2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_MEMBERS "MAX_MEMBERS:"
384 #define MAX_DOMAINS 10
385 char DomainNames[MAX_DOMAINS][128];
387 LK_ENTRY *member_base = NULL;
389 char PrincipalName[128];
390 static char tbl_buf[1024];
391 char kerberos_ou[] = "OU=kerberos,OU=moira";
392 char contact_ou[] = "OU=strings,OU=moira";
393 char user_ou[] = "OU=users,OU=moira";
394 char group_ou_distribution[1024];
395 char group_ou_root[1024];
396 char group_ou_security[1024];
397 char group_ou_neither[1024];
398 char group_ou_both[1024];
399 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
400 char orphans_other_ou[] = "OU=Other,OU=Orphans";
401 char security_template_ou[] = "OU=security_templates";
403 char ldap_domain[256];
404 char ldap_realm[256];
406 char *ServerList[MAX_SERVER_NAMES];
407 char default_server[256];
408 static char tbl_buf[1024];
409 char group_suffix[256];
410 char exchange_acl[256];
411 int mr_connections = 0;
414 int UseGroupSuffix = 1;
415 int UseGroupUniversal = 0;
419 int ProcessMachineContainer = 1;
420 int ActiveDirectory = 1;
421 int UpdateDomainList;
423 int GroupPopulateDelete = 0;
424 int group_members = 0;
425 int max_group_members = 0;
427 extern int set_password(char *user, char *password, char *domain);
429 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
430 char *group_membership, char *MoiraId, char *attribute,
431 LK_ENTRY **linklist_base, int *linklist_count,
433 void AfsToWinAfs(char* path, char* winPath);
434 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
435 char *Win2kPassword, char *Win2kUser, char *default_server,
436 int connect_to_kdc, char **ServerList, char *ldap_realm,
438 void ad_kdc_disconnect();
439 int ad_server_connect(char *connectedServer, char *domain);
440 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
441 char *attribute_value, char *attribute, char *user_name);
442 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
443 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
444 int check_winad(void);
445 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
448 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
449 char *distinguishedName, int count, char **av);
450 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
451 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
452 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
453 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
454 char *distinguishedName, int count,
456 void container_get_dn(char *src, char *dest);
457 void container_get_name(char *src, char *dest);
458 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
459 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
460 char **before, int afterc, char **after);
461 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
462 char **before, int afterc, char **after);
464 int GetAceInfo(int ac, char **av, void *ptr);
465 int get_group_membership(char *group_membership, char *group_ou,
466 int *security_flag, char **av);
467 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
468 char *machine_ou, char *pPtr);
469 int Moira_container_group_create(char **after);
470 int Moira_container_group_delete(char **before);
471 int Moira_groupname_create(char *GroupName, char *ContainerName,
472 char *ContainerRowID);
473 int Moira_container_group_update(char **before, char **after);
474 int Moira_process_machine_container_group(char *MachineName, char* groupName,
476 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
477 int Moira_getContainerGroup(int ac, char **av, void *ptr);
478 int Moira_getGroupName(char *origContainerName, char *GroupName,
480 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
481 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
482 int UpdateGroup, int *ProcessGroup, char *maillist);
483 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
484 char *group_name, char *group_ou, char *group_membership,
485 int group_security_flag, int type, char *maillist);
486 int process_lists(int ac, char **av, void *ptr);
487 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
488 char *TargetGroupName, int HiddenGroup,
489 char *AceType, char *AceName);
490 int ProcessMachineName(int ac, char **av, void *ptr);
491 int ReadConfigFile(char *DomainName);
492 int ReadDomainList();
493 void StringTrim(char *StringToTrim);
494 char *escape_string(char *s);
495 int save_query_info(int argc, char **argv, void *hint);
496 int save_fsgroup_info(int argc, char **argv, void *hint);
497 int user_create(int ac, char **av, void *ptr);
498 int user_change_status(LDAP *ldap_handle, char *dn_path,
499 char *user_name, char *MoiraId, int operation);
500 int user_delete(LDAP *ldap_handle, char *dn_path,
501 char *u_name, char *MoiraId);
502 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
504 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
505 char *uid, char *MitId, char *MoiraId, int State,
506 char *WinHomeDir, char *WinProfileDir, char *first,
507 char *middle, char *last, char *shell, char *class);
508 void change_to_lower_case(char *ptr);
509 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
510 int contact_remove_email(LDAP *ld, char *bind_path,
511 LK_ENTRY **linklist_entry, int linklist_current);
512 int group_create(int ac, char **av, void *ptr);
513 int group_delete(LDAP *ldap_handle, char *dn_path,
514 char *group_name, char *group_membership, char *MoiraId);
515 int group_rename(LDAP *ldap_handle, char *dn_path,
516 char *before_group_name, char *before_group_membership,
517 char *before_group_ou, int before_security_flag,
518 char *before_desc, char *after_group_name,
519 char *after_group_membership, char *after_group_ou,
520 int after_security_flag, char *after_desc,
521 char *MoiraId, char *filter, char *maillist);
522 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
523 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
524 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
525 char *machine_name, char *container_name);
526 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
527 char *MoiraMachineName, char *DestinationOu);
528 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
529 char *group_name, char *group_ou, char *group_membership,
530 int group_security_flag, int updateGroup, char *maillist);
531 int member_list_build(int ac, char **av, void *ptr);
532 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership,
534 char *user_name, char *pUserOu, char *MoiraId);
535 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership, char *user_name,
537 char *pUserOu, char *MoiraId);
538 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
539 char *UserOu, char *member);
540 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
541 char *group_ou, char *group_membership,
542 int group_security_flag, char *MoiraId, int synchronize);
543 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
544 char *DistinguishedName,
545 char *WinHomeDir, char *WinProfileDir,
546 char **homedir_v, char **winProfile_v,
547 char **drives_v, LDAPMod **mods,
549 int sid_update(LDAP *ldap_handle, char *dn_path);
550 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
551 int check_string(char *s);
552 int check_container_name(char* s);
554 int mr_connect_cl(char *server, char *client, int version, int auth);
555 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
558 char **before, int beforec, char **after, int afterc);
559 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
560 char **before, int beforec, char **after, int afterc);
561 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
562 char **before, int beforec, char **after, int afterc);
563 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
564 char **before, int beforec, char **after, int afterc);
565 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
566 char **before, int beforec, char **after, int afterc);
567 int linklist_create_entry(char *attribute, char *value,
568 LK_ENTRY **linklist_entry);
569 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
570 char **attr_array, LK_ENTRY **linklist_base,
571 int *linklist_count, unsigned long ScopeType);
572 void linklist_free(LK_ENTRY *linklist_base);
574 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
575 char *distinguished_name, LK_ENTRY **linklist_current);
576 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
577 LK_ENTRY **linklist_base, int *linklist_count);
578 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
579 char *Attribute, char *distinguished_name,
580 LK_ENTRY **linklist_current);
582 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
583 char *oldValue, char *newValue,
584 char ***modvalues, int type);
585 void free_values(char **modvalues);
587 int convert_domain_to_dn(char *domain, char **bind_path);
588 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
589 char *distinguished_name);
590 int moira_disconnect(void);
591 int moira_connect(void);
592 void print_to_screen(const char *fmt, ...);
593 int GetMachineName(char *MachineName);
594 int tickets_get_k5();
595 int destroy_cache(void);
598 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
599 char **homeServerName);
601 int main(int argc, char **argv)
617 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
621 com_err(whoami, 0, "Unable to process %s", "argc < 4");
625 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
627 com_err(whoami, 0, "Unable to process %s",
628 "argc < (4 + beforec + afterc)");
632 if (!strcmp(argv[1], "filesys"))
635 for (i = 1; i < argc; i++)
637 strcat(tbl_buf, argv[i]);
638 strcat(tbl_buf, " ");
641 com_err(whoami, 0, "%s", tbl_buf);
645 com_err(whoami, 0, "%s failed", "check_winad()");
649 initialize_sms_error_table();
650 initialize_krb_error_table();
652 UpdateDomainList = 0;
653 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
655 if (ReadDomainList())
657 com_err(whoami, 0, "%s failed", "ReadDomainList()");
661 for (i = 0; i < argc; i++)
664 for (k = 0; k < MAX_DOMAINS; k++)
666 if (strlen(DomainNames[k]) == 0)
668 for (i = 0; i < argc; i++)
670 if (orig_argv[i] != NULL)
672 orig_argv[i] = strdup(argv[i]);
675 memset(PrincipalName, '\0', sizeof(PrincipalName));
676 memset(ldap_domain, '\0', sizeof(ldap_domain));
677 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
678 memset(default_server, '\0', sizeof(default_server));
679 memset(dn_path, '\0', sizeof(dn_path));
680 memset(group_suffix, '\0', sizeof(group_suffix));
681 memset(exchange_acl, '\0', sizeof(exchange_acl));
685 UseGroupUniversal = 0;
689 ProcessMachineContainer = 1;
692 sprintf(group_suffix, "%s", "_group");
693 sprintf(exchange_acl, "%s", "exchange-acl");
695 beforec = atoi(orig_argv[2]);
696 afterc = atoi(orig_argv[3]);
697 table = orig_argv[1];
698 before = &orig_argv[4];
699 after = &orig_argv[4 + beforec];
707 if (ReadConfigFile(DomainNames[k]))
712 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
713 sprintf(group_ou_root, "OU=lists,OU=moira");
714 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
716 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
720 sprintf(group_ou_distribution, "OU=lists,OU=moira");
721 sprintf(group_ou_root, "OU=lists,OU=moira");
722 sprintf(group_ou_security, "OU=lists,OU=moira");
723 sprintf(group_ou_neither, "OU=lists,OU=moira");
724 sprintf(group_ou_both, "OU=lists,OU=moira");
727 OldUseSFU30 = UseSFU30;
729 for (i = 0; i < 5; i++)
731 ldap_handle = (LDAP *)NULL;
732 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
733 default_server, SetPassword, ServerList,
734 ldap_realm, ldap_port)))
736 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
741 if ((rc) || (ldap_handle == NULL))
743 critical_alert(whoami, "incremental",
744 "ldap.incr cannot connect to any server in "
745 "domain %s", DomainNames[k]);
749 for (i = 0; i < (int)strlen(table); i++)
750 table[i] = tolower(table[i]);
752 if (!strcmp(table, "users"))
753 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
755 else if (!strcmp(table, "list"))
756 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
758 else if (!strcmp(table, "imembers"))
759 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
761 else if (!strcmp(table, "containers"))
762 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
764 else if (!strcmp(table, "mcntmap"))
765 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
771 for (i = 0; i < MAX_SERVER_NAMES; i++)
773 if (ServerList[i] != NULL)
776 ServerList[i] = NULL;
780 rc = ldap_unbind_s(ldap_handle);
786 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
787 char **before, int beforec, char **after, int afterc)
789 char MoiraContainerName[128];
790 char ADContainerName[128];
791 char MachineName[1024];
792 char OriginalMachineName[1024];
795 char MoiraContainerGroup[64];
797 if (!ProcessMachineContainer)
799 com_err(whoami, 0, "Process machines and containers disabled, skipping");
804 memset(ADContainerName, '\0', sizeof(ADContainerName));
805 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
807 if ((beforec == 0) && (afterc == 0))
810 if (rc = moira_connect())
812 critical_alert(whoami, "Ldap incremental",
813 "Error contacting Moira server : %s",
818 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
820 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
821 strcpy(MachineName, before[OU_MACHINE_NAME]);
822 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
824 com_err(whoami, 0, "removing machine %s from %s",
825 OriginalMachineName, before[OU_CONTAINER_NAME]);
827 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
829 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
830 strcpy(MachineName, after[OU_MACHINE_NAME]);
831 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
832 com_err(whoami, 0, "adding machine %s to container %s",
833 OriginalMachineName, after[OU_CONTAINER_NAME]);
841 rc = GetMachineName(MachineName);
843 if (strlen(MachineName) == 0)
846 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
847 OriginalMachineName);
851 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
854 if (machine_check(ldap_handle, dn_path, MachineName))
856 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
857 OriginalMachineName, MachineName);
862 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
863 machine_get_moira_container(ldap_handle, dn_path, MachineName,
866 if (strlen(MoiraContainerName) == 0)
868 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
869 "in Moira - moving to orphans OU.",
870 OriginalMachineName, MachineName);
871 machine_move_to_ou(ldap_handle, dn_path, MachineName,
872 orphans_machines_ou);
877 container_get_dn(MoiraContainerName, ADContainerName);
879 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
880 strcat(MoiraContainerName, "/");
882 container_check(ldap_handle, dn_path, MoiraContainerName);
883 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
888 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
889 char **before, int beforec, char **after, int afterc)
893 if (!ProcessMachineContainer)
895 com_err(whoami, 0, "Process machines and containers disabled, skipping");
899 if ((beforec == 0) && (afterc == 0))
902 if (rc = moira_connect())
904 critical_alert(whoami, "Ldap incremental", "Error contacting Moira server : %s",
909 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
911 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
912 container_delete(ldap_handle, dn_path, beforec, before);
913 Moira_container_group_delete(before);
918 if ((beforec == 0) && (afterc != 0)) /*create a container*/
920 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
921 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
922 container_create(ldap_handle, dn_path, afterc, after);
923 Moira_container_group_create(after);
928 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
930 com_err(whoami, 0, "renaming container %s to %s",
931 before[CONTAINER_NAME], after[CONTAINER_NAME]);
932 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
933 Moira_container_group_update(before, after);
938 com_err(whoami, 0, "updating container %s information",
939 after[CONTAINER_NAME]);
940 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
941 Moira_container_group_update(before, after);
946 #define L_LIST_DESC 9
949 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
950 char **before, int beforec, char **after, int afterc)
955 char group_membership[6];
960 char before_list_id[32];
961 char before_group_membership[1];
962 int before_security_flag;
963 char before_group_ou[256];
964 LK_ENTRY *ptr = NULL;
966 if (beforec == 0 && afterc == 0)
969 memset(list_id, '\0', sizeof(list_id));
970 memset(before_list_id, '\0', sizeof(before_list_id));
971 memset(before_group_ou, '\0', sizeof(before_group_ou));
972 memset(before_group_membership, '\0', sizeof(before_group_membership));
973 memset(group_ou, '\0', sizeof(group_ou));
974 memset(group_membership, '\0', sizeof(group_membership));
979 if (beforec < L_LIST_ID)
981 if (beforec > L_LIST_DESC)
983 strcpy(before_list_id, before[L_LIST_ID]);
985 before_security_flag = 0;
986 get_group_membership(before_group_membership, before_group_ou,
987 &before_security_flag, before);
992 if (afterc < L_LIST_ID)
994 if (afterc > L_LIST_DESC)
996 strcpy(list_id, after[L_LIST_ID]);
999 get_group_membership(group_membership, group_ou, &security_flag, after);
1002 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1011 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1012 before[L_NAME], before_group_ou,
1013 before_group_membership,
1014 before_security_flag, CHECK_GROUPS,
1015 before[L_MAILLIST])))
1017 if (rc == AD_NO_GROUPS_FOUND)
1021 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1022 (rc == AD_MULTIPLE_GROUPS_FOUND))
1024 rc = process_group(ldap_handle, dn_path, before_list_id,
1025 before[L_NAME], before_group_ou,
1026 before_group_membership,
1027 before_security_flag, CLEANUP_GROUPS,
1028 before[L_MAILLIST]);
1030 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1032 com_err(whoami, 0, "Unable to process list %s",
1036 if (rc == AD_NO_GROUPS_FOUND)
1042 if ((beforec != 0) && (afterc != 0))
1044 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1045 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1046 (strcmp(before_group_ou, group_ou)))) &&
1049 com_err(whoami, 0, "Changing list name from %s to %s",
1050 before[L_NAME], after[L_NAME]);
1052 if ((strlen(before_group_ou) == 0) ||
1053 (strlen(before_group_membership) == 0) ||
1054 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1056 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1060 memset(filter, '\0', sizeof(filter));
1062 if ((rc = group_rename(ldap_handle, dn_path,
1063 before[L_NAME], before_group_membership,
1064 before_group_ou, before_security_flag,
1065 before[L_LIST_DESC], after[L_NAME],
1066 group_membership, group_ou, security_flag,
1068 list_id, filter, after[L_MAILLIST])))
1070 if (rc != AD_NO_GROUPS_FOUND)
1073 "Unable to change list name from %s to %s",
1074 before[L_NAME], after[L_NAME]);
1087 if ((strlen(before_group_ou) == 0) ||
1088 (strlen(before_group_membership) == 0))
1091 "Unable to find the group OU for group %s", before[L_NAME]);
1095 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1096 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1097 before_group_membership, before_list_id);
1105 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1107 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1108 group_ou, group_membership,
1109 security_flag, CHECK_GROUPS,
1112 if (rc != AD_NO_GROUPS_FOUND)
1114 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1115 (rc == AD_MULTIPLE_GROUPS_FOUND))
1117 rc = process_group(ldap_handle, dn_path, list_id,
1119 group_ou, group_membership,
1120 security_flag, CLEANUP_GROUPS,
1127 "Unable to create list %s", after[L_NAME]);
1134 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1136 if (rc = moira_connect())
1138 critical_alert(whoami, "Ldap incremental",
1139 "Error contacting Moira server : %s",
1146 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1147 &ProcessGroup, after[L_MAILLIST]))
1152 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1153 &ProcessGroup, after[L_MAILLIST]))
1157 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1158 group_ou, group_membership, security_flag,
1159 updateGroup, after[L_MAILLIST]))
1165 if (atoi(after[L_ACTIVE]))
1167 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1168 group_membership, security_flag, list_id, 1);
1176 #define LM_EXTRA_ACTIVE (LM_END)
1177 #define LM_EXTRA_PUBLIC (LM_END+1)
1178 #define LM_EXTRA_HIDDEN (LM_END+2)
1179 #define LM_EXTRA_MAILLIST (LM_END+3)
1180 #define LM_EXTRA_GROUP (LM_END+4)
1181 #define LM_EXTRA_GID (LM_END+5)
1182 #define LMN_LIST_ID (LM_END+6)
1183 #define LM_LIST_ID (LM_END+7)
1184 #define LM_USER_ID (LM_END+8)
1185 #define LM_EXTRA_END (LM_END+9)
1187 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1188 char **before, int beforec, char **after, int afterc)
1190 LK_ENTRY *group_base;
1193 char *attr_array[3];
1194 char group_name[128];
1195 char user_name[128];
1196 char user_type[128];
1197 char moira_list_id[32];
1198 char moira_user_id[32];
1199 char group_membership[1];
1201 char machine_ou[256];
1209 char NewMachineName[1024];
1213 char *save_argv[U_END];
1217 memset(moira_list_id, '\0', sizeof(moira_list_id));
1218 memset(moira_user_id, '\0', sizeof(moira_user_id));
1222 if (afterc < LM_EXTRA_GID)
1225 if (!atoi(after[LM_EXTRA_ACTIVE]))
1228 "Unable to add %s to group %s : group not active",
1229 after[2], after[0]);
1235 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1238 strcpy(user_name, after[LM_MEMBER]);
1239 strcpy(group_name, after[LM_LIST]);
1240 strcpy(user_type, after[LM_TYPE]);
1242 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1244 if (afterc > LM_EXTRA_GROUP)
1246 strcpy(moira_list_id, after[LMN_LIST_ID]);
1247 strcpy(moira_user_id, after[LM_LIST_ID]);
1250 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1252 if (afterc > LMN_LIST_ID)
1254 strcpy(moira_list_id, after[LM_LIST_ID]);
1255 strcpy(moira_user_id, after[LM_USER_ID]);
1260 if (afterc > LM_EXTRA_GID)
1261 strcpy(moira_list_id, after[LMN_LIST_ID]);
1266 if (beforec < LM_EXTRA_GID)
1268 if (!atoi(before[LM_EXTRA_ACTIVE]))
1271 "Unable to remove %s from group %s : group not active",
1272 before[2], before[0]);
1278 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1281 strcpy(user_name, before[LM_MEMBER]);
1282 strcpy(group_name, before[LM_LIST]);
1283 strcpy(user_type, before[LM_TYPE]);
1285 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1287 if (beforec > LM_EXTRA_GROUP)
1289 strcpy(moira_list_id, before[LMN_LIST_ID]);
1290 strcpy(moira_user_id, before[LM_LIST_ID]);
1293 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1295 if (beforec > LMN_LIST_ID)
1297 strcpy(moira_list_id, before[LM_LIST_ID]);
1298 strcpy(moira_user_id, before[LM_USER_ID]);
1303 if (beforec > LM_EXTRA_GID)
1304 strcpy(moira_list_id, before[LMN_LIST_ID]);
1311 "Unable to process group : beforec = %d, afterc = %d",
1316 args[L_NAME] = ptr[LM_LIST];
1317 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1318 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1319 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1320 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1321 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1322 args[L_GID] = ptr[LM_EXTRA_GID];
1325 memset(group_ou, '\0', sizeof(group_ou));
1326 get_group_membership(group_membership, group_ou, &security_flag, args);
1328 if (strlen(group_ou) == 0)
1330 com_err(whoami, 0, "Unable to find the group OU for group %s",
1335 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1336 group_ou, group_membership, security_flag,
1337 CHECK_GROUPS, args[L_MAILLIST]))
1339 if (rc != AD_NO_GROUPS_FOUND)
1341 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1342 group_name, group_ou, group_membership,
1343 security_flag, CLEANUP_GROUPS,
1346 if (rc != AD_NO_GROUPS_FOUND)
1349 com_err(whoami, 0, "Unable to add %s to group %s - "
1350 "unable to process group", user_name, group_name);
1352 com_err(whoami, 0, "Unable to remove %s from group %s - "
1353 "unable to process group", user_name, group_name);
1360 if (rc == AD_NO_GROUPS_FOUND)
1362 if (rc = moira_connect())
1364 critical_alert(whoami, "Ldap incremental",
1365 "Error contacting Moira server : %s",
1370 com_err(whoami, 0, "creating group %s", group_name);
1373 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1374 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1380 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1384 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1385 group_ou, group_membership, security_flag, 0,
1386 ptr[LM_EXTRA_MAILLIST]))
1392 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1394 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1395 group_membership, security_flag, moira_list_id, 1);
1405 com_err(whoami, 0, "removing user %s from list %s", user_name,
1409 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1411 if (!ProcessMachineContainer)
1413 com_err(whoami, 0, "Process machines and containers disabled, "
1418 memset(machine_ou, '\0', sizeof(machine_ou));
1419 memset(NewMachineName, '\0', sizeof(NewMachineName));
1420 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1421 machine_ou, NewMachineName))
1423 if (ptr[LM_MEMBER] != NULL)
1424 free(ptr[LM_MEMBER]);
1425 ptr[LM_MEMBER] = strdup(NewMachineName);
1426 pUserOu = machine_ou;
1429 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1431 strcpy(member, ptr[LM_MEMBER]);
1435 if((s = strchr(member, '@')) == (char *) NULL)
1437 strcat(member, "@mit.edu");
1439 if (ptr[LM_MEMBER] != NULL)
1440 free(ptr[LM_MEMBER]);
1441 ptr[LM_MEMBER] = strdup(member);
1444 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1446 s = strrchr(member, '.');
1448 strcat(s, ".mit.edu");
1450 if (ptr[LM_MEMBER] != NULL)
1451 free(ptr[LM_MEMBER]);
1452 ptr[LM_MEMBER] = strdup(member);
1456 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1460 pUserOu = contact_ou;
1462 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1464 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1468 pUserOu = kerberos_ou;
1471 if (rc = moira_connect()) {
1472 critical_alert(whoami, "Ldap incremental",
1473 "Error contacting Moira server : %s",
1478 if (rc = populate_group(ldap_handle, dn_path, group_name,
1479 group_ou, group_membership,
1480 security_flag, moira_list_id, 0))
1481 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1486 if (rc = member_remove(ldap_handle, dn_path, group_name,
1487 group_ou, group_membership, ptr[LM_MEMBER],
1488 pUserOu, moira_list_id))
1489 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1495 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1498 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1500 memset(machine_ou, '\0', sizeof(machine_ou));
1501 memset(NewMachineName, '\0', sizeof(NewMachineName));
1503 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1507 if (ptr[LM_MEMBER] != NULL)
1508 free(ptr[LM_MEMBER]);
1510 ptr[LM_MEMBER] = strdup(NewMachineName);
1511 pUserOu = machine_ou;
1513 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1515 strcpy(member, ptr[LM_MEMBER]);
1519 if((s = strchr(member, '@')) == (char *) NULL)
1521 strcat(member, "@mit.edu");
1523 if (ptr[LM_MEMBER] != NULL)
1524 free(ptr[LM_MEMBER]);
1525 ptr[LM_MEMBER] = strdup(member);
1528 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1530 s = strrchr(member, '.');
1532 strcat(s, ".mit.edu");
1534 if (ptr[LM_MEMBER] != NULL)
1535 free(ptr[LM_MEMBER]);
1536 ptr[LM_MEMBER] = strdup(member);
1540 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1544 pUserOu = contact_ou;
1546 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1548 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1552 pUserOu = kerberos_ou;
1554 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1556 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1557 moira_user_id)) == AD_NO_USER_FOUND)
1559 if (rc = moira_connect())
1561 critical_alert(whoami, "Ldap incremental",
1562 "Error connection to Moira : %s",
1567 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1568 av[0] = ptr[LM_MEMBER];
1569 call_args[0] = (char *)ldap_handle;
1570 call_args[1] = dn_path;
1571 call_args[2] = moira_user_id;
1572 call_args[3] = NULL;
1581 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1582 attr_array[0] = "cn";
1583 attr_array[1] = NULL;
1584 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1585 attr_array, &group_base, &group_count,
1586 LDAP_SCOPE_SUBTREE)) != 0)
1588 com_err(whoami, 0, "Unable to process user %s : %s",
1589 ptr[LM_MEMBER], ldap_err2string(rc));
1595 com_err(whoami, 0, "Object already exists with name %s",
1600 linklist_free(group_base);
1605 if (rc = mr_query("get_user_account_by_login", 1, av,
1606 save_query_info, save_argv))
1609 com_err(whoami, 0, "Unable to create user %s : %s",
1610 ptr[LM_MEMBER], error_message(rc));
1614 if (rc = user_create(U_END, save_argv, call_args))
1617 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1636 if (rc = moira_connect()) {
1637 critical_alert(whoami, "Ldap incremental",
1638 "Error contacting Moira server : %s",
1643 if (rc = populate_group(ldap_handle, dn_path, group_name,
1644 group_ou, group_membership, security_flag,
1646 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1651 if (rc = member_add(ldap_handle, dn_path, group_name,
1652 group_ou, group_membership, ptr[LM_MEMBER],
1653 pUserOu, moira_list_id))
1654 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1660 #define U_USER_ID 10
1661 #define U_HOMEDIR 11
1662 #define U_PROFILEDIR 12
1664 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1665 char **before, int beforec, char **after,
1668 LK_ENTRY *group_base;
1671 char *attr_array[3];
1674 char after_user_id[32];
1675 char before_user_id[32];
1677 char *save_argv[U_END];
1679 if ((beforec == 0) && (afterc == 0))
1682 memset(after_user_id, '\0', sizeof(after_user_id));
1683 memset(before_user_id, '\0', sizeof(before_user_id));
1685 if (beforec > U_USER_ID)
1686 strcpy(before_user_id, before[U_USER_ID]);
1688 if (afterc > U_USER_ID)
1689 strcpy(after_user_id, after[U_USER_ID]);
1691 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1694 if ((beforec == 0) && (afterc != 0))
1696 /*this case only happens when the account*/
1697 /*account is first created but not usable*/
1699 com_err(whoami, 0, "Unable to process user %s because the user account "
1700 "is not yet usable", after[U_NAME]);
1704 /*this case only happens when the account is expunged */
1706 if ((beforec != 0) && (afterc == 0))
1708 if (atoi(before[U_STATE]) == 0)
1710 com_err(whoami, 0, "expunging user %s from directory",
1712 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1716 com_err(whoami, 0, "Unable to process because user %s has been "
1717 "previously expungeded", before[U_NAME]);
1722 /*process anything that gets here*/
1724 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1725 before_user_id)) == AD_NO_USER_FOUND)
1727 if (!check_string(after[U_NAME]))
1730 if (rc = moira_connect())
1732 critical_alert(whoami, "Ldap incremental",
1733 "Error connection to Moira : %s",
1738 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1740 av[0] = after[U_NAME];
1741 call_args[0] = (char *)ldap_handle;
1742 call_args[1] = dn_path;
1743 call_args[2] = after_user_id;
1744 call_args[3] = NULL;
1752 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1753 attr_array[0] = "cn";
1754 attr_array[1] = NULL;
1756 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1757 &group_base, &group_count,
1758 LDAP_SCOPE_SUBTREE)) != 0)
1760 com_err(whoami, 0, "Unable to process user %s : %s",
1761 after[U_NAME], ldap_err2string(rc));
1765 if (group_count >= 1)
1767 com_err(whoami, 0, "Object already exists with name %s",
1772 linklist_free(group_base);
1777 if (rc = mr_query("get_user_account_by_login", 1, av,
1778 save_query_info, save_argv))
1781 com_err(whoami, 0, "Unable to create user %s : %s",
1782 after[U_NAME], error_message(rc));
1786 if (rc = user_create(U_END, save_argv, call_args))
1788 com_err(whoami, 0, "Unable to create user %s : %s",
1789 after[U_NAME], error_message(rc));
1796 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1808 if (strcmp(before[U_NAME], after[U_NAME]))
1810 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1812 com_err(whoami, 0, "changing user %s to %s",
1813 before[U_NAME], after[U_NAME]);
1815 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1816 after[U_NAME])) != LDAP_SUCCESS)
1823 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1824 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1825 after[U_UID], after[U_MITID],
1826 after_user_id, atoi(after[U_STATE]),
1827 after[U_HOMEDIR], after[U_PROFILEDIR],
1828 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1829 after[U_SHELL], after[U_CLASS]);
1834 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1835 char *oldValue, char *newValue,
1836 char ***modvalues, int type)
1838 LK_ENTRY *linklist_ptr;
1842 if (((*modvalues) = calloc(1,
1843 (modvalue_count + 1) * sizeof(char *))) == NULL)
1848 for (i = 0; i < (modvalue_count + 1); i++)
1849 (*modvalues)[i] = NULL;
1851 if (modvalue_count != 0)
1853 linklist_ptr = linklist_base;
1854 for (i = 0; i < modvalue_count; i++)
1856 if ((oldValue != NULL) && (newValue != NULL))
1858 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1861 if (type == REPLACE)
1863 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1866 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1867 strcpy((*modvalues)[i], newValue);
1871 if (((*modvalues)[i] = calloc(1,
1872 (int)(cPtr - linklist_ptr->value) +
1873 (linklist_ptr->length -
1875 strlen(newValue) + 1)) == NULL)
1877 memset((*modvalues)[i], '\0',
1878 (int)(cPtr - linklist_ptr->value) +
1879 (linklist_ptr->length - strlen(oldValue)) +
1880 strlen(newValue) + 1);
1881 memcpy((*modvalues)[i], linklist_ptr->value,
1882 (int)(cPtr - linklist_ptr->value));
1883 strcat((*modvalues)[i], newValue);
1884 strcat((*modvalues)[i],
1885 &linklist_ptr->value[(int)(cPtr -
1886 linklist_ptr->value) + strlen(oldValue)]);
1891 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1892 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1893 memcpy((*modvalues)[i], linklist_ptr->value,
1894 linklist_ptr->length);
1899 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1900 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 linklist_ptr->length);
1904 linklist_ptr = linklist_ptr->next;
1906 (*modvalues)[i] = NULL;
1912 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1913 char **attr_array, LK_ENTRY **linklist_base,
1914 int *linklist_count, unsigned long ScopeType)
1917 LDAPMessage *ldap_entry;
1921 (*linklist_base) = NULL;
1922 (*linklist_count) = 0;
1924 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1925 search_exp, attr_array, 0,
1926 &ldap_entry)) != LDAP_SUCCESS)
1928 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1932 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1935 ldap_msgfree(ldap_entry);
1939 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1940 LK_ENTRY **linklist_base, int *linklist_count)
1942 char distinguished_name[1024];
1943 LK_ENTRY *linklist_ptr;
1946 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1949 memset(distinguished_name, '\0', sizeof(distinguished_name));
1950 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1952 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1953 linklist_base)) != 0)
1956 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1958 memset(distinguished_name, '\0', sizeof(distinguished_name));
1959 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1961 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1962 distinguished_name, linklist_base)) != 0)
1966 linklist_ptr = (*linklist_base);
1967 (*linklist_count) = 0;
1969 while (linklist_ptr != NULL)
1971 ++(*linklist_count);
1972 linklist_ptr = linklist_ptr->next;
1978 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1979 char *distinguished_name, LK_ENTRY **linklist_current)
1986 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1989 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1991 ldap_memfree(Attribute);
1992 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1995 retrieve_values(ldap_handle, ldap_entry, Attribute,
1996 distinguished_name, linklist_current);
1997 ldap_memfree(Attribute);
2001 ldap_ber_free(ptr, 0);
2006 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2007 char *Attribute, char *distinguished_name,
2008 LK_ENTRY **linklist_current)
2014 LK_ENTRY *linklist_previous;
2015 LDAP_BERVAL **ber_value;
2024 SID_IDENTIFIER_AUTHORITY *sid_auth;
2025 unsigned char *subauth_count;
2026 #endif /*LDAP_BEGUG*/
2029 memset(temp, '\0', sizeof(temp));
2031 if ((!strcmp(Attribute, "objectSid")) ||
2032 (!strcmp(Attribute, "objectGUID")))
2037 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2038 Ptr = (void **)ber_value;
2043 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2044 Ptr = (void **)str_value;
2052 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2055 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2056 linklist_previous->next = (*linklist_current);
2057 (*linklist_current) = linklist_previous;
2059 if (((*linklist_current)->attribute = calloc(1,
2060 strlen(Attribute) + 1)) == NULL)
2063 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2064 strcpy((*linklist_current)->attribute, Attribute);
2068 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2070 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2073 memset((*linklist_current)->value, '\0', ber_length);
2074 memcpy((*linklist_current)->value,
2075 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2076 (*linklist_current)->length = ber_length;
2080 if (((*linklist_current)->value = calloc(1,
2081 strlen(*Ptr) + 1)) == NULL)
2084 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2085 (*linklist_current)->length = strlen(*Ptr);
2086 strcpy((*linklist_current)->value, *Ptr);
2089 (*linklist_current)->ber_value = use_bervalue;
2091 if (((*linklist_current)->dn = calloc(1,
2092 strlen(distinguished_name) + 1)) == NULL)
2095 memset((*linklist_current)->dn, '\0',
2096 strlen(distinguished_name) + 1);
2097 strcpy((*linklist_current)->dn, distinguished_name);
2100 if (!strcmp(Attribute, "objectGUID"))
2102 guid = (GUID *)((*linklist_current)->value);
2104 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2105 guid->Data1, guid->Data2, guid->Data3,
2106 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2107 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2108 guid->Data4[6], guid->Data4[7]);
2109 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2111 else if (!strcmp(Attribute, "objectSid"))
2113 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2116 print_to_screen(" Revision = %d\n", sid->Revision);
2117 print_to_screen(" SID Identifier Authority:\n");
2118 sid_auth = &sid->IdentifierAuthority;
2119 if (sid_auth->Value[0])
2120 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2121 else if (sid_auth->Value[1])
2122 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2123 else if (sid_auth->Value[2])
2124 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2125 else if (sid_auth->Value[3])
2126 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2127 else if (sid_auth->Value[5])
2128 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2130 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2131 subauth_count = GetSidSubAuthorityCount(sid);
2132 print_to_screen(" SidSubAuthorityCount = %d\n",
2134 print_to_screen(" SidSubAuthority:\n");
2135 for (i = 0; i < *subauth_count; i++)
2137 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2138 print_to_screen(" %u\n", *subauth);
2142 else if ((!memcmp(Attribute, "userAccountControl",
2143 strlen("userAccountControl"))) ||
2144 (!memcmp(Attribute, "sAMAccountType",
2145 strlen("sAmAccountType"))))
2147 intValue = atoi(*Ptr);
2148 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2150 if (!memcmp(Attribute, "userAccountControl",
2151 strlen("userAccountControl")))
2153 if (intValue & UF_ACCOUNTDISABLE)
2154 print_to_screen(" %20s : %s\n",
2155 "", "Account disabled");
2157 print_to_screen(" %20s : %s\n",
2158 "", "Account active");
2159 if (intValue & UF_HOMEDIR_REQUIRED)
2160 print_to_screen(" %20s : %s\n",
2161 "", "Home directory required");
2162 if (intValue & UF_LOCKOUT)
2163 print_to_screen(" %20s : %s\n",
2164 "", "Account locked out");
2165 if (intValue & UF_PASSWD_NOTREQD)
2166 print_to_screen(" %20s : %s\n",
2167 "", "No password required");
2168 if (intValue & UF_PASSWD_CANT_CHANGE)
2169 print_to_screen(" %20s : %s\n",
2170 "", "Cannot change password");
2171 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2172 print_to_screen(" %20s : %s\n",
2173 "", "Temp duplicate account");
2174 if (intValue & UF_NORMAL_ACCOUNT)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Normal account");
2177 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2178 print_to_screen(" %20s : %s\n",
2179 "", "Interdomain trust account");
2180 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Workstation trust account");
2183 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Server trust account");
2190 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2192 #endif /*LDAP_DEBUG*/
2195 if (str_value != NULL)
2196 ldap_value_free(str_value);
2198 if (ber_value != NULL)
2199 ldap_value_free_len(ber_value);
2202 (*linklist_current) = linklist_previous;
2207 int moira_connect(void)
2212 if (!mr_connections++)
2216 memset(HostName, '\0', sizeof(HostName));
2217 strcpy(HostName, "ttsp");
2218 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2222 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2231 int check_winad(void)
2235 for (i = 0; file_exists(STOP_FILE); i++)
2239 critical_alert(whoami, "Ldap incremental",
2240 "Ldap incremental failed (%s exists): %s",
2241 STOP_FILE, tbl_buf);
2251 int moira_disconnect(void)
2254 if (!--mr_connections)
2262 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2263 char *distinguished_name)
2267 CName = ldap_get_dn(ldap_handle, ldap_entry);
2272 strcpy(distinguished_name, CName);
2273 ldap_memfree(CName);
2276 int linklist_create_entry(char *attribute, char *value,
2277 LK_ENTRY **linklist_entry)
2279 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2281 if (!(*linklist_entry))
2286 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2287 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2288 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2289 strcpy((*linklist_entry)->attribute, attribute);
2290 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2291 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2292 strcpy((*linklist_entry)->value, value);
2293 (*linklist_entry)->length = strlen(value);
2294 (*linklist_entry)->next = NULL;
2299 void print_to_screen(const char *fmt, ...)
2303 va_start(pvar, fmt);
2304 vfprintf(stderr, fmt, pvar);
2309 int get_group_membership(char *group_membership, char *group_ou,
2310 int *security_flag, char **av)
2315 maillist_flag = atoi(av[L_MAILLIST]);
2316 group_flag = atoi(av[L_GROUP]);
2318 if (security_flag != NULL)
2319 (*security_flag) = 0;
2321 if ((maillist_flag) && (group_flag))
2323 if (group_membership != NULL)
2324 group_membership[0] = 'B';
2326 if (security_flag != NULL)
2327 (*security_flag) = 1;
2329 if (group_ou != NULL)
2330 strcpy(group_ou, group_ou_both);
2332 else if ((!maillist_flag) && (group_flag))
2334 if (group_membership != NULL)
2335 group_membership[0] = 'S';
2337 if (security_flag != NULL)
2338 (*security_flag) = 1;
2340 if (group_ou != NULL)
2341 strcpy(group_ou, group_ou_security);
2343 else if ((maillist_flag) && (!group_flag))
2345 if (group_membership != NULL)
2346 group_membership[0] = 'D';
2348 if (group_ou != NULL)
2349 strcpy(group_ou, group_ou_distribution);
2353 if (group_membership != NULL)
2354 group_membership[0] = 'N';
2356 if (group_ou != NULL)
2357 strcpy(group_ou, group_ou_neither);
2363 int group_rename(LDAP *ldap_handle, char *dn_path,
2364 char *before_group_name, char *before_group_membership,
2365 char *before_group_ou, int before_security_flag,
2366 char *before_desc, char *after_group_name,
2367 char *after_group_membership, char *after_group_ou,
2368 int after_security_flag, char *after_desc,
2369 char *MoiraId, char *filter, char *maillist)
2374 char new_dn_path[512];
2377 char mail_nickname[256];
2378 char proxy_address[256];
2379 char address_book[256];
2380 char *attr_array[3];
2381 char *mitMoiraId_v[] = {NULL, NULL};
2382 char *name_v[] = {NULL, NULL};
2383 char *samAccountName_v[] = {NULL, NULL};
2384 char *groupTypeControl_v[] = {NULL, NULL};
2385 char *mail_v[] = {NULL, NULL};
2386 char *proxy_address_v[] = {NULL, NULL};
2387 char *mail_nickname_v[] = {NULL, NULL};
2388 char *report_to_originator_v[] = {NULL, NULL};
2389 char *address_book_v[] = {NULL, NULL};
2390 char *legacy_exchange_dn_v[] = {NULL, NULL};
2391 char *null_v[] = {NULL, NULL};
2392 u_int groupTypeControl;
2393 char groupTypeControlStr[80];
2394 char contact_mail[256];
2398 LK_ENTRY *group_base;
2400 int MailDisabled = 0;
2401 char search_filter[1024];
2403 if(UseGroupUniversal)
2404 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2406 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2408 if (!check_string(before_group_name))
2411 "Unable to process invalid LDAP list name %s",
2413 return(AD_INVALID_NAME);
2416 if (!check_string(after_group_name))
2419 "Unable to process invalid LDAP list name %s", after_group_name);
2420 return(AD_INVALID_NAME);
2430 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2432 attr_array[0] = "cn";
2433 attr_array[1] = NULL;
2435 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2436 attr_array, &group_base, &group_count,
2437 LDAP_SCOPE_SUBTREE)) != 0)
2439 com_err(whoami, 0, "Unable to process group %s : %s",
2440 after_group_name, ldap_err2string(rc));
2446 com_err(whoami, 0, "Object already exists with name %s",
2451 linklist_free(group_base);
2460 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2461 before_group_membership,
2462 MoiraId, "samAccountName", &group_base,
2463 &group_count, filter))
2466 if (group_count == 0)
2468 return(AD_NO_GROUPS_FOUND);
2471 if (group_count != 1)
2473 com_err(whoami, 0, "Unable to process multiple groups with "
2474 "MoiraId = %s exist in the directory", MoiraId);
2475 return(AD_MULTIPLE_GROUPS_FOUND);
2478 strcpy(old_dn, group_base->dn);
2480 linklist_free(group_base);
2483 attr_array[0] = "sAMAccountName";
2484 attr_array[1] = NULL;
2486 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2487 &group_base, &group_count,
2488 LDAP_SCOPE_SUBTREE)) != 0)
2490 com_err(whoami, 0, "Unable to get list %s dn : %s",
2491 after_group_name, ldap_err2string(rc));
2495 if (group_count != 1)
2498 "Unable to get sAMAccountName for group %s",
2500 return(AD_LDAP_FAILURE);
2503 strcpy(sam_name, group_base->value);
2504 linklist_free(group_base);
2508 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2509 sprintf(new_dn, "cn=%s", after_group_name);
2510 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2511 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2512 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2513 lowercase(ldap_domain));
2514 sprintf(mail_nickname, "%s", after_group_name);
2516 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2518 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2519 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2521 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2522 before_group_name, after_group_name, ldap_err2string(rc));
2526 name_v[0] = after_group_name;
2528 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2529 group_suffix, strlen(group_suffix)))
2531 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2536 "Unable to rename list from %s to %s : sAMAccountName not found",
2537 before_group_name, after_group_name);
2541 samAccountName_v[0] = sam_name;
2543 if (after_security_flag)
2544 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2546 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2547 groupTypeControl_v[0] = groupTypeControlStr;
2548 mitMoiraId_v[0] = MoiraId;
2550 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2551 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2554 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2555 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2556 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2557 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2561 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2563 mail_nickname_v[0] = mail_nickname;
2564 proxy_address_v[0] = proxy_address;
2566 report_to_originator_v[0] = "TRUE";
2568 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2569 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2570 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2571 ADD_ATTR("reportToOriginator", report_to_originator_v,
2576 mail_nickname_v[0] = NULL;
2577 proxy_address_v[0] = NULL;
2579 legacy_exchange_dn_v[0] = NULL;
2580 address_book_v[0] = NULL;
2581 report_to_originator_v[0] = NULL;
2583 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2584 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2585 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2587 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("reportToOriginator", report_to_originator_v,
2594 if(atoi(maillist) && email_isvalid(contact_mail))
2596 mail_v[0] = contact_mail;
2597 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2599 if(!ActiveDirectory)
2601 null_v[0] = "/dev/null";
2602 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2609 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2612 "Unable to modify list data for %s after renaming: %s",
2613 after_group_name, ldap_err2string(rc));
2616 for (i = 0; i < n; i++)
2622 int group_create(int ac, char **av, void *ptr)
2627 char new_group_name[256];
2628 char sam_group_name[256];
2629 char cn_group_name[256];
2631 char contact_mail[256];
2632 char mail_nickname[256];
2633 char proxy_address[256];
2634 char address_book[256];
2635 char *cn_v[] = {NULL, NULL};
2636 char *objectClass_v[] = {"top", "group", NULL};
2637 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2638 "group", "mailRecipient", NULL};
2640 char *samAccountName_v[] = {NULL, NULL};
2641 char *altSecurityIdentities_v[] = {NULL, NULL};
2642 char *member_v[] = {NULL, NULL};
2643 char *name_v[] = {NULL, NULL};
2644 char *desc_v[] = {NULL, NULL};
2645 char *info_v[] = {NULL, NULL};
2646 char *mitMoiraId_v[] = {NULL, NULL};
2647 char *mitMoiraPublic_v[] = {NULL, NULL};
2648 char *mitMoiraHidden_v[] = {NULL, NULL};
2649 char *mitMoiraActive_v[] = {NULL, NULL};
2650 char *groupTypeControl_v[] = {NULL, NULL};
2651 char *mail_v[] = {NULL, NULL};
2652 char *proxy_address_v[] = {NULL, NULL};
2653 char *mail_nickname_v[] = {NULL, NULL};
2654 char *report_to_originator_v[] = {NULL, NULL};
2655 char *address_book_v[] = {NULL, NULL};
2656 char *legacy_exchange_dn_v[] = {NULL, NULL};
2657 char *gidNumber_v[] = {NULL, NULL};
2658 char *null_v[] = {NULL, NULL};
2659 char groupTypeControlStr[80];
2660 char group_membership[1];
2663 u_int groupTypeControl;
2667 int MailDisabled = 0;
2669 LK_ENTRY *group_base;
2672 char *attr_array[3];
2676 if(UseGroupUniversal)
2677 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2679 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2681 if (!check_string(av[L_NAME]))
2683 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2685 return(AD_INVALID_NAME);
2688 updateGroup = (int)call_args[4];
2689 memset(group_ou, 0, sizeof(group_ou));
2690 memset(group_membership, 0, sizeof(group_membership));
2693 get_group_membership(group_membership, group_ou, &security_flag, av);
2695 strcpy(new_group_name, av[L_NAME]);
2696 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2697 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2698 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2699 sprintf(mail_nickname, "%s", av[L_NAME]);
2702 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2704 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2708 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2709 groupTypeControl_v[0] = groupTypeControlStr;
2711 strcpy(cn_group_name, av[L_NAME]);
2713 samAccountName_v[0] = sam_group_name;
2714 name_v[0] = new_group_name;
2715 cn_v[0] = new_group_name;
2718 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2722 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2726 mitMoiraPublic_v[0] = av[L_PUBLIC];
2727 mitMoiraHidden_v[0] = av[L_HIDDEN];
2728 mitMoiraActive_v[0] = av[L_ACTIVE];
2729 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2730 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2731 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2732 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD);
2734 if(atoi(av[L_GROUP]))
2736 gidNumber_v[0] = av[L_GID];
2737 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2741 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2742 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2743 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2747 if(atoi(av[L_MAILLIST]))
2752 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2753 attr_array[0] = "cn";
2754 attr_array[1] = NULL;
2756 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2757 filter, attr_array, &group_base,
2759 LDAP_SCOPE_SUBTREE)) != 0)
2761 com_err(whoami, 0, "Unable to process group %s : %s",
2762 av[L_NAME], ldap_err2string(rc));
2768 com_err(whoami, 0, "Object already exists with name %s",
2773 linklist_free(group_base);
2778 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2780 mail_nickname_v[0] = mail_nickname;
2781 report_to_originator_v[0] = "TRUE";
2783 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2784 ADD_ATTR("reportToOriginator", report_to_originator_v,
2790 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2792 mail_v[0] = contact_mail;
2793 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2795 if(!ActiveDirectory)
2797 null_v[0] = "/dev/null";
2798 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2803 if (strlen(av[L_DESC]) != 0)
2805 desc_v[0] = av[L_DESC];
2806 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2809 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2811 if (strlen(av[L_ACE_NAME]) != 0)
2813 sprintf(info, "The Administrator of this list is: %s",
2816 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2819 if (strlen(call_args[5]) != 0)
2821 mitMoiraId_v[0] = call_args[5];
2822 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2827 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2829 for (i = 0; i < n; i++)
2832 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2834 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2835 av[L_NAME], ldap_err2string(rc));
2841 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2843 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2844 "description", av[L_NAME]);
2845 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2847 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2852 if (strlen(call_args[5]) != 0)
2854 mitMoiraId_v[0] = call_args[5];
2855 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2858 if (!(atoi(av[L_ACTIVE])))
2861 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2864 if (!ActiveDirectory)
2866 mitMoiraPublic_v[0] = av[L_PUBLIC];
2867 mitMoiraHidden_v[0] = av[L_HIDDEN];
2868 mitMoiraActive_v[0] = av[L_ACTIVE];
2869 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2870 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2871 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE);
2873 if(atoi(av[L_GROUP]))
2875 gidNumber_v[0] = av[L_GID];
2876 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2880 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2886 if(atoi(av[L_MAILLIST]))
2891 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2892 attr_array[0] = "cn";
2893 attr_array[1] = NULL;
2895 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2896 filter, attr_array, &group_base,
2898 LDAP_SCOPE_SUBTREE)) != 0)
2900 com_err(whoami, 0, "Unable to process group %s : %s",
2901 av[L_NAME], ldap_err2string(rc));
2907 com_err(whoami, 0, "Object already exists with name %s",
2912 linklist_free(group_base);
2917 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2919 mail_nickname_v[0] = mail_nickname;
2920 report_to_originator_v[0] = "TRUE";
2922 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2923 ADD_ATTR("reportToOriginator", report_to_originator_v,
2929 mail_nickname_v[0] = NULL;
2930 proxy_address_v[0] = NULL;
2931 legacy_exchange_dn_v[0] = NULL;
2932 address_book_v[0] = NULL;
2933 report_to_originator_v[0] = NULL;
2935 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2936 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2938 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2940 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2941 ADD_ATTR("reportToOriginator", report_to_originator_v,
2947 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2949 mail_v[0] = contact_mail;
2950 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2952 if(!ActiveDirectory)
2954 null_v[0] = "/dev/null";
2955 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2961 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2963 if(!ActiveDirectory)
2966 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2976 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2978 for (i = 0; i < n; i++)
2981 if (rc != LDAP_SUCCESS)
2983 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2984 av[L_NAME], ldap_err2string(rc));
2991 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2992 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2994 return(LDAP_SUCCESS);
2997 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2998 char *TargetGroupName, int HiddenGroup,
2999 char *AceType, char *AceName)
3001 char filter_exp[1024];
3002 char *attr_array[5];
3003 char search_path[512];
3005 char TemplateDn[512];
3006 char TemplateSamName[128];
3008 char TargetSamName[128];
3009 char AceSamAccountName[128];
3011 unsigned char AceSid[128];
3012 unsigned char UserTemplateSid[128];
3013 char acBERBuf[N_SD_BER_BYTES];
3014 char GroupSecurityTemplate[256];
3015 char hide_addres_lists[256];
3016 char address_book[256];
3017 char *hide_address_lists_v[] = {NULL, NULL};
3018 char *address_book_v[] = {NULL, NULL};
3019 char *owner_v[] = {NULL, NULL};
3021 int UserTemplateSidCount;
3028 int array_count = 0;
3030 LK_ENTRY *group_base;
3031 LDAP_BERVAL **ppsValues;
3032 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3033 { N_SD_BER_BYTES, acBERBuf },
3036 LDAPControl *apsServerControls[] = {&sControl, NULL};
3039 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3040 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3041 BEREncodeSecurityBits(dwInfo, acBERBuf);
3043 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3044 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3045 attr_array[0] = "sAMAccountName";
3046 attr_array[1] = NULL;
3050 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3051 &group_base, &group_count,
3052 LDAP_SCOPE_SUBTREE) != 0))
3055 if (group_count != 1)
3057 linklist_free(group_base);
3061 strcpy(TargetDn, group_base->dn);
3062 strcpy(TargetSamName, group_base->value);
3063 linklist_free(group_base);
3067 UserTemplateSidCount = 0;
3068 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3069 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3070 memset(AceSid, '\0', sizeof(AceSid));
3075 if (strlen(AceName) != 0)
3077 if (!strcmp(AceType, "LIST"))
3079 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3080 strcpy(root_ou, group_ou_root);
3082 else if (!strcmp(AceType, "USER"))
3084 sprintf(AceSamAccountName, "%s", AceName);
3085 strcpy(root_ou, user_ou);
3088 if (ActiveDirectory)
3090 if (strlen(AceSamAccountName) != 0)
3092 sprintf(search_path, "%s", dn_path);
3093 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3094 attr_array[0] = "objectSid";
3095 attr_array[1] = NULL;
3099 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3100 attr_array, &group_base, &group_count,
3101 LDAP_SCOPE_SUBTREE) != 0))
3103 if (group_count == 1)
3105 strcpy(AceDn, group_base->dn);
3106 AceSidCount = group_base->length;
3107 memcpy(AceSid, group_base->value, AceSidCount);
3109 linklist_free(group_base);
3116 if (strlen(AceSamAccountName) != 0)
3118 sprintf(search_path, "%s", dn_path);
3119 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3120 attr_array[0] = "samAccountName";
3121 attr_array[1] = NULL;
3125 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3126 attr_array, &group_base, &group_count,
3127 LDAP_SCOPE_SUBTREE) != 0))
3129 if (group_count == 1)
3131 strcpy(AceDn, group_base->dn);
3133 linklist_free(group_base);
3140 if (!ActiveDirectory)
3142 if (strlen(AceDn) != 0)
3144 owner_v[0] = strdup(AceDn);
3146 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3150 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3152 for (i = 0; i < n; i++)
3155 if (rc != LDAP_SUCCESS)
3156 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3157 TargetGroupName, ldap_err2string(rc));
3163 if (AceSidCount == 0)
3165 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3166 "have a directory SID.", TargetGroupName, AceName, AceType);
3167 com_err(whoami, 0, " Non-admin security group template will be used.");
3171 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3172 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3173 attr_array[0] = "objectSid";
3174 attr_array[1] = NULL;
3179 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3180 attr_array, &group_base, &group_count,
3181 LDAP_SCOPE_SUBTREE) != 0))
3184 if ((rc != 0) || (group_count != 1))
3186 com_err(whoami, 0, "Unable to process user security template: %s",
3192 UserTemplateSidCount = group_base->length;
3193 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3195 linklist_free(group_base);
3202 if (AceSidCount == 0)
3204 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3205 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3209 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3210 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3215 if (AceSidCount == 0)
3217 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3218 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3222 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3223 sprintf(filter_exp, "(sAMAccountName=%s)",
3224 NOT_HIDDEN_GROUP_WITH_ADMIN);
3228 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3229 attr_array[0] = "sAMAccountName";
3230 attr_array[1] = NULL;
3234 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3235 &group_base, &group_count,
3236 LDAP_SCOPE_SUBTREE) != 0))
3239 if (group_count != 1)
3241 linklist_free(group_base);
3242 com_err(whoami, 0, "Unable to process group security template: %s - "
3243 "security not set", GroupSecurityTemplate);
3247 strcpy(TemplateDn, group_base->dn);
3248 strcpy(TemplateSamName, group_base->value);
3249 linklist_free(group_base);
3253 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3254 rc = ldap_search_ext_s(ldap_handle,
3266 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3268 com_err(whoami, 0, "Unable to find group security template: %s - "
3269 "security not set", GroupSecurityTemplate);
3273 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3275 if (ppsValues == NULL)
3277 com_err(whoami, 0, "Unable to find group security descriptor for group "
3278 "%s - security not set", GroupSecurityTemplate);
3282 if (AceSidCount != 0)
3284 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3287 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3289 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3290 UserTemplateSidCount))
3292 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3300 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3301 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3307 hide_address_lists_v[0] = "TRUE";
3308 address_book_v[0] = NULL;
3309 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3311 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3313 hide_address_lists_v[0] = NULL;
3314 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3321 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3323 for (i = 0; i < n; i++)
3326 ldap_value_free_len(ppsValues);
3327 ldap_msgfree(psMsg);
3329 if (rc != LDAP_SUCCESS)
3331 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3332 TargetGroupName, ldap_err2string(rc));
3334 if (AceSidCount != 0)
3337 "Trying to set security for group %s without admin.",
3340 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3341 HiddenGroup, "", ""))
3343 com_err(whoami, 0, "Unable to set security for group %s.",
3354 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3355 char *group_membership, char *MoiraId)
3357 LK_ENTRY *group_base;
3363 if (!check_string(group_name))
3366 "Unable to process invalid LDAP list name %s", group_name);
3367 return(AD_INVALID_NAME);
3370 memset(filter, '\0', sizeof(filter));
3373 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3375 if (rc = ad_get_group(ldap_handle, temp, group_name,
3376 group_membership, MoiraId,
3377 "samAccountName", &group_base,
3378 &group_count, filter))
3381 if (group_count == 1)
3383 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3385 linklist_free(group_base);
3386 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3387 group_name, ldap_err2string(rc));
3390 linklist_free(group_base);
3394 linklist_free(group_base);
3395 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3396 return(AD_NO_GROUPS_FOUND);
3402 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3408 return(N_SD_BER_BYTES);
3411 int process_lists(int ac, char **av, void *ptr)
3416 char group_membership[2];
3422 memset(group_ou, '\0', sizeof(group_ou));
3423 memset(group_membership, '\0', sizeof(group_membership));
3424 get_group_membership(group_membership, group_ou, &security_flag, av);
3425 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3426 av[L_NAME], group_ou, group_membership,
3427 security_flag, "", 1);
3432 int member_list_build(int ac, char **av, void *ptr)
3440 strcpy(temp, av[ACE_NAME]);
3443 if (!check_string(temp))
3446 if (!strcmp(av[ACE_TYPE], "USER"))
3448 if (!((int)call_args[3] & MOIRA_USERS))
3451 else if (!strcmp(av[ACE_TYPE], "STRING"))
3455 if((s = strchr(temp, '@')) == (char *) NULL)
3457 strcat(temp, "@mit.edu");
3460 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3462 s = strrchr(temp, '.');
3464 strcat(s, ".mit.edu");
3468 if (!((int)call_args[3] & MOIRA_STRINGS))
3471 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3474 else if (!strcmp(av[ACE_TYPE], "LIST"))
3476 if (!((int)call_args[3] & MOIRA_LISTS))
3479 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3481 if (!((int)call_args[3] & MOIRA_KERBEROS))
3484 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3489 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3491 if (!((int)call_args[3] & MOIRA_MACHINE))
3497 linklist = member_base;
3501 if (!strcasecmp(temp, linklist->member) &&
3502 !strcasecmp(av[ACE_TYPE], linklist->type))
3505 linklist = linklist->next;
3508 linklist = calloc(1, sizeof(LK_ENTRY));
3510 linklist->dn = NULL;
3511 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3512 strcpy(linklist->list, call_args[2]);
3513 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3514 strcpy(linklist->type, av[ACE_TYPE]);
3515 linklist->member = calloc(1, strlen(temp) + 1);
3516 strcpy(linklist->member, temp);
3517 linklist->next = member_base;
3518 member_base = linklist;
3523 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3524 char *group_ou, char *group_membership, char *user_name,
3525 char *UserOu, char *MoiraId)
3527 char distinguished_name[1024];
3531 char *attr_array[3];
3536 LK_ENTRY *group_base;
3540 if (max_group_members && (group_members < max_group_members))
3543 if (!check_string(group_name))
3544 return(AD_INVALID_NAME);
3546 if(!contains_member(ldap_handle, dn_path, group_name, UserOu, user_name))
3549 memset(filter, '\0', sizeof(filter));
3553 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3554 group_membership, MoiraId,
3555 "samAccountName", &group_base,
3556 &group_count, filter))
3559 if (group_count != 1)
3561 com_err(whoami, 0, "Unable to find list %s in directory",
3563 linklist_free(group_base);
3569 strcpy(distinguished_name, group_base->dn);
3570 linklist_free(group_base);
3576 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3580 if(!strcmp(UserOu, user_ou))
3581 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3583 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3586 modvalues[0] = temp;
3587 modvalues[1] = NULL;
3590 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3592 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3594 for (i = 0; i < n; i++)
3597 if (rc == LDAP_UNWILLING_TO_PERFORM)
3600 if (rc != LDAP_SUCCESS)
3602 com_err(whoami, 0, "Unable to modify list %s members : %s",
3603 group_name, ldap_err2string(rc));
3607 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3611 if(!strcmp(UserOu, contact_ou) &&
3612 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3614 memset(temp, '\0', sizeof(temp));
3615 strcpy(temp, user_name);
3616 s = strchr(temp, '@');
3619 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3621 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3622 &group_base, &group_count,
3623 LDAP_SCOPE_SUBTREE) != 0))
3629 linklist_free(group_base);
3634 sprintf(filter, "(distinguishedName=%s)", temp);
3635 attr_array[0] = "memberOf";
3636 attr_array[1] = NULL;
3638 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3639 &group_base, &group_count,
3640 LDAP_SCOPE_SUBTREE) != 0))
3646 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3648 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3658 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3659 char *group_ou, char *group_membership, char *user_name,
3660 char *UserOu, char *MoiraId)
3662 char distinguished_name[1024];
3670 LK_ENTRY *group_base;
3673 if (max_group_members && (group_members < max_group_members))
3676 if (!check_string(group_name))
3677 return(AD_INVALID_NAME);
3679 if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0)
3683 memset(filter, '\0', sizeof(filter));
3687 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3688 group_membership, MoiraId,
3689 "samAccountName", &group_base,
3690 &group_count, filter))
3693 if (group_count != 1)
3695 linklist_free(group_base);
3698 com_err(whoami, 0, "Unable to find list %s %d in directory",
3699 group_name, group_count);
3700 return(AD_MULTIPLE_GROUPS_FOUND);
3703 strcpy(distinguished_name, group_base->dn);
3704 linklist_free(group_base);
3710 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3714 if(!strcmp(UserOu, user_ou))
3715 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3717 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3720 modvalues[0] = temp;
3721 modvalues[1] = NULL;
3724 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3726 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3728 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3731 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3733 if (rc == LDAP_UNWILLING_TO_PERFORM)
3737 for (i = 0; i < n; i++)
3740 if (rc != LDAP_SUCCESS)
3742 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3743 user_name, group_name, ldap_err2string(rc));
3749 int contact_remove_email(LDAP *ld, char *bind_path,
3750 LK_ENTRY **linklist_base, int linklist_current)
3754 char *mail_v[] = {NULL, NULL};
3762 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3763 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3764 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3765 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3768 gPtr = (*linklist_base);
3771 rc = ldap_modify_s(ld, gPtr->dn, mods);
3773 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3775 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3776 gPtr->dn, ldap_err2string(rc));
3783 for (i = 0; i < n; i++)
3789 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3792 LK_ENTRY *group_base;
3795 char cn_user_name[256];
3796 char contact_name[256];
3797 char mail_nickname[256];
3798 char proxy_address_internal[256];
3799 char proxy_address_external[256];
3800 char target_address[256];
3801 char internal_contact_name[256];
3804 char principal[256];
3805 char mit_address_book[256];
3806 char default_address_book[256];
3807 char contact_address_book[256];
3809 char *email_v[] = {NULL, NULL};
3810 char *cn_v[] = {NULL, NULL};
3811 char *contact_v[] = {NULL, NULL};
3812 char *uid_v[] = {NULL, NULL};
3813 char *mail_nickname_v[] = {NULL, NULL};
3814 char *proxy_address_internal_v[] = {NULL, NULL};
3815 char *proxy_address_external_v[] = {NULL, NULL};
3816 char *target_address_v[] = {NULL, NULL};
3817 char *mit_address_book_v[] = {NULL, NULL};
3818 char *default_address_book_v[] = {NULL, NULL};
3819 char *contact_address_book_v[] = {NULL, NULL};
3820 char *hide_address_lists_v[] = {NULL, NULL};
3821 char *attr_array[3];
3822 char *objectClass_v[] = {"top", "person",
3823 "organizationalPerson",
3825 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3826 "inetOrgPerson", "organizationalPerson",
3827 "contact", "mailRecipient", "eduPerson",
3829 char *name_v[] = {NULL, NULL};
3830 char *desc_v[] = {NULL, NULL};
3837 char *mail_routing_v[] = {NULL, NULL};
3838 char *principal_v[] = {NULL, NULL};
3840 if (!check_string(user))
3842 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3843 return(AD_INVALID_NAME);
3847 strcpy(contact_name, mail);
3848 strcpy(internal_contact_name, mail);
3850 if((s = strchr(internal_contact_name, '@')) != NULL) {
3854 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3857 sprintf(target_address, "SMTP:%s", contact_name);
3858 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3859 sprintf(mail_nickname, "%s", internal_contact_name);
3861 cn_v[0] = cn_user_name;
3862 contact_v[0] = contact_name;
3865 desc_v[0] = "Auto account created by Moira";
3867 proxy_address_internal_v[0] = proxy_address_internal;
3868 proxy_address_external_v[0] = proxy_address_external;
3869 mail_nickname_v[0] = mail_nickname;
3870 target_address_v[0] = target_address;
3871 mit_address_book_v[0] = mit_address_book;
3872 default_address_book_v[0] = default_address_book;
3873 contact_address_book_v[0] = contact_address_book;
3874 strcpy(new_dn, cn_user_name);
3877 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3879 if(!ActiveDirectory)
3881 if(!strcmp(group_ou, contact_ou))
3882 sprintf(uid, "%s%s", contact_name, "_strings");
3884 if(!strcmp(group_ou, kerberos_ou))
3885 sprintf(uid, "%s%s", contact_name, "_kerberos");
3889 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3890 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3895 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3899 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3902 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3903 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3904 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3908 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3913 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3914 attr_array[0] = "cn";
3915 attr_array[1] = NULL;
3917 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3918 &group_base, &group_count,
3919 LDAP_SCOPE_SUBTREE)) != 0)
3921 com_err(whoami, 0, "Unable to process contact %s : %s",
3922 user, ldap_err2string(rc));
3928 com_err(whoami, 0, "Object already exists with name %s",
3933 linklist_free(group_base);
3937 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3938 attr_array[0] = "cn";
3939 attr_array[1] = NULL;
3941 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3942 &group_base, &group_count,
3943 LDAP_SCOPE_SUBTREE)) != 0)
3945 com_err(whoami, 0, "Unable to process contact %s : %s",
3946 user, ldap_err2string(rc));
3952 com_err(whoami, 0, "Object already exists with name %s",
3957 linklist_free(group_base);
3961 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3962 attr_array[0] = "cn";
3963 attr_array[1] = NULL;
3965 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3966 &group_base, &group_count,
3967 LDAP_SCOPE_SUBTREE)) != 0)
3969 com_err(whoami, 0, "Unable to process contact %s : %s",
3970 user, ldap_err2string(rc));
3976 com_err(whoami, 0, "Object already exists with name %s",
3981 linklist_free(group_base);
3985 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3986 attr_array[0] = "cn";
3987 attr_array[1] = NULL;
3989 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3990 &group_base, &group_count,
3991 LDAP_SCOPE_SUBTREE)) != 0)
3993 com_err(whoami, 0, "Unable to process contact %s : %s",
3994 user, ldap_err2string(rc));
4000 com_err(whoami, 0, "Object already exists with name %s",
4005 linklist_free(group_base);
4009 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4010 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4011 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4012 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4014 hide_address_lists_v[0] = "TRUE";
4015 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4020 if(!ActiveDirectory)
4022 if((c = strchr(mail, '@')) == NULL)
4023 sprintf(temp, "%s@mit.edu", mail);
4025 sprintf(temp, "%s", mail);
4027 mail_routing_v[0] = temp;
4029 principal_v[0] = principal;
4031 if(!strcmp(group_ou, contact_ou))
4033 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4034 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4040 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4042 for (i = 0; i < n; i++)
4047 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4048 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4052 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4053 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4054 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4056 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4058 hide_address_lists_v[0] = "TRUE";
4059 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4063 rc = ldap_modify_s(ld, new_dn, mods);
4067 com_err(whoami, 0, "Unable to update contact %s", mail);
4070 for (i = 0; i < n; i++)
4075 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4077 com_err(whoami, 0, "Unable to create contact %s : %s",
4078 user, ldap_err2string(rc));
4085 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4086 char *Uid, char *MitId, char *MoiraId, int State,
4087 char *WinHomeDir, char *WinProfileDir, char *first,
4088 char *middle, char *last, char *shell, char *class)
4091 LK_ENTRY *group_base;
4093 char distinguished_name[512];
4094 char displayName[256];
4095 char *mitMoiraId_v[] = {NULL, NULL};
4096 char *mitMoiraClass_v[] = {NULL, NULL};
4097 char *mitMoiraStatus_v[] = {NULL, NULL};
4098 char *uid_v[] = {NULL, NULL};
4099 char *mitid_v[] = {NULL, NULL};
4100 char *homedir_v[] = {NULL, NULL};
4101 char *winProfile_v[] = {NULL, NULL};
4102 char *drives_v[] = {NULL, NULL};
4103 char *userAccountControl_v[] = {NULL, NULL};
4104 char *alt_recipient_v[] = {NULL, NULL};
4105 char *hide_address_lists_v[] = {NULL, NULL};
4106 char *mail_v[] = {NULL, NULL};
4107 char *gid_v[] = {NULL, NULL};
4108 char *loginshell_v[] = {NULL, NULL};
4109 char *principal_v[] = {NULL, NULL};
4110 char userAccountControlStr[80];
4115 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4116 UF_PASSWD_CANT_CHANGE;
4118 char *attr_array[3];
4121 char contact_mail[256];
4122 char filter_exp[1024];
4123 char search_path[512];
4124 char TemplateDn[512];
4125 char TemplateSamName[128];
4126 char alt_recipient[256];
4127 char principal[256];
4129 char acBERBuf[N_SD_BER_BYTES];
4130 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4131 { N_SD_BER_BYTES, acBERBuf },
4133 LDAPControl *apsServerControls[] = {&sControl, NULL};
4135 LDAP_BERVAL **ppsValues;
4139 char *homeServerName;
4141 char search_string[256];
4143 char *mail_routing_v[] = {NULL, NULL};
4146 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4147 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4148 BEREncodeSecurityBits(dwInfo, acBERBuf);
4150 if (!check_string(user_name))
4152 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4154 return(AD_INVALID_NAME);
4157 memset(contact_mail, '\0', sizeof(contact_mail));
4158 sprintf(contact_mail, "%s@mit.edu", user_name);
4159 memset(mail, '\0', sizeof(mail));
4160 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4161 memset(alt_recipient, '\0', sizeof(alt_recipient));
4162 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4164 sprintf(search_string, "@%s", uppercase(ldap_domain));
4168 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4170 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4177 memset(displayName, '\0', sizeof(displayName));
4179 if (strlen(MoiraId) != 0)
4183 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4188 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4191 attr_array[0] = "cn";
4192 attr_array[1] = NULL;
4193 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4194 &group_base, &group_count,
4195 LDAP_SCOPE_SUBTREE)) != 0)
4197 com_err(whoami, 0, "Unable to process user %s : %s",
4198 user_name, ldap_err2string(rc));
4203 if (group_count != 1)
4205 linklist_free(group_base);
4208 sprintf(filter, "(sAMAccountName=%s)", user_name);
4209 attr_array[0] = "cn";
4210 attr_array[1] = NULL;
4211 sprintf(temp, "%s,%s", user_ou, dn_path);
4212 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4213 &group_base, &group_count,
4214 LDAP_SCOPE_SUBTREE)) != 0)
4216 com_err(whoami, 0, "Unable to process user %s : %s",
4217 user_name, ldap_err2string(rc));
4222 if (group_count != 1)
4224 com_err(whoami, 0, "Unable to find user %s in directory",
4226 linklist_free(group_base);
4227 return(AD_NO_USER_FOUND);
4230 strcpy(distinguished_name, group_base->dn);
4232 linklist_free(group_base);
4235 if(!ActiveDirectory)
4237 if (rc = moira_connect())
4239 critical_alert(whoami, "Ldap incremental",
4240 "Error contacting Moira server : %s",
4245 argv[0] = user_name;
4247 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4250 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4252 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4254 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4259 "Unable to set the mailRoutingAddress for %s : %s",
4260 user_name, ldap_err2string(rc));
4262 p = strdup(save_argv[3]);
4264 if((c = strchr(p, ',')) != NULL)
4269 if ((c = strchr(q, '@')) == NULL)
4270 sprintf(temp, "%s@mit.edu", q);
4272 sprintf(temp, "%s", q);
4274 if(email_isvalid(temp) && State != US_DELETED)
4276 mail_routing_v[0] = temp;
4279 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4281 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4283 if (rc == LDAP_ALREADY_EXISTS ||
4284 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4289 "Unable to set the mailRoutingAddress for %s : %s",
4290 user_name, ldap_err2string(rc));
4293 while((q = strtok(NULL, ",")) != NULL) {
4296 if((c = strchr(q, '@')) == NULL)
4297 sprintf(temp, "%s@mit.edu", q);
4299 sprintf(temp, "%s", q);
4301 if(email_isvalid(temp) && State != US_DELETED)
4303 mail_routing_v[0] = temp;
4306 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4309 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4311 if (rc == LDAP_ALREADY_EXISTS ||
4312 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4317 "Unable to set the mailRoutingAddress for "
4319 user_name, ldap_err2string(rc));
4325 if((c = strchr(p, '@')) == NULL)
4326 sprintf(temp, "%s@mit.edu", p);
4328 sprintf(temp, "%s", p);
4330 if(email_isvalid(temp) && State != US_DELETED)
4332 mail_routing_v[0] = temp;
4335 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4337 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4339 if (rc == LDAP_ALREADY_EXISTS ||
4340 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4345 "Unable to set the mailRoutingAddress for %s : %s",
4346 user_name, ldap_err2string(rc));
4349 } else if(rc==MR_NO_MATCH) {
4352 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4354 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4356 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4361 "Unable to set the mailRoutingAddress for %s : %s",
4362 user_name, ldap_err2string(rc));
4367 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4368 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4369 "employeeID", user_name);
4371 rc = attribute_update(ldap_handle, distinguished_name, "none",
4372 "employeeID", user_name);
4375 strcat(displayName, first);
4378 if(strlen(middle)) {
4380 strcat(displayName, " ");
4382 strcat(displayName, middle);
4386 if(strlen(middle) || strlen(first))
4387 strcat(displayName, " ");
4389 strcat(displayName, last);
4392 if(strlen(displayName))
4393 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4394 "displayName", user_name);
4396 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4397 "displayName", user_name);
4399 if(!ActiveDirectory)
4401 if(strlen(displayName))
4402 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4405 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4409 if(!ActiveDirectory)
4411 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4412 "eduPersonNickname", user_name);
4416 rc = attribute_update(ldap_handle, distinguished_name, first,
4417 "givenName", user_name);
4419 rc = attribute_update(ldap_handle, distinguished_name, "",
4420 "givenName", user_name);
4422 if(strlen(middle) == 1)
4423 rc = attribute_update(ldap_handle, distinguished_name, middle,
4424 "initials", user_name);
4426 rc = attribute_update(ldap_handle, distinguished_name, "",
4427 "initials", user_name);
4430 rc = attribute_update(ldap_handle, distinguished_name, last,
4433 rc = attribute_update(ldap_handle, distinguished_name, "",
4438 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4443 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4447 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4448 "mitMoiraId", user_name);
4457 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4461 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4466 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4467 sprintf(status, "%d", State);
4468 principal_v[0] = principal;
4469 loginshell_v[0] = shell;
4470 mitMoiraClass_v[0] = class;
4471 mitMoiraStatus_v[0] = status;
4473 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4474 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4475 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4476 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4477 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4478 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4481 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4483 userAccountControl |= UF_ACCOUNTDISABLE;
4487 hide_address_lists_v[0] = "TRUE";
4488 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4496 hide_address_lists_v[0] = NULL;
4497 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4502 sprintf(userAccountControlStr, "%ld", userAccountControl);
4503 userAccountControl_v[0] = userAccountControlStr;
4504 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4508 if (rc = moira_connect())
4510 critical_alert(whoami, "Ldap incremental",
4511 "Error contacting Moira server : %s",
4516 argv[0] = user_name;
4518 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4520 if(!strcmp(save_argv[1], "EXCHANGE") ||
4521 (strstr(save_argv[3], search_string) != NULL))
4523 alt_recipient_v[0] = NULL;
4524 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4526 argv[0] = exchange_acl;
4528 argv[2] = user_name;
4530 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4532 if ((rc) && (rc != MR_EXISTS))
4534 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4535 user_name, exchange_acl, error_message(rc));
4540 alt_recipient_v[0] = alt_recipient;
4541 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4543 argv[0] = exchange_acl;
4545 argv[2] = user_name;
4547 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4549 if ((rc) && (rc != MR_NO_MATCH))
4552 "Unable to remove user %s from %s: %s, %d",
4553 user_name, exchange_acl, error_message(rc), rc);
4559 alt_recipient_v[0] = alt_recipient;
4560 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4562 argv[0] = exchange_acl;
4564 argv[2] = user_name;
4566 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4568 if ((rc) && (rc != MR_NO_MATCH))
4571 "Unable to remove user %s from %s: %s, %d",
4572 user_name, exchange_acl, error_message(rc), rc);
4580 mail_v[0] = contact_mail;
4581 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4583 if(!ActiveDirectory)
4585 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4589 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4590 WinProfileDir, homedir_v, winProfile_v,
4591 drives_v, mods, LDAP_MOD_REPLACE, n);
4595 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4596 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4597 attr_array[0] = "sAMAccountName";
4598 attr_array[1] = NULL;
4602 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4604 &group_base, &group_count,
4605 LDAP_SCOPE_SUBTREE) != 0))
4608 if (group_count != 1)
4610 com_err(whoami, 0, "Unable to process user security template: %s - "
4611 "security not set", "UserTemplate.u");
4615 strcpy(TemplateDn, group_base->dn);
4616 strcpy(TemplateSamName, group_base->value);
4617 linklist_free(group_base);
4621 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4622 filter_exp, NULL, 0, apsServerControls, NULL,
4625 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4627 com_err(whoami, 0, "Unable to find user security template: %s - "
4628 "security not set", "UserTemplate.u");
4632 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4633 "ntSecurityDescriptor");
4635 if (ppsValues == NULL)
4637 com_err(whoami, 0, "Unable to find user security template: %s - "
4638 "security not set", "UserTemplate.u");
4642 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4643 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4648 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4649 mods)) != LDAP_SUCCESS)
4651 OldUseSFU30 = UseSFU30;
4652 SwitchSFU(mods, &UseSFU30, n);
4653 if (OldUseSFU30 != UseSFU30)
4654 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4657 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4658 user_name, ldap_err2string(rc));
4662 for (i = 0; i < n; i++)
4668 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4676 char contact_mail[256];
4677 char proxy_address[256];
4678 char query_base_dn[256];
4680 char *userPrincipalName_v[] = {NULL, NULL};
4681 char *altSecurityIdentities_v[] = {NULL, NULL};
4682 char *name_v[] = {NULL, NULL};
4683 char *samAccountName_v[] = {NULL, NULL};
4684 char *mail_v[] = {NULL, NULL};
4685 char *mail_nickname_v[] = {NULL, NULL};
4686 char *proxy_address_v[] = {NULL, NULL};
4687 char *query_base_dn_v[] = {NULL, NULL};
4688 char *principal_v[] = {NULL, NULL};
4689 char principal[256];
4694 if (!check_string(before_user_name))
4697 "Unable to process invalid LDAP user name %s", before_user_name);
4698 return(AD_INVALID_NAME);
4701 if (!check_string(user_name))
4704 "Unable to process invalid LDAP user name %s", user_name);
4705 return(AD_INVALID_NAME);
4708 strcpy(user_name, user_name);
4711 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4713 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4716 sprintf(new_dn, "cn=%s", user_name);
4718 sprintf(new_dn, "uid=%s", user_name);
4720 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4721 sprintf(contact_mail, "%s@mit.edu", user_name);
4722 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4723 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4725 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4726 NULL, NULL)) != LDAP_SUCCESS)
4728 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4729 before_user_name, user_name, ldap_err2string(rc));
4735 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4738 if(rc = ldap_delete_s(ldap_handle, temp))
4740 com_err(whoami, 0, "Unable to delete user contact for %s",
4744 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4746 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4750 name_v[0] = user_name;
4751 sprintf(upn, "%s@%s", user_name, ldap_domain);
4752 userPrincipalName_v[0] = upn;
4753 principal_v[0] = principal;
4754 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4755 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4756 altSecurityIdentities_v[0] = temp;
4757 samAccountName_v[0] = user_name;
4759 mail_nickname_v[0] = user_name;
4760 proxy_address_v[0] = proxy_address;
4761 query_base_dn_v[0] = query_base_dn;
4764 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4765 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4766 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4767 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4769 if(!ActiveDirectory)
4771 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4772 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4773 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4774 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4779 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4780 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4781 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4782 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4786 mail_v[0] = contact_mail;
4787 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4789 if(!ActiveDirectory)
4791 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4798 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4800 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4802 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4805 "Unable to modify user data for %s after renaming : %s",
4806 user_name, ldap_err2string(rc));
4809 for (i = 0; i < n; i++)
4815 int user_create(int ac, char **av, void *ptr)
4819 char user_name[256];
4823 char contact_mail[256];
4824 char proxy_address[256];
4825 char mail_nickname[256];
4826 char query_base_dn[256];
4827 char displayName[256];
4828 char address_book[256];
4829 char alt_recipient[256];
4830 char *cn_v[] = {NULL, NULL};
4831 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4833 char *objectClass_ldap_v[] = {"top",
4834 "eduPerson", "posixAccount",
4835 "apple-user", "shadowAccount",
4836 "microsoftComTop", "securityPrincipal",
4837 "inetOrgPerson", "user",
4838 "organizationalPerson", "person",
4839 "mailRecipient", NULL};
4841 char *samAccountName_v[] = {NULL, NULL};
4842 char *altSecurityIdentities_v[] = {NULL, NULL};
4843 char *mitMoiraId_v[] = {NULL, NULL};
4844 char *mitMoiraClass_v[] = {NULL, NULL};
4845 char *mitMoiraStatus_v[] = {NULL, NULL};
4846 char *name_v[] = {NULL, NULL};
4847 char *desc_v[] = {NULL, NULL};
4848 char *userPrincipalName_v[] = {NULL, NULL};
4849 char *userAccountControl_v[] = {NULL, NULL};
4850 char *uid_v[] = {NULL, NULL};
4851 char *gid_v[] = {NULL, NULL};
4852 char *mitid_v[] = {NULL, NULL};
4853 char *homedir_v[] = {NULL, NULL};
4854 char *winProfile_v[] = {NULL, NULL};
4855 char *drives_v[] = {NULL, NULL};
4856 char *mail_v[] = {NULL, NULL};
4857 char *givenName_v[] = {NULL, NULL};
4858 char *sn_v[] = {NULL, NULL};
4859 char *initials_v[] = {NULL, NULL};
4860 char *displayName_v[] = {NULL, NULL};
4861 char *proxy_address_v[] = {NULL, NULL};
4862 char *mail_nickname_v[] = {NULL, NULL};
4863 char *query_base_dn_v[] = {NULL, NULL};
4864 char *address_book_v[] = {NULL, NULL};
4865 char *homeMDB_v[] = {NULL, NULL};
4866 char *homeServerName_v[] = {NULL, NULL};
4867 char *mdbUseDefaults_v[] = {NULL, NULL};
4868 char *mailbox_guid_v[] = {NULL, NULL};
4869 char *user_culture_v[] = {NULL, NULL};
4870 char *user_account_control_v[] = {NULL, NULL};
4871 char *msexch_version_v[] = {NULL, NULL};
4872 char *alt_recipient_v[] = {NULL, NULL};
4873 char *hide_address_lists_v[] = {NULL, NULL};
4874 char *principal_v[] = {NULL, NULL};
4875 char *loginshell_v[] = {NULL, NULL};
4876 char userAccountControlStr[80];
4878 char principal[256];
4879 char filter_exp[1024];
4880 char search_path[512];
4881 char *attr_array[3];
4882 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4883 UF_PASSWD_CANT_CHANGE;
4889 char WinHomeDir[1024];
4890 char WinProfileDir[1024];
4892 char *homeServerName;
4894 char acBERBuf[N_SD_BER_BYTES];
4895 LK_ENTRY *group_base;
4897 char TemplateDn[512];
4898 char TemplateSamName[128];
4899 LDAP_BERVAL **ppsValues;
4900 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4901 { N_SD_BER_BYTES, acBERBuf },
4903 LDAPControl *apsServerControls[] = {&sControl, NULL};
4907 char search_string[256];
4908 char *o_v[] = {NULL, NULL};
4910 char *mail_routing_v[] = {NULL, NULL};
4915 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4916 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4917 BEREncodeSecurityBits(dwInfo, acBERBuf);
4919 if (!check_string(av[U_NAME]))
4921 callback_rc = AD_INVALID_NAME;
4922 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4924 return(AD_INVALID_NAME);
4927 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4928 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4929 memset(displayName, '\0', sizeof(displayName));
4930 memset(query_base_dn, '\0', sizeof(query_base_dn));
4931 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4932 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4933 strcpy(user_name, av[U_NAME]);
4934 sprintf(upn, "%s@%s", user_name, ldap_domain);
4935 sprintf(sam_name, "%s", av[U_NAME]);
4937 if(strlen(av[U_FIRST])) {
4938 strcat(displayName, av[U_FIRST]);
4941 if(strlen(av[U_MIDDLE])) {
4942 if(strlen(av[U_FIRST]))
4943 strcat(displayName, " ");
4945 strcat(displayName, av[U_MIDDLE]);
4948 if(strlen(av[U_LAST])) {
4949 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4950 strcat(displayName, " ");
4952 strcat(displayName, av[U_LAST]);
4955 samAccountName_v[0] = sam_name;
4956 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4957 (atoi(av[U_STATE]) != US_REGISTERED))
4959 userAccountControl |= UF_ACCOUNTDISABLE;
4963 hide_address_lists_v[0] = "TRUE";
4964 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4969 sprintf(userAccountControlStr, "%ld", userAccountControl);
4970 userAccountControl_v[0] = userAccountControlStr;
4971 userPrincipalName_v[0] = upn;
4974 cn_v[0] = user_name;
4976 cn_v[0] = displayName;
4978 name_v[0] = user_name;
4979 desc_v[0] = "Auto account created by Moira";
4981 givenName_v[0] = av[U_FIRST];
4984 sn_v[0] = av[U_LAST];
4986 if(strlen(av[U_LAST]))
4987 sn_v[0] = av[U_LAST];
4989 sn_v[0] = av[U_NAME];
4991 displayName_v[0] = displayName;
4992 mail_nickname_v[0] = user_name;
4993 o_v[0] = "Massachusetts Institute of Technology";
4995 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4996 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4997 altSecurityIdentities_v[0] = temp;
4998 principal_v[0] = principal;
5001 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
5003 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
5005 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
5006 sprintf(contact_mail, "%s@mit.edu", user_name);
5007 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5008 query_base_dn_v[0] = query_base_dn;
5009 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
5011 sprintf(search_string, "@%s", uppercase(ldap_domain));
5015 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5018 com_err(whoami, 0, "Unable to create user contact %s",
5022 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5025 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5029 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5030 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5032 homeMDB_v[0] = homeMDB;
5033 homeServerName_v[0] = homeServerName;
5038 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5042 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5046 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5049 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5050 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5051 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5052 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5053 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5057 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5058 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5059 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5060 mdbUseDefaults_v[0] = "TRUE";
5061 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5062 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5064 argv[0] = user_name;
5066 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5068 if(!strcmp(save_argv[1], "EXCHANGE") ||
5069 (strstr(save_argv[3], search_string) != NULL))
5071 argv[0] = exchange_acl;
5073 argv[2] = user_name;
5075 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5077 if ((rc) && (rc != MR_EXISTS))
5079 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5080 user_name, exchange_acl, error_message(rc));
5085 alt_recipient_v[0] = alt_recipient;
5086 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5091 alt_recipient_v[0] = alt_recipient;
5092 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5094 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5099 mail_v[0] = contact_mail;
5100 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5102 if(!ActiveDirectory)
5104 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5108 if(strlen(av[U_FIRST])) {
5109 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5112 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5113 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5116 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5117 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5119 if(!ActiveDirectory)
5121 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5124 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5126 if(!ActiveDirectory)
5128 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5132 if (strlen(av[U_MIDDLE]) == 1) {
5133 initials_v[0] = av[U_MIDDLE];
5134 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5137 if (strlen(call_args[2]) != 0)
5139 mitMoiraId_v[0] = call_args[2];
5140 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5143 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5145 if(!ActiveDirectory)
5147 loginshell_v[0] = av[U_SHELL];
5148 mitMoiraClass_v[0] = av[U_CLASS];
5149 mitMoiraStatus_v[0] = av[U_STATE];
5150 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5151 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5152 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5153 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5154 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5155 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5158 if (strlen(av[U_UID]) != 0)
5160 uid_v[0] = av[U_UID];
5164 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5169 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5170 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5177 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5181 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5186 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5187 mitid_v[0] = av[U_MITID];
5189 mitid_v[0] = "none";
5191 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5193 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5194 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5195 drives_v, mods, LDAP_MOD_ADD, n);
5199 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5200 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5201 attr_array[0] = "sAMAccountName";
5202 attr_array[1] = NULL;
5206 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5207 attr_array, &group_base, &group_count,
5208 LDAP_SCOPE_SUBTREE) != 0))
5211 if (group_count != 1)
5213 com_err(whoami, 0, "Unable to process user security template: %s - "
5214 "security not set", "UserTemplate.u");
5218 strcpy(TemplateDn, group_base->dn);
5219 strcpy(TemplateSamName, group_base->value);
5220 linklist_free(group_base);
5224 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5225 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5226 apsServerControls, NULL,
5229 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5231 com_err(whoami, 0, "Unable to find user security template: %s - "
5232 "security not set", "UserTemplate.u");
5236 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5237 "ntSecurityDescriptor");
5238 if (ppsValues == NULL)
5240 com_err(whoami, 0, "Unable to find user security template: %s - "
5241 "security not set", "UserTemplate.u");
5245 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5246 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5251 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5253 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5255 OldUseSFU30 = UseSFU30;
5256 SwitchSFU(mods, &UseSFU30, n);
5257 if (OldUseSFU30 != UseSFU30)
5258 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5261 for (i = 0; i < n; i++)
5264 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5266 com_err(whoami, 0, "Unable to create user %s : %s",
5267 user_name, ldap_err2string(rc));
5272 if ((rc == LDAP_SUCCESS) && (SetPassword))
5274 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5276 ad_kdc_disconnect();
5277 if (!ad_server_connect(default_server, ldap_domain))
5279 com_err(whoami, 0, "Unable to set password for user %s : %s",
5281 "cannot get changepw ticket from windows domain");
5285 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5287 com_err(whoami, 0, "Unable to set password for user %s "
5288 ": %ld", user_name, rc);
5294 if(!ActiveDirectory)
5296 if (rc = moira_connect())
5298 critical_alert(whoami, "Ldap incremental",
5299 "Error contacting Moira server : %s",
5304 argv[0] = user_name;
5306 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5309 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5311 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5313 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5318 "Unable to set the mailRoutingAddress for %s : %s",
5319 user_name, ldap_err2string(rc));
5321 p = strdup(save_argv[3]);
5323 if((c = strchr(p, ',')) != NULL) {
5327 if ((c = strchr(q, '@')) == NULL)
5328 sprintf(temp, "%s@mit.edu", q);
5330 sprintf(temp, "%s", q);
5332 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5334 mail_routing_v[0] = temp;
5337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5339 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5341 if (rc == LDAP_ALREADY_EXISTS ||
5342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5347 "Unable to set the mailRoutingAddress for %s : %s",
5348 user_name, ldap_err2string(rc));
5351 while((q = strtok(NULL, ",")) != NULL) {
5354 if((c = strchr(q, '@')) == NULL)
5355 sprintf(temp, "%s@mit.edu", q);
5357 sprintf(temp, "%s", q);
5359 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5361 mail_routing_v[0] = temp;
5364 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5366 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5368 if (rc == LDAP_ALREADY_EXISTS ||
5369 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5374 "Unable to set the mailRoutingAddress for %s : %s",
5375 user_name, ldap_err2string(rc));
5381 if((c = strchr(p, '@')) == NULL)
5382 sprintf(temp, "%s@mit.edu", p);
5384 sprintf(temp, "%s", p);
5386 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5388 mail_routing_v[0] = temp;
5391 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5393 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5395 if (rc == LDAP_ALREADY_EXISTS ||
5396 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5401 "Unable to set the mailRoutingAddress for %s : %s",
5402 user_name, ldap_err2string(rc));
5412 int user_change_status(LDAP *ldap_handle, char *dn_path,
5413 char *user_name, char *MoiraId,
5417 char *attr_array[3];
5419 char distinguished_name[1024];
5421 char *mitMoiraId_v[] = {NULL, NULL};
5423 LK_ENTRY *group_base;
5430 if (!check_string(user_name))
5432 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5434 return(AD_INVALID_NAME);
5440 if (strlen(MoiraId) != 0)
5442 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5443 attr_array[0] = "UserAccountControl";
5444 attr_array[1] = NULL;
5445 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5446 &group_base, &group_count,
5447 LDAP_SCOPE_SUBTREE)) != 0)
5449 com_err(whoami, 0, "Unable to process user %s : %s",
5450 user_name, ldap_err2string(rc));
5455 if (group_count != 1)
5457 linklist_free(group_base);
5460 sprintf(filter, "(sAMAccountName=%s)", user_name);
5461 attr_array[0] = "UserAccountControl";
5462 attr_array[1] = NULL;
5463 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5464 &group_base, &group_count,
5465 LDAP_SCOPE_SUBTREE)) != 0)
5467 com_err(whoami, 0, "Unable to process user %s : %s",
5468 user_name, ldap_err2string(rc));
5473 if (group_count != 1)
5475 linklist_free(group_base);
5476 com_err(whoami, 0, "Unable to find user %s in directory",
5478 return(LDAP_NO_SUCH_OBJECT);
5481 strcpy(distinguished_name, group_base->dn);
5482 ulongValue = atoi((*group_base).value);
5484 if (operation == MEMBER_DEACTIVATE)
5485 ulongValue |= UF_ACCOUNTDISABLE;
5487 ulongValue &= ~UF_ACCOUNTDISABLE;
5489 sprintf(temp, "%ld", ulongValue);
5491 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5492 temp, &modvalues, REPLACE)) == 1)
5495 linklist_free(group_base);
5499 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5501 if (strlen(MoiraId) != 0)
5503 mitMoiraId_v[0] = MoiraId;
5504 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5508 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5510 for (i = 0; i < n; i++)
5513 free_values(modvalues);
5515 if (rc != LDAP_SUCCESS)
5517 com_err(whoami, 0, "Unable to change status of user %s : %s",
5518 user_name, ldap_err2string(rc));
5525 int user_delete(LDAP *ldap_handle, char *dn_path,
5526 char *u_name, char *MoiraId)
5529 char *attr_array[3];
5530 char distinguished_name[1024];
5531 char user_name[512];
5532 LK_ENTRY *group_base;
5537 if (!check_string(u_name))
5538 return(AD_INVALID_NAME);
5540 strcpy(user_name, u_name);
5544 if (strlen(MoiraId) != 0)
5546 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5547 attr_array[0] = "name";
5548 attr_array[1] = NULL;
5549 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5550 &group_base, &group_count,
5551 LDAP_SCOPE_SUBTREE)) != 0)
5553 com_err(whoami, 0, "Unable to process user %s : %s",
5554 user_name, ldap_err2string(rc));
5559 if (group_count != 1)
5561 linklist_free(group_base);
5564 sprintf(filter, "(sAMAccountName=%s)", user_name);
5565 attr_array[0] = "name";
5566 attr_array[1] = NULL;
5567 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5568 &group_base, &group_count,
5569 LDAP_SCOPE_SUBTREE)) != 0)
5571 com_err(whoami, 0, "Unable to process user %s : %s",
5572 user_name, ldap_err2string(rc));
5577 if (group_count != 1)
5582 strcpy(distinguished_name, group_base->dn);
5584 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5586 com_err(whoami, 0, "Unable to process user %s : %s",
5587 user_name, ldap_err2string(rc));
5590 /* Need to add code to delete mit.edu contact */
5594 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5596 if(rc = ldap_delete_s(ldap_handle, temp))
5598 com_err(whoami, 0, "Unable to delete user contact for %s",
5604 linklist_free(group_base);
5609 void linklist_free(LK_ENTRY *linklist_base)
5611 LK_ENTRY *linklist_previous;
5613 while (linklist_base != NULL)
5615 if (linklist_base->dn != NULL)
5616 free(linklist_base->dn);
5618 if (linklist_base->attribute != NULL)
5619 free(linklist_base->attribute);
5621 if (linklist_base->value != NULL)
5622 free(linklist_base->value);
5624 if (linklist_base->member != NULL)
5625 free(linklist_base->member);
5627 if (linklist_base->type != NULL)
5628 free(linklist_base->type);
5630 if (linklist_base->list != NULL)
5631 free(linklist_base->list);
5633 linklist_previous = linklist_base;
5634 linklist_base = linklist_previous->next;
5635 free(linklist_previous);
5639 void free_values(char **modvalues)
5645 if (modvalues != NULL)
5647 while (modvalues[i] != NULL)
5650 modvalues[i] = NULL;
5657 static int illegalchars[] = {
5658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5660 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5661 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5662 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5664 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5665 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5669 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5670 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5676 static int illegalchars_ldap[] = {
5677 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5679 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5680 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5681 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5682 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5683 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5684 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5685 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5686 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5687 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5688 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5689 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5690 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5691 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5692 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5695 int check_string(char *s)
5706 if (isupper(character))
5707 character = tolower(character);
5711 if (illegalchars[(unsigned) character])
5713 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5714 character, (unsigned) character, string);
5720 if (illegalchars_ldap[(unsigned) character])
5722 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5723 character, (unsigned) character, string);
5732 int check_container_name(char *s)
5740 if (isupper(character))
5741 character = tolower(character);
5743 if (character == ' ')
5746 if (illegalchars[(unsigned) character])
5753 int mr_connect_cl(char *server, char *client, int version, int auth)
5759 status = mr_connect(server);
5763 com_err(whoami, status, "while connecting to Moira");
5767 status = mr_motd(&motd);
5772 com_err(whoami, status, "while checking server status");
5778 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5779 com_err(whoami, status, temp);
5784 status = mr_version(version);
5788 if (status == MR_UNKNOWN_PROC)
5791 status = MR_VERSION_HIGH;
5793 status = MR_SUCCESS;
5796 if (status == MR_VERSION_HIGH)
5798 com_err(whoami, 0, "Warning: This client is running newer code "
5799 "than the server.");
5800 com_err(whoami, 0, "Some operations may not work.");
5802 else if (status && status != MR_VERSION_LOW)
5804 com_err(whoami, status, "while setting query version number.");
5812 status = mr_krb5_auth(client);
5815 com_err(whoami, status, "while authenticating to Moira.");
5824 void AfsToWinAfs(char* path, char* winPath)
5828 strcpy(winPath, WINAFS);
5829 pathPtr = path + strlen(AFS);
5830 winPathPtr = winPath + strlen(WINAFS);
5834 if (*pathPtr == '/')
5837 *winPathPtr = *pathPtr;
5844 int GetAceInfo(int ac, char **av, void *ptr)
5851 strcpy(call_args[0], av[L_ACE_TYPE]);
5852 strcpy(call_args[1], av[L_ACE_NAME]);
5854 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5855 return(LDAP_SUCCESS);
5858 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5861 char *attr_array[3];
5864 LK_ENTRY *group_base;
5869 sprintf(filter, "(sAMAccountName=%s)", Name);
5870 attr_array[0] = "sAMAccountName";
5871 attr_array[1] = NULL;
5873 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5874 &group_base, &group_count,
5875 LDAP_SCOPE_SUBTREE)) != 0)
5877 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5878 Name, ldap_err2string(rc));
5882 linklist_free(group_base);
5885 if (group_count == 0)
5893 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5894 int UpdateGroup, int *ProcessGroup, char *maillist)
5897 char GroupName[256];
5903 char AceMembership[2];
5906 char *save_argv[U_END];
5910 com_err(whoami, 0, "ProcessAce disabled, skipping");
5914 strcpy(GroupName, Name);
5916 if (strcasecmp(Type, "LIST"))
5922 AceInfo[0] = AceType;
5923 AceInfo[1] = AceName;
5924 AceInfo[2] = AceMembership;
5926 memset(AceType, '\0', sizeof(AceType));
5927 memset(AceName, '\0', sizeof(AceName));
5928 memset(AceMembership, '\0', sizeof(AceMembership));
5929 memset(AceOu, '\0', sizeof(AceOu));
5932 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5934 if(rc != MR_NO_MATCH)
5935 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5936 GroupName, error_message(rc));
5943 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5947 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5950 strcpy(temp, AceName);
5952 if (!strcasecmp(AceType, "LIST"))
5953 sprintf(temp, "%s%s", AceName, group_suffix);
5957 if (checkADname(ldap_handle, dn_path, temp))
5960 (*ProcessGroup) = 1;
5963 if (!strcasecmp(AceInfo[0], "LIST"))
5965 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5966 AceMembership, 0, UpdateGroup, maillist))
5969 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5972 else if (!strcasecmp(AceInfo[0], "USER"))
5975 call_args[0] = (char *)ldap_handle;
5976 call_args[1] = dn_path;
5978 call_args[3] = NULL;
5981 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5982 !strcasecmp(AceName, TEST_PRINCIPAL))
5987 if (rc = mr_query("get_user_account_by_login", 1, av,
5988 save_query_info, save_argv))
5990 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5995 if (rc = user_create(U_END, save_argv, call_args))
5997 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6004 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6014 if (!strcasecmp(AceType, "LIST"))
6016 if (!strcasecmp(GroupName, AceName))
6020 strcpy(GroupName, AceName);
6026 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6027 char *group_name, char *group_ou, char *group_membership,
6028 int group_security_flag, int updateGroup, char *maillist)
6033 LK_ENTRY *group_base;
6036 char *attr_array[3];
6039 call_args[0] = (char *)ldap_handle;
6040 call_args[1] = dn_path;
6041 call_args[2] = group_name;
6042 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6043 call_args[4] = (char *)updateGroup;
6044 call_args[5] = MoiraId;
6046 call_args[7] = NULL;
6052 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6055 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6063 com_err(whoami, 0, "Unable to create list %s", group_name);
6064 return(callback_rc);
6070 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6071 char *group_ou, char *group_membership,
6072 int group_security_flag, char *MoiraId,
6088 char *member_v[] = {NULL, NULL};
6089 char *save_argv[U_END];
6090 char machine_ou[256];
6091 char NewMachineName[1024];
6093 com_err(whoami, 0, "Populating group %s", group_name);
6095 call_args[0] = (char *)ldap_handle;
6096 call_args[1] = dn_path;
6097 call_args[2] = group_name;
6098 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6100 call_args[4] = NULL;
6104 if (rc = mr_query("get_end_members_of_list", 1, av,
6105 member_list_build, call_args))
6110 com_err(whoami, 0, "Unable to populate list %s : %s",
6111 group_name, error_message(rc));
6115 if (member_base != NULL)
6121 if (!strcasecmp(ptr->type, "LIST"))
6127 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6133 if(!strcasecmp(ptr->type, "USER"))
6135 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6136 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6148 if(max_group_members && !synchronize && (group_members > max_group_members))
6151 "Group %s membership of %d exceeds maximum %d, skipping",
6152 group_name, group_members, max_group_members);
6156 members = (char **)malloc(sizeof(char *) * 2);
6158 if (member_base != NULL)
6164 if (!strcasecmp(ptr->type, "LIST"))
6170 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6176 if(!strcasecmp(ptr->type, "USER"))
6178 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6179 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6185 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6186 "")) == AD_NO_USER_FOUND)
6188 com_err(whoami, 0, "creating user %s", ptr->member);
6190 av[0] = ptr->member;
6191 call_args[0] = (char *)ldap_handle;
6192 call_args[1] = dn_path;
6194 call_args[3] = NULL;
6197 if (rc = mr_query("get_user_account_by_login", 1, av,
6198 save_query_info, save_argv))
6200 com_err(whoami, 0, "Unable to create user %s "
6201 "while populating group %s.", ptr->member,
6207 if (rc = user_create(U_END, save_argv, call_args))
6209 com_err(whoami, 0, "Unable to create user %s "
6210 "while populating group %s.", ptr->member,
6218 com_err(whoami, 0, "Unable to create user %s "
6219 "while populating group %s", ptr->member,
6230 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6235 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6239 else if (!strcasecmp(ptr->type, "STRING"))
6241 if (contact_create(ldap_handle, dn_path, ptr->member,
6245 pUserOu = contact_ou;
6246 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6249 else if (!strcasecmp(ptr->type, "KERBEROS"))
6251 if (contact_create(ldap_handle, dn_path, ptr->member,
6255 pUserOu = kerberos_ou;
6256 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6259 else if (!strcasecmp(ptr->type, "MACHINE"))
6261 memset(machine_ou, '\0', sizeof(machine_ou));
6262 memset(NewMachineName, '\0', sizeof(NewMachineName));
6264 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6265 machine_ou, NewMachineName))
6267 pUserOu = machine_ou;
6268 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6279 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6280 members[i++] = strdup(member);
6285 linklist_free(member_base);
6291 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6293 if(GroupPopulateDelete)
6296 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6299 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6300 mods)) != LDAP_SUCCESS)
6303 "Unable to populate group membership for %s: %s",
6304 group_dn, ldap_err2string(rc));
6307 for (i = 0; i < n; i++)
6312 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6315 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6316 mods)) != LDAP_SUCCESS)
6319 "Unable to populate group membership for %s: %s",
6320 group_dn, ldap_err2string(rc));
6323 for (i = 0; i < n; i++)
6331 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6332 char *group_name, char *group_ou, char *group_membership,
6333 int group_security_flag, int type, char *maillist)
6335 char before_desc[512];
6336 char before_name[256];
6337 char before_group_ou[256];
6338 char before_group_membership[2];
6339 char distinguishedName[256];
6340 char ad_distinguishedName[256];
6342 char *attr_array[3];
6343 int before_security_flag;
6346 LK_ENTRY *group_base;
6349 char ou_security[512];
6350 char ou_distribution[512];
6351 char ou_neither[512];
6354 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6355 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6357 memset(filter, '\0', sizeof(filter));
6361 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6363 "samAccountName", &group_base,
6364 &group_count, filter))
6367 if (type == CHECK_GROUPS)
6369 if (group_count == 1)
6371 strcpy(group_dn, group_base->dn);
6373 if (!strcasecmp(group_dn, distinguishedName))
6375 linklist_free(group_base);
6380 linklist_free(group_base);
6382 if (group_count == 0)
6383 return(AD_NO_GROUPS_FOUND);
6385 if (group_count == 1)
6386 return(AD_WRONG_GROUP_DN_FOUND);
6388 return(AD_MULTIPLE_GROUPS_FOUND);
6391 if (group_count == 0)
6393 return(AD_NO_GROUPS_FOUND);
6396 if (group_count > 1)
6400 strcpy(group_dn, ptr->dn);
6404 if (!strcasecmp(group_dn, ptr->value))
6412 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6418 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6422 linklist_free(group_base);
6423 return(AD_MULTIPLE_GROUPS_FOUND);
6430 strcpy(group_dn, ptr->dn);
6432 if (strcasecmp(group_dn, ptr->value))
6433 rc = ldap_delete_s(ldap_handle, ptr->value);
6438 linklist_free(group_base);
6439 memset(filter, '\0', sizeof(filter));
6443 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6445 "samAccountName", &group_base,
6446 &group_count, filter))
6449 if (group_count == 0)
6450 return(AD_NO_GROUPS_FOUND);
6452 if (group_count > 1)
6453 return(AD_MULTIPLE_GROUPS_FOUND);
6456 strcpy(ad_distinguishedName, group_base->dn);
6457 linklist_free(group_base);
6461 attr_array[0] = "sAMAccountName";
6462 attr_array[1] = NULL;
6464 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6465 &group_base, &group_count,
6466 LDAP_SCOPE_SUBTREE)) != 0)
6468 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6469 MoiraId, ldap_err2string(rc));
6473 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6475 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6477 linklist_free(group_base);
6483 linklist_free(group_base);
6486 memset(ou_both, '\0', sizeof(ou_both));
6487 memset(ou_security, '\0', sizeof(ou_security));
6488 memset(ou_distribution, '\0', sizeof(ou_distribution));
6489 memset(ou_neither, '\0', sizeof(ou_neither));
6490 memset(before_name, '\0', sizeof(before_name));
6491 memset(before_desc, '\0', sizeof(before_desc));
6492 memset(before_group_membership, '\0', sizeof(before_group_membership));
6494 attr_array[0] = "name";
6495 attr_array[1] = NULL;
6497 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6498 &group_base, &group_count,
6499 LDAP_SCOPE_SUBTREE)) != 0)
6501 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6502 MoiraId, ldap_err2string(rc));
6506 strcpy(before_name, group_base->value);
6507 linklist_free(group_base);
6511 attr_array[0] = "description";
6512 attr_array[1] = NULL;
6514 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6515 &group_base, &group_count,
6516 LDAP_SCOPE_SUBTREE)) != 0)
6519 "Unable to get list description with MoiraId = %s: %s",
6520 MoiraId, ldap_err2string(rc));
6524 if (group_count != 0)
6526 strcpy(before_desc, group_base->value);
6527 linklist_free(group_base);
6532 change_to_lower_case(ad_distinguishedName);
6533 strcpy(ou_both, group_ou_both);
6534 change_to_lower_case(ou_both);
6535 strcpy(ou_security, group_ou_security);
6536 change_to_lower_case(ou_security);
6537 strcpy(ou_distribution, group_ou_distribution);
6538 change_to_lower_case(ou_distribution);
6539 strcpy(ou_neither, group_ou_neither);
6540 change_to_lower_case(ou_neither);
6542 if (strstr(ad_distinguishedName, ou_both))
6544 strcpy(before_group_ou, group_ou_both);
6545 before_group_membership[0] = 'B';
6546 before_security_flag = 1;
6548 else if (strstr(ad_distinguishedName, ou_security))
6550 strcpy(before_group_ou, group_ou_security);
6551 before_group_membership[0] = 'S';
6552 before_security_flag = 1;
6554 else if (strstr(ad_distinguishedName, ou_distribution))
6556 strcpy(before_group_ou, group_ou_distribution);
6557 before_group_membership[0] = 'D';
6558 before_security_flag = 0;
6560 else if (strstr(ad_distinguishedName, ou_neither))
6562 strcpy(before_group_ou, group_ou_neither);
6563 before_group_membership[0] = 'N';
6564 before_security_flag = 0;
6567 return(AD_NO_OU_FOUND);
6569 rc = group_rename(ldap_handle, dn_path, before_name,
6570 before_group_membership,
6571 before_group_ou, before_security_flag, before_desc,
6572 group_name, group_membership, group_ou,
6573 group_security_flag,
6574 before_desc, MoiraId, filter, maillist);
6579 void change_to_lower_case(char *ptr)
6583 for (i = 0; i < (int)strlen(ptr); i++)
6585 ptr[i] = tolower(ptr[i]);
6589 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6590 char *group_name, char *group_membership,
6591 char *MoiraId, char *attribute,
6592 LK_ENTRY **linklist_base, int *linklist_count,
6597 char *attr_array[3];
6601 (*linklist_base) = NULL;
6602 (*linklist_count) = 0;
6604 if (strlen(rFilter) != 0)
6606 strcpy(filter, rFilter);
6607 attr_array[0] = attribute;
6608 attr_array[1] = NULL;
6610 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6611 linklist_base, linklist_count,
6612 LDAP_SCOPE_SUBTREE)) != 0)
6614 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6615 MoiraId, ldap_err2string(rc));
6619 if ((*linklist_count) == 1)
6621 strcpy(rFilter, filter);
6626 linklist_free((*linklist_base));
6627 (*linklist_base) = NULL;
6628 (*linklist_count) = 0;
6630 if (strlen(MoiraId) != 0)
6632 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6634 attr_array[0] = attribute;
6635 attr_array[1] = NULL;
6637 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6638 linklist_base, linklist_count,
6639 LDAP_SCOPE_SUBTREE)) != 0)
6641 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6642 MoiraId, ldap_err2string(rc));
6647 if ((*linklist_count) > 1)
6649 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6650 pPtr = (*linklist_base);
6654 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6659 linklist_free((*linklist_base));
6660 (*linklist_base) = NULL;
6661 (*linklist_count) = 0;
6664 if ((*linklist_count) == 1)
6667 pPtr = (*linklist_base);
6668 dn = strdup(pPtr->dn);
6671 if (!memcmp(dn, group_name, strlen(group_name)))
6673 strcpy(rFilter, filter);
6678 linklist_free((*linklist_base));
6679 (*linklist_base) = NULL;
6680 (*linklist_count) = 0;
6681 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6683 attr_array[0] = attribute;
6684 attr_array[1] = NULL;
6686 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6687 linklist_base, linklist_count,
6688 LDAP_SCOPE_SUBTREE)) != 0)
6690 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6691 MoiraId, ldap_err2string(rc));
6695 if ((*linklist_count) == 1)
6697 strcpy(rFilter, filter);
6704 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6707 char *attr_array[3];
6708 char SamAccountName[64];
6711 LK_ENTRY *group_base;
6717 if (strlen(MoiraId) != 0)
6719 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6721 attr_array[0] = "sAMAccountName";
6722 attr_array[1] = NULL;
6723 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6724 &group_base, &group_count,
6725 LDAP_SCOPE_SUBTREE)) != 0)
6727 com_err(whoami, 0, "Unable to process user %s : %s",
6728 UserName, ldap_err2string(rc));
6732 if (group_count > 1)
6734 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6740 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6741 gPtr->value, MoiraId);
6747 if (group_count != 1)
6749 linklist_free(group_base);
6752 sprintf(filter, "(sAMAccountName=%s)", UserName);
6753 attr_array[0] = "sAMAccountName";
6754 attr_array[1] = NULL;
6756 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6757 &group_base, &group_count,
6758 LDAP_SCOPE_SUBTREE)) != 0)
6760 com_err(whoami, 0, "Unable to process user %s : %s",
6761 UserName, ldap_err2string(rc));
6766 if (group_count != 1)
6768 linklist_free(group_base);
6769 return(AD_NO_USER_FOUND);
6772 strcpy(SamAccountName, group_base->value);
6773 linklist_free(group_base);
6777 if (strcmp(SamAccountName, UserName))
6780 "User object %s with MoiraId %s has mismatched usernames "
6781 "(LDAP username %s, Moira username %s)", SamAccountName,
6782 MoiraId, SamAccountName, UserName);
6788 void container_get_dn(char *src, char *dest)
6795 memset(array, '\0', 20 * sizeof(array[0]));
6797 if (strlen(src) == 0)
6819 strcpy(dest, "OU=");
6823 strcat(dest, array[n-1]);
6827 strcat(dest, ",OU=");
6834 void container_get_name(char *src, char *dest)
6839 if (strlen(src) == 0)
6859 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6866 strcpy(cName, name);
6868 for (i = 0; i < (int)strlen(cName); i++)
6870 if (cName[i] == '/')
6873 av[CONTAINER_NAME] = cName;
6874 av[CONTAINER_DESC] = "";
6875 av[CONTAINER_LOCATION] = "";
6876 av[CONTAINER_CONTACT] = "";
6877 av[CONTAINER_TYPE] = "";
6878 av[CONTAINER_ID] = "";
6879 av[CONTAINER_ROWID] = "";
6880 rc = container_create(ldap_handle, dn_path, 7, av);
6882 if (rc == LDAP_SUCCESS)
6884 com_err(whoami, 0, "container %s created without a mitMoiraId",
6893 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6894 char **before, int afterc, char **after)
6899 char new_dn_path[256];
6901 char distinguishedName[256];
6906 memset(cName, '\0', sizeof(cName));
6907 container_get_name(after[CONTAINER_NAME], cName);
6909 if (!check_container_name(cName))
6911 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6913 return(AD_INVALID_NAME);
6916 memset(distinguishedName, '\0', sizeof(distinguishedName));
6918 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6919 distinguishedName, beforec, before))
6922 if (strlen(distinguishedName) == 0)
6924 rc = container_create(ldap_handle, dn_path, afterc, after);
6928 strcpy(temp, after[CONTAINER_NAME]);
6931 for (i = 0; i < (int)strlen(temp); i++)
6941 container_get_dn(temp, dName);
6943 if (strlen(temp) != 0)
6944 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6946 sprintf(new_dn_path, "%s", dn_path);
6948 sprintf(new_cn, "OU=%s", cName);
6950 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6952 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6953 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6955 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6956 before[CONTAINER_NAME], after[CONTAINER_NAME],
6957 ldap_err2string(rc));
6961 memset(dName, '\0', sizeof(dName));
6962 container_get_dn(after[CONTAINER_NAME], dName);
6963 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6968 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6970 char distinguishedName[256];
6973 memset(distinguishedName, '\0', sizeof(distinguishedName));
6975 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6976 distinguishedName, count, av))
6979 if (strlen(distinguishedName) == 0)
6982 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6984 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6985 container_move_objects(ldap_handle, dn_path, distinguishedName);
6987 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6988 av[CONTAINER_NAME], ldap_err2string(rc));
6994 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6996 char *attr_array[3];
6997 LK_ENTRY *group_base;
7000 char *objectClass_v[] = {"top",
7001 "organizationalUnit",
7004 char *ou_v[] = {NULL, NULL};
7005 char *name_v[] = {NULL, NULL};
7006 char *moiraId_v[] = {NULL, NULL};
7007 char *desc_v[] = {NULL, NULL};
7008 char *managedBy_v[] = {NULL, NULL};
7011 char managedByDN[256];
7018 memset(filter, '\0', sizeof(filter));
7019 memset(dName, '\0', sizeof(dName));
7020 memset(cName, '\0', sizeof(cName));
7021 memset(managedByDN, '\0', sizeof(managedByDN));
7022 container_get_dn(av[CONTAINER_NAME], dName);
7023 container_get_name(av[CONTAINER_NAME], cName);
7025 if ((strlen(cName) == 0) || (strlen(dName) == 0))
7027 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7029 return(AD_INVALID_NAME);
7032 if (!check_container_name(cName))
7034 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7036 return(AD_INVALID_NAME);
7040 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
7042 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
7044 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
7046 if (strlen(av[CONTAINER_ROWID]) != 0)
7048 moiraId_v[0] = av[CONTAINER_ROWID];
7049 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7052 if (strlen(av[CONTAINER_DESC]) != 0)
7054 desc_v[0] = av[CONTAINER_DESC];
7055 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7058 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7060 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7062 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7065 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7066 kerberos_ou, dn_path);
7067 managedBy_v[0] = managedByDN;
7068 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7073 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7075 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7076 "(objectClass=user)))", av[CONTAINER_ID]);
7079 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7081 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7085 if (strlen(filter) != 0)
7087 attr_array[0] = "distinguishedName";
7088 attr_array[1] = NULL;
7091 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7093 &group_base, &group_count,
7094 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7096 if (group_count == 1)
7098 strcpy(managedByDN, group_base->value);
7099 managedBy_v[0] = managedByDN;
7100 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7102 linklist_free(group_base);
7112 sprintf(temp, "%s,%s", dName, dn_path);
7113 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7115 for (i = 0; i < n; i++)
7118 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7120 com_err(whoami, 0, "Unable to create container %s : %s",
7121 cName, ldap_err2string(rc));
7125 if (rc == LDAP_ALREADY_EXISTS)
7127 if (strlen(av[CONTAINER_ROWID]) != 0)
7128 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7134 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7135 char **before, int afterc, char **after)
7137 char distinguishedName[256];
7140 memset(distinguishedName, '\0', sizeof(distinguishedName));
7142 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7143 distinguishedName, afterc, after))
7146 if (strlen(distinguishedName) == 0)
7148 rc = container_create(ldap_handle, dn_path, afterc, after);
7152 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7153 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7159 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7160 char *distinguishedName, int count,
7163 char *attr_array[3];
7164 LK_ENTRY *group_base;
7171 memset(filter, '\0', sizeof(filter));
7172 memset(dName, '\0', sizeof(dName));
7173 memset(cName, '\0', sizeof(cName));
7174 container_get_dn(av[CONTAINER_NAME], dName);
7175 container_get_name(av[CONTAINER_NAME], cName);
7177 if (strlen(dName) == 0)
7179 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7180 av[CONTAINER_NAME]);
7181 return(AD_INVALID_NAME);
7184 if (!check_container_name(cName))
7186 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7188 return(AD_INVALID_NAME);
7191 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7192 av[CONTAINER_ROWID]);
7193 attr_array[0] = "distinguishedName";
7194 attr_array[1] = NULL;
7198 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7199 &group_base, &group_count,
7200 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7202 if (group_count == 1)
7204 strcpy(distinguishedName, group_base->value);
7207 linklist_free(group_base);
7212 if (strlen(distinguishedName) == 0)
7214 sprintf(filter, "(&(objectClass=organizationalUnit)"
7215 "(distinguishedName=%s,%s))", dName, dn_path);
7216 attr_array[0] = "distinguishedName";
7217 attr_array[1] = NULL;
7221 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7222 &group_base, &group_count,
7223 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7225 if (group_count == 1)
7227 strcpy(distinguishedName, group_base->value);
7230 linklist_free(group_base);
7239 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7240 char *distinguishedName, int count, char **av)
7242 char *attr_array[5];
7243 LK_ENTRY *group_base;
7248 char *moiraId_v[] = {NULL, NULL};
7249 char *desc_v[] = {NULL, NULL};
7250 char *managedBy_v[] = {NULL, NULL};
7251 char managedByDN[256];
7260 strcpy(ad_path, distinguishedName);
7262 if (strlen(dName) != 0)
7263 sprintf(ad_path, "%s,%s", dName, dn_path);
7265 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7268 if (strlen(av[CONTAINER_ID]) != 0)
7269 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7270 av[CONTAINER_ROWID]);
7272 attr_array[0] = "mitMoiraId";
7273 attr_array[1] = "description";
7274 attr_array[2] = "managedBy";
7275 attr_array[3] = NULL;
7279 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7280 &group_base, &group_count,
7281 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7283 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7284 av[CONTAINER_NAME], ldap_err2string(rc));
7288 memset(managedByDN, '\0', sizeof(managedByDN));
7289 memset(moiraId, '\0', sizeof(moiraId));
7290 memset(desc, '\0', sizeof(desc));
7295 if (!strcasecmp(pPtr->attribute, "description"))
7296 strcpy(desc, pPtr->value);
7297 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7298 strcpy(managedByDN, pPtr->value);
7299 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7300 strcpy(moiraId, pPtr->value);
7304 linklist_free(group_base);
7309 if (strlen(av[CONTAINER_ROWID]) != 0)
7311 moiraId_v[0] = av[CONTAINER_ROWID];
7312 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7315 if (strlen(av[CONTAINER_DESC]) != 0)
7317 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7322 if (strlen(desc) != 0)
7324 attribute_update(ldap_handle, ad_path, "", "description", dName);
7328 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7330 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7332 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7335 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7336 kerberos_ou, dn_path);
7337 managedBy_v[0] = managedByDN;
7338 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7342 if (strlen(managedByDN) != 0)
7344 attribute_update(ldap_handle, ad_path, "", "managedBy",
7351 memset(filter, '\0', sizeof(filter));
7353 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7355 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7356 "(objectClass=user)))", av[CONTAINER_ID]);
7359 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7361 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7365 if (strlen(filter) != 0)
7367 attr_array[0] = "distinguishedName";
7368 attr_array[1] = NULL;
7371 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7372 attr_array, &group_base, &group_count,
7373 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7375 if (group_count == 1)
7377 strcpy(managedByDN, group_base->value);
7378 managedBy_v[0] = managedByDN;
7379 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7383 if (strlen(managedByDN) != 0)
7385 attribute_update(ldap_handle, ad_path, "",
7386 "managedBy", dName);
7390 linklist_free(group_base);
7397 if (strlen(managedByDN) != 0)
7399 attribute_update(ldap_handle, ad_path, "", "managedBy",
7409 return(LDAP_SUCCESS);
7411 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7413 for (i = 0; i < n; i++)
7416 if (rc != LDAP_SUCCESS)
7418 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7419 av[CONTAINER_NAME], ldap_err2string(rc));
7426 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7428 char *attr_array[3];
7429 LK_ENTRY *group_base;
7436 int NumberOfEntries = 10;
7440 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7442 for (i = 0; i < 3; i++)
7444 memset(filter, '\0', sizeof(filter));
7448 strcpy(filter, "(!(|(objectClass=computer)"
7449 "(objectClass=organizationalUnit)))");
7450 attr_array[0] = "cn";
7451 attr_array[1] = NULL;
7455 strcpy(filter, "(objectClass=computer)");
7456 attr_array[0] = "cn";
7457 attr_array[1] = NULL;
7461 strcpy(filter, "(objectClass=organizationalUnit)");
7462 attr_array[0] = "ou";
7463 attr_array[1] = NULL;
7468 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7469 &group_base, &group_count,
7470 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7475 if (group_count == 0)
7482 if (!strcasecmp(pPtr->attribute, "cn"))
7484 sprintf(new_cn, "cn=%s", pPtr->value);
7486 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7488 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7493 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7495 if (rc == LDAP_ALREADY_EXISTS)
7497 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7504 else if (!strcasecmp(pPtr->attribute, "ou"))
7506 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7512 linklist_free(group_base);
7521 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7522 char *machine_ou, char *NewMachineName)
7524 LK_ENTRY *group_base;
7528 char *attr_array[3];
7535 strcpy(NewMachineName, member);
7536 rc = moira_connect();
7537 rc = GetMachineName(NewMachineName);
7540 if (strlen(NewMachineName) == 0)
7542 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7548 pPtr = strchr(NewMachineName, '.');
7555 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7556 attr_array[0] = "cn";
7557 attr_array[1] = NULL;
7558 sprintf(temp, "%s", dn_path);
7560 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7561 &group_base, &group_count,
7562 LDAP_SCOPE_SUBTREE)) != 0)
7564 com_err(whoami, 0, "Unable to process machine %s : %s",
7565 member, ldap_err2string(rc));
7569 if (group_count != 1)
7574 strcpy(dn, group_base->dn);
7575 strcpy(cn, group_base->value);
7577 for (i = 0; i < (int)strlen(dn); i++)
7578 dn[i] = tolower(dn[i]);
7580 for (i = 0; i < (int)strlen(cn); i++)
7581 cn[i] = tolower(cn[i]);
7583 linklist_free(group_base);
7585 pPtr = strstr(dn, cn);
7589 com_err(whoami, 0, "Unable to process machine %s",
7594 pPtr += strlen(cn) + 1;
7595 strcpy(machine_ou, pPtr);
7597 pPtr = strstr(machine_ou, "dc=");
7601 com_err(whoami, 0, "Unable to process machine %s",
7612 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7613 char *MoiraMachineName, char *DestinationOu)
7617 char MachineName[128];
7619 char *attr_array[3];
7624 LK_ENTRY *group_base;
7629 strcpy(MachineName, MoiraMachineName);
7630 rc = GetMachineName(MachineName);
7632 if (strlen(MachineName) == 0)
7634 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7639 cPtr = strchr(MachineName, '.');
7644 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7645 attr_array[0] = "sAMAccountName";
7646 attr_array[1] = NULL;
7648 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7650 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7652 com_err(whoami, 0, "Unable to process machine %s : %s",
7653 MoiraMachineName, ldap_err2string(rc));
7657 if (group_count == 1)
7658 strcpy(OldDn, group_base->dn);
7660 linklist_free(group_base);
7663 if (group_count != 1)
7665 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7670 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7671 cPtr = strchr(OldDn, ',');
7676 if (!strcasecmp(cPtr, NewOu))
7680 sprintf(NewCn, "CN=%s", MachineName);
7681 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7686 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7692 memset(Name, '\0', sizeof(Name));
7693 strcpy(Name, machine_name);
7695 pPtr = strchr(Name, '.');
7701 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7704 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7705 char *machine_name, char *container_name)
7711 av[0] = machine_name;
7712 call_args[0] = (char *)container_name;
7713 rc = mr_query("get_machine_to_container_map", 1, av,
7714 machine_GetMoiraContainer, call_args);
7718 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7723 strcpy(call_args[0], av[1]);
7727 int Moira_container_group_create(char **after)
7733 memset(GroupName, '\0', sizeof(GroupName));
7734 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7735 after[CONTAINER_ROWID]);
7739 argv[L_NAME] = GroupName;
7740 argv[L_ACTIVE] = "1";
7741 argv[L_PUBLIC] = "0";
7742 argv[L_HIDDEN] = "0";
7743 argv[L_MAILLIST] = "0";
7744 argv[L_GROUP] = "1";
7745 argv[L_GID] = UNIQUE_GID;
7746 argv[L_NFSGROUP] = "0";
7747 argv[L_MAILMAN] = "0";
7748 argv[L_MAILMAN_SERVER] = "[NONE]";
7749 argv[L_DESC] = "auto created container group";
7750 argv[L_ACE_TYPE] = "USER";
7751 argv[L_MEMACE_TYPE] = "USER";
7752 argv[L_ACE_NAME] = "sms";
7753 argv[L_MEMACE_NAME] = "sms";
7755 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7758 "Unable to create container group %s for container %s: %s",
7759 GroupName, after[CONTAINER_NAME], error_message(rc));
7762 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7763 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7768 int Moira_container_group_update(char **before, char **after)
7771 char BeforeGroupName[64];
7772 char AfterGroupName[64];
7775 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7778 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7779 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7780 if (strlen(BeforeGroupName) == 0)
7783 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7784 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7785 after[CONTAINER_ROWID]);
7789 if (strcasecmp(BeforeGroupName, AfterGroupName))
7791 argv[L_NAME] = BeforeGroupName;
7792 argv[L_NAME + 1] = AfterGroupName;
7793 argv[L_ACTIVE + 1] = "1";
7794 argv[L_PUBLIC + 1] = "0";
7795 argv[L_HIDDEN + 1] = "0";
7796 argv[L_MAILLIST + 1] = "0";
7797 argv[L_GROUP + 1] = "1";
7798 argv[L_GID + 1] = UNIQUE_GID;
7799 argv[L_NFSGROUP + 1] = "0";
7800 argv[L_MAILMAN + 1] = "0";
7801 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7802 argv[L_DESC + 1] = "auto created container group";
7803 argv[L_ACE_TYPE + 1] = "USER";
7804 argv[L_MEMACE_TYPE + 1] = "USER";
7805 argv[L_ACE_NAME + 1] = "sms";
7806 argv[L_MEMACE_NAME + 1] = "sms";
7808 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7811 "Unable to rename container group from %s to %s: %s",
7812 BeforeGroupName, AfterGroupName, error_message(rc));
7819 int Moira_container_group_delete(char **before)
7824 char ParentGroupName[64];
7826 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7827 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7829 memset(GroupName, '\0', sizeof(GroupName));
7831 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7832 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7834 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7836 argv[0] = ParentGroupName;
7838 argv[2] = GroupName;
7840 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7843 "Unable to delete container group %s from list: %s",
7844 GroupName, ParentGroupName, error_message(rc));
7848 if (strlen(GroupName) != 0)
7850 argv[0] = GroupName;
7852 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7854 com_err(whoami, 0, "Unable to delete container group %s : %s",
7855 GroupName, error_message(rc));
7862 int Moira_groupname_create(char *GroupName, char *ContainerName,
7863 char *ContainerRowID)
7868 char newGroupName[64];
7869 char tempGroupName[64];
7875 strcpy(temp, ContainerName);
7877 ptr1 = strrchr(temp, '/');
7883 ptr1 = strrchr(temp, '/');
7887 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7890 strcpy(tempgname, ptr);
7893 strcpy(tempgname, temp);
7895 if (strlen(tempgname) > 25)
7896 tempgname[25] ='\0';
7898 sprintf(newGroupName, "cnt-%s", tempgname);
7900 /* change everything to lower case */
7906 *ptr = tolower(*ptr);
7914 strcpy(tempGroupName, newGroupName);
7917 /* append 0-9 then a-z if a duplicate is found */
7920 argv[0] = newGroupName;
7922 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7924 if (rc == MR_NO_MATCH)
7926 com_err(whoami, 0, "Moira error while creating group name for "
7927 "container %s : %s", ContainerName, error_message(rc));
7931 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7935 com_err(whoami, 0, "Unable to find a unique group name for "
7936 "container %s: too many duplicate container names",
7947 strcpy(GroupName, newGroupName);
7951 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7956 argv[0] = origContainerName;
7957 argv[1] = GroupName;
7959 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7962 "Unable to set container group %s in container %s: %s",
7963 GroupName, origContainerName, error_message(rc));
7969 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7971 char ContainerName[64];
7972 char ParentGroupName[64];
7976 strcpy(ContainerName, origContainerName);
7978 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7980 /* top-level container */
7981 if (strlen(ParentGroupName) == 0)
7984 argv[0] = ParentGroupName;
7986 argv[2] = GroupName;
7988 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7991 "Unable to add container group %s to parent group %s: %s",
7992 GroupName, ParentGroupName, error_message(rc));
7998 int Moira_getContainerGroup(int ac, char **av, void *ptr)
8003 strcpy(call_args[0], av[1]);
8008 int Moira_getGroupName(char *origContainerName, char *GroupName,
8011 char ContainerName[64];
8017 strcpy(ContainerName, origContainerName);
8021 ptr = strrchr(ContainerName, '/');
8029 argv[0] = ContainerName;
8031 call_args[0] = GroupName;
8032 call_args[1] = NULL;
8034 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
8037 if (strlen(GroupName) != 0)
8042 com_err(whoami, 0, "Unable to get container group from container %s: %s",
8043 ContainerName, error_message(rc));
8045 com_err(whoami, 0, "Unable to get container group from container %s",
8051 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8057 if (strcmp(GroupName, "[none]") == 0)
8060 argv[0] = GroupName;
8061 argv[1] = "MACHINE";
8062 argv[2] = MachineName;
8065 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8067 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8071 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8072 MachineName, GroupName, error_message(rc));
8078 int GetMachineName(char *MachineName)
8081 char NewMachineName[1024];
8088 // If the address happens to be in the top-level MIT domain, great!
8089 strcpy(NewMachineName, MachineName);
8091 for (i = 0; i < (int)strlen(NewMachineName); i++)
8092 NewMachineName[i] = toupper(NewMachineName[i]);
8094 szDot = strchr(NewMachineName,'.');
8096 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8101 // If not, see if it has a Moira alias in the top-level MIT domain.
8102 memset(NewMachineName, '\0', sizeof(NewMachineName));
8104 args[1] = MachineName;
8105 call_args[0] = NewMachineName;
8106 call_args[1] = NULL;
8108 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8110 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8111 MachineName, error_message(rc));
8112 strcpy(MachineName, "");
8116 if (strlen(NewMachineName) != 0)
8117 strcpy(MachineName, NewMachineName);
8119 strcpy(MachineName, "");
8124 int ProcessMachineName(int ac, char **av, void *ptr)
8127 char MachineName[1024];
8133 if (strlen(call_args[0]) == 0)
8135 strcpy(MachineName, av[0]);
8137 for (i = 0; i < (int)strlen(MachineName); i++)
8138 MachineName[i] = toupper(MachineName[i]);
8140 szDot = strchr(MachineName,'.');
8142 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8144 strcpy(call_args[0], MachineName);
8151 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8157 for (i = 0; i < n; i++)
8159 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8160 mods[i]->mod_type = "uidNumber";
8167 for (i = 0; i < n; i++)
8169 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8170 mods[i]->mod_type = "msSFU30UidNumber";
8177 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8178 char *DistinguishedName,
8179 char *WinHomeDir, char *WinProfileDir,
8180 char **homedir_v, char **winProfile_v,
8181 char **drives_v, LDAPMod **mods,
8188 char winProfile[1024];
8191 char apple_homedir[1024];
8192 char *apple_homedir_v[] = {NULL, NULL};
8196 LDAPMod *DelMods[20];
8198 char *save_argv[FS_END];
8199 char *fsgroup_save_argv[2];
8201 memset(homeDrive, '\0', sizeof(homeDrive));
8202 memset(path, '\0', sizeof(path));
8203 memset(winPath, '\0', sizeof(winPath));
8204 memset(winProfile, '\0', sizeof(winProfile));
8206 if(!ActiveDirectory)
8208 if (rc = moira_connect())
8210 critical_alert(whoami, "Ldap incremental",
8211 "Error contacting Moira server : %s",
8216 argv[0] = user_name;
8218 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8221 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8222 !strcmp(save_argv[FS_TYPE], "MUL"))
8225 argv[0] = save_argv[FS_NAME];
8228 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8229 save_fsgroup_info, fsgroup_save_argv)))
8233 argv[0] = fsgroup_save_argv[0];
8235 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8236 save_query_info, save_argv)))
8238 strcpy(path, save_argv[FS_PACK]);
8245 strcpy(path, save_argv[FS_PACK]);
8253 if (!strnicmp(path, AFS, strlen(AFS)))
8255 sprintf(homedir, "%s", path);
8256 sprintf(apple_homedir, "%s/MacData", path);
8257 homedir_v[0] = homedir;
8258 apple_homedir_v[0] = apple_homedir;
8259 ADD_ATTR("homeDirectory", homedir_v, OpType);
8260 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8266 homedir_v[0] = "NONE";
8267 apple_homedir_v[0] = "NONE";
8268 ADD_ATTR("homeDirectory", homedir_v, OpType);
8269 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8276 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8277 (!strcasecmp(WinProfileDir, "[afs]")))
8279 if (rc = moira_connect())
8281 critical_alert(whoami, "Ldap incremental",
8282 "Error contacting Moira server : %s",
8287 argv[0] = user_name;
8289 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8292 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8293 !strcmp(save_argv[FS_TYPE], "MUL"))
8296 argv[0] = save_argv[FS_NAME];
8299 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8300 save_fsgroup_info, fsgroup_save_argv)))
8304 argv[0] = fsgroup_save_argv[0];
8306 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8307 save_query_info, save_argv)))
8309 strcpy(path, save_argv[FS_PACK]);
8316 strcpy(path, save_argv[FS_PACK]);
8324 if (!strnicmp(path, AFS, strlen(AFS)))
8326 AfsToWinAfs(path, winPath);
8327 strcpy(winProfile, winPath);
8328 strcat(winProfile, "\\.winprofile");
8335 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8336 (!strcasecmp(WinProfileDir, "[dfs]")))
8338 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8339 user_name[0], user_name);
8341 if (!strcasecmp(WinProfileDir, "[dfs]"))
8343 strcpy(winProfile, path);
8344 strcat(winProfile, "\\.winprofile");
8347 if (!strcasecmp(WinHomeDir, "[dfs]"))
8348 strcpy(winPath, path);
8351 if (!strcasecmp(WinHomeDir, "[local]"))
8352 memset(winPath, '\0', sizeof(winPath));
8353 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8354 !strcasecmp(WinHomeDir, "[dfs]"))
8356 strcpy(homeDrive, "H:");
8360 strcpy(winPath, WinHomeDir);
8361 if (!strncmp(WinHomeDir, "\\\\", 2))
8363 strcpy(homeDrive, "H:");
8367 // nothing needs to be done if WinProfileDir is [afs].
8368 if (!strcasecmp(WinProfileDir, "[local]"))
8369 memset(winProfile, '\0', sizeof(winProfile));
8370 else if (strcasecmp(WinProfileDir, "[afs]") &&
8371 strcasecmp(WinProfileDir, "[dfs]"))
8373 strcpy(winProfile, WinProfileDir);
8376 if (strlen(winProfile) != 0)
8378 if (winProfile[strlen(winProfile) - 1] == '\\')
8379 winProfile[strlen(winProfile) - 1] = '\0';
8382 if (strlen(winPath) != 0)
8384 if (winPath[strlen(winPath) - 1] == '\\')
8385 winPath[strlen(winPath) - 1] = '\0';
8388 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8389 strcat(winProfile, "\\");
8391 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8392 strcat(winPath, "\\");
8394 if (strlen(winPath) == 0)
8396 if (OpType == LDAP_MOD_REPLACE)
8399 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8401 //unset homeDirectory attribute for user.
8402 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8408 homedir_v[0] = strdup(winPath);
8409 ADD_ATTR("homeDirectory", homedir_v, OpType);
8412 if (strlen(winProfile) == 0)
8414 if (OpType == LDAP_MOD_REPLACE)
8417 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8419 //unset profilePate attribute for user.
8420 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8426 winProfile_v[0] = strdup(winProfile);
8427 ADD_ATTR("profilePath", winProfile_v, OpType);
8430 if (strlen(homeDrive) == 0)
8432 if (OpType == LDAP_MOD_REPLACE)
8435 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8437 //unset homeDrive attribute for user
8438 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8444 drives_v[0] = strdup(homeDrive);
8445 ADD_ATTR("homeDrive", drives_v, OpType);
8451 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8452 char *attribute_value, char *attribute, char *user_name)
8454 char *mod_v[] = {NULL, NULL};
8455 LDAPMod *DelMods[20];
8461 if (strlen(attribute_value) == 0)
8464 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8466 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8472 mod_v[0] = attribute_value;
8473 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8476 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8477 mods)) != LDAP_SUCCESS)
8481 mod_v[0] = attribute_value;
8482 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8485 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8486 mods)) != LDAP_SUCCESS)
8488 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8489 "in the directory : %s",
8490 attribute, user_name, ldap_err2string(rc));
8500 void StringTrim(char *StringToTrim)
8505 save = strdup(StringToTrim);
8512 /* skip to end of string */
8517 strcpy(StringToTrim, save);
8521 for (t = s; *t; t++)
8537 strcpy(StringToTrim, s);
8541 int ReadConfigFile(char *DomainName)
8552 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8554 if ((fptr = fopen(temp, "r")) != NULL)
8556 while (fgets(temp, sizeof(temp), fptr) != 0)
8558 for (i = 0; i < (int)strlen(temp); i++)
8559 temp[i] = toupper(temp[i]);
8561 if (temp[strlen(temp) - 1] == '\n')
8562 temp[strlen(temp) - 1] = '\0';
8566 if (strlen(temp) == 0)
8569 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8571 if (strlen(temp) > (strlen(DOMAIN)))
8573 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8574 StringTrim(ldap_domain);
8577 else if (!strncmp(temp, REALM, strlen(REALM)))
8579 if (strlen(temp) > (strlen(REALM)))
8581 strcpy(ldap_realm, &temp[strlen(REALM)]);
8582 StringTrim(ldap_realm);
8585 else if (!strncmp(temp, PORT, strlen(PORT)))
8587 if (strlen(temp) > (strlen(PORT)))
8589 strcpy(ldap_port, &temp[strlen(PORT)]);
8590 StringTrim(ldap_port);
8593 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8595 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8597 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8598 StringTrim(PrincipalName);
8601 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8603 if (strlen(temp) > (strlen(SERVER)))
8605 ServerList[Count] = calloc(1, 256);
8606 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8607 StringTrim(ServerList[Count]);
8611 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8613 if (strlen(temp) > (strlen(MSSFU)))
8615 strcpy(temp1, &temp[strlen(MSSFU)]);
8617 if (!strcmp(temp1, SFUTYPE))
8621 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8623 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8625 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8627 if (!strcasecmp(temp1, "NO"))
8630 memset(group_suffix, '\0', sizeof(group_suffix));
8634 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8636 if (strlen(temp) > (strlen(GROUP_TYPE)))
8638 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8640 if (!strcasecmp(temp1, "UNIVERSAL"))
8641 UseGroupUniversal = 1;
8644 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8646 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8648 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8650 if (!strcasecmp(temp1, "NO"))
8654 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8656 if (strlen(temp) > (strlen(SET_PASSWORD)))
8658 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8660 if (!strcasecmp(temp1, "NO"))
8664 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8666 if (strlen(temp) > (strlen(EXCHANGE)))
8668 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8670 if (!strcasecmp(temp1, "YES"))
8674 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8675 strlen(PROCESS_MACHINE_CONTAINER)))
8677 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8679 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8681 if (!strcasecmp(temp1, "NO"))
8682 ProcessMachineContainer = 0;
8685 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8686 strlen(ACTIVE_DIRECTORY)))
8688 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8690 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8692 if (!strcasecmp(temp1, "NO"))
8693 ActiveDirectory = 0;
8696 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8697 strlen(GROUP_POPULATE_MEMBERS)))
8699 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8701 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8703 if (!strcasecmp(temp1, "DELETE"))
8705 GroupPopulateDelete = 1;
8709 else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
8711 if (strlen(temp) > (strlen(MAX_MEMBERS)))
8713 strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
8715 max_group_members = atoi(temp1);
8720 if (strlen(ldap_domain) != 0)
8722 memset(ldap_domain, '\0', sizeof(ldap_domain));
8726 if (strlen(temp) != 0)
8727 strcpy(ldap_domain, temp);
8733 if (strlen(ldap_domain) == 0)
8735 strcpy(ldap_domain, DomainName);
8741 for (i = 0; i < Count; i++)
8743 if (ServerList[i] != 0)
8745 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8746 ServerList[i][k] = toupper(ServerList[i][k]);
8753 int ReadDomainList()
8760 unsigned char c[11];
8761 unsigned char stuff[256];
8766 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8768 if ((fptr = fopen(temp, "r")) != NULL)
8770 while (fgets(temp, sizeof(temp), fptr) != 0)
8772 for (i = 0; i < (int)strlen(temp); i++)
8773 temp[i] = toupper(temp[i]);
8775 if (temp[strlen(temp) - 1] == '\n')
8776 temp[strlen(temp) - 1] = '\0';
8780 if (strlen(temp) == 0)
8783 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8785 if (strlen(temp) > (strlen(DOMAIN)))
8787 strcpy(temp1, &temp[strlen(DOMAIN)]);
8789 strcpy(temp, temp1);
8793 strcpy(DomainNames[Count], temp);
8794 StringTrim(DomainNames[Count]);
8803 critical_alert(whoami, "incremental", "%s", "ldap.incr cannot run due to a "
8804 "configuration error in ldap.cfg");
8811 int email_isvalid(const char *address) {
8813 const char *c, *domain;
8814 static char *rfc822_specials = "()<>@,;:\\\"[]";
8816 if(address[strlen(address) - 1] == '.')
8819 /* first we validate the name portion (name@domain) */
8820 for (c = address; *c; c++) {
8821 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8826 if (*c == '\\' && (*++c == ' '))
8828 if (*c <= ' ' || *c >= 127)
8843 if (*c <= ' ' || *c >= 127)
8845 if (strchr(rfc822_specials, *c))
8849 if (c == address || *(c - 1) == '.')
8852 /* next we validate the domain portion (name@domain) */
8853 if (!*(domain = ++c)) return 0;
8856 if (c == domain || *(c - 1) == '.')
8860 if (*c <= ' ' || *c >= 127)
8862 if (strchr(rfc822_specials, *c))
8866 return (count >= 1);
8869 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8870 char **homeServerName)
8872 LK_ENTRY *group_base;
8873 LK_ENTRY *sub_group_base;
8877 int sub_group_count;
8879 char sub_filter[1024];
8880 char search_path[1024];
8882 char *attr_array[3];
8884 int homeMDB_count = -1;
8888 int rangeStep = 1500;
8890 int rangeHigh = rangeLow + (rangeStep - 1);
8893 /* Grumble..... microsoft not making it searchable from the root *grr* */
8895 memset(filter, '\0', sizeof(filter));
8896 memset(search_path, '\0', sizeof(search_path));
8898 sprintf(filter, "(objectClass=msExchMDB)");
8899 sprintf(search_path, "CN=Configuration,%s", dn_path);
8900 attr_array[0] = "distinguishedName";
8901 attr_array[1] = NULL;
8906 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8907 &group_base, &group_count,
8908 LDAP_SCOPE_SUBTREE)) != 0)
8910 com_err(whoami, 0, "Unable to find msExchMDB %s",
8911 ldap_err2string(rc));
8920 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8921 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8922 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8929 * Due to limits in active directory we need to use the LDAP
8930 * range semantics to query and return all the values in
8931 * large lists, we will stop increasing the range when
8932 * the result count is 0.
8940 memset(sub_filter, '\0', sizeof(sub_filter));
8941 memset(range, '\0', sizeof(range));
8942 sprintf(sub_filter, "(objectClass=msExchMDB)");
8945 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8947 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8949 attr_array[0] = range;
8950 attr_array[1] = NULL;
8952 sub_group_base = NULL;
8953 sub_group_count = 0;
8955 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8956 attr_array, &sub_group_base,
8958 LDAP_SCOPE_SUBTREE)) != 0)
8960 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8961 ldap_err2string(rc));
8965 if(!sub_group_count)
8971 rangeHigh = rangeLow + (rangeStep - 1);
8978 mdbbl_count += sub_group_count;
8979 rangeLow = rangeHigh + 1;
8980 rangeHigh = rangeLow + (rangeStep - 1);
8983 /* First time through, need to initialize or update the least used */
8985 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8988 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8990 homeMDB_count = mdbbl_count;
8991 *homeMDB = strdup(gPtr->dn);
8995 linklist_free(sub_group_base);
8999 linklist_free(group_base);
9002 * Ok found the server least allocated need to now query to get its
9003 * msExchHomeServerName so we can set it as a user attribute
9006 attr_array[0] = "legacyExchangeDN";
9007 attr_array[1] = NULL;
9012 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
9013 attr_array, &group_base,
9015 LDAP_SCOPE_SUBTREE)) != 0)
9017 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
9018 ldap_err2string(rc));
9024 *homeServerName = strdup(group_base->value);
9025 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
9031 linklist_free(group_base);
9036 char *lowercase(char *s)
9040 for (p = s; *p; p++)
9048 char *uppercase(char *s)
9052 for (p = s; *p; p++)
9060 char *escape_string(char *s)
9068 memset(string, '\0', sizeof(string));
9072 /* Escape any special characters */
9074 for(; *q != '\0'; q++) {
9097 return strdup(string);
9100 int save_query_info(int argc, char **argv, void *hint)
9103 char **nargv = hint;
9105 for(i = 0; i < argc; i++)
9106 nargv[i] = strdup(argv[i]);
9111 int save_fsgroup_info(int argc, char **argv, void *hint)
9114 char **nargv = hint;
9118 for(i = 0; i < argc; i++)
9119 nargv[i] = strdup(argv[i]);
9127 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
9128 char *UserOu, char *user_name)
9130 char search_filter[1024];
9131 char *attr_array[3];
9132 LK_ENTRY *group_base;
9139 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9143 if(!strcmp(UserOu, user_ou))
9144 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
9146 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9152 sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))",
9155 attr_array[0] = "mitMoiraId";
9156 attr_array[1] = NULL;
9158 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
9159 attr_array, &group_base, &group_count,
9160 LDAP_SCOPE_SUBTREE)) != 0)
9162 com_err(whoami, 0, "Unable to check group %s for membership of %s : %s",
9163 group_name, user_name, ldap_err2string(rc));
9172 linklist_free(group_base);