2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
124 #define ECONNABORTED WSAECONNABORTED
127 #define ECONNREFUSED WSAECONNREFUSED
130 #define EHOSTUNREACH WSAEHOSTUNREACH
132 #define krb5_xfree free
134 #define sleep(A) Sleep(A * 1000);
138 #include <sys/types.h>
139 #include <netinet/in.h>
140 #include <arpa/nameser.h>
142 #include <sys/utsname.h>
145 #define WINADCFG "/moira/winad/winad.cfg"
146 #define strnicmp(A,B,C) strncasecmp(A,B,C)
147 #define UCHAR unsigned char
149 #define UF_SCRIPT 0x0001
150 #define UF_ACCOUNTDISABLE 0x0002
151 #define UF_HOMEDIR_REQUIRED 0x0008
152 #define UF_LOCKOUT 0x0010
153 #define UF_PASSWD_NOTREQD 0x0020
154 #define UF_PASSWD_CANT_CHANGE 0x0040
155 #define UF_DONT_EXPIRE_PASSWD 0x10000
157 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
158 #define UF_NORMAL_ACCOUNT 0x0200
159 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
160 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
161 #define UF_SERVER_TRUST_ACCOUNT 0x2000
163 #define OWNER_SECURITY_INFORMATION (0x00000001L)
164 #define GROUP_SECURITY_INFORMATION (0x00000002L)
165 #define DACL_SECURITY_INFORMATION (0x00000004L)
166 #define SACL_SECURITY_INFORMATION (0x00000008L)
169 #define BYTE unsigned char
171 typedef unsigned int DWORD;
172 typedef unsigned long ULONG;
177 unsigned short Data2;
178 unsigned short Data3;
179 unsigned char Data4[8];
182 typedef struct _SID_IDENTIFIER_AUTHORITY {
184 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
186 typedef struct _SID {
188 BYTE SubAuthorityCount;
189 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
190 DWORD SubAuthority[512];
195 #define WINADCFG "winad.cfg"
199 #define WINAFS "\\\\afs\\all\\"
201 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
202 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
204 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
205 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
207 #define QUERY_VERSION -1
208 #define PRIMARY_REALM "ATHENA.MIT.EDU"
217 #define MEMBER_REMOVE 2
218 #define MEMBER_CHANGE_NAME 3
219 #define MEMBER_ACTIVATE 4
220 #define MEMBER_DEACTIVATE 5
221 #define MEMBER_CREATE 6
223 #define MOIRA_ALL 0x0
224 #define MOIRA_USERS 0x1
225 #define MOIRA_KERBEROS 0x2
226 #define MOIRA_STRINGS 0x4
227 #define MOIRA_LISTS 0x8
229 #define CHECK_GROUPS 1
230 #define CLEANUP_GROUPS 2
232 #define AD_NO_GROUPS_FOUND -1
233 #define AD_WRONG_GROUP_DN_FOUND -2
234 #define AD_MULTIPLE_GROUPS_FOUND -3
235 #define AD_INVALID_NAME -4
236 #define AD_LDAP_FAILURE -5
237 #define AD_INVALID_FILESYS -6
238 #define AD_NO_ATTRIBUTE_FOUND -7
239 #define AD_NO_OU_FOUND -8
240 #define AD_NO_USER_FOUND -9
242 /* container arguments */
243 #define CONTAINER_NAME 0
244 #define CONTAINER_DESC 1
245 #define CONTAINER_LOCATION 2
246 #define CONTAINER_CONTACT 3
247 #define CONTAINER_TYPE 4
248 #define CONTAINER_ID 5
249 #define CONTAINER_ROWID 6
250 #define CONTAINER_GROUP_NAME 7
252 /*mcntmap arguments*/
253 #define OU_MACHINE_NAME 0
254 #define OU_CONTAINER_NAME 1
255 #define OU_MACHINE_ID 2
256 #define OU_CONTAINER_ID 3
257 #define OU_CONTAINER_GROUP 4
259 typedef struct lk_entry {
269 struct lk_entry *next;
272 #define STOP_FILE "/moira/winad/nowinad"
273 #define file_exists(file) (access((file), F_OK) == 0)
275 #define N_SD_BER_BYTES 5
276 #define LDAP_BERVAL struct berval
277 #define MAX_SERVER_NAMES 32
279 #define HIDDEN_GROUP "HiddenGroup.g"
280 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
281 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
282 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
284 #define ADD_ATTR(t, v, o) \
285 mods[n] = malloc(sizeof(LDAPMod)); \
286 mods[n]->mod_op = o; \
287 mods[n]->mod_type = t; \
288 mods[n++]->mod_values = v
290 #define DEL_ATTR(t, o) \
291 DelMods[i] = malloc(sizeof(LDAPMod)); \
292 DelMods[i]->mod_op = o; \
293 DelMods[i]->mod_type = t; \
294 DelMods[i++]->mod_values = NULL
296 #define DOMAIN_SUFFIX "MIT.EDU"
297 #define DOMAIN "DOMAIN: "
298 #define SERVER "SERVER: "
299 #define MSSFU "SFU: "
302 LK_ENTRY *member_base = NULL;
303 LK_ENTRY *sid_base = NULL;
304 LK_ENTRY **sid_ptr = NULL;
305 static char tbl_buf[1024];
306 char kerberos_ou[] = "OU=kerberos,OU=moira";
307 char contact_ou[] = "OU=strings,OU=moira";
308 char user_ou[] = "OU=users,OU=moira";
309 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
310 char group_ou_root[] = "OU=lists,OU=moira";
311 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
312 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
313 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
314 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
315 char orphans_other_ou[] = "OU=Other,OU=Orphans";
316 char security_template_ou[] = "OU=security_templates";
318 char ldap_domain[256];
319 char *ServerList[MAX_SERVER_NAMES];
320 int mr_connections = 0;
322 char default_server[256];
323 static char tbl_buf[1024];
326 extern int set_password(char *user, char *password, char *domain);
328 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
329 char *group_membership, char *MoiraId, char *attribute,
330 LK_ENTRY **linklist_base, int *linklist_count,
332 void AfsToWinAfs(char* path, char* winPath);
333 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
334 char *Win2kPassword, char *Win2kUser, char *default_server,
335 int connect_to_kdc, char **ServerList, int *IgnoreMasterSeverError);
336 void ad_kdc_disconnect();
337 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
338 char *attribute_value, char *attribute, char *user_name);
339 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
340 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
341 void check_winad(void);
342 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
344 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
345 char *distinguishedName, int count, char **av);
346 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
347 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
348 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
349 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
350 char *distinguishedName, int count, char **av);
351 void container_get_dn(char *src, char *dest);
352 void container_get_name(char *src, char *dest);
353 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
354 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
355 int afterc, char **after);
356 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
357 int afterc, char **after);
359 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
360 char *fs_type, char *fs_pack, int operation);
361 int GetAceInfo(int ac, char **av, void *ptr);
362 int GetServerList(char *ldap_domain, char **MasterServe);
363 int get_group_membership(char *group_membership, char *group_ou,
364 int *security_flag, char **av);
365 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
366 int Moira_container_group_create(char **after);
367 int Moira_container_group_delete(char **before);
368 int Moira_groupname_create(char *GroupName, char *ContainerName,
369 char *ContainerRowID);
370 int Moira_container_group_update(char **before, char **after);
371 int Moira_process_machine_container_group(char *MachineName, char* groupName,
373 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
374 int Moira_getContainerGroup(int ac, char **av, void *ptr);
375 int Moira_getGroupName(char *origContainerName, char *GroupName,
377 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
378 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
379 int UpdateGroup, int *ProcessGroup);
380 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
381 char *group_name, char *group_ou, char *group_membership,
382 int group_security_flag, int type);
383 int process_lists(int ac, char **av, void *ptr);
384 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
385 int HiddenGroup, char *AceType, char *AceName);
386 int ProcessMachineName(int ac, char **av, void *ptr);
387 int user_create(int ac, char **av, void *ptr);
388 int user_change_status(LDAP *ldap_handle, char *dn_path,
389 char *user_name, char *MoiraId, int operation);
390 int user_delete(LDAP *ldap_handle, char *dn_path,
391 char *u_name, char *MoiraId);
392 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
394 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
395 char *uid, char *MitId, char *MoiraId, int State,
396 char *WinHomeDir, char *WinProfileDir);
397 void change_to_lower_case(char *ptr);
398 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
399 int group_create(int ac, char **av, void *ptr);
400 int group_delete(LDAP *ldap_handle, char *dn_path,
401 char *group_name, char *group_membership, char *MoiraId);
402 int group_rename(LDAP *ldap_handle, char *dn_path,
403 char *before_group_name, char *before_group_membership,
404 char *before_group_ou, int before_security_flag, char *before_desc,
405 char *after_group_name, char *after_group_membership,
406 char *after_group_ou, int after_security_flag, char *after_desc,
407 char *MoiraId, char *filter);
408 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
409 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
410 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
411 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
412 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
413 char *group_name, char *group_ou, char *group_membership,
414 int group_security_flag, int updateGroup);
415 int member_list_build(int ac, char **av, void *ptr);
416 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
417 char *group_ou, char *group_membership,
418 char *user_name, char *pUserOu, char *MoiraId);
419 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
420 char *group_ou, char *group_membership, char *user_name,
421 char *pUserOu, char *MoiraId);
422 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_ou, char *group_membership,
424 int group_security_flag, char *MoiraId);
425 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
426 char *WinHomeDir, char *WinProfileDir,
427 char **homedir_v, char **winProfile_v,
428 char **drives_v, LDAPMod **mods,
430 int sid_update(LDAP *ldap_handle, char *dn_path);
431 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
432 int check_string(char *s);
433 int check_container_name(char* s);
434 void convert_b_to_a(char *string, UCHAR *binary, int length);
435 int mr_connect_cl(char *server, char *client, int version, int auth);
437 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
438 char **before, int beforec, char **after, int afterc);
439 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
440 char **before, int beforec, char **after, int afterc);
441 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
442 char **before, int beforec, char **after, int afterc);
443 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
444 char **before, int beforec, char **after, int afterc);
445 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
446 char **before, int beforec, char **after, int afterc);
447 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
448 char **before, int beforec, char **after, int afterc);
449 int linklist_create_entry(char *attribute, char *value,
450 LK_ENTRY **linklist_entry);
451 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
452 char **attr_array, LK_ENTRY **linklist_base,
453 int *linklist_count, unsigned long ScopeType);
454 void linklist_free(LK_ENTRY *linklist_base);
456 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
457 char *distinguished_name, LK_ENTRY **linklist_current);
458 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
459 LK_ENTRY **linklist_base, int *linklist_count);
460 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
461 char *Attribute, char *distinguished_name,
462 LK_ENTRY **linklist_current);
464 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
465 char *oldValue, char *newValue,
466 char ***modvalues, int type);
467 void free_values(char **modvalues);
469 int convert_domain_to_dn(char *domain, char **bind_path);
470 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
471 char *distinguished_name);
472 int moira_disconnect(void);
473 int moira_connect(void);
474 void print_to_screen(const char *fmt, ...);
475 int GetMachineName(char *MachineName);
477 int main(int argc, char **argv)
487 int IgnoreServerListError;
496 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
500 com_err(whoami, 0, "Unable to process %s", "argc < 4");
503 beforec = atoi(argv[2]);
504 afterc = atoi(argv[3]);
506 if (argc < (4 + beforec + afterc))
508 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
514 after = &argv[4 + beforec];
516 for (i = 1; i < argc; i++)
518 strcat(tbl_buf, argv[i]);
519 strcat(tbl_buf, " ");
521 com_err(whoami, 0, "%s", tbl_buf);
525 memset(ldap_domain, '\0', sizeof(ldap_domain));
526 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
527 memset(temp, '\0', sizeof(temp));
532 if ((fptr = fopen(WINADCFG, "r")) != NULL)
534 while (fgets(temp, sizeof(temp), fptr) != 0)
536 for (i = 0; i < (int)strlen(temp); i++)
537 temp[i] = toupper(temp[i]);
538 if (temp[strlen(temp) - 1] == '\n')
539 temp[strlen(temp) - 1] = '\0';
540 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
542 if (strlen(temp) > (strlen(DOMAIN)))
544 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
547 else if (!strncmp(temp, SERVER, strlen(SERVER)))
549 if (strlen(temp) > (strlen(SERVER)))
551 ServerList[Count] = calloc(1, 256);
552 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
556 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
558 if (strlen(temp) > (strlen(MSSFU)))
560 if (!strcmp(&temp[strlen(MSSFU)], SFUTYPE))
566 strcpy(ldap_domain, temp);
572 if (strlen(ldap_domain) == 0)
573 strcpy(ldap_domain, "win.mit.edu");
574 /* zero trailing newline, if there is one. */
575 if (ldap_domain[strlen(ldap_domain) - 1] == '\n')
576 ldap_domain[strlen(ldap_domain) - 1] = '\0';
578 initialize_sms_error_table();
579 initialize_krb_error_table();
581 IgnoreServerListError = 0;
582 if (ServerList[0] == NULL)
584 IgnoreServerListError = 1;
585 GetServerList(ldap_domain, ServerList);
587 for (i = 0; i < MAX_SERVER_NAMES; i++)
589 if (ServerList[i] != 0)
591 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
592 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
593 strcat(ServerList[i], ".");
594 strcat(ServerList[i], ldap_domain);
595 for (k = 0; k < (int)strlen(ServerList[i]); k++)
596 ServerList[i][k] = toupper(ServerList[i][k]);
600 memset(default_server, '\0', sizeof(default_server));
601 memset(dn_path, '\0', sizeof(dn_path));
602 for (i = 0; i < 5; i++)
604 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
605 default_server, 1, ServerList, &IgnoreServerListError)))
607 if (IgnoreServerListError < 0)
609 GetServerList(ldap_domain, ServerList);
610 for (j = 0; j < MAX_SERVER_NAMES; j++)
612 if (ServerList[j] != NULL)
614 if (ServerList[j][strlen(ServerList[j]) - 1] == '\n')
615 ServerList[j][strlen(ServerList[j]) - 1] = '\0';
616 strcat(ServerList[j], ".");
617 strcat(ServerList[j], ldap_domain);
618 for (k = 0; k < (int)strlen(ServerList[j]); k++)
619 ServerList[j][k] = toupper(ServerList[j][k]);
622 IgnoreServerListError = 1;
629 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
633 for (i = 0; i < (int)strlen(table); i++)
634 table[i] = tolower(table[i]);
636 if (!strcmp(table, "users"))
637 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
639 else if (!strcmp(table, "list"))
640 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
642 else if (!strcmp(table, "imembers"))
643 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
645 else if (!strcmp(table, "filesys"))
646 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
648 else if (!strcmp(table, "containers"))
649 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
651 else if (!strcmp(table, "mcntmap"))
652 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
654 if (OldUseSFU30 != UseSFU30)
656 GetServerList(ldap_domain, ServerList);
659 for (i = 0; i < MAX_SERVER_NAMES; i++)
661 if (ServerList[i] != NULL)
664 ServerList[i] = NULL;
667 rc = ldap_unbind_s(ldap_handle);
671 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
672 char **before, int beforec, char **after, int afterc)
674 char MoiraContainerName[128];
675 char ADContainerName[128];
676 char MachineName[1024];
677 char OriginalMachineName[1024];
680 char MoiraContainerGroup[64];
683 memset(ADContainerName, '\0', sizeof(ADContainerName));
684 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
686 if ((beforec == 0) && (afterc == 0))
689 if (rc = moira_connect())
691 critical_alert("AD incremental",
692 "Error contacting Moira server : %s",
697 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
699 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
700 strcpy(MachineName, before[OU_MACHINE_NAME]);
701 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
703 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
705 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
707 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
708 strcpy(MachineName, after[OU_MACHINE_NAME]);
709 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
710 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
718 rc = GetMachineName(MachineName);
719 if (strlen(MachineName) == 0)
722 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
725 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
727 if (machine_check(ldap_handle, dn_path, MachineName))
729 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
733 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
734 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
735 if (strlen(MoiraContainerName) == 0)
737 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
738 OriginalMachineName, MachineName);
739 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
743 container_get_dn(MoiraContainerName, ADContainerName);
744 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
745 strcat(MoiraContainerName, "/");
746 container_check(ldap_handle, dn_path, MoiraContainerName);
747 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
752 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
753 char **before, int beforec, char **after, int afterc)
757 if ((beforec == 0) && (afterc == 0))
760 if (rc = moira_connect())
762 critical_alert("AD incremental", "Error contacting Moira server : %s",
767 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
769 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
770 container_delete(ldap_handle, dn_path, beforec, before);
771 Moira_container_group_delete(before);
775 if ((beforec == 0) && (afterc != 0)) /*create a container*/
777 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
778 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
779 container_create(ldap_handle, dn_path, afterc, after);
780 Moira_container_group_create(after);
785 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
787 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
788 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
789 Moira_container_group_update(before, after);
793 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
794 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
795 Moira_container_group_update(before, after);
800 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
801 char **before, int beforec, char **after, int afterc)
814 if (afterc < FS_CREATE)
818 atype = !strcmp(after[FS_TYPE], "AFS");
819 acreate = atoi(after[FS_CREATE]);
822 if (beforec < FS_CREATE)
824 if (acreate == 0 || atype == 0)
826 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
830 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
831 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
833 if (rc != LDAP_SUCCESS)
834 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
841 if (rc = moira_connect())
843 critical_alert("AD incremental",
844 "Error contacting Moira server : %s",
848 av[0] = after[FS_NAME];
849 call_args[0] = (char *)ldap_handle;
850 call_args[1] = dn_path;
856 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
860 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
866 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
869 if (sid_base != NULL)
871 sid_update(ldap_handle, dn_path);
872 linklist_free(sid_base);
880 btype = !strcmp(before[FS_TYPE], "AFS");
881 bcreate = atoi(before[FS_CREATE]);
882 if (afterc < FS_CREATE)
884 if (btype && bcreate)
886 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
887 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
889 com_err(whoami, 0, "Unable to delete filesys %s", before[FS_NAME]);
898 if (!atype && !btype)
900 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
902 com_err(whoami, 0, "Unable to process Filesystem %s or %s is not AFS",
903 before[FS_NAME], after[FS_NAME]);
907 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
911 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
912 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
914 if (rc != LDAP_SUCCESS)
915 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
922 if (rc = moira_connect())
924 critical_alert("AD incremental",
925 "Error contacting Moira server : %s",
929 av[0] = after[FS_NAME];
930 call_args[0] = (char *)ldap_handle;
931 call_args[1] = dn_path;
937 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
941 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
947 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
950 if (sid_base != NULL)
952 sid_update(ldap_handle, dn_path);
953 linklist_free(sid_base);
963 #define L_LIST_DESC 9
966 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
967 char **before, int beforec, char **after, int afterc)
972 char group_membership[6];
977 char before_list_id[32];
978 char before_group_membership[1];
979 int before_security_flag;
980 char before_group_ou[256];
981 LK_ENTRY *ptr = NULL;
983 if (beforec == 0 && afterc == 0)
986 memset(list_id, '\0', sizeof(list_id));
987 memset(before_list_id, '\0', sizeof(before_list_id));
988 memset(before_group_ou, '\0', sizeof(before_group_ou));
989 memset(before_group_membership, '\0', sizeof(before_group_membership));
990 memset(group_ou, '\0', sizeof(group_ou));
991 memset(group_membership, '\0', sizeof(group_membership));
996 if (beforec < L_LIST_ID)
998 if (beforec > L_LIST_DESC)
1000 strcpy(before_list_id, before[L_LIST_ID]);
1002 before_security_flag = 0;
1003 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
1007 if (afterc < L_LIST_ID)
1009 if (afterc > L_LIST_DESC)
1011 strcpy(list_id, before[L_LIST_ID]);
1014 get_group_membership(group_membership, group_ou, &security_flag, after);
1017 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1024 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1025 before_group_ou, before_group_membership,
1026 before_security_flag, CHECK_GROUPS)))
1028 if (rc == AD_NO_GROUPS_FOUND)
1032 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1034 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1035 before_group_ou, before_group_membership,
1036 before_security_flag, CLEANUP_GROUPS);
1038 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1040 com_err(whoami, 0, "Unable to change list name from %s to %s",
1041 before[L_NAME], after[L_NAME]);
1044 if (rc == AD_NO_GROUPS_FOUND)
1050 if ((beforec != 0) && (afterc != 0))
1052 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1053 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1054 (strcmp(before_group_ou, group_ou)))) &&
1057 com_err(whoami, 0, "Changing list name from %s to %s",
1058 before[L_NAME], after[L_NAME]);
1059 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1060 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1062 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1065 memset(filter, '\0', sizeof(filter));
1066 if ((rc = group_rename(ldap_handle, dn_path,
1067 before[L_NAME], before_group_membership,
1068 before_group_ou, before_security_flag, before[L_LIST_DESC],
1069 after[L_NAME], group_membership,
1070 group_ou, security_flag, after[L_LIST_DESC],
1073 if (rc != AD_NO_GROUPS_FOUND)
1075 com_err(whoami, 0, "Unable to change list name from %s to %s",
1076 before[L_NAME], after[L_NAME]);
1089 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1091 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
1094 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1095 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1096 before_group_membership, before_list_id);
1103 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1104 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1105 group_ou, group_membership,
1106 security_flag, CHECK_GROUPS))
1108 if (rc != AD_NO_GROUPS_FOUND)
1110 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1113 group_ou, group_membership,
1114 security_flag, CLEANUP_GROUPS);
1118 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
1125 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1127 if (rc = moira_connect())
1129 critical_alert("AD incremental",
1130 "Error contacting Moira server : %s",
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1140 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1143 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1144 group_ou, group_membership, security_flag, updateGroup))
1149 if (atoi(after[L_ACTIVE]))
1151 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1152 group_membership, security_flag, list_id);
1159 #define LM_EXTRA_ACTIVE (LM_END)
1160 #define LM_EXTRA_PUBLIC (LM_END+1)
1161 #define LM_EXTRA_HIDDEN (LM_END+2)
1162 #define LM_EXTRA_MAILLIST (LM_END+3)
1163 #define LM_EXTRA_GROUP (LM_END+4)
1164 #define LM_EXTRA_GID (LM_END+5)
1165 #define LMN_LIST_ID (LM_END+6)
1166 #define LM_LIST_ID (LM_END+7)
1167 #define LM_USER_ID (LM_END+8)
1168 #define LM_EXTRA_END (LM_END+9)
1170 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1171 char **before, int beforec, char **after, int afterc)
1173 char group_name[128];
1174 char user_name[128];
1175 char user_type[128];
1176 char moira_list_id[32];
1177 char moira_user_id[32];
1178 char group_membership[1];
1180 char machine_ou[256];
1186 char NewMachineName[1024];
1193 memset(moira_list_id, '\0', sizeof(moira_list_id));
1194 memset(moira_user_id, '\0', sizeof(moira_user_id));
1197 if (afterc < LM_EXTRA_GID)
1199 if (!atoi(after[LM_EXTRA_ACTIVE]))
1201 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1205 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1207 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1208 after[2], after[0], after[0]);
1211 strcpy(user_name, after[LM_MEMBER]);
1212 strcpy(group_name, after[LM_LIST]);
1213 strcpy(user_type, after[LM_TYPE]);
1214 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1216 if (afterc > LM_EXTRA_GROUP)
1218 strcpy(moira_list_id, after[LMN_LIST_ID]);
1219 strcpy(moira_user_id, after[LM_LIST_ID]);
1222 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1224 if (afterc > LMN_LIST_ID)
1226 strcpy(moira_list_id, after[LM_LIST_ID]);
1227 strcpy(moira_user_id, after[LM_USER_ID]);
1232 if (afterc > LM_EXTRA_GID)
1233 strcpy(moira_list_id, after[LMN_LIST_ID]);
1238 if (beforec < LM_EXTRA_GID)
1240 if (!atoi(before[LM_EXTRA_ACTIVE]))
1242 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1246 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1248 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1249 before[2], before[0], before[0]);
1252 strcpy(user_name, before[LM_MEMBER]);
1253 strcpy(group_name, before[LM_LIST]);
1254 strcpy(user_type, before[LM_TYPE]);
1255 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1257 if (beforec > LM_EXTRA_GROUP)
1259 strcpy(moira_list_id, before[LMN_LIST_ID]);
1260 strcpy(moira_user_id, before[LM_LIST_ID]);
1263 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1265 if (beforec > LMN_LIST_ID)
1267 strcpy(moira_list_id, before[LM_LIST_ID]);
1268 strcpy(moira_user_id, before[LM_USER_ID]);
1273 if (beforec > LM_EXTRA_GID)
1274 strcpy(moira_list_id, before[LMN_LIST_ID]);
1280 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1284 args[L_NAME] = ptr[LM_LIST];
1285 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1286 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1287 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1288 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1289 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1290 args[L_GID] = ptr[LM_EXTRA_GID];
1293 memset(group_ou, '\0', sizeof(group_ou));
1294 get_group_membership(group_membership, group_ou, &security_flag, args);
1295 if (strlen(group_ou) == 0)
1297 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1300 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1302 if (rc != AD_NO_GROUPS_FOUND)
1304 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1306 if (rc != AD_NO_GROUPS_FOUND)
1309 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1311 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1317 if (rc == AD_NO_GROUPS_FOUND)
1319 if (rc = moira_connect())
1321 critical_alert("AD incremental",
1322 "Error contacting Moira server : %s",
1327 com_err(whoami, 0, "creating group %s", group_name);
1329 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1333 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1336 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1337 group_ou, group_membership, security_flag, 0))
1342 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1344 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1345 group_membership, security_flag, moira_list_id);
1352 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1354 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1356 memset(machine_ou, '\0', sizeof(machine_ou));
1357 memset(NewMachineName, '\0', sizeof(NewMachineName));
1358 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1360 ptr[LM_MEMBER] = NewMachineName;
1361 pUserOu = machine_ou;
1363 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1365 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1367 pUserOu = contact_ou;
1369 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1371 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1373 pUserOu = kerberos_ou;
1375 if (rc = member_remove(ldap_handle, dn_path, group_name,
1376 group_ou, group_membership, ptr[LM_MEMBER],
1377 pUserOu, moira_list_id))
1378 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1382 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1385 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1387 memset(machine_ou, '\0', sizeof(machine_ou));
1388 memset(NewMachineName, '\0', sizeof(NewMachineName));
1389 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1391 ptr[LM_MEMBER] = NewMachineName;
1392 pUserOu = machine_ou;
1394 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1396 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1398 pUserOu = contact_ou;
1400 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1402 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1404 pUserOu = kerberos_ou;
1406 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1408 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1409 moira_user_id)) == AD_NO_USER_FOUND)
1411 if (rc = moira_connect())
1413 critical_alert("AD incremental",
1414 "Error connection to Moira : %s",
1418 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1419 av[0] = ptr[LM_MEMBER];
1420 call_args[0] = (char *)ldap_handle;
1421 call_args[1] = dn_path;
1422 call_args[2] = moira_user_id;
1423 call_args[3] = NULL;
1425 sid_ptr = &sid_base;
1427 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1431 com_err(whoami, 0, "Unable to create user %s : %s",
1432 ptr[LM_MEMBER], error_message(rc));
1438 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1442 if (sid_base != NULL)
1444 sid_update(ldap_handle, dn_path);
1445 linklist_free(sid_base);
1456 if (rc = member_add(ldap_handle, dn_path, group_name,
1457 group_ou, group_membership, ptr[LM_MEMBER],
1458 pUserOu, moira_list_id))
1460 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1466 #define U_USER_ID 10
1467 #define U_HOMEDIR 11
1468 #define U_PROFILEDIR 12
1470 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1471 char **before, int beforec, char **after,
1476 char after_user_id[32];
1477 char before_user_id[32];
1480 if ((beforec == 0) && (afterc == 0))
1483 memset(after_user_id, '\0', sizeof(after_user_id));
1484 memset(before_user_id, '\0', sizeof(before_user_id));
1485 if (beforec > U_USER_ID)
1486 strcpy(before_user_id, before[U_USER_ID]);
1487 if (afterc > U_USER_ID)
1488 strcpy(after_user_id, after[U_USER_ID]);
1490 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1493 if ((beforec == 0) && (afterc != 0))
1495 /*this case only happens when the account*/
1496 /*account is first created but not usable*/
1497 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1500 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1502 if (atoi(before[U_STATE]) == 0)
1504 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1505 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1509 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1514 /*process anything that gets here*/
1515 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1516 before_user_id)) == AD_NO_USER_FOUND)
1518 if (!check_string(after[U_NAME]))
1520 if (rc = moira_connect())
1522 critical_alert("AD incremental",
1523 "Error connection to Moira : %s",
1527 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1529 av[0] = after[U_NAME];
1530 call_args[0] = (char *)ldap_handle;
1531 call_args[1] = dn_path;
1532 call_args[2] = after_user_id;
1533 call_args[3] = NULL;
1535 sid_ptr = &sid_base;
1537 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1541 com_err(whoami, 0, "Unable to create user %s : %s",
1542 after[U_NAME], error_message(rc));
1548 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1552 if (sid_base != NULL)
1554 sid_update(ldap_handle, dn_path);
1555 linklist_free(sid_base);
1564 if (strcmp(before[U_NAME], after[U_NAME]))
1566 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1568 com_err(whoami, 0, "changing user %s to %s",
1569 before[U_NAME], after[U_NAME]);
1570 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1571 after[U_NAME])) != LDAP_SUCCESS)
1577 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1578 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1579 after[U_UID], after[U_MITID],
1580 after_user_id, atoi(after[U_STATE]),
1581 after[U_HOMEDIR], after[U_PROFILEDIR]);
1585 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1586 char *oldValue, char *newValue,
1587 char ***modvalues, int type)
1589 LK_ENTRY *linklist_ptr;
1593 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1598 for (i = 0; i < (modvalue_count + 1); i++)
1599 (*modvalues)[i] = NULL;
1600 if (modvalue_count != 0)
1602 linklist_ptr = linklist_base;
1603 for (i = 0; i < modvalue_count; i++)
1605 if ((oldValue != NULL) && (newValue != NULL))
1607 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1610 if (type == REPLACE)
1612 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1615 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1616 strcpy((*modvalues)[i], newValue);
1620 if (((*modvalues)[i] = calloc(1,
1621 (int)(cPtr - linklist_ptr->value) +
1622 (linklist_ptr->length - strlen(oldValue)) +
1623 strlen(newValue) + 1)) == NULL)
1625 memset((*modvalues)[i], '\0',
1626 (int)(cPtr - linklist_ptr->value) +
1627 (linklist_ptr->length - strlen(oldValue)) +
1628 strlen(newValue) + 1);
1629 memcpy((*modvalues)[i], linklist_ptr->value,
1630 (int)(cPtr - linklist_ptr->value));
1631 strcat((*modvalues)[i], newValue);
1632 strcat((*modvalues)[i],
1633 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1638 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1639 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1640 memcpy((*modvalues)[i], linklist_ptr->value,
1641 linklist_ptr->length);
1646 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1647 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1648 memcpy((*modvalues)[i], linklist_ptr->value,
1649 linklist_ptr->length);
1651 linklist_ptr = linklist_ptr->next;
1653 (*modvalues)[i] = NULL;
1659 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1660 char **attr_array, LK_ENTRY **linklist_base,
1661 int *linklist_count, unsigned long ScopeType)
1664 LDAPMessage *ldap_entry;
1668 (*linklist_base) = NULL;
1669 (*linklist_count) = 0;
1670 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1671 search_exp, attr_array, 0, &ldap_entry))
1674 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1678 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1680 ldap_msgfree(ldap_entry);
1685 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1686 LK_ENTRY **linklist_base, int *linklist_count)
1688 char distinguished_name[1024];
1689 LK_ENTRY *linklist_ptr;
1692 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1695 memset(distinguished_name, '\0', sizeof(distinguished_name));
1696 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1698 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1699 linklist_base)) != 0)
1702 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1704 memset(distinguished_name, '\0', sizeof(distinguished_name));
1705 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1707 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1708 linklist_base)) != 0)
1712 linklist_ptr = (*linklist_base);
1713 (*linklist_count) = 0;
1714 while (linklist_ptr != NULL)
1716 ++(*linklist_count);
1717 linklist_ptr = linklist_ptr->next;
1722 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1723 char *distinguished_name, LK_ENTRY **linklist_current)
1729 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1731 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1733 ldap_memfree(Attribute);
1734 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1737 retrieve_values(ldap_handle, ldap_entry, Attribute,
1738 distinguished_name, linklist_current);
1739 ldap_memfree(Attribute);
1742 ldap_ber_free(ptr, 0);
1746 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1747 char *Attribute, char *distinguished_name,
1748 LK_ENTRY **linklist_current)
1754 LK_ENTRY *linklist_previous;
1755 LDAP_BERVAL **ber_value;
1763 SID_IDENTIFIER_AUTHORITY *sid_auth;
1764 unsigned char *subauth_count;
1765 #endif /*LDAP_BEGUG*/
1768 memset(temp, '\0', sizeof(temp));
1769 if ((!strcmp(Attribute, "objectSid")) ||
1770 (!strcmp(Attribute, "objectGUID")))
1775 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1776 Ptr = (void **)ber_value;
1781 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1782 Ptr = (void **)str_value;
1789 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1791 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1792 linklist_previous->next = (*linklist_current);
1793 (*linklist_current) = linklist_previous;
1795 if (((*linklist_current)->attribute = calloc(1,
1796 strlen(Attribute) + 1)) == NULL)
1798 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1799 strcpy((*linklist_current)->attribute, Attribute);
1802 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1803 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1805 memset((*linklist_current)->value, '\0', ber_length);
1806 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1808 (*linklist_current)->length = ber_length;
1812 if (((*linklist_current)->value = calloc(1,
1813 strlen(*Ptr) + 1)) == NULL)
1815 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1816 (*linklist_current)->length = strlen(*Ptr);
1817 strcpy((*linklist_current)->value, *Ptr);
1819 (*linklist_current)->ber_value = use_bervalue;
1820 if (((*linklist_current)->dn = calloc(1,
1821 strlen(distinguished_name) + 1)) == NULL)
1823 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1824 strcpy((*linklist_current)->dn, distinguished_name);
1827 if (!strcmp(Attribute, "objectGUID"))
1829 guid = (GUID *)((*linklist_current)->value);
1830 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1831 guid->Data1, guid->Data2, guid->Data3,
1832 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1833 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1834 guid->Data4[6], guid->Data4[7]);
1835 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1837 else if (!strcmp(Attribute, "objectSid"))
1839 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1841 print_to_screen(" Revision = %d\n", sid->Revision);
1842 print_to_screen(" SID Identifier Authority:\n");
1843 sid_auth = &sid->IdentifierAuthority;
1844 if (sid_auth->Value[0])
1845 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1846 else if (sid_auth->Value[1])
1847 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1848 else if (sid_auth->Value[2])
1849 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1850 else if (sid_auth->Value[3])
1851 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1852 else if (sid_auth->Value[5])
1853 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1855 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1856 subauth_count = GetSidSubAuthorityCount(sid);
1857 print_to_screen(" SidSubAuthorityCount = %d\n",
1859 print_to_screen(" SidSubAuthority:\n");
1860 for (i = 0; i < *subauth_count; i++)
1862 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1863 print_to_screen(" %u\n", *subauth);
1867 else if ((!memcmp(Attribute, "userAccountControl",
1868 strlen("userAccountControl"))) ||
1869 (!memcmp(Attribute, "sAMAccountType",
1870 strlen("sAmAccountType"))))
1872 intValue = atoi(*Ptr);
1873 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1874 if (!memcmp(Attribute, "userAccountControl",
1875 strlen("userAccountControl")))
1877 if (intValue & UF_ACCOUNTDISABLE)
1878 print_to_screen(" %20s : %s\n",
1879 "", "Account disabled");
1881 print_to_screen(" %20s : %s\n",
1882 "", "Account active");
1883 if (intValue & UF_HOMEDIR_REQUIRED)
1884 print_to_screen(" %20s : %s\n",
1885 "", "Home directory required");
1886 if (intValue & UF_LOCKOUT)
1887 print_to_screen(" %20s : %s\n",
1888 "", "Account locked out");
1889 if (intValue & UF_PASSWD_NOTREQD)
1890 print_to_screen(" %20s : %s\n",
1891 "", "No password required");
1892 if (intValue & UF_PASSWD_CANT_CHANGE)
1893 print_to_screen(" %20s : %s\n",
1894 "", "Cannot change password");
1895 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1896 print_to_screen(" %20s : %s\n",
1897 "", "Temp duplicate account");
1898 if (intValue & UF_NORMAL_ACCOUNT)
1899 print_to_screen(" %20s : %s\n",
1900 "", "Normal account");
1901 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1902 print_to_screen(" %20s : %s\n",
1903 "", "Interdomain trust account");
1904 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1905 print_to_screen(" %20s : %s\n",
1906 "", "Workstation trust account");
1907 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1908 print_to_screen(" %20s : %s\n",
1909 "", "Server trust account");
1914 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1916 #endif /*LDAP_DEBUG*/
1918 if (str_value != NULL)
1919 ldap_value_free(str_value);
1920 if (ber_value != NULL)
1921 ldap_value_free_len(ber_value);
1923 (*linklist_current) = linklist_previous;
1927 int moira_connect(void)
1932 if (!mr_connections++)
1935 memset(HostName, '\0', sizeof(HostName));
1936 strcpy(HostName, "ttsp");
1937 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1939 rc = mr_connect(HostName);
1944 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1946 rc = mr_connect(uts.nodename);
1951 rc = mr_auth("winad.incr");
1958 void check_winad(void)
1962 for (i = 0; file_exists(STOP_FILE); i++)
1966 critical_alert("AD incremental",
1967 "WINAD incremental failed (%s exists): %s",
1968 STOP_FILE, tbl_buf);
1975 int moira_disconnect(void)
1978 if (!--mr_connections)
1985 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1986 char *distinguished_name)
1990 CName = ldap_get_dn(ldap_handle, ldap_entry);
1993 strcpy(distinguished_name, CName);
1994 ldap_memfree(CName);
1997 int linklist_create_entry(char *attribute, char *value,
1998 LK_ENTRY **linklist_entry)
2000 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2001 if (!(*linklist_entry))
2005 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2006 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2007 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2008 strcpy((*linklist_entry)->attribute, attribute);
2009 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2010 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2011 strcpy((*linklist_entry)->value, value);
2012 (*linklist_entry)->length = strlen(value);
2013 (*linklist_entry)->next = NULL;
2017 void print_to_screen(const char *fmt, ...)
2021 va_start(pvar, fmt);
2022 vfprintf(stderr, fmt, pvar);
2027 int get_group_membership(char *group_membership, char *group_ou,
2028 int *security_flag, char **av)
2033 maillist_flag = atoi(av[L_MAILLIST]);
2034 group_flag = atoi(av[L_GROUP]);
2035 if (security_flag != NULL)
2036 (*security_flag) = 0;
2038 if ((maillist_flag) && (group_flag))
2040 if (group_membership != NULL)
2041 group_membership[0] = 'B';
2042 if (security_flag != NULL)
2043 (*security_flag) = 1;
2044 if (group_ou != NULL)
2045 strcpy(group_ou, group_ou_both);
2047 else if ((!maillist_flag) && (group_flag))
2049 if (group_membership != NULL)
2050 group_membership[0] = 'S';
2051 if (security_flag != NULL)
2052 (*security_flag) = 1;
2053 if (group_ou != NULL)
2054 strcpy(group_ou, group_ou_security);
2056 else if ((maillist_flag) && (!group_flag))
2058 if (group_membership != NULL)
2059 group_membership[0] = 'D';
2060 if (group_ou != NULL)
2061 strcpy(group_ou, group_ou_distribution);
2065 if (group_membership != NULL)
2066 group_membership[0] = 'N';
2067 if (group_ou != NULL)
2068 strcpy(group_ou, group_ou_neither);
2073 int group_rename(LDAP *ldap_handle, char *dn_path,
2074 char *before_group_name, char *before_group_membership,
2075 char *before_group_ou, int before_security_flag, char *before_desc,
2076 char *after_group_name, char *after_group_membership,
2077 char *after_group_ou, int after_security_flag, char *after_desc,
2078 char *MoiraId, char *filter)
2083 char new_dn_path[512];
2085 char *attr_array[3];
2086 char *mitMoiraId_v[] = {NULL, NULL};
2087 char *name_v[] = {NULL, NULL};
2088 char *samAccountName_v[] = {NULL, NULL};
2089 char *groupTypeControl_v[] = {NULL, NULL};
2090 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2091 char groupTypeControlStr[80];
2095 LK_ENTRY *group_base;
2098 if (!check_string(before_group_name))
2100 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
2101 return(AD_INVALID_NAME);
2103 if (!check_string(after_group_name))
2105 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
2106 return(AD_INVALID_NAME);
2111 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2112 before_group_membership,
2113 MoiraId, "distinguishedName", &group_base,
2114 &group_count, filter))
2117 if (group_count == 0)
2119 return(AD_NO_GROUPS_FOUND);
2121 if (group_count != 1)
2124 "Unable to process multiple groups with MoiraId = %s exist in the AD",
2126 return(AD_MULTIPLE_GROUPS_FOUND);
2128 strcpy(old_dn, group_base->value);
2130 linklist_free(group_base);
2133 attr_array[0] = "sAMAccountName";
2134 attr_array[1] = NULL;
2135 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2136 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2138 com_err(whoami, 0, "Unable to get list %s dn : %s",
2139 after_group_name, ldap_err2string(rc));
2142 if (group_count != 1)
2145 "Unable to get sAMAccountName for group %s",
2147 return(AD_LDAP_FAILURE);
2150 strcpy(sam_name, group_base->value);
2151 linklist_free(group_base);
2155 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2156 sprintf(new_dn, "cn=%s", after_group_name);
2157 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2158 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2160 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2161 before_group_name, after_group_name, ldap_err2string(rc));
2165 name_v[0] = after_group_name;
2166 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2168 sprintf(sam_name, "%s_group", after_group_name);
2172 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2173 before_group_name, after_group_name);
2176 samAccountName_v[0] = sam_name;
2177 if (after_security_flag)
2178 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2179 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2180 groupTypeControl_v[0] = groupTypeControlStr;
2181 mitMoiraId_v[0] = MoiraId;
2183 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2184 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2186 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2187 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2188 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2189 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2191 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2193 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2194 after_group_name, ldap_err2string(rc));
2196 for (i = 0; i < n; i++)
2201 int group_create(int ac, char **av, void *ptr)
2204 LK_ENTRY *group_base;
2207 char new_group_name[256];
2208 char sam_group_name[256];
2209 char cn_group_name[256];
2210 char *cn_v[] = {NULL, NULL};
2211 char *objectClass_v[] = {"top", "group", NULL};
2213 char *samAccountName_v[] = {NULL, NULL};
2214 char *altSecurityIdentities_v[] = {NULL, NULL};
2215 char *member_v[] = {NULL, NULL};
2216 char *name_v[] = {NULL, NULL};
2217 char *desc_v[] = {NULL, NULL};
2218 char *info_v[] = {NULL, NULL};
2219 char *mitMoiraId_v[] = {NULL, NULL};
2220 char *groupTypeControl_v[] = {NULL, NULL};
2221 char groupTypeControlStr[80];
2222 char group_membership[1];
2225 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2231 char *attr_array[3];
2236 if (!check_string(av[L_NAME]))
2238 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2239 return(AD_INVALID_NAME);
2242 updateGroup = (int)call_args[4];
2243 memset(group_ou, 0, sizeof(group_ou));
2244 memset(group_membership, 0, sizeof(group_membership));
2246 get_group_membership(group_membership, group_ou, &security_flag, av);
2247 strcpy(new_group_name, av[L_NAME]);
2248 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2250 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2252 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2257 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2258 groupTypeControl_v[0] = groupTypeControlStr;
2260 strcpy(cn_group_name, av[L_NAME]);
2262 samAccountName_v[0] = sam_group_name;
2263 name_v[0] = new_group_name;
2264 cn_v[0] = new_group_name;
2267 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2268 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2269 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2270 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2271 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2272 if (strlen(av[L_DESC]) != 0)
2274 desc_v[0] = av[L_DESC];
2275 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2277 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2278 if (strlen(av[L_ACE_NAME]) != 0)
2280 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2282 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2284 if (strlen(call_args[5]) != 0)
2286 mitMoiraId_v[0] = call_args[5];
2287 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2291 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2293 for (i = 0; i < n; i++)
2295 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2297 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2298 av[L_NAME], ldap_err2string(rc));
2303 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2305 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2306 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2307 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2309 if (strlen(call_args[5]) != 0)
2311 mitMoiraId_v[0] = call_args[5];
2312 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2314 if (!(atoi(av[L_ACTIVE])))
2317 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2323 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2324 for (i = 0; i < n; i++)
2326 if (rc != LDAP_SUCCESS)
2328 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2329 av[L_NAME], ldap_err2string(rc));
2336 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2337 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2339 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2340 if (strlen(call_args[5]) != 0)
2341 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2342 attr_array[0] = "objectSid";
2343 attr_array[1] = NULL;
2346 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2347 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2349 if (group_count != 1)
2351 if (strlen(call_args[5]) != 0)
2353 linklist_free(group_base);
2356 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2357 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2358 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2361 if (group_count == 1)
2363 (*sid_ptr) = group_base;
2364 (*sid_ptr)->member = strdup(av[L_NAME]);
2365 (*sid_ptr)->type = (char *)GROUPS;
2366 sid_ptr = &(*sid_ptr)->next;
2370 if (group_base != NULL)
2371 linklist_free(group_base);
2376 if (group_base != NULL)
2377 linklist_free(group_base);
2379 return(LDAP_SUCCESS);
2382 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2383 int HiddenGroup, char *AceType, char *AceName)
2385 char filter_exp[1024];
2386 char *attr_array[5];
2387 char search_path[512];
2389 char TemplateDn[512];
2390 char TemplateSamName[128];
2392 char TargetSamName[128];
2393 char AceSamAccountName[128];
2395 unsigned char AceSid[128];
2396 unsigned char UserTemplateSid[128];
2397 char acBERBuf[N_SD_BER_BYTES];
2398 char GroupSecurityTemplate[256];
2400 int UserTemplateSidCount;
2407 int array_count = 0;
2409 LK_ENTRY *group_base;
2410 LDAP_BERVAL **ppsValues;
2411 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2412 { N_SD_BER_BYTES, acBERBuf },
2415 LDAPControl *apsServerControls[] = {&sControl, NULL};
2418 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2419 BEREncodeSecurityBits(dwInfo, acBERBuf);
2421 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2422 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2423 attr_array[0] = "sAMAccountName";
2424 attr_array[1] = NULL;
2427 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2428 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2430 if (group_count != 1)
2432 linklist_free(group_base);
2435 strcpy(TargetDn, group_base->dn);
2436 strcpy(TargetSamName, group_base->value);
2437 linklist_free(group_base);
2441 UserTemplateSidCount = 0;
2442 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2443 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2444 memset(AceSid, '\0', sizeof(AceSid));
2448 if (strlen(AceName) != 0)
2450 if (!strcmp(AceType, "LIST"))
2452 sprintf(AceSamAccountName, "%s_group", AceName);
2453 strcpy(root_ou, group_ou_root);
2455 else if (!strcmp(AceType, "USER"))
2457 sprintf(AceSamAccountName, "%s", AceName);
2458 strcpy(root_ou, user_ou);
2460 if (strlen(AceSamAccountName) != 0)
2462 sprintf(search_path, "%s", dn_path);
2463 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2464 attr_array[0] = "objectSid";
2465 attr_array[1] = NULL;
2468 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2469 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2471 if (group_count == 1)
2473 strcpy(AceDn, group_base->dn);
2474 AceSidCount = group_base->length;
2475 memcpy(AceSid, group_base->value, AceSidCount);
2477 linklist_free(group_base);
2482 if (AceSidCount == 0)
2484 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2485 com_err(whoami, 0, " Non-admin security group template will be used.");
2489 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2490 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2491 attr_array[0] = "objectSid";
2492 attr_array[1] = NULL;
2496 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2497 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2499 if ((rc != 0) || (group_count != 1))
2501 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2506 UserTemplateSidCount = group_base->length;
2507 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2509 linklist_free(group_base);
2516 if (AceSidCount == 0)
2518 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2519 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2523 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2524 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2529 if (AceSidCount == 0)
2531 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2532 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2536 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2537 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2541 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2542 attr_array[0] = "sAMAccountName";
2543 attr_array[1] = NULL;
2546 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2547 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2549 if (group_count != 1)
2551 linklist_free(group_base);
2552 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2555 strcpy(TemplateDn, group_base->dn);
2556 strcpy(TemplateSamName, group_base->value);
2557 linklist_free(group_base);
2561 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2562 rc = ldap_search_ext_s(ldap_handle,
2574 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2576 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2579 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2580 if (ppsValues == NULL)
2582 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2586 if (AceSidCount != 0)
2588 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2590 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2592 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2594 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2602 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2605 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2606 for (i = 0; i < n; i++)
2608 ldap_value_free_len(ppsValues);
2609 ldap_msgfree(psMsg);
2610 if (rc != LDAP_SUCCESS)
2612 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2613 TargetGroupName, ldap_err2string(rc));
2614 if (AceSidCount != 0)
2616 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2618 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2619 HiddenGroup, "", ""))
2621 com_err(whoami, 0, "Unable to set security for group %s.",
2631 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2632 char *group_membership, char *MoiraId)
2634 LK_ENTRY *group_base;
2640 if (!check_string(group_name))
2642 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2643 return(AD_INVALID_NAME);
2646 memset(filter, '\0', sizeof(filter));
2649 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2650 if (rc = ad_get_group(ldap_handle, temp, group_name,
2651 group_membership, MoiraId,
2652 "distinguishedName", &group_base,
2653 &group_count, filter))
2656 if (group_count == 1)
2658 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2660 linklist_free(group_base);
2661 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2662 group_name, ldap_err2string(rc));
2665 linklist_free(group_base);
2669 linklist_free(group_base);
2670 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2671 return(AD_NO_GROUPS_FOUND);
2677 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2683 return(N_SD_BER_BYTES);
2686 int process_lists(int ac, char **av, void *ptr)
2691 char group_membership[2];
2697 memset(group_ou, '\0', sizeof(group_ou));
2698 memset(group_membership, '\0', sizeof(group_membership));
2699 get_group_membership(group_membership, group_ou, &security_flag, av);
2700 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2701 group_ou, group_membership, call_args[2],
2702 (char *)call_args[3], "");
2706 int member_list_build(int ac, char **av, void *ptr)
2714 strcpy(temp, av[ACE_NAME]);
2715 if (!check_string(temp))
2717 if (!strcmp(av[ACE_TYPE], "USER"))
2719 if (!((int)call_args[3] & MOIRA_USERS))
2722 else if (!strcmp(av[ACE_TYPE], "STRING"))
2724 if (!((int)call_args[3] & MOIRA_STRINGS))
2726 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2729 else if (!strcmp(av[ACE_TYPE], "LIST"))
2731 if (!((int)call_args[3] & MOIRA_LISTS))
2734 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2736 if (!((int)call_args[3] & MOIRA_KERBEROS))
2738 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2744 linklist = member_base;
2747 if (!strcasecmp(temp, linklist->member))
2749 linklist = linklist->next;
2751 linklist = calloc(1, sizeof(LK_ENTRY));
2753 linklist->dn = NULL;
2754 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2755 strcpy(linklist->list, call_args[2]);
2756 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2757 strcpy(linklist->type, av[ACE_TYPE]);
2758 linklist->member = calloc(1, strlen(temp) + 1);
2759 strcpy(linklist->member, temp);
2760 linklist->next = member_base;
2761 member_base = linklist;
2765 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2766 char *group_ou, char *group_membership, char *user_name,
2767 char *UserOu, char *MoiraId)
2769 char distinguished_name[1024];
2777 LK_ENTRY *group_base;
2780 if (!check_string(group_name))
2781 return(AD_INVALID_NAME);
2783 memset(filter, '\0', sizeof(filter));
2786 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2787 group_membership, MoiraId,
2788 "distinguishedName", &group_base,
2789 &group_count, filter))
2792 if (group_count != 1)
2794 com_err(whoami, 0, "Unable to find list %s in AD",
2796 linklist_free(group_base);
2801 strcpy(distinguished_name, group_base->value);
2802 linklist_free(group_base);
2806 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2807 modvalues[0] = temp;
2808 modvalues[1] = NULL;
2811 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2813 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2814 for (i = 0; i < n; i++)
2816 if (rc == LDAP_UNWILLING_TO_PERFORM)
2818 if (rc != LDAP_SUCCESS)
2820 com_err(whoami, 0, "Unable to modify list %s members : %s",
2821 group_name, ldap_err2string(rc));
2829 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2830 char *group_ou, char *group_membership, char *user_name,
2831 char *UserOu, char *MoiraId)
2833 char distinguished_name[1024];
2841 LK_ENTRY *group_base;
2844 if (!check_string(group_name))
2845 return(AD_INVALID_NAME);
2848 memset(filter, '\0', sizeof(filter));
2851 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2852 group_membership, MoiraId,
2853 "distinguishedName", &group_base,
2854 &group_count, filter))
2857 if (group_count != 1)
2859 linklist_free(group_base);
2862 com_err(whoami, 0, "Unable to find list %s in AD",
2864 return(AD_MULTIPLE_GROUPS_FOUND);
2867 strcpy(distinguished_name, group_base->value);
2868 linklist_free(group_base);
2872 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2873 modvalues[0] = temp;
2874 modvalues[1] = NULL;
2877 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2879 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2880 if (rc == LDAP_ALREADY_EXISTS)
2882 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2884 if (rc == LDAP_UNWILLING_TO_PERFORM)
2887 for (i = 0; i < n; i++)
2889 if (rc != LDAP_SUCCESS)
2891 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2892 user_name, group_name, ldap_err2string(rc));
2898 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2902 char cn_user_name[256];
2903 char contact_name[256];
2904 char *email_v[] = {NULL, NULL};
2905 char *cn_v[] = {NULL, NULL};
2906 char *contact_v[] = {NULL, NULL};
2907 char *objectClass_v[] = {"top", "person",
2908 "organizationalPerson",
2910 char *name_v[] = {NULL, NULL};
2911 char *desc_v[] = {NULL, NULL};
2916 if (!check_string(user))
2918 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2919 return(AD_INVALID_NAME);
2921 strcpy(contact_name, user);
2922 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2923 cn_v[0] = cn_user_name;
2924 contact_v[0] = contact_name;
2926 desc_v[0] = "Auto account created by Moira";
2929 strcpy(new_dn, cn_user_name);
2931 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2932 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2933 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2934 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2935 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2936 if (!strcmp(group_ou, contact_ou))
2938 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2942 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2943 for (i = 0; i < n; i++)
2945 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2948 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2949 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2950 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2951 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2952 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2954 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2955 for (i = 0; i < n; i++)
2958 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2960 com_err(whoami, 0, "Unable to create contact %s : %s",
2961 user, ldap_err2string(rc));
2967 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2968 char *Uid, char *MitId, char *MoiraId, int State,
2969 char *WinHomeDir, char *WinProfileDir)
2972 LK_ENTRY *group_base;
2974 char distinguished_name[512];
2975 char *mitMoiraId_v[] = {NULL, NULL};
2976 char *uid_v[] = {NULL, NULL};
2977 char *mitid_v[] = {NULL, NULL};
2978 char *homedir_v[] = {NULL, NULL};
2979 char *winProfile_v[] = {NULL, NULL};
2980 char *drives_v[] = {NULL, NULL};
2981 char *userAccountControl_v[] = {NULL, NULL};
2982 char userAccountControlStr[80];
2987 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2989 char *attr_array[3];
2992 if (!check_string(user_name))
2994 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2995 return(AD_INVALID_NAME);
3001 if (strlen(MoiraId) != 0)
3003 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3004 attr_array[0] = "cn";
3005 attr_array[1] = NULL;
3006 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3007 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3009 com_err(whoami, 0, "Unable to process user %s : %s",
3010 user_name, ldap_err2string(rc));
3014 if (group_count != 1)
3016 linklist_free(group_base);
3019 sprintf(filter, "(sAMAccountName=%s)", user_name);
3020 attr_array[0] = "cn";
3021 attr_array[1] = NULL;
3022 sprintf(temp, "%s,%s", user_ou, dn_path);
3023 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
3024 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3026 com_err(whoami, 0, "Unable to process user %s : %s",
3027 user_name, ldap_err2string(rc));
3032 if (group_count != 1)
3034 com_err(whoami, 0, "Unable to find user %s in AD",
3036 linklist_free(group_base);
3037 return(AD_NO_USER_FOUND);
3039 strcpy(distinguished_name, group_base->dn);
3041 linklist_free(group_base);
3044 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
3045 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
3046 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
3051 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3055 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3059 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3060 userAccountControl |= UF_ACCOUNTDISABLE;
3061 sprintf(userAccountControlStr, "%ld", userAccountControl);
3062 userAccountControl_v[0] = userAccountControlStr;
3063 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3065 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3066 WinProfileDir, homedir_v, winProfile_v,
3067 drives_v, mods, LDAP_MOD_REPLACE, n);
3070 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3072 OldUseSFU30 = UseSFU30;
3073 SwitchSFU(mods, &UseSFU30, n);
3074 if (OldUseSFU30 != UseSFU30)
3075 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3078 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3079 user_name, ldap_err2string(rc));
3082 for (i = 0; i < n; i++)
3087 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3095 char *userPrincipalName_v[] = {NULL, NULL};
3096 char *altSecurityIdentities_v[] = {NULL, NULL};
3097 char *name_v[] = {NULL, NULL};
3098 char *samAccountName_v[] = {NULL, NULL};
3103 if (!check_string(before_user_name))
3105 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
3106 return(AD_INVALID_NAME);
3108 if (!check_string(user_name))
3110 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3111 return(AD_INVALID_NAME);
3114 strcpy(user_name, user_name);
3115 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3116 sprintf(new_dn, "cn=%s", user_name);
3117 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3118 NULL, NULL)) != LDAP_SUCCESS)
3120 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
3121 before_user_name, user_name, ldap_err2string(rc));
3125 name_v[0] = user_name;
3126 sprintf(upn, "%s@%s", user_name, ldap_domain);
3127 userPrincipalName_v[0] = upn;
3128 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3129 altSecurityIdentities_v[0] = temp;
3130 samAccountName_v[0] = user_name;
3133 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3134 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3135 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3136 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3138 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3139 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3141 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
3142 user_name, ldap_err2string(rc));
3144 for (i = 0; i < n; i++)
3149 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3150 char *fs_type, char *fs_pack, int operation)
3152 char distinguished_name[256];
3154 char winProfile[256];
3156 char *attr_array[3];
3157 char *homedir_v[] = {NULL, NULL};
3158 char *winProfile_v[] = {NULL, NULL};
3159 char *drives_v[] = {NULL, NULL};
3165 LK_ENTRY *group_base;
3167 if (!check_string(fs_name))
3169 com_err(whoami, 0, "Unable to process invalid filesys name %s", fs_name);
3170 return(AD_INVALID_NAME);
3173 if (strcmp(fs_type, "AFS"))
3175 com_err(whoami, 0, "Unable to process invalid filesys type %s", fs_type);
3176 return(AD_INVALID_FILESYS);
3181 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3182 attr_array[0] = "cn";
3183 attr_array[1] = NULL;
3184 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3185 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3187 com_err(whoami, 0, "Unable to process filesys %s : %s",
3188 fs_name, ldap_err2string(rc));
3192 if (group_count != 1)
3194 linklist_free(group_base);
3195 com_err(whoami, 0, "Unable to find user %s in AD",
3197 return(LDAP_NO_SUCH_OBJECT);
3199 strcpy(distinguished_name, group_base->dn);
3200 linklist_free(group_base);
3204 if (operation == LDAP_MOD_ADD)
3206 memset(winPath, 0, sizeof(winPath));
3207 AfsToWinAfs(fs_pack, winPath);
3208 homedir_v[0] = winPath;
3210 memset(winProfile, 0, sizeof(winProfile));
3211 strcpy(winProfile, winPath);
3212 strcat(winProfile, "\\.winprofile");
3213 winProfile_v[0] = winProfile;
3217 homedir_v[0] = NULL;
3219 winProfile_v[0] = NULL;
3221 ADD_ATTR("profilePath", winProfile_v, operation);
3222 ADD_ATTR("homeDrive", drives_v, operation);
3223 ADD_ATTR("homeDirectory", homedir_v, operation);
3226 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3227 if (rc != LDAP_SUCCESS)
3229 com_err(whoami, 0, "Unable to modify user data for filesys %s : %s",
3230 fs_name, ldap_err2string(rc));
3232 for (i = 0; i < n; i++)
3238 int user_create(int ac, char **av, void *ptr)
3240 LK_ENTRY *group_base;
3243 char user_name[256];
3246 char *cn_v[] = {NULL, NULL};
3247 char *objectClass_v[] = {"top", "person",
3248 "organizationalPerson",
3251 char *samAccountName_v[] = {NULL, NULL};
3252 char *altSecurityIdentities_v[] = {NULL, NULL};
3253 char *mitMoiraId_v[] = {NULL, NULL};
3254 char *name_v[] = {NULL, NULL};
3255 char *desc_v[] = {NULL, NULL};
3256 char *userPrincipalName_v[] = {NULL, NULL};
3257 char *userAccountControl_v[] = {NULL, NULL};
3258 char *uid_v[] = {NULL, NULL};
3259 char *mitid_v[] = {NULL, NULL};
3260 char *homedir_v[] = {NULL, NULL};
3261 char *winProfile_v[] = {NULL, NULL};
3262 char *drives_v[] = {NULL, NULL};
3263 char userAccountControlStr[80];
3265 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3272 char *attr_array[3];
3274 char WinHomeDir[1024];
3275 char WinProfileDir[1024];
3279 if (!check_string(av[U_NAME]))
3281 callback_rc = AD_INVALID_NAME;
3282 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
3283 return(AD_INVALID_NAME);
3286 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3287 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3288 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3289 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3290 strcpy(user_name, av[U_NAME]);
3291 sprintf(upn, "%s@%s", user_name, ldap_domain);
3292 sprintf(sam_name, "%s", av[U_NAME]);
3293 samAccountName_v[0] = sam_name;
3294 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3295 userAccountControl |= UF_ACCOUNTDISABLE;
3296 sprintf(userAccountControlStr, "%ld", userAccountControl);
3297 userAccountControl_v[0] = userAccountControlStr;
3298 userPrincipalName_v[0] = upn;
3300 cn_v[0] = user_name;
3301 name_v[0] = user_name;
3302 desc_v[0] = "Auto account created by Moira";
3303 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3304 altSecurityIdentities_v[0] = temp;
3305 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3308 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3309 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3310 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3311 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3312 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3313 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3314 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3315 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3316 if (strlen(call_args[2]) != 0)
3318 mitMoiraId_v[0] = call_args[2];
3319 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3321 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3322 if (strlen(av[U_UID]) != 0)
3324 uid_v[0] = av[U_UID];
3325 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3328 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3332 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3335 if (strlen(av[U_MITID]) != 0)
3336 mitid_v[0] = av[U_MITID];
3338 mitid_v[0] = "none";
3339 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3341 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3342 WinProfileDir, homedir_v, winProfile_v,
3343 drives_v, mods, LDAP_MOD_ADD, n);
3347 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3348 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3350 OldUseSFU30 = UseSFU30;
3351 SwitchSFU(mods, &UseSFU30, n);
3352 if (OldUseSFU30 != UseSFU30)
3353 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3356 for (i = 0; i < n; i++)
3358 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3360 com_err(whoami, 0, "Unable to create user %s : %s",
3361 user_name, ldap_err2string(rc));
3365 if (rc == LDAP_SUCCESS)
3367 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3369 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3373 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3374 if (strlen(call_args[2]) != 0)
3375 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3376 attr_array[0] = "objectSid";
3377 attr_array[1] = NULL;
3380 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3381 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3383 if (group_count != 1)
3385 if (strlen(call_args[2]) != 0)
3387 linklist_free(group_base);
3390 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3391 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3392 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3395 if (group_count == 1)
3397 (*sid_ptr) = group_base;
3398 (*sid_ptr)->member = strdup(av[U_NAME]);
3399 (*sid_ptr)->type = (char *)GROUPS;
3400 sid_ptr = &(*sid_ptr)->next;
3404 if (group_base != NULL)
3405 linklist_free(group_base);
3410 if (group_base != NULL)
3411 linklist_free(group_base);
3416 int user_change_status(LDAP *ldap_handle, char *dn_path,
3417 char *user_name, char *MoiraId,
3421 char *attr_array[3];
3423 char distinguished_name[1024];
3425 char *mitMoiraId_v[] = {NULL, NULL};
3427 LK_ENTRY *group_base;
3434 if (!check_string(user_name))
3436 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3437 return(AD_INVALID_NAME);
3443 if (strlen(MoiraId) != 0)
3445 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3446 attr_array[0] = "UserAccountControl";
3447 attr_array[1] = NULL;
3448 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3449 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3451 com_err(whoami, 0, "Unable to process user %s : %s",
3452 user_name, ldap_err2string(rc));
3456 if (group_count != 1)
3458 linklist_free(group_base);
3461 sprintf(filter, "(sAMAccountName=%s)", user_name);
3462 attr_array[0] = "UserAccountControl";
3463 attr_array[1] = NULL;
3464 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3465 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3467 com_err(whoami, 0, "Unable to process user %s : %s",
3468 user_name, ldap_err2string(rc));
3473 if (group_count != 1)
3475 linklist_free(group_base);
3476 com_err(whoami, 0, "Unable to find user %s in AD",
3478 return(LDAP_NO_SUCH_OBJECT);
3481 strcpy(distinguished_name, group_base->dn);
3482 ulongValue = atoi((*group_base).value);
3483 if (operation == MEMBER_DEACTIVATE)
3484 ulongValue |= UF_ACCOUNTDISABLE;
3486 ulongValue &= ~UF_ACCOUNTDISABLE;
3487 sprintf(temp, "%ld", ulongValue);
3488 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3489 temp, &modvalues, REPLACE)) == 1)
3491 linklist_free(group_base);
3495 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3496 if (strlen(MoiraId) != 0)
3498 mitMoiraId_v[0] = MoiraId;
3499 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3502 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3503 for (i = 0; i < n; i++)
3505 free_values(modvalues);
3506 if (rc != LDAP_SUCCESS)
3508 com_err(whoami, 0, "Unable to change status of user %s : %s",
3509 user_name, ldap_err2string(rc));
3515 int user_delete(LDAP *ldap_handle, char *dn_path,
3516 char *u_name, char *MoiraId)
3519 char *attr_array[3];
3520 char distinguished_name[1024];
3521 char user_name[512];
3522 LK_ENTRY *group_base;
3526 if (!check_string(u_name))
3527 return(AD_INVALID_NAME);
3529 strcpy(user_name, u_name);
3533 if (strlen(MoiraId) != 0)
3535 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3536 attr_array[0] = "name";
3537 attr_array[1] = NULL;
3538 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3539 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3541 com_err(whoami, 0, "Unable to process user %s : %s",
3542 user_name, ldap_err2string(rc));
3546 if (group_count != 1)
3548 linklist_free(group_base);
3551 sprintf(filter, "(sAMAccountName=%s)", user_name);
3552 attr_array[0] = "name";
3553 attr_array[1] = NULL;
3554 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3555 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3557 com_err(whoami, 0, "Unable to process user %s : %s",
3558 user_name, ldap_err2string(rc));
3563 if (group_count != 1)
3565 com_err(whoami, 0, "Unable to find user %s in AD",
3570 strcpy(distinguished_name, group_base->dn);
3571 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3573 com_err(whoami, 0, "Unable to process user %s : %s",
3574 user_name, ldap_err2string(rc));
3578 linklist_free(group_base);
3582 void linklist_free(LK_ENTRY *linklist_base)
3584 LK_ENTRY *linklist_previous;
3586 while (linklist_base != NULL)
3588 if (linklist_base->dn != NULL)
3589 free(linklist_base->dn);
3590 if (linklist_base->attribute != NULL)
3591 free(linklist_base->attribute);
3592 if (linklist_base->value != NULL)
3593 free(linklist_base->value);
3594 if (linklist_base->member != NULL)
3595 free(linklist_base->member);
3596 if (linklist_base->type != NULL)
3597 free(linklist_base->type);
3598 if (linklist_base->list != NULL)
3599 free(linklist_base->list);
3600 linklist_previous = linklist_base;
3601 linklist_base = linklist_previous->next;
3602 free(linklist_previous);
3606 void free_values(char **modvalues)
3611 if (modvalues != NULL)
3613 while (modvalues[i] != NULL)
3616 modvalues[i] = NULL;
3623 int sid_update(LDAP *ldap_handle, char *dn_path)
3627 unsigned char temp[126];
3634 memset(temp, 0, sizeof(temp));
3635 convert_b_to_a(temp, ptr->value, ptr->length);
3638 av[0] = ptr->member;
3640 if (ptr->type == (char *)GROUPS)
3643 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3645 else if (ptr->type == (char *)USERS)
3648 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3655 void convert_b_to_a(char *string, UCHAR *binary, int length)
3662 for (i = 0; i < length; i++)
3669 if (string[j] > '9')
3672 string[j] = tmp & 0x0f;
3674 if (string[j] > '9')
3681 static int illegalchars[] = {
3682 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3683 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3684 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3685 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3686 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3687 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3688 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3689 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3690 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3691 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3692 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3693 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3694 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3695 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3696 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3697 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3700 int check_string(char *s)
3707 if (isupper(character))
3708 character = tolower(character);
3709 if (illegalchars[(unsigned) character])
3715 int check_container_name(char *s)
3722 if (isupper(character))
3723 character = tolower(character);
3725 if (character == ' ')
3727 if (illegalchars[(unsigned) character])
3733 int mr_connect_cl(char *server, char *client, int version, int auth)
3739 status = mr_connect(server);
3742 com_err(whoami, status, "while connecting to Moira");
3746 status = mr_motd(&motd);
3750 com_err(whoami, status, "while checking server status");
3755 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3756 com_err(whoami, status, temp);
3761 status = mr_version(version);
3764 if (status == MR_UNKNOWN_PROC)
3767 status = MR_VERSION_HIGH;
3769 status = MR_SUCCESS;
3772 if (status == MR_VERSION_HIGH)
3774 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3775 com_err(whoami, 0, "Some operations may not work.");
3777 else if (status && status != MR_VERSION_LOW)
3779 com_err(whoami, status, "while setting query version number.");
3787 status = mr_auth(client);
3790 com_err(whoami, status, "while authenticating to Moira.");
3799 void AfsToWinAfs(char* path, char* winPath)
3803 strcpy(winPath, WINAFS);
3804 pathPtr = path + strlen(AFS);
3805 winPathPtr = winPath + strlen(WINAFS);
3809 if (*pathPtr == '/')
3812 *winPathPtr = *pathPtr;
3819 int GetAceInfo(int ac, char **av, void *ptr)
3826 strcpy(call_args[0], av[L_ACE_TYPE]);
3827 strcpy(call_args[1], av[L_ACE_NAME]);
3829 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3830 return(LDAP_SUCCESS);
3834 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3837 char *attr_array[3];
3840 LK_ENTRY *group_base;
3845 sprintf(filter, "(sAMAccountName=%s)", Name);
3846 attr_array[0] = "sAMAccountName";
3847 attr_array[1] = NULL;
3848 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3849 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3851 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3852 Name, ldap_err2string(rc));
3856 linklist_free(group_base);
3858 if (group_count == 0)
3865 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3868 char GroupName[256];
3874 char AceMembership[2];
3878 strcpy(GroupName, Name);
3880 if (strcasecmp(Type, "LIST"))
3885 AceInfo[0] = AceType;
3886 AceInfo[1] = AceName;
3887 AceInfo[2] = AceMembership;
3889 memset(AceType, '\0', sizeof(AceType));
3890 memset(AceName, '\0', sizeof(AceName));
3891 memset(AceMembership, '\0', sizeof(AceMembership));
3892 memset(AceOu, '\0', sizeof(AceOu));
3894 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3896 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3901 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3904 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3906 strcpy(temp, AceName);
3907 if (!strcasecmp(AceType, "LIST"))
3908 sprintf(temp, "%s_group", AceName);
3911 if (checkADname(ldap_handle, dn_path, temp))
3913 (*ProcessGroup) = 1;
3915 if (!strcasecmp(AceInfo[0], "LIST"))
3917 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3920 else if (!strcasecmp(AceInfo[0], "USER"))
3923 call_args[0] = (char *)ldap_handle;
3924 call_args[1] = dn_path;
3926 call_args[3] = NULL;
3928 sid_ptr = &sid_base;
3930 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3932 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3937 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3940 if (sid_base != NULL)
3942 sid_update(ldap_handle, dn_path);
3943 linklist_free(sid_base);
3950 if (!strcasecmp(AceType, "LIST"))
3952 if (!strcasecmp(GroupName, AceName))
3955 strcpy(GroupName, AceName);
3960 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3961 char *group_name, char *group_ou, char *group_membership,
3962 int group_security_flag, int updateGroup)
3969 call_args[0] = (char *)ldap_handle;
3970 call_args[1] = dn_path;
3971 call_args[2] = group_name;
3972 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3973 call_args[4] = (char *)updateGroup;
3974 call_args[5] = MoiraId;
3975 call_args[6] = NULL;
3977 sid_ptr = &sid_base;
3979 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3982 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3988 com_err(whoami, 0, "Unable to create list %s", group_name);
3989 return(callback_rc);
3992 if (sid_base != NULL)
3994 sid_update(ldap_handle, dn_path);
3995 linklist_free(sid_base);
4001 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
4002 char *group_ou, char *group_membership,
4003 int group_security_flag, char *MoiraId)
4011 com_err(whoami, 0, "Populating group %s", group_name);
4013 call_args[0] = (char *)ldap_handle;
4014 call_args[1] = dn_path;
4015 call_args[2] = group_name;
4016 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
4017 call_args[4] = NULL;
4019 if (rc = mr_query("get_end_members_of_list", 1, av,
4020 member_list_build, call_args))
4022 com_err(whoami, 0, "Unable to populate list %s : %s",
4023 group_name, error_message(rc));
4026 if (member_base != NULL)
4031 if (!strcasecmp(ptr->type, "LIST"))
4037 if (!strcasecmp(ptr->type, "STRING"))
4039 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4041 pUserOu = contact_ou;
4043 else if (!strcasecmp(ptr->type, "KERBEROS"))
4045 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4047 pUserOu = kerberos_ou;
4049 rc = member_add(ldap_handle, dn_path, group_name,
4050 group_ou, group_membership, ptr->member,
4054 linklist_free(member_base);
4060 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4061 char *group_name, char *group_ou, char *group_membership,
4062 int group_security_flag, int type)
4064 char before_desc[512];
4065 char before_name[256];
4066 char before_group_ou[256];
4067 char before_group_membership[2];
4068 char distinguishedName[256];
4069 char ad_distinguishedName[256];
4071 char *attr_array[3];
4072 int before_security_flag;
4075 LK_ENTRY *group_base;
4078 char ou_security[512];
4079 char ou_distribution[512];
4080 char ou_neither[512];
4082 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4083 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4086 memset(filter, '\0', sizeof(filter));
4089 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4091 "distinguishedName", &group_base,
4092 &group_count, filter))
4095 if (type == CHECK_GROUPS)
4097 if (group_count == 1)
4099 if (!strcasecmp(group_base->value, distinguishedName))
4101 linklist_free(group_base);
4105 linklist_free(group_base);
4106 if (group_count == 0)
4107 return(AD_NO_GROUPS_FOUND);
4108 if (group_count == 1)
4109 return(AD_WRONG_GROUP_DN_FOUND);
4110 return(AD_MULTIPLE_GROUPS_FOUND);
4112 if (group_count == 0)
4114 return(AD_NO_GROUPS_FOUND);
4116 if (group_count > 1)
4121 if (!strcasecmp(distinguishedName, ptr->value))
4127 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4131 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4134 linklist_free(group_base);
4135 return(AD_MULTIPLE_GROUPS_FOUND);
4140 if (strcasecmp(distinguishedName, ptr->value))
4141 rc = ldap_delete_s(ldap_handle, ptr->value);
4144 linklist_free(group_base);
4145 memset(filter, '\0', sizeof(filter));
4148 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4150 "distinguishedName", &group_base,
4151 &group_count, filter))
4153 if (group_count == 0)
4154 return(AD_NO_GROUPS_FOUND);
4155 if (group_count > 1)
4156 return(AD_MULTIPLE_GROUPS_FOUND);
4159 strcpy(ad_distinguishedName, group_base->value);
4160 linklist_free(group_base);
4164 attr_array[0] = "sAMAccountName";
4165 attr_array[1] = NULL;
4166 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4167 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4169 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4170 MoiraId, ldap_err2string(rc));
4173 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4175 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4177 linklist_free(group_base);
4182 linklist_free(group_base);
4185 memset(ou_both, '\0', sizeof(ou_both));
4186 memset(ou_security, '\0', sizeof(ou_security));
4187 memset(ou_distribution, '\0', sizeof(ou_distribution));
4188 memset(ou_neither, '\0', sizeof(ou_neither));
4189 memset(before_name, '\0', sizeof(before_name));
4190 memset(before_desc, '\0', sizeof(before_desc));
4191 memset(before_group_membership, '\0', sizeof(before_group_membership));
4192 attr_array[0] = "name";
4193 attr_array[1] = NULL;
4194 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4195 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4197 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
4198 MoiraId, ldap_err2string(rc));
4201 strcpy(before_name, group_base->value);
4202 linklist_free(group_base);
4205 attr_array[0] = "description";
4206 attr_array[1] = NULL;
4207 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4208 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4211 "Unable to get list description with MoiraId = %s: %s",
4212 MoiraId, ldap_err2string(rc));
4215 if (group_count != 0)
4217 strcpy(before_desc, group_base->value);
4218 linklist_free(group_base);
4222 change_to_lower_case(ad_distinguishedName);
4223 strcpy(ou_both, group_ou_both);
4224 change_to_lower_case(ou_both);
4225 strcpy(ou_security, group_ou_security);
4226 change_to_lower_case(ou_security);
4227 strcpy(ou_distribution, group_ou_distribution);
4228 change_to_lower_case(ou_distribution);
4229 strcpy(ou_neither, group_ou_neither);
4230 change_to_lower_case(ou_neither);
4231 if (strstr(ad_distinguishedName, ou_both))
4233 strcpy(before_group_ou, group_ou_both);
4234 before_group_membership[0] = 'B';
4235 before_security_flag = 1;
4237 else if (strstr(ad_distinguishedName, ou_security))
4239 strcpy(before_group_ou, group_ou_security);
4240 before_group_membership[0] = 'S';
4241 before_security_flag = 1;
4243 else if (strstr(ad_distinguishedName, ou_distribution))
4245 strcpy(before_group_ou, group_ou_distribution);
4246 before_group_membership[0] = 'D';
4247 before_security_flag = 0;
4249 else if (strstr(ad_distinguishedName, ou_neither))
4251 strcpy(before_group_ou, group_ou_neither);
4252 before_group_membership[0] = 'N';
4253 before_security_flag = 0;
4256 return(AD_NO_OU_FOUND);
4257 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4258 before_group_ou, before_security_flag, before_desc,
4259 group_name, group_membership, group_ou, group_security_flag,
4260 before_desc, MoiraId, filter);
4264 void change_to_lower_case(char *ptr)
4268 for (i = 0; i < (int)strlen(ptr); i++)
4270 ptr[i] = tolower(ptr[i]);
4274 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4275 char *group_name, char *group_membership,
4276 char *MoiraId, char *attribute,
4277 LK_ENTRY **linklist_base, int *linklist_count,
4282 char *attr_array[3];
4285 (*linklist_base) = NULL;
4286 (*linklist_count) = 0;
4287 if (strlen(rFilter) != 0)
4289 strcpy(filter, rFilter);
4290 attr_array[0] = attribute;
4291 attr_array[1] = NULL;
4292 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4293 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4295 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4296 MoiraId, ldap_err2string(rc));
4299 if ((*linklist_count) == 1)
4301 strcpy(rFilter, filter);
4306 linklist_free((*linklist_base));
4307 (*linklist_base) = NULL;
4308 (*linklist_count) = 0;
4309 if (strlen(MoiraId) != 0)
4311 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4312 attr_array[0] = attribute;
4313 attr_array[1] = NULL;
4314 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4315 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4317 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4318 MoiraId, ldap_err2string(rc));
4322 if ((*linklist_count) > 1)
4324 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4325 pPtr = (*linklist_base);
4328 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4331 linklist_free((*linklist_base));
4332 (*linklist_base) = NULL;
4333 (*linklist_count) = 0;
4335 if ((*linklist_count) == 1)
4337 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4339 strcpy(rFilter, filter);
4344 linklist_free((*linklist_base));
4345 (*linklist_base) = NULL;
4346 (*linklist_count) = 0;
4347 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4348 attr_array[0] = attribute;
4349 attr_array[1] = NULL;
4350 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4351 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4353 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4354 MoiraId, ldap_err2string(rc));
4357 if ((*linklist_count) == 1)
4359 strcpy(rFilter, filter);
4366 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4369 char *attr_array[3];
4370 char SamAccountName[64];
4373 LK_ENTRY *group_base;
4379 if (strlen(MoiraId) != 0)
4381 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4382 attr_array[0] = "sAMAccountName";
4383 attr_array[1] = NULL;
4384 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4385 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4387 com_err(whoami, 0, "Unable to process user %s : %s",
4388 UserName, ldap_err2string(rc));
4391 if (group_count > 1)
4393 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4398 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4399 gPtr->value, MoiraId);
4404 if (group_count != 1)
4406 linklist_free(group_base);
4409 sprintf(filter, "(sAMAccountName=%s)", UserName);
4410 attr_array[0] = "sAMAccountName";
4411 attr_array[1] = NULL;
4412 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4413 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4415 com_err(whoami, 0, "Unable to process user %s : %s",
4416 UserName, ldap_err2string(rc));
4421 if (group_count != 1)
4423 linklist_free(group_base);
4424 return(AD_NO_USER_FOUND);
4426 strcpy(SamAccountName, group_base->value);
4427 linklist_free(group_base);
4430 if (strcmp(SamAccountName, UserName))
4432 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4438 void container_get_dn(char *src, char *dest)
4445 memset(array, '\0', 20 * sizeof(array[0]));
4447 if (strlen(src) == 0)
4466 strcpy(dest, "OU=");
4469 strcat(dest, array[n-1]);
4473 strcat(dest, ",OU=");
4479 void container_get_name(char *src, char *dest)
4484 if (strlen(src) == 0)
4501 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4508 strcpy(cName, name);
4509 for (i = 0; i < (int)strlen(cName); i++)
4511 if (cName[i] == '/')
4514 av[CONTAINER_NAME] = cName;
4515 av[CONTAINER_DESC] = "";
4516 av[CONTAINER_LOCATION] = "";
4517 av[CONTAINER_CONTACT] = "";
4518 av[CONTAINER_TYPE] = "";
4519 av[CONTAINER_ID] = "";
4520 av[CONTAINER_ROWID] = "";
4521 rc = container_create(ldap_handle, dn_path, 7, av);
4522 if (rc == LDAP_SUCCESS)
4524 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4532 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4533 int afterc, char **after)
4538 char new_dn_path[256];
4540 char distinguishedName[256];
4545 memset(cName, '\0', sizeof(cName));
4546 container_get_name(after[CONTAINER_NAME], cName);
4547 if (!check_container_name(cName))
4549 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4550 return(AD_INVALID_NAME);
4553 memset(distinguishedName, '\0', sizeof(distinguishedName));
4554 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4556 if (strlen(distinguishedName) == 0)
4558 rc = container_create(ldap_handle, dn_path, afterc, after);
4562 strcpy(temp, after[CONTAINER_NAME]);
4564 for (i = 0; i < (int)strlen(temp); i++)
4573 container_get_dn(temp, dName);
4574 if (strlen(temp) != 0)
4575 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4577 sprintf(new_dn_path, "%s", dn_path);
4578 sprintf(new_cn, "OU=%s", cName);
4580 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4582 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4583 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4585 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4586 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4590 memset(dName, '\0', sizeof(dName));
4591 container_get_dn(after[CONTAINER_NAME], dName);
4592 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4596 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4598 char distinguishedName[256];
4601 memset(distinguishedName, '\0', sizeof(distinguishedName));
4602 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4604 if (strlen(distinguishedName) == 0)
4606 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4608 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4609 container_move_objects(ldap_handle, dn_path, distinguishedName);
4611 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4612 av[CONTAINER_NAME], ldap_err2string(rc));
4617 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4619 char *attr_array[3];
4620 LK_ENTRY *group_base;
4623 char *objectClass_v[] = {"top",
4624 "organizationalUnit",
4627 char *ou_v[] = {NULL, NULL};
4628 char *name_v[] = {NULL, NULL};
4629 char *moiraId_v[] = {NULL, NULL};
4630 char *desc_v[] = {NULL, NULL};
4631 char *managedBy_v[] = {NULL, NULL};
4634 char managedByDN[256];
4641 memset(filter, '\0', sizeof(filter));
4642 memset(dName, '\0', sizeof(dName));
4643 memset(cName, '\0', sizeof(cName));
4644 memset(managedByDN, '\0', sizeof(managedByDN));
4645 container_get_dn(av[CONTAINER_NAME], dName);
4646 container_get_name(av[CONTAINER_NAME], cName);
4648 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4650 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4651 return(AD_INVALID_NAME);
4654 if (!check_container_name(cName))
4656 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4657 return(AD_INVALID_NAME);
4661 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4663 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4665 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4666 if (strlen(av[CONTAINER_ROWID]) != 0)
4668 moiraId_v[0] = av[CONTAINER_ROWID];
4669 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4671 if (strlen(av[CONTAINER_DESC]) != 0)
4673 desc_v[0] = av[CONTAINER_DESC];
4674 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4676 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4678 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4680 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4682 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4683 managedBy_v[0] = managedByDN;
4684 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4689 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4691 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4693 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4695 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4697 if (strlen(filter) != 0)
4699 attr_array[0] = "distinguishedName";
4700 attr_array[1] = NULL;
4703 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4704 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4706 if (group_count == 1)
4708 strcpy(managedByDN, group_base->value);
4709 managedBy_v[0] = managedByDN;
4710 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4712 linklist_free(group_base);
4721 sprintf(temp, "%s,%s", dName, dn_path);
4722 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4723 for (i = 0; i < n; i++)
4725 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4727 com_err(whoami, 0, "Unable to create container %s : %s",
4728 cName, ldap_err2string(rc));
4731 if (rc == LDAP_ALREADY_EXISTS)
4733 if (strlen(av[CONTAINER_ROWID]) != 0)
4734 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4739 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4740 int afterc, char **after)
4742 char distinguishedName[256];
4745 memset(distinguishedName, '\0', sizeof(distinguishedName));
4746 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4748 if (strlen(distinguishedName) == 0)
4750 rc = container_create(ldap_handle, dn_path, afterc, after);
4754 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4755 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4760 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4762 char *attr_array[3];
4763 LK_ENTRY *group_base;
4770 memset(filter, '\0', sizeof(filter));
4771 memset(dName, '\0', sizeof(dName));
4772 memset(cName, '\0', sizeof(cName));
4773 container_get_dn(av[CONTAINER_NAME], dName);
4774 container_get_name(av[CONTAINER_NAME], cName);
4776 if (strlen(dName) == 0)
4778 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4779 return(AD_INVALID_NAME);
4782 if (!check_container_name(cName))
4784 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4785 return(AD_INVALID_NAME);
4788 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4789 attr_array[0] = "distinguishedName";
4790 attr_array[1] = NULL;
4793 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4794 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4796 if (group_count == 1)
4798 strcpy(distinguishedName, group_base->value);
4800 linklist_free(group_base);
4804 if (strlen(distinguishedName) == 0)
4806 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4807 attr_array[0] = "distinguishedName";
4808 attr_array[1] = NULL;
4811 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4812 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4814 if (group_count == 1)
4816 strcpy(distinguishedName, group_base->value);
4818 linklist_free(group_base);
4826 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4827 char *distinguishedName, int count, char **av)
4829 char *attr_array[5];
4830 LK_ENTRY *group_base;
4835 char *moiraId_v[] = {NULL, NULL};
4836 char *desc_v[] = {NULL, NULL};
4837 char *managedBy_v[] = {NULL, NULL};
4838 char managedByDN[256];
4847 strcpy(ad_path, distinguishedName);
4848 if (strlen(dName) != 0)
4849 sprintf(ad_path, "%s,%s", dName, dn_path);
4851 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4852 if (strlen(av[CONTAINER_ID]) != 0)
4853 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4854 attr_array[0] = "mitMoiraId";
4855 attr_array[1] = "description";
4856 attr_array[2] = "managedBy";
4857 attr_array[3] = NULL;
4860 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4861 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4863 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4864 av[CONTAINER_NAME], ldap_err2string(rc));
4867 memset(managedByDN, '\0', sizeof(managedByDN));
4868 memset(moiraId, '\0', sizeof(moiraId));
4869 memset(desc, '\0', sizeof(desc));
4873 if (!strcasecmp(pPtr->attribute, "description"))
4874 strcpy(desc, pPtr->value);
4875 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4876 strcpy(managedByDN, pPtr->value);
4877 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4878 strcpy(moiraId, pPtr->value);
4881 linklist_free(group_base);
4886 if (strlen(av[CONTAINER_ROWID]) != 0)
4888 moiraId_v[0] = av[CONTAINER_ROWID];
4889 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4891 if (strlen(av[CONTAINER_DESC]) != 0)
4893 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4897 if (strlen(desc) != 0)
4899 attribute_update(ldap_handle, ad_path, "", "description", dName);
4902 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4904 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4906 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4908 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4909 managedBy_v[0] = managedByDN;
4910 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4914 if (strlen(managedByDN) != 0)
4916 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4922 memset(filter, '\0', sizeof(filter));
4923 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4925 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4927 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4929 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4931 if (strlen(filter) != 0)
4933 attr_array[0] = "distinguishedName";
4934 attr_array[1] = NULL;
4937 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4938 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4940 if (group_count == 1)
4942 strcpy(managedByDN, group_base->value);
4943 managedBy_v[0] = managedByDN;
4944 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4948 if (strlen(managedByDN) != 0)
4950 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4953 linklist_free(group_base);
4960 if (strlen(managedByDN) != 0)
4962 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4969 return(LDAP_SUCCESS);
4971 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4972 for (i = 0; i < n; i++)
4974 if (rc != LDAP_SUCCESS)
4976 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4977 av[CONTAINER_NAME], ldap_err2string(rc));
4983 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4985 char *attr_array[3];
4986 LK_ENTRY *group_base;
4993 int NumberOfEntries = 10;
4997 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4999 for (i = 0; i < 3; i++)
5001 memset(filter, '\0', sizeof(filter));
5004 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
5005 attr_array[0] = "cn";
5006 attr_array[1] = NULL;
5010 strcpy(filter, "(objectClass=computer)");
5011 attr_array[0] = "cn";
5012 attr_array[1] = NULL;
5016 strcpy(filter, "(objectClass=organizationalUnit)");
5017 attr_array[0] = "ou";
5018 attr_array[1] = NULL;
5023 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5024 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5028 if (group_count == 0)
5033 if (!strcasecmp(pPtr->attribute, "cn"))
5035 sprintf(new_cn, "cn=%s", pPtr->value);
5037 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5039 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5043 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5045 if (rc == LDAP_ALREADY_EXISTS)
5047 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5054 else if (!strcasecmp(pPtr->attribute, "ou"))
5056 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5060 linklist_free(group_base);
5068 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5070 LK_ENTRY *group_base;
5074 char *attr_array[3];
5081 strcpy(NewMachineName, member);
5082 rc = moira_connect();
5083 rc = GetMachineName(NewMachineName);
5085 if (strlen(NewMachineName) == 0)
5087 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5092 pPtr = strchr(NewMachineName, '.');
5098 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5099 attr_array[0] = "cn";
5100 attr_array[1] = NULL;
5101 sprintf(temp, "%s", dn_path);
5102 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5103 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5105 com_err(whoami, 0, "Unable to process machine %s : %s",
5106 member, ldap_err2string(rc));
5109 if (group_count != 1)
5111 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
5115 strcpy(dn, group_base->dn);
5116 strcpy(cn, group_base->value);
5117 for (i = 0; i < (int)strlen(dn); i++)
5118 dn[i] = tolower(dn[i]);
5119 for (i = 0; i < (int)strlen(cn); i++)
5120 cn[i] = tolower(cn[i]);
5121 linklist_free(group_base);
5123 pPtr = strstr(dn, cn);
5126 com_err(whoami, 0, "Unable to process machine %s",
5130 pPtr += strlen(cn) + 1;
5131 strcpy(machine_ou, pPtr);
5133 pPtr = strstr(machine_ou, "dc=");
5136 com_err(whoami, 0, "Unable to process machine %s",
5145 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5150 char MachineName[128];
5152 char *attr_array[3];
5157 LK_ENTRY *group_base;
5162 strcpy(MachineName, MoiraMachineName);
5163 rc = GetMachineName(MachineName);
5164 if (strlen(MachineName) == 0)
5166 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5170 cPtr = strchr(MachineName, '.');
5173 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5174 attr_array[0] = "sAMAccountName";
5175 attr_array[1] = NULL;
5176 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5177 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5179 com_err(whoami, 0, "Unable to process machine %s : %s",
5180 MoiraMachineName, ldap_err2string(rc));
5184 if (group_count == 1)
5185 strcpy(OldDn, group_base->dn);
5186 linklist_free(group_base);
5188 if (group_count != 1)
5190 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5193 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5194 cPtr = strchr(OldDn, ',');
5198 if (!strcasecmp(cPtr, NewOu))
5201 sprintf(NewCn, "CN=%s", MachineName);
5202 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5206 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5212 memset(Name, '\0', sizeof(Name));
5213 strcpy(Name, machine_name);
5215 pPtr = strchr(Name, '.');
5219 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5222 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5228 av[0] = machine_name;
5229 call_args[0] = (char *)container_name;
5230 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5235 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5240 strcpy(call_args[0], av[1]);
5244 int Moira_container_group_create(char **after)
5250 memset(GroupName, '\0', sizeof(GroupName));
5251 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5252 after[CONTAINER_ROWID]);
5256 argv[L_NAME] = GroupName;
5257 argv[L_ACTIVE] = "1";
5258 argv[L_PUBLIC] = "0";
5259 argv[L_HIDDEN] = "0";
5260 argv[L_MAILLIST] = "0";
5261 argv[L_GROUP] = "1";
5262 argv[L_GID] = UNIQUE_GID;
5263 argv[L_NFSGROUP] = "0";
5264 argv[L_MAILMAN] = "0";
5265 argv[L_MAILMAN_SERVER] = "[NONE]";
5266 argv[L_DESC] = "auto created container group";
5267 argv[L_ACE_TYPE] = "USER";
5268 argv[L_MEMACE_TYPE] = "USER";
5269 argv[L_ACE_NAME] = "sms";
5270 argv[L_MEMACE_NAME] = "sms";
5272 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5274 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
5275 GroupName, after[CONTAINER_NAME], error_message(rc));
5278 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5279 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5284 int Moira_container_group_update(char **before, char **after)
5287 char BeforeGroupName[64];
5288 char AfterGroupName[64];
5291 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5294 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5295 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5296 if (strlen(BeforeGroupName) == 0)
5299 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5300 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5301 after[CONTAINER_ROWID]);
5305 if (strcasecmp(BeforeGroupName, AfterGroupName))
5307 argv[L_NAME] = BeforeGroupName;
5308 argv[L_NAME + 1] = AfterGroupName;
5309 argv[L_ACTIVE + 1] = "1";
5310 argv[L_PUBLIC + 1] = "0";
5311 argv[L_HIDDEN + 1] = "1";
5312 argv[L_MAILLIST + 1] = "0";
5313 argv[L_GROUP + 1] = "1";
5314 argv[L_GID + 1] = UNIQUE_GID;
5315 argv[L_NFSGROUP + 1] = "0";
5316 argv[L_MAILMAN + 1] = "0";
5317 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5318 argv[L_DESC + 1] = "auto created container group";
5319 argv[L_ACE_TYPE + 1] = "USER";
5320 argv[L_MEMACE_TYPE + 1] = "USER";
5321 argv[L_ACE_NAME + 1] = "sms";
5322 argv[L_MEMACE_NAME + 1] = "sms";
5324 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5326 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
5327 BeforeGroupName, AfterGroupName, error_message(rc));
5334 int Moira_container_group_delete(char **before)
5339 char ParentGroupName[64];
5341 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5342 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5344 memset(GroupName, '\0', sizeof(GroupName));
5345 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5346 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5348 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5350 argv[0] = ParentGroupName;
5352 argv[2] = GroupName;
5353 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5355 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
5356 GroupName, ParentGroupName, error_message(rc));
5360 if (strlen(GroupName) != 0)
5362 argv[0] = GroupName;
5363 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5365 com_err(whoami, 0, "Unable to delete container group %s : %s",
5366 GroupName, error_message(rc));
5373 int Moira_groupname_create(char *GroupName, char *ContainerName,
5374 char *ContainerRowID)
5379 char newGroupName[64];
5380 char tempGroupName[64];
5385 strcpy(temp, ContainerName);
5387 ptr1 = strrchr(temp, '/');
5393 if (strlen(ptr) > 25)
5396 sprintf(newGroupName, "cnt-%s", ptr);
5398 /* change everything to lower case */
5403 *ptr = tolower(*ptr);
5409 strcpy(tempGroupName, newGroupName);
5411 /* append 0-9 then a-z if a duplicate is found */
5414 argv[0] = newGroupName;
5415 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5417 if (rc == MR_NO_MATCH)
5419 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5420 ContainerName, error_message(rc));
5423 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5426 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5436 strcpy(GroupName, newGroupName);
5440 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5445 argv[0] = origContainerName;
5446 argv[1] = GroupName;
5448 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5450 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5451 GroupName, origContainerName, error_message(rc));
5457 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5459 char ContainerName[64];
5460 char ParentGroupName[64];
5464 strcpy(ContainerName, origContainerName);
5466 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5467 /* top-level container */
5468 if (strlen(ParentGroupName) == 0)
5471 argv[0] = ParentGroupName;
5473 argv[2] = GroupName;
5474 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5476 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5477 GroupName, ParentGroupName, error_message(rc));
5482 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5487 strcpy(call_args[0], av[1]);
5491 int Moira_getGroupName(char *origContainerName, char *GroupName,
5494 char ContainerName[64];
5500 strcpy(ContainerName, origContainerName);
5504 ptr = strrchr(ContainerName, '/');
5511 argv[0] = ContainerName;
5513 call_args[0] = GroupName;
5514 call_args[1] = NULL;
5516 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5519 if (strlen(GroupName) != 0)
5524 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5525 ContainerName, error_message(rc));
5527 com_err(whoami, 0, "Unable to get container group from container %s",
5532 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5538 if (strcmp(GroupName, "[none]") == 0)
5541 argv[0] = GroupName;
5542 argv[1] = "MACHINE";
5543 argv[2] = MachineName;
5545 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5547 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5550 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5551 MachineName, GroupName, error_message(rc));
5556 int GetMachineName(char *MachineName)
5559 char NewMachineName[1024];
5566 // If the address happens to be in the top-level MIT domain, great!
5567 strcpy(NewMachineName, MachineName);
5568 for (i = 0; i < (int)strlen(NewMachineName); i++)
5569 NewMachineName[i] = toupper(NewMachineName[i]);
5570 szDot = strchr(NewMachineName,'.');
5571 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5576 // If not, see if it has a Moira alias in the top-level MIT domain.
5577 memset(NewMachineName, '\0', sizeof(NewMachineName));
5579 args[1] = MachineName;
5580 call_args[0] = NewMachineName;
5581 call_args[1] = NULL;
5582 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5584 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5585 MachineName, error_message(rc));
5586 strcpy(MachineName, "");
5590 if (strlen(NewMachineName) != 0)
5591 strcpy(MachineName, NewMachineName);
5593 strcpy(MachineName, "");
5598 int ProcessMachineName(int ac, char **av, void *ptr)
5601 char MachineName[1024];
5606 if (strlen(call_args[0]) == 0)
5608 strcpy(MachineName, av[0]);
5609 for (i = 0; i < (int)strlen(MachineName); i++)
5610 MachineName[i] = toupper(MachineName[i]);
5611 szDot = strchr(MachineName,'.');
5612 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5614 strcpy(call_args[0], MachineName);
5620 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5626 for (i = 0; i < n; i++)
5628 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5629 mods[i]->mod_type = "uidNumber";
5635 for (i = 0; i < n; i++)
5637 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5638 mods[i]->mod_type = "msSFU30UidNumber";
5644 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5645 char *WinHomeDir, char *WinProfileDir,
5646 char **homedir_v, char **winProfile_v,
5647 char **drives_v, LDAPMod **mods,
5655 char winProfile[1024];
5660 LDAPMod *DelMods[20];
5662 memset(homeDrive, '\0', sizeof(homeDrive));
5663 memset(path, '\0', sizeof(path));
5664 memset(winPath, '\0', sizeof(winPath));
5665 memset(winProfile, '\0', sizeof(winProfile));
5667 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5669 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5671 memset(cWeight, 0, sizeof(cWeight));
5672 memset(cPath, 0, sizeof(cPath));
5675 while (hp[i] != NULL)
5677 if (sscanf(hp[i], "%*s %s", cPath))
5679 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5681 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5683 if (atoi(cWeight) < last_weight)
5685 strcpy(path, cPath);
5686 last_weight = (int)atoi(cWeight);
5690 strcpy(path, cPath);
5697 if (!strnicmp(path, AFS, strlen(AFS)))
5699 AfsToWinAfs(path, winPath);
5700 strcpy(winProfile, winPath);
5701 strcat(winProfile, "\\.winprofile");
5717 if (!strcasecmp(WinHomeDir, "[local]"))
5718 memset(winPath, '\0', sizeof(winPath));
5719 else if (!strcasecmp(WinHomeDir, "[afs]"))
5721 strcpy(homeDrive, "H:");
5725 strcpy(winPath, WinHomeDir);
5726 if (!strncmp(WinHomeDir, "\\\\", 2))
5728 strcpy(homeDrive, "H:");
5732 // nothing needs to be done if WinProfileDir is [afs].
5733 if (!strcasecmp(WinProfileDir, "[local]"))
5734 memset(winProfile, '\0', sizeof(winProfile));
5735 else if (strcasecmp(WinProfileDir, "[afs]"))
5737 strcpy(winProfile, WinProfileDir);
5740 if (strlen(winProfile) != 0)
5742 if (winProfile[strlen(winProfile) - 1] == '\\')
5743 winProfile[strlen(winProfile) - 1] = '\0';
5745 if (strlen(winPath) != 0)
5747 if (winPath[strlen(winPath) - 1] == '\\')
5748 winPath[strlen(winPath) - 1] = '\0';
5751 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5752 strcat(winProfile, "\\");
5753 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5754 strcat(winPath, "\\");
5756 if (strlen(winPath) == 0)
5758 if (OpType == LDAP_MOD_REPLACE)
5761 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5763 //unset homeDirectory attribute for user.
5764 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5770 homedir_v[0] = strdup(winPath);
5771 ADD_ATTR("homeDirectory", homedir_v, OpType);
5774 if (strlen(winProfile) == 0)
5776 if (OpType == LDAP_MOD_REPLACE)
5779 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5781 //unset profilePate attribute for user.
5782 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5788 winProfile_v[0] = strdup(winProfile);
5789 ADD_ATTR("profilePath", winProfile_v, OpType);
5792 if (strlen(homeDrive) == 0)
5794 if (OpType == LDAP_MOD_REPLACE)
5797 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5799 //unset homeDrive attribute for user
5800 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5806 drives_v[0] = strdup(homeDrive);
5807 ADD_ATTR("homeDrive", drives_v, OpType);
5813 int GetServerList(char *ldap_domain, char **ServerList)
5820 int IgnoreServerListError;
5821 int ServerListFound;
5822 char default_server[256];
5824 char *attr_array[3];
5828 LK_ENTRY *group_base;
5833 memset(default_server, '\0', sizeof(default_server));
5834 memset(dn_path, '\0', sizeof(dn_path));
5835 for (i = 0; i < MAX_SERVER_NAMES; i++)
5837 if (ServerList[i] != NULL)
5839 free(ServerList[i]);
5840 ServerList[i] = NULL;
5843 IgnoreServerListError = 1;
5844 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5845 ServerList, &IgnoreServerListError))
5847 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5851 ServerListFound = 0;
5853 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5854 attr_array[0] = "fSMORoleOwner";
5855 attr_array[1] = NULL;
5856 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5857 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5859 if (group_count != 0)
5861 sPtr = strstr(group_base->value, ",CN=");
5864 sPtr += strlen(",CN=");
5865 if (ServerList[0] == NULL)
5866 ServerList[0] = calloc(1, 256);
5867 strcpy(ServerList[0], sPtr);
5868 sPtr = strstr(ServerList[0], ",");
5872 ServerListFound = 1;
5876 linklist_free(group_base);
5880 attr_array[0] = "cn";
5881 attr_array[1] = NULL;
5882 strcpy(filter, "(cn=*)");
5883 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5885 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5886 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5888 if (group_count != 0)
5891 while (gPtr != NULL)
5893 if (ServerListFound != 0)
5895 if (!strcasecmp(ServerList[0], gPtr->value))
5901 if (Count < MAX_SERVER_NAMES)
5903 if (ServerList[Count] == NULL)
5904 ServerList[Count] = calloc(1, 256);
5905 strcpy(ServerList[Count], gPtr->value);
5912 linklist_free(group_base);
5918 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5919 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5921 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5922 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5924 if (group_count != 0)
5929 linklist_free(group_base);
5933 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5935 fprintf(fptr, "%s%s\n", DOMAIN, ldap_domain);
5937 fprintf(fptr, "%s%s\n", MSSFU, SFUTYPE);
5938 for (i = 0; i < MAX_SERVER_NAMES; i++)
5940 if (ServerList[i] != NULL)
5942 fprintf(fptr, "%s%s\n", SERVER, ServerList[i]);
5947 ldap_unbind_s(ldap_handle);
5952 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5953 char *attribute_value, char *attribute, char *user_name)
5955 char *mod_v[] = {NULL, NULL};
5956 LDAPMod *DelMods[20];
5962 if (strlen(attribute_value) == 0)
5965 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5967 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5973 mod_v[0] = attribute_value;
5974 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5976 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5980 mod_v[0] = attribute_value;
5981 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5983 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5985 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5986 attribute, user_name, ldap_err2string(rc));