 com_err(whoami, status, "while connecting to Moira");
3018 status = mr_motd(&motd);
3022 com_err(whoami, status, "while checking server status");
3027 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3028 com_err(whoami, status, temp);
3033 status = mr_version(version);
3036 if (status == MR_UNKNOWN_PROC)
3039 status = MR_VERSION_HIGH;
3041 status = MR_SUCCESS;
3044 if (status == MR_VERSION_HIGH)
3046 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3047 com_err(whoami, 0, "Some operations may not work.");
3049 else if (status && status != MR_VERSION_LOW)
3051 com_err(whoami, status, "while setting query version number.");
3059 status = mr_auth(client);
3062 com_err(whoami, status, "while authenticating to Moira.");
3071 void AfsToWinAfs(char* path, char* winPath)
3075 strcpy(winPath, WINAFS);
3076 pathPtr = path + strlen(AFS);
3077 winPathPtr = winPath + strlen(WINAFS);
3081 if (*pathPtr == '/')
3084 *winPathPtr = *pathPtr;
3091 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3092 char *group_name, char *group_ou, char *group_membership,
3093 int group_security_flag, int updateGroup)
3100 call_args[0] = (char *)ldap_handle;
3101 call_args[1] = dn_path;
3102 call_args[2] = group_name;
3103 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3104 call_args[4] = (char *)updateGroup;
3105 call_args[5] = MoiraId;
3106 call_args[6] = NULL;
3108 sid_ptr = &sid_base;
3110 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3113 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3119 com_err(whoami, 0, "Couldn't create list %s", group_name);
3120 return(callback_rc);
3123 if (sid_base != NULL)
3125 sid_update(ldap_handle, dn_path);
3126 linklist_free(sid_base);
3132 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3133 char *group_ou, char *group_membership,
3134 int group_security_flag, char *MoiraId)
3142 com_err(whoami, 0, "Populating group %s", group_name);
3144 call_args[0] = (char *)ldap_handle;
3145 call_args[1] = dn_path;
3146 call_args[2] = group_name;
3147 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3148 call_args[4] = NULL;
3150 if (rc = mr_query("get_end_members_of_list", 1, av,
3151 member_list_build, call_args))
3153 com_err(whoami, 0, "Couldn't populate list %s : %s",
3154 group_name, error_message(rc));
3157 if (member_base != NULL)
3162 if (!strcasecmp(ptr->type, "LIST"))
3168 if (!strcasecmp(ptr->type, "STRING"))
3170 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3172 pUserOu = contact_ou;
3174 else if (!strcasecmp(ptr->type, "KERBEROS"))
3176 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3178 pUserOu = kerberos_ou;
3180 rc = member_add(ldap_handle, dn_path, group_name,
3181 group_ou, group_membership, ptr->member,
3185 linklist_free(member_base);
3191 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3192 char *group_name, char *group_ou, char *group_membership,
3193 int group_security_flag, int type)
3195 char before_desc[512];
3196 char before_name[256];
3197 char before_group_ou[256];
3198 char before_group_membership[2];
3199 char distinguishedName[256];
3200 char ad_distinguishedName[256];
3202 char *attr_array[3];
3203 int before_security_flag;
3206 LK_ENTRY *group_base;
3209 char ou_security[512];
3210 char ou_distribution[512];
3211 char ou_neither[512];
3213 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3214 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3217 memset(filter, '\0', sizeof(filter));
3220 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3222 "distinguishedName", &group_base,
3223 &group_count, filter))
3226 if (type == CHECK_GROUPS)
3228 if (group_count == 1)
3230 if (!strcasecmp(group_base->value, distinguishedName))
3232 linklist_free(group_base);
3236 linklist_free(group_base);
3237 if (group_count == 0)
3238 return(AD_NO_GROUPS_FOUND);
3239 if (group_count == 1)
3240 return(AD_WRONG_GROUP_DN_FOUND);
3241 return(AD_MULTIPLE_GROUPS_FOUND);
3243 if (group_count == 0)
3245 return(AD_NO_GROUPS_FOUND);
3247 if (group_count > 1)
3252 if (!strcasecmp(distinguishedName, ptr->value))
3258 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3262 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3265 linklist_free(group_base);
3266 return(AD_MULTIPLE_GROUPS_FOUND);
3271 if (strcasecmp(distinguishedName, ptr->value))
3272 rc = ldap_delete_s(ldap_handle, ptr->value);
3275 linklist_free(group_base);
3276 memset(filter, '\0', sizeof(filter));
3279 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3281 "distinguishedName", &group_base,
3282 &group_count, filter))
3284 if (group_count == 0)
3285 return(AD_NO_GROUPS_FOUND);
3286 if (group_count > 1)
3287 return(AD_MULTIPLE_GROUPS_FOUND);
3290 strcpy(ad_distinguishedName, group_base->value);
3291 linklist_free(group_base);
3295 attr_array[0] = "sAMAccountName";
3296 attr_array[1] = NULL;
3297 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3298 &group_base, &group_count)) != 0)
3300 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3301 MoiraId, ldap_err2string(rc));
3304 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3306 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3308 linklist_free(group_base);
3313 linklist_free(group_base);
3316 memset(ou_both, '\0', sizeof(ou_both));
3317 memset(ou_security, '\0', sizeof(ou_security));
3318 memset(ou_distribution, '\0', sizeof(ou_distribution));
3319 memset(ou_neither, '\0', sizeof(ou_neither));
3320 memset(before_name, '\0', sizeof(before_name));
3321 memset(before_desc, '\0', sizeof(before_desc));
3322 memset(before_group_membership, '\0', sizeof(before_group_membership));
3323 attr_array[0] = "name";
3324 attr_array[1] = NULL;
3325 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3326 &group_base, &group_count)) != 0)
3328 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
3329 MoiraId, ldap_err2string(rc));
3332 strcpy(before_name, group_base->value);
3333 linklist_free(group_base);
3336 attr_array[0] = "description";
3337 attr_array[1] = NULL;
3338 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3339 &group_base, &group_count)) != 0)
3342 "LDAP server unable to get list description with MoiraId = %s: %s",
3343 MoiraId, ldap_err2string(rc));
3346 if (group_count != 0)
3348 strcpy(before_desc, group_base->value);
3349 linklist_free(group_base);
3353 change_to_lower_case(ad_distinguishedName);
3354 strcpy(ou_both, group_ou_both);
3355 change_to_lower_case(ou_both);
3356 strcpy(ou_security, group_ou_security);
3357 change_to_lower_case(ou_security);
3358 strcpy(ou_distribution, group_ou_distribution);
3359 change_to_lower_case(ou_distribution);
3360 strcpy(ou_neither, group_ou_neither);
3361 change_to_lower_case(ou_neither);
3362 if (strstr(ad_distinguishedName, ou_both))
3364 strcpy(before_group_ou, group_ou_both);
3365 before_group_membership[0] = 'B';
3366 before_security_flag = 1;
3368 else if (strstr(ad_distinguishedName, ou_security))
3370 strcpy(before_group_ou, group_ou_security);
3371 before_group_membership[0] = 'S';
3372 before_security_flag = 1;
3374 else if (strstr(ad_distinguishedName, ou_distribution))
3376 strcpy(before_group_ou, group_ou_distribution);
3377 before_group_membership[0] = 'D';
3378 before_security_flag = 0;
3380 else if (strstr(ad_distinguishedName, ou_neither))
3382 strcpy(before_group_ou, group_ou_neither);
3383 before_group_membership[0] = 'N';
3384 before_security_flag = 0;
3387 return(AD_NO_OU_FOUND);
3388 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3389 before_group_ou, before_security_flag, before_desc,
3390 group_name, group_membership, group_ou, group_security_flag,
3391 before_desc, MoiraId, filter);
3395 void change_to_lower_case(char *ptr)
3399 for (i = 0; i < (int)strlen(ptr); i++)
3401 ptr[i] = tolower(ptr[i]);
3405 int ad_get_group(LDAP *ldap_handle, char *dn_path,
3406 char *group_name, char *group_membership,
3407 char *MoiraId, char *attribute,
3408 LK_ENTRY **linklist_base, int *linklist_count,
3413 char *attr_array[3];
3416 (*linklist_base) = NULL;
3417 (*linklist_count) = 0;
3418 if (strlen(rFilter) != 0)
3420 strcpy(filter, rFilter);
3421 attr_array[0] = attribute;
3422 attr_array[1] = NULL;
3423 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3424 linklist_base, linklist_count)) != 0)
3426 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3427 MoiraId, ldap_err2string(rc));
3430 if ((*linklist_count) == 1)
3432 strcpy(rFilter, filter);
3437 linklist_free((*linklist_base));
3438 (*linklist_base) = NULL;
3439 (*linklist_count) = 0;
3440 if (strlen(MoiraId) != 0)
3442 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
3443 attr_array[0] = attribute;
3444 attr_array[1] = NULL;
3445 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3446 linklist_base, linklist_count)) != 0)
3448 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3449 MoiraId, ldap_err2string(rc));
3453 if ((*linklist_count) > 1)
3455 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
3456 pPtr = (*linklist_base);
3459 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
3462 linklist_free((*linklist_base));
3463 (*linklist_base) = NULL;
3464 (*linklist_count) = 0;
3466 if ((*linklist_count) == 1)
3468 strcpy(rFilter, filter);
3472 linklist_free((*linklist_base));
3473 (*linklist_base) = NULL;
3474 (*linklist_count) = 0;
3475 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
3476 attr_array[0] = attribute;
3477 attr_array[1] = NULL;
3478 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3479 linklist_base, linklist_count)) != 0)
3481 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
3482 MoiraId, ldap_err2string(rc));
3485 if ((*linklist_count) == 1)
3487 strcpy(rFilter, filter);
3494 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
3497 char *attr_array[3];
3498 char SamAccountName[64];
3501 LK_ENTRY *group_base;
3507 if (strlen(MoiraId) != 0)
3509 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3510 attr_array[0] = "sAMAccountName";
3511 attr_array[1] = NULL;
3512 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3513 &group_base, &group_count)) != 0)
3515 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3516 UserName, ldap_err2string(rc));
3519 if (group_count > 1)
3521 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
3526 com_err(whoami, 0, "user %s exist with MoiraId = %s",
3527 gPtr->value, MoiraId);
3532 if (group_count != 1)
3534 linklist_free(group_base);
3537 sprintf(filter, "(sAMAccountName=%s)", UserName);
3538 attr_array[0] = "sAMAccountName";
3539 attr_array[1] = NULL;
3540 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3541 &group_base, &group_count)) != 0)
3543 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3544 UserName, ldap_err2string(rc));
3549 if (group_count != 1)
3551 linklist_free(group_base);
3552 return(AD_NO_USER_FOUND);
3554 strcpy(SamAccountName, group_base->value);
3555 linklist_free(group_base);
3558 if (strcmp(SamAccountName, UserName))
3560 rc = user_rename(ldap_handle, dn_path, SamAccountName,