2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
124 #define ECONNABORTED WSAECONNABORTED
127 #define ECONNREFUSED WSAECONNREFUSED
130 #define EHOSTUNREACH WSAEHOSTUNREACH
132 #define krb5_xfree free
134 #define sleep(A) Sleep(A * 1000);
138 #include <sys/types.h>
139 #include <netinet/in.h>
140 #include <arpa/nameser.h>
142 #include <sys/utsname.h>
145 #define WINADCFG "/moira/winad/winad.cfg"
146 #define strnicmp(A,B,C) strncasecmp(A,B,C)
147 #define UCHAR unsigned char
149 #define UF_SCRIPT 0x0001
150 #define UF_ACCOUNTDISABLE 0x0002
151 #define UF_HOMEDIR_REQUIRED 0x0008
152 #define UF_LOCKOUT 0x0010
153 #define UF_PASSWD_NOTREQD 0x0020
154 #define UF_PASSWD_CANT_CHANGE 0x0040
155 #define UF_DONT_EXPIRE_PASSWD 0x10000
157 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
158 #define UF_NORMAL_ACCOUNT 0x0200
159 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
160 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
161 #define UF_SERVER_TRUST_ACCOUNT 0x2000
163 #define OWNER_SECURITY_INFORMATION (0x00000001L)
164 #define GROUP_SECURITY_INFORMATION (0x00000002L)
165 #define DACL_SECURITY_INFORMATION (0x00000004L)
166 #define SACL_SECURITY_INFORMATION (0x00000008L)
169 #define BYTE unsigned char
171 typedef unsigned int DWORD;
172 typedef unsigned long ULONG;
177 unsigned short Data2;
178 unsigned short Data3;
179 unsigned char Data4[8];
182 typedef struct _SID_IDENTIFIER_AUTHORITY {
184 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
186 typedef struct _SID {
188 BYTE SubAuthorityCount;
189 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
190 DWORD SubAuthority[512];
195 #define WINADCFG "winad.cfg"
199 #define WINAFS "\\\\afs\\all\\"
201 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
202 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
204 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
205 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
207 #define QUERY_VERSION -1
208 #define PRIMARY_REALM "ATHENA.MIT.EDU"
217 #define MEMBER_REMOVE 2
218 #define MEMBER_CHANGE_NAME 3
219 #define MEMBER_ACTIVATE 4
220 #define MEMBER_DEACTIVATE 5
221 #define MEMBER_CREATE 6
223 #define MOIRA_ALL 0x0
224 #define MOIRA_USERS 0x1
225 #define MOIRA_KERBEROS 0x2
226 #define MOIRA_STRINGS 0x4
227 #define MOIRA_LISTS 0x8
229 #define CHECK_GROUPS 1
230 #define CLEANUP_GROUPS 2
232 #define AD_NO_GROUPS_FOUND -1
233 #define AD_WRONG_GROUP_DN_FOUND -2
234 #define AD_MULTIPLE_GROUPS_FOUND -3
235 #define AD_INVALID_NAME -4
236 #define AD_LDAP_FAILURE -5
237 #define AD_INVALID_FILESYS -6
238 #define AD_NO_ATTRIBUTE_FOUND -7
239 #define AD_NO_OU_FOUND -8
240 #define AD_NO_USER_FOUND -9
242 /* container arguments */
243 #define CONTAINER_NAME 0
244 #define CONTAINER_DESC 1
245 #define CONTAINER_LOCATION 2
246 #define CONTAINER_CONTACT 3
247 #define CONTAINER_TYPE 4
248 #define CONTAINER_ID 5
249 #define CONTAINER_ROWID 6
250 #define CONTAINER_GROUP_NAME 7
252 /*mcntmap arguments*/
253 #define OU_MACHINE_NAME 0
254 #define OU_CONTAINER_NAME 1
255 #define OU_MACHINE_ID 2
256 #define OU_CONTAINER_ID 3
257 #define OU_CONTAINER_GROUP 4
259 typedef struct lk_entry {
269 struct lk_entry *next;
272 #define STOP_FILE "/moira/winad/nowinad"
273 #define file_exists(file) (access((file), F_OK) == 0)
275 #define N_SD_BER_BYTES 5
276 #define LDAP_BERVAL struct berval
277 #define MAX_SERVER_NAMES 32
279 #define HIDDEN_GROUP "HiddenGroup.g"
280 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
281 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
282 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
284 #define ADD_ATTR(t, v, o) \
285 mods[n] = malloc(sizeof(LDAPMod)); \
286 mods[n]->mod_op = o; \
287 mods[n]->mod_type = t; \
288 mods[n++]->mod_values = v
290 #define DEL_ATTR(t, o) \
291 DelMods[i] = malloc(sizeof(LDAPMod)); \
292 DelMods[i]->mod_op = o; \
293 DelMods[i]->mod_type = t; \
294 DelMods[i++]->mod_values = NULL
296 #define DOMAIN_SUFFIX "MIT.EDU"
297 #define DOMAIN "DOMAIN: "
298 #define SERVER "SERVER: "
299 #define MSSFU "SFU: "
302 LK_ENTRY *member_base = NULL;
303 LK_ENTRY *sid_base = NULL;
304 LK_ENTRY **sid_ptr = NULL;
305 static char tbl_buf[1024];
306 char kerberos_ou[] = "OU=kerberos,OU=moira";
307 char contact_ou[] = "OU=strings,OU=moira";
308 char user_ou[] = "OU=users,OU=moira";
309 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
310 char group_ou_root[] = "OU=lists,OU=moira";
311 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
312 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
313 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
314 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
315 char orphans_other_ou[] = "OU=Other,OU=Orphans";
316 char security_template_ou[] = "OU=security_templates";
318 char ldap_domain[256];
319 char *ServerList[MAX_SERVER_NAMES];
320 int mr_connections = 0;
322 char default_server[256];
323 static char tbl_buf[1024];
326 extern int set_password(char *user, char *password, char *domain);
328 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
329 char *group_membership, char *MoiraId, char *attribute,
330 LK_ENTRY **linklist_base, int *linklist_count,
332 void AfsToWinAfs(char* path, char* winPath);
333 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
334 char *Win2kPassword, char *Win2kUser, char *default_server,
335 int connect_to_kdc, char **ServerList, int *IgnoreMasterSeverError);
336 void ad_kdc_disconnect();
337 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
338 char *attribute_value, char *attribute, char *user_name);
339 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
340 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
341 void check_winad(void);
342 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
344 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
345 char *distinguishedName, int count, char **av);
346 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
347 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
348 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
349 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
350 char *distinguishedName, int count, char **av);
351 void container_get_dn(char *src, char *dest);
352 void container_get_name(char *src, char *dest);
353 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
354 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
355 int afterc, char **after);
356 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
357 int afterc, char **after);
359 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
360 char *fs_type, char *fs_pack, int operation);
361 int GetAceInfo(int ac, char **av, void *ptr);
362 int GetServerList(char *ldap_domain, char **MasterServe);
363 int get_group_membership(char *group_membership, char *group_ou,
364 int *security_flag, char **av);
365 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
366 int Moira_container_group_create(char **after);
367 int Moira_container_group_delete(char **before);
368 int Moira_groupname_create(char *GroupName, char *ContainerName,
369 char *ContainerRowID);
370 int Moira_container_group_update(char **before, char **after);
371 int Moira_process_machine_container_group(char *MachineName, char* groupName,
373 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
374 int Moira_getContainerGroup(int ac, char **av, void *ptr);
375 int Moira_getGroupName(char *origContainerName, char *GroupName,
377 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
378 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
379 int UpdateGroup, int *ProcessGroup);
380 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
381 char *group_name, char *group_ou, char *group_membership,
382 int group_security_flag, int type);
383 int process_lists(int ac, char **av, void *ptr);
384 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
385 int HiddenGroup, char *AceType, char *AceName);
386 int ProcessMachineName(int ac, char **av, void *ptr);
387 int user_create(int ac, char **av, void *ptr);
388 int user_change_status(LDAP *ldap_handle, char *dn_path,
389 char *user_name, char *MoiraId, int operation);
390 int user_delete(LDAP *ldap_handle, char *dn_path,
391 char *u_name, char *MoiraId);
392 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
394 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
395 char *uid, char *MitId, char *MoiraId, int State,
396 char *WinHomeDir, char *WinProfileDir);
397 void change_to_lower_case(char *ptr);
398 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
399 int group_create(int ac, char **av, void *ptr);
400 int group_delete(LDAP *ldap_handle, char *dn_path,
401 char *group_name, char *group_membership, char *MoiraId);
402 int group_rename(LDAP *ldap_handle, char *dn_path,
403 char *before_group_name, char *before_group_membership,
404 char *before_group_ou, int before_security_flag, char *before_desc,
405 char *after_group_name, char *after_group_membership,
406 char *after_group_ou, int after_security_flag, char *after_desc,
407 char *MoiraId, char *filter);
408 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
409 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
410 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
411 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
412 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
413 char *group_name, char *group_ou, char *group_membership,
414 int group_security_flag, int updateGroup);
415 int member_list_build(int ac, char **av, void *ptr);
416 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
417 char *group_ou, char *group_membership,
418 char *user_name, char *pUserOu, char *MoiraId);
419 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
420 char *group_ou, char *group_membership, char *user_name,
421 char *pUserOu, char *MoiraId);
422 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_ou, char *group_membership,
424 int group_security_flag, char *MoiraId);
425 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
426 char *WinHomeDir, char *WinProfileDir,
427 char **homedir_v, char **winProfile_v,
428 char **drives_v, LDAPMod **mods,
430 int sid_update(LDAP *ldap_handle, char *dn_path);
431 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
432 int check_string(char *s);
433 int check_container_name(char* s);
434 void convert_b_to_a(char *string, UCHAR *binary, int length);
435 int mr_connect_cl(char *server, char *client, int version, int auth);
437 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
438 char **before, int beforec, char **after, int afterc);
439 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
440 char **before, int beforec, char **after, int afterc);
441 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
442 char **before, int beforec, char **after, int afterc);
443 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
444 char **before, int beforec, char **after, int afterc);
445 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
446 char **before, int beforec, char **after, int afterc);
447 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
448 char **before, int beforec, char **after, int afterc);
449 int linklist_create_entry(char *attribute, char *value,
450 LK_ENTRY **linklist_entry);
451 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
452 char **attr_array, LK_ENTRY **linklist_base,
453 int *linklist_count, unsigned long ScopeType);
454 void linklist_free(LK_ENTRY *linklist_base);
456 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
457 char *distinguished_name, LK_ENTRY **linklist_current);
458 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
459 LK_ENTRY **linklist_base, int *linklist_count);
460 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
461 char *Attribute, char *distinguished_name,
462 LK_ENTRY **linklist_current);
464 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
465 char *oldValue, char *newValue,
466 char ***modvalues, int type);
467 void free_values(char **modvalues);
469 int convert_domain_to_dn(char *domain, char **bind_path);
470 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
471 char *distinguished_name);
472 int moira_disconnect(void);
473 int moira_connect(void);
474 void print_to_screen(const char *fmt, ...);
475 int GetMachineName(char *MachineName);
477 int main(int argc, char **argv)
487 int IgnoreServerListError;
496 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
500 com_err(whoami, 0, "Unable to process %s", "argc < 4");
503 beforec = atoi(argv[2]);
504 afterc = atoi(argv[3]);
506 if (argc < (4 + beforec + afterc))
508 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
514 after = &argv[4 + beforec];
521 for (i = 1; i < argc; i++)
523 strcat(tbl_buf, argv[i]);
524 strcat(tbl_buf, " ");
526 com_err(whoami, 0, "%s", tbl_buf);
530 memset(ldap_domain, '\0', sizeof(ldap_domain));
531 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
532 memset(temp, '\0', sizeof(temp));
537 if ((fptr = fopen(WINADCFG, "r")) != NULL)
539 while (fgets(temp, sizeof(temp), fptr) != 0)
541 for (i = 0; i < (int)strlen(temp); i++)
542 temp[i] = toupper(temp[i]);
543 if (temp[strlen(temp) - 1] == '\n')
544 temp[strlen(temp) - 1] = '\0';
545 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
547 if (strlen(temp) > (strlen(DOMAIN)))
549 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
552 else if (!strncmp(temp, SERVER, strlen(SERVER)))
554 if (strlen(temp) > (strlen(SERVER)))
556 ServerList[Count] = calloc(1, 256);
557 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
561 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
563 if (strlen(temp) > (strlen(MSSFU)))
565 if (!strcmp(&temp[strlen(MSSFU)], SFUTYPE))
571 strcpy(ldap_domain, temp);
577 if (strlen(ldap_domain) == 0)
578 strcpy(ldap_domain, "win.mit.edu");
579 /* zero trailing newline, if there is one. */
580 if (ldap_domain[strlen(ldap_domain) - 1] == '\n')
581 ldap_domain[strlen(ldap_domain) - 1] = '\0';
583 initialize_sms_error_table();
584 initialize_krb_error_table();
586 IgnoreServerListError = 0;
587 if (ServerList[0] == NULL)
589 IgnoreServerListError = 1;
590 GetServerList(ldap_domain, ServerList);
592 for (i = 0; i < MAX_SERVER_NAMES; i++)
594 if (ServerList[i] != 0)
596 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
597 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
598 strcat(ServerList[i], ".");
599 strcat(ServerList[i], ldap_domain);
600 for (k = 0; k < (int)strlen(ServerList[i]); k++)
601 ServerList[i][k] = toupper(ServerList[i][k]);
605 memset(default_server, '\0', sizeof(default_server));
606 memset(dn_path, '\0', sizeof(dn_path));
607 for (i = 0; i < 5; i++)
609 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
610 default_server, 1, ServerList, &IgnoreServerListError)))
612 if (IgnoreServerListError < 0)
614 GetServerList(ldap_domain, ServerList);
615 for (j = 0; j < MAX_SERVER_NAMES; j++)
617 if (ServerList[j] != NULL)
619 if (ServerList[j][strlen(ServerList[j]) - 1] == '\n')
620 ServerList[j][strlen(ServerList[j]) - 1] = '\0';
621 strcat(ServerList[j], ".");
622 strcat(ServerList[j], ldap_domain);
623 for (k = 0; k < (int)strlen(ServerList[j]); k++)
624 ServerList[j][k] = toupper(ServerList[j][k]);
627 IgnoreServerListError = 1;
634 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
638 for (i = 0; i < (int)strlen(table); i++)
639 table[i] = tolower(table[i]);
641 if (!strcmp(table, "users"))
642 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
644 else if (!strcmp(table, "list"))
645 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
647 else if (!strcmp(table, "imembers"))
648 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
650 else if (!strcmp(table, "filesys"))
651 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
653 else if (!strcmp(table, "containers"))
654 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
656 else if (!strcmp(table, "mcntmap"))
657 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
659 if (OldUseSFU30 != UseSFU30)
661 GetServerList(ldap_domain, ServerList);
664 for (i = 0; i < MAX_SERVER_NAMES; i++)
666 if (ServerList[i] != NULL)
669 ServerList[i] = NULL;
672 rc = ldap_unbind_s(ldap_handle);
676 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
677 char **before, int beforec, char **after, int afterc)
679 char MoiraContainerName[128];
680 char ADContainerName[128];
681 char MachineName[1024];
682 char OriginalMachineName[1024];
685 char MoiraContainerGroup[64];
688 memset(ADContainerName, '\0', sizeof(ADContainerName));
689 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
691 if ((beforec == 0) && (afterc == 0))
694 if (rc = moira_connect())
696 critical_alert("AD incremental",
697 "Error contacting Moira server : %s",
702 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
704 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
705 strcpy(MachineName, before[OU_MACHINE_NAME]);
706 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
708 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
710 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
712 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
713 strcpy(MachineName, after[OU_MACHINE_NAME]);
714 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
715 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
723 rc = GetMachineName(MachineName);
724 if (strlen(MachineName) == 0)
727 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
730 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
732 if (machine_check(ldap_handle, dn_path, MachineName))
734 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
738 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
739 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
740 if (strlen(MoiraContainerName) == 0)
742 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
743 OriginalMachineName, MachineName);
744 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
748 container_get_dn(MoiraContainerName, ADContainerName);
749 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
750 strcat(MoiraContainerName, "/");
751 container_check(ldap_handle, dn_path, MoiraContainerName);
752 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
757 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
758 char **before, int beforec, char **after, int afterc)
762 if ((beforec == 0) && (afterc == 0))
765 if (rc = moira_connect())
767 critical_alert("AD incremental", "Error contacting Moira server : %s",
772 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
774 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
775 container_delete(ldap_handle, dn_path, beforec, before);
776 Moira_container_group_delete(before);
780 if ((beforec == 0) && (afterc != 0)) /*create a container*/
782 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
783 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
784 container_create(ldap_handle, dn_path, afterc, after);
785 Moira_container_group_create(after);
790 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
792 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
793 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
794 Moira_container_group_update(before, after);
798 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
799 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
800 Moira_container_group_update(before, after);
805 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
806 char **before, int beforec, char **after, int afterc)
819 if (afterc < FS_CREATE)
823 atype = !strcmp(after[FS_TYPE], "AFS");
824 acreate = atoi(after[FS_CREATE]);
827 if (beforec < FS_CREATE)
829 if (acreate == 0 || atype == 0)
831 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
835 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
836 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
838 if (rc != LDAP_SUCCESS)
839 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
846 if (rc = moira_connect())
848 critical_alert("AD incremental",
849 "Error contacting Moira server : %s",
853 av[0] = after[FS_NAME];
854 call_args[0] = (char *)ldap_handle;
855 call_args[1] = dn_path;
861 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
865 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
871 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
874 if (sid_base != NULL)
876 sid_update(ldap_handle, dn_path);
877 linklist_free(sid_base);
885 btype = !strcmp(before[FS_TYPE], "AFS");
886 bcreate = atoi(before[FS_CREATE]);
887 if (afterc < FS_CREATE)
889 if (btype && bcreate)
891 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
892 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
894 com_err(whoami, 0, "Unable to delete filesys %s", before[FS_NAME]);
903 if (!atype && !btype)
905 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
907 com_err(whoami, 0, "Unable to process Filesystem %s or %s is not AFS",
908 before[FS_NAME], after[FS_NAME]);
912 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
916 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
917 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
919 if (rc != LDAP_SUCCESS)
920 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
927 if (rc = moira_connect())
929 critical_alert("AD incremental",
930 "Error contacting Moira server : %s",
934 av[0] = after[FS_NAME];
935 call_args[0] = (char *)ldap_handle;
936 call_args[1] = dn_path;
942 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
946 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
952 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
955 if (sid_base != NULL)
957 sid_update(ldap_handle, dn_path);
958 linklist_free(sid_base);
968 #define L_LIST_DESC 9
971 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
972 char **before, int beforec, char **after, int afterc)
977 char group_membership[6];
982 char before_list_id[32];
983 char before_group_membership[1];
984 int before_security_flag;
985 char before_group_ou[256];
986 LK_ENTRY *ptr = NULL;
988 if (beforec == 0 && afterc == 0)
991 memset(list_id, '\0', sizeof(list_id));
992 memset(before_list_id, '\0', sizeof(before_list_id));
993 memset(before_group_ou, '\0', sizeof(before_group_ou));
994 memset(before_group_membership, '\0', sizeof(before_group_membership));
995 memset(group_ou, '\0', sizeof(group_ou));
996 memset(group_membership, '\0', sizeof(group_membership));
1001 if (beforec < L_LIST_ID)
1003 if (beforec > L_LIST_DESC)
1005 strcpy(before_list_id, before[L_LIST_ID]);
1007 before_security_flag = 0;
1008 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
1012 if (afterc < L_LIST_ID)
1014 if (afterc > L_LIST_DESC)
1016 strcpy(list_id, before[L_LIST_ID]);
1019 get_group_membership(group_membership, group_ou, &security_flag, after);
1022 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1029 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1030 before_group_ou, before_group_membership,
1031 before_security_flag, CHECK_GROUPS)))
1033 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1039 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1040 before_group_ou, before_group_membership,
1041 before_security_flag, CLEANUP_GROUPS);
1043 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1045 com_err(whoami, 0, "Unable to process list %s",
1049 if (rc == AD_NO_GROUPS_FOUND)
1055 if ((beforec != 0) && (afterc != 0))
1057 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1058 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1059 (strcmp(before_group_ou, group_ou)))) &&
1062 com_err(whoami, 0, "Changing list name from %s to %s",
1063 before[L_NAME], after[L_NAME]);
1064 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1065 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1067 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1070 memset(filter, '\0', sizeof(filter));
1071 if ((rc = group_rename(ldap_handle, dn_path,
1072 before[L_NAME], before_group_membership,
1073 before_group_ou, before_security_flag, before[L_LIST_DESC],
1074 after[L_NAME], group_membership,
1075 group_ou, security_flag, after[L_LIST_DESC],
1078 if (rc != AD_NO_GROUPS_FOUND)
1080 com_err(whoami, 0, "Unable to change list name from %s to %s",
1081 before[L_NAME], after[L_NAME]);
1094 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1096 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
1099 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1100 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1101 before_group_membership, before_list_id);
1108 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1109 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1110 group_ou, group_membership,
1111 security_flag, CHECK_GROUPS))
1113 if (rc != AD_NO_GROUPS_FOUND)
1115 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1117 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1118 group_ou, group_membership,
1119 security_flag, CLEANUP_GROUPS);
1123 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
1130 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1132 if (rc = moira_connect())
1134 critical_alert("AD incremental",
1135 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1145 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1148 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1149 group_ou, group_membership, security_flag, updateGroup))
1154 if (atoi(after[L_ACTIVE]))
1156 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1157 group_membership, security_flag, list_id);
1164 #define LM_EXTRA_ACTIVE (LM_END)
1165 #define LM_EXTRA_PUBLIC (LM_END+1)
1166 #define LM_EXTRA_HIDDEN (LM_END+2)
1167 #define LM_EXTRA_MAILLIST (LM_END+3)
1168 #define LM_EXTRA_GROUP (LM_END+4)
1169 #define LM_EXTRA_GID (LM_END+5)
1170 #define LMN_LIST_ID (LM_END+6)
1171 #define LM_LIST_ID (LM_END+7)
1172 #define LM_USER_ID (LM_END+8)
1173 #define LM_EXTRA_END (LM_END+9)
1175 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1176 char **before, int beforec, char **after, int afterc)
1178 char group_name[128];
1179 char user_name[128];
1180 char user_type[128];
1181 char moira_list_id[32];
1182 char moira_user_id[32];
1183 char group_membership[1];
1185 char machine_ou[256];
1191 char NewMachineName[1024];
1198 memset(moira_list_id, '\0', sizeof(moira_list_id));
1199 memset(moira_user_id, '\0', sizeof(moira_user_id));
1202 if (afterc < LM_EXTRA_GID)
1204 if (!atoi(after[LM_EXTRA_ACTIVE]))
1206 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1210 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1212 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1213 after[2], after[0], after[0]);
1216 strcpy(user_name, after[LM_MEMBER]);
1217 strcpy(group_name, after[LM_LIST]);
1218 strcpy(user_type, after[LM_TYPE]);
1219 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1221 if (afterc > LM_EXTRA_GROUP)
1223 strcpy(moira_list_id, after[LMN_LIST_ID]);
1224 strcpy(moira_user_id, after[LM_LIST_ID]);
1227 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1229 if (afterc > LMN_LIST_ID)
1231 strcpy(moira_list_id, after[LM_LIST_ID]);
1232 strcpy(moira_user_id, after[LM_USER_ID]);
1237 if (afterc > LM_EXTRA_GID)
1238 strcpy(moira_list_id, after[LMN_LIST_ID]);
1243 if (beforec < LM_EXTRA_GID)
1245 if (!atoi(before[LM_EXTRA_ACTIVE]))
1247 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1251 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1253 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1254 before[2], before[0], before[0]);
1257 strcpy(user_name, before[LM_MEMBER]);
1258 strcpy(group_name, before[LM_LIST]);
1259 strcpy(user_type, before[LM_TYPE]);
1260 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1262 if (beforec > LM_EXTRA_GROUP)
1264 strcpy(moira_list_id, before[LMN_LIST_ID]);
1265 strcpy(moira_user_id, before[LM_LIST_ID]);
1268 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1270 if (beforec > LMN_LIST_ID)
1272 strcpy(moira_list_id, before[LM_LIST_ID]);
1273 strcpy(moira_user_id, before[LM_USER_ID]);
1278 if (beforec > LM_EXTRA_GID)
1279 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1289 args[L_NAME] = ptr[LM_LIST];
1290 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1291 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1292 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1293 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1294 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1295 args[L_GID] = ptr[LM_EXTRA_GID];
1298 memset(group_ou, '\0', sizeof(group_ou));
1299 get_group_membership(group_membership, group_ou, &security_flag, args);
1300 if (strlen(group_ou) == 0)
1302 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1305 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1307 if (rc != AD_NO_GROUPS_FOUND)
1309 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1311 if (rc != AD_NO_GROUPS_FOUND)
1314 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1316 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1322 if (rc == AD_NO_GROUPS_FOUND)
1324 if (rc = moira_connect())
1326 critical_alert("AD incremental",
1327 "Error contacting Moira server : %s",
1332 com_err(whoami, 0, "creating group %s", group_name);
1334 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1338 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1341 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1342 group_ou, group_membership, security_flag, 0))
1347 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1349 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1350 group_membership, security_flag, moira_list_id);
1357 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1359 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1361 memset(machine_ou, '\0', sizeof(machine_ou));
1362 memset(NewMachineName, '\0', sizeof(NewMachineName));
1363 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1365 ptr[LM_MEMBER] = NewMachineName;
1366 pUserOu = machine_ou;
1368 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1370 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1372 pUserOu = contact_ou;
1374 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1376 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1378 pUserOu = kerberos_ou;
1380 if (rc = member_remove(ldap_handle, dn_path, group_name,
1381 group_ou, group_membership, ptr[LM_MEMBER],
1382 pUserOu, moira_list_id))
1383 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1387 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1390 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1392 memset(machine_ou, '\0', sizeof(machine_ou));
1393 memset(NewMachineName, '\0', sizeof(NewMachineName));
1394 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1396 ptr[LM_MEMBER] = NewMachineName;
1397 pUserOu = machine_ou;
1399 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1401 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1403 pUserOu = contact_ou;
1405 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1407 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1409 pUserOu = kerberos_ou;
1411 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1413 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1414 moira_user_id)) == AD_NO_USER_FOUND)
1416 if (rc = moira_connect())
1418 critical_alert("AD incremental",
1419 "Error connection to Moira : %s",
1423 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1424 av[0] = ptr[LM_MEMBER];
1425 call_args[0] = (char *)ldap_handle;
1426 call_args[1] = dn_path;
1427 call_args[2] = moira_user_id;
1428 call_args[3] = NULL;
1430 sid_ptr = &sid_base;
1432 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1436 com_err(whoami, 0, "Unable to create user %s : %s",
1437 ptr[LM_MEMBER], error_message(rc));
1443 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1447 if (sid_base != NULL)
1449 sid_update(ldap_handle, dn_path);
1450 linklist_free(sid_base);
1461 if (rc = member_add(ldap_handle, dn_path, group_name,
1462 group_ou, group_membership, ptr[LM_MEMBER],
1463 pUserOu, moira_list_id))
1465 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1471 #define U_USER_ID 10
1472 #define U_HOMEDIR 11
1473 #define U_PROFILEDIR 12
1475 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1476 char **before, int beforec, char **after,
1481 char after_user_id[32];
1482 char before_user_id[32];
1485 if ((beforec == 0) && (afterc == 0))
1488 memset(after_user_id, '\0', sizeof(after_user_id));
1489 memset(before_user_id, '\0', sizeof(before_user_id));
1490 if (beforec > U_USER_ID)
1491 strcpy(before_user_id, before[U_USER_ID]);
1492 if (afterc > U_USER_ID)
1493 strcpy(after_user_id, after[U_USER_ID]);
1495 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1498 if ((beforec == 0) && (afterc != 0))
1500 /*this case only happens when the account*/
1501 /*account is first created but not usable*/
1502 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1505 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1507 if (atoi(before[U_STATE]) == 0)
1509 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1510 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1514 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1519 /*process anything that gets here*/
1520 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1521 before_user_id)) == AD_NO_USER_FOUND)
1523 if (!check_string(after[U_NAME]))
1525 if (rc = moira_connect())
1527 critical_alert("AD incremental",
1528 "Error connection to Moira : %s",
1532 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1534 av[0] = after[U_NAME];
1535 call_args[0] = (char *)ldap_handle;
1536 call_args[1] = dn_path;
1537 call_args[2] = after_user_id;
1538 call_args[3] = NULL;
1540 sid_ptr = &sid_base;
1542 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1546 com_err(whoami, 0, "Unable to create user %s : %s",
1547 after[U_NAME], error_message(rc));
1553 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1557 if (sid_base != NULL)
1559 sid_update(ldap_handle, dn_path);
1560 linklist_free(sid_base);
1569 if (strcmp(before[U_NAME], after[U_NAME]))
1571 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1573 com_err(whoami, 0, "changing user %s to %s",
1574 before[U_NAME], after[U_NAME]);
1575 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1576 after[U_NAME])) != LDAP_SUCCESS)
1582 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1583 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1584 after[U_UID], after[U_MITID],
1585 after_user_id, atoi(after[U_STATE]),
1586 after[U_HOMEDIR], after[U_PROFILEDIR]);
1590 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1591 char *oldValue, char *newValue,
1592 char ***modvalues, int type)
1594 LK_ENTRY *linklist_ptr;
1598 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1603 for (i = 0; i < (modvalue_count + 1); i++)
1604 (*modvalues)[i] = NULL;
1605 if (modvalue_count != 0)
1607 linklist_ptr = linklist_base;
1608 for (i = 0; i < modvalue_count; i++)
1610 if ((oldValue != NULL) && (newValue != NULL))
1612 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1615 if (type == REPLACE)
1617 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1620 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1621 strcpy((*modvalues)[i], newValue);
1625 if (((*modvalues)[i] = calloc(1,
1626 (int)(cPtr - linklist_ptr->value) +
1627 (linklist_ptr->length - strlen(oldValue)) +
1628 strlen(newValue) + 1)) == NULL)
1630 memset((*modvalues)[i], '\0',
1631 (int)(cPtr - linklist_ptr->value) +
1632 (linklist_ptr->length - strlen(oldValue)) +
1633 strlen(newValue) + 1);
1634 memcpy((*modvalues)[i], linklist_ptr->value,
1635 (int)(cPtr - linklist_ptr->value));
1636 strcat((*modvalues)[i], newValue);
1637 strcat((*modvalues)[i],
1638 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1643 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1644 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1645 memcpy((*modvalues)[i], linklist_ptr->value,
1646 linklist_ptr->length);
1651 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1652 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1653 memcpy((*modvalues)[i], linklist_ptr->value,
1654 linklist_ptr->length);
1656 linklist_ptr = linklist_ptr->next;
1658 (*modvalues)[i] = NULL;
1664 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1665 char **attr_array, LK_ENTRY **linklist_base,
1666 int *linklist_count, unsigned long ScopeType)
1669 LDAPMessage *ldap_entry;
1673 (*linklist_base) = NULL;
1674 (*linklist_count) = 0;
1675 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1676 search_exp, attr_array, 0, &ldap_entry))
1679 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1683 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1685 ldap_msgfree(ldap_entry);
1690 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1691 LK_ENTRY **linklist_base, int *linklist_count)
1693 char distinguished_name[1024];
1694 LK_ENTRY *linklist_ptr;
1697 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1700 memset(distinguished_name, '\0', sizeof(distinguished_name));
1701 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1703 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1704 linklist_base)) != 0)
1707 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1709 memset(distinguished_name, '\0', sizeof(distinguished_name));
1710 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1712 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1713 linklist_base)) != 0)
1717 linklist_ptr = (*linklist_base);
1718 (*linklist_count) = 0;
1719 while (linklist_ptr != NULL)
1721 ++(*linklist_count);
1722 linklist_ptr = linklist_ptr->next;
1727 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1728 char *distinguished_name, LK_ENTRY **linklist_current)
1734 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1736 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1738 ldap_memfree(Attribute);
1739 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1742 retrieve_values(ldap_handle, ldap_entry, Attribute,
1743 distinguished_name, linklist_current);
1744 ldap_memfree(Attribute);
1747 ldap_ber_free(ptr, 0);
1751 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1752 char *Attribute, char *distinguished_name,
1753 LK_ENTRY **linklist_current)
1759 LK_ENTRY *linklist_previous;
1760 LDAP_BERVAL **ber_value;
1768 SID_IDENTIFIER_AUTHORITY *sid_auth;
1769 unsigned char *subauth_count;
1770 #endif /*LDAP_BEGUG*/
1773 memset(temp, '\0', sizeof(temp));
1774 if ((!strcmp(Attribute, "objectSid")) ||
1775 (!strcmp(Attribute, "objectGUID")))
1780 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1781 Ptr = (void **)ber_value;
1786 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1787 Ptr = (void **)str_value;
1794 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1796 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1797 linklist_previous->next = (*linklist_current);
1798 (*linklist_current) = linklist_previous;
1800 if (((*linklist_current)->attribute = calloc(1,
1801 strlen(Attribute) + 1)) == NULL)
1803 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1804 strcpy((*linklist_current)->attribute, Attribute);
1807 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1808 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1810 memset((*linklist_current)->value, '\0', ber_length);
1811 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1813 (*linklist_current)->length = ber_length;
1817 if (((*linklist_current)->value = calloc(1,
1818 strlen(*Ptr) + 1)) == NULL)
1820 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1821 (*linklist_current)->length = strlen(*Ptr);
1822 strcpy((*linklist_current)->value, *Ptr);
1824 (*linklist_current)->ber_value = use_bervalue;
1825 if (((*linklist_current)->dn = calloc(1,
1826 strlen(distinguished_name) + 1)) == NULL)
1828 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1829 strcpy((*linklist_current)->dn, distinguished_name);
1832 if (!strcmp(Attribute, "objectGUID"))
1834 guid = (GUID *)((*linklist_current)->value);
1835 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1836 guid->Data1, guid->Data2, guid->Data3,
1837 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1838 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1839 guid->Data4[6], guid->Data4[7]);
1840 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1842 else if (!strcmp(Attribute, "objectSid"))
1844 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1846 print_to_screen(" Revision = %d\n", sid->Revision);
1847 print_to_screen(" SID Identifier Authority:\n");
1848 sid_auth = &sid->IdentifierAuthority;
1849 if (sid_auth->Value[0])
1850 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1851 else if (sid_auth->Value[1])
1852 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1853 else if (sid_auth->Value[2])
1854 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1855 else if (sid_auth->Value[3])
1856 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1857 else if (sid_auth->Value[5])
1858 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1860 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1861 subauth_count = GetSidSubAuthorityCount(sid);
1862 print_to_screen(" SidSubAuthorityCount = %d\n",
1864 print_to_screen(" SidSubAuthority:\n");
1865 for (i = 0; i < *subauth_count; i++)
1867 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1868 print_to_screen(" %u\n", *subauth);
1872 else if ((!memcmp(Attribute, "userAccountControl",
1873 strlen("userAccountControl"))) ||
1874 (!memcmp(Attribute, "sAMAccountType",
1875 strlen("sAmAccountType"))))
1877 intValue = atoi(*Ptr);
1878 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1879 if (!memcmp(Attribute, "userAccountControl",
1880 strlen("userAccountControl")))
1882 if (intValue & UF_ACCOUNTDISABLE)
1883 print_to_screen(" %20s : %s\n",
1884 "", "Account disabled");
1886 print_to_screen(" %20s : %s\n",
1887 "", "Account active");
1888 if (intValue & UF_HOMEDIR_REQUIRED)
1889 print_to_screen(" %20s : %s\n",
1890 "", "Home directory required");
1891 if (intValue & UF_LOCKOUT)
1892 print_to_screen(" %20s : %s\n",
1893 "", "Account locked out");
1894 if (intValue & UF_PASSWD_NOTREQD)
1895 print_to_screen(" %20s : %s\n",
1896 "", "No password required");
1897 if (intValue & UF_PASSWD_CANT_CHANGE)
1898 print_to_screen(" %20s : %s\n",
1899 "", "Cannot change password");
1900 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1901 print_to_screen(" %20s : %s\n",
1902 "", "Temp duplicate account");
1903 if (intValue & UF_NORMAL_ACCOUNT)
1904 print_to_screen(" %20s : %s\n",
1905 "", "Normal account");
1906 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1907 print_to_screen(" %20s : %s\n",
1908 "", "Interdomain trust account");
1909 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1910 print_to_screen(" %20s : %s\n",
1911 "", "Workstation trust account");
1912 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1913 print_to_screen(" %20s : %s\n",
1914 "", "Server trust account");
1919 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1921 #endif /*LDAP_DEBUG*/
1923 if (str_value != NULL)
1924 ldap_value_free(str_value);
1925 if (ber_value != NULL)
1926 ldap_value_free_len(ber_value);
1928 (*linklist_current) = linklist_previous;
1932 int moira_connect(void)
1937 if (!mr_connections++)
1940 memset(HostName, '\0', sizeof(HostName));
1941 strcpy(HostName, "ttsp");
1942 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1944 rc = mr_connect(HostName);
1949 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1951 rc = mr_connect(uts.nodename);
1956 rc = mr_auth("winad.incr");
1963 void check_winad(void)
1967 for (i = 0; file_exists(STOP_FILE); i++)
1971 critical_alert("AD incremental",
1972 "WINAD incremental failed (%s exists): %s",
1973 STOP_FILE, tbl_buf);
1980 int moira_disconnect(void)
1983 if (!--mr_connections)
1990 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1991 char *distinguished_name)
1995 CName = ldap_get_dn(ldap_handle, ldap_entry);
1998 strcpy(distinguished_name, CName);
1999 ldap_memfree(CName);
2002 int linklist_create_entry(char *attribute, char *value,
2003 LK_ENTRY **linklist_entry)
2005 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2006 if (!(*linklist_entry))
2010 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2011 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2012 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2013 strcpy((*linklist_entry)->attribute, attribute);
2014 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2015 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2016 strcpy((*linklist_entry)->value, value);
2017 (*linklist_entry)->length = strlen(value);
2018 (*linklist_entry)->next = NULL;
2022 void print_to_screen(const char *fmt, ...)
2026 va_start(pvar, fmt);
2027 vfprintf(stderr, fmt, pvar);
2032 int get_group_membership(char *group_membership, char *group_ou,
2033 int *security_flag, char **av)
2038 maillist_flag = atoi(av[L_MAILLIST]);
2039 group_flag = atoi(av[L_GROUP]);
2040 if (security_flag != NULL)
2041 (*security_flag) = 0;
2043 if ((maillist_flag) && (group_flag))
2045 if (group_membership != NULL)
2046 group_membership[0] = 'B';
2047 if (security_flag != NULL)
2048 (*security_flag) = 1;
2049 if (group_ou != NULL)
2050 strcpy(group_ou, group_ou_both);
2052 else if ((!maillist_flag) && (group_flag))
2054 if (group_membership != NULL)
2055 group_membership[0] = 'S';
2056 if (security_flag != NULL)
2057 (*security_flag) = 1;
2058 if (group_ou != NULL)
2059 strcpy(group_ou, group_ou_security);
2061 else if ((maillist_flag) && (!group_flag))
2063 if (group_membership != NULL)
2064 group_membership[0] = 'D';
2065 if (group_ou != NULL)
2066 strcpy(group_ou, group_ou_distribution);
2070 if (group_membership != NULL)
2071 group_membership[0] = 'N';
2072 if (group_ou != NULL)
2073 strcpy(group_ou, group_ou_neither);
2078 int group_rename(LDAP *ldap_handle, char *dn_path,
2079 char *before_group_name, char *before_group_membership,
2080 char *before_group_ou, int before_security_flag, char *before_desc,
2081 char *after_group_name, char *after_group_membership,
2082 char *after_group_ou, int after_security_flag, char *after_desc,
2083 char *MoiraId, char *filter)
2088 char new_dn_path[512];
2090 char *attr_array[3];
2091 char *mitMoiraId_v[] = {NULL, NULL};
2092 char *name_v[] = {NULL, NULL};
2093 char *samAccountName_v[] = {NULL, NULL};
2094 char *groupTypeControl_v[] = {NULL, NULL};
2095 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2096 char groupTypeControlStr[80];
2100 LK_ENTRY *group_base;
2103 if (!check_string(before_group_name))
2105 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
2106 return(AD_INVALID_NAME);
2108 if (!check_string(after_group_name))
2110 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
2111 return(AD_INVALID_NAME);
2116 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2117 before_group_membership,
2118 MoiraId, "distinguishedName", &group_base,
2119 &group_count, filter))
2122 if (group_count == 0)
2124 return(AD_NO_GROUPS_FOUND);
2126 if (group_count != 1)
2129 "Unable to process multiple groups with MoiraId = %s exist in the AD",
2131 return(AD_MULTIPLE_GROUPS_FOUND);
2133 strcpy(old_dn, group_base->value);
2135 linklist_free(group_base);
2138 attr_array[0] = "sAMAccountName";
2139 attr_array[1] = NULL;
2140 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2141 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2143 com_err(whoami, 0, "Unable to get list %s dn : %s",
2144 after_group_name, ldap_err2string(rc));
2147 if (group_count != 1)
2150 "Unable to get sAMAccountName for group %s",
2152 return(AD_LDAP_FAILURE);
2155 strcpy(sam_name, group_base->value);
2156 linklist_free(group_base);
2160 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2161 sprintf(new_dn, "cn=%s", after_group_name);
2162 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2163 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2165 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2166 before_group_name, after_group_name, ldap_err2string(rc));
2170 name_v[0] = after_group_name;
2171 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2173 sprintf(sam_name, "%s_group", after_group_name);
2177 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2178 before_group_name, after_group_name);
2181 samAccountName_v[0] = sam_name;
2182 if (after_security_flag)
2183 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2184 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2185 groupTypeControl_v[0] = groupTypeControlStr;
2186 mitMoiraId_v[0] = MoiraId;
2188 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2189 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2191 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2192 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2193 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2194 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2196 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2198 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2199 after_group_name, ldap_err2string(rc));
2201 for (i = 0; i < n; i++)
2206 int group_create(int ac, char **av, void *ptr)
2209 LK_ENTRY *group_base;
2212 char new_group_name[256];
2213 char sam_group_name[256];
2214 char cn_group_name[256];
2215 char *cn_v[] = {NULL, NULL};
2216 char *objectClass_v[] = {"top", "group", NULL};
2218 char *samAccountName_v[] = {NULL, NULL};
2219 char *altSecurityIdentities_v[] = {NULL, NULL};
2220 char *member_v[] = {NULL, NULL};
2221 char *name_v[] = {NULL, NULL};
2222 char *desc_v[] = {NULL, NULL};
2223 char *info_v[] = {NULL, NULL};
2224 char *mitMoiraId_v[] = {NULL, NULL};
2225 char *groupTypeControl_v[] = {NULL, NULL};
2226 char groupTypeControlStr[80];
2227 char group_membership[1];
2230 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2236 char *attr_array[3];
2241 if (!check_string(av[L_NAME]))
2243 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2244 return(AD_INVALID_NAME);
2247 updateGroup = (int)call_args[4];
2248 memset(group_ou, 0, sizeof(group_ou));
2249 memset(group_membership, 0, sizeof(group_membership));
2251 get_group_membership(group_membership, group_ou, &security_flag, av);
2252 strcpy(new_group_name, av[L_NAME]);
2253 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2255 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2257 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2262 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2263 groupTypeControl_v[0] = groupTypeControlStr;
2265 strcpy(cn_group_name, av[L_NAME]);
2267 samAccountName_v[0] = sam_group_name;
2268 name_v[0] = new_group_name;
2269 cn_v[0] = new_group_name;
2272 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2273 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2274 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2275 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2276 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2277 if (strlen(av[L_DESC]) != 0)
2279 desc_v[0] = av[L_DESC];
2280 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2282 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2283 if (strlen(av[L_ACE_NAME]) != 0)
2285 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2287 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2289 if (strlen(call_args[5]) != 0)
2291 mitMoiraId_v[0] = call_args[5];
2292 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2296 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2298 for (i = 0; i < n; i++)
2300 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2302 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2303 av[L_NAME], ldap_err2string(rc));
2308 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2310 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2311 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2312 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2314 if (strlen(call_args[5]) != 0)
2316 mitMoiraId_v[0] = call_args[5];
2317 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2319 if (!(atoi(av[L_ACTIVE])))
2322 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2328 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2329 for (i = 0; i < n; i++)
2331 if (rc != LDAP_SUCCESS)
2333 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2334 av[L_NAME], ldap_err2string(rc));
2341 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2342 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2344 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2345 if (strlen(call_args[5]) != 0)
2346 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2347 attr_array[0] = "objectSid";
2348 attr_array[1] = NULL;
2351 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2352 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2354 if (group_count != 1)
2356 if (strlen(call_args[5]) != 0)
2358 linklist_free(group_base);
2361 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2362 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2363 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2366 if (group_count == 1)
2368 (*sid_ptr) = group_base;
2369 (*sid_ptr)->member = strdup(av[L_NAME]);
2370 (*sid_ptr)->type = (char *)GROUPS;
2371 sid_ptr = &(*sid_ptr)->next;
2375 if (group_base != NULL)
2376 linklist_free(group_base);
2381 if (group_base != NULL)
2382 linklist_free(group_base);
2384 return(LDAP_SUCCESS);
2387 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2388 int HiddenGroup, char *AceType, char *AceName)
2390 char filter_exp[1024];
2391 char *attr_array[5];
2392 char search_path[512];
2394 char TemplateDn[512];
2395 char TemplateSamName[128];
2397 char TargetSamName[128];
2398 char AceSamAccountName[128];
2400 unsigned char AceSid[128];
2401 unsigned char UserTemplateSid[128];
2402 char acBERBuf[N_SD_BER_BYTES];
2403 char GroupSecurityTemplate[256];
2405 int UserTemplateSidCount;
2412 int array_count = 0;
2414 LK_ENTRY *group_base;
2415 LDAP_BERVAL **ppsValues;
2416 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2417 { N_SD_BER_BYTES, acBERBuf },
2420 LDAPControl *apsServerControls[] = {&sControl, NULL};
2423 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2424 BEREncodeSecurityBits(dwInfo, acBERBuf);
2426 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2427 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2428 attr_array[0] = "sAMAccountName";
2429 attr_array[1] = NULL;
2432 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2433 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2435 if (group_count != 1)
2437 linklist_free(group_base);
2440 strcpy(TargetDn, group_base->dn);
2441 strcpy(TargetSamName, group_base->value);
2442 linklist_free(group_base);
2446 UserTemplateSidCount = 0;
2447 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2448 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2449 memset(AceSid, '\0', sizeof(AceSid));
2453 if (strlen(AceName) != 0)
2455 if (!strcmp(AceType, "LIST"))
2457 sprintf(AceSamAccountName, "%s_group", AceName);
2458 strcpy(root_ou, group_ou_root);
2460 else if (!strcmp(AceType, "USER"))
2462 sprintf(AceSamAccountName, "%s", AceName);
2463 strcpy(root_ou, user_ou);
2465 if (strlen(AceSamAccountName) != 0)
2467 sprintf(search_path, "%s", dn_path);
2468 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2469 attr_array[0] = "objectSid";
2470 attr_array[1] = NULL;
2473 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2474 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2476 if (group_count == 1)
2478 strcpy(AceDn, group_base->dn);
2479 AceSidCount = group_base->length;
2480 memcpy(AceSid, group_base->value, AceSidCount);
2482 linklist_free(group_base);
2487 if (AceSidCount == 0)
2489 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2490 com_err(whoami, 0, " Non-admin security group template will be used.");
2494 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2495 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2496 attr_array[0] = "objectSid";
2497 attr_array[1] = NULL;
2501 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2502 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2504 if ((rc != 0) || (group_count != 1))
2506 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2511 UserTemplateSidCount = group_base->length;
2512 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2514 linklist_free(group_base);
2521 if (AceSidCount == 0)
2523 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2524 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2528 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2529 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2534 if (AceSidCount == 0)
2536 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2537 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2541 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2542 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2546 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2547 attr_array[0] = "sAMAccountName";
2548 attr_array[1] = NULL;
2551 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2552 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2554 if (group_count != 1)
2556 linklist_free(group_base);
2557 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2560 strcpy(TemplateDn, group_base->dn);
2561 strcpy(TemplateSamName, group_base->value);
2562 linklist_free(group_base);
2566 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2567 rc = ldap_search_ext_s(ldap_handle,
2579 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2581 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2584 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2585 if (ppsValues == NULL)
2587 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2591 if (AceSidCount != 0)
2593 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2595 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2597 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2599 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2607 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2610 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2611 for (i = 0; i < n; i++)
2613 ldap_value_free_len(ppsValues);
2614 ldap_msgfree(psMsg);
2615 if (rc != LDAP_SUCCESS)
2617 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2618 TargetGroupName, ldap_err2string(rc));
2619 if (AceSidCount != 0)
2621 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2623 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2624 HiddenGroup, "", ""))
2626 com_err(whoami, 0, "Unable to set security for group %s.",
2636 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2637 char *group_membership, char *MoiraId)
2639 LK_ENTRY *group_base;
2645 if (!check_string(group_name))
2647 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2648 return(AD_INVALID_NAME);
2651 memset(filter, '\0', sizeof(filter));
2654 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2655 if (rc = ad_get_group(ldap_handle, temp, group_name,
2656 group_membership, MoiraId,
2657 "distinguishedName", &group_base,
2658 &group_count, filter))
2661 if (group_count == 1)
2663 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2665 linklist_free(group_base);
2666 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2667 group_name, ldap_err2string(rc));
2670 linklist_free(group_base);
2674 linklist_free(group_base);
2675 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2676 return(AD_NO_GROUPS_FOUND);
2682 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2688 return(N_SD_BER_BYTES);
2691 int process_lists(int ac, char **av, void *ptr)
2696 char group_membership[2];
2702 memset(group_ou, '\0', sizeof(group_ou));
2703 memset(group_membership, '\0', sizeof(group_membership));
2704 get_group_membership(group_membership, group_ou, &security_flag, av);
2705 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2706 group_ou, group_membership, call_args[2],
2707 (char *)call_args[3], "");
2711 int member_list_build(int ac, char **av, void *ptr)
2719 strcpy(temp, av[ACE_NAME]);
2720 if (!check_string(temp))
2722 if (!strcmp(av[ACE_TYPE], "USER"))
2724 if (!((int)call_args[3] & MOIRA_USERS))
2727 else if (!strcmp(av[ACE_TYPE], "STRING"))
2729 if (!((int)call_args[3] & MOIRA_STRINGS))
2731 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2734 else if (!strcmp(av[ACE_TYPE], "LIST"))
2736 if (!((int)call_args[3] & MOIRA_LISTS))
2739 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2741 if (!((int)call_args[3] & MOIRA_KERBEROS))
2743 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2749 linklist = member_base;
2752 if (!strcasecmp(temp, linklist->member))
2754 linklist = linklist->next;
2756 linklist = calloc(1, sizeof(LK_ENTRY));
2758 linklist->dn = NULL;
2759 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2760 strcpy(linklist->list, call_args[2]);
2761 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2762 strcpy(linklist->type, av[ACE_TYPE]);
2763 linklist->member = calloc(1, strlen(temp) + 1);
2764 strcpy(linklist->member, temp);
2765 linklist->next = member_base;
2766 member_base = linklist;
2770 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2771 char *group_ou, char *group_membership, char *user_name,
2772 char *UserOu, char *MoiraId)
2774 char distinguished_name[1024];
2782 LK_ENTRY *group_base;
2785 if (!check_string(group_name))
2786 return(AD_INVALID_NAME);
2788 memset(filter, '\0', sizeof(filter));
2791 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2792 group_membership, MoiraId,
2793 "distinguishedName", &group_base,
2794 &group_count, filter))
2797 if (group_count != 1)
2799 com_err(whoami, 0, "Unable to find list %s in AD",
2801 linklist_free(group_base);
2806 strcpy(distinguished_name, group_base->value);
2807 linklist_free(group_base);
2811 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2812 modvalues[0] = temp;
2813 modvalues[1] = NULL;
2816 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2818 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2819 for (i = 0; i < n; i++)
2821 if (rc == LDAP_UNWILLING_TO_PERFORM)
2823 if (rc != LDAP_SUCCESS)
2825 com_err(whoami, 0, "Unable to modify list %s members : %s",
2826 group_name, ldap_err2string(rc));
2834 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2835 char *group_ou, char *group_membership, char *user_name,
2836 char *UserOu, char *MoiraId)
2838 char distinguished_name[1024];
2846 LK_ENTRY *group_base;
2849 if (!check_string(group_name))
2850 return(AD_INVALID_NAME);
2853 memset(filter, '\0', sizeof(filter));
2856 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2857 group_membership, MoiraId,
2858 "distinguishedName", &group_base,
2859 &group_count, filter))
2862 if (group_count != 1)
2864 linklist_free(group_base);
2867 com_err(whoami, 0, "Unable to find list %s in AD",
2869 return(AD_MULTIPLE_GROUPS_FOUND);
2872 strcpy(distinguished_name, group_base->value);
2873 linklist_free(group_base);
2877 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2878 modvalues[0] = temp;
2879 modvalues[1] = NULL;
2882 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2884 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2885 if (rc == LDAP_ALREADY_EXISTS)
2887 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2889 if (rc == LDAP_UNWILLING_TO_PERFORM)
2892 for (i = 0; i < n; i++)
2894 if (rc != LDAP_SUCCESS)
2896 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2897 user_name, group_name, ldap_err2string(rc));
2903 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2907 char cn_user_name[256];
2908 char contact_name[256];
2909 char *email_v[] = {NULL, NULL};
2910 char *cn_v[] = {NULL, NULL};
2911 char *contact_v[] = {NULL, NULL};
2912 char *objectClass_v[] = {"top", "person",
2913 "organizationalPerson",
2915 char *name_v[] = {NULL, NULL};
2916 char *desc_v[] = {NULL, NULL};
2921 if (!check_string(user))
2923 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2924 return(AD_INVALID_NAME);
2926 strcpy(contact_name, user);
2927 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2928 cn_v[0] = cn_user_name;
2929 contact_v[0] = contact_name;
2931 desc_v[0] = "Auto account created by Moira";
2934 strcpy(new_dn, cn_user_name);
2936 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2937 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2938 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2939 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2940 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2941 if (!strcmp(group_ou, contact_ou))
2943 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2947 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2948 for (i = 0; i < n; i++)
2950 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2953 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2954 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2955 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2956 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2957 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2959 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2960 for (i = 0; i < n; i++)
2963 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2965 com_err(whoami, 0, "Unable to create contact %s : %s",
2966 user, ldap_err2string(rc));
2972 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2973 char *Uid, char *MitId, char *MoiraId, int State,
2974 char *WinHomeDir, char *WinProfileDir)
2977 LK_ENTRY *group_base;
2979 char distinguished_name[512];
2980 char *mitMoiraId_v[] = {NULL, NULL};
2981 char *uid_v[] = {NULL, NULL};
2982 char *mitid_v[] = {NULL, NULL};
2983 char *homedir_v[] = {NULL, NULL};
2984 char *winProfile_v[] = {NULL, NULL};
2985 char *drives_v[] = {NULL, NULL};
2986 char *userAccountControl_v[] = {NULL, NULL};
2987 char userAccountControlStr[80];
2992 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2994 char *attr_array[3];
2997 if (!check_string(user_name))
2999 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3000 return(AD_INVALID_NAME);
3006 if (strlen(MoiraId) != 0)
3008 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3009 attr_array[0] = "cn";
3010 attr_array[1] = NULL;
3011 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3012 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3014 com_err(whoami, 0, "Unable to process user %s : %s",
3015 user_name, ldap_err2string(rc));
3019 if (group_count != 1)
3021 linklist_free(group_base);
3024 sprintf(filter, "(sAMAccountName=%s)", user_name);
3025 attr_array[0] = "cn";
3026 attr_array[1] = NULL;
3027 sprintf(temp, "%s,%s", user_ou, dn_path);
3028 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
3029 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3031 com_err(whoami, 0, "Unable to process user %s : %s",
3032 user_name, ldap_err2string(rc));
3037 if (group_count != 1)
3039 com_err(whoami, 0, "Unable to find user %s in AD",
3041 linklist_free(group_base);
3042 return(AD_NO_USER_FOUND);
3044 strcpy(distinguished_name, group_base->dn);
3046 linklist_free(group_base);
3049 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
3050 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
3051 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
3056 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3060 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3064 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3065 userAccountControl |= UF_ACCOUNTDISABLE;
3066 sprintf(userAccountControlStr, "%ld", userAccountControl);
3067 userAccountControl_v[0] = userAccountControlStr;
3068 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3070 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3071 WinProfileDir, homedir_v, winProfile_v,
3072 drives_v, mods, LDAP_MOD_REPLACE, n);
3075 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3077 OldUseSFU30 = UseSFU30;
3078 SwitchSFU(mods, &UseSFU30, n);
3079 if (OldUseSFU30 != UseSFU30)
3080 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3083 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3084 user_name, ldap_err2string(rc));
3087 for (i = 0; i < n; i++)
3092 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3100 char *userPrincipalName_v[] = {NULL, NULL};
3101 char *altSecurityIdentities_v[] = {NULL, NULL};
3102 char *name_v[] = {NULL, NULL};
3103 char *samAccountName_v[] = {NULL, NULL};
3108 if (!check_string(before_user_name))
3110 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
3111 return(AD_INVALID_NAME);
3113 if (!check_string(user_name))
3115 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3116 return(AD_INVALID_NAME);
3119 strcpy(user_name, user_name);
3120 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3121 sprintf(new_dn, "cn=%s", user_name);
3122 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3123 NULL, NULL)) != LDAP_SUCCESS)
3125 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
3126 before_user_name, user_name, ldap_err2string(rc));
3130 name_v[0] = user_name;
3131 sprintf(upn, "%s@%s", user_name, ldap_domain);
3132 userPrincipalName_v[0] = upn;
3133 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3134 altSecurityIdentities_v[0] = temp;
3135 samAccountName_v[0] = user_name;
3138 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3139 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3140 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3141 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3143 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3144 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3146 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
3147 user_name, ldap_err2string(rc));
3149 for (i = 0; i < n; i++)
3154 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3155 char *fs_type, char *fs_pack, int operation)
3157 char distinguished_name[256];
3159 char winProfile[256];
3161 char *attr_array[3];
3162 char *homedir_v[] = {NULL, NULL};
3163 char *winProfile_v[] = {NULL, NULL};
3164 char *drives_v[] = {NULL, NULL};
3170 LK_ENTRY *group_base;
3172 if (!check_string(fs_name))
3174 com_err(whoami, 0, "Unable to process invalid filesys name %s", fs_name);
3175 return(AD_INVALID_NAME);
3178 if (strcmp(fs_type, "AFS"))
3180 com_err(whoami, 0, "Unable to process invalid filesys type %s", fs_type);
3181 return(AD_INVALID_FILESYS);
3186 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3187 attr_array[0] = "cn";
3188 attr_array[1] = NULL;
3189 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3190 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3192 com_err(whoami, 0, "Unable to process filesys %s : %s",
3193 fs_name, ldap_err2string(rc));
3197 if (group_count != 1)
3199 linklist_free(group_base);
3200 com_err(whoami, 0, "Unable to find user %s in AD",
3202 return(LDAP_NO_SUCH_OBJECT);
3204 strcpy(distinguished_name, group_base->dn);
3205 linklist_free(group_base);
3209 if (operation == LDAP_MOD_ADD)
3211 memset(winPath, 0, sizeof(winPath));
3212 AfsToWinAfs(fs_pack, winPath);
3213 homedir_v[0] = winPath;
3215 memset(winProfile, 0, sizeof(winProfile));
3216 strcpy(winProfile, winPath);
3217 strcat(winProfile, "\\.winprofile");
3218 winProfile_v[0] = winProfile;
3222 homedir_v[0] = NULL;
3224 winProfile_v[0] = NULL;
3226 ADD_ATTR("profilePath", winProfile_v, operation);
3227 ADD_ATTR("homeDrive", drives_v, operation);
3228 ADD_ATTR("homeDirectory", homedir_v, operation);
3231 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3232 if (rc != LDAP_SUCCESS)
3234 com_err(whoami, 0, "Unable to modify user data for filesys %s : %s",
3235 fs_name, ldap_err2string(rc));
3237 for (i = 0; i < n; i++)
3243 int user_create(int ac, char **av, void *ptr)
3245 LK_ENTRY *group_base;
3248 char user_name[256];
3251 char *cn_v[] = {NULL, NULL};
3252 char *objectClass_v[] = {"top", "person",
3253 "organizationalPerson",
3256 char *samAccountName_v[] = {NULL, NULL};
3257 char *altSecurityIdentities_v[] = {NULL, NULL};
3258 char *mitMoiraId_v[] = {NULL, NULL};
3259 char *name_v[] = {NULL, NULL};
3260 char *desc_v[] = {NULL, NULL};
3261 char *userPrincipalName_v[] = {NULL, NULL};
3262 char *userAccountControl_v[] = {NULL, NULL};
3263 char *uid_v[] = {NULL, NULL};
3264 char *mitid_v[] = {NULL, NULL};
3265 char *homedir_v[] = {NULL, NULL};
3266 char *winProfile_v[] = {NULL, NULL};
3267 char *drives_v[] = {NULL, NULL};
3268 char userAccountControlStr[80];
3270 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3277 char *attr_array[3];
3279 char WinHomeDir[1024];
3280 char WinProfileDir[1024];
3284 if (!check_string(av[U_NAME]))
3286 callback_rc = AD_INVALID_NAME;
3287 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
3288 return(AD_INVALID_NAME);
3291 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3292 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3293 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3294 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3295 strcpy(user_name, av[U_NAME]);
3296 sprintf(upn, "%s@%s", user_name, ldap_domain);
3297 sprintf(sam_name, "%s", av[U_NAME]);
3298 samAccountName_v[0] = sam_name;
3299 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3300 userAccountControl |= UF_ACCOUNTDISABLE;
3301 sprintf(userAccountControlStr, "%ld", userAccountControl);
3302 userAccountControl_v[0] = userAccountControlStr;
3303 userPrincipalName_v[0] = upn;
3305 cn_v[0] = user_name;
3306 name_v[0] = user_name;
3307 desc_v[0] = "Auto account created by Moira";
3308 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3309 altSecurityIdentities_v[0] = temp;
3310 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3313 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3314 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3315 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3316 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3317 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3318 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3319 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3320 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3321 if (strlen(call_args[2]) != 0)
3323 mitMoiraId_v[0] = call_args[2];
3324 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3326 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3327 if (strlen(av[U_UID]) != 0)
3329 uid_v[0] = av[U_UID];
3330 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3333 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3337 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3340 if (strlen(av[U_MITID]) != 0)
3341 mitid_v[0] = av[U_MITID];
3343 mitid_v[0] = "none";
3344 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3346 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3347 WinProfileDir, homedir_v, winProfile_v,
3348 drives_v, mods, LDAP_MOD_ADD, n);
3352 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3353 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3355 OldUseSFU30 = UseSFU30;
3356 SwitchSFU(mods, &UseSFU30, n);
3357 if (OldUseSFU30 != UseSFU30)
3358 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3361 for (i = 0; i < n; i++)
3363 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3365 com_err(whoami, 0, "Unable to create user %s : %s",
3366 user_name, ldap_err2string(rc));
3370 if (rc == LDAP_SUCCESS)
3372 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3374 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3378 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3379 if (strlen(call_args[2]) != 0)
3380 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3381 attr_array[0] = "objectSid";
3382 attr_array[1] = NULL;
3385 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3386 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3388 if (group_count != 1)
3390 if (strlen(call_args[2]) != 0)
3392 linklist_free(group_base);
3395 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3396 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3397 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3400 if (group_count == 1)
3402 (*sid_ptr) = group_base;
3403 (*sid_ptr)->member = strdup(av[U_NAME]);
3404 (*sid_ptr)->type = (char *)GROUPS;
3405 sid_ptr = &(*sid_ptr)->next;
3409 if (group_base != NULL)
3410 linklist_free(group_base);
3415 if (group_base != NULL)
3416 linklist_free(group_base);
3421 int user_change_status(LDAP *ldap_handle, char *dn_path,
3422 char *user_name, char *MoiraId,
3426 char *attr_array[3];
3428 char distinguished_name[1024];
3430 char *mitMoiraId_v[] = {NULL, NULL};
3432 LK_ENTRY *group_base;
3439 if (!check_string(user_name))
3441 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3442 return(AD_INVALID_NAME);
3448 if (strlen(MoiraId) != 0)
3450 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3451 attr_array[0] = "UserAccountControl";
3452 attr_array[1] = NULL;
3453 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3454 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3456 com_err(whoami, 0, "Unable to process user %s : %s",
3457 user_name, ldap_err2string(rc));
3461 if (group_count != 1)
3463 linklist_free(group_base);
3466 sprintf(filter, "(sAMAccountName=%s)", user_name);
3467 attr_array[0] = "UserAccountControl";
3468 attr_array[1] = NULL;
3469 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3470 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3472 com_err(whoami, 0, "Unable to process user %s : %s",
3473 user_name, ldap_err2string(rc));
3478 if (group_count != 1)
3480 linklist_free(group_base);
3481 com_err(whoami, 0, "Unable to find user %s in AD",
3483 return(LDAP_NO_SUCH_OBJECT);
3486 strcpy(distinguished_name, group_base->dn);
3487 ulongValue = atoi((*group_base).value);
3488 if (operation == MEMBER_DEACTIVATE)
3489 ulongValue |= UF_ACCOUNTDISABLE;
3491 ulongValue &= ~UF_ACCOUNTDISABLE;
3492 sprintf(temp, "%ld", ulongValue);
3493 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3494 temp, &modvalues, REPLACE)) == 1)
3496 linklist_free(group_base);
3500 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3501 if (strlen(MoiraId) != 0)
3503 mitMoiraId_v[0] = MoiraId;
3504 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3507 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3508 for (i = 0; i < n; i++)
3510 free_values(modvalues);
3511 if (rc != LDAP_SUCCESS)
3513 com_err(whoami, 0, "Unable to change status of user %s : %s",
3514 user_name, ldap_err2string(rc));
3520 int user_delete(LDAP *ldap_handle, char *dn_path,
3521 char *u_name, char *MoiraId)
3524 char *attr_array[3];
3525 char distinguished_name[1024];
3526 char user_name[512];
3527 LK_ENTRY *group_base;
3531 if (!check_string(u_name))
3532 return(AD_INVALID_NAME);
3534 strcpy(user_name, u_name);
3538 if (strlen(MoiraId) != 0)
3540 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3541 attr_array[0] = "name";
3542 attr_array[1] = NULL;
3543 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3544 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3546 com_err(whoami, 0, "Unable to process user %s : %s",
3547 user_name, ldap_err2string(rc));
3551 if (group_count != 1)
3553 linklist_free(group_base);
3556 sprintf(filter, "(sAMAccountName=%s)", user_name);
3557 attr_array[0] = "name";
3558 attr_array[1] = NULL;
3559 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3560 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3562 com_err(whoami, 0, "Unable to process user %s : %s",
3563 user_name, ldap_err2string(rc));
3568 if (group_count != 1)
3570 com_err(whoami, 0, "Unable to find user %s in AD",
3575 strcpy(distinguished_name, group_base->dn);
3576 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3578 com_err(whoami, 0, "Unable to process user %s : %s",
3579 user_name, ldap_err2string(rc));
3583 linklist_free(group_base);
3587 void linklist_free(LK_ENTRY *linklist_base)
3589 LK_ENTRY *linklist_previous;
3591 while (linklist_base != NULL)
3593 if (linklist_base->dn != NULL)
3594 free(linklist_base->dn);
3595 if (linklist_base->attribute != NULL)
3596 free(linklist_base->attribute);
3597 if (linklist_base->value != NULL)
3598 free(linklist_base->value);
3599 if (linklist_base->member != NULL)
3600 free(linklist_base->member);
3601 if (linklist_base->type != NULL)
3602 free(linklist_base->type);
3603 if (linklist_base->list != NULL)
3604 free(linklist_base->list);
3605 linklist_previous = linklist_base;
3606 linklist_base = linklist_previous->next;
3607 free(linklist_previous);
3611 void free_values(char **modvalues)
3616 if (modvalues != NULL)
3618 while (modvalues[i] != NULL)
3621 modvalues[i] = NULL;
3628 int sid_update(LDAP *ldap_handle, char *dn_path)
3632 unsigned char temp[126];
3639 memset(temp, 0, sizeof(temp));
3640 convert_b_to_a(temp, ptr->value, ptr->length);
3643 av[0] = ptr->member;
3645 if (ptr->type == (char *)GROUPS)
3648 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3650 else if (ptr->type == (char *)USERS)
3653 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3660 void convert_b_to_a(char *string, UCHAR *binary, int length)
3667 for (i = 0; i < length; i++)
3674 if (string[j] > '9')
3677 string[j] = tmp & 0x0f;
3679 if (string[j] > '9')
3686 static int illegalchars[] = {
3687 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3688 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3689 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3690 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3691 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3692 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3693 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3694 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3695 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3696 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3697 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3698 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3699 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3700 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3701 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3702 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3705 int check_string(char *s)
3712 if (isupper(character))
3713 character = tolower(character);
3714 if (illegalchars[(unsigned) character])
3720 int check_container_name(char *s)
3727 if (isupper(character))
3728 character = tolower(character);
3730 if (character == ' ')
3732 if (illegalchars[(unsigned) character])
3738 int mr_connect_cl(char *server, char *client, int version, int auth)
3744 status = mr_connect(server);
3747 com_err(whoami, status, "while connecting to Moira");
3751 status = mr_motd(&motd);
3755 com_err(whoami, status, "while checking server status");
3760 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3761 com_err(whoami, status, temp);
3766 status = mr_version(version);
3769 if (status == MR_UNKNOWN_PROC)
3772 status = MR_VERSION_HIGH;
3774 status = MR_SUCCESS;
3777 if (status == MR_VERSION_HIGH)
3779 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3780 com_err(whoami, 0, "Some operations may not work.");
3782 else if (status && status != MR_VERSION_LOW)
3784 com_err(whoami, status, "while setting query version number.");
3792 status = mr_auth(client);
3795 com_err(whoami, status, "while authenticating to Moira.");
3804 void AfsToWinAfs(char* path, char* winPath)
3808 strcpy(winPath, WINAFS);
3809 pathPtr = path + strlen(AFS);
3810 winPathPtr = winPath + strlen(WINAFS);
3814 if (*pathPtr == '/')
3817 *winPathPtr = *pathPtr;
3824 int GetAceInfo(int ac, char **av, void *ptr)
3831 strcpy(call_args[0], av[L_ACE_TYPE]);
3832 strcpy(call_args[1], av[L_ACE_NAME]);
3834 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3835 return(LDAP_SUCCESS);
3839 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3842 char *attr_array[3];
3845 LK_ENTRY *group_base;
3850 sprintf(filter, "(sAMAccountName=%s)", Name);
3851 attr_array[0] = "sAMAccountName";
3852 attr_array[1] = NULL;
3853 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3854 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3856 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3857 Name, ldap_err2string(rc));
3861 linklist_free(group_base);
3863 if (group_count == 0)
3870 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3873 char GroupName[256];
3879 char AceMembership[2];
3883 strcpy(GroupName, Name);
3885 if (strcasecmp(Type, "LIST"))
3890 AceInfo[0] = AceType;
3891 AceInfo[1] = AceName;
3892 AceInfo[2] = AceMembership;
3894 memset(AceType, '\0', sizeof(AceType));
3895 memset(AceName, '\0', sizeof(AceName));
3896 memset(AceMembership, '\0', sizeof(AceMembership));
3897 memset(AceOu, '\0', sizeof(AceOu));
3899 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3901 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3906 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3909 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3911 strcpy(temp, AceName);
3912 if (!strcasecmp(AceType, "LIST"))
3913 sprintf(temp, "%s_group", AceName);
3916 if (checkADname(ldap_handle, dn_path, temp))
3918 (*ProcessGroup) = 1;
3920 if (!strcasecmp(AceInfo[0], "LIST"))
3922 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3925 else if (!strcasecmp(AceInfo[0], "USER"))
3928 call_args[0] = (char *)ldap_handle;
3929 call_args[1] = dn_path;
3931 call_args[3] = NULL;
3933 sid_ptr = &sid_base;
3935 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3937 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3942 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3945 if (sid_base != NULL)
3947 sid_update(ldap_handle, dn_path);
3948 linklist_free(sid_base);
3955 if (!strcasecmp(AceType, "LIST"))
3957 if (!strcasecmp(GroupName, AceName))
3960 strcpy(GroupName, AceName);
3965 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3966 char *group_name, char *group_ou, char *group_membership,
3967 int group_security_flag, int updateGroup)
3974 call_args[0] = (char *)ldap_handle;
3975 call_args[1] = dn_path;
3976 call_args[2] = group_name;
3977 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3978 call_args[4] = (char *)updateGroup;
3979 call_args[5] = MoiraId;
3980 call_args[6] = NULL;
3982 sid_ptr = &sid_base;
3984 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3987 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3993 com_err(whoami, 0, "Unable to create list %s", group_name);
3994 return(callback_rc);
3997 if (sid_base != NULL)
3999 sid_update(ldap_handle, dn_path);
4000 linklist_free(sid_base);
4006 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
4007 char *group_ou, char *group_membership,
4008 int group_security_flag, char *MoiraId)
4016 com_err(whoami, 0, "Populating group %s", group_name);
4018 call_args[0] = (char *)ldap_handle;
4019 call_args[1] = dn_path;
4020 call_args[2] = group_name;
4021 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
4022 call_args[4] = NULL;
4024 if (rc = mr_query("get_end_members_of_list", 1, av,
4025 member_list_build, call_args))
4027 com_err(whoami, 0, "Unable to populate list %s : %s",
4028 group_name, error_message(rc));
4031 if (member_base != NULL)
4036 if (!strcasecmp(ptr->type, "LIST"))
4042 if (!strcasecmp(ptr->type, "STRING"))
4044 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4046 pUserOu = contact_ou;
4048 else if (!strcasecmp(ptr->type, "KERBEROS"))
4050 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4052 pUserOu = kerberos_ou;
4054 rc = member_add(ldap_handle, dn_path, group_name,
4055 group_ou, group_membership, ptr->member,
4059 linklist_free(member_base);
4065 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4066 char *group_name, char *group_ou, char *group_membership,
4067 int group_security_flag, int type)
4069 char before_desc[512];
4070 char before_name[256];
4071 char before_group_ou[256];
4072 char before_group_membership[2];
4073 char distinguishedName[256];
4074 char ad_distinguishedName[256];
4076 char *attr_array[3];
4077 int before_security_flag;
4080 LK_ENTRY *group_base;
4083 char ou_security[512];
4084 char ou_distribution[512];
4085 char ou_neither[512];
4087 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4088 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4091 memset(filter, '\0', sizeof(filter));
4094 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4096 "distinguishedName", &group_base,
4097 &group_count, filter))
4100 if (type == CHECK_GROUPS)
4102 if (group_count == 1)
4104 if (!strcasecmp(group_base->value, distinguishedName))
4106 linklist_free(group_base);
4110 linklist_free(group_base);
4111 if (group_count == 0)
4112 return(AD_NO_GROUPS_FOUND);
4113 if (group_count == 1)
4114 return(AD_WRONG_GROUP_DN_FOUND);
4115 return(AD_MULTIPLE_GROUPS_FOUND);
4117 if (group_count == 0)
4119 return(AD_NO_GROUPS_FOUND);
4121 if (group_count > 1)
4126 if (!strcasecmp(distinguishedName, ptr->value))
4132 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4136 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4139 linklist_free(group_base);
4140 return(AD_MULTIPLE_GROUPS_FOUND);
4145 if (strcasecmp(distinguishedName, ptr->value))
4146 rc = ldap_delete_s(ldap_handle, ptr->value);
4149 linklist_free(group_base);
4150 memset(filter, '\0', sizeof(filter));
4153 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4155 "distinguishedName", &group_base,
4156 &group_count, filter))
4158 if (group_count == 0)
4159 return(AD_NO_GROUPS_FOUND);
4160 if (group_count > 1)
4161 return(AD_MULTIPLE_GROUPS_FOUND);
4164 strcpy(ad_distinguishedName, group_base->value);
4165 linklist_free(group_base);
4169 attr_array[0] = "sAMAccountName";
4170 attr_array[1] = NULL;
4171 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4172 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4174 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4175 MoiraId, ldap_err2string(rc));
4178 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4180 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4182 linklist_free(group_base);
4187 linklist_free(group_base);
4190 memset(ou_both, '\0', sizeof(ou_both));
4191 memset(ou_security, '\0', sizeof(ou_security));
4192 memset(ou_distribution, '\0', sizeof(ou_distribution));
4193 memset(ou_neither, '\0', sizeof(ou_neither));
4194 memset(before_name, '\0', sizeof(before_name));
4195 memset(before_desc, '\0', sizeof(before_desc));
4196 memset(before_group_membership, '\0', sizeof(before_group_membership));
4197 attr_array[0] = "name";
4198 attr_array[1] = NULL;
4199 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4200 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4202 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
4203 MoiraId, ldap_err2string(rc));
4206 strcpy(before_name, group_base->value);
4207 linklist_free(group_base);
4210 attr_array[0] = "description";
4211 attr_array[1] = NULL;
4212 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4213 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4216 "Unable to get list description with MoiraId = %s: %s",
4217 MoiraId, ldap_err2string(rc));
4220 if (group_count != 0)
4222 strcpy(before_desc, group_base->value);
4223 linklist_free(group_base);
4227 change_to_lower_case(ad_distinguishedName);
4228 strcpy(ou_both, group_ou_both);
4229 change_to_lower_case(ou_both);
4230 strcpy(ou_security, group_ou_security);
4231 change_to_lower_case(ou_security);
4232 strcpy(ou_distribution, group_ou_distribution);
4233 change_to_lower_case(ou_distribution);
4234 strcpy(ou_neither, group_ou_neither);
4235 change_to_lower_case(ou_neither);
4236 if (strstr(ad_distinguishedName, ou_both))
4238 strcpy(before_group_ou, group_ou_both);
4239 before_group_membership[0] = 'B';
4240 before_security_flag = 1;
4242 else if (strstr(ad_distinguishedName, ou_security))
4244 strcpy(before_group_ou, group_ou_security);
4245 before_group_membership[0] = 'S';
4246 before_security_flag = 1;
4248 else if (strstr(ad_distinguishedName, ou_distribution))
4250 strcpy(before_group_ou, group_ou_distribution);
4251 before_group_membership[0] = 'D';
4252 before_security_flag = 0;
4254 else if (strstr(ad_distinguishedName, ou_neither))
4256 strcpy(before_group_ou, group_ou_neither);
4257 before_group_membership[0] = 'N';
4258 before_security_flag = 0;
4261 return(AD_NO_OU_FOUND);
4262 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4263 before_group_ou, before_security_flag, before_desc,
4264 group_name, group_membership, group_ou, group_security_flag,
4265 before_desc, MoiraId, filter);
4269 void change_to_lower_case(char *ptr)
4273 for (i = 0; i < (int)strlen(ptr); i++)
4275 ptr[i] = tolower(ptr[i]);
4279 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4280 char *group_name, char *group_membership,
4281 char *MoiraId, char *attribute,
4282 LK_ENTRY **linklist_base, int *linklist_count,
4287 char *attr_array[3];
4290 (*linklist_base) = NULL;
4291 (*linklist_count) = 0;
4292 if (strlen(rFilter) != 0)
4294 strcpy(filter, rFilter);
4295 attr_array[0] = attribute;
4296 attr_array[1] = NULL;
4297 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4298 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4300 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4301 MoiraId, ldap_err2string(rc));
4304 if ((*linklist_count) == 1)
4306 strcpy(rFilter, filter);
4311 linklist_free((*linklist_base));
4312 (*linklist_base) = NULL;
4313 (*linklist_count) = 0;
4314 if (strlen(MoiraId) != 0)
4316 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4317 attr_array[0] = attribute;
4318 attr_array[1] = NULL;
4319 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4320 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4322 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4323 MoiraId, ldap_err2string(rc));
4327 if ((*linklist_count) > 1)
4329 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4330 pPtr = (*linklist_base);
4333 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4336 linklist_free((*linklist_base));
4337 (*linklist_base) = NULL;
4338 (*linklist_count) = 0;
4340 if ((*linklist_count) == 1)
4342 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4344 strcpy(rFilter, filter);
4349 linklist_free((*linklist_base));
4350 (*linklist_base) = NULL;
4351 (*linklist_count) = 0;
4352 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4353 attr_array[0] = attribute;
4354 attr_array[1] = NULL;
4355 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4356 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4358 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4359 MoiraId, ldap_err2string(rc));
4362 if ((*linklist_count) == 1)
4364 strcpy(rFilter, filter);
4371 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4374 char *attr_array[3];
4375 char SamAccountName[64];
4378 LK_ENTRY *group_base;
4384 if (strlen(MoiraId) != 0)
4386 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4387 attr_array[0] = "sAMAccountName";
4388 attr_array[1] = NULL;
4389 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4390 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4392 com_err(whoami, 0, "Unable to process user %s : %s",
4393 UserName, ldap_err2string(rc));
4396 if (group_count > 1)
4398 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4403 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4404 gPtr->value, MoiraId);
4409 if (group_count != 1)
4411 linklist_free(group_base);
4414 sprintf(filter, "(sAMAccountName=%s)", UserName);
4415 attr_array[0] = "sAMAccountName";
4416 attr_array[1] = NULL;
4417 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4418 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4420 com_err(whoami, 0, "Unable to process user %s : %s",
4421 UserName, ldap_err2string(rc));
4426 if (group_count != 1)
4428 linklist_free(group_base);
4429 return(AD_NO_USER_FOUND);
4431 strcpy(SamAccountName, group_base->value);
4432 linklist_free(group_base);
4435 if (strcmp(SamAccountName, UserName))
4437 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4443 void container_get_dn(char *src, char *dest)
4450 memset(array, '\0', 20 * sizeof(array[0]));
4452 if (strlen(src) == 0)
4471 strcpy(dest, "OU=");
4474 strcat(dest, array[n-1]);
4478 strcat(dest, ",OU=");
4484 void container_get_name(char *src, char *dest)
4489 if (strlen(src) == 0)
4506 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4513 strcpy(cName, name);
4514 for (i = 0; i < (int)strlen(cName); i++)
4516 if (cName[i] == '/')
4519 av[CONTAINER_NAME] = cName;
4520 av[CONTAINER_DESC] = "";
4521 av[CONTAINER_LOCATION] = "";
4522 av[CONTAINER_CONTACT] = "";
4523 av[CONTAINER_TYPE] = "";
4524 av[CONTAINER_ID] = "";
4525 av[CONTAINER_ROWID] = "";
4526 rc = container_create(ldap_handle, dn_path, 7, av);
4527 if (rc == LDAP_SUCCESS)
4529 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4537 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4538 int afterc, char **after)
4543 char new_dn_path[256];
4545 char distinguishedName[256];
4550 memset(cName, '\0', sizeof(cName));
4551 container_get_name(after[CONTAINER_NAME], cName);
4552 if (!check_container_name(cName))
4554 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4555 return(AD_INVALID_NAME);
4558 memset(distinguishedName, '\0', sizeof(distinguishedName));
4559 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4561 if (strlen(distinguishedName) == 0)
4563 rc = container_create(ldap_handle, dn_path, afterc, after);
4567 strcpy(temp, after[CONTAINER_NAME]);
4569 for (i = 0; i < (int)strlen(temp); i++)
4578 container_get_dn(temp, dName);
4579 if (strlen(temp) != 0)
4580 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4582 sprintf(new_dn_path, "%s", dn_path);
4583 sprintf(new_cn, "OU=%s", cName);
4585 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4587 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4588 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4590 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4591 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4595 memset(dName, '\0', sizeof(dName));
4596 container_get_dn(after[CONTAINER_NAME], dName);
4597 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4601 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4603 char distinguishedName[256];
4606 memset(distinguishedName, '\0', sizeof(distinguishedName));
4607 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4609 if (strlen(distinguishedName) == 0)
4611 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4613 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4614 container_move_objects(ldap_handle, dn_path, distinguishedName);
4616 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4617 av[CONTAINER_NAME], ldap_err2string(rc));
4622 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4624 char *attr_array[3];
4625 LK_ENTRY *group_base;
4628 char *objectClass_v[] = {"top",
4629 "organizationalUnit",
4632 char *ou_v[] = {NULL, NULL};
4633 char *name_v[] = {NULL, NULL};
4634 char *moiraId_v[] = {NULL, NULL};
4635 char *desc_v[] = {NULL, NULL};
4636 char *managedBy_v[] = {NULL, NULL};
4639 char managedByDN[256];
4646 memset(filter, '\0', sizeof(filter));
4647 memset(dName, '\0', sizeof(dName));
4648 memset(cName, '\0', sizeof(cName));
4649 memset(managedByDN, '\0', sizeof(managedByDN));
4650 container_get_dn(av[CONTAINER_NAME], dName);
4651 container_get_name(av[CONTAINER_NAME], cName);
4653 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4655 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4656 return(AD_INVALID_NAME);
4659 if (!check_container_name(cName))
4661 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4662 return(AD_INVALID_NAME);
4666 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4668 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4670 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4671 if (strlen(av[CONTAINER_ROWID]) != 0)
4673 moiraId_v[0] = av[CONTAINER_ROWID];
4674 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4676 if (strlen(av[CONTAINER_DESC]) != 0)
4678 desc_v[0] = av[CONTAINER_DESC];
4679 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4681 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4683 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4685 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4687 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4688 managedBy_v[0] = managedByDN;
4689 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4694 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4696 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4698 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4700 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4702 if (strlen(filter) != 0)
4704 attr_array[0] = "distinguishedName";
4705 attr_array[1] = NULL;
4708 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4709 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4711 if (group_count == 1)
4713 strcpy(managedByDN, group_base->value);
4714 managedBy_v[0] = managedByDN;
4715 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4717 linklist_free(group_base);
4726 sprintf(temp, "%s,%s", dName, dn_path);
4727 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4728 for (i = 0; i < n; i++)
4730 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4732 com_err(whoami, 0, "Unable to create container %s : %s",
4733 cName, ldap_err2string(rc));
4736 if (rc == LDAP_ALREADY_EXISTS)
4738 if (strlen(av[CONTAINER_ROWID]) != 0)
4739 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4744 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4745 int afterc, char **after)
4747 char distinguishedName[256];
4750 memset(distinguishedName, '\0', sizeof(distinguishedName));
4751 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4753 if (strlen(distinguishedName) == 0)
4755 rc = container_create(ldap_handle, dn_path, afterc, after);
4759 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4760 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4765 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4767 char *attr_array[3];
4768 LK_ENTRY *group_base;
4775 memset(filter, '\0', sizeof(filter));
4776 memset(dName, '\0', sizeof(dName));
4777 memset(cName, '\0', sizeof(cName));
4778 container_get_dn(av[CONTAINER_NAME], dName);
4779 container_get_name(av[CONTAINER_NAME], cName);
4781 if (strlen(dName) == 0)
4783 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4784 return(AD_INVALID_NAME);
4787 if (!check_container_name(cName))
4789 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4790 return(AD_INVALID_NAME);
4793 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4794 attr_array[0] = "distinguishedName";
4795 attr_array[1] = NULL;
4798 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4799 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4801 if (group_count == 1)
4803 strcpy(distinguishedName, group_base->value);
4805 linklist_free(group_base);
4809 if (strlen(distinguishedName) == 0)
4811 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4812 attr_array[0] = "distinguishedName";
4813 attr_array[1] = NULL;
4816 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4817 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4819 if (group_count == 1)
4821 strcpy(distinguishedName, group_base->value);
4823 linklist_free(group_base);
4831 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4832 char *distinguishedName, int count, char **av)
4834 char *attr_array[5];
4835 LK_ENTRY *group_base;
4840 char *moiraId_v[] = {NULL, NULL};
4841 char *desc_v[] = {NULL, NULL};
4842 char *managedBy_v[] = {NULL, NULL};
4843 char managedByDN[256];
4852 strcpy(ad_path, distinguishedName);
4853 if (strlen(dName) != 0)
4854 sprintf(ad_path, "%s,%s", dName, dn_path);
4856 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4857 if (strlen(av[CONTAINER_ID]) != 0)
4858 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4859 attr_array[0] = "mitMoiraId";
4860 attr_array[1] = "description";
4861 attr_array[2] = "managedBy";
4862 attr_array[3] = NULL;
4865 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4866 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4868 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4869 av[CONTAINER_NAME], ldap_err2string(rc));
4872 memset(managedByDN, '\0', sizeof(managedByDN));
4873 memset(moiraId, '\0', sizeof(moiraId));
4874 memset(desc, '\0', sizeof(desc));
4878 if (!strcasecmp(pPtr->attribute, "description"))
4879 strcpy(desc, pPtr->value);
4880 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4881 strcpy(managedByDN, pPtr->value);
4882 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4883 strcpy(moiraId, pPtr->value);
4886 linklist_free(group_base);
4891 if (strlen(av[CONTAINER_ROWID]) != 0)
4893 moiraId_v[0] = av[CONTAINER_ROWID];
4894 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4896 if (strlen(av[CONTAINER_DESC]) != 0)
4898 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4902 if (strlen(desc) != 0)
4904 attribute_update(ldap_handle, ad_path, "", "description", dName);
4907 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4909 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4911 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4913 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4914 managedBy_v[0] = managedByDN;
4915 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4919 if (strlen(managedByDN) != 0)
4921 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4927 memset(filter, '\0', sizeof(filter));
4928 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4930 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4932 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4934 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4936 if (strlen(filter) != 0)
4938 attr_array[0] = "distinguishedName";
4939 attr_array[1] = NULL;
4942 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4943 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4945 if (group_count == 1)
4947 strcpy(managedByDN, group_base->value);
4948 managedBy_v[0] = managedByDN;
4949 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4953 if (strlen(managedByDN) != 0)
4955 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4958 linklist_free(group_base);
4965 if (strlen(managedByDN) != 0)
4967 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4974 return(LDAP_SUCCESS);
4976 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4977 for (i = 0; i < n; i++)
4979 if (rc != LDAP_SUCCESS)
4981 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4982 av[CONTAINER_NAME], ldap_err2string(rc));
4988 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4990 char *attr_array[3];
4991 LK_ENTRY *group_base;
4998 int NumberOfEntries = 10;
5002 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
5004 for (i = 0; i < 3; i++)
5006 memset(filter, '\0', sizeof(filter));
5009 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
5010 attr_array[0] = "cn";
5011 attr_array[1] = NULL;
5015 strcpy(filter, "(objectClass=computer)");
5016 attr_array[0] = "cn";
5017 attr_array[1] = NULL;
5021 strcpy(filter, "(objectClass=organizationalUnit)");
5022 attr_array[0] = "ou";
5023 attr_array[1] = NULL;
5028 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5029 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5033 if (group_count == 0)
5038 if (!strcasecmp(pPtr->attribute, "cn"))
5040 sprintf(new_cn, "cn=%s", pPtr->value);
5042 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5044 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5048 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5050 if (rc == LDAP_ALREADY_EXISTS)
5052 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5059 else if (!strcasecmp(pPtr->attribute, "ou"))
5061 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5065 linklist_free(group_base);
5073 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5075 LK_ENTRY *group_base;
5079 char *attr_array[3];
5086 strcpy(NewMachineName, member);
5087 rc = moira_connect();
5088 rc = GetMachineName(NewMachineName);
5090 if (strlen(NewMachineName) == 0)
5092 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5097 pPtr = strchr(NewMachineName, '.');
5103 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5104 attr_array[0] = "cn";
5105 attr_array[1] = NULL;
5106 sprintf(temp, "%s", dn_path);
5107 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5108 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5110 com_err(whoami, 0, "Unable to process machine %s : %s",
5111 member, ldap_err2string(rc));
5114 if (group_count != 1)
5116 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
5120 strcpy(dn, group_base->dn);
5121 strcpy(cn, group_base->value);
5122 for (i = 0; i < (int)strlen(dn); i++)
5123 dn[i] = tolower(dn[i]);
5124 for (i = 0; i < (int)strlen(cn); i++)
5125 cn[i] = tolower(cn[i]);
5126 linklist_free(group_base);
5128 pPtr = strstr(dn, cn);
5131 com_err(whoami, 0, "Unable to process machine %s",
5135 pPtr += strlen(cn) + 1;
5136 strcpy(machine_ou, pPtr);
5138 pPtr = strstr(machine_ou, "dc=");
5141 com_err(whoami, 0, "Unable to process machine %s",
5150 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5155 char MachineName[128];
5157 char *attr_array[3];
5162 LK_ENTRY *group_base;
5167 strcpy(MachineName, MoiraMachineName);
5168 rc = GetMachineName(MachineName);
5169 if (strlen(MachineName) == 0)
5171 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5175 cPtr = strchr(MachineName, '.');
5178 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5179 attr_array[0] = "sAMAccountName";
5180 attr_array[1] = NULL;
5181 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5182 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5184 com_err(whoami, 0, "Unable to process machine %s : %s",
5185 MoiraMachineName, ldap_err2string(rc));
5189 if (group_count == 1)
5190 strcpy(OldDn, group_base->dn);
5191 linklist_free(group_base);
5193 if (group_count != 1)
5195 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5198 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5199 cPtr = strchr(OldDn, ',');
5203 if (!strcasecmp(cPtr, NewOu))
5206 sprintf(NewCn, "CN=%s", MachineName);
5207 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5211 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5217 memset(Name, '\0', sizeof(Name));
5218 strcpy(Name, machine_name);
5220 pPtr = strchr(Name, '.');
5224 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5227 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5233 av[0] = machine_name;
5234 call_args[0] = (char *)container_name;
5235 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5240 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5245 strcpy(call_args[0], av[1]);
5249 int Moira_container_group_create(char **after)
5255 memset(GroupName, '\0', sizeof(GroupName));
5256 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5257 after[CONTAINER_ROWID]);
5261 argv[L_NAME] = GroupName;
5262 argv[L_ACTIVE] = "1";
5263 argv[L_PUBLIC] = "0";
5264 argv[L_HIDDEN] = "0";
5265 argv[L_MAILLIST] = "0";
5266 argv[L_GROUP] = "1";
5267 argv[L_GID] = UNIQUE_GID;
5268 argv[L_NFSGROUP] = "0";
5269 argv[L_MAILMAN] = "0";
5270 argv[L_MAILMAN_SERVER] = "[NONE]";
5271 argv[L_DESC] = "auto created container group";
5272 argv[L_ACE_TYPE] = "USER";
5273 argv[L_MEMACE_TYPE] = "USER";
5274 argv[L_ACE_NAME] = "sms";
5275 argv[L_MEMACE_NAME] = "sms";
5277 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5279 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
5280 GroupName, after[CONTAINER_NAME], error_message(rc));
5283 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5284 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5289 int Moira_container_group_update(char **before, char **after)
5292 char BeforeGroupName[64];
5293 char AfterGroupName[64];
5296 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5299 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5300 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5301 if (strlen(BeforeGroupName) == 0)
5304 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5305 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5306 after[CONTAINER_ROWID]);
5310 if (strcasecmp(BeforeGroupName, AfterGroupName))
5312 argv[L_NAME] = BeforeGroupName;
5313 argv[L_NAME + 1] = AfterGroupName;
5314 argv[L_ACTIVE + 1] = "1";
5315 argv[L_PUBLIC + 1] = "0";
5316 argv[L_HIDDEN + 1] = "1";
5317 argv[L_MAILLIST + 1] = "0";
5318 argv[L_GROUP + 1] = "1";
5319 argv[L_GID + 1] = UNIQUE_GID;
5320 argv[L_NFSGROUP + 1] = "0";
5321 argv[L_MAILMAN + 1] = "0";
5322 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5323 argv[L_DESC + 1] = "auto created container group";
5324 argv[L_ACE_TYPE + 1] = "USER";
5325 argv[L_MEMACE_TYPE + 1] = "USER";
5326 argv[L_ACE_NAME + 1] = "sms";
5327 argv[L_MEMACE_NAME + 1] = "sms";
5329 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5331 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
5332 BeforeGroupName, AfterGroupName, error_message(rc));
5339 int Moira_container_group_delete(char **before)
5344 char ParentGroupName[64];
5346 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5347 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5349 memset(GroupName, '\0', sizeof(GroupName));
5350 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5351 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5353 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5355 argv[0] = ParentGroupName;
5357 argv[2] = GroupName;
5358 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5360 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
5361 GroupName, ParentGroupName, error_message(rc));
5365 if (strlen(GroupName) != 0)
5367 argv[0] = GroupName;
5368 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5370 com_err(whoami, 0, "Unable to delete container group %s : %s",
5371 GroupName, error_message(rc));
5378 int Moira_groupname_create(char *GroupName, char *ContainerName,
5379 char *ContainerRowID)
5384 char newGroupName[64];
5385 char tempGroupName[64];
5390 strcpy(temp, ContainerName);
5392 ptr1 = strrchr(temp, '/');
5398 if (strlen(ptr) > 25)
5401 sprintf(newGroupName, "cnt-%s", ptr);
5403 /* change everything to lower case */
5408 *ptr = tolower(*ptr);
5414 strcpy(tempGroupName, newGroupName);
5416 /* append 0-9 then a-z if a duplicate is found */
5419 argv[0] = newGroupName;
5420 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5422 if (rc == MR_NO_MATCH)
5424 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5425 ContainerName, error_message(rc));
5428 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5431 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5441 strcpy(GroupName, newGroupName);
5445 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5450 argv[0] = origContainerName;
5451 argv[1] = GroupName;
5453 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5455 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5456 GroupName, origContainerName, error_message(rc));
5462 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5464 char ContainerName[64];
5465 char ParentGroupName[64];
5469 strcpy(ContainerName, origContainerName);
5471 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5472 /* top-level container */
5473 if (strlen(ParentGroupName) == 0)
5476 argv[0] = ParentGroupName;
5478 argv[2] = GroupName;
5479 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5481 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5482 GroupName, ParentGroupName, error_message(rc));
5487 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5492 strcpy(call_args[0], av[1]);
5496 int Moira_getGroupName(char *origContainerName, char *GroupName,
5499 char ContainerName[64];
5505 strcpy(ContainerName, origContainerName);
5509 ptr = strrchr(ContainerName, '/');
5516 argv[0] = ContainerName;
5518 call_args[0] = GroupName;
5519 call_args[1] = NULL;
5521 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5524 if (strlen(GroupName) != 0)
5529 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5530 ContainerName, error_message(rc));
5532 com_err(whoami, 0, "Unable to get container group from container %s",
5537 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5543 if (strcmp(GroupName, "[none]") == 0)
5546 argv[0] = GroupName;
5547 argv[1] = "MACHINE";
5548 argv[2] = MachineName;
5550 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5552 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5555 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5556 MachineName, GroupName, error_message(rc));
5561 int GetMachineName(char *MachineName)
5564 char NewMachineName[1024];
5571 // If the address happens to be in the top-level MIT domain, great!
5572 strcpy(NewMachineName, MachineName);
5573 for (i = 0; i < (int)strlen(NewMachineName); i++)
5574 NewMachineName[i] = toupper(NewMachineName[i]);
5575 szDot = strchr(NewMachineName,'.');
5576 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5581 // If not, see if it has a Moira alias in the top-level MIT domain.
5582 memset(NewMachineName, '\0', sizeof(NewMachineName));
5584 args[1] = MachineName;
5585 call_args[0] = NewMachineName;
5586 call_args[1] = NULL;
5587 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5589 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5590 MachineName, error_message(rc));
5591 strcpy(MachineName, "");
5595 if (strlen(NewMachineName) != 0)
5596 strcpy(MachineName, NewMachineName);
5598 strcpy(MachineName, "");
5603 int ProcessMachineName(int ac, char **av, void *ptr)
5606 char MachineName[1024];
5611 if (strlen(call_args[0]) == 0)
5613 strcpy(MachineName, av[0]);
5614 for (i = 0; i < (int)strlen(MachineName); i++)
5615 MachineName[i] = toupper(MachineName[i]);
5616 szDot = strchr(MachineName,'.');
5617 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5619 strcpy(call_args[0], MachineName);
5625 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5631 for (i = 0; i < n; i++)
5633 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5634 mods[i]->mod_type = "uidNumber";
5640 for (i = 0; i < n; i++)
5642 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5643 mods[i]->mod_type = "msSFU30UidNumber";
5649 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5650 char *WinHomeDir, char *WinProfileDir,
5651 char **homedir_v, char **winProfile_v,
5652 char **drives_v, LDAPMod **mods,
5660 char winProfile[1024];
5665 LDAPMod *DelMods[20];
5667 memset(homeDrive, '\0', sizeof(homeDrive));
5668 memset(path, '\0', sizeof(path));
5669 memset(winPath, '\0', sizeof(winPath));
5670 memset(winProfile, '\0', sizeof(winProfile));
5672 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5674 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5676 memset(cWeight, 0, sizeof(cWeight));
5677 memset(cPath, 0, sizeof(cPath));
5680 while (hp[i] != NULL)
5682 if (sscanf(hp[i], "%*s %s", cPath))
5684 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5686 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5688 if (atoi(cWeight) < last_weight)
5690 strcpy(path, cPath);
5691 last_weight = (int)atoi(cWeight);
5695 strcpy(path, cPath);
5702 if (!strnicmp(path, AFS, strlen(AFS)))
5704 AfsToWinAfs(path, winPath);
5705 strcpy(winProfile, winPath);
5706 strcat(winProfile, "\\.winprofile");
5722 if (!strcasecmp(WinHomeDir, "[local]"))
5723 memset(winPath, '\0', sizeof(winPath));
5724 else if (!strcasecmp(WinHomeDir, "[afs]"))
5726 strcpy(homeDrive, "H:");
5730 strcpy(winPath, WinHomeDir);
5731 if (!strncmp(WinHomeDir, "\\\\", 2))
5733 strcpy(homeDrive, "H:");
5737 // nothing needs to be done if WinProfileDir is [afs].
5738 if (!strcasecmp(WinProfileDir, "[local]"))
5739 memset(winProfile, '\0', sizeof(winProfile));
5740 else if (strcasecmp(WinProfileDir, "[afs]"))
5742 strcpy(winProfile, WinProfileDir);
5745 if (strlen(winProfile) != 0)
5747 if (winProfile[strlen(winProfile) - 1] == '\\')
5748 winProfile[strlen(winProfile) - 1] = '\0';
5750 if (strlen(winPath) != 0)
5752 if (winPath[strlen(winPath) - 1] == '\\')
5753 winPath[strlen(winPath) - 1] = '\0';
5756 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5757 strcat(winProfile, "\\");
5758 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5759 strcat(winPath, "\\");
5761 if (strlen(winPath) == 0)
5763 if (OpType == LDAP_MOD_REPLACE)
5766 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5768 //unset homeDirectory attribute for user.
5769 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5775 homedir_v[0] = strdup(winPath);
5776 ADD_ATTR("homeDirectory", homedir_v, OpType);
5779 if (strlen(winProfile) == 0)
5781 if (OpType == LDAP_MOD_REPLACE)
5784 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5786 //unset profilePate attribute for user.
5787 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5793 winProfile_v[0] = strdup(winProfile);
5794 ADD_ATTR("profilePath", winProfile_v, OpType);
5797 if (strlen(homeDrive) == 0)
5799 if (OpType == LDAP_MOD_REPLACE)
5802 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5804 //unset homeDrive attribute for user
5805 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5811 drives_v[0] = strdup(homeDrive);
5812 ADD_ATTR("homeDrive", drives_v, OpType);
5818 int GetServerList(char *ldap_domain, char **ServerList)
5825 int IgnoreServerListError;
5826 int ServerListFound;
5827 char default_server[256];
5829 char *attr_array[3];
5833 LK_ENTRY *group_base;
5838 memset(default_server, '\0', sizeof(default_server));
5839 memset(dn_path, '\0', sizeof(dn_path));
5840 for (i = 0; i < MAX_SERVER_NAMES; i++)
5842 if (ServerList[i] != NULL)
5844 free(ServerList[i]);
5845 ServerList[i] = NULL;
5848 IgnoreServerListError = 1;
5849 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5850 ServerList, &IgnoreServerListError))
5852 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5856 ServerListFound = 0;
5858 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5859 attr_array[0] = "fSMORoleOwner";
5860 attr_array[1] = NULL;
5861 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5862 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5864 if (group_count != 0)
5866 sPtr = strstr(group_base->value, ",CN=");
5869 sPtr += strlen(",CN=");
5870 if (ServerList[0] == NULL)
5871 ServerList[0] = calloc(1, 256);
5872 strcpy(ServerList[0], sPtr);
5873 sPtr = strstr(ServerList[0], ",");
5877 ServerListFound = 1;
5881 linklist_free(group_base);
5885 attr_array[0] = "cn";
5886 attr_array[1] = NULL;
5887 strcpy(filter, "(cn=*)");
5888 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5890 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5891 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5893 if (group_count != 0)
5896 while (gPtr != NULL)
5898 if (ServerListFound != 0)
5900 if (!strcasecmp(ServerList[0], gPtr->value))
5906 if (Count < MAX_SERVER_NAMES)
5908 if (ServerList[Count] == NULL)
5909 ServerList[Count] = calloc(1, 256);
5910 strcpy(ServerList[Count], gPtr->value);
5917 linklist_free(group_base);
5923 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5924 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5926 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5927 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5929 if (group_count != 0)
5934 linklist_free(group_base);
5938 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5940 fprintf(fptr, "%s%s\n", DOMAIN, ldap_domain);
5942 fprintf(fptr, "%s%s\n", MSSFU, SFUTYPE);
5943 for (i = 0; i < MAX_SERVER_NAMES; i++)
5945 if (ServerList[i] != NULL)
5947 fprintf(fptr, "%s%s\n", SERVER, ServerList[i]);
5952 ldap_unbind_s(ldap_handle);
5957 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5958 char *attribute_value, char *attribute, char *user_name)
5960 char *mod_v[] = {NULL, NULL};
5961 LDAPMod *DelMods[20];
5967 if (strlen(attribute_value) == 0)
5970 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5972 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5978 mod_v[0] = attribute_value;
5979 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5981 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5985 mod_v[0] = attribute_value;
5986 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5988 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5990 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5991 attribute, user_name, ldap_err2string(rc));