2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("Ldap incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("Ldap incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("Ldap incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("Ldap incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("Ldap incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("Ldap incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("Ldap incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("Ldap incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from directory",
1733 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1737 com_err(whoami, 0, "Unable to process because user %s has been "
1738 "previously expungeded", before[U_NAME]);
1743 /*process anything that gets here*/
1745 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1746 before_user_id)) == AD_NO_USER_FOUND)
1748 if (!check_string(after[U_NAME]))
1751 if (rc = moira_connect())
1753 critical_alert("Ldap incremental",
1754 "Error connection to Moira : %s",
1759 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1761 av[0] = after[U_NAME];
1762 call_args[0] = (char *)ldap_handle;
1763 call_args[1] = dn_path;
1764 call_args[2] = after_user_id;
1765 call_args[3] = NULL;
1773 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1774 attr_array[0] = "cn";
1775 attr_array[1] = NULL;
1777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1778 &group_base, &group_count,
1779 LDAP_SCOPE_SUBTREE)) != 0)
1781 com_err(whoami, 0, "Unable to process user %s : %s",
1782 after[U_NAME], ldap_err2string(rc));
1786 if (group_count >= 1)
1788 com_err(whoami, 0, "Object already exists with name %s",
1793 linklist_free(group_base);
1798 if (rc = mr_query("get_user_account_by_login", 1, av,
1799 save_query_info, save_argv))
1802 com_err(whoami, 0, "Unable to create user %s : %s",
1803 after[U_NAME], error_message(rc));
1807 if (rc = user_create(U_END, save_argv, call_args))
1809 com_err(whoami, 0, "Unable to create user %s : %s",
1810 after[U_NAME], error_message(rc));
1817 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1829 if (strcmp(before[U_NAME], after[U_NAME]))
1831 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1833 com_err(whoami, 0, "changing user %s to %s",
1834 before[U_NAME], after[U_NAME]);
1836 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1837 after[U_NAME])) != LDAP_SUCCESS)
1844 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1845 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1846 after[U_UID], after[U_MITID],
1847 after_user_id, atoi(after[U_STATE]),
1848 after[U_HOMEDIR], after[U_PROFILEDIR],
1849 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1850 after[U_SHELL], after[U_CLASS]);
1855 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1856 char *oldValue, char *newValue,
1857 char ***modvalues, int type)
1859 LK_ENTRY *linklist_ptr;
1863 if (((*modvalues) = calloc(1,
1864 (modvalue_count + 1) * sizeof(char *))) == NULL)
1869 for (i = 0; i < (modvalue_count + 1); i++)
1870 (*modvalues)[i] = NULL;
1872 if (modvalue_count != 0)
1874 linklist_ptr = linklist_base;
1875 for (i = 0; i < modvalue_count; i++)
1877 if ((oldValue != NULL) && (newValue != NULL))
1879 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1882 if (type == REPLACE)
1884 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1887 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1888 strcpy((*modvalues)[i], newValue);
1892 if (((*modvalues)[i] = calloc(1,
1893 (int)(cPtr - linklist_ptr->value) +
1894 (linklist_ptr->length -
1896 strlen(newValue) + 1)) == NULL)
1898 memset((*modvalues)[i], '\0',
1899 (int)(cPtr - linklist_ptr->value) +
1900 (linklist_ptr->length - strlen(oldValue)) +
1901 strlen(newValue) + 1);
1902 memcpy((*modvalues)[i], linklist_ptr->value,
1903 (int)(cPtr - linklist_ptr->value));
1904 strcat((*modvalues)[i], newValue);
1905 strcat((*modvalues)[i],
1906 &linklist_ptr->value[(int)(cPtr -
1907 linklist_ptr->value) + strlen(oldValue)]);
1912 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1913 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1914 memcpy((*modvalues)[i], linklist_ptr->value,
1915 linklist_ptr->length);
1920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1922 memcpy((*modvalues)[i], linklist_ptr->value,
1923 linklist_ptr->length);
1925 linklist_ptr = linklist_ptr->next;
1927 (*modvalues)[i] = NULL;
1933 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1934 char **attr_array, LK_ENTRY **linklist_base,
1935 int *linklist_count, unsigned long ScopeType)
1938 LDAPMessage *ldap_entry;
1942 (*linklist_base) = NULL;
1943 (*linklist_count) = 0;
1945 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1946 search_exp, attr_array, 0,
1947 &ldap_entry)) != LDAP_SUCCESS)
1949 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1953 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1956 ldap_msgfree(ldap_entry);
1960 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1961 LK_ENTRY **linklist_base, int *linklist_count)
1963 char distinguished_name[1024];
1964 LK_ENTRY *linklist_ptr;
1967 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1970 memset(distinguished_name, '\0', sizeof(distinguished_name));
1971 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1973 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1974 linklist_base)) != 0)
1977 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1983 distinguished_name, linklist_base)) != 0)
1987 linklist_ptr = (*linklist_base);
1988 (*linklist_count) = 0;
1990 while (linklist_ptr != NULL)
1992 ++(*linklist_count);
1993 linklist_ptr = linklist_ptr->next;
1999 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2000 char *distinguished_name, LK_ENTRY **linklist_current)
2007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2010 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2012 ldap_memfree(Attribute);
2013 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2016 retrieve_values(ldap_handle, ldap_entry, Attribute,
2017 distinguished_name, linklist_current);
2018 ldap_memfree(Attribute);
2022 ldap_ber_free(ptr, 0);
2027 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2028 char *Attribute, char *distinguished_name,
2029 LK_ENTRY **linklist_current)
2035 LK_ENTRY *linklist_previous;
2036 LDAP_BERVAL **ber_value;
2045 SID_IDENTIFIER_AUTHORITY *sid_auth;
2046 unsigned char *subauth_count;
2047 #endif /*LDAP_BEGUG*/
2050 memset(temp, '\0', sizeof(temp));
2052 if ((!strcmp(Attribute, "objectSid")) ||
2053 (!strcmp(Attribute, "objectGUID")))
2058 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2059 Ptr = (void **)ber_value;
2064 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2065 Ptr = (void **)str_value;
2073 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2076 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2077 linklist_previous->next = (*linklist_current);
2078 (*linklist_current) = linklist_previous;
2080 if (((*linklist_current)->attribute = calloc(1,
2081 strlen(Attribute) + 1)) == NULL)
2084 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2085 strcpy((*linklist_current)->attribute, Attribute);
2089 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2091 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2094 memset((*linklist_current)->value, '\0', ber_length);
2095 memcpy((*linklist_current)->value,
2096 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2097 (*linklist_current)->length = ber_length;
2101 if (((*linklist_current)->value = calloc(1,
2102 strlen(*Ptr) + 1)) == NULL)
2105 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2106 (*linklist_current)->length = strlen(*Ptr);
2107 strcpy((*linklist_current)->value, *Ptr);
2110 (*linklist_current)->ber_value = use_bervalue;
2112 if (((*linklist_current)->dn = calloc(1,
2113 strlen(distinguished_name) + 1)) == NULL)
2116 memset((*linklist_current)->dn, '\0',
2117 strlen(distinguished_name) + 1);
2118 strcpy((*linklist_current)->dn, distinguished_name);
2121 if (!strcmp(Attribute, "objectGUID"))
2123 guid = (GUID *)((*linklist_current)->value);
2125 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2126 guid->Data1, guid->Data2, guid->Data3,
2127 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2128 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2129 guid->Data4[6], guid->Data4[7]);
2130 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2132 else if (!strcmp(Attribute, "objectSid"))
2134 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2137 print_to_screen(" Revision = %d\n", sid->Revision);
2138 print_to_screen(" SID Identifier Authority:\n");
2139 sid_auth = &sid->IdentifierAuthority;
2140 if (sid_auth->Value[0])
2141 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2142 else if (sid_auth->Value[1])
2143 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2144 else if (sid_auth->Value[2])
2145 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2146 else if (sid_auth->Value[3])
2147 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2148 else if (sid_auth->Value[5])
2149 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2151 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2152 subauth_count = GetSidSubAuthorityCount(sid);
2153 print_to_screen(" SidSubAuthorityCount = %d\n",
2155 print_to_screen(" SidSubAuthority:\n");
2156 for (i = 0; i < *subauth_count; i++)
2158 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2159 print_to_screen(" %u\n", *subauth);
2163 else if ((!memcmp(Attribute, "userAccountControl",
2164 strlen("userAccountControl"))) ||
2165 (!memcmp(Attribute, "sAMAccountType",
2166 strlen("sAmAccountType"))))
2168 intValue = atoi(*Ptr);
2169 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2171 if (!memcmp(Attribute, "userAccountControl",
2172 strlen("userAccountControl")))
2174 if (intValue & UF_ACCOUNTDISABLE)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Account disabled");
2178 print_to_screen(" %20s : %s\n",
2179 "", "Account active");
2180 if (intValue & UF_HOMEDIR_REQUIRED)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Home directory required");
2183 if (intValue & UF_LOCKOUT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account locked out");
2186 if (intValue & UF_PASSWD_NOTREQD)
2187 print_to_screen(" %20s : %s\n",
2188 "", "No password required");
2189 if (intValue & UF_PASSWD_CANT_CHANGE)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Cannot change password");
2192 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Temp duplicate account");
2195 if (intValue & UF_NORMAL_ACCOUNT)
2196 print_to_screen(" %20s : %s\n",
2197 "", "Normal account");
2198 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Interdomain trust account");
2201 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Workstation trust account");
2204 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Server trust account");
2211 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2213 #endif /*LDAP_DEBUG*/
2216 if (str_value != NULL)
2217 ldap_value_free(str_value);
2219 if (ber_value != NULL)
2220 ldap_value_free_len(ber_value);
2223 (*linklist_current) = linklist_previous;
2228 int moira_connect(void)
2233 if (!mr_connections++)
2237 memset(HostName, '\0', sizeof(HostName));
2238 strcpy(HostName, "ttsp");
2239 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2243 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2252 int check_winad(void)
2256 for (i = 0; file_exists(STOP_FILE); i++)
2260 critical_alert("Ldap incremental",
2261 "Ldap incremental failed (%s exists): %s",
2262 STOP_FILE, tbl_buf);
2272 int moira_disconnect(void)
2275 if (!--mr_connections)
2283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2284 char *distinguished_name)
2288 CName = ldap_get_dn(ldap_handle, ldap_entry);
2293 strcpy(distinguished_name, CName);
2294 ldap_memfree(CName);
2297 int linklist_create_entry(char *attribute, char *value,
2298 LK_ENTRY **linklist_entry)
2300 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2302 if (!(*linklist_entry))
2307 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2308 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2309 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2310 strcpy((*linklist_entry)->attribute, attribute);
2311 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2312 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2313 strcpy((*linklist_entry)->value, value);
2314 (*linklist_entry)->length = strlen(value);
2315 (*linklist_entry)->next = NULL;
2320 void print_to_screen(const char *fmt, ...)
2324 va_start(pvar, fmt);
2325 vfprintf(stderr, fmt, pvar);
2330 int get_group_membership(char *group_membership, char *group_ou,
2331 int *security_flag, char **av)
2336 maillist_flag = atoi(av[L_MAILLIST]);
2337 group_flag = atoi(av[L_GROUP]);
2339 if (security_flag != NULL)
2340 (*security_flag) = 0;
2342 if ((maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'B';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_both);
2353 else if ((!maillist_flag) && (group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'S';
2358 if (security_flag != NULL)
2359 (*security_flag) = 1;
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_security);
2364 else if ((maillist_flag) && (!group_flag))
2366 if (group_membership != NULL)
2367 group_membership[0] = 'D';
2369 if (group_ou != NULL)
2370 strcpy(group_ou, group_ou_distribution);
2374 if (group_membership != NULL)
2375 group_membership[0] = 'N';
2377 if (group_ou != NULL)
2378 strcpy(group_ou, group_ou_neither);
2384 int group_rename(LDAP *ldap_handle, char *dn_path,
2385 char *before_group_name, char *before_group_membership,
2386 char *before_group_ou, int before_security_flag,
2387 char *before_desc, char *after_group_name,
2388 char *after_group_membership, char *after_group_ou,
2389 int after_security_flag, char *after_desc,
2390 char *MoiraId, char *filter, char *maillist)
2395 char new_dn_path[512];
2398 char mail_nickname[256];
2399 char proxy_address[256];
2400 char address_book[256];
2401 char *attr_array[3];
2402 char *mitMoiraId_v[] = {NULL, NULL};
2403 char *name_v[] = {NULL, NULL};
2404 char *samAccountName_v[] = {NULL, NULL};
2405 char *groupTypeControl_v[] = {NULL, NULL};
2406 char *mail_v[] = {NULL, NULL};
2407 char *proxy_address_v[] = {NULL, NULL};
2408 char *mail_nickname_v[] = {NULL, NULL};
2409 char *report_to_originator_v[] = {NULL, NULL};
2410 char *address_book_v[] = {NULL, NULL};
2411 char *legacy_exchange_dn_v[] = {NULL, NULL};
2412 char *null_v[] = {NULL, NULL};
2413 u_int groupTypeControl;
2414 char groupTypeControlStr[80];
2415 char contact_mail[256];
2419 LK_ENTRY *group_base;
2421 int MailDisabled = 0;
2422 char search_filter[1024];
2424 if(UseGroupUniversal)
2425 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2427 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2429 if (!check_string(before_group_name))
2432 "Unable to process invalid LDAP list name %s",
2434 return(AD_INVALID_NAME);
2437 if (!check_string(after_group_name))
2440 "Unable to process invalid LDAP list name %s", after_group_name);
2441 return(AD_INVALID_NAME);
2451 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2453 attr_array[0] = "cn";
2454 attr_array[1] = NULL;
2456 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2457 attr_array, &group_base, &group_count,
2458 LDAP_SCOPE_SUBTREE)) != 0)
2460 com_err(whoami, 0, "Unable to process group %s : %s",
2461 after_group_name, ldap_err2string(rc));
2467 com_err(whoami, 0, "Object already exists with name %s",
2472 linklist_free(group_base);
2481 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2482 before_group_membership,
2483 MoiraId, "samAccountName", &group_base,
2484 &group_count, filter))
2487 if (group_count == 0)
2489 return(AD_NO_GROUPS_FOUND);
2492 if (group_count != 1)
2494 com_err(whoami, 0, "Unable to process multiple groups with "
2495 "MoiraId = %s exist in the directory", MoiraId);
2496 return(AD_MULTIPLE_GROUPS_FOUND);
2499 strcpy(old_dn, group_base->dn);
2501 linklist_free(group_base);
2504 attr_array[0] = "sAMAccountName";
2505 attr_array[1] = NULL;
2507 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2508 &group_base, &group_count,
2509 LDAP_SCOPE_SUBTREE)) != 0)
2511 com_err(whoami, 0, "Unable to get list %s dn : %s",
2512 after_group_name, ldap_err2string(rc));
2516 if (group_count != 1)
2519 "Unable to get sAMAccountName for group %s",
2521 return(AD_LDAP_FAILURE);
2524 strcpy(sam_name, group_base->value);
2525 linklist_free(group_base);
2529 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2530 sprintf(new_dn, "cn=%s", after_group_name);
2531 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2532 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2533 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2534 lowercase(ldap_domain));
2535 sprintf(mail_nickname, "%s", after_group_name);
2537 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2539 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2540 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2542 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2543 before_group_name, after_group_name, ldap_err2string(rc));
2547 name_v[0] = after_group_name;
2549 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2550 group_suffix, strlen(group_suffix)))
2552 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2557 "Unable to rename list from %s to %s : sAMAccountName not found",
2558 before_group_name, after_group_name);
2562 samAccountName_v[0] = sam_name;
2564 if (after_security_flag)
2565 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2567 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2568 groupTypeControl_v[0] = groupTypeControlStr;
2569 mitMoiraId_v[0] = MoiraId;
2571 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2572 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2575 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2577 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2578 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2582 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2584 mail_nickname_v[0] = mail_nickname;
2585 proxy_address_v[0] = proxy_address;
2587 report_to_originator_v[0] = "TRUE";
2589 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("reportToOriginator", report_to_originator_v,
2597 mail_nickname_v[0] = NULL;
2598 proxy_address_v[0] = NULL;
2600 legacy_exchange_dn_v[0] = NULL;
2601 address_book_v[0] = NULL;
2602 report_to_originator_v[0] = NULL;
2604 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2605 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2606 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2607 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2608 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2609 ADD_ATTR("reportToOriginator", report_to_originator_v,
2615 if(atoi(maillist) && email_isvalid(contact_mail))
2617 mail_v[0] = contact_mail;
2618 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2620 if(!ActiveDirectory)
2622 null_v[0] = "/dev/null";
2623 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2630 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2633 "Unable to modify list data for %s after renaming: %s",
2634 after_group_name, ldap_err2string(rc));
2637 for (i = 0; i < n; i++)
2643 int group_create(int ac, char **av, void *ptr)
2648 char new_group_name[256];
2649 char sam_group_name[256];
2650 char cn_group_name[256];
2652 char contact_mail[256];
2653 char mail_nickname[256];
2654 char proxy_address[256];
2655 char address_book[256];
2656 char *cn_v[] = {NULL, NULL};
2657 char *objectClass_v[] = {"top", "group", NULL};
2658 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2659 "group", "mailRecipient", NULL};
2661 char *samAccountName_v[] = {NULL, NULL};
2662 char *altSecurityIdentities_v[] = {NULL, NULL};
2663 char *member_v[] = {NULL, NULL};
2664 char *name_v[] = {NULL, NULL};
2665 char *desc_v[] = {NULL, NULL};
2666 char *info_v[] = {NULL, NULL};
2667 char *mitMoiraId_v[] = {NULL, NULL};
2668 char *mitMoiraPublic_v[] = {NULL, NULL};
2669 char *mitMoiraHidden_v[] = {NULL, NULL};
2670 char *groupTypeControl_v[] = {NULL, NULL};
2671 char *mail_v[] = {NULL, NULL};
2672 char *proxy_address_v[] = {NULL, NULL};
2673 char *mail_nickname_v[] = {NULL, NULL};
2674 char *report_to_originator_v[] = {NULL, NULL};
2675 char *address_book_v[] = {NULL, NULL};
2676 char *legacy_exchange_dn_v[] = {NULL, NULL};
2677 char *gidNumber_v[] = {NULL, NULL};
2678 char *null_v[] = {NULL, NULL};
2679 char groupTypeControlStr[80];
2680 char group_membership[1];
2683 u_int groupTypeControl;
2687 int MailDisabled = 0;
2689 LK_ENTRY *group_base;
2692 char *attr_array[3];
2696 if(UseGroupUniversal)
2697 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2699 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2701 if (!check_string(av[L_NAME]))
2703 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2705 return(AD_INVALID_NAME);
2708 updateGroup = (int)call_args[4];
2709 memset(group_ou, 0, sizeof(group_ou));
2710 memset(group_membership, 0, sizeof(group_membership));
2713 get_group_membership(group_membership, group_ou, &security_flag, av);
2715 strcpy(new_group_name, av[L_NAME]);
2716 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2717 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2718 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2719 sprintf(mail_nickname, "%s", av[L_NAME]);
2722 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2724 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2728 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2729 groupTypeControl_v[0] = groupTypeControlStr;
2731 strcpy(cn_group_name, av[L_NAME]);
2733 samAccountName_v[0] = sam_group_name;
2734 name_v[0] = new_group_name;
2735 cn_v[0] = new_group_name;
2738 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2742 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2746 mitMoiraPublic_v[0] = av[L_PUBLIC];
2747 mitMoiraHidden_v[0] = av[L_HIDDEN];
2748 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2749 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2750 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2752 if(atoi(av[L_GROUP]))
2754 gidNumber_v[0] = av[L_GID];
2755 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2759 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2760 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2761 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2765 if(atoi(av[L_MAILLIST]))
2770 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2771 attr_array[0] = "cn";
2772 attr_array[1] = NULL;
2774 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2775 filter, attr_array, &group_base,
2777 LDAP_SCOPE_SUBTREE)) != 0)
2779 com_err(whoami, 0, "Unable to process group %s : %s",
2780 av[L_NAME], ldap_err2string(rc));
2786 com_err(whoami, 0, "Object already exists with name %s",
2791 linklist_free(group_base);
2796 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2798 mail_nickname_v[0] = mail_nickname;
2799 report_to_originator_v[0] = "TRUE";
2801 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2802 ADD_ATTR("reportToOriginator", report_to_originator_v,
2808 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2810 mail_v[0] = contact_mail;
2811 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2813 if(!ActiveDirectory)
2815 null_v[0] = "/dev/null";
2816 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2821 if (strlen(av[L_DESC]) != 0)
2823 desc_v[0] = av[L_DESC];
2824 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2827 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2829 if (strlen(av[L_ACE_NAME]) != 0)
2831 sprintf(info, "The Administrator of this list is: %s",
2834 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2837 if (strlen(call_args[5]) != 0)
2839 mitMoiraId_v[0] = call_args[5];
2840 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2845 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2847 for (i = 0; i < n; i++)
2850 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2852 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2853 av[L_NAME], ldap_err2string(rc));
2859 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2861 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2862 "description", av[L_NAME]);
2863 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2865 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2870 if (strlen(call_args[5]) != 0)
2872 mitMoiraId_v[0] = call_args[5];
2873 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2876 if (!(atoi(av[L_ACTIVE])))
2879 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2882 if (!ActiveDirectory)
2884 mitMoiraPublic_v[0] = av[L_PUBLIC];
2885 mitMoiraHidden_v[0] = av[L_HIDDEN];
2886 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2887 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2889 if(atoi(av[L_GROUP]))
2891 gidNumber_v[0] = av[L_GID];
2892 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2896 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2902 if(atoi(av[L_MAILLIST]))
2907 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2908 attr_array[0] = "cn";
2909 attr_array[1] = NULL;
2911 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2912 filter, attr_array, &group_base,
2914 LDAP_SCOPE_SUBTREE)) != 0)
2916 com_err(whoami, 0, "Unable to process group %s : %s",
2917 av[L_NAME], ldap_err2string(rc));
2923 com_err(whoami, 0, "Object already exists with name %s",
2928 linklist_free(group_base);
2933 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2935 mail_nickname_v[0] = mail_nickname;
2936 report_to_originator_v[0] = "TRUE";
2938 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2939 ADD_ATTR("reportToOriginator", report_to_originator_v,
2945 mail_nickname_v[0] = NULL;
2946 proxy_address_v[0] = NULL;
2947 legacy_exchange_dn_v[0] = NULL;
2948 address_book_v[0] = NULL;
2949 report_to_originator_v[0] = NULL;
2951 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2952 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2953 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2954 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2956 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2957 ADD_ATTR("reportToOriginator", report_to_originator_v,
2963 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2965 mail_v[0] = contact_mail;
2966 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2968 if(!ActiveDirectory)
2970 null_v[0] = "/dev/null";
2971 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2977 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2979 if(!ActiveDirectory)
2982 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2992 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2994 for (i = 0; i < n; i++)
2997 if (rc != LDAP_SUCCESS)
2999 com_err(whoami, 0, "Unable to update list %s in directory : %s",
3000 av[L_NAME], ldap_err2string(rc));
3007 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3008 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3010 return(LDAP_SUCCESS);
3013 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3014 char *TargetGroupName, int HiddenGroup,
3015 char *AceType, char *AceName)
3017 char filter_exp[1024];
3018 char *attr_array[5];
3019 char search_path[512];
3021 char TemplateDn[512];
3022 char TemplateSamName[128];
3024 char TargetSamName[128];
3025 char AceSamAccountName[128];
3027 unsigned char AceSid[128];
3028 unsigned char UserTemplateSid[128];
3029 char acBERBuf[N_SD_BER_BYTES];
3030 char GroupSecurityTemplate[256];
3031 char hide_addres_lists[256];
3032 char address_book[256];
3033 char *hide_address_lists_v[] = {NULL, NULL};
3034 char *address_book_v[] = {NULL, NULL};
3035 char *owner_v[] = {NULL, NULL};
3037 int UserTemplateSidCount;
3044 int array_count = 0;
3046 LK_ENTRY *group_base;
3047 LDAP_BERVAL **ppsValues;
3048 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3049 { N_SD_BER_BYTES, acBERBuf },
3052 LDAPControl *apsServerControls[] = {&sControl, NULL};
3055 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3056 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3057 BEREncodeSecurityBits(dwInfo, acBERBuf);
3059 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3060 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3061 attr_array[0] = "sAMAccountName";
3062 attr_array[1] = NULL;
3066 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3067 &group_base, &group_count,
3068 LDAP_SCOPE_SUBTREE) != 0))
3071 if (group_count != 1)
3073 linklist_free(group_base);
3077 strcpy(TargetDn, group_base->dn);
3078 strcpy(TargetSamName, group_base->value);
3079 linklist_free(group_base);
3083 UserTemplateSidCount = 0;
3084 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3085 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3086 memset(AceSid, '\0', sizeof(AceSid));
3091 if (strlen(AceName) != 0)
3093 if (!strcmp(AceType, "LIST"))
3095 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3096 strcpy(root_ou, group_ou_root);
3098 else if (!strcmp(AceType, "USER"))
3100 sprintf(AceSamAccountName, "%s", AceName);
3101 strcpy(root_ou, user_ou);
3104 if (ActiveDirectory)
3106 if (strlen(AceSamAccountName) != 0)
3108 sprintf(search_path, "%s", dn_path);
3109 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3110 attr_array[0] = "objectSid";
3111 attr_array[1] = NULL;
3115 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3116 attr_array, &group_base, &group_count,
3117 LDAP_SCOPE_SUBTREE) != 0))
3119 if (group_count == 1)
3121 strcpy(AceDn, group_base->dn);
3122 AceSidCount = group_base->length;
3123 memcpy(AceSid, group_base->value, AceSidCount);
3125 linklist_free(group_base);
3132 if (strlen(AceSamAccountName) != 0)
3134 sprintf(search_path, "%s", dn_path);
3135 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3136 attr_array[0] = "samAccountName";
3137 attr_array[1] = NULL;
3141 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3142 attr_array, &group_base, &group_count,
3143 LDAP_SCOPE_SUBTREE) != 0))
3145 if (group_count == 1)
3147 strcpy(AceDn, group_base->dn);
3149 linklist_free(group_base);
3156 if (!ActiveDirectory)
3158 if (strlen(AceDn) != 0)
3160 owner_v[0] = strdup(AceDn);
3162 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3166 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3168 for (i = 0; i < n; i++)
3171 if (rc != LDAP_SUCCESS)
3172 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3173 TargetGroupName, ldap_err2string(rc));
3179 if (AceSidCount == 0)
3181 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3182 "have a directory SID.", TargetGroupName, AceName, AceType);
3183 com_err(whoami, 0, " Non-admin security group template will be used.");
3187 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3188 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3189 attr_array[0] = "objectSid";
3190 attr_array[1] = NULL;
3195 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3196 attr_array, &group_base, &group_count,
3197 LDAP_SCOPE_SUBTREE) != 0))
3200 if ((rc != 0) || (group_count != 1))
3202 com_err(whoami, 0, "Unable to process user security template: %s",
3208 UserTemplateSidCount = group_base->length;
3209 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3211 linklist_free(group_base);
3218 if (AceSidCount == 0)
3220 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3221 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3225 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3226 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3231 if (AceSidCount == 0)
3233 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3234 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3238 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3239 sprintf(filter_exp, "(sAMAccountName=%s)",
3240 NOT_HIDDEN_GROUP_WITH_ADMIN);
3244 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3245 attr_array[0] = "sAMAccountName";
3246 attr_array[1] = NULL;
3250 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3251 &group_base, &group_count,
3252 LDAP_SCOPE_SUBTREE) != 0))
3255 if (group_count != 1)
3257 linklist_free(group_base);
3258 com_err(whoami, 0, "Unable to process group security template: %s - "
3259 "security not set", GroupSecurityTemplate);
3263 strcpy(TemplateDn, group_base->dn);
3264 strcpy(TemplateSamName, group_base->value);
3265 linklist_free(group_base);
3269 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3270 rc = ldap_search_ext_s(ldap_handle,
3282 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3284 com_err(whoami, 0, "Unable to find group security template: %s - "
3285 "security not set", GroupSecurityTemplate);
3289 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3291 if (ppsValues == NULL)
3293 com_err(whoami, 0, "Unable to find group security descriptor for group "
3294 "%s - security not set", GroupSecurityTemplate);
3298 if (AceSidCount != 0)
3300 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3303 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3305 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3306 UserTemplateSidCount))
3308 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3316 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3317 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3323 hide_address_lists_v[0] = "TRUE";
3324 address_book_v[0] = NULL;
3325 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3327 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3329 hide_address_lists_v[0] = NULL;
3330 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3337 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3339 for (i = 0; i < n; i++)
3342 ldap_value_free_len(ppsValues);
3343 ldap_msgfree(psMsg);
3345 if (rc != LDAP_SUCCESS)
3347 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3348 TargetGroupName, ldap_err2string(rc));
3350 if (AceSidCount != 0)
3353 "Trying to set security for group %s without admin.",
3356 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3357 HiddenGroup, "", ""))
3359 com_err(whoami, 0, "Unable to set security for group %s.",
3370 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3371 char *group_membership, char *MoiraId)
3373 LK_ENTRY *group_base;
3379 if (!check_string(group_name))
3382 "Unable to process invalid LDAP list name %s", group_name);
3383 return(AD_INVALID_NAME);
3386 memset(filter, '\0', sizeof(filter));
3389 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3391 if (rc = ad_get_group(ldap_handle, temp, group_name,
3392 group_membership, MoiraId,
3393 "samAccountName", &group_base,
3394 &group_count, filter))
3397 if (group_count == 1)
3399 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3401 linklist_free(group_base);
3402 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3403 group_name, ldap_err2string(rc));
3406 linklist_free(group_base);
3410 linklist_free(group_base);
3411 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3412 return(AD_NO_GROUPS_FOUND);
3418 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3424 return(N_SD_BER_BYTES);
3427 int process_lists(int ac, char **av, void *ptr)
3432 char group_membership[2];
3438 memset(group_ou, '\0', sizeof(group_ou));
3439 memset(group_membership, '\0', sizeof(group_membership));
3440 get_group_membership(group_membership, group_ou, &security_flag, av);
3441 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3442 av[L_NAME], group_ou, group_membership,
3448 int member_list_build(int ac, char **av, void *ptr)
3456 strcpy(temp, av[ACE_NAME]);
3459 if (!check_string(temp))
3462 if (!strcmp(av[ACE_TYPE], "USER"))
3464 if (!((int)call_args[3] & MOIRA_USERS))
3467 else if (!strcmp(av[ACE_TYPE], "STRING"))
3471 if((s = strchr(temp, '@')) == (char *) NULL)
3473 strcat(temp, "@mit.edu");
3476 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3478 s = strrchr(temp, '.');
3480 strcat(s, ".mit.edu");
3484 if (!((int)call_args[3] & MOIRA_STRINGS))
3487 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3490 else if (!strcmp(av[ACE_TYPE], "LIST"))
3492 if (!((int)call_args[3] & MOIRA_LISTS))
3495 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3497 if (!((int)call_args[3] & MOIRA_KERBEROS))
3500 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3505 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3507 if (!((int)call_args[3] & MOIRA_MACHINE))
3513 linklist = member_base;
3517 if (!strcasecmp(temp, linklist->member) &&
3518 !strcasecmp(av[ACE_TYPE], linklist->type))
3521 linklist = linklist->next;
3524 linklist = calloc(1, sizeof(LK_ENTRY));
3526 linklist->dn = NULL;
3527 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3528 strcpy(linklist->list, call_args[2]);
3529 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3530 strcpy(linklist->type, av[ACE_TYPE]);
3531 linklist->member = calloc(1, strlen(temp) + 1);
3532 strcpy(linklist->member, temp);
3533 linklist->next = member_base;
3534 member_base = linklist;
3539 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3540 char *group_ou, char *group_membership, char *user_name,
3541 char *UserOu, char *MoiraId)
3543 char distinguished_name[1024];
3547 char *attr_array[3];
3552 LK_ENTRY *group_base;
3556 if (!check_string(group_name))
3557 return(AD_INVALID_NAME);
3559 memset(filter, '\0', sizeof(filter));
3563 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3564 group_membership, MoiraId,
3565 "samAccountName", &group_base,
3566 &group_count, filter))
3569 if (group_count != 1)
3571 com_err(whoami, 0, "Unable to find list %s in directory",
3573 linklist_free(group_base);
3579 strcpy(distinguished_name, group_base->dn);
3580 linklist_free(group_base);
3586 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3590 if(!strcmp(UserOu, user_ou))
3591 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3593 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3596 modvalues[0] = temp;
3597 modvalues[1] = NULL;
3600 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3602 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3604 for (i = 0; i < n; i++)
3607 if (rc == LDAP_UNWILLING_TO_PERFORM)
3610 if (rc != LDAP_SUCCESS)
3612 com_err(whoami, 0, "Unable to modify list %s members : %s",
3613 group_name, ldap_err2string(rc));
3617 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3621 if(!strcmp(UserOu, contact_ou) &&
3622 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3624 memset(temp, '\0', sizeof(temp));
3625 strcpy(temp, user_name);
3626 s = strchr(temp, '@');
3629 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3631 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3632 &group_base, &group_count,
3633 LDAP_SCOPE_SUBTREE) != 0))
3639 linklist_free(group_base);
3644 sprintf(filter, "(distinguishedName=%s)", temp);
3645 attr_array[0] = "memberOf";
3646 attr_array[1] = NULL;
3648 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3649 &group_base, &group_count,
3650 LDAP_SCOPE_SUBTREE) != 0))
3656 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3658 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3668 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3669 char *group_ou, char *group_membership, char *user_name,
3670 char *UserOu, char *MoiraId)
3672 char distinguished_name[1024];
3680 LK_ENTRY *group_base;
3683 if (!check_string(group_name))
3684 return(AD_INVALID_NAME);
3687 memset(filter, '\0', sizeof(filter));
3691 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3692 group_membership, MoiraId,
3693 "samAccountName", &group_base,
3694 &group_count, filter))
3697 if (group_count != 1)
3699 linklist_free(group_base);
3702 com_err(whoami, 0, "Unable to find list %s %d in directory",
3703 group_name, group_count);
3704 return(AD_MULTIPLE_GROUPS_FOUND);
3707 strcpy(distinguished_name, group_base->dn);
3708 linklist_free(group_base);
3714 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3718 if(!strcmp(UserOu, user_ou))
3719 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3721 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3724 modvalues[0] = temp;
3725 modvalues[1] = NULL;
3728 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3730 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3732 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3735 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3737 if (rc == LDAP_UNWILLING_TO_PERFORM)
3741 for (i = 0; i < n; i++)
3744 if (rc != LDAP_SUCCESS)
3746 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3747 user_name, group_name, ldap_err2string(rc));
3753 int contact_remove_email(LDAP *ld, char *bind_path,
3754 LK_ENTRY **linklist_base, int linklist_current)
3758 char *mail_v[] = {NULL, NULL};
3766 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3767 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3768 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3769 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3772 gPtr = (*linklist_base);
3775 rc = ldap_modify_s(ld, gPtr->dn, mods);
3777 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3779 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3780 gPtr->dn, ldap_err2string(rc));
3787 for (i = 0; i < n; i++)
3793 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3796 LK_ENTRY *group_base;
3799 char cn_user_name[256];
3800 char contact_name[256];
3801 char mail_nickname[256];
3802 char proxy_address_internal[256];
3803 char proxy_address_external[256];
3804 char target_address[256];
3805 char internal_contact_name[256];
3808 char principal[256];
3809 char mit_address_book[256];
3810 char default_address_book[256];
3811 char contact_address_book[256];
3813 char *email_v[] = {NULL, NULL};
3814 char *cn_v[] = {NULL, NULL};
3815 char *contact_v[] = {NULL, NULL};
3816 char *uid_v[] = {NULL, NULL};
3817 char *mail_nickname_v[] = {NULL, NULL};
3818 char *proxy_address_internal_v[] = {NULL, NULL};
3819 char *proxy_address_external_v[] = {NULL, NULL};
3820 char *target_address_v[] = {NULL, NULL};
3821 char *mit_address_book_v[] = {NULL, NULL};
3822 char *default_address_book_v[] = {NULL, NULL};
3823 char *contact_address_book_v[] = {NULL, NULL};
3824 char *hide_address_lists_v[] = {NULL, NULL};
3825 char *attr_array[3];
3826 char *objectClass_v[] = {"top", "person",
3827 "organizationalPerson",
3829 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3830 "inetOrgPerson", "organizationalPerson",
3831 "contact", "mailRecipient", "eduPerson",
3833 char *name_v[] = {NULL, NULL};
3834 char *desc_v[] = {NULL, NULL};
3841 char *mail_routing_v[] = {NULL, NULL};
3842 char *principal_v[] = {NULL, NULL};
3844 if (!check_string(user))
3846 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3847 return(AD_INVALID_NAME);
3851 strcpy(contact_name, mail);
3852 strcpy(internal_contact_name, mail);
3854 if((s = strchr(internal_contact_name, '@')) != NULL) {
3858 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3861 sprintf(target_address, "SMTP:%s", contact_name);
3862 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3863 sprintf(mail_nickname, "%s", internal_contact_name);
3865 cn_v[0] = cn_user_name;
3866 contact_v[0] = contact_name;
3869 desc_v[0] = "Auto account created by Moira";
3871 proxy_address_internal_v[0] = proxy_address_internal;
3872 proxy_address_external_v[0] = proxy_address_external;
3873 mail_nickname_v[0] = mail_nickname;
3874 target_address_v[0] = target_address;
3875 mit_address_book_v[0] = mit_address_book;
3876 default_address_book_v[0] = default_address_book;
3877 contact_address_book_v[0] = contact_address_book;
3878 strcpy(new_dn, cn_user_name);
3881 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3883 if(!ActiveDirectory)
3885 if(!strcmp(group_ou, contact_ou))
3886 sprintf(uid, "%s%s", contact_name, "_strings");
3888 if(!strcmp(group_ou, kerberos_ou))
3889 sprintf(uid, "%s%s", contact_name, "_kerberos");
3893 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3894 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3899 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3903 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3906 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3907 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3908 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3912 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3917 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3918 attr_array[0] = "cn";
3919 attr_array[1] = NULL;
3921 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3922 &group_base, &group_count,
3923 LDAP_SCOPE_SUBTREE)) != 0)
3925 com_err(whoami, 0, "Unable to process contact %s : %s",
3926 user, ldap_err2string(rc));
3932 com_err(whoami, 0, "Object already exists with name %s",
3937 linklist_free(group_base);
3941 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3942 attr_array[0] = "cn";
3943 attr_array[1] = NULL;
3945 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3946 &group_base, &group_count,
3947 LDAP_SCOPE_SUBTREE)) != 0)
3949 com_err(whoami, 0, "Unable to process contact %s : %s",
3950 user, ldap_err2string(rc));
3956 com_err(whoami, 0, "Object already exists with name %s",
3961 linklist_free(group_base);
3965 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3966 attr_array[0] = "cn";
3967 attr_array[1] = NULL;
3969 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3970 &group_base, &group_count,
3971 LDAP_SCOPE_SUBTREE)) != 0)
3973 com_err(whoami, 0, "Unable to process contact %s : %s",
3974 user, ldap_err2string(rc));
3980 com_err(whoami, 0, "Object already exists with name %s",
3985 linklist_free(group_base);
3989 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3990 attr_array[0] = "cn";
3991 attr_array[1] = NULL;
3993 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3994 &group_base, &group_count,
3995 LDAP_SCOPE_SUBTREE)) != 0)
3997 com_err(whoami, 0, "Unable to process contact %s : %s",
3998 user, ldap_err2string(rc));
4004 com_err(whoami, 0, "Object already exists with name %s",
4009 linklist_free(group_base);
4013 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4014 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4015 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4016 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4018 hide_address_lists_v[0] = "TRUE";
4019 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4024 if(!ActiveDirectory)
4026 if((c = strchr(mail, '@')) == NULL)
4027 sprintf(temp, "%s@mit.edu", mail);
4029 sprintf(temp, "%s", mail);
4031 mail_routing_v[0] = temp;
4033 principal_v[0] = principal;
4035 if(!strcmp(group_ou, contact_ou))
4037 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4038 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4044 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4046 for (i = 0; i < n; i++)
4051 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4052 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4056 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4057 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4058 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4060 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4062 hide_address_lists_v[0] = "TRUE";
4063 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4067 rc = ldap_modify_s(ld, new_dn, mods);
4071 com_err(whoami, 0, "Unable to update contact %s", mail);
4074 for (i = 0; i < n; i++)
4079 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4081 com_err(whoami, 0, "Unable to create contact %s : %s",
4082 user, ldap_err2string(rc));
4089 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4090 char *Uid, char *MitId, char *MoiraId, int State,
4091 char *WinHomeDir, char *WinProfileDir, char *first,
4092 char *middle, char *last, char *shell, char *class)
4095 LK_ENTRY *group_base;
4097 char distinguished_name[512];
4098 char displayName[256];
4099 char *mitMoiraId_v[] = {NULL, NULL};
4100 char *mitMoiraClass_v[] = {NULL, NULL};
4101 char *mitMoiraStatus_v[] = {NULL, NULL};
4102 char *uid_v[] = {NULL, NULL};
4103 char *mitid_v[] = {NULL, NULL};
4104 char *homedir_v[] = {NULL, NULL};
4105 char *winProfile_v[] = {NULL, NULL};
4106 char *drives_v[] = {NULL, NULL};
4107 char *userAccountControl_v[] = {NULL, NULL};
4108 char *alt_recipient_v[] = {NULL, NULL};
4109 char *hide_address_lists_v[] = {NULL, NULL};
4110 char *mail_v[] = {NULL, NULL};
4111 char *gid_v[] = {NULL, NULL};
4112 char *loginshell_v[] = {NULL, NULL};
4113 char *principal_v[] = {NULL, NULL};
4114 char userAccountControlStr[80];
4119 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4120 UF_PASSWD_CANT_CHANGE;
4122 char *attr_array[3];
4125 char contact_mail[256];
4126 char filter_exp[1024];
4127 char search_path[512];
4128 char TemplateDn[512];
4129 char TemplateSamName[128];
4130 char alt_recipient[256];
4131 char principal[256];
4133 char acBERBuf[N_SD_BER_BYTES];
4134 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4135 { N_SD_BER_BYTES, acBERBuf },
4137 LDAPControl *apsServerControls[] = {&sControl, NULL};
4139 LDAP_BERVAL **ppsValues;
4143 char *homeServerName;
4145 char search_string[256];
4147 char *mail_routing_v[] = {NULL, NULL};
4150 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4151 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4152 BEREncodeSecurityBits(dwInfo, acBERBuf);
4154 if (!check_string(user_name))
4156 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4158 return(AD_INVALID_NAME);
4161 memset(contact_mail, '\0', sizeof(contact_mail));
4162 sprintf(contact_mail, "%s@mit.edu", user_name);
4163 memset(mail, '\0', sizeof(mail));
4164 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4165 memset(alt_recipient, '\0', sizeof(alt_recipient));
4166 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4168 sprintf(search_string, "@%s", uppercase(ldap_domain));
4172 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4174 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4181 memset(displayName, '\0', sizeof(displayName));
4183 if (strlen(MoiraId) != 0)
4187 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4192 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4195 attr_array[0] = "cn";
4196 attr_array[1] = NULL;
4197 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4198 &group_base, &group_count,
4199 LDAP_SCOPE_SUBTREE)) != 0)
4201 com_err(whoami, 0, "Unable to process user %s : %s",
4202 user_name, ldap_err2string(rc));
4207 if (group_count != 1)
4209 linklist_free(group_base);
4212 sprintf(filter, "(sAMAccountName=%s)", user_name);
4213 attr_array[0] = "cn";
4214 attr_array[1] = NULL;
4215 sprintf(temp, "%s,%s", user_ou, dn_path);
4216 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4217 &group_base, &group_count,
4218 LDAP_SCOPE_SUBTREE)) != 0)
4220 com_err(whoami, 0, "Unable to process user %s : %s",
4221 user_name, ldap_err2string(rc));
4226 if (group_count != 1)
4228 com_err(whoami, 0, "Unable to find user %s in directory",
4230 linklist_free(group_base);
4231 return(AD_NO_USER_FOUND);
4234 strcpy(distinguished_name, group_base->dn);
4236 linklist_free(group_base);
4239 if(!ActiveDirectory)
4241 if (rc = moira_connect())
4243 critical_alert("Ldap incremental",
4244 "Error contacting Moira server : %s",
4249 argv[0] = user_name;
4251 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4254 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4256 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4258 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4263 "Unable to set the mailRoutingAddress for %s : %s",
4264 user_name, ldap_err2string(rc));
4266 p = strdup(save_argv[3]);
4268 if((c = strchr(p, ',')) != NULL)
4273 if ((c = strchr(q, '@')) == NULL)
4274 sprintf(temp, "%s@mit.edu", q);
4276 sprintf(temp, "%s", q);
4278 if(email_isvalid(temp) && State != US_DELETED)
4280 mail_routing_v[0] = temp;
4283 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4285 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4287 if (rc == LDAP_ALREADY_EXISTS ||
4288 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4293 "Unable to set the mailRoutingAddress for %s : %s",
4294 user_name, ldap_err2string(rc));
4297 while((q = strtok(NULL, ",")) != NULL) {
4300 if((c = strchr(q, '@')) == NULL)
4301 sprintf(temp, "%s@mit.edu", q);
4303 sprintf(temp, "%s", q);
4305 if(email_isvalid(temp) && State != US_DELETED)
4307 mail_routing_v[0] = temp;
4310 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4313 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4315 if (rc == LDAP_ALREADY_EXISTS ||
4316 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4321 "Unable to set the mailRoutingAddress for "
4323 user_name, ldap_err2string(rc));
4329 if((c = strchr(p, '@')) == NULL)
4330 sprintf(temp, "%s@mit.edu", p);
4332 sprintf(temp, "%s", p);
4334 if(email_isvalid(temp) && State != US_DELETED)
4336 mail_routing_v[0] = temp;
4339 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4341 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4343 if (rc == LDAP_ALREADY_EXISTS ||
4344 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4349 "Unable to set the mailRoutingAddress for %s : %s",
4350 user_name, ldap_err2string(rc));
4357 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4358 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4359 "employeeID", user_name);
4361 rc = attribute_update(ldap_handle, distinguished_name, "none",
4362 "employeeID", user_name);
4365 strcat(displayName, first);
4368 if(strlen(middle)) {
4370 strcat(displayName, " ");
4372 strcat(displayName, middle);
4376 if(strlen(middle) || strlen(first))
4377 strcat(displayName, " ");
4379 strcat(displayName, last);
4382 if(strlen(displayName))
4383 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4384 "displayName", user_name);
4386 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4387 "displayName", user_name);
4389 if(!ActiveDirectory)
4391 if(strlen(displayName))
4392 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4395 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4399 if(!ActiveDirectory)
4401 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4402 "eduPersonNickname", user_name);
4406 rc = attribute_update(ldap_handle, distinguished_name, first,
4407 "givenName", user_name);
4409 rc = attribute_update(ldap_handle, distinguished_name, "",
4410 "givenName", user_name);
4412 if(strlen(middle) == 1)
4413 rc = attribute_update(ldap_handle, distinguished_name, middle,
4414 "initials", user_name);
4416 rc = attribute_update(ldap_handle, distinguished_name, "",
4417 "initials", user_name);
4420 rc = attribute_update(ldap_handle, distinguished_name, last,
4423 rc = attribute_update(ldap_handle, distinguished_name, "",
4428 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4433 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4437 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4438 "mitMoiraId", user_name);
4447 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4451 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4456 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4457 sprintf(status, "%d", State);
4458 principal_v[0] = principal;
4459 loginshell_v[0] = shell;
4460 mitMoiraClass_v[0] = class;
4461 mitMoiraStatus_v[0] = status;
4463 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4464 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4465 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4466 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4467 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4468 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4471 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4473 userAccountControl |= UF_ACCOUNTDISABLE;
4477 hide_address_lists_v[0] = "TRUE";
4478 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4486 hide_address_lists_v[0] = NULL;
4487 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4492 sprintf(userAccountControlStr, "%ld", userAccountControl);
4493 userAccountControl_v[0] = userAccountControlStr;
4494 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4498 if (rc = moira_connect())
4500 critical_alert("Ldap incremental",
4501 "Error contacting Moira server : %s",
4506 argv[0] = user_name;
4508 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4510 if(!strcmp(save_argv[1], "EXCHANGE") ||
4511 (strstr(save_argv[3], search_string) != NULL))
4513 alt_recipient_v[0] = NULL;
4514 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4516 argv[0] = exchange_acl;
4518 argv[2] = user_name;
4520 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4522 if ((rc) && (rc != MR_EXISTS))
4524 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4525 user_name, exchange_acl, error_message(rc));
4530 alt_recipient_v[0] = alt_recipient;
4531 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4533 argv[0] = exchange_acl;
4535 argv[2] = user_name;
4537 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4539 if ((rc) && (rc != MR_NO_MATCH))
4542 "Unable to remove user %s from %s: %s, %d",
4543 user_name, exchange_acl, error_message(rc), rc);
4549 alt_recipient_v[0] = alt_recipient;
4550 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4552 argv[0] = exchange_acl;
4554 argv[2] = user_name;
4556 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4558 if ((rc) && (rc != MR_NO_MATCH))
4561 "Unable to remove user %s from %s: %s, %d",
4562 user_name, exchange_acl, error_message(rc), rc);
4570 mail_v[0] = contact_mail;
4571 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4573 if(!ActiveDirectory)
4575 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4579 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4580 WinProfileDir, homedir_v, winProfile_v,
4581 drives_v, mods, LDAP_MOD_REPLACE, n);
4585 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4586 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4587 attr_array[0] = "sAMAccountName";
4588 attr_array[1] = NULL;
4592 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4594 &group_base, &group_count,
4595 LDAP_SCOPE_SUBTREE) != 0))
4598 if (group_count != 1)
4600 com_err(whoami, 0, "Unable to process user security template: %s - "
4601 "security not set", "UserTemplate.u");
4605 strcpy(TemplateDn, group_base->dn);
4606 strcpy(TemplateSamName, group_base->value);
4607 linklist_free(group_base);
4611 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4612 filter_exp, NULL, 0, apsServerControls, NULL,
4615 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4617 com_err(whoami, 0, "Unable to find user security template: %s - "
4618 "security not set", "UserTemplate.u");
4622 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4623 "ntSecurityDescriptor");
4625 if (ppsValues == NULL)
4627 com_err(whoami, 0, "Unable to find user security template: %s - "
4628 "security not set", "UserTemplate.u");
4632 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4633 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4638 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4639 mods)) != LDAP_SUCCESS)
4641 OldUseSFU30 = UseSFU30;
4642 SwitchSFU(mods, &UseSFU30, n);
4643 if (OldUseSFU30 != UseSFU30)
4644 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4647 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4648 user_name, ldap_err2string(rc));
4652 for (i = 0; i < n; i++)
4658 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4666 char contact_mail[256];
4667 char proxy_address[256];
4668 char query_base_dn[256];
4670 char *userPrincipalName_v[] = {NULL, NULL};
4671 char *altSecurityIdentities_v[] = {NULL, NULL};
4672 char *name_v[] = {NULL, NULL};
4673 char *samAccountName_v[] = {NULL, NULL};
4674 char *mail_v[] = {NULL, NULL};
4675 char *mail_nickname_v[] = {NULL, NULL};
4676 char *proxy_address_v[] = {NULL, NULL};
4677 char *query_base_dn_v[] = {NULL, NULL};
4678 char *principal_v[] = {NULL, NULL};
4679 char principal[256];
4684 if (!check_string(before_user_name))
4687 "Unable to process invalid LDAP user name %s", before_user_name);
4688 return(AD_INVALID_NAME);
4691 if (!check_string(user_name))
4694 "Unable to process invalid LDAP user name %s", user_name);
4695 return(AD_INVALID_NAME);
4698 strcpy(user_name, user_name);
4701 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4703 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4706 sprintf(new_dn, "cn=%s", user_name);
4708 sprintf(new_dn, "uid=%s", user_name);
4710 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4711 sprintf(contact_mail, "%s@mit.edu", user_name);
4712 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4713 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4715 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4716 NULL, NULL)) != LDAP_SUCCESS)
4718 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4719 before_user_name, user_name, ldap_err2string(rc));
4725 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4728 if(rc = ldap_delete_s(ldap_handle, temp))
4730 com_err(whoami, 0, "Unable to delete user contact for %s",
4734 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4736 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4740 name_v[0] = user_name;
4741 sprintf(upn, "%s@%s", user_name, ldap_domain);
4742 userPrincipalName_v[0] = upn;
4743 principal_v[0] = principal;
4744 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4745 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4746 altSecurityIdentities_v[0] = temp;
4747 samAccountName_v[0] = user_name;
4749 mail_nickname_v[0] = user_name;
4750 proxy_address_v[0] = proxy_address;
4751 query_base_dn_v[0] = query_base_dn;
4754 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4755 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4756 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4757 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4759 if(!ActiveDirectory)
4761 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4762 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4763 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4764 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4769 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4770 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4771 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4772 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4776 mail_v[0] = contact_mail;
4777 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4779 if(!ActiveDirectory)
4781 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4788 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4790 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4792 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4795 "Unable to modify user data for %s after renaming : %s",
4796 user_name, ldap_err2string(rc));
4799 for (i = 0; i < n; i++)
4805 int user_create(int ac, char **av, void *ptr)
4809 char user_name[256];
4813 char contact_mail[256];
4814 char proxy_address[256];
4815 char mail_nickname[256];
4816 char query_base_dn[256];
4817 char displayName[256];
4818 char address_book[256];
4819 char alt_recipient[256];
4820 char *cn_v[] = {NULL, NULL};
4821 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4823 char *objectClass_ldap_v[] = {"top",
4824 "eduPerson", "posixAccount",
4825 "apple-user", "shadowAccount",
4826 "microsoftComTop", "securityPrincipal",
4827 "inetOrgPerson", "user",
4828 "organizationalPerson", "person",
4829 "mailRecipient", NULL};
4831 char *samAccountName_v[] = {NULL, NULL};
4832 char *altSecurityIdentities_v[] = {NULL, NULL};
4833 char *mitMoiraId_v[] = {NULL, NULL};
4834 char *mitMoiraClass_v[] = {NULL, NULL};
4835 char *mitMoiraStatus_v[] = {NULL, NULL};
4836 char *name_v[] = {NULL, NULL};
4837 char *desc_v[] = {NULL, NULL};
4838 char *userPrincipalName_v[] = {NULL, NULL};
4839 char *userAccountControl_v[] = {NULL, NULL};
4840 char *uid_v[] = {NULL, NULL};
4841 char *gid_v[] = {NULL, NULL};
4842 char *mitid_v[] = {NULL, NULL};
4843 char *homedir_v[] = {NULL, NULL};
4844 char *winProfile_v[] = {NULL, NULL};
4845 char *drives_v[] = {NULL, NULL};
4846 char *mail_v[] = {NULL, NULL};
4847 char *givenName_v[] = {NULL, NULL};
4848 char *sn_v[] = {NULL, NULL};
4849 char *initials_v[] = {NULL, NULL};
4850 char *displayName_v[] = {NULL, NULL};
4851 char *proxy_address_v[] = {NULL, NULL};
4852 char *mail_nickname_v[] = {NULL, NULL};
4853 char *query_base_dn_v[] = {NULL, NULL};
4854 char *address_book_v[] = {NULL, NULL};
4855 char *homeMDB_v[] = {NULL, NULL};
4856 char *homeServerName_v[] = {NULL, NULL};
4857 char *mdbUseDefaults_v[] = {NULL, NULL};
4858 char *mailbox_guid_v[] = {NULL, NULL};
4859 char *user_culture_v[] = {NULL, NULL};
4860 char *user_account_control_v[] = {NULL, NULL};
4861 char *msexch_version_v[] = {NULL, NULL};
4862 char *alt_recipient_v[] = {NULL, NULL};
4863 char *hide_address_lists_v[] = {NULL, NULL};
4864 char *principal_v[] = {NULL, NULL};
4865 char *loginshell_v[] = {NULL, NULL};
4866 char userAccountControlStr[80];
4868 char principal[256];
4869 char filter_exp[1024];
4870 char search_path[512];
4871 char *attr_array[3];
4872 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4873 UF_PASSWD_CANT_CHANGE;
4879 char WinHomeDir[1024];
4880 char WinProfileDir[1024];
4882 char *homeServerName;
4884 char acBERBuf[N_SD_BER_BYTES];
4885 LK_ENTRY *group_base;
4887 char TemplateDn[512];
4888 char TemplateSamName[128];
4889 LDAP_BERVAL **ppsValues;
4890 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4891 { N_SD_BER_BYTES, acBERBuf },
4893 LDAPControl *apsServerControls[] = {&sControl, NULL};
4897 char search_string[256];
4898 char *o_v[] = {NULL, NULL};
4900 char *mail_routing_v[] = {NULL, NULL};
4905 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4906 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4907 BEREncodeSecurityBits(dwInfo, acBERBuf);
4909 if (!check_string(av[U_NAME]))
4911 callback_rc = AD_INVALID_NAME;
4912 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4914 return(AD_INVALID_NAME);
4917 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4918 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4919 memset(displayName, '\0', sizeof(displayName));
4920 memset(query_base_dn, '\0', sizeof(query_base_dn));
4921 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4922 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4923 strcpy(user_name, av[U_NAME]);
4924 sprintf(upn, "%s@%s", user_name, ldap_domain);
4925 sprintf(sam_name, "%s", av[U_NAME]);
4927 if(strlen(av[U_FIRST])) {
4928 strcat(displayName, av[U_FIRST]);
4931 if(strlen(av[U_MIDDLE])) {
4932 if(strlen(av[U_FIRST]))
4933 strcat(displayName, " ");
4935 strcat(displayName, av[U_MIDDLE]);
4938 if(strlen(av[U_LAST])) {
4939 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4940 strcat(displayName, " ");
4942 strcat(displayName, av[U_LAST]);
4945 samAccountName_v[0] = sam_name;
4946 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4947 (atoi(av[U_STATE]) != US_REGISTERED))
4949 userAccountControl |= UF_ACCOUNTDISABLE;
4953 hide_address_lists_v[0] = "TRUE";
4954 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4959 sprintf(userAccountControlStr, "%ld", userAccountControl);
4960 userAccountControl_v[0] = userAccountControlStr;
4961 userPrincipalName_v[0] = upn;
4964 cn_v[0] = user_name;
4966 cn_v[0] = displayName;
4968 name_v[0] = user_name;
4969 desc_v[0] = "Auto account created by Moira";
4971 givenName_v[0] = av[U_FIRST];
4974 sn_v[0] = av[U_LAST];
4976 if(strlen(av[U_LAST]))
4977 sn_v[0] = av[U_LAST];
4979 sn_v[0] = av[U_NAME];
4981 displayName_v[0] = displayName;
4982 mail_nickname_v[0] = user_name;
4983 o_v[0] = "Massachusetts Institute of Technology";
4985 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4986 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4987 altSecurityIdentities_v[0] = temp;
4988 principal_v[0] = principal;
4991 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4993 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4995 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4996 sprintf(contact_mail, "%s@mit.edu", user_name);
4997 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4998 query_base_dn_v[0] = query_base_dn;
4999 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
5001 sprintf(search_string, "@%s", uppercase(ldap_domain));
5005 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5008 com_err(whoami, 0, "Unable to create user contact %s",
5012 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5015 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5019 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5020 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5022 homeMDB_v[0] = homeMDB;
5023 homeServerName_v[0] = homeServerName;
5028 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5032 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5036 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5039 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5040 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5041 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5042 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5043 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5047 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5048 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5049 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5050 mdbUseDefaults_v[0] = "TRUE";
5051 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5052 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5054 argv[0] = user_name;
5056 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5058 if(!strcmp(save_argv[1], "EXCHANGE") ||
5059 (strstr(save_argv[3], search_string) != NULL))
5061 argv[0] = exchange_acl;
5063 argv[2] = user_name;
5065 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5067 if ((rc) && (rc != MR_EXISTS))
5069 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5070 user_name, exchange_acl, error_message(rc));
5075 alt_recipient_v[0] = alt_recipient;
5076 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5081 alt_recipient_v[0] = alt_recipient;
5082 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5084 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5089 mail_v[0] = contact_mail;
5090 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5092 if(!ActiveDirectory)
5094 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5098 if(strlen(av[U_FIRST])) {
5099 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5102 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5103 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5106 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5107 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5109 if(!ActiveDirectory)
5111 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5114 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5116 if(!ActiveDirectory)
5118 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5122 if (strlen(av[U_MIDDLE]) == 1) {
5123 initials_v[0] = av[U_MIDDLE];
5124 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5127 if (strlen(call_args[2]) != 0)
5129 mitMoiraId_v[0] = call_args[2];
5130 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5133 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5135 if(!ActiveDirectory)
5137 loginshell_v[0] = av[U_SHELL];
5138 mitMoiraClass_v[0] = av[U_CLASS];
5139 mitMoiraStatus_v[0] = av[U_STATE];
5140 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5141 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5142 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5143 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5144 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5145 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5148 if (strlen(av[U_UID]) != 0)
5150 uid_v[0] = av[U_UID];
5154 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5159 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5160 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5167 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5171 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5176 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5177 mitid_v[0] = av[U_MITID];
5179 mitid_v[0] = "none";
5181 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5183 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5184 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5185 drives_v, mods, LDAP_MOD_ADD, n);
5189 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5190 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5191 attr_array[0] = "sAMAccountName";
5192 attr_array[1] = NULL;
5196 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5197 attr_array, &group_base, &group_count,
5198 LDAP_SCOPE_SUBTREE) != 0))
5201 if (group_count != 1)
5203 com_err(whoami, 0, "Unable to process user security template: %s - "
5204 "security not set", "UserTemplate.u");
5208 strcpy(TemplateDn, group_base->dn);
5209 strcpy(TemplateSamName, group_base->value);
5210 linklist_free(group_base);
5214 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5215 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5216 apsServerControls, NULL,
5219 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5221 com_err(whoami, 0, "Unable to find user security template: %s - "
5222 "security not set", "UserTemplate.u");
5226 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5227 "ntSecurityDescriptor");
5228 if (ppsValues == NULL)
5230 com_err(whoami, 0, "Unable to find user security template: %s - "
5231 "security not set", "UserTemplate.u");
5235 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5236 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5241 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5243 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5245 OldUseSFU30 = UseSFU30;
5246 SwitchSFU(mods, &UseSFU30, n);
5247 if (OldUseSFU30 != UseSFU30)
5248 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5251 for (i = 0; i < n; i++)
5254 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5256 com_err(whoami, 0, "Unable to create user %s : %s",
5257 user_name, ldap_err2string(rc));
5262 if ((rc == LDAP_SUCCESS) && (SetPassword))
5264 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5266 ad_kdc_disconnect();
5267 if (!ad_server_connect(default_server, ldap_domain))
5269 com_err(whoami, 0, "Unable to set password for user %s : %s",
5271 "cannot get changepw ticket from windows domain");
5275 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5277 com_err(whoami, 0, "Unable to set password for user %s "
5278 ": %ld", user_name, rc);
5284 if(!ActiveDirectory)
5286 if (rc = moira_connect())
5288 critical_alert("Ldap incremental",
5289 "Error contacting Moira server : %s",
5294 argv[0] = user_name;
5296 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5299 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5301 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5303 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5308 "Unable to set the mailRoutingAddress for %s : %s",
5309 user_name, ldap_err2string(rc));
5311 p = strdup(save_argv[3]);
5313 if((c = strchr(p, ',')) != NULL) {
5317 if ((c = strchr(q, '@')) == NULL)
5318 sprintf(temp, "%s@mit.edu", q);
5320 sprintf(temp, "%s", q);
5322 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5324 mail_routing_v[0] = temp;
5327 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5329 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5331 if (rc == LDAP_ALREADY_EXISTS ||
5332 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5337 "Unable to set the mailRoutingAddress for %s : %s",
5338 user_name, ldap_err2string(rc));
5341 while((q = strtok(NULL, ",")) != NULL) {
5344 if((c = strchr(q, '@')) == NULL)
5345 sprintf(temp, "%s@mit.edu", q);
5347 sprintf(temp, "%s", q);
5349 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5351 mail_routing_v[0] = temp;
5354 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5356 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5358 if (rc == LDAP_ALREADY_EXISTS ||
5359 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5364 "Unable to set the mailRoutingAddress for %s : %s",
5365 user_name, ldap_err2string(rc));
5371 if((c = strchr(p, '@')) == NULL)
5372 sprintf(temp, "%s@mit.edu", p);
5374 sprintf(temp, "%s", p);
5376 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5378 mail_routing_v[0] = temp;
5381 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5383 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5385 if (rc == LDAP_ALREADY_EXISTS ||
5386 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5391 "Unable to set the mailRoutingAddress for %s : %s",
5392 user_name, ldap_err2string(rc));
5402 int user_change_status(LDAP *ldap_handle, char *dn_path,
5403 char *user_name, char *MoiraId,
5407 char *attr_array[3];
5409 char distinguished_name[1024];
5411 char *mitMoiraId_v[] = {NULL, NULL};
5413 LK_ENTRY *group_base;
5420 if (!check_string(user_name))
5422 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5424 return(AD_INVALID_NAME);
5430 if (strlen(MoiraId) != 0)
5432 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5433 attr_array[0] = "UserAccountControl";
5434 attr_array[1] = NULL;
5435 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5436 &group_base, &group_count,
5437 LDAP_SCOPE_SUBTREE)) != 0)
5439 com_err(whoami, 0, "Unable to process user %s : %s",
5440 user_name, ldap_err2string(rc));
5445 if (group_count != 1)
5447 linklist_free(group_base);
5450 sprintf(filter, "(sAMAccountName=%s)", user_name);
5451 attr_array[0] = "UserAccountControl";
5452 attr_array[1] = NULL;
5453 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5454 &group_base, &group_count,
5455 LDAP_SCOPE_SUBTREE)) != 0)
5457 com_err(whoami, 0, "Unable to process user %s : %s",
5458 user_name, ldap_err2string(rc));
5463 if (group_count != 1)
5465 linklist_free(group_base);
5466 com_err(whoami, 0, "Unable to find user %s in directory",
5468 return(LDAP_NO_SUCH_OBJECT);
5471 strcpy(distinguished_name, group_base->dn);
5472 ulongValue = atoi((*group_base).value);
5474 if (operation == MEMBER_DEACTIVATE)
5475 ulongValue |= UF_ACCOUNTDISABLE;
5477 ulongValue &= ~UF_ACCOUNTDISABLE;
5479 sprintf(temp, "%ld", ulongValue);
5481 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5482 temp, &modvalues, REPLACE)) == 1)
5485 linklist_free(group_base);
5489 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5491 if (strlen(MoiraId) != 0)
5493 mitMoiraId_v[0] = MoiraId;
5494 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5498 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5500 for (i = 0; i < n; i++)
5503 free_values(modvalues);
5505 if (rc != LDAP_SUCCESS)
5507 com_err(whoami, 0, "Unable to change status of user %s : %s",
5508 user_name, ldap_err2string(rc));
5515 int user_delete(LDAP *ldap_handle, char *dn_path,
5516 char *u_name, char *MoiraId)
5519 char *attr_array[3];
5520 char distinguished_name[1024];
5521 char user_name[512];
5522 LK_ENTRY *group_base;
5527 if (!check_string(u_name))
5528 return(AD_INVALID_NAME);
5530 strcpy(user_name, u_name);
5534 if (strlen(MoiraId) != 0)
5536 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5537 attr_array[0] = "name";
5538 attr_array[1] = NULL;
5539 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5540 &group_base, &group_count,
5541 LDAP_SCOPE_SUBTREE)) != 0)
5543 com_err(whoami, 0, "Unable to process user %s : %s",
5544 user_name, ldap_err2string(rc));
5549 if (group_count != 1)
5551 linklist_free(group_base);
5554 sprintf(filter, "(sAMAccountName=%s)", user_name);
5555 attr_array[0] = "name";
5556 attr_array[1] = NULL;
5557 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5558 &group_base, &group_count,
5559 LDAP_SCOPE_SUBTREE)) != 0)
5561 com_err(whoami, 0, "Unable to process user %s : %s",
5562 user_name, ldap_err2string(rc));
5567 if (group_count != 1)
5572 strcpy(distinguished_name, group_base->dn);
5574 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5576 com_err(whoami, 0, "Unable to process user %s : %s",
5577 user_name, ldap_err2string(rc));
5580 /* Need to add code to delete mit.edu contact */
5584 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5586 if(rc = ldap_delete_s(ldap_handle, temp))
5588 com_err(whoami, 0, "Unable to delete user contact for %s",
5594 linklist_free(group_base);
5599 void linklist_free(LK_ENTRY *linklist_base)
5601 LK_ENTRY *linklist_previous;
5603 while (linklist_base != NULL)
5605 if (linklist_base->dn != NULL)
5606 free(linklist_base->dn);
5608 if (linklist_base->attribute != NULL)
5609 free(linklist_base->attribute);
5611 if (linklist_base->value != NULL)
5612 free(linklist_base->value);
5614 if (linklist_base->member != NULL)
5615 free(linklist_base->member);
5617 if (linklist_base->type != NULL)
5618 free(linklist_base->type);
5620 if (linklist_base->list != NULL)
5621 free(linklist_base->list);
5623 linklist_previous = linklist_base;
5624 linklist_base = linklist_previous->next;
5625 free(linklist_previous);
5629 void free_values(char **modvalues)
5635 if (modvalues != NULL)
5637 while (modvalues[i] != NULL)
5640 modvalues[i] = NULL;
5647 static int illegalchars[] = {
5648 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5649 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5650 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5651 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5652 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5654 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5655 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5656 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5666 static int illegalchars_ldap[] = {
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5669 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5670 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5671 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5673 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5674 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5676 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5677 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5679 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5680 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5681 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5682 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5685 int check_string(char *s)
5696 if (isupper(character))
5697 character = tolower(character);
5701 if (illegalchars[(unsigned) character])
5703 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5704 character, (unsigned) character, string);
5710 if (illegalchars_ldap[(unsigned) character])
5712 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5713 character, (unsigned) character, string);
5722 int check_container_name(char *s)
5730 if (isupper(character))
5731 character = tolower(character);
5733 if (character == ' ')
5736 if (illegalchars[(unsigned) character])
5743 int mr_connect_cl(char *server, char *client, int version, int auth)
5749 status = mr_connect(server);
5753 com_err(whoami, status, "while connecting to Moira");
5757 status = mr_motd(&motd);
5762 com_err(whoami, status, "while checking server status");
5768 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5769 com_err(whoami, status, temp);
5774 status = mr_version(version);
5778 if (status == MR_UNKNOWN_PROC)
5781 status = MR_VERSION_HIGH;
5783 status = MR_SUCCESS;
5786 if (status == MR_VERSION_HIGH)
5788 com_err(whoami, 0, "Warning: This client is running newer code "
5789 "than the server.");
5790 com_err(whoami, 0, "Some operations may not work.");
5792 else if (status && status != MR_VERSION_LOW)
5794 com_err(whoami, status, "while setting query version number.");
5802 status = mr_krb5_auth(client);
5805 com_err(whoami, status, "while authenticating to Moira.");
5814 void AfsToWinAfs(char* path, char* winPath)
5818 strcpy(winPath, WINAFS);
5819 pathPtr = path + strlen(AFS);
5820 winPathPtr = winPath + strlen(WINAFS);
5824 if (*pathPtr == '/')
5827 *winPathPtr = *pathPtr;
5834 int GetAceInfo(int ac, char **av, void *ptr)
5841 strcpy(call_args[0], av[L_ACE_TYPE]);
5842 strcpy(call_args[1], av[L_ACE_NAME]);
5844 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5845 return(LDAP_SUCCESS);
5848 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5851 char *attr_array[3];
5854 LK_ENTRY *group_base;
5859 sprintf(filter, "(sAMAccountName=%s)", Name);
5860 attr_array[0] = "sAMAccountName";
5861 attr_array[1] = NULL;
5863 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5864 &group_base, &group_count,
5865 LDAP_SCOPE_SUBTREE)) != 0)
5867 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5868 Name, ldap_err2string(rc));
5872 linklist_free(group_base);
5875 if (group_count == 0)
5883 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5884 int UpdateGroup, int *ProcessGroup, char *maillist)
5887 char GroupName[256];
5893 char AceMembership[2];
5896 char *save_argv[U_END];
5900 com_err(whoami, 0, "ProcessAce disabled, skipping");
5904 strcpy(GroupName, Name);
5906 if (strcasecmp(Type, "LIST"))
5912 AceInfo[0] = AceType;
5913 AceInfo[1] = AceName;
5914 AceInfo[2] = AceMembership;
5916 memset(AceType, '\0', sizeof(AceType));
5917 memset(AceName, '\0', sizeof(AceName));
5918 memset(AceMembership, '\0', sizeof(AceMembership));
5919 memset(AceOu, '\0', sizeof(AceOu));
5922 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5924 if(rc != MR_NO_MATCH)
5925 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5926 GroupName, error_message(rc));
5933 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5937 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5940 strcpy(temp, AceName);
5942 if (!strcasecmp(AceType, "LIST"))
5943 sprintf(temp, "%s%s", AceName, group_suffix);
5947 if (checkADname(ldap_handle, dn_path, temp))
5950 (*ProcessGroup) = 1;
5953 if (!strcasecmp(AceInfo[0], "LIST"))
5955 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5956 AceMembership, 0, UpdateGroup, maillist))
5959 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5962 else if (!strcasecmp(AceInfo[0], "USER"))
5965 call_args[0] = (char *)ldap_handle;
5966 call_args[1] = dn_path;
5968 call_args[3] = NULL;
5971 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5972 !strcasecmp(AceName, TEST_PRINCIPAL))
5977 if (rc = mr_query("get_user_account_by_login", 1, av,
5978 save_query_info, save_argv))
5980 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5985 if (rc = user_create(U_END, save_argv, call_args))
5987 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5994 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6004 if (!strcasecmp(AceType, "LIST"))
6006 if (!strcasecmp(GroupName, AceName))
6010 strcpy(GroupName, AceName);
6016 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6017 char *group_name, char *group_ou, char *group_membership,
6018 int group_security_flag, int updateGroup, char *maillist)
6023 LK_ENTRY *group_base;
6026 char *attr_array[3];
6029 call_args[0] = (char *)ldap_handle;
6030 call_args[1] = dn_path;
6031 call_args[2] = group_name;
6032 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6033 call_args[4] = (char *)updateGroup;
6034 call_args[5] = MoiraId;
6036 call_args[7] = NULL;
6042 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6045 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6053 com_err(whoami, 0, "Unable to create list %s", group_name);
6054 return(callback_rc);
6060 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6061 char *group_ou, char *group_membership,
6062 int group_security_flag, char *MoiraId)
6077 char *member_v[] = {NULL, NULL};
6078 char *save_argv[U_END];
6079 char machine_ou[256];
6080 char NewMachineName[1024];
6082 com_err(whoami, 0, "Populating group %s", group_name);
6084 call_args[0] = (char *)ldap_handle;
6085 call_args[1] = dn_path;
6086 call_args[2] = group_name;
6087 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6089 call_args[4] = NULL;
6092 if (rc = mr_query("get_end_members_of_list", 1, av,
6093 member_list_build, call_args))
6098 com_err(whoami, 0, "Unable to populate list %s : %s",
6099 group_name, error_message(rc));
6103 members = (char **)malloc(sizeof(char *) * 2);
6105 if (member_base != NULL)
6111 if (!strcasecmp(ptr->type, "LIST"))
6117 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6123 if(!strcasecmp(ptr->type, "USER"))
6125 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6126 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6132 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6133 "")) == AD_NO_USER_FOUND)
6135 com_err(whoami, 0, "creating user %s", ptr->member);
6137 av[0] = ptr->member;
6138 call_args[0] = (char *)ldap_handle;
6139 call_args[1] = dn_path;
6141 call_args[3] = NULL;
6144 if (rc = mr_query("get_user_account_by_login", 1, av,
6145 save_query_info, save_argv))
6147 com_err(whoami, 0, "Unable to create user %s "
6148 "while populating group %s.", ptr->member,
6154 if (rc = user_create(U_END, save_argv, call_args))
6156 com_err(whoami, 0, "Unable to create user %s "
6157 "while populating group %s.", ptr->member,
6165 com_err(whoami, 0, "Unable to create user %s "
6166 "while populating group %s", ptr->member,
6177 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6182 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6186 else if (!strcasecmp(ptr->type, "STRING"))
6188 if (contact_create(ldap_handle, dn_path, ptr->member,
6192 pUserOu = contact_ou;
6193 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6196 else if (!strcasecmp(ptr->type, "KERBEROS"))
6198 if (contact_create(ldap_handle, dn_path, ptr->member,
6202 pUserOu = kerberos_ou;
6203 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6206 else if (!strcasecmp(ptr->type, "MACHINE"))
6208 memset(machine_ou, '\0', sizeof(machine_ou));
6209 memset(NewMachineName, '\0', sizeof(NewMachineName));
6211 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6212 machine_ou, NewMachineName))
6214 pUserOu = machine_ou;
6215 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6226 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6227 members[i++] = strdup(member);
6232 linklist_free(member_base);
6238 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6240 if(GroupPopulateDelete)
6243 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6246 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6247 mods)) != LDAP_SUCCESS)
6250 "Unable to populate group membership for %s: %s",
6251 group_dn, ldap_err2string(rc));
6254 for (i = 0; i < n; i++)
6259 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6262 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6263 mods)) != LDAP_SUCCESS)
6266 "Unable to populate group membership for %s: %s",
6267 group_dn, ldap_err2string(rc));
6270 for (i = 0; i < n; i++)
6278 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6279 char *group_name, char *group_ou, char *group_membership,
6280 int group_security_flag, int type, char *maillist)
6282 char before_desc[512];
6283 char before_name[256];
6284 char before_group_ou[256];
6285 char before_group_membership[2];
6286 char distinguishedName[256];
6287 char ad_distinguishedName[256];
6289 char *attr_array[3];
6290 int before_security_flag;
6293 LK_ENTRY *group_base;
6296 char ou_security[512];
6297 char ou_distribution[512];
6298 char ou_neither[512];
6301 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6302 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6304 memset(filter, '\0', sizeof(filter));
6308 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6310 "samAccountName", &group_base,
6311 &group_count, filter))
6314 if (type == CHECK_GROUPS)
6316 if (group_count == 1)
6318 strcpy(group_dn, group_base->dn);
6320 if (!strcasecmp(group_dn, distinguishedName))
6322 linklist_free(group_base);
6327 linklist_free(group_base);
6329 if (group_count == 0)
6330 return(AD_NO_GROUPS_FOUND);
6332 if (group_count == 1)
6333 return(AD_WRONG_GROUP_DN_FOUND);
6335 return(AD_MULTIPLE_GROUPS_FOUND);
6338 if (group_count == 0)
6340 return(AD_NO_GROUPS_FOUND);
6343 if (group_count > 1)
6347 strcpy(group_dn, ptr->dn);
6351 if (!strcasecmp(group_dn, ptr->value))
6359 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6365 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6369 linklist_free(group_base);
6370 return(AD_MULTIPLE_GROUPS_FOUND);
6377 strcpy(group_dn, ptr->dn);
6379 if (strcasecmp(group_dn, ptr->value))
6380 rc = ldap_delete_s(ldap_handle, ptr->value);
6385 linklist_free(group_base);
6386 memset(filter, '\0', sizeof(filter));
6390 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6392 "samAccountName", &group_base,
6393 &group_count, filter))
6396 if (group_count == 0)
6397 return(AD_NO_GROUPS_FOUND);
6399 if (group_count > 1)
6400 return(AD_MULTIPLE_GROUPS_FOUND);
6403 strcpy(ad_distinguishedName, group_base->dn);
6404 linklist_free(group_base);
6408 attr_array[0] = "sAMAccountName";
6409 attr_array[1] = NULL;
6411 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6412 &group_base, &group_count,
6413 LDAP_SCOPE_SUBTREE)) != 0)
6415 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6416 MoiraId, ldap_err2string(rc));
6420 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6422 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6424 linklist_free(group_base);
6430 linklist_free(group_base);
6433 memset(ou_both, '\0', sizeof(ou_both));
6434 memset(ou_security, '\0', sizeof(ou_security));
6435 memset(ou_distribution, '\0', sizeof(ou_distribution));
6436 memset(ou_neither, '\0', sizeof(ou_neither));
6437 memset(before_name, '\0', sizeof(before_name));
6438 memset(before_desc, '\0', sizeof(before_desc));
6439 memset(before_group_membership, '\0', sizeof(before_group_membership));
6441 attr_array[0] = "name";
6442 attr_array[1] = NULL;
6444 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6445 &group_base, &group_count,
6446 LDAP_SCOPE_SUBTREE)) != 0)
6448 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6449 MoiraId, ldap_err2string(rc));
6453 strcpy(before_name, group_base->value);
6454 linklist_free(group_base);
6458 attr_array[0] = "description";
6459 attr_array[1] = NULL;
6461 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6462 &group_base, &group_count,
6463 LDAP_SCOPE_SUBTREE)) != 0)
6466 "Unable to get list description with MoiraId = %s: %s",
6467 MoiraId, ldap_err2string(rc));
6471 if (group_count != 0)
6473 strcpy(before_desc, group_base->value);
6474 linklist_free(group_base);
6479 change_to_lower_case(ad_distinguishedName);
6480 strcpy(ou_both, group_ou_both);
6481 change_to_lower_case(ou_both);
6482 strcpy(ou_security, group_ou_security);
6483 change_to_lower_case(ou_security);
6484 strcpy(ou_distribution, group_ou_distribution);
6485 change_to_lower_case(ou_distribution);
6486 strcpy(ou_neither, group_ou_neither);
6487 change_to_lower_case(ou_neither);
6489 if (strstr(ad_distinguishedName, ou_both))
6491 strcpy(before_group_ou, group_ou_both);
6492 before_group_membership[0] = 'B';
6493 before_security_flag = 1;
6495 else if (strstr(ad_distinguishedName, ou_security))
6497 strcpy(before_group_ou, group_ou_security);
6498 before_group_membership[0] = 'S';
6499 before_security_flag = 1;
6501 else if (strstr(ad_distinguishedName, ou_distribution))
6503 strcpy(before_group_ou, group_ou_distribution);
6504 before_group_membership[0] = 'D';
6505 before_security_flag = 0;
6507 else if (strstr(ad_distinguishedName, ou_neither))
6509 strcpy(before_group_ou, group_ou_neither);
6510 before_group_membership[0] = 'N';
6511 before_security_flag = 0;
6514 return(AD_NO_OU_FOUND);
6516 rc = group_rename(ldap_handle, dn_path, before_name,
6517 before_group_membership,
6518 before_group_ou, before_security_flag, before_desc,
6519 group_name, group_membership, group_ou,
6520 group_security_flag,
6521 before_desc, MoiraId, filter, maillist);
6526 void change_to_lower_case(char *ptr)
6530 for (i = 0; i < (int)strlen(ptr); i++)
6532 ptr[i] = tolower(ptr[i]);
6536 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6537 char *group_name, char *group_membership,
6538 char *MoiraId, char *attribute,
6539 LK_ENTRY **linklist_base, int *linklist_count,
6544 char *attr_array[3];
6548 (*linklist_base) = NULL;
6549 (*linklist_count) = 0;
6551 if (strlen(rFilter) != 0)
6553 strcpy(filter, rFilter);
6554 attr_array[0] = attribute;
6555 attr_array[1] = NULL;
6557 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6558 linklist_base, linklist_count,
6559 LDAP_SCOPE_SUBTREE)) != 0)
6561 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6562 MoiraId, ldap_err2string(rc));
6566 if ((*linklist_count) == 1)
6568 strcpy(rFilter, filter);
6573 linklist_free((*linklist_base));
6574 (*linklist_base) = NULL;
6575 (*linklist_count) = 0;
6577 if (strlen(MoiraId) != 0)
6579 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6581 attr_array[0] = attribute;
6582 attr_array[1] = NULL;
6584 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6585 linklist_base, linklist_count,
6586 LDAP_SCOPE_SUBTREE)) != 0)
6588 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6589 MoiraId, ldap_err2string(rc));
6594 if ((*linklist_count) > 1)
6596 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6597 pPtr = (*linklist_base);
6601 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6606 linklist_free((*linklist_base));
6607 (*linklist_base) = NULL;
6608 (*linklist_count) = 0;
6611 if ((*linklist_count) == 1)
6614 pPtr = (*linklist_base);
6615 dn = strdup(pPtr->dn);
6618 if (!memcmp(dn, group_name, strlen(group_name)))
6620 strcpy(rFilter, filter);
6625 linklist_free((*linklist_base));
6626 (*linklist_base) = NULL;
6627 (*linklist_count) = 0;
6628 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6630 attr_array[0] = attribute;
6631 attr_array[1] = NULL;
6633 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6634 linklist_base, linklist_count,
6635 LDAP_SCOPE_SUBTREE)) != 0)
6637 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6638 MoiraId, ldap_err2string(rc));
6642 if ((*linklist_count) == 1)
6644 strcpy(rFilter, filter);
6651 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6654 char *attr_array[3];
6655 char SamAccountName[64];
6658 LK_ENTRY *group_base;
6664 if (strlen(MoiraId) != 0)
6666 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6668 attr_array[0] = "sAMAccountName";
6669 attr_array[1] = NULL;
6670 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6671 &group_base, &group_count,
6672 LDAP_SCOPE_SUBTREE)) != 0)
6674 com_err(whoami, 0, "Unable to process user %s : %s",
6675 UserName, ldap_err2string(rc));
6679 if (group_count > 1)
6681 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6687 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6688 gPtr->value, MoiraId);
6694 if (group_count != 1)
6696 linklist_free(group_base);
6699 sprintf(filter, "(sAMAccountName=%s)", UserName);
6700 attr_array[0] = "sAMAccountName";
6701 attr_array[1] = NULL;
6703 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6704 &group_base, &group_count,
6705 LDAP_SCOPE_SUBTREE)) != 0)
6707 com_err(whoami, 0, "Unable to process user %s : %s",
6708 UserName, ldap_err2string(rc));
6713 if (group_count != 1)
6715 linklist_free(group_base);
6716 return(AD_NO_USER_FOUND);
6719 strcpy(SamAccountName, group_base->value);
6720 linklist_free(group_base);
6724 if (strcmp(SamAccountName, UserName))
6727 "User object %s with MoiraId %s has mismatched usernames "
6728 "(LDAP username %s, Moira username %s)", SamAccountName,
6729 MoiraId, SamAccountName, UserName);
6735 void container_get_dn(char *src, char *dest)
6742 memset(array, '\0', 20 * sizeof(array[0]));
6744 if (strlen(src) == 0)
6766 strcpy(dest, "OU=");
6770 strcat(dest, array[n-1]);
6774 strcat(dest, ",OU=");
6781 void container_get_name(char *src, char *dest)
6786 if (strlen(src) == 0)
6806 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6813 strcpy(cName, name);
6815 for (i = 0; i < (int)strlen(cName); i++)
6817 if (cName[i] == '/')
6820 av[CONTAINER_NAME] = cName;
6821 av[CONTAINER_DESC] = "";
6822 av[CONTAINER_LOCATION] = "";
6823 av[CONTAINER_CONTACT] = "";
6824 av[CONTAINER_TYPE] = "";
6825 av[CONTAINER_ID] = "";
6826 av[CONTAINER_ROWID] = "";
6827 rc = container_create(ldap_handle, dn_path, 7, av);
6829 if (rc == LDAP_SUCCESS)
6831 com_err(whoami, 0, "container %s created without a mitMoiraId",
6840 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6841 char **before, int afterc, char **after)
6846 char new_dn_path[256];
6848 char distinguishedName[256];
6853 memset(cName, '\0', sizeof(cName));
6854 container_get_name(after[CONTAINER_NAME], cName);
6856 if (!check_container_name(cName))
6858 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6860 return(AD_INVALID_NAME);
6863 memset(distinguishedName, '\0', sizeof(distinguishedName));
6865 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6866 distinguishedName, beforec, before))
6869 if (strlen(distinguishedName) == 0)
6871 rc = container_create(ldap_handle, dn_path, afterc, after);
6875 strcpy(temp, after[CONTAINER_NAME]);
6878 for (i = 0; i < (int)strlen(temp); i++)
6888 container_get_dn(temp, dName);
6890 if (strlen(temp) != 0)
6891 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6893 sprintf(new_dn_path, "%s", dn_path);
6895 sprintf(new_cn, "OU=%s", cName);
6897 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6899 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6900 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6902 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6903 before[CONTAINER_NAME], after[CONTAINER_NAME],
6904 ldap_err2string(rc));
6908 memset(dName, '\0', sizeof(dName));
6909 container_get_dn(after[CONTAINER_NAME], dName);
6910 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6915 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6917 char distinguishedName[256];
6920 memset(distinguishedName, '\0', sizeof(distinguishedName));
6922 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6923 distinguishedName, count, av))
6926 if (strlen(distinguishedName) == 0)
6929 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6931 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6932 container_move_objects(ldap_handle, dn_path, distinguishedName);
6934 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6935 av[CONTAINER_NAME], ldap_err2string(rc));
6941 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6943 char *attr_array[3];
6944 LK_ENTRY *group_base;
6947 char *objectClass_v[] = {"top",
6948 "organizationalUnit",
6951 char *ou_v[] = {NULL, NULL};
6952 char *name_v[] = {NULL, NULL};
6953 char *moiraId_v[] = {NULL, NULL};
6954 char *desc_v[] = {NULL, NULL};
6955 char *managedBy_v[] = {NULL, NULL};
6958 char managedByDN[256];
6965 memset(filter, '\0', sizeof(filter));
6966 memset(dName, '\0', sizeof(dName));
6967 memset(cName, '\0', sizeof(cName));
6968 memset(managedByDN, '\0', sizeof(managedByDN));
6969 container_get_dn(av[CONTAINER_NAME], dName);
6970 container_get_name(av[CONTAINER_NAME], cName);
6972 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6974 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6976 return(AD_INVALID_NAME);
6979 if (!check_container_name(cName))
6981 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6983 return(AD_INVALID_NAME);
6987 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6989 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6991 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6993 if (strlen(av[CONTAINER_ROWID]) != 0)
6995 moiraId_v[0] = av[CONTAINER_ROWID];
6996 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6999 if (strlen(av[CONTAINER_DESC]) != 0)
7001 desc_v[0] = av[CONTAINER_DESC];
7002 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7005 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7007 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7009 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7012 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7013 kerberos_ou, dn_path);
7014 managedBy_v[0] = managedByDN;
7015 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7020 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7022 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7023 "(objectClass=user)))", av[CONTAINER_ID]);
7026 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7028 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7032 if (strlen(filter) != 0)
7034 attr_array[0] = "distinguishedName";
7035 attr_array[1] = NULL;
7038 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7040 &group_base, &group_count,
7041 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7043 if (group_count == 1)
7045 strcpy(managedByDN, group_base->value);
7046 managedBy_v[0] = managedByDN;
7047 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7049 linklist_free(group_base);
7059 sprintf(temp, "%s,%s", dName, dn_path);
7060 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7062 for (i = 0; i < n; i++)
7065 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7067 com_err(whoami, 0, "Unable to create container %s : %s",
7068 cName, ldap_err2string(rc));
7072 if (rc == LDAP_ALREADY_EXISTS)
7074 if (strlen(av[CONTAINER_ROWID]) != 0)
7075 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7081 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7082 char **before, int afterc, char **after)
7084 char distinguishedName[256];
7087 memset(distinguishedName, '\0', sizeof(distinguishedName));
7089 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7090 distinguishedName, afterc, after))
7093 if (strlen(distinguishedName) == 0)
7095 rc = container_create(ldap_handle, dn_path, afterc, after);
7099 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7100 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7106 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7107 char *distinguishedName, int count,
7110 char *attr_array[3];
7111 LK_ENTRY *group_base;
7118 memset(filter, '\0', sizeof(filter));
7119 memset(dName, '\0', sizeof(dName));
7120 memset(cName, '\0', sizeof(cName));
7121 container_get_dn(av[CONTAINER_NAME], dName);
7122 container_get_name(av[CONTAINER_NAME], cName);
7124 if (strlen(dName) == 0)
7126 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7127 av[CONTAINER_NAME]);
7128 return(AD_INVALID_NAME);
7131 if (!check_container_name(cName))
7133 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7135 return(AD_INVALID_NAME);
7138 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7139 av[CONTAINER_ROWID]);
7140 attr_array[0] = "distinguishedName";
7141 attr_array[1] = NULL;
7145 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7146 &group_base, &group_count,
7147 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7149 if (group_count == 1)
7151 strcpy(distinguishedName, group_base->value);
7154 linklist_free(group_base);
7159 if (strlen(distinguishedName) == 0)
7161 sprintf(filter, "(&(objectClass=organizationalUnit)"
7162 "(distinguishedName=%s,%s))", dName, dn_path);
7163 attr_array[0] = "distinguishedName";
7164 attr_array[1] = NULL;
7168 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7169 &group_base, &group_count,
7170 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7172 if (group_count == 1)
7174 strcpy(distinguishedName, group_base->value);
7177 linklist_free(group_base);
7186 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7187 char *distinguishedName, int count, char **av)
7189 char *attr_array[5];
7190 LK_ENTRY *group_base;
7195 char *moiraId_v[] = {NULL, NULL};
7196 char *desc_v[] = {NULL, NULL};
7197 char *managedBy_v[] = {NULL, NULL};
7198 char managedByDN[256];
7207 strcpy(ad_path, distinguishedName);
7209 if (strlen(dName) != 0)
7210 sprintf(ad_path, "%s,%s", dName, dn_path);
7212 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7215 if (strlen(av[CONTAINER_ID]) != 0)
7216 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7217 av[CONTAINER_ROWID]);
7219 attr_array[0] = "mitMoiraId";
7220 attr_array[1] = "description";
7221 attr_array[2] = "managedBy";
7222 attr_array[3] = NULL;
7226 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7227 &group_base, &group_count,
7228 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7230 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7231 av[CONTAINER_NAME], ldap_err2string(rc));
7235 memset(managedByDN, '\0', sizeof(managedByDN));
7236 memset(moiraId, '\0', sizeof(moiraId));
7237 memset(desc, '\0', sizeof(desc));
7242 if (!strcasecmp(pPtr->attribute, "description"))
7243 strcpy(desc, pPtr->value);
7244 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7245 strcpy(managedByDN, pPtr->value);
7246 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7247 strcpy(moiraId, pPtr->value);
7251 linklist_free(group_base);
7256 if (strlen(av[CONTAINER_ROWID]) != 0)
7258 moiraId_v[0] = av[CONTAINER_ROWID];
7259 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7262 if (strlen(av[CONTAINER_DESC]) != 0)
7264 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7269 if (strlen(desc) != 0)
7271 attribute_update(ldap_handle, ad_path, "", "description", dName);
7275 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7277 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7279 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7282 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7283 kerberos_ou, dn_path);
7284 managedBy_v[0] = managedByDN;
7285 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7289 if (strlen(managedByDN) != 0)
7291 attribute_update(ldap_handle, ad_path, "", "managedBy",
7298 memset(filter, '\0', sizeof(filter));
7300 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7302 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7303 "(objectClass=user)))", av[CONTAINER_ID]);
7306 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7308 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7312 if (strlen(filter) != 0)
7314 attr_array[0] = "distinguishedName";
7315 attr_array[1] = NULL;
7318 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7319 attr_array, &group_base, &group_count,
7320 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7322 if (group_count == 1)
7324 strcpy(managedByDN, group_base->value);
7325 managedBy_v[0] = managedByDN;
7326 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7330 if (strlen(managedByDN) != 0)
7332 attribute_update(ldap_handle, ad_path, "",
7333 "managedBy", dName);
7337 linklist_free(group_base);
7344 if (strlen(managedByDN) != 0)
7346 attribute_update(ldap_handle, ad_path, "", "managedBy",
7356 return(LDAP_SUCCESS);
7358 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7360 for (i = 0; i < n; i++)
7363 if (rc != LDAP_SUCCESS)
7365 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7366 av[CONTAINER_NAME], ldap_err2string(rc));
7373 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7375 char *attr_array[3];
7376 LK_ENTRY *group_base;
7383 int NumberOfEntries = 10;
7387 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7389 for (i = 0; i < 3; i++)
7391 memset(filter, '\0', sizeof(filter));
7395 strcpy(filter, "(!(|(objectClass=computer)"
7396 "(objectClass=organizationalUnit)))");
7397 attr_array[0] = "cn";
7398 attr_array[1] = NULL;
7402 strcpy(filter, "(objectClass=computer)");
7403 attr_array[0] = "cn";
7404 attr_array[1] = NULL;
7408 strcpy(filter, "(objectClass=organizationalUnit)");
7409 attr_array[0] = "ou";
7410 attr_array[1] = NULL;
7415 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7416 &group_base, &group_count,
7417 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7422 if (group_count == 0)
7429 if (!strcasecmp(pPtr->attribute, "cn"))
7431 sprintf(new_cn, "cn=%s", pPtr->value);
7433 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7435 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7440 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7442 if (rc == LDAP_ALREADY_EXISTS)
7444 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7451 else if (!strcasecmp(pPtr->attribute, "ou"))
7453 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7459 linklist_free(group_base);
7468 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7469 char *machine_ou, char *NewMachineName)
7471 LK_ENTRY *group_base;
7475 char *attr_array[3];
7482 strcpy(NewMachineName, member);
7483 rc = moira_connect();
7484 rc = GetMachineName(NewMachineName);
7487 if (strlen(NewMachineName) == 0)
7489 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7495 pPtr = strchr(NewMachineName, '.');
7502 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7503 attr_array[0] = "cn";
7504 attr_array[1] = NULL;
7505 sprintf(temp, "%s", dn_path);
7507 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7508 &group_base, &group_count,
7509 LDAP_SCOPE_SUBTREE)) != 0)
7511 com_err(whoami, 0, "Unable to process machine %s : %s",
7512 member, ldap_err2string(rc));
7516 if (group_count != 1)
7521 strcpy(dn, group_base->dn);
7522 strcpy(cn, group_base->value);
7524 for (i = 0; i < (int)strlen(dn); i++)
7525 dn[i] = tolower(dn[i]);
7527 for (i = 0; i < (int)strlen(cn); i++)
7528 cn[i] = tolower(cn[i]);
7530 linklist_free(group_base);
7532 pPtr = strstr(dn, cn);
7536 com_err(whoami, 0, "Unable to process machine %s",
7541 pPtr += strlen(cn) + 1;
7542 strcpy(machine_ou, pPtr);
7544 pPtr = strstr(machine_ou, "dc=");
7548 com_err(whoami, 0, "Unable to process machine %s",
7559 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7560 char *MoiraMachineName, char *DestinationOu)
7564 char MachineName[128];
7566 char *attr_array[3];
7571 LK_ENTRY *group_base;
7576 strcpy(MachineName, MoiraMachineName);
7577 rc = GetMachineName(MachineName);
7579 if (strlen(MachineName) == 0)
7581 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7586 cPtr = strchr(MachineName, '.');
7591 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7592 attr_array[0] = "sAMAccountName";
7593 attr_array[1] = NULL;
7595 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7597 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7599 com_err(whoami, 0, "Unable to process machine %s : %s",
7600 MoiraMachineName, ldap_err2string(rc));
7604 if (group_count == 1)
7605 strcpy(OldDn, group_base->dn);
7607 linklist_free(group_base);
7610 if (group_count != 1)
7612 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7617 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7618 cPtr = strchr(OldDn, ',');
7623 if (!strcasecmp(cPtr, NewOu))
7627 sprintf(NewCn, "CN=%s", MachineName);
7628 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7633 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7639 memset(Name, '\0', sizeof(Name));
7640 strcpy(Name, machine_name);
7642 pPtr = strchr(Name, '.');
7648 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7651 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7652 char *machine_name, char *container_name)
7658 av[0] = machine_name;
7659 call_args[0] = (char *)container_name;
7660 rc = mr_query("get_machine_to_container_map", 1, av,
7661 machine_GetMoiraContainer, call_args);
7665 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7670 strcpy(call_args[0], av[1]);
7674 int Moira_container_group_create(char **after)
7680 memset(GroupName, '\0', sizeof(GroupName));
7681 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7682 after[CONTAINER_ROWID]);
7686 argv[L_NAME] = GroupName;
7687 argv[L_ACTIVE] = "1";
7688 argv[L_PUBLIC] = "0";
7689 argv[L_HIDDEN] = "0";
7690 argv[L_MAILLIST] = "0";
7691 argv[L_GROUP] = "1";
7692 argv[L_GID] = UNIQUE_GID;
7693 argv[L_NFSGROUP] = "0";
7694 argv[L_MAILMAN] = "0";
7695 argv[L_MAILMAN_SERVER] = "[NONE]";
7696 argv[L_DESC] = "auto created container group";
7697 argv[L_ACE_TYPE] = "USER";
7698 argv[L_MEMACE_TYPE] = "USER";
7699 argv[L_ACE_NAME] = "sms";
7700 argv[L_MEMACE_NAME] = "sms";
7702 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7705 "Unable to create container group %s for container %s: %s",
7706 GroupName, after[CONTAINER_NAME], error_message(rc));
7709 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7710 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7715 int Moira_container_group_update(char **before, char **after)
7718 char BeforeGroupName[64];
7719 char AfterGroupName[64];
7722 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7725 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7726 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7727 if (strlen(BeforeGroupName) == 0)
7730 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7731 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7732 after[CONTAINER_ROWID]);
7736 if (strcasecmp(BeforeGroupName, AfterGroupName))
7738 argv[L_NAME] = BeforeGroupName;
7739 argv[L_NAME + 1] = AfterGroupName;
7740 argv[L_ACTIVE + 1] = "1";
7741 argv[L_PUBLIC + 1] = "0";
7742 argv[L_HIDDEN + 1] = "0";
7743 argv[L_MAILLIST + 1] = "0";
7744 argv[L_GROUP + 1] = "1";
7745 argv[L_GID + 1] = UNIQUE_GID;
7746 argv[L_NFSGROUP + 1] = "0";
7747 argv[L_MAILMAN + 1] = "0";
7748 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7749 argv[L_DESC + 1] = "auto created container group";
7750 argv[L_ACE_TYPE + 1] = "USER";
7751 argv[L_MEMACE_TYPE + 1] = "USER";
7752 argv[L_ACE_NAME + 1] = "sms";
7753 argv[L_MEMACE_NAME + 1] = "sms";
7755 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7758 "Unable to rename container group from %s to %s: %s",
7759 BeforeGroupName, AfterGroupName, error_message(rc));
7766 int Moira_container_group_delete(char **before)
7771 char ParentGroupName[64];
7773 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7774 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7776 memset(GroupName, '\0', sizeof(GroupName));
7778 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7779 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7781 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7783 argv[0] = ParentGroupName;
7785 argv[2] = GroupName;
7787 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7790 "Unable to delete container group %s from list: %s",
7791 GroupName, ParentGroupName, error_message(rc));
7795 if (strlen(GroupName) != 0)
7797 argv[0] = GroupName;
7799 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7801 com_err(whoami, 0, "Unable to delete container group %s : %s",
7802 GroupName, error_message(rc));
7809 int Moira_groupname_create(char *GroupName, char *ContainerName,
7810 char *ContainerRowID)
7815 char newGroupName[64];
7816 char tempGroupName[64];
7822 strcpy(temp, ContainerName);
7824 ptr1 = strrchr(temp, '/');
7830 ptr1 = strrchr(temp, '/');
7834 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7837 strcpy(tempgname, ptr);
7840 strcpy(tempgname, temp);
7842 if (strlen(tempgname) > 25)
7843 tempgname[25] ='\0';
7845 sprintf(newGroupName, "cnt-%s", tempgname);
7847 /* change everything to lower case */
7853 *ptr = tolower(*ptr);
7861 strcpy(tempGroupName, newGroupName);
7864 /* append 0-9 then a-z if a duplicate is found */
7867 argv[0] = newGroupName;
7869 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7871 if (rc == MR_NO_MATCH)
7873 com_err(whoami, 0, "Moira error while creating group name for "
7874 "container %s : %s", ContainerName, error_message(rc));
7878 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7882 com_err(whoami, 0, "Unable to find a unique group name for "
7883 "container %s: too many duplicate container names",
7894 strcpy(GroupName, newGroupName);
7898 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7903 argv[0] = origContainerName;
7904 argv[1] = GroupName;
7906 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7909 "Unable to set container group %s in container %s: %s",
7910 GroupName, origContainerName, error_message(rc));
7916 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7918 char ContainerName[64];
7919 char ParentGroupName[64];
7923 strcpy(ContainerName, origContainerName);
7925 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7927 /* top-level container */
7928 if (strlen(ParentGroupName) == 0)
7931 argv[0] = ParentGroupName;
7933 argv[2] = GroupName;
7935 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7938 "Unable to add container group %s to parent group %s: %s",
7939 GroupName, ParentGroupName, error_message(rc));
7945 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7950 strcpy(call_args[0], av[1]);
7955 int Moira_getGroupName(char *origContainerName, char *GroupName,
7958 char ContainerName[64];
7964 strcpy(ContainerName, origContainerName);
7968 ptr = strrchr(ContainerName, '/');
7976 argv[0] = ContainerName;
7978 call_args[0] = GroupName;
7979 call_args[1] = NULL;
7981 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7984 if (strlen(GroupName) != 0)
7989 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7990 ContainerName, error_message(rc));
7992 com_err(whoami, 0, "Unable to get container group from container %s",
7998 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8004 if (strcmp(GroupName, "[none]") == 0)
8007 argv[0] = GroupName;
8008 argv[1] = "MACHINE";
8009 argv[2] = MachineName;
8012 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8014 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8018 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8019 MachineName, GroupName, error_message(rc));
8025 int GetMachineName(char *MachineName)
8028 char NewMachineName[1024];
8035 // If the address happens to be in the top-level MIT domain, great!
8036 strcpy(NewMachineName, MachineName);
8038 for (i = 0; i < (int)strlen(NewMachineName); i++)
8039 NewMachineName[i] = toupper(NewMachineName[i]);
8041 szDot = strchr(NewMachineName,'.');
8043 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8048 // If not, see if it has a Moira alias in the top-level MIT domain.
8049 memset(NewMachineName, '\0', sizeof(NewMachineName));
8051 args[1] = MachineName;
8052 call_args[0] = NewMachineName;
8053 call_args[1] = NULL;
8055 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8057 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8058 MachineName, error_message(rc));
8059 strcpy(MachineName, "");
8063 if (strlen(NewMachineName) != 0)
8064 strcpy(MachineName, NewMachineName);
8066 strcpy(MachineName, "");
8071 int ProcessMachineName(int ac, char **av, void *ptr)
8074 char MachineName[1024];
8080 if (strlen(call_args[0]) == 0)
8082 strcpy(MachineName, av[0]);
8084 for (i = 0; i < (int)strlen(MachineName); i++)
8085 MachineName[i] = toupper(MachineName[i]);
8087 szDot = strchr(MachineName,'.');
8089 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8091 strcpy(call_args[0], MachineName);
8098 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8104 for (i = 0; i < n; i++)
8106 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8107 mods[i]->mod_type = "uidNumber";
8114 for (i = 0; i < n; i++)
8116 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8117 mods[i]->mod_type = "msSFU30UidNumber";
8124 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8125 char *DistinguishedName,
8126 char *WinHomeDir, char *WinProfileDir,
8127 char **homedir_v, char **winProfile_v,
8128 char **drives_v, LDAPMod **mods,
8135 char winProfile[1024];
8138 char apple_homedir[1024];
8139 char *apple_homedir_v[] = {NULL, NULL};
8143 LDAPMod *DelMods[20];
8145 char *save_argv[FS_END];
8146 char *fsgroup_save_argv[2];
8148 memset(homeDrive, '\0', sizeof(homeDrive));
8149 memset(path, '\0', sizeof(path));
8150 memset(winPath, '\0', sizeof(winPath));
8151 memset(winProfile, '\0', sizeof(winProfile));
8153 if(!ActiveDirectory)
8155 if (rc = moira_connect())
8157 critical_alert("Ldap incremental",
8158 "Error contacting Moira server : %s",
8163 argv[0] = user_name;
8165 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8168 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8169 !strcmp(save_argv[FS_TYPE], "MUL"))
8172 argv[0] = save_argv[FS_NAME];
8175 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8176 save_fsgroup_info, fsgroup_save_argv)))
8180 argv[0] = fsgroup_save_argv[0];
8182 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8183 save_query_info, save_argv)))
8185 strcpy(path, save_argv[FS_PACK]);
8192 strcpy(path, save_argv[FS_PACK]);
8200 if (!strnicmp(path, AFS, strlen(AFS)))
8202 sprintf(homedir, "%s", path);
8203 sprintf(apple_homedir, "%s/MacData", path);
8204 homedir_v[0] = homedir;
8205 apple_homedir_v[0] = apple_homedir;
8206 ADD_ATTR("homeDirectory", homedir_v, OpType);
8207 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8213 homedir_v[0] = "NONE";
8214 apple_homedir_v[0] = "NONE";
8215 ADD_ATTR("homeDirectory", homedir_v, OpType);
8216 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8223 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8224 (!strcasecmp(WinProfileDir, "[afs]")))
8226 if (rc = moira_connect())
8228 critical_alert("Ldap incremental",
8229 "Error contacting Moira server : %s",
8234 argv[0] = user_name;
8236 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8239 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8240 !strcmp(save_argv[FS_TYPE], "MUL"))
8243 argv[0] = save_argv[FS_NAME];
8246 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8247 save_fsgroup_info, fsgroup_save_argv)))
8251 argv[0] = fsgroup_save_argv[0];
8253 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8254 save_query_info, save_argv)))
8256 strcpy(path, save_argv[FS_PACK]);
8263 strcpy(path, save_argv[FS_PACK]);
8271 if (!strnicmp(path, AFS, strlen(AFS)))
8273 AfsToWinAfs(path, winPath);
8274 strcpy(winProfile, winPath);
8275 strcat(winProfile, "\\.winprofile");
8282 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8283 (!strcasecmp(WinProfileDir, "[dfs]")))
8285 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8286 user_name[0], user_name);
8288 if (!strcasecmp(WinProfileDir, "[dfs]"))
8290 strcpy(winProfile, path);
8291 strcat(winProfile, "\\.winprofile");
8294 if (!strcasecmp(WinHomeDir, "[dfs]"))
8295 strcpy(winPath, path);
8298 if (!strcasecmp(WinHomeDir, "[local]"))
8299 memset(winPath, '\0', sizeof(winPath));
8300 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8301 !strcasecmp(WinHomeDir, "[dfs]"))
8303 strcpy(homeDrive, "H:");
8307 strcpy(winPath, WinHomeDir);
8308 if (!strncmp(WinHomeDir, "\\\\", 2))
8310 strcpy(homeDrive, "H:");
8314 // nothing needs to be done if WinProfileDir is [afs].
8315 if (!strcasecmp(WinProfileDir, "[local]"))
8316 memset(winProfile, '\0', sizeof(winProfile));
8317 else if (strcasecmp(WinProfileDir, "[afs]") &&
8318 strcasecmp(WinProfileDir, "[dfs]"))
8320 strcpy(winProfile, WinProfileDir);
8323 if (strlen(winProfile) != 0)
8325 if (winProfile[strlen(winProfile) - 1] == '\\')
8326 winProfile[strlen(winProfile) - 1] = '\0';
8329 if (strlen(winPath) != 0)
8331 if (winPath[strlen(winPath) - 1] == '\\')
8332 winPath[strlen(winPath) - 1] = '\0';
8335 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8336 strcat(winProfile, "\\");
8338 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8339 strcat(winPath, "\\");
8341 if (strlen(winPath) == 0)
8343 if (OpType == LDAP_MOD_REPLACE)
8346 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8348 //unset homeDirectory attribute for user.
8349 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8355 homedir_v[0] = strdup(winPath);
8356 ADD_ATTR("homeDirectory", homedir_v, OpType);
8359 if (strlen(winProfile) == 0)
8361 if (OpType == LDAP_MOD_REPLACE)
8364 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8366 //unset profilePate attribute for user.
8367 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8373 winProfile_v[0] = strdup(winProfile);
8374 ADD_ATTR("profilePath", winProfile_v, OpType);
8377 if (strlen(homeDrive) == 0)
8379 if (OpType == LDAP_MOD_REPLACE)
8382 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8384 //unset homeDrive attribute for user
8385 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8391 drives_v[0] = strdup(homeDrive);
8392 ADD_ATTR("homeDrive", drives_v, OpType);
8398 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8399 char *attribute_value, char *attribute, char *user_name)
8401 char *mod_v[] = {NULL, NULL};
8402 LDAPMod *DelMods[20];
8408 if (strlen(attribute_value) == 0)
8411 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8413 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8419 mod_v[0] = attribute_value;
8420 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8423 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8424 mods)) != LDAP_SUCCESS)
8428 mod_v[0] = attribute_value;
8429 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8432 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8433 mods)) != LDAP_SUCCESS)
8435 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8436 "in the directory : %s",
8437 attribute, user_name, ldap_err2string(rc));
8447 void StringTrim(char *StringToTrim)
8452 save = strdup(StringToTrim);
8459 /* skip to end of string */
8464 strcpy(StringToTrim, save);
8468 for (t = s; *t; t++)
8484 strcpy(StringToTrim, s);
8488 int ReadConfigFile(char *DomainName)
8499 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8501 if ((fptr = fopen(temp, "r")) != NULL)
8503 while (fgets(temp, sizeof(temp), fptr) != 0)
8505 for (i = 0; i < (int)strlen(temp); i++)
8506 temp[i] = toupper(temp[i]);
8508 if (temp[strlen(temp) - 1] == '\n')
8509 temp[strlen(temp) - 1] = '\0';
8513 if (strlen(temp) == 0)
8516 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8518 if (strlen(temp) > (strlen(DOMAIN)))
8520 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8521 StringTrim(ldap_domain);
8524 else if (!strncmp(temp, REALM, strlen(REALM)))
8526 if (strlen(temp) > (strlen(REALM)))
8528 strcpy(ldap_realm, &temp[strlen(REALM)]);
8529 StringTrim(ldap_realm);
8532 else if (!strncmp(temp, PORT, strlen(PORT)))
8534 if (strlen(temp) > (strlen(PORT)))
8536 strcpy(ldap_port, &temp[strlen(PORT)]);
8537 StringTrim(ldap_port);
8540 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8542 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8544 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8545 StringTrim(PrincipalName);
8548 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8550 if (strlen(temp) > (strlen(SERVER)))
8552 ServerList[Count] = calloc(1, 256);
8553 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8554 StringTrim(ServerList[Count]);
8558 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8560 if (strlen(temp) > (strlen(MSSFU)))
8562 strcpy(temp1, &temp[strlen(MSSFU)]);
8564 if (!strcmp(temp1, SFUTYPE))
8568 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8570 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8572 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8574 if (!strcasecmp(temp1, "NO"))
8577 memset(group_suffix, '\0', sizeof(group_suffix));
8581 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8583 if (strlen(temp) > (strlen(GROUP_TYPE)))
8585 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8587 if (!strcasecmp(temp1, "UNIVERSAL"))
8588 UseGroupUniversal = 1;
8591 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8593 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8595 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8597 if (!strcasecmp(temp1, "NO"))
8601 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8603 if (strlen(temp) > (strlen(SET_PASSWORD)))
8605 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8607 if (!strcasecmp(temp1, "NO"))
8611 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8613 if (strlen(temp) > (strlen(EXCHANGE)))
8615 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8617 if (!strcasecmp(temp1, "YES"))
8621 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8622 strlen(PROCESS_MACHINE_CONTAINER)))
8624 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8626 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8628 if (!strcasecmp(temp1, "NO"))
8629 ProcessMachineContainer = 0;
8632 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8633 strlen(ACTIVE_DIRECTORY)))
8635 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8637 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8639 if (!strcasecmp(temp1, "NO"))
8640 ActiveDirectory = 0;
8643 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8644 strlen(GROUP_POPULATE_MEMBERS)))
8646 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8648 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8650 if (!strcasecmp(temp1, "DELETE"))
8652 GroupPopulateDelete = 1;
8658 if (strlen(ldap_domain) != 0)
8660 memset(ldap_domain, '\0', sizeof(ldap_domain));
8664 if (strlen(temp) != 0)
8665 strcpy(ldap_domain, temp);
8671 if (strlen(ldap_domain) == 0)
8673 strcpy(ldap_domain, DomainName);
8679 for (i = 0; i < Count; i++)
8681 if (ServerList[i] != 0)
8683 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8684 ServerList[i][k] = toupper(ServerList[i][k]);
8691 int ReadDomainList()
8698 unsigned char c[11];
8699 unsigned char stuff[256];
8704 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8706 if ((fptr = fopen(temp, "r")) != NULL)
8708 while (fgets(temp, sizeof(temp), fptr) != 0)
8710 for (i = 0; i < (int)strlen(temp); i++)
8711 temp[i] = toupper(temp[i]);
8713 if (temp[strlen(temp) - 1] == '\n')
8714 temp[strlen(temp) - 1] = '\0';
8718 if (strlen(temp) == 0)
8721 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8723 if (strlen(temp) > (strlen(DOMAIN)))
8725 strcpy(temp1, &temp[strlen(DOMAIN)]);
8727 strcpy(temp, temp1);
8731 strcpy(DomainNames[Count], temp);
8732 StringTrim(DomainNames[Count]);
8741 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8742 "configuration error in ldap.cfg");
8749 int email_isvalid(const char *address) {
8751 const char *c, *domain;
8752 static char *rfc822_specials = "()<>@,;:\\\"[]";
8754 if(address[strlen(address) - 1] == '.')
8757 /* first we validate the name portion (name@domain) */
8758 for (c = address; *c; c++) {
8759 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8764 if (*c == '\\' && (*++c == ' '))
8766 if (*c <= ' ' || *c >= 127)
8781 if (*c <= ' ' || *c >= 127)
8783 if (strchr(rfc822_specials, *c))
8787 if (c == address || *(c - 1) == '.')
8790 /* next we validate the domain portion (name@domain) */
8791 if (!*(domain = ++c)) return 0;
8794 if (c == domain || *(c - 1) == '.')
8798 if (*c <= ' ' || *c >= 127)
8800 if (strchr(rfc822_specials, *c))
8804 return (count >= 1);
8807 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8808 char **homeServerName)
8810 LK_ENTRY *group_base;
8811 LK_ENTRY *sub_group_base;
8815 int sub_group_count;
8817 char sub_filter[1024];
8818 char search_path[1024];
8820 char *attr_array[3];
8822 int homeMDB_count = -1;
8826 int rangeStep = 1500;
8828 int rangeHigh = rangeLow + (rangeStep - 1);
8831 /* Grumble..... microsoft not making it searchable from the root *grr* */
8833 memset(filter, '\0', sizeof(filter));
8834 memset(search_path, '\0', sizeof(search_path));
8836 sprintf(filter, "(objectClass=msExchMDB)");
8837 sprintf(search_path, "CN=Configuration,%s", dn_path);
8838 attr_array[0] = "distinguishedName";
8839 attr_array[1] = NULL;
8844 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8845 &group_base, &group_count,
8846 LDAP_SCOPE_SUBTREE)) != 0)
8848 com_err(whoami, 0, "Unable to find msExchMDB %s",
8849 ldap_err2string(rc));
8858 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8859 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8860 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8867 * Due to limits in active directory we need to use the LDAP
8868 * range semantics to query and return all the values in
8869 * large lists, we will stop increasing the range when
8870 * the result count is 0.
8878 memset(sub_filter, '\0', sizeof(sub_filter));
8879 memset(range, '\0', sizeof(range));
8880 sprintf(sub_filter, "(objectClass=msExchMDB)");
8883 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8885 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8887 attr_array[0] = range;
8888 attr_array[1] = NULL;
8890 sub_group_base = NULL;
8891 sub_group_count = 0;
8893 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8894 attr_array, &sub_group_base,
8896 LDAP_SCOPE_SUBTREE)) != 0)
8898 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8899 ldap_err2string(rc));
8903 if(!sub_group_count)
8909 rangeHigh = rangeLow + (rangeStep - 1);
8916 mdbbl_count += sub_group_count;
8917 rangeLow = rangeHigh + 1;
8918 rangeHigh = rangeLow + (rangeStep - 1);
8921 /* First time through, need to initialize or update the least used */
8923 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8926 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8928 homeMDB_count = mdbbl_count;
8929 *homeMDB = strdup(gPtr->dn);
8933 linklist_free(sub_group_base);
8937 linklist_free(group_base);
8940 * Ok found the server least allocated need to now query to get its
8941 * msExchHomeServerName so we can set it as a user attribute
8944 attr_array[0] = "legacyExchangeDN";
8945 attr_array[1] = NULL;
8950 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8951 attr_array, &group_base,
8953 LDAP_SCOPE_SUBTREE)) != 0)
8955 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8956 ldap_err2string(rc));
8962 *homeServerName = strdup(group_base->value);
8963 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8969 linklist_free(group_base);
8974 char *lowercase(char *s)
8978 for (p = s; *p; p++)
8986 char *uppercase(char *s)
8990 for (p = s; *p; p++)
8998 char *escape_string(char *s)
9006 memset(string, '\0', sizeof(string));
9010 /* Escape any special characters */
9012 for(; *q != '\0'; q++) {
9035 return strdup(string);
9038 int save_query_info(int argc, char **argv, void *hint)
9041 char **nargv = hint;
9043 for(i = 0; i < argc; i++)
9044 nargv[i] = strdup(argv[i]);
9049 int save_fsgroup_info(int argc, char **argv, void *hint)
9052 char **nargv = hint;
9056 for(i = 0; i < argc; i++)
9057 nargv[i] = strdup(argv[i]);