2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
295 #define CHECK_GROUPS 1
296 #define CLEANUP_GROUPS 2
298 #define AD_NO_GROUPS_FOUND -1
299 #define AD_WRONG_GROUP_DN_FOUND -2
300 #define AD_MULTIPLE_GROUPS_FOUND -3
301 #define AD_INVALID_NAME -4
302 #define AD_LDAP_FAILURE -5
303 #define AD_INVALID_FILESYS -6
304 #define AD_NO_ATTRIBUTE_FOUND -7
305 #define AD_NO_OU_FOUND -8
306 #define AD_NO_USER_FOUND -9
308 /* container arguments */
309 #define CONTAINER_NAME 0
310 #define CONTAINER_DESC 1
311 #define CONTAINER_LOCATION 2
312 #define CONTAINER_CONTACT 3
313 #define CONTAINER_TYPE 4
314 #define CONTAINER_ID 5
315 #define CONTAINER_ROWID 6
316 #define CONTAINER_GROUP_NAME 7
318 /*mcntmap arguments*/
319 #define OU_MACHINE_NAME 0
320 #define OU_CONTAINER_NAME 1
321 #define OU_MACHINE_ID 2
322 #define OU_CONTAINER_ID 3
323 #define OU_CONTAINER_GROUP 4
325 typedef struct lk_entry {
335 struct lk_entry *next;
338 #define STOP_FILE "/moira/ldap/noldap"
339 #define file_exists(file) (access((file), F_OK) == 0)
341 #define N_SD_BER_BYTES 5
342 #define LDAP_BERVAL struct berval
343 #define MAX_SERVER_NAMES 32
345 #define HIDDEN_GROUP "HiddenGroup.g"
346 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
347 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
348 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
350 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
351 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
352 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
354 #define ADD_ATTR(t, v, o) \
355 mods[n] = malloc(sizeof(LDAPMod)); \
356 mods[n]->mod_op = o; \
357 mods[n]->mod_type = t; \
358 mods[n++]->mod_values = v
360 #define DEL_ATTR(t, o) \
361 DelMods[i] = malloc(sizeof(LDAPMod)); \
362 DelMods[i]->mod_op = o; \
363 DelMods[i]->mod_type = t; \
364 DelMods[i++]->mod_values = NULL
366 #define DOMAIN_SUFFIX "MIT.EDU"
367 #define DOMAIN "DOMAIN:"
368 #define PRINCIPALNAME "PRINCIPAL:"
369 #define SERVER "SERVER:"
372 #define GROUP_SUFFIX "GROUP_SUFFIX:"
373 #define GROUP_TYPE "GROUP_TYPE:"
374 #define SET_GROUP_ACE "SET_GROUP_ACE:"
375 #define SET_PASSWORD "SET_PASSWORD:"
376 #define EXCHANGE "EXCHANGE:"
377 #define REALM "REALM:"
378 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
380 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
381 #define MAX_DOMAINS 10
382 char DomainNames[MAX_DOMAINS][128];
384 LK_ENTRY *member_base = NULL;
386 char PrincipalName[128];
387 static char tbl_buf[1024];
388 char kerberos_ou[] = "OU=kerberos,OU=moira";
389 char contact_ou[] = "OU=strings,OU=moira";
390 char user_ou[] = "OU=users,OU=moira";
391 char group_ou_distribution[1024];
392 char group_ou_root[1024];
393 char group_ou_security[1024];
394 char group_ou_neither[1024];
395 char group_ou_both[1024];
396 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
397 char orphans_other_ou[] = "OU=Other,OU=Orphans";
398 char security_template_ou[] = "OU=security_templates";
400 char ldap_domain[256];
401 char ldap_realm[256];
403 char *ServerList[MAX_SERVER_NAMES];
404 char default_server[256];
405 static char tbl_buf[1024];
406 char group_suffix[256];
407 char exchange_acl[256];
408 int mr_connections = 0;
411 int UseGroupSuffix = 1;
412 int UseGroupUniversal = 0;
416 int ProcessMachineContainer = 1;
417 int ActiveDirectory = 1;
418 int UpdateDomainList;
420 extern int set_password(char *user, char *password, char *domain);
422 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_membership, char *MoiraId, char *attribute,
424 LK_ENTRY **linklist_base, int *linklist_count,
426 void AfsToWinAfs(char* path, char* winPath);
427 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
428 char *Win2kPassword, char *Win2kUser, char *default_server,
429 int connect_to_kdc, char **ServerList, char *ldap_realm,
431 void ad_kdc_disconnect();
432 int ad_server_connect(char *connectedServer, char *domain);
433 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
434 char *attribute_value, char *attribute, char *user_name);
435 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
436 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
437 int check_winad(void);
438 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
441 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
442 char *distinguishedName, int count, char **av);
443 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
444 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
445 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
446 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
447 char *distinguishedName, int count,
449 void container_get_dn(char *src, char *dest);
450 void container_get_name(char *src, char *dest);
451 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
452 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
453 char **before, int afterc, char **after);
454 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
455 char **before, int afterc, char **after);
457 int GetAceInfo(int ac, char **av, void *ptr);
458 int get_group_membership(char *group_membership, char *group_ou,
459 int *security_flag, char **av);
460 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
461 char *machine_ou, char *pPtr);
462 int Moira_container_group_create(char **after);
463 int Moira_container_group_delete(char **before);
464 int Moira_groupname_create(char *GroupName, char *ContainerName,
465 char *ContainerRowID);
466 int Moira_container_group_update(char **before, char **after);
467 int Moira_process_machine_container_group(char *MachineName, char* groupName,
469 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
470 int Moira_getContainerGroup(int ac, char **av, void *ptr);
471 int Moira_getGroupName(char *origContainerName, char *GroupName,
473 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
474 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
475 int UpdateGroup, int *ProcessGroup, char *maillist);
476 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
477 char *group_name, char *group_ou, char *group_membership,
478 int group_security_flag, int type, char *maillist);
479 int process_lists(int ac, char **av, void *ptr);
480 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
481 char *TargetGroupName, int HiddenGroup,
482 char *AceType, char *AceName);
483 int ProcessMachineName(int ac, char **av, void *ptr);
484 int ReadConfigFile(char *DomainName);
485 int ReadDomainList();
486 void StringTrim(char *StringToTrim);
487 char *escape_string(char *s);
488 int save_query_info(int argc, char **argv, void *hint);
489 int user_create(int ac, char **av, void *ptr);
490 int user_change_status(LDAP *ldap_handle, char *dn_path,
491 char *user_name, char *MoiraId, int operation);
492 int user_delete(LDAP *ldap_handle, char *dn_path,
493 char *u_name, char *MoiraId);
494 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
496 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
497 char *uid, char *MitId, char *MoiraId, int State,
498 char *WinHomeDir, char *WinProfileDir, char *first,
499 char *middle, char *last, char *shell, char *class);
500 void change_to_lower_case(char *ptr);
501 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
502 int contact_remove_email(LDAP *ld, char *bind_path,
503 LK_ENTRY **linklist_entry, int linklist_current);
504 int group_create(int ac, char **av, void *ptr);
505 int group_delete(LDAP *ldap_handle, char *dn_path,
506 char *group_name, char *group_membership, char *MoiraId);
507 int group_rename(LDAP *ldap_handle, char *dn_path,
508 char *before_group_name, char *before_group_membership,
509 char *before_group_ou, int before_security_flag,
510 char *before_desc, char *after_group_name,
511 char *after_group_membership, char *after_group_ou,
512 int after_security_flag, char *after_desc,
513 char *MoiraId, char *filter, char *maillist);
514 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
515 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
516 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
517 char *machine_name, char *container_name);
518 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
519 char *MoiraMachineName, char *DestinationOu);
520 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
521 char *group_name, char *group_ou, char *group_membership,
522 int group_security_flag, int updateGroup, char *maillist);
523 int member_list_build(int ac, char **av, void *ptr);
524 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
525 char *group_ou, char *group_membership,
526 char *user_name, char *pUserOu, char *MoiraId);
527 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
528 char *group_ou, char *group_membership, char *user_name,
529 char *pUserOu, char *MoiraId);
530 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
531 char *group_ou, char *group_membership,
532 int group_security_flag, char *MoiraId);
533 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
534 char *DistinguishedName,
535 char *WinHomeDir, char *WinProfileDir,
536 char **homedir_v, char **winProfile_v,
537 char **drives_v, LDAPMod **mods,
539 int sid_update(LDAP *ldap_handle, char *dn_path);
540 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
541 int check_string(char *s);
542 int check_container_name(char* s);
544 int mr_connect_cl(char *server, char *client, int version, int auth);
545 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
546 char **before, int beforec, char **after, int afterc);
547 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
548 char **before, int beforec, char **after, int afterc);
549 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
550 char **before, int beforec, char **after, int afterc);
551 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
552 char **before, int beforec, char **after, int afterc);
553 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
554 char **before, int beforec, char **after, int afterc);
555 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 int linklist_create_entry(char *attribute, char *value,
558 LK_ENTRY **linklist_entry);
559 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
560 char **attr_array, LK_ENTRY **linklist_base,
561 int *linklist_count, unsigned long ScopeType);
562 void linklist_free(LK_ENTRY *linklist_base);
564 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
565 char *distinguished_name, LK_ENTRY **linklist_current);
566 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
567 LK_ENTRY **linklist_base, int *linklist_count);
568 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
569 char *Attribute, char *distinguished_name,
570 LK_ENTRY **linklist_current);
572 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
573 char *oldValue, char *newValue,
574 char ***modvalues, int type);
575 void free_values(char **modvalues);
577 int convert_domain_to_dn(char *domain, char **bind_path);
578 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
579 char *distinguished_name);
580 int moira_disconnect(void);
581 int moira_connect(void);
582 void print_to_screen(const char *fmt, ...);
583 int GetMachineName(char *MachineName);
584 int tickets_get_k5();
585 int destroy_cache(void);
588 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
589 char **homeServerName);
591 int main(int argc, char **argv)
607 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
611 com_err(whoami, 0, "Unable to process %s", "argc < 4");
615 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
617 com_err(whoami, 0, "Unable to process %s",
618 "argc < (4 + beforec + afterc)");
622 if (!strcmp(argv[1], "filesys"))
625 for (i = 1; i < argc; i++)
627 strcat(tbl_buf, argv[i]);
628 strcat(tbl_buf, " ");
631 com_err(whoami, 0, "%s", tbl_buf);
635 com_err(whoami, 0, "%s failed", "check_winad()");
639 initialize_sms_error_table();
640 initialize_krb_error_table();
642 UpdateDomainList = 0;
643 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
645 if (ReadDomainList())
647 com_err(whoami, 0, "%s failed", "ReadDomainList()");
651 for (i = 0; i < argc; i++)
654 for (k = 0; k < MAX_DOMAINS; k++)
656 if (strlen(DomainNames[k]) == 0)
658 for (i = 0; i < argc; i++)
660 if (orig_argv[i] != NULL)
662 orig_argv[i] = strdup(argv[i]);
665 memset(PrincipalName, '\0', sizeof(PrincipalName));
666 memset(ldap_domain, '\0', sizeof(ldap_domain));
667 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
668 memset(default_server, '\0', sizeof(default_server));
669 memset(dn_path, '\0', sizeof(dn_path));
670 memset(group_suffix, '\0', sizeof(group_suffix));
671 memset(exchange_acl, '\0', sizeof(exchange_acl));
675 UseGroupUniversal = 0;
679 ProcessMachineContainer = 1;
682 sprintf(group_suffix, "%s", "_group");
683 sprintf(exchange_acl, "%s", "exchange-acl");
685 beforec = atoi(orig_argv[2]);
686 afterc = atoi(orig_argv[3]);
687 table = orig_argv[1];
688 before = &orig_argv[4];
689 after = &orig_argv[4 + beforec];
697 if (ReadConfigFile(DomainNames[k]))
702 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
703 sprintf(group_ou_root, "OU=lists,OU=moira");
704 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
705 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
706 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_distribution, "OU=lists,OU=moira");
711 sprintf(group_ou_root, "OU=lists,OU=moira");
712 sprintf(group_ou_security, "OU=lists,OU=moira");
713 sprintf(group_ou_neither, "OU=lists,OU=moira");
714 sprintf(group_ou_both, "OU=lists,OU=moira");
717 OldUseSFU30 = UseSFU30;
719 for (i = 0; i < 5; i++)
721 ldap_handle = (LDAP *)NULL;
722 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
723 default_server, SetPassword, ServerList,
724 ldap_realm, ldap_port)))
726 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
731 if ((rc) || (ldap_handle == NULL))
733 critical_alert("incremental",
734 "ldap.incr cannot connect to any server in "
735 "domain %s", DomainNames[k]);
739 for (i = 0; i < (int)strlen(table); i++)
740 table[i] = tolower(table[i]);
742 if (!strcmp(table, "users"))
743 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
745 else if (!strcmp(table, "list"))
746 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
748 else if (!strcmp(table, "imembers"))
749 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
751 else if (!strcmp(table, "containers"))
752 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
754 else if (!strcmp(table, "mcntmap"))
755 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
761 for (i = 0; i < MAX_SERVER_NAMES; i++)
763 if (ServerList[i] != NULL)
766 ServerList[i] = NULL;
770 rc = ldap_unbind_s(ldap_handle);
776 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
777 char **before, int beforec, char **after, int afterc)
779 char MoiraContainerName[128];
780 char ADContainerName[128];
781 char MachineName[1024];
782 char OriginalMachineName[1024];
785 char MoiraContainerGroup[64];
787 if (!ProcessMachineContainer)
789 com_err(whoami, 0, "Process machines and containers disabled, skipping");
794 memset(ADContainerName, '\0', sizeof(ADContainerName));
795 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
797 if ((beforec == 0) && (afterc == 0))
800 if (rc = moira_connect())
802 critical_alert("AD incremental",
803 "Error contacting Moira server : %s",
808 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
810 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
811 strcpy(MachineName, before[OU_MACHINE_NAME]);
812 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
814 com_err(whoami, 0, "removing machine %s from %s",
815 OriginalMachineName, before[OU_CONTAINER_NAME]);
817 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
819 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
820 strcpy(MachineName, after[OU_MACHINE_NAME]);
821 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
822 com_err(whoami, 0, "adding machine %s to container %s",
823 OriginalMachineName, after[OU_CONTAINER_NAME]);
831 rc = GetMachineName(MachineName);
833 if (strlen(MachineName) == 0)
836 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
837 OriginalMachineName);
841 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
844 if (machine_check(ldap_handle, dn_path, MachineName))
846 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.",
847 OriginalMachineName, MachineName);
852 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
853 machine_get_moira_container(ldap_handle, dn_path, MachineName,
856 if (strlen(MoiraContainerName) == 0)
858 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
859 "in Moira - moving to orphans OU.",
860 OriginalMachineName, MachineName);
861 machine_move_to_ou(ldap_handle, dn_path, MachineName,
862 orphans_machines_ou);
867 container_get_dn(MoiraContainerName, ADContainerName);
869 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
870 strcat(MoiraContainerName, "/");
872 container_check(ldap_handle, dn_path, MoiraContainerName);
873 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
878 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
879 char **before, int beforec, char **after, int afterc)
883 if (!ProcessMachineContainer)
885 com_err(whoami, 0, "Process machines and containers disabled, skipping");
889 if ((beforec == 0) && (afterc == 0))
892 if (rc = moira_connect())
894 critical_alert("AD incremental", "Error contacting Moira server : %s",
899 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
901 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
902 container_delete(ldap_handle, dn_path, beforec, before);
903 Moira_container_group_delete(before);
908 if ((beforec == 0) && (afterc != 0)) /*create a container*/
910 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
911 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
912 container_create(ldap_handle, dn_path, afterc, after);
913 Moira_container_group_create(after);
918 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
920 com_err(whoami, 0, "renaming container %s to %s",
921 before[CONTAINER_NAME], after[CONTAINER_NAME]);
922 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
923 Moira_container_group_update(before, after);
928 com_err(whoami, 0, "updating container %s information",
929 after[CONTAINER_NAME]);
930 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
931 Moira_container_group_update(before, after);
936 #define L_LIST_DESC 9
939 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
940 char **before, int beforec, char **after, int afterc)
945 char group_membership[6];
950 char before_list_id[32];
951 char before_group_membership[1];
952 int before_security_flag;
953 char before_group_ou[256];
954 LK_ENTRY *ptr = NULL;
956 if (beforec == 0 && afterc == 0)
959 memset(list_id, '\0', sizeof(list_id));
960 memset(before_list_id, '\0', sizeof(before_list_id));
961 memset(before_group_ou, '\0', sizeof(before_group_ou));
962 memset(before_group_membership, '\0', sizeof(before_group_membership));
963 memset(group_ou, '\0', sizeof(group_ou));
964 memset(group_membership, '\0', sizeof(group_membership));
969 if (beforec < L_LIST_ID)
971 if (beforec > L_LIST_DESC)
973 strcpy(before_list_id, before[L_LIST_ID]);
975 before_security_flag = 0;
976 get_group_membership(before_group_membership, before_group_ou,
977 &before_security_flag, before);
982 if (afterc < L_LIST_ID)
984 if (afterc > L_LIST_DESC)
986 strcpy(list_id, after[L_LIST_ID]);
989 get_group_membership(group_membership, group_ou, &security_flag, after);
992 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1001 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1002 before[L_NAME], before_group_ou,
1003 before_group_membership,
1004 before_security_flag, CHECK_GROUPS,
1005 before[L_MAILLIST])))
1007 if (rc == AD_NO_GROUPS_FOUND)
1011 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1012 (rc == AD_MULTIPLE_GROUPS_FOUND))
1014 rc = process_group(ldap_handle, dn_path, before_list_id,
1015 before[L_NAME], before_group_ou,
1016 before_group_membership,
1017 before_security_flag, CLEANUP_GROUPS,
1018 before[L_MAILLIST]);
1020 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1022 com_err(whoami, 0, "Unable to process list %s",
1026 if (rc == AD_NO_GROUPS_FOUND)
1032 if ((beforec != 0) && (afterc != 0))
1034 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1035 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1036 (strcmp(before_group_ou, group_ou)))) &&
1039 com_err(whoami, 0, "Changing list name from %s to %s",
1040 before[L_NAME], after[L_NAME]);
1042 if ((strlen(before_group_ou) == 0) ||
1043 (strlen(before_group_membership) == 0) ||
1044 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1046 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1050 memset(filter, '\0', sizeof(filter));
1052 if ((rc = group_rename(ldap_handle, dn_path,
1053 before[L_NAME], before_group_membership,
1054 before_group_ou, before_security_flag,
1055 before[L_LIST_DESC], after[L_NAME],
1056 group_membership, group_ou, security_flag,
1058 list_id, filter, after[L_MAILLIST])))
1060 if (rc != AD_NO_GROUPS_FOUND)
1063 "Unable to change list name from %s to %s",
1064 before[L_NAME], after[L_NAME]);
1077 if ((strlen(before_group_ou) == 0) ||
1078 (strlen(before_group_membership) == 0))
1081 "Unable to find the group OU for group %s", before[L_NAME]);
1085 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1086 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1087 before_group_membership, before_list_id);
1095 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1097 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1098 group_ou, group_membership,
1099 security_flag, CHECK_GROUPS,
1102 if (rc != AD_NO_GROUPS_FOUND)
1104 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1105 (rc == AD_MULTIPLE_GROUPS_FOUND))
1107 rc = process_group(ldap_handle, dn_path, list_id,
1109 group_ou, group_membership,
1110 security_flag, CLEANUP_GROUPS,
1117 "Unable to create list %s", after[L_NAME]);
1124 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1126 if (rc = moira_connect())
1128 critical_alert("AD incremental",
1129 "Error contacting Moira server : %s",
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1137 &ProcessGroup, after[L_MAILLIST]))
1142 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1143 &ProcessGroup, after[L_MAILLIST]))
1147 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1148 group_ou, group_membership, security_flag,
1149 updateGroup, after[L_MAILLIST]))
1155 if (atoi(after[L_ACTIVE]))
1157 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1158 group_membership, security_flag, list_id);
1166 #define LM_EXTRA_ACTIVE (LM_END)
1167 #define LM_EXTRA_PUBLIC (LM_END+1)
1168 #define LM_EXTRA_HIDDEN (LM_END+2)
1169 #define LM_EXTRA_MAILLIST (LM_END+3)
1170 #define LM_EXTRA_GROUP (LM_END+4)
1171 #define LM_EXTRA_GID (LM_END+5)
1172 #define LMN_LIST_ID (LM_END+6)
1173 #define LM_LIST_ID (LM_END+7)
1174 #define LM_USER_ID (LM_END+8)
1175 #define LM_EXTRA_END (LM_END+9)
1177 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1178 char **before, int beforec, char **after, int afterc)
1180 LK_ENTRY *group_base;
1183 char *attr_array[3];
1184 char group_name[128];
1185 char user_name[128];
1186 char user_type[128];
1187 char moira_list_id[32];
1188 char moira_user_id[32];
1189 char group_membership[1];
1191 char machine_ou[256];
1199 char NewMachineName[1024];
1203 char *save_argv[U_END];
1207 memset(moira_list_id, '\0', sizeof(moira_list_id));
1208 memset(moira_user_id, '\0', sizeof(moira_user_id));
1212 if (afterc < LM_EXTRA_GID)
1215 if (!atoi(after[LM_EXTRA_ACTIVE]))
1218 "Unable to add %s to group %s : group not active",
1219 after[2], after[0]);
1225 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1228 strcpy(user_name, after[LM_MEMBER]);
1229 strcpy(group_name, after[LM_LIST]);
1230 strcpy(user_type, after[LM_TYPE]);
1232 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1234 if (afterc > LM_EXTRA_GROUP)
1236 strcpy(moira_list_id, after[LMN_LIST_ID]);
1237 strcpy(moira_user_id, after[LM_LIST_ID]);
1240 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1242 if (afterc > LMN_LIST_ID)
1244 strcpy(moira_list_id, after[LM_LIST_ID]);
1245 strcpy(moira_user_id, after[LM_USER_ID]);
1250 if (afterc > LM_EXTRA_GID)
1251 strcpy(moira_list_id, after[LMN_LIST_ID]);
1256 if (beforec < LM_EXTRA_GID)
1258 if (!atoi(before[LM_EXTRA_ACTIVE]))
1261 "Unable to add %s to group %s : group not active",
1262 before[2], before[0]);
1268 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1271 strcpy(user_name, before[LM_MEMBER]);
1272 strcpy(group_name, before[LM_LIST]);
1273 strcpy(user_type, before[LM_TYPE]);
1275 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1277 if (beforec > LM_EXTRA_GROUP)
1279 strcpy(moira_list_id, before[LMN_LIST_ID]);
1280 strcpy(moira_user_id, before[LM_LIST_ID]);
1283 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1285 if (beforec > LMN_LIST_ID)
1287 strcpy(moira_list_id, before[LM_LIST_ID]);
1288 strcpy(moira_user_id, before[LM_USER_ID]);
1293 if (beforec > LM_EXTRA_GID)
1294 strcpy(moira_list_id, before[LMN_LIST_ID]);
1301 "Unable to process group : beforec = %d, afterc = %d",
1306 args[L_NAME] = ptr[LM_LIST];
1307 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1308 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1309 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1310 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1311 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1312 args[L_GID] = ptr[LM_EXTRA_GID];
1315 memset(group_ou, '\0', sizeof(group_ou));
1316 get_group_membership(group_membership, group_ou, &security_flag, args);
1318 if (strlen(group_ou) == 0)
1320 com_err(whoami, 0, "Unable to find the group OU for group %s",
1325 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1326 group_ou, group_membership, security_flag,
1327 CHECK_GROUPS, args[L_MAILLIST]))
1329 if (rc != AD_NO_GROUPS_FOUND)
1331 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1332 group_name, group_ou, group_membership,
1333 security_flag, CLEANUP_GROUPS,
1336 if (rc != AD_NO_GROUPS_FOUND)
1339 com_err(whoami, 0, "Unable to add %s to group %s - "
1340 "unable to process group", user_name, group_name);
1342 com_err(whoami, 0, "Unable to remove %s from group %s - "
1343 "unable to process group", user_name, group_name);
1350 if (rc == AD_NO_GROUPS_FOUND)
1352 if (rc = moira_connect())
1354 critical_alert("AD incremental",
1355 "Error contacting Moira server : %s",
1360 com_err(whoami, 0, "creating group %s", group_name);
1363 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1364 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1369 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1370 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1375 group_ou, group_membership, security_flag, 0,
1376 ptr[LM_EXTRA_MAILLIST]))
1382 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1384 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1385 group_membership, security_flag, moira_list_id);
1395 com_err(whoami, 0, "removing user %s from list %s", user_name,
1399 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1401 memset(machine_ou, '\0', sizeof(machine_ou));
1402 memset(NewMachineName, '\0', sizeof(NewMachineName));
1403 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1404 machine_ou, NewMachineName))
1406 if (ptr[LM_MEMBER] != NULL)
1407 free(ptr[LM_MEMBER]);
1408 ptr[LM_MEMBER] = strdup(NewMachineName);
1409 pUserOu = machine_ou;
1412 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1414 strcpy(member, ptr[LM_MEMBER]);
1418 if((s = strchr(member, '@')) == (char *) NULL)
1420 strcat(member, "@mit.edu");
1422 if (ptr[LM_MEMBER] != NULL)
1423 free(ptr[LM_MEMBER]);
1424 ptr[LM_MEMBER] = strdup(member);
1427 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1429 s = strrchr(member, '.');
1431 strcat(s, ".mit.edu");
1433 if (ptr[LM_MEMBER] != NULL)
1434 free(ptr[LM_MEMBER]);
1435 ptr[LM_MEMBER] = strdup(member);
1439 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1443 pUserOu = contact_ou;
1445 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1447 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1451 pUserOu = kerberos_ou;
1454 if (rc = moira_connect()) {
1455 critical_alert("AD incremental",
1456 "Error contacting Moira server : %s",
1461 if (rc = populate_group(ldap_handle, dn_path, group_name,
1462 group_ou, group_membership,
1463 security_flag, moira_list_id))
1464 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1469 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1471 if (rc = moira_connect())
1473 critical_alert("AD incremental",
1474 "Error contacting Moira server : %s",
1479 if (rc = populate_group(ldap_handle, dn_path, group_name,
1480 group_ou, group_membership, security_flag,
1482 com_err(whoami, 0, "Unable to remove %s from group %s",
1483 user_name, group_name);
1490 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1493 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1495 memset(machine_ou, '\0', sizeof(machine_ou));
1496 memset(NewMachineName, '\0', sizeof(NewMachineName));
1498 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1502 if (ptr[LM_MEMBER] != NULL)
1503 free(ptr[LM_MEMBER]);
1505 ptr[LM_MEMBER] = strdup(NewMachineName);
1506 pUserOu = machine_ou;
1508 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1510 strcpy(member, ptr[LM_MEMBER]);
1514 if((s = strchr(member, '@')) == (char *) NULL)
1516 strcat(member, "@mit.edu");
1518 if (ptr[LM_MEMBER] != NULL)
1519 free(ptr[LM_MEMBER]);
1520 ptr[LM_MEMBER] = strdup(member);
1523 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1525 s = strrchr(member, '.');
1527 strcat(s, ".mit.edu");
1529 if (ptr[LM_MEMBER] != NULL)
1530 free(ptr[LM_MEMBER]);
1531 ptr[LM_MEMBER] = strdup(member);
1535 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1539 pUserOu = contact_ou;
1541 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1543 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1547 pUserOu = kerberos_ou;
1549 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1551 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1552 moira_user_id)) == AD_NO_USER_FOUND)
1554 if (rc = moira_connect())
1556 critical_alert("AD incremental",
1557 "Error connection to Moira : %s",
1562 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1563 av[0] = ptr[LM_MEMBER];
1564 call_args[0] = (char *)ldap_handle;
1565 call_args[1] = dn_path;
1566 call_args[2] = moira_user_id;
1567 call_args[3] = NULL;
1576 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1577 attr_array[0] = "cn";
1578 attr_array[1] = NULL;
1579 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1580 attr_array, &group_base, &group_count,
1581 LDAP_SCOPE_SUBTREE)) != 0)
1583 com_err(whoami, 0, "Unable to process user %s : %s",
1584 ptr[LM_MEMBER], ldap_err2string(rc));
1590 com_err(whoami, 0, "Object already exists with name %s",
1595 linklist_free(group_base);
1600 if (rc = mr_query("get_user_account_by_login", 1, av,
1601 save_query_info, save_argv))
1604 com_err(whoami, 0, "Unable to create user %s : %s",
1605 ptr[LM_MEMBER], error_message(rc));
1609 if (rc = user_create(U_END, save_argv, call_args))
1612 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1619 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 if (rc = moira_connect()) {
1632 critical_alert("AD incremental",
1633 "Error contacting Moira server : %s",
1638 if (rc = populate_group(ldap_handle, dn_path, group_name,
1639 group_ou, group_membership, security_flag,
1641 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1646 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1648 if (rc = moira_connect())
1650 critical_alert("AD incremental",
1651 "Error contacting Moira server : %s",
1656 if (rc = populate_group(ldap_handle, dn_path, group_name,
1657 group_ou, group_membership, security_flag,
1659 com_err(whoami, 0, "Unable to add %s to group %s",
1660 user_name, group_name);
1669 #define U_USER_ID 10
1670 #define U_HOMEDIR 11
1671 #define U_PROFILEDIR 12
1673 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1674 char **before, int beforec, char **after,
1677 LK_ENTRY *group_base;
1680 char *attr_array[3];
1683 char after_user_id[32];
1684 char before_user_id[32];
1686 char *save_argv[U_END];
1688 if ((beforec == 0) && (afterc == 0))
1691 memset(after_user_id, '\0', sizeof(after_user_id));
1692 memset(before_user_id, '\0', sizeof(before_user_id));
1694 if (beforec > U_USER_ID)
1695 strcpy(before_user_id, before[U_USER_ID]);
1697 if (afterc > U_USER_ID)
1698 strcpy(after_user_id, after[U_USER_ID]);
1700 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1703 if ((beforec == 0) && (afterc != 0))
1705 /*this case only happens when the account*/
1706 /*account is first created but not usable*/
1708 com_err(whoami, 0, "Unable to process user %s because the user account "
1709 "is not yet usable", after[U_NAME]);
1713 /*this case only happens when the account is expunged */
1715 if ((beforec != 0) && (afterc == 0))
1717 if (atoi(before[U_STATE]) == 0)
1719 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1720 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1724 com_err(whoami, 0, "Unable to process because user %s has been "
1725 "previously expungeded", before[U_NAME]);
1730 /*process anything that gets here*/
1732 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1733 before_user_id)) == AD_NO_USER_FOUND)
1735 if (!check_string(after[U_NAME]))
1738 if (rc = moira_connect())
1740 critical_alert("AD incremental",
1741 "Error connection to Moira : %s",
1746 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1748 av[0] = after[U_NAME];
1749 call_args[0] = (char *)ldap_handle;
1750 call_args[1] = dn_path;
1751 call_args[2] = after_user_id;
1752 call_args[3] = NULL;
1760 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1761 attr_array[0] = "cn";
1762 attr_array[1] = NULL;
1764 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1765 &group_base, &group_count,
1766 LDAP_SCOPE_SUBTREE)) != 0)
1768 com_err(whoami, 0, "Unable to process user %s : %s",
1769 after[U_NAME], ldap_err2string(rc));
1773 if (group_count >= 1)
1775 com_err(whoami, 0, "Object already exists with name %s",
1780 linklist_free(group_base);
1785 if (rc = mr_query("get_user_account_by_login", 1, av,
1786 save_query_info, save_argv))
1789 com_err(whoami, 0, "Unable to create user %s : %s",
1790 after[U_NAME], error_message(rc));
1794 if (rc = user_create(U_END, save_argv, call_args))
1796 com_err(whoami, 0, "Unable to create user %s : %s",
1797 after[U_NAME], error_message(rc));
1804 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1816 if (strcmp(before[U_NAME], after[U_NAME]))
1818 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1820 com_err(whoami, 0, "changing user %s to %s",
1821 before[U_NAME], after[U_NAME]);
1823 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1824 after[U_NAME])) != LDAP_SUCCESS)
1831 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1832 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1833 after[U_UID], after[U_MITID],
1834 after_user_id, atoi(after[U_STATE]),
1835 after[U_HOMEDIR], after[U_PROFILEDIR],
1836 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1837 after[U_SHELL], after[U_CLASS]);
1842 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1843 char *oldValue, char *newValue,
1844 char ***modvalues, int type)
1846 LK_ENTRY *linklist_ptr;
1850 if (((*modvalues) = calloc(1,
1851 (modvalue_count + 1) * sizeof(char *))) == NULL)
1856 for (i = 0; i < (modvalue_count + 1); i++)
1857 (*modvalues)[i] = NULL;
1859 if (modvalue_count != 0)
1861 linklist_ptr = linklist_base;
1862 for (i = 0; i < modvalue_count; i++)
1864 if ((oldValue != NULL) && (newValue != NULL))
1866 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1869 if (type == REPLACE)
1871 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1874 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1875 strcpy((*modvalues)[i], newValue);
1879 if (((*modvalues)[i] = calloc(1,
1880 (int)(cPtr - linklist_ptr->value) +
1881 (linklist_ptr->length -
1883 strlen(newValue) + 1)) == NULL)
1885 memset((*modvalues)[i], '\0',
1886 (int)(cPtr - linklist_ptr->value) +
1887 (linklist_ptr->length - strlen(oldValue)) +
1888 strlen(newValue) + 1);
1889 memcpy((*modvalues)[i], linklist_ptr->value,
1890 (int)(cPtr - linklist_ptr->value));
1891 strcat((*modvalues)[i], newValue);
1892 strcat((*modvalues)[i],
1893 &linklist_ptr->value[(int)(cPtr -
1894 linklist_ptr->value) + strlen(oldValue)]);
1899 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1900 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 linklist_ptr->length);
1907 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1908 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1909 memcpy((*modvalues)[i], linklist_ptr->value,
1910 linklist_ptr->length);
1912 linklist_ptr = linklist_ptr->next;
1914 (*modvalues)[i] = NULL;
1920 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1921 char **attr_array, LK_ENTRY **linklist_base,
1922 int *linklist_count, unsigned long ScopeType)
1925 LDAPMessage *ldap_entry;
1929 (*linklist_base) = NULL;
1930 (*linklist_count) = 0;
1932 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1933 search_exp, attr_array, 0,
1934 &ldap_entry)) != LDAP_SUCCESS)
1936 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1940 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1943 ldap_msgfree(ldap_entry);
1947 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1948 LK_ENTRY **linklist_base, int *linklist_count)
1950 char distinguished_name[1024];
1951 LK_ENTRY *linklist_ptr;
1954 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1957 memset(distinguished_name, '\0', sizeof(distinguished_name));
1958 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1960 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1961 linklist_base)) != 0)
1964 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1966 memset(distinguished_name, '\0', sizeof(distinguished_name));
1967 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1969 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1970 distinguished_name, linklist_base)) != 0)
1974 linklist_ptr = (*linklist_base);
1975 (*linklist_count) = 0;
1977 while (linklist_ptr != NULL)
1979 ++(*linklist_count);
1980 linklist_ptr = linklist_ptr->next;
1986 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1987 char *distinguished_name, LK_ENTRY **linklist_current)
1994 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1997 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1999 ldap_memfree(Attribute);
2000 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2003 retrieve_values(ldap_handle, ldap_entry, Attribute,
2004 distinguished_name, linklist_current);
2005 ldap_memfree(Attribute);
2009 ldap_ber_free(ptr, 0);
2014 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2015 char *Attribute, char *distinguished_name,
2016 LK_ENTRY **linklist_current)
2022 LK_ENTRY *linklist_previous;
2023 LDAP_BERVAL **ber_value;
2032 SID_IDENTIFIER_AUTHORITY *sid_auth;
2033 unsigned char *subauth_count;
2034 #endif /*LDAP_BEGUG*/
2037 memset(temp, '\0', sizeof(temp));
2039 if ((!strcmp(Attribute, "objectSid")) ||
2040 (!strcmp(Attribute, "objectGUID")))
2045 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2046 Ptr = (void **)ber_value;
2051 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2052 Ptr = (void **)str_value;
2060 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2063 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2064 linklist_previous->next = (*linklist_current);
2065 (*linklist_current) = linklist_previous;
2067 if (((*linklist_current)->attribute = calloc(1,
2068 strlen(Attribute) + 1)) == NULL)
2071 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2072 strcpy((*linklist_current)->attribute, Attribute);
2076 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2078 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2081 memset((*linklist_current)->value, '\0', ber_length);
2082 memcpy((*linklist_current)->value,
2083 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2084 (*linklist_current)->length = ber_length;
2088 if (((*linklist_current)->value = calloc(1,
2089 strlen(*Ptr) + 1)) == NULL)
2092 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2093 (*linklist_current)->length = strlen(*Ptr);
2094 strcpy((*linklist_current)->value, *Ptr);
2097 (*linklist_current)->ber_value = use_bervalue;
2099 if (((*linklist_current)->dn = calloc(1,
2100 strlen(distinguished_name) + 1)) == NULL)
2103 memset((*linklist_current)->dn, '\0',
2104 strlen(distinguished_name) + 1);
2105 strcpy((*linklist_current)->dn, distinguished_name);
2108 if (!strcmp(Attribute, "objectGUID"))
2110 guid = (GUID *)((*linklist_current)->value);
2112 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2113 guid->Data1, guid->Data2, guid->Data3,
2114 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2115 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2116 guid->Data4[6], guid->Data4[7]);
2117 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2119 else if (!strcmp(Attribute, "objectSid"))
2121 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2124 print_to_screen(" Revision = %d\n", sid->Revision);
2125 print_to_screen(" SID Identifier Authority:\n");
2126 sid_auth = &sid->IdentifierAuthority;
2127 if (sid_auth->Value[0])
2128 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2129 else if (sid_auth->Value[1])
2130 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2131 else if (sid_auth->Value[2])
2132 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2133 else if (sid_auth->Value[3])
2134 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2135 else if (sid_auth->Value[5])
2136 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2138 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2139 subauth_count = GetSidSubAuthorityCount(sid);
2140 print_to_screen(" SidSubAuthorityCount = %d\n",
2142 print_to_screen(" SidSubAuthority:\n");
2143 for (i = 0; i < *subauth_count; i++)
2145 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2146 print_to_screen(" %u\n", *subauth);
2150 else if ((!memcmp(Attribute, "userAccountControl",
2151 strlen("userAccountControl"))) ||
2152 (!memcmp(Attribute, "sAMAccountType",
2153 strlen("sAmAccountType"))))
2155 intValue = atoi(*Ptr);
2156 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2158 if (!memcmp(Attribute, "userAccountControl",
2159 strlen("userAccountControl")))
2161 if (intValue & UF_ACCOUNTDISABLE)
2162 print_to_screen(" %20s : %s\n",
2163 "", "Account disabled");
2165 print_to_screen(" %20s : %s\n",
2166 "", "Account active");
2167 if (intValue & UF_HOMEDIR_REQUIRED)
2168 print_to_screen(" %20s : %s\n",
2169 "", "Home directory required");
2170 if (intValue & UF_LOCKOUT)
2171 print_to_screen(" %20s : %s\n",
2172 "", "Account locked out");
2173 if (intValue & UF_PASSWD_NOTREQD)
2174 print_to_screen(" %20s : %s\n",
2175 "", "No password required");
2176 if (intValue & UF_PASSWD_CANT_CHANGE)
2177 print_to_screen(" %20s : %s\n",
2178 "", "Cannot change password");
2179 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2180 print_to_screen(" %20s : %s\n",
2181 "", "Temp duplicate account");
2182 if (intValue & UF_NORMAL_ACCOUNT)
2183 print_to_screen(" %20s : %s\n",
2184 "", "Normal account");
2185 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2186 print_to_screen(" %20s : %s\n",
2187 "", "Interdomain trust account");
2188 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2189 print_to_screen(" %20s : %s\n",
2190 "", "Workstation trust account");
2191 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2192 print_to_screen(" %20s : %s\n",
2193 "", "Server trust account");
2198 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2200 #endif /*LDAP_DEBUG*/
2203 if (str_value != NULL)
2204 ldap_value_free(str_value);
2206 if (ber_value != NULL)
2207 ldap_value_free_len(ber_value);
2210 (*linklist_current) = linklist_previous;
2215 int moira_connect(void)
2220 if (!mr_connections++)
2224 memset(HostName, '\0', sizeof(HostName));
2225 strcpy(HostName, "ttsp");
2226 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2230 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2239 int check_winad(void)
2243 for (i = 0; file_exists(STOP_FILE); i++)
2247 critical_alert("AD incremental",
2248 "WINAD incremental failed (%s exists): %s",
2249 STOP_FILE, tbl_buf);
2259 int moira_disconnect(void)
2262 if (!--mr_connections)
2270 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2271 char *distinguished_name)
2275 CName = ldap_get_dn(ldap_handle, ldap_entry);
2280 strcpy(distinguished_name, CName);
2281 ldap_memfree(CName);
2284 int linklist_create_entry(char *attribute, char *value,
2285 LK_ENTRY **linklist_entry)
2287 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2289 if (!(*linklist_entry))
2294 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2295 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2296 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2297 strcpy((*linklist_entry)->attribute, attribute);
2298 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2299 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2300 strcpy((*linklist_entry)->value, value);
2301 (*linklist_entry)->length = strlen(value);
2302 (*linklist_entry)->next = NULL;
2307 void print_to_screen(const char *fmt, ...)
2311 va_start(pvar, fmt);
2312 vfprintf(stderr, fmt, pvar);
2317 int get_group_membership(char *group_membership, char *group_ou,
2318 int *security_flag, char **av)
2323 maillist_flag = atoi(av[L_MAILLIST]);
2324 group_flag = atoi(av[L_GROUP]);
2326 if (security_flag != NULL)
2327 (*security_flag) = 0;
2329 if ((maillist_flag) && (group_flag))
2331 if (group_membership != NULL)
2332 group_membership[0] = 'B';
2334 if (security_flag != NULL)
2335 (*security_flag) = 1;
2337 if (group_ou != NULL)
2338 strcpy(group_ou, group_ou_both);
2340 else if ((!maillist_flag) && (group_flag))
2342 if (group_membership != NULL)
2343 group_membership[0] = 'S';
2345 if (security_flag != NULL)
2346 (*security_flag) = 1;
2348 if (group_ou != NULL)
2349 strcpy(group_ou, group_ou_security);
2351 else if ((maillist_flag) && (!group_flag))
2353 if (group_membership != NULL)
2354 group_membership[0] = 'D';
2356 if (group_ou != NULL)
2357 strcpy(group_ou, group_ou_distribution);
2361 if (group_membership != NULL)
2362 group_membership[0] = 'N';
2364 if (group_ou != NULL)
2365 strcpy(group_ou, group_ou_neither);
2371 int group_rename(LDAP *ldap_handle, char *dn_path,
2372 char *before_group_name, char *before_group_membership,
2373 char *before_group_ou, int before_security_flag,
2374 char *before_desc, char *after_group_name,
2375 char *after_group_membership, char *after_group_ou,
2376 int after_security_flag, char *after_desc,
2377 char *MoiraId, char *filter, char *maillist)
2382 char new_dn_path[512];
2385 char mail_nickname[256];
2386 char proxy_address[256];
2387 char address_book[256];
2388 char *attr_array[3];
2389 char *mitMoiraId_v[] = {NULL, NULL};
2390 char *name_v[] = {NULL, NULL};
2391 char *samAccountName_v[] = {NULL, NULL};
2392 char *groupTypeControl_v[] = {NULL, NULL};
2393 char *mail_v[] = {NULL, NULL};
2394 char *proxy_address_v[] = {NULL, NULL};
2395 char *mail_nickname_v[] = {NULL, NULL};
2396 char *report_to_originator_v[] = {NULL, NULL};
2397 char *address_book_v[] = {NULL, NULL};
2398 char *legacy_exchange_dn_v[] = {NULL, NULL};
2399 u_int groupTypeControl;
2400 char groupTypeControlStr[80];
2401 char contact_mail[256];
2405 LK_ENTRY *group_base;
2407 int MailDisabled = 0;
2409 if(UseGroupUniversal)
2410 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2412 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2414 if (!check_string(before_group_name))
2417 "Unable to process invalid LDAP list name %s",
2419 return(AD_INVALID_NAME);
2422 if (!check_string(after_group_name))
2425 "Unable to process invalid LDAP list name %s", after_group_name);
2426 return(AD_INVALID_NAME);
2436 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2437 attr_array[0] = "cn";
2438 attr_array[1] = NULL;
2440 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2441 &group_base, &group_count,
2442 LDAP_SCOPE_SUBTREE)) != 0)
2444 com_err(whoami, 0, "Unable to process group %s : %s",
2445 after_group_name, ldap_err2string(rc));
2451 com_err(whoami, 0, "Object already exists with name %s",
2456 linklist_free(group_base);
2465 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2466 before_group_membership,
2467 MoiraId, "samAccountName", &group_base,
2468 &group_count, filter))
2471 if (group_count == 0)
2473 return(AD_NO_GROUPS_FOUND);
2476 if (group_count != 1)
2478 com_err(whoami, 0, "Unable to process multiple groups with "
2479 "MoiraId = %s exist in the AD", MoiraId);
2480 return(AD_MULTIPLE_GROUPS_FOUND);
2483 strcpy(old_dn, group_base->dn);
2485 linklist_free(group_base);
2488 attr_array[0] = "sAMAccountName";
2489 attr_array[1] = NULL;
2491 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2492 &group_base, &group_count,
2493 LDAP_SCOPE_SUBTREE)) != 0)
2495 com_err(whoami, 0, "Unable to get list %s dn : %s",
2496 after_group_name, ldap_err2string(rc));
2500 if (group_count != 1)
2503 "Unable to get sAMAccountName for group %s",
2505 return(AD_LDAP_FAILURE);
2508 strcpy(sam_name, group_base->value);
2509 linklist_free(group_base);
2513 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2514 sprintf(new_dn, "cn=%s", after_group_name);
2515 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2516 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2517 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2518 lowercase(ldap_domain));
2519 sprintf(mail_nickname, "%s", after_group_name);
2521 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2523 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2524 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2526 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2527 before_group_name, after_group_name, ldap_err2string(rc));
2531 name_v[0] = after_group_name;
2533 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2534 group_suffix, strlen(group_suffix)))
2536 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2541 "Unable to rename list from %s to %s : sAMAccountName not found",
2542 before_group_name, after_group_name);
2546 samAccountName_v[0] = sam_name;
2548 if (after_security_flag)
2549 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2551 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2552 groupTypeControl_v[0] = groupTypeControlStr;
2553 mitMoiraId_v[0] = MoiraId;
2555 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2556 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2559 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2560 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2561 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2562 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2566 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2568 mail_nickname_v[0] = mail_nickname;
2569 proxy_address_v[0] = proxy_address;
2571 report_to_originator_v[0] = "TRUE";
2573 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("reportToOriginator", report_to_originator_v,
2581 mail_nickname_v[0] = NULL;
2582 proxy_address_v[0] = NULL;
2584 legacy_exchange_dn_v[0] = NULL;
2585 address_book_v[0] = NULL;
2586 report_to_originator_v[0] = NULL;
2588 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2593 ADD_ATTR("reportToOriginator", report_to_originator_v,
2599 if(atoi(maillist) && email_isvalid(contact_mail))
2601 mail_v[0] = contact_mail;
2602 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2608 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2611 "Unable to modify list data for %s after renaming: %s",
2612 after_group_name, ldap_err2string(rc));
2615 for (i = 0; i < n; i++)
2621 int group_create(int ac, char **av, void *ptr)
2626 char new_group_name[256];
2627 char sam_group_name[256];
2628 char cn_group_name[256];
2630 char contact_mail[256];
2631 char mail_nickname[256];
2632 char proxy_address[256];
2633 char address_book[256];
2634 char *cn_v[] = {NULL, NULL};
2635 char *objectClass_v[] = {"top", "group", NULL};
2636 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2637 "group", "mailRecipient", NULL};
2639 char *samAccountName_v[] = {NULL, NULL};
2640 char *altSecurityIdentities_v[] = {NULL, NULL};
2641 char *member_v[] = {NULL, NULL};
2642 char *name_v[] = {NULL, NULL};
2643 char *desc_v[] = {NULL, NULL};
2644 char *info_v[] = {NULL, NULL};
2645 char *mitMoiraId_v[] = {NULL, NULL};
2646 char *mitMoiraPublic_v[] = {NULL, NULL};
2647 char *mitMoiraHidden_v[] = {NULL, NULL};
2648 char *groupTypeControl_v[] = {NULL, NULL};
2649 char *mail_v[] = {NULL, NULL};
2650 char *proxy_address_v[] = {NULL, NULL};
2651 char *mail_nickname_v[] = {NULL, NULL};
2652 char *report_to_originator_v[] = {NULL, NULL};
2653 char *address_book_v[] = {NULL, NULL};
2654 char *legacy_exchange_dn_v[] = {NULL, NULL};
2655 char *gidNumber_v[] = {NULL, NULL};
2656 char groupTypeControlStr[80];
2657 char group_membership[1];
2660 u_int groupTypeControl;
2664 int MailDisabled = 0;
2666 LK_ENTRY *group_base;
2669 char *attr_array[3];
2673 if(UseGroupUniversal)
2674 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2676 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2678 if (!check_string(av[L_NAME]))
2680 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2682 return(AD_INVALID_NAME);
2685 updateGroup = (int)call_args[4];
2686 memset(group_ou, 0, sizeof(group_ou));
2687 memset(group_membership, 0, sizeof(group_membership));
2690 get_group_membership(group_membership, group_ou, &security_flag, av);
2692 strcpy(new_group_name, av[L_NAME]);
2693 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2694 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2695 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2696 sprintf(mail_nickname, "%s", av[L_NAME]);
2699 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2701 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2705 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2706 groupTypeControl_v[0] = groupTypeControlStr;
2708 strcpy(cn_group_name, av[L_NAME]);
2710 samAccountName_v[0] = sam_group_name;
2711 name_v[0] = new_group_name;
2712 cn_v[0] = new_group_name;
2715 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2719 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2723 mitMoiraPublic_v[0] = av[L_PUBLIC];
2724 mitMoiraHidden_v[0] = av[L_HIDDEN];
2725 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2726 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2727 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2729 if(atoi(av[L_GROUP]))
2731 gidNumber_v[0] = av[L_GID];
2732 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2736 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2737 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2738 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2742 if(atoi(av[L_MAILLIST]))
2747 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2748 attr_array[0] = "cn";
2749 attr_array[1] = NULL;
2751 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2752 filter, attr_array, &group_base,
2754 LDAP_SCOPE_SUBTREE)) != 0)
2756 com_err(whoami, 0, "Unable to process group %s : %s",
2757 av[L_NAME], ldap_err2string(rc));
2763 com_err(whoami, 0, "Object already exists with name %s",
2768 linklist_free(group_base);
2773 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2775 mail_nickname_v[0] = mail_nickname;
2776 report_to_originator_v[0] = "TRUE";
2778 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2779 ADD_ATTR("reportToOriginator", report_to_originator_v,
2785 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2787 mail_v[0] = contact_mail;
2788 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2792 if (strlen(av[L_DESC]) != 0)
2794 desc_v[0] = av[L_DESC];
2795 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2798 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2800 if (strlen(av[L_ACE_NAME]) != 0)
2802 sprintf(info, "The Administrator of this list is: %s",
2805 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2808 if (strlen(call_args[5]) != 0)
2810 mitMoiraId_v[0] = call_args[5];
2811 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2816 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2818 for (i = 0; i < n; i++)
2821 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2823 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2824 av[L_NAME], ldap_err2string(rc));
2830 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2832 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2833 "description", av[L_NAME]);
2834 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2836 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2841 if (strlen(call_args[5]) != 0)
2843 mitMoiraId_v[0] = call_args[5];
2844 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2847 if (!(atoi(av[L_ACTIVE])))
2850 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2853 if (!ActiveDirectory)
2855 mitMoiraPublic_v[0] = av[L_PUBLIC];
2856 mitMoiraHidden_v[0] = av[L_HIDDEN];
2857 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2858 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2860 if(atoi(av[L_GROUP]))
2862 gidNumber_v[0] = av[L_GID];
2863 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2867 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2873 if(atoi(av[L_MAILLIST]))
2878 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2879 attr_array[0] = "cn";
2880 attr_array[1] = NULL;
2882 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2883 filter, attr_array, &group_base,
2885 LDAP_SCOPE_SUBTREE)) != 0)
2887 com_err(whoami, 0, "Unable to process group %s : %s",
2888 av[L_NAME], ldap_err2string(rc));
2894 com_err(whoami, 0, "Object already exists with name %s",
2899 linklist_free(group_base);
2904 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2906 mail_nickname_v[0] = mail_nickname;
2907 report_to_originator_v[0] = "TRUE";
2909 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2910 ADD_ATTR("reportToOriginator", report_to_originator_v,
2916 mail_nickname_v[0] = NULL;
2917 proxy_address_v[0] = NULL;
2918 legacy_exchange_dn_v[0] = NULL;
2919 address_book_v[0] = NULL;
2920 report_to_originator_v[0] = NULL;
2922 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2923 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2924 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2925 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2927 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2928 ADD_ATTR("reportToOriginator", report_to_originator_v,
2934 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2936 mail_v[0] = contact_mail;
2937 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2942 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2951 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2953 for (i = 0; i < n; i++)
2956 if (rc != LDAP_SUCCESS)
2958 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2959 av[L_NAME], ldap_err2string(rc));
2966 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2967 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2969 return(LDAP_SUCCESS);
2972 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2973 char *TargetGroupName, int HiddenGroup,
2974 char *AceType, char *AceName)
2976 char filter_exp[1024];
2977 char *attr_array[5];
2978 char search_path[512];
2980 char TemplateDn[512];
2981 char TemplateSamName[128];
2983 char TargetSamName[128];
2984 char AceSamAccountName[128];
2986 unsigned char AceSid[128];
2987 unsigned char UserTemplateSid[128];
2988 char acBERBuf[N_SD_BER_BYTES];
2989 char GroupSecurityTemplate[256];
2990 char hide_addres_lists[256];
2991 char address_book[256];
2992 char *hide_address_lists_v[] = {NULL, NULL};
2993 char *address_book_v[] = {NULL, NULL};
2994 char *owner_v[] = {NULL, NULL};
2996 int UserTemplateSidCount;
3003 int array_count = 0;
3005 LK_ENTRY *group_base;
3006 LDAP_BERVAL **ppsValues;
3007 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3008 { N_SD_BER_BYTES, acBERBuf },
3011 LDAPControl *apsServerControls[] = {&sControl, NULL};
3014 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3015 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3016 BEREncodeSecurityBits(dwInfo, acBERBuf);
3018 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3019 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3020 attr_array[0] = "sAMAccountName";
3021 attr_array[1] = NULL;
3025 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3026 &group_base, &group_count,
3027 LDAP_SCOPE_SUBTREE) != 0))
3030 if (group_count != 1)
3032 linklist_free(group_base);
3036 strcpy(TargetDn, group_base->dn);
3037 strcpy(TargetSamName, group_base->value);
3038 linklist_free(group_base);
3042 UserTemplateSidCount = 0;
3043 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3044 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3045 memset(AceSid, '\0', sizeof(AceSid));
3050 if (strlen(AceName) != 0)
3052 if (!strcmp(AceType, "LIST"))
3054 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3055 strcpy(root_ou, group_ou_root);
3057 else if (!strcmp(AceType, "USER"))
3059 sprintf(AceSamAccountName, "%s", AceName);
3060 strcpy(root_ou, user_ou);
3063 if (ActiveDirectory)
3065 if (strlen(AceSamAccountName) != 0)
3067 sprintf(search_path, "%s", dn_path);
3068 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3069 attr_array[0] = "objectSid";
3070 attr_array[1] = NULL;
3074 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3075 attr_array, &group_base, &group_count,
3076 LDAP_SCOPE_SUBTREE) != 0))
3078 if (group_count == 1)
3080 strcpy(AceDn, group_base->dn);
3081 AceSidCount = group_base->length;
3082 memcpy(AceSid, group_base->value, AceSidCount);
3084 linklist_free(group_base);
3091 if (strlen(AceSamAccountName) != 0)
3093 sprintf(search_path, "%s", dn_path);
3094 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3095 attr_array[0] = "samAccountName";
3096 attr_array[1] = NULL;
3100 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3101 attr_array, &group_base, &group_count,
3102 LDAP_SCOPE_SUBTREE) != 0))
3104 if (group_count == 1)
3106 strcpy(AceDn, group_base->dn);
3108 linklist_free(group_base);
3115 if (!ActiveDirectory)
3117 if (strlen(AceDn) != 0)
3119 owner_v[0] = strdup(AceDn);
3121 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3125 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3127 for (i = 0; i < n; i++)
3130 if (rc != LDAP_SUCCESS)
3131 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3132 TargetGroupName, ldap_err2string(rc));
3138 if (AceSidCount == 0)
3140 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3141 "have an AD SID.", TargetGroupName, AceName, AceType);
3142 com_err(whoami, 0, " Non-admin security group template will be used.");
3146 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3147 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3148 attr_array[0] = "objectSid";
3149 attr_array[1] = NULL;
3154 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3155 attr_array, &group_base, &group_count,
3156 LDAP_SCOPE_SUBTREE) != 0))
3159 if ((rc != 0) || (group_count != 1))
3161 com_err(whoami, 0, "Unable to process user security template: %s",
3167 UserTemplateSidCount = group_base->length;
3168 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3170 linklist_free(group_base);
3177 if (AceSidCount == 0)
3179 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3180 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3184 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3185 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3190 if (AceSidCount == 0)
3192 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3193 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3197 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3198 sprintf(filter_exp, "(sAMAccountName=%s)",
3199 NOT_HIDDEN_GROUP_WITH_ADMIN);
3203 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3204 attr_array[0] = "sAMAccountName";
3205 attr_array[1] = NULL;
3209 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3210 &group_base, &group_count,
3211 LDAP_SCOPE_SUBTREE) != 0))
3214 if (group_count != 1)
3216 linklist_free(group_base);
3217 com_err(whoami, 0, "Unable to process group security template: %s - "
3218 "security not set", GroupSecurityTemplate);
3222 strcpy(TemplateDn, group_base->dn);
3223 strcpy(TemplateSamName, group_base->value);
3224 linklist_free(group_base);
3228 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3229 rc = ldap_search_ext_s(ldap_handle,
3241 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3243 com_err(whoami, 0, "Unable to find group security template: %s - "
3244 "security not set", GroupSecurityTemplate);
3248 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3250 if (ppsValues == NULL)
3252 com_err(whoami, 0, "Unable to find group security descriptor for group "
3253 "%s - security not set", GroupSecurityTemplate);
3257 if (AceSidCount != 0)
3259 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3262 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3264 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3265 UserTemplateSidCount))
3267 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3275 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3276 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3282 hide_address_lists_v[0] = "TRUE";
3283 address_book_v[0] = NULL;
3284 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3286 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3288 hide_address_lists_v[0] = NULL;
3289 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3296 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3298 for (i = 0; i < n; i++)
3301 ldap_value_free_len(ppsValues);
3302 ldap_msgfree(psMsg);
3304 if (rc != LDAP_SUCCESS)
3306 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3307 TargetGroupName, ldap_err2string(rc));
3309 if (AceSidCount != 0)
3312 "Trying to set security for group %s without admin.",
3315 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3316 HiddenGroup, "", ""))
3318 com_err(whoami, 0, "Unable to set security for group %s.",
3329 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3330 char *group_membership, char *MoiraId)
3332 LK_ENTRY *group_base;
3338 if (!check_string(group_name))
3341 "Unable to process invalid LDAP list name %s", group_name);
3342 return(AD_INVALID_NAME);
3345 memset(filter, '\0', sizeof(filter));
3348 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3350 if (rc = ad_get_group(ldap_handle, temp, group_name,
3351 group_membership, MoiraId,
3352 "samAccountName", &group_base,
3353 &group_count, filter))
3356 if (group_count == 1)
3358 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3360 linklist_free(group_base);
3361 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
3362 group_name, ldap_err2string(rc));
3365 linklist_free(group_base);
3369 linklist_free(group_base);
3370 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
3371 return(AD_NO_GROUPS_FOUND);
3377 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3383 return(N_SD_BER_BYTES);
3386 int process_lists(int ac, char **av, void *ptr)
3391 char group_membership[2];
3397 memset(group_ou, '\0', sizeof(group_ou));
3398 memset(group_membership, '\0', sizeof(group_membership));
3399 get_group_membership(group_membership, group_ou, &security_flag, av);
3400 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3401 av[L_NAME], group_ou, group_membership,
3407 int member_list_build(int ac, char **av, void *ptr)
3415 strcpy(temp, av[ACE_NAME]);
3417 if (!check_string(temp))
3420 if (!strcmp(av[ACE_TYPE], "USER"))
3422 if (!((int)call_args[3] & MOIRA_USERS))
3425 else if (!strcmp(av[ACE_TYPE], "STRING"))
3429 if((s = strchr(temp, '@')) == (char *) NULL)
3431 strcat(temp, "@mit.edu");
3434 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3436 s = strrchr(temp, '.');
3438 strcat(s, ".mit.edu");
3442 if (!((int)call_args[3] & MOIRA_STRINGS))
3445 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3449 else if (!strcmp(av[ACE_TYPE], "LIST"))
3451 if (!((int)call_args[3] & MOIRA_LISTS))
3454 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3456 if (!((int)call_args[3] & MOIRA_KERBEROS))
3459 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3467 linklist = member_base;
3471 if (!strcasecmp(temp, linklist->member))
3474 linklist = linklist->next;
3477 linklist = calloc(1, sizeof(LK_ENTRY));
3479 linklist->dn = NULL;
3480 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3481 strcpy(linklist->list, call_args[2]);
3482 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3483 strcpy(linklist->type, av[ACE_TYPE]);
3484 linklist->member = calloc(1, strlen(temp) + 1);
3485 strcpy(linklist->member, temp);
3486 linklist->next = member_base;
3487 member_base = linklist;
3492 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3493 char *group_ou, char *group_membership, char *user_name,
3494 char *UserOu, char *MoiraId)
3496 char distinguished_name[1024];
3500 char *attr_array[3];
3505 LK_ENTRY *group_base;
3509 if (!check_string(group_name))
3510 return(AD_INVALID_NAME);
3512 memset(filter, '\0', sizeof(filter));
3516 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3517 group_membership, MoiraId,
3518 "samAccountName", &group_base,
3519 &group_count, filter))
3522 if (group_count != 1)
3524 com_err(whoami, 0, "Unable to find list %s in AD",
3526 linklist_free(group_base);
3532 strcpy(distinguished_name, group_base->dn);
3533 linklist_free(group_base);
3539 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3543 if(!strcmp(UserOu, user_ou))
3544 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3546 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3549 modvalues[0] = temp;
3550 modvalues[1] = NULL;
3553 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3555 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3557 for (i = 0; i < n; i++)
3560 if (rc == LDAP_UNWILLING_TO_PERFORM)
3563 if (rc != LDAP_SUCCESS)
3565 com_err(whoami, 0, "Unable to modify list %s members : %s",
3566 group_name, ldap_err2string(rc));
3570 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3574 if(!strcmp(UserOu, contact_ou) &&
3575 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3577 memset(temp, '\0', sizeof(temp));
3578 strcpy(temp, user_name);
3579 s = strchr(temp, '@');
3582 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3584 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3585 &group_base, &group_count,
3586 LDAP_SCOPE_SUBTREE) != 0))
3592 linklist_free(group_base);
3597 sprintf(filter, "(distinguishedName=%s)", temp);
3598 attr_array[0] = "memberOf";
3599 attr_array[1] = NULL;
3601 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3602 &group_base, &group_count,
3603 LDAP_SCOPE_SUBTREE) != 0))
3609 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3611 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3621 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3622 char *group_ou, char *group_membership, char *user_name,
3623 char *UserOu, char *MoiraId)
3625 char distinguished_name[1024];
3633 LK_ENTRY *group_base;
3636 if (!check_string(group_name))
3637 return(AD_INVALID_NAME);
3640 memset(filter, '\0', sizeof(filter));
3644 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3645 group_membership, MoiraId,
3646 "samAccountName", &group_base,
3647 &group_count, filter))
3650 if (group_count != 1)
3652 linklist_free(group_base);
3655 com_err(whoami, 0, "Unable to find list %s %d in AD",
3656 group_name, group_count);
3657 return(AD_MULTIPLE_GROUPS_FOUND);
3660 strcpy(distinguished_name, group_base->dn);
3661 linklist_free(group_base);
3667 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3671 if(!strcmp(UserOu, user_ou))
3672 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3674 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3677 modvalues[0] = temp;
3678 modvalues[1] = NULL;
3681 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3683 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3685 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3688 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3690 if (rc == LDAP_UNWILLING_TO_PERFORM)
3694 for (i = 0; i < n; i++)
3697 if (rc != LDAP_SUCCESS)
3699 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3700 user_name, group_name, ldap_err2string(rc));
3706 int contact_remove_email(LDAP *ld, char *bind_path,
3707 LK_ENTRY **linklist_base, int linklist_current)
3711 char *mail_v[] = {NULL, NULL};
3719 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3720 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3721 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3722 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3725 gPtr = (*linklist_base);
3728 rc = ldap_modify_s(ld, gPtr->dn, mods);
3730 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3732 com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
3733 gPtr->dn, ldap_err2string(rc));
3740 for (i = 0; i < n; i++)
3746 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3749 LK_ENTRY *group_base;
3752 char cn_user_name[256];
3753 char contact_name[256];
3754 char mail_nickname[256];
3755 char proxy_address_internal[256];
3756 char proxy_address_external[256];
3757 char target_address[256];
3758 char internal_contact_name[256];
3761 char principal[256];
3762 char mit_address_book[256];
3763 char default_address_book[256];
3764 char contact_address_book[256];
3766 char *email_v[] = {NULL, NULL};
3767 char *cn_v[] = {NULL, NULL};
3768 char *contact_v[] = {NULL, NULL};
3769 char *uid_v[] = {NULL, NULL};
3770 char *mail_nickname_v[] = {NULL, NULL};
3771 char *proxy_address_internal_v[] = {NULL, NULL};
3772 char *proxy_address_external_v[] = {NULL, NULL};
3773 char *target_address_v[] = {NULL, NULL};
3774 char *mit_address_book_v[] = {NULL, NULL};
3775 char *default_address_book_v[] = {NULL, NULL};
3776 char *contact_address_book_v[] = {NULL, NULL};
3777 char *hide_address_lists_v[] = {NULL, NULL};
3778 char *attr_array[3];
3779 char *objectClass_v[] = {"top", "person",
3780 "organizationalPerson",
3782 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3783 "inetOrgPerson", "organizationalPerson",
3784 "contact", "mailRecipient", "eduPerson",
3786 char *name_v[] = {NULL, NULL};
3787 char *desc_v[] = {NULL, NULL};
3794 char *mail_routing_v[] = {NULL, NULL};
3795 char *principal_v[] = {NULL, NULL};
3797 if (!check_string(user))
3799 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3800 return(AD_INVALID_NAME);
3804 strcpy(contact_name, mail);
3805 strcpy(internal_contact_name, mail);
3807 if((s = strchr(internal_contact_name, '@')) != NULL) {
3811 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3814 sprintf(target_address, "SMTP:%s", contact_name);
3815 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3816 sprintf(mail_nickname, "%s", internal_contact_name);
3818 cn_v[0] = cn_user_name;
3819 contact_v[0] = contact_name;
3822 desc_v[0] = "Auto account created by Moira";
3824 proxy_address_internal_v[0] = proxy_address_internal;
3825 proxy_address_external_v[0] = proxy_address_external;
3826 mail_nickname_v[0] = mail_nickname;
3827 target_address_v[0] = target_address;
3828 mit_address_book_v[0] = mit_address_book;
3829 default_address_book_v[0] = default_address_book;
3830 contact_address_book_v[0] = contact_address_book;
3831 strcpy(new_dn, cn_user_name);
3834 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3836 if(!ActiveDirectory)
3838 if(!strcmp(group_ou, contact_ou))
3839 sprintf(uid, "%s%s", contact_name, "_strings");
3841 if(!strcmp(group_ou, kerberos_ou))
3842 sprintf(uid, "%s%s", contact_name, "_kerberos");
3846 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3847 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3852 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3856 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3859 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3860 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3861 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3865 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3870 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3871 attr_array[0] = "cn";
3872 attr_array[1] = NULL;
3874 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3875 &group_base, &group_count,
3876 LDAP_SCOPE_SUBTREE)) != 0)
3878 com_err(whoami, 0, "Unable to process contact %s : %s",
3879 user, ldap_err2string(rc));
3885 com_err(whoami, 0, "Object already exists with name %s",
3890 linklist_free(group_base);
3894 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3895 attr_array[0] = "cn";
3896 attr_array[1] = NULL;
3898 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3899 &group_base, &group_count,
3900 LDAP_SCOPE_SUBTREE)) != 0)
3902 com_err(whoami, 0, "Unable to process contact %s : %s",
3903 user, ldap_err2string(rc));
3909 com_err(whoami, 0, "Object already exists with name %s",
3914 linklist_free(group_base);
3918 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3919 attr_array[0] = "cn";
3920 attr_array[1] = NULL;
3922 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3923 &group_base, &group_count,
3924 LDAP_SCOPE_SUBTREE)) != 0)
3926 com_err(whoami, 0, "Unable to process contact %s : %s",
3927 user, ldap_err2string(rc));
3933 com_err(whoami, 0, "Object already exists with name %s",
3938 linklist_free(group_base);
3942 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3943 attr_array[0] = "cn";
3944 attr_array[1] = NULL;
3946 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3947 &group_base, &group_count,
3948 LDAP_SCOPE_SUBTREE)) != 0)
3950 com_err(whoami, 0, "Unable to process contact %s : %s",
3951 user, ldap_err2string(rc));
3957 com_err(whoami, 0, "Object already exists with name %s",
3962 linklist_free(group_base);
3966 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3967 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3968 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3969 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
3971 hide_address_lists_v[0] = "TRUE";
3972 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3977 if(!ActiveDirectory)
3979 if((c = strchr(mail, '@')) == NULL)
3980 sprintf(temp, "%s@mit.edu", mail);
3982 sprintf(temp, "%s", mail);
3984 mail_routing_v[0] = temp;
3986 principal_v[0] = principal;
3988 if(!strcmp(group_ou, contact_ou))
3990 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
3993 if(!strcmp(group_ou, contact_ou))
3995 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4001 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4003 for (i = 0; i < n; i++)
4008 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4009 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4013 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4014 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4015 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4017 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4019 hide_address_lists_v[0] = "TRUE";
4020 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4024 rc = ldap_modify_s(ld, new_dn, mods);
4028 com_err(whoami, 0, "Unable to update contact %s", mail);
4031 for (i = 0; i < n; i++)
4036 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4039 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
4043 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4047 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
4050 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4051 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
4052 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4054 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4056 for (i = 0; i < n; i++)
4060 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4062 com_err(whoami, 0, "Unable to create contact %s : %s",
4063 user, ldap_err2string(rc));
4070 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4071 char *Uid, char *MitId, char *MoiraId, int State,
4072 char *WinHomeDir, char *WinProfileDir, char *first,
4073 char *middle, char *last, char *shell, char *class)
4076 LK_ENTRY *group_base;
4078 char distinguished_name[512];
4079 char displayName[256];
4080 char *mitMoiraId_v[] = {NULL, NULL};
4081 char *mitMoiraClass_v[] = {NULL, NULL};
4082 char *mitMoiraStatus_v[] = {NULL, NULL};
4083 char *uid_v[] = {NULL, NULL};
4084 char *mitid_v[] = {NULL, NULL};
4085 char *homedir_v[] = {NULL, NULL};
4086 char *winProfile_v[] = {NULL, NULL};
4087 char *drives_v[] = {NULL, NULL};
4088 char *userAccountControl_v[] = {NULL, NULL};
4089 char *alt_recipient_v[] = {NULL, NULL};
4090 char *hide_address_lists_v[] = {NULL, NULL};
4091 char *mail_v[] = {NULL, NULL};
4092 char *gid_v[] = {NULL, NULL};
4093 char *loginshell_v[] = {NULL, NULL};
4094 char *principal_v[] = {NULL, NULL};
4095 char userAccountControlStr[80];
4100 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4101 UF_PASSWD_CANT_CHANGE;
4103 char *attr_array[3];
4106 char contact_mail[256];
4107 char filter_exp[1024];
4108 char search_path[512];
4109 char TemplateDn[512];
4110 char TemplateSamName[128];
4111 char alt_recipient[256];
4112 char principal[256];
4114 char acBERBuf[N_SD_BER_BYTES];
4115 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4116 { N_SD_BER_BYTES, acBERBuf },
4118 LDAPControl *apsServerControls[] = {&sControl, NULL};
4120 LDAP_BERVAL **ppsValues;
4124 char *homeServerName;
4126 char search_string[256];
4128 char *mail_routing_v[] = {NULL, NULL};
4131 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4132 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4133 BEREncodeSecurityBits(dwInfo, acBERBuf);
4135 if (!check_string(user_name))
4137 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4139 return(AD_INVALID_NAME);
4142 memset(contact_mail, '\0', sizeof(contact_mail));
4143 sprintf(contact_mail, "%s@mit.edu", user_name);
4144 memset(mail, '\0', sizeof(mail));
4145 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4146 memset(alt_recipient, '\0', sizeof(alt_recipient));
4147 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4149 sprintf(search_string, "@%s", uppercase(ldap_domain));
4153 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4155 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4162 memset(displayName, '\0', sizeof(displayName));
4164 if (strlen(MoiraId) != 0)
4168 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4173 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4176 attr_array[0] = "cn";
4177 attr_array[1] = NULL;
4178 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4179 &group_base, &group_count,
4180 LDAP_SCOPE_SUBTREE)) != 0)
4182 com_err(whoami, 0, "Unable to process user %s : %s",
4183 user_name, ldap_err2string(rc));
4188 if (group_count != 1)
4190 linklist_free(group_base);
4193 sprintf(filter, "(sAMAccountName=%s)", user_name);
4194 attr_array[0] = "cn";
4195 attr_array[1] = NULL;
4196 sprintf(temp, "%s,%s", user_ou, dn_path);
4197 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4198 &group_base, &group_count,
4199 LDAP_SCOPE_SUBTREE)) != 0)
4201 com_err(whoami, 0, "Unable to process user %s : %s",
4202 user_name, ldap_err2string(rc));
4207 if (group_count != 1)
4209 com_err(whoami, 0, "Unable to find user %s in AD",
4211 linklist_free(group_base);
4212 return(AD_NO_USER_FOUND);
4215 strcpy(distinguished_name, group_base->dn);
4217 linklist_free(group_base);
4220 if(!ActiveDirectory)
4222 if (rc = moira_connect())
4224 critical_alert("AD incremental",
4225 "Error contacting Moira server : %s",
4230 argv[0] = user_name;
4232 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4235 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4237 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4239 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4244 "Unable to set the mailRoutingAddress for %s : %s",
4245 user_name, ldap_err2string(rc));
4247 p = strdup(save_argv[3]);
4249 if((c = strchr(p, ',')) != NULL)
4254 if ((c = strchr(q, '@')) == NULL)
4255 sprintf(temp, "%s@mit.edu", q);
4257 sprintf(temp, "%s", q);
4259 if(email_isvalid(temp) && State != US_DELETED)
4261 mail_routing_v[0] = temp;
4264 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4266 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4268 if (rc == LDAP_ALREADY_EXISTS ||
4269 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4274 "Unable to set the mailRoutingAddress for %s : %s",
4275 user_name, ldap_err2string(rc));
4278 while((q = strtok(NULL, ",")) != NULL) {
4281 if((c = strchr(q, '@')) == NULL)
4282 sprintf(temp, "%s@mit.edu", q);
4284 sprintf(temp, "%s", q);
4286 if(email_isvalid(temp) && State != US_DELETED)
4288 mail_routing_v[0] = temp;
4291 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4294 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4296 if (rc == LDAP_ALREADY_EXISTS ||
4297 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4302 "Unable to set the mailRoutingAddress for "
4304 user_name, ldap_err2string(rc));
4310 if((c = strchr(p, '@')) == NULL)
4311 sprintf(temp, "%s@mit.edu", p);
4313 sprintf(temp, "%s", p);
4315 if(email_isvalid(temp) && State != US_DELETED)
4317 mail_routing_v[0] = temp;
4320 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4322 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4324 if (rc == LDAP_ALREADY_EXISTS ||
4325 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4330 "Unable to set the mailRoutingAddress for %s : %s",
4331 user_name, ldap_err2string(rc));
4338 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4339 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4340 "employeeID", user_name);
4342 rc = attribute_update(ldap_handle, distinguished_name, "none",
4343 "employeeID", user_name);
4346 strcat(displayName, first);
4349 if(strlen(middle)) {
4351 strcat(displayName, " ");
4353 strcat(displayName, middle);
4357 if(strlen(middle) || strlen(first))
4358 strcat(displayName, " ");
4360 strcat(displayName, last);
4363 if(strlen(displayName))
4364 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4365 "displayName", user_name);
4367 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4368 "displayName", user_name);
4370 if(!ActiveDirectory)
4372 if(strlen(displayName))
4373 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4376 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4380 if(!ActiveDirectory)
4382 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4383 "eduPersonNickname", user_name);
4387 rc = attribute_update(ldap_handle, distinguished_name, first,
4388 "givenName", user_name);
4390 rc = attribute_update(ldap_handle, distinguished_name, "",
4391 "givenName", user_name);
4393 if(strlen(middle) == 1)
4394 rc = attribute_update(ldap_handle, distinguished_name, middle,
4395 "initials", user_name);
4397 rc = attribute_update(ldap_handle, distinguished_name, "",
4398 "initials", user_name);
4401 rc = attribute_update(ldap_handle, distinguished_name, last,
4404 rc = attribute_update(ldap_handle, distinguished_name, "",
4409 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4414 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4418 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4419 "mitMoiraId", user_name);
4428 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4432 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4437 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4438 sprintf(status, "%d", State);
4439 principal_v[0] = principal;
4440 loginshell_v[0] = shell;
4441 mitMoiraClass_v[0] = class;
4442 mitMoiraStatus_v[0] = status;
4444 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4445 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4446 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4448 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4452 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4454 userAccountControl |= UF_ACCOUNTDISABLE;
4458 hide_address_lists_v[0] = "TRUE";
4459 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4467 hide_address_lists_v[0] = NULL;
4468 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4473 sprintf(userAccountControlStr, "%ld", userAccountControl);
4474 userAccountControl_v[0] = userAccountControlStr;
4475 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4479 if (rc = moira_connect())
4481 critical_alert("AD incremental",
4482 "Error contacting Moira server : %s",
4487 argv[0] = user_name;
4489 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4491 if(!strcmp(save_argv[1], "EXCHANGE") ||
4492 (strstr(save_argv[3], search_string) != NULL))
4494 alt_recipient_v[0] = NULL;
4495 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4497 argv[0] = exchange_acl;
4499 argv[2] = user_name;
4501 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4503 if ((rc) && (rc != MR_EXISTS))
4505 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4506 user_name, exchange_acl, error_message(rc));
4511 alt_recipient_v[0] = alt_recipient;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_NO_MATCH))
4523 "Unable to remove user %s from %s: %s, %d",
4524 user_name, exchange_acl, error_message(rc), rc);
4530 alt_recipient_v[0] = alt_recipient;
4531 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4533 argv[0] = exchange_acl;
4535 argv[2] = user_name;
4537 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4539 if ((rc) && (rc != MR_NO_MATCH))
4542 "Unable to remove user %s from %s: %s, %d",
4543 user_name, exchange_acl, error_message(rc), rc);
4551 mail_v[0] = contact_mail;
4552 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4555 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4556 WinProfileDir, homedir_v, winProfile_v,
4557 drives_v, mods, LDAP_MOD_REPLACE, n);
4561 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4562 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4563 attr_array[0] = "sAMAccountName";
4564 attr_array[1] = NULL;
4568 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4570 &group_base, &group_count,
4571 LDAP_SCOPE_SUBTREE) != 0))
4574 if (group_count != 1)
4576 com_err(whoami, 0, "Unable to process user security template: %s - "
4577 "security not set", "UserTemplate.u");
4581 strcpy(TemplateDn, group_base->dn);
4582 strcpy(TemplateSamName, group_base->value);
4583 linklist_free(group_base);
4587 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4588 filter_exp, NULL, 0, apsServerControls, NULL,
4591 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4593 com_err(whoami, 0, "Unable to find user security template: %s - "
4594 "security not set", "UserTemplate.u");
4598 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4599 "ntSecurityDescriptor");
4601 if (ppsValues == NULL)
4603 com_err(whoami, 0, "Unable to find user security template: %s - "
4604 "security not set", "UserTemplate.u");
4608 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4609 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4614 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4615 mods)) != LDAP_SUCCESS)
4617 OldUseSFU30 = UseSFU30;
4618 SwitchSFU(mods, &UseSFU30, n);
4619 if (OldUseSFU30 != UseSFU30)
4620 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4623 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4624 user_name, ldap_err2string(rc));
4628 for (i = 0; i < n; i++)
4634 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4642 char contact_mail[256];
4643 char proxy_address[256];
4644 char query_base_dn[256];
4646 char *userPrincipalName_v[] = {NULL, NULL};
4647 char *altSecurityIdentities_v[] = {NULL, NULL};
4648 char *name_v[] = {NULL, NULL};
4649 char *samAccountName_v[] = {NULL, NULL};
4650 char *mail_v[] = {NULL, NULL};
4651 char *mail_nickname_v[] = {NULL, NULL};
4652 char *proxy_address_v[] = {NULL, NULL};
4653 char *query_base_dn_v[] = {NULL, NULL};
4654 char *principal_v[] = {NULL, NULL};
4655 char principal[256];
4660 if (!check_string(before_user_name))
4663 "Unable to process invalid LDAP user name %s", before_user_name);
4664 return(AD_INVALID_NAME);
4667 if (!check_string(user_name))
4670 "Unable to process invalid LDAP user name %s", user_name);
4671 return(AD_INVALID_NAME);
4674 strcpy(user_name, user_name);
4677 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4679 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4682 sprintf(new_dn, "cn=%s", user_name);
4684 sprintf(new_dn, "uid=%s", user_name);
4686 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4687 sprintf(contact_mail, "%s@mit.edu", user_name);
4688 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4689 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4691 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4692 NULL, NULL)) != LDAP_SUCCESS)
4694 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4695 before_user_name, user_name, ldap_err2string(rc));
4701 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4704 if(rc = ldap_delete_s(ldap_handle, temp))
4706 com_err(whoami, 0, "Unable to delete user contact for %s",
4710 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4712 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4716 name_v[0] = user_name;
4717 sprintf(upn, "%s@%s", user_name, ldap_domain);
4718 userPrincipalName_v[0] = upn;
4719 principal_v[0] = principal;
4720 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4721 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4722 altSecurityIdentities_v[0] = temp;
4723 samAccountName_v[0] = user_name;
4725 mail_nickname_v[0] = user_name;
4726 proxy_address_v[0] = proxy_address;
4727 query_base_dn_v[0] = query_base_dn;
4730 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4731 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4732 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4733 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4735 if(!ActiveDirectory)
4737 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4738 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4739 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4740 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4745 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4746 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4747 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4752 mail_v[0] = contact_mail;
4753 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4759 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4761 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4763 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4766 "Unable to modify user data for %s after renaming : %s",
4767 user_name, ldap_err2string(rc));
4770 for (i = 0; i < n; i++)
4776 int user_create(int ac, char **av, void *ptr)
4780 char user_name[256];
4784 char contact_mail[256];
4785 char proxy_address[256];
4786 char mail_nickname[256];
4787 char query_base_dn[256];
4788 char displayName[256];
4789 char address_book[256];
4790 char alt_recipient[256];
4791 char *cn_v[] = {NULL, NULL};
4792 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4794 char *objectClass_ldap_v[] = {"top",
4795 "eduPerson", "posixAccount",
4796 "apple-user", "shadowAccount",
4797 "microsoftComTop", "securityPrincipal",
4798 "inetOrgPerson", "user",
4799 "organizationalPerson", "person",
4800 "mailRecipient", NULL};
4802 char *samAccountName_v[] = {NULL, NULL};
4803 char *altSecurityIdentities_v[] = {NULL, NULL};
4804 char *mitMoiraId_v[] = {NULL, NULL};
4805 char *mitMoiraClass_v[] = {NULL, NULL};
4806 char *mitMoiraStatus_v[] = {NULL, NULL};
4807 char *name_v[] = {NULL, NULL};
4808 char *desc_v[] = {NULL, NULL};
4809 char *userPrincipalName_v[] = {NULL, NULL};
4810 char *userAccountControl_v[] = {NULL, NULL};
4811 char *uid_v[] = {NULL, NULL};
4812 char *gid_v[] = {NULL, NULL};
4813 char *mitid_v[] = {NULL, NULL};
4814 char *homedir_v[] = {NULL, NULL};
4815 char *winProfile_v[] = {NULL, NULL};
4816 char *drives_v[] = {NULL, NULL};
4817 char *mail_v[] = {NULL, NULL};
4818 char *givenName_v[] = {NULL, NULL};
4819 char *sn_v[] = {NULL, NULL};
4820 char *initials_v[] = {NULL, NULL};
4821 char *displayName_v[] = {NULL, NULL};
4822 char *proxy_address_v[] = {NULL, NULL};
4823 char *mail_nickname_v[] = {NULL, NULL};
4824 char *query_base_dn_v[] = {NULL, NULL};
4825 char *address_book_v[] = {NULL, NULL};
4826 char *homeMDB_v[] = {NULL, NULL};
4827 char *homeServerName_v[] = {NULL, NULL};
4828 char *mdbUseDefaults_v[] = {NULL, NULL};
4829 char *mailbox_guid_v[] = {NULL, NULL};
4830 char *user_culture_v[] = {NULL, NULL};
4831 char *user_account_control_v[] = {NULL, NULL};
4832 char *msexch_version_v[] = {NULL, NULL};
4833 char *alt_recipient_v[] = {NULL, NULL};
4834 char *hide_address_lists_v[] = {NULL, NULL};
4835 char *principal_v[] = {NULL, NULL};
4836 char *loginshell_v[] = {NULL, NULL};
4837 char userAccountControlStr[80];
4839 char principal[256];
4840 char filter_exp[1024];
4841 char search_path[512];
4842 char *attr_array[3];
4843 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4844 UF_PASSWD_CANT_CHANGE;
4850 char WinHomeDir[1024];
4851 char WinProfileDir[1024];
4853 char *homeServerName;
4855 char acBERBuf[N_SD_BER_BYTES];
4856 LK_ENTRY *group_base;
4858 char TemplateDn[512];
4859 char TemplateSamName[128];
4860 LDAP_BERVAL **ppsValues;
4861 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4862 { N_SD_BER_BYTES, acBERBuf },
4864 LDAPControl *apsServerControls[] = {&sControl, NULL};
4868 char search_string[256];
4869 char *o_v[] = {NULL, NULL};
4871 char *mail_routing_v[] = {NULL, NULL};
4876 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4877 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4878 BEREncodeSecurityBits(dwInfo, acBERBuf);
4880 if (!check_string(av[U_NAME]))
4882 callback_rc = AD_INVALID_NAME;
4883 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4885 return(AD_INVALID_NAME);
4888 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4889 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4890 memset(displayName, '\0', sizeof(displayName));
4891 memset(query_base_dn, '\0', sizeof(query_base_dn));
4892 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4893 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4894 strcpy(user_name, av[U_NAME]);
4895 sprintf(upn, "%s@%s", user_name, ldap_domain);
4896 sprintf(sam_name, "%s", av[U_NAME]);
4898 if(strlen(av[U_FIRST])) {
4899 strcat(displayName, av[U_FIRST]);
4902 if(strlen(av[U_MIDDLE])) {
4903 if(strlen(av[U_FIRST]))
4904 strcat(displayName, " ");
4906 strcat(displayName, av[U_MIDDLE]);
4909 if(strlen(av[U_LAST])) {
4910 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4911 strcat(displayName, " ");
4913 strcat(displayName, av[U_LAST]);
4916 samAccountName_v[0] = sam_name;
4917 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4918 (atoi(av[U_STATE]) != US_REGISTERED))
4920 userAccountControl |= UF_ACCOUNTDISABLE;
4924 hide_address_lists_v[0] = "TRUE";
4925 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4930 sprintf(userAccountControlStr, "%ld", userAccountControl);
4931 userAccountControl_v[0] = userAccountControlStr;
4932 userPrincipalName_v[0] = upn;
4935 cn_v[0] = user_name;
4937 cn_v[0] = displayName;
4939 name_v[0] = user_name;
4940 desc_v[0] = "Auto account created by Moira";
4942 givenName_v[0] = av[U_FIRST];
4945 sn_v[0] = av[U_LAST];
4947 if(strlen(av[U_LAST]))
4948 sn_v[0] = av[U_LAST];
4950 sn_v[0] = av[U_NAME];
4952 displayName_v[0] = displayName;
4953 mail_nickname_v[0] = user_name;
4954 o_v[0] = "Massachusetts Institute of Technology";
4956 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4957 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4958 altSecurityIdentities_v[0] = temp;
4959 principal_v[0] = principal;
4962 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4964 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4966 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4967 sprintf(contact_mail, "%s@mit.edu", user_name);
4968 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4969 query_base_dn_v[0] = query_base_dn;
4970 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4972 sprintf(search_string, "@%s", uppercase(ldap_domain));
4976 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4979 com_err(whoami, 0, "Unable to create user contact %s",
4983 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4986 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
4990 com_err(whoami, 0, "homeMDB:%s", homeMDB);
4991 com_err(whoami, 0, "homeServerName:%s", homeServerName);
4993 homeMDB_v[0] = homeMDB;
4994 homeServerName_v[0] = homeServerName;
4999 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5003 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5007 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5010 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5011 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5012 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5013 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5014 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5018 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5019 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5020 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5021 mdbUseDefaults_v[0] = "TRUE";
5022 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5023 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5025 argv[0] = user_name;
5027 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5029 if(!strcmp(save_argv[1], "EXCHANGE") ||
5030 (strstr(save_argv[3], search_string) != NULL))
5032 argv[0] = exchange_acl;
5034 argv[2] = user_name;
5036 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5038 if ((rc) && (rc != MR_EXISTS))
5040 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5041 user_name, exchange_acl, error_message(rc));
5046 alt_recipient_v[0] = alt_recipient;
5047 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5052 alt_recipient_v[0] = alt_recipient;
5053 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5055 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5060 mail_v[0] = contact_mail;
5061 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5064 if(strlen(av[U_FIRST])) {
5065 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5068 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5069 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5072 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5073 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5075 if(!ActiveDirectory)
5077 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5080 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5082 if(!ActiveDirectory)
5084 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5088 if (strlen(av[U_MIDDLE]) == 1) {
5089 initials_v[0] = av[U_MIDDLE];
5090 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5093 if (strlen(call_args[2]) != 0)
5095 mitMoiraId_v[0] = call_args[2];
5096 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5099 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5101 if(!ActiveDirectory)
5103 loginshell_v[0] = av[U_SHELL];
5104 mitMoiraClass_v[0] = av[U_CLASS];
5105 mitMoiraStatus_v[0] = av[U_STATE];
5106 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5107 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5108 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5109 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5110 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5111 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5114 if (strlen(av[U_UID]) != 0)
5116 uid_v[0] = av[U_UID];
5120 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5125 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5126 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5133 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5137 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5142 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5143 mitid_v[0] = av[U_MITID];
5145 mitid_v[0] = "none";
5147 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5149 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5150 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5151 drives_v, mods, LDAP_MOD_ADD, n);
5155 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5156 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5157 attr_array[0] = "sAMAccountName";
5158 attr_array[1] = NULL;
5162 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5163 attr_array, &group_base, &group_count,
5164 LDAP_SCOPE_SUBTREE) != 0))
5167 if (group_count != 1)
5169 com_err(whoami, 0, "Unable to process user security template: %s - "
5170 "security not set", "UserTemplate.u");
5174 strcpy(TemplateDn, group_base->dn);
5175 strcpy(TemplateSamName, group_base->value);
5176 linklist_free(group_base);
5180 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5181 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5182 apsServerControls, NULL,
5185 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5187 com_err(whoami, 0, "Unable to find user security template: %s - "
5188 "security not set", "UserTemplate.u");
5192 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5193 "ntSecurityDescriptor");
5194 if (ppsValues == NULL)
5196 com_err(whoami, 0, "Unable to find user security template: %s - "
5197 "security not set", "UserTemplate.u");
5201 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5202 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5207 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5209 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5211 OldUseSFU30 = UseSFU30;
5212 SwitchSFU(mods, &UseSFU30, n);
5213 if (OldUseSFU30 != UseSFU30)
5214 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5217 for (i = 0; i < n; i++)
5220 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5222 com_err(whoami, 0, "Unable to create user %s : %s",
5223 user_name, ldap_err2string(rc));
5228 if ((rc == LDAP_SUCCESS) && (SetPassword))
5230 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5232 ad_kdc_disconnect();
5233 if (!ad_server_connect(default_server, ldap_domain))
5235 com_err(whoami, 0, "Unable to set password for user %s : %s",
5237 "cannot get changepw ticket from windows domain");
5241 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5243 com_err(whoami, 0, "Unable to set password for user %s "
5244 ": %ld", user_name, rc);
5250 if(!ActiveDirectory)
5252 if (rc = moira_connect())
5254 critical_alert("AD incremental",
5255 "Error contacting Moira server : %s",
5260 argv[0] = user_name;
5262 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5264 p = strdup(save_argv[3]);
5266 if((c = strchr(p, ',')) != NULL) {
5270 if ((c = strchr(q, '@')) == NULL)
5271 sprintf(temp, "%s@mit.edu", q);
5273 sprintf(temp, "%s", q);
5275 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5277 mail_routing_v[0] = temp;
5280 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5282 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5284 if (rc == LDAP_ALREADY_EXISTS ||
5285 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5290 "Unable to set the mailRoutingAddress for %s : %s",
5291 user_name, ldap_err2string(rc));
5294 while((q = strtok(NULL, ",")) != NULL) {
5297 if((c = strchr(q, '@')) == NULL)
5298 sprintf(temp, "%s@mit.edu", q);
5300 sprintf(temp, "%s", q);
5302 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5304 mail_routing_v[0] = temp;
5307 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5309 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5311 if (rc == LDAP_ALREADY_EXISTS ||
5312 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5317 "Unable to set the mailRoutingAddress for %s : %s",
5318 user_name, ldap_err2string(rc));
5324 if((c = strchr(p, '@')) == NULL)
5325 sprintf(temp, "%s@mit.edu", p);
5327 sprintf(temp, "%s", p);
5329 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5331 mail_routing_v[0] = temp;
5334 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5336 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5338 if (rc == LDAP_ALREADY_EXISTS ||
5339 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5344 "Unable to set the mailRoutingAddress for %s : %s",
5345 user_name, ldap_err2string(rc));
5355 int user_change_status(LDAP *ldap_handle, char *dn_path,
5356 char *user_name, char *MoiraId,
5360 char *attr_array[3];
5362 char distinguished_name[1024];
5364 char *mitMoiraId_v[] = {NULL, NULL};
5366 LK_ENTRY *group_base;
5373 if (!check_string(user_name))
5375 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5377 return(AD_INVALID_NAME);
5383 if (strlen(MoiraId) != 0)
5385 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5386 attr_array[0] = "UserAccountControl";
5387 attr_array[1] = NULL;
5388 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5389 &group_base, &group_count,
5390 LDAP_SCOPE_SUBTREE)) != 0)
5392 com_err(whoami, 0, "Unable to process user %s : %s",
5393 user_name, ldap_err2string(rc));
5398 if (group_count != 1)
5400 linklist_free(group_base);
5403 sprintf(filter, "(sAMAccountName=%s)", user_name);
5404 attr_array[0] = "UserAccountControl";
5405 attr_array[1] = NULL;
5406 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5407 &group_base, &group_count,
5408 LDAP_SCOPE_SUBTREE)) != 0)
5410 com_err(whoami, 0, "Unable to process user %s : %s",
5411 user_name, ldap_err2string(rc));
5416 if (group_count != 1)
5418 linklist_free(group_base);
5419 com_err(whoami, 0, "Unable to find user %s in AD",
5421 return(LDAP_NO_SUCH_OBJECT);
5424 strcpy(distinguished_name, group_base->dn);
5425 ulongValue = atoi((*group_base).value);
5427 if (operation == MEMBER_DEACTIVATE)
5428 ulongValue |= UF_ACCOUNTDISABLE;
5430 ulongValue &= ~UF_ACCOUNTDISABLE;
5432 sprintf(temp, "%ld", ulongValue);
5434 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5435 temp, &modvalues, REPLACE)) == 1)
5438 linklist_free(group_base);
5442 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5444 if (strlen(MoiraId) != 0)
5446 mitMoiraId_v[0] = MoiraId;
5447 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5451 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5453 for (i = 0; i < n; i++)
5456 free_values(modvalues);
5458 if (rc != LDAP_SUCCESS)
5460 com_err(whoami, 0, "Unable to change status of user %s : %s",
5461 user_name, ldap_err2string(rc));
5468 int user_delete(LDAP *ldap_handle, char *dn_path,
5469 char *u_name, char *MoiraId)
5472 char *attr_array[3];
5473 char distinguished_name[1024];
5474 char user_name[512];
5475 LK_ENTRY *group_base;
5480 if (!check_string(u_name))
5481 return(AD_INVALID_NAME);
5483 strcpy(user_name, u_name);
5487 if (strlen(MoiraId) != 0)
5489 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5490 attr_array[0] = "name";
5491 attr_array[1] = NULL;
5492 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5493 &group_base, &group_count,
5494 LDAP_SCOPE_SUBTREE)) != 0)
5496 com_err(whoami, 0, "Unable to process user %s : %s",
5497 user_name, ldap_err2string(rc));
5502 if (group_count != 1)
5504 linklist_free(group_base);
5507 sprintf(filter, "(sAMAccountName=%s)", user_name);
5508 attr_array[0] = "name";
5509 attr_array[1] = NULL;
5510 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5511 &group_base, &group_count,
5512 LDAP_SCOPE_SUBTREE)) != 0)
5514 com_err(whoami, 0, "Unable to process user %s : %s",
5515 user_name, ldap_err2string(rc));
5520 if (group_count != 1)
5522 com_err(whoami, 0, "Unable to find user %s in AD",
5527 strcpy(distinguished_name, group_base->dn);
5529 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5531 com_err(whoami, 0, "Unable to process user %s : %s",
5532 user_name, ldap_err2string(rc));
5535 /* Need to add code to delete mit.edu contact */
5539 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5541 if(rc = ldap_delete_s(ldap_handle, temp))
5543 com_err(whoami, 0, "Unable to delete user contact for %s",
5549 linklist_free(group_base);
5554 void linklist_free(LK_ENTRY *linklist_base)
5556 LK_ENTRY *linklist_previous;
5558 while (linklist_base != NULL)
5560 if (linklist_base->dn != NULL)
5561 free(linklist_base->dn);
5563 if (linklist_base->attribute != NULL)
5564 free(linklist_base->attribute);
5566 if (linklist_base->value != NULL)
5567 free(linklist_base->value);
5569 if (linklist_base->member != NULL)
5570 free(linklist_base->member);
5572 if (linklist_base->type != NULL)
5573 free(linklist_base->type);
5575 if (linklist_base->list != NULL)
5576 free(linklist_base->list);
5578 linklist_previous = linklist_base;
5579 linklist_base = linklist_previous->next;
5580 free(linklist_previous);
5584 void free_values(char **modvalues)
5590 if (modvalues != NULL)
5592 while (modvalues[i] != NULL)
5595 modvalues[i] = NULL;
5602 static int illegalchars[] = {
5603 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5604 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5605 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5606 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5607 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5608 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5609 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5610 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5611 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5612 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5613 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5614 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5615 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5616 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5617 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5618 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5621 static int illegalchars_ldap[] = {
5622 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5623 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5624 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5625 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5626 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5627 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5628 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5629 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5630 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5631 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5635 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5637 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5640 int check_string(char *s)
5648 if (isupper(character))
5649 character = tolower(character);
5653 if (illegalchars[(unsigned) character])
5658 if (illegalchars_ldap[(unsigned) character])
5666 int check_container_name(char *s)
5674 if (isupper(character))
5675 character = tolower(character);
5677 if (character == ' ')
5680 if (illegalchars[(unsigned) character])
5687 int mr_connect_cl(char *server, char *client, int version, int auth)
5693 status = mr_connect(server);
5697 com_err(whoami, status, "while connecting to Moira");
5701 status = mr_motd(&motd);
5706 com_err(whoami, status, "while checking server status");
5712 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5713 com_err(whoami, status, temp);
5718 status = mr_version(version);
5722 if (status == MR_UNKNOWN_PROC)
5725 status = MR_VERSION_HIGH;
5727 status = MR_SUCCESS;
5730 if (status == MR_VERSION_HIGH)
5732 com_err(whoami, 0, "Warning: This client is running newer code "
5733 "than the server.");
5734 com_err(whoami, 0, "Some operations may not work.");
5736 else if (status && status != MR_VERSION_LOW)
5738 com_err(whoami, status, "while setting query version number.");
5746 status = mr_krb5_auth(client);
5749 com_err(whoami, status, "while authenticating to Moira.");
5758 void AfsToWinAfs(char* path, char* winPath)
5762 strcpy(winPath, WINAFS);
5763 pathPtr = path + strlen(AFS);
5764 winPathPtr = winPath + strlen(WINAFS);
5768 if (*pathPtr == '/')
5771 *winPathPtr = *pathPtr;
5778 int GetAceInfo(int ac, char **av, void *ptr)
5785 strcpy(call_args[0], av[L_ACE_TYPE]);
5786 strcpy(call_args[1], av[L_ACE_NAME]);
5788 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5789 return(LDAP_SUCCESS);
5792 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5795 char *attr_array[3];
5798 LK_ENTRY *group_base;
5803 sprintf(filter, "(sAMAccountName=%s)", Name);
5804 attr_array[0] = "sAMAccountName";
5805 attr_array[1] = NULL;
5807 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5808 &group_base, &group_count,
5809 LDAP_SCOPE_SUBTREE)) != 0)
5811 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5812 Name, ldap_err2string(rc));
5816 linklist_free(group_base);
5819 if (group_count == 0)
5827 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5828 int UpdateGroup, int *ProcessGroup, char *maillist)
5831 char GroupName[256];
5837 char AceMembership[2];
5840 char *save_argv[U_END];
5844 com_err(whoami, 0, "ProcessAce disabled, skipping");
5848 strcpy(GroupName, Name);
5850 if (strcasecmp(Type, "LIST"))
5856 AceInfo[0] = AceType;
5857 AceInfo[1] = AceName;
5858 AceInfo[2] = AceMembership;
5860 memset(AceType, '\0', sizeof(AceType));
5861 memset(AceName, '\0', sizeof(AceName));
5862 memset(AceMembership, '\0', sizeof(AceMembership));
5863 memset(AceOu, '\0', sizeof(AceOu));
5866 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5868 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5869 GroupName, error_message(rc));
5875 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5879 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5882 strcpy(temp, AceName);
5884 if (!strcasecmp(AceType, "LIST"))
5885 sprintf(temp, "%s%s", AceName, group_suffix);
5889 if (checkADname(ldap_handle, dn_path, temp))
5892 (*ProcessGroup) = 1;
5895 if (!strcasecmp(AceInfo[0], "LIST"))
5897 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5898 AceMembership, 0, UpdateGroup, maillist))
5901 else if (!strcasecmp(AceInfo[0], "USER"))
5904 call_args[0] = (char *)ldap_handle;
5905 call_args[1] = dn_path;
5907 call_args[3] = NULL;
5910 if (rc = mr_query("get_user_account_by_login", 1, av,
5911 save_query_info, save_argv))
5913 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5918 if (rc = user_create(U_END, save_argv, call_args))
5920 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5927 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5937 if (!strcasecmp(AceType, "LIST"))
5939 if (!strcasecmp(GroupName, AceName))
5943 strcpy(GroupName, AceName);
5949 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5950 char *group_name, char *group_ou, char *group_membership,
5951 int group_security_flag, int updateGroup, char *maillist)
5956 LK_ENTRY *group_base;
5959 char *attr_array[3];
5962 call_args[0] = (char *)ldap_handle;
5963 call_args[1] = dn_path;
5964 call_args[2] = group_name;
5965 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
5966 call_args[4] = (char *)updateGroup;
5967 call_args[5] = MoiraId;
5969 call_args[7] = NULL;
5975 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
5978 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
5986 com_err(whoami, 0, "Unable to create list %s", group_name);
5987 return(callback_rc);
5993 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
5994 char *group_ou, char *group_membership,
5995 int group_security_flag, char *MoiraId)
6010 char *save_argv[U_END];
6012 com_err(whoami, 0, "Populating group %s", group_name);
6014 call_args[0] = (char *)ldap_handle;
6015 call_args[1] = dn_path;
6016 call_args[2] = group_name;
6017 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6018 call_args[4] = NULL;
6021 if (rc = mr_query("get_end_members_of_list", 1, av,
6022 member_list_build, call_args))
6024 com_err(whoami, 0, "Unable to populate list %s : %s",
6025 group_name, error_message(rc));
6029 members = (char **)malloc(sizeof(char *) * 2);
6031 if (member_base != NULL)
6037 if (!strcasecmp(ptr->type, "LIST"))
6043 if(!strcasecmp(ptr->type, "USER"))
6045 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6046 "")) == AD_NO_USER_FOUND)
6048 com_err(whoami, 0, "creating user %s", ptr->member);
6050 av[0] = ptr->member;
6051 call_args[0] = (char *)ldap_handle;
6052 call_args[1] = dn_path;
6054 call_args[3] = NULL;
6057 if (rc = mr_query("get_user_account_by_login", 1, av,
6058 save_query_info, save_argv))
6060 com_err(whoami, 0, "Unable to create user %s "
6061 "while populating group %s.", ptr->member,
6067 if (rc = user_create(U_END, save_argv, call_args))
6069 com_err(whoami, 0, "Unable to create user %s "
6070 "while populating group %s.", ptr->member,
6078 com_err(whoami, 0, "Unable to create user %s "
6079 "while populating group %s", ptr->member,
6090 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6095 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6100 else if (!strcasecmp(ptr->type, "STRING"))
6102 if (contact_create(ldap_handle, dn_path, ptr->member,
6106 pUserOu = contact_ou;
6107 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6110 else if (!strcasecmp(ptr->type, "KERBEROS"))
6112 if (contact_create(ldap_handle, dn_path, ptr->member,
6116 pUserOu = kerberos_ou;
6117 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6122 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6123 members[i++] = strdup(member);
6128 linklist_free(member_base);
6135 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6138 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6140 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6141 mods)) != LDAP_SUCCESS)
6144 "Unable to populate group membership for %s: %s",
6145 group_dn, ldap_err2string(rc));
6148 for (i = 0; i < n; i++)
6156 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6157 char *group_name, char *group_ou, char *group_membership,
6158 int group_security_flag, int type, char *maillist)
6160 char before_desc[512];
6161 char before_name[256];
6162 char before_group_ou[256];
6163 char before_group_membership[2];
6164 char distinguishedName[256];
6165 char ad_distinguishedName[256];
6167 char *attr_array[3];
6168 int before_security_flag;
6171 LK_ENTRY *group_base;
6174 char ou_security[512];
6175 char ou_distribution[512];
6176 char ou_neither[512];
6179 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6180 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6182 memset(filter, '\0', sizeof(filter));
6186 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6188 "samAccountName", &group_base,
6189 &group_count, filter))
6192 if (type == CHECK_GROUPS)
6194 if (group_count == 1)
6196 strcpy(group_dn, group_base->dn);
6198 if (!strcasecmp(group_dn, distinguishedName))
6200 linklist_free(group_base);
6205 linklist_free(group_base);
6207 if (group_count == 0)
6208 return(AD_NO_GROUPS_FOUND);
6210 if (group_count == 1)
6211 return(AD_WRONG_GROUP_DN_FOUND);
6213 return(AD_MULTIPLE_GROUPS_FOUND);
6216 if (group_count == 0)
6218 return(AD_NO_GROUPS_FOUND);
6221 if (group_count > 1)
6225 strcpy(group_dn, ptr->dn);
6229 if (!strcasecmp(group_dn, ptr->value))
6237 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6243 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6247 linklist_free(group_base);
6248 return(AD_MULTIPLE_GROUPS_FOUND);
6255 strcpy(group_dn, ptr->dn);
6257 if (strcasecmp(group_dn, ptr->value))
6258 rc = ldap_delete_s(ldap_handle, ptr->value);
6263 linklist_free(group_base);
6264 memset(filter, '\0', sizeof(filter));
6268 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6270 "samAccountName", &group_base,
6271 &group_count, filter))
6274 if (group_count == 0)
6275 return(AD_NO_GROUPS_FOUND);
6277 if (group_count > 1)
6278 return(AD_MULTIPLE_GROUPS_FOUND);
6281 strcpy(ad_distinguishedName, group_base->dn);
6282 linklist_free(group_base);
6286 attr_array[0] = "sAMAccountName";
6287 attr_array[1] = NULL;
6289 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6290 &group_base, &group_count,
6291 LDAP_SCOPE_SUBTREE)) != 0)
6293 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6294 MoiraId, ldap_err2string(rc));
6298 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6300 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6302 linklist_free(group_base);
6308 linklist_free(group_base);
6311 memset(ou_both, '\0', sizeof(ou_both));
6312 memset(ou_security, '\0', sizeof(ou_security));
6313 memset(ou_distribution, '\0', sizeof(ou_distribution));
6314 memset(ou_neither, '\0', sizeof(ou_neither));
6315 memset(before_name, '\0', sizeof(before_name));
6316 memset(before_desc, '\0', sizeof(before_desc));
6317 memset(before_group_membership, '\0', sizeof(before_group_membership));
6319 attr_array[0] = "name";
6320 attr_array[1] = NULL;
6322 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6323 &group_base, &group_count,
6324 LDAP_SCOPE_SUBTREE)) != 0)
6326 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6327 MoiraId, ldap_err2string(rc));
6331 strcpy(before_name, group_base->value);
6332 linklist_free(group_base);
6336 attr_array[0] = "description";
6337 attr_array[1] = NULL;
6339 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6340 &group_base, &group_count,
6341 LDAP_SCOPE_SUBTREE)) != 0)
6344 "Unable to get list description with MoiraId = %s: %s",
6345 MoiraId, ldap_err2string(rc));
6349 if (group_count != 0)
6351 strcpy(before_desc, group_base->value);
6352 linklist_free(group_base);
6357 change_to_lower_case(ad_distinguishedName);
6358 strcpy(ou_both, group_ou_both);
6359 change_to_lower_case(ou_both);
6360 strcpy(ou_security, group_ou_security);
6361 change_to_lower_case(ou_security);
6362 strcpy(ou_distribution, group_ou_distribution);
6363 change_to_lower_case(ou_distribution);
6364 strcpy(ou_neither, group_ou_neither);
6365 change_to_lower_case(ou_neither);
6367 if (strstr(ad_distinguishedName, ou_both))
6369 strcpy(before_group_ou, group_ou_both);
6370 before_group_membership[0] = 'B';
6371 before_security_flag = 1;
6373 else if (strstr(ad_distinguishedName, ou_security))
6375 strcpy(before_group_ou, group_ou_security);
6376 before_group_membership[0] = 'S';
6377 before_security_flag = 1;
6379 else if (strstr(ad_distinguishedName, ou_distribution))
6381 strcpy(before_group_ou, group_ou_distribution);
6382 before_group_membership[0] = 'D';
6383 before_security_flag = 0;
6385 else if (strstr(ad_distinguishedName, ou_neither))
6387 strcpy(before_group_ou, group_ou_neither);
6388 before_group_membership[0] = 'N';
6389 before_security_flag = 0;
6392 return(AD_NO_OU_FOUND);
6394 rc = group_rename(ldap_handle, dn_path, before_name,
6395 before_group_membership,
6396 before_group_ou, before_security_flag, before_desc,
6397 group_name, group_membership, group_ou,
6398 group_security_flag,
6399 before_desc, MoiraId, filter, maillist);
6404 void change_to_lower_case(char *ptr)
6408 for (i = 0; i < (int)strlen(ptr); i++)
6410 ptr[i] = tolower(ptr[i]);
6414 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6415 char *group_name, char *group_membership,
6416 char *MoiraId, char *attribute,
6417 LK_ENTRY **linklist_base, int *linklist_count,
6422 char *attr_array[3];
6426 (*linklist_base) = NULL;
6427 (*linklist_count) = 0;
6429 if (strlen(rFilter) != 0)
6431 strcpy(filter, rFilter);
6432 attr_array[0] = attribute;
6433 attr_array[1] = NULL;
6435 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6436 linklist_base, linklist_count,
6437 LDAP_SCOPE_SUBTREE)) != 0)
6439 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6440 MoiraId, ldap_err2string(rc));
6444 if ((*linklist_count) == 1)
6446 strcpy(rFilter, filter);
6451 linklist_free((*linklist_base));
6452 (*linklist_base) = NULL;
6453 (*linklist_count) = 0;
6455 if (strlen(MoiraId) != 0)
6457 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6459 attr_array[0] = attribute;
6460 attr_array[1] = NULL;
6462 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6463 linklist_base, linklist_count,
6464 LDAP_SCOPE_SUBTREE)) != 0)
6466 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6467 MoiraId, ldap_err2string(rc));
6472 if ((*linklist_count) > 1)
6474 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6475 pPtr = (*linklist_base);
6479 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6484 linklist_free((*linklist_base));
6485 (*linklist_base) = NULL;
6486 (*linklist_count) = 0;
6489 if ((*linklist_count) == 1)
6492 pPtr = (*linklist_base);
6493 dn = strdup(pPtr->dn);
6496 if (!memcmp(dn, group_name, strlen(group_name)))
6498 strcpy(rFilter, filter);
6503 linklist_free((*linklist_base));
6504 (*linklist_base) = NULL;
6505 (*linklist_count) = 0;
6506 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6508 attr_array[0] = attribute;
6509 attr_array[1] = NULL;
6511 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6512 linklist_base, linklist_count,
6513 LDAP_SCOPE_SUBTREE)) != 0)
6515 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6516 MoiraId, ldap_err2string(rc));
6520 if ((*linklist_count) == 1)
6522 strcpy(rFilter, filter);
6529 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6532 char *attr_array[3];
6533 char SamAccountName[64];
6536 LK_ENTRY *group_base;
6542 if (strlen(MoiraId) != 0)
6544 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6546 attr_array[0] = "sAMAccountName";
6547 attr_array[1] = NULL;
6548 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6549 &group_base, &group_count,
6550 LDAP_SCOPE_SUBTREE)) != 0)
6552 com_err(whoami, 0, "Unable to process user %s : %s",
6553 UserName, ldap_err2string(rc));
6557 if (group_count > 1)
6559 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6565 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6566 gPtr->value, MoiraId);
6572 if (group_count != 1)
6574 linklist_free(group_base);
6577 sprintf(filter, "(sAMAccountName=%s)", UserName);
6578 attr_array[0] = "sAMAccountName";
6579 attr_array[1] = NULL;
6581 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6582 &group_base, &group_count,
6583 LDAP_SCOPE_SUBTREE)) != 0)
6585 com_err(whoami, 0, "Unable to process user %s : %s",
6586 UserName, ldap_err2string(rc));
6591 if (group_count != 1)
6593 linklist_free(group_base);
6594 return(AD_NO_USER_FOUND);
6597 strcpy(SamAccountName, group_base->value);
6598 linklist_free(group_base);
6602 if (strcmp(SamAccountName, UserName))
6604 rc = user_rename(ldap_handle, dn_path, SamAccountName,
6611 void container_get_dn(char *src, char *dest)
6618 memset(array, '\0', 20 * sizeof(array[0]));
6620 if (strlen(src) == 0)
6642 strcpy(dest, "OU=");
6646 strcat(dest, array[n-1]);
6650 strcat(dest, ",OU=");
6657 void container_get_name(char *src, char *dest)
6662 if (strlen(src) == 0)
6682 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6689 strcpy(cName, name);
6691 for (i = 0; i < (int)strlen(cName); i++)
6693 if (cName[i] == '/')
6696 av[CONTAINER_NAME] = cName;
6697 av[CONTAINER_DESC] = "";
6698 av[CONTAINER_LOCATION] = "";
6699 av[CONTAINER_CONTACT] = "";
6700 av[CONTAINER_TYPE] = "";
6701 av[CONTAINER_ID] = "";
6702 av[CONTAINER_ROWID] = "";
6703 rc = container_create(ldap_handle, dn_path, 7, av);
6705 if (rc == LDAP_SUCCESS)
6707 com_err(whoami, 0, "container %s created without a mitMoiraId",
6716 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6717 char **before, int afterc, char **after)
6722 char new_dn_path[256];
6724 char distinguishedName[256];
6729 memset(cName, '\0', sizeof(cName));
6730 container_get_name(after[CONTAINER_NAME], cName);
6732 if (!check_container_name(cName))
6734 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6736 return(AD_INVALID_NAME);
6739 memset(distinguishedName, '\0', sizeof(distinguishedName));
6741 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6742 distinguishedName, beforec, before))
6745 if (strlen(distinguishedName) == 0)
6747 rc = container_create(ldap_handle, dn_path, afterc, after);
6751 strcpy(temp, after[CONTAINER_NAME]);
6754 for (i = 0; i < (int)strlen(temp); i++)
6764 container_get_dn(temp, dName);
6766 if (strlen(temp) != 0)
6767 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6769 sprintf(new_dn_path, "%s", dn_path);
6771 sprintf(new_cn, "OU=%s", cName);
6773 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6775 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6776 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6778 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6779 before[CONTAINER_NAME], after[CONTAINER_NAME],
6780 ldap_err2string(rc));
6784 memset(dName, '\0', sizeof(dName));
6785 container_get_dn(after[CONTAINER_NAME], dName);
6786 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6791 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6793 char distinguishedName[256];
6796 memset(distinguishedName, '\0', sizeof(distinguishedName));
6798 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6799 distinguishedName, count, av))
6802 if (strlen(distinguishedName) == 0)
6805 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6807 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6808 container_move_objects(ldap_handle, dn_path, distinguishedName);
6810 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6811 av[CONTAINER_NAME], ldap_err2string(rc));
6817 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6819 char *attr_array[3];
6820 LK_ENTRY *group_base;
6823 char *objectClass_v[] = {"top",
6824 "organizationalUnit",
6827 char *ou_v[] = {NULL, NULL};
6828 char *name_v[] = {NULL, NULL};
6829 char *moiraId_v[] = {NULL, NULL};
6830 char *desc_v[] = {NULL, NULL};
6831 char *managedBy_v[] = {NULL, NULL};
6834 char managedByDN[256];
6841 memset(filter, '\0', sizeof(filter));
6842 memset(dName, '\0', sizeof(dName));
6843 memset(cName, '\0', sizeof(cName));
6844 memset(managedByDN, '\0', sizeof(managedByDN));
6845 container_get_dn(av[CONTAINER_NAME], dName);
6846 container_get_name(av[CONTAINER_NAME], cName);
6848 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6850 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6852 return(AD_INVALID_NAME);
6855 if (!check_container_name(cName))
6857 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6859 return(AD_INVALID_NAME);
6863 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6865 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6867 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6869 if (strlen(av[CONTAINER_ROWID]) != 0)
6871 moiraId_v[0] = av[CONTAINER_ROWID];
6872 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6875 if (strlen(av[CONTAINER_DESC]) != 0)
6877 desc_v[0] = av[CONTAINER_DESC];
6878 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6881 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6883 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6885 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6888 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6889 kerberos_ou, dn_path);
6890 managedBy_v[0] = managedByDN;
6891 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6896 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6898 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6899 "(objectClass=user)))", av[CONTAINER_ID]);
6902 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6904 sprintf(filter, "(&(objectClass=group)(cn=%s))",
6908 if (strlen(filter) != 0)
6910 attr_array[0] = "distinguishedName";
6911 attr_array[1] = NULL;
6914 if ((rc = linklist_build(ldap_handle, dn_path, filter,
6916 &group_base, &group_count,
6917 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6919 if (group_count == 1)
6921 strcpy(managedByDN, group_base->value);
6922 managedBy_v[0] = managedByDN;
6923 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6925 linklist_free(group_base);
6935 sprintf(temp, "%s,%s", dName, dn_path);
6936 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
6938 for (i = 0; i < n; i++)
6941 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
6943 com_err(whoami, 0, "Unable to create container %s : %s",
6944 cName, ldap_err2string(rc));
6948 if (rc == LDAP_ALREADY_EXISTS)
6950 if (strlen(av[CONTAINER_ROWID]) != 0)
6951 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
6957 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
6958 char **before, int afterc, char **after)
6960 char distinguishedName[256];
6963 memset(distinguishedName, '\0', sizeof(distinguishedName));
6965 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6966 distinguishedName, afterc, after))
6969 if (strlen(distinguishedName) == 0)
6971 rc = container_create(ldap_handle, dn_path, afterc, after);
6975 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6976 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
6982 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
6983 char *distinguishedName, int count,
6986 char *attr_array[3];
6987 LK_ENTRY *group_base;
6994 memset(filter, '\0', sizeof(filter));
6995 memset(dName, '\0', sizeof(dName));
6996 memset(cName, '\0', sizeof(cName));
6997 container_get_dn(av[CONTAINER_NAME], dName);
6998 container_get_name(av[CONTAINER_NAME], cName);
7000 if (strlen(dName) == 0)
7002 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7003 av[CONTAINER_NAME]);
7004 return(AD_INVALID_NAME);
7007 if (!check_container_name(cName))
7009 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7011 return(AD_INVALID_NAME);
7014 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7015 av[CONTAINER_ROWID]);
7016 attr_array[0] = "distinguishedName";
7017 attr_array[1] = NULL;
7021 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7022 &group_base, &group_count,
7023 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7025 if (group_count == 1)
7027 strcpy(distinguishedName, group_base->value);
7030 linklist_free(group_base);
7035 if (strlen(distinguishedName) == 0)
7037 sprintf(filter, "(&(objectClass=organizationalUnit)"
7038 "(distinguishedName=%s,%s))", dName, dn_path);
7039 attr_array[0] = "distinguishedName";
7040 attr_array[1] = NULL;
7044 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7045 &group_base, &group_count,
7046 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7048 if (group_count == 1)
7050 strcpy(distinguishedName, group_base->value);
7053 linklist_free(group_base);
7062 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7063 char *distinguishedName, int count, char **av)
7065 char *attr_array[5];
7066 LK_ENTRY *group_base;
7071 char *moiraId_v[] = {NULL, NULL};
7072 char *desc_v[] = {NULL, NULL};
7073 char *managedBy_v[] = {NULL, NULL};
7074 char managedByDN[256];
7083 strcpy(ad_path, distinguishedName);
7085 if (strlen(dName) != 0)
7086 sprintf(ad_path, "%s,%s", dName, dn_path);
7088 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7091 if (strlen(av[CONTAINER_ID]) != 0)
7092 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7093 av[CONTAINER_ROWID]);
7095 attr_array[0] = "mitMoiraId";
7096 attr_array[1] = "description";
7097 attr_array[2] = "managedBy";
7098 attr_array[3] = NULL;
7102 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7103 &group_base, &group_count,
7104 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7106 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7107 av[CONTAINER_NAME], ldap_err2string(rc));
7111 memset(managedByDN, '\0', sizeof(managedByDN));
7112 memset(moiraId, '\0', sizeof(moiraId));
7113 memset(desc, '\0', sizeof(desc));
7118 if (!strcasecmp(pPtr->attribute, "description"))
7119 strcpy(desc, pPtr->value);
7120 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7121 strcpy(managedByDN, pPtr->value);
7122 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7123 strcpy(moiraId, pPtr->value);
7127 linklist_free(group_base);
7132 if (strlen(av[CONTAINER_ROWID]) != 0)
7134 moiraId_v[0] = av[CONTAINER_ROWID];
7135 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7138 if (strlen(av[CONTAINER_DESC]) != 0)
7140 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7145 if (strlen(desc) != 0)
7147 attribute_update(ldap_handle, ad_path, "", "description", dName);
7151 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7153 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7155 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7158 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7159 kerberos_ou, dn_path);
7160 managedBy_v[0] = managedByDN;
7161 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7165 if (strlen(managedByDN) != 0)
7167 attribute_update(ldap_handle, ad_path, "", "managedBy",
7174 memset(filter, '\0', sizeof(filter));
7176 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7178 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7179 "(objectClass=user)))", av[CONTAINER_ID]);
7182 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7184 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7188 if (strlen(filter) != 0)
7190 attr_array[0] = "distinguishedName";
7191 attr_array[1] = NULL;
7194 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7195 attr_array, &group_base, &group_count,
7196 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7198 if (group_count == 1)
7200 strcpy(managedByDN, group_base->value);
7201 managedBy_v[0] = managedByDN;
7202 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7206 if (strlen(managedByDN) != 0)
7208 attribute_update(ldap_handle, ad_path, "",
7209 "managedBy", dName);
7213 linklist_free(group_base);
7220 if (strlen(managedByDN) != 0)
7222 attribute_update(ldap_handle, ad_path, "", "managedBy",
7232 return(LDAP_SUCCESS);
7234 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7236 for (i = 0; i < n; i++)
7239 if (rc != LDAP_SUCCESS)
7241 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7242 av[CONTAINER_NAME], ldap_err2string(rc));
7249 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7251 char *attr_array[3];
7252 LK_ENTRY *group_base;
7259 int NumberOfEntries = 10;
7263 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7265 for (i = 0; i < 3; i++)
7267 memset(filter, '\0', sizeof(filter));
7271 strcpy(filter, "(!(|(objectClass=computer)"
7272 "(objectClass=organizationalUnit)))");
7273 attr_array[0] = "cn";
7274 attr_array[1] = NULL;
7278 strcpy(filter, "(objectClass=computer)");
7279 attr_array[0] = "cn";
7280 attr_array[1] = NULL;
7284 strcpy(filter, "(objectClass=organizationalUnit)");
7285 attr_array[0] = "ou";
7286 attr_array[1] = NULL;
7291 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7292 &group_base, &group_count,
7293 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7298 if (group_count == 0)
7305 if (!strcasecmp(pPtr->attribute, "cn"))
7307 sprintf(new_cn, "cn=%s", pPtr->value);
7309 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7311 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7316 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7318 if (rc == LDAP_ALREADY_EXISTS)
7320 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7327 else if (!strcasecmp(pPtr->attribute, "ou"))
7329 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7335 linklist_free(group_base);
7344 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7345 char *machine_ou, char *NewMachineName)
7347 LK_ENTRY *group_base;
7351 char *attr_array[3];
7358 strcpy(NewMachineName, member);
7359 rc = moira_connect();
7360 rc = GetMachineName(NewMachineName);
7363 if (strlen(NewMachineName) == 0)
7365 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7371 pPtr = strchr(NewMachineName, '.');
7378 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7379 attr_array[0] = "cn";
7380 attr_array[1] = NULL;
7381 sprintf(temp, "%s", dn_path);
7383 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7384 &group_base, &group_count,
7385 LDAP_SCOPE_SUBTREE)) != 0)
7387 com_err(whoami, 0, "Unable to process machine %s : %s",
7388 member, ldap_err2string(rc));
7392 if (group_count != 1)
7395 "Unable to process machine %s : machine not found in AD",
7400 strcpy(dn, group_base->dn);
7401 strcpy(cn, group_base->value);
7403 for (i = 0; i < (int)strlen(dn); i++)
7404 dn[i] = tolower(dn[i]);
7406 for (i = 0; i < (int)strlen(cn); i++)
7407 cn[i] = tolower(cn[i]);
7409 linklist_free(group_base);
7411 pPtr = strstr(dn, cn);
7415 com_err(whoami, 0, "Unable to process machine %s",
7420 pPtr += strlen(cn) + 1;
7421 strcpy(machine_ou, pPtr);
7423 pPtr = strstr(machine_ou, "dc=");
7427 com_err(whoami, 0, "Unable to process machine %s",
7438 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7439 char *MoiraMachineName, char *DestinationOu)
7443 char MachineName[128];
7445 char *attr_array[3];
7450 LK_ENTRY *group_base;
7455 strcpy(MachineName, MoiraMachineName);
7456 rc = GetMachineName(MachineName);
7458 if (strlen(MachineName) == 0)
7460 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7465 cPtr = strchr(MachineName, '.');
7470 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7471 attr_array[0] = "sAMAccountName";
7472 attr_array[1] = NULL;
7474 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7476 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7478 com_err(whoami, 0, "Unable to process machine %s : %s",
7479 MoiraMachineName, ldap_err2string(rc));
7483 if (group_count == 1)
7484 strcpy(OldDn, group_base->dn);
7486 linklist_free(group_base);
7489 if (group_count != 1)
7491 com_err(whoami, 0, "Unable to find machine %s in AD: %s",
7496 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7497 cPtr = strchr(OldDn, ',');
7502 if (!strcasecmp(cPtr, NewOu))
7506 sprintf(NewCn, "CN=%s", MachineName);
7507 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7512 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7518 memset(Name, '\0', sizeof(Name));
7519 strcpy(Name, machine_name);
7521 pPtr = strchr(Name, '.');
7527 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7530 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7531 char *machine_name, char *container_name)
7537 av[0] = machine_name;
7538 call_args[0] = (char *)container_name;
7539 rc = mr_query("get_machine_to_container_map", 1, av,
7540 machine_GetMoiraContainer, call_args);
7544 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7549 strcpy(call_args[0], av[1]);
7553 int Moira_container_group_create(char **after)
7559 memset(GroupName, '\0', sizeof(GroupName));
7560 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7561 after[CONTAINER_ROWID]);
7565 argv[L_NAME] = GroupName;
7566 argv[L_ACTIVE] = "1";
7567 argv[L_PUBLIC] = "0";
7568 argv[L_HIDDEN] = "0";
7569 argv[L_MAILLIST] = "0";
7570 argv[L_GROUP] = "1";
7571 argv[L_GID] = UNIQUE_GID;
7572 argv[L_NFSGROUP] = "0";
7573 argv[L_MAILMAN] = "0";
7574 argv[L_MAILMAN_SERVER] = "[NONE]";
7575 argv[L_DESC] = "auto created container group";
7576 argv[L_ACE_TYPE] = "USER";
7577 argv[L_MEMACE_TYPE] = "USER";
7578 argv[L_ACE_NAME] = "sms";
7579 argv[L_MEMACE_NAME] = "sms";
7581 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7584 "Unable to create container group %s for container %s: %s",
7585 GroupName, after[CONTAINER_NAME], error_message(rc));
7588 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7589 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7594 int Moira_container_group_update(char **before, char **after)
7597 char BeforeGroupName[64];
7598 char AfterGroupName[64];
7601 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7604 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7605 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7606 if (strlen(BeforeGroupName) == 0)
7609 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7610 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7611 after[CONTAINER_ROWID]);
7615 if (strcasecmp(BeforeGroupName, AfterGroupName))
7617 argv[L_NAME] = BeforeGroupName;
7618 argv[L_NAME + 1] = AfterGroupName;
7619 argv[L_ACTIVE + 1] = "1";
7620 argv[L_PUBLIC + 1] = "0";
7621 argv[L_HIDDEN + 1] = "0";
7622 argv[L_MAILLIST + 1] = "0";
7623 argv[L_GROUP + 1] = "1";
7624 argv[L_GID + 1] = UNIQUE_GID;
7625 argv[L_NFSGROUP + 1] = "0";
7626 argv[L_MAILMAN + 1] = "0";
7627 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7628 argv[L_DESC + 1] = "auto created container group";
7629 argv[L_ACE_TYPE + 1] = "USER";
7630 argv[L_MEMACE_TYPE + 1] = "USER";
7631 argv[L_ACE_NAME + 1] = "sms";
7632 argv[L_MEMACE_NAME + 1] = "sms";
7634 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7637 "Unable to rename container group from %s to %s: %s",
7638 BeforeGroupName, AfterGroupName, error_message(rc));
7645 int Moira_container_group_delete(char **before)
7650 char ParentGroupName[64];
7652 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7653 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7655 memset(GroupName, '\0', sizeof(GroupName));
7657 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7658 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7660 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7662 argv[0] = ParentGroupName;
7664 argv[2] = GroupName;
7666 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7669 "Unable to delete container group %s from list: %s",
7670 GroupName, ParentGroupName, error_message(rc));
7674 if (strlen(GroupName) != 0)
7676 argv[0] = GroupName;
7678 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7680 com_err(whoami, 0, "Unable to delete container group %s : %s",
7681 GroupName, error_message(rc));
7688 int Moira_groupname_create(char *GroupName, char *ContainerName,
7689 char *ContainerRowID)
7694 char newGroupName[64];
7695 char tempGroupName[64];
7701 strcpy(temp, ContainerName);
7703 ptr1 = strrchr(temp, '/');
7709 ptr1 = strrchr(temp, '/');
7713 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7716 strcpy(tempgname, ptr);
7719 strcpy(tempgname, temp);
7721 if (strlen(tempgname) > 25)
7722 tempgname[25] ='\0';
7724 sprintf(newGroupName, "cnt-%s", tempgname);
7726 /* change everything to lower case */
7732 *ptr = tolower(*ptr);
7740 strcpy(tempGroupName, newGroupName);
7743 /* append 0-9 then a-z if a duplicate is found */
7746 argv[0] = newGroupName;
7748 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7750 if (rc == MR_NO_MATCH)
7752 com_err(whoami, 0, "Moira error while creating group name for "
7753 "container %s : %s", ContainerName, error_message(rc));
7757 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7761 com_err(whoami, 0, "Unable to find a unique group name for "
7762 "container %s: too many duplicate container names",
7773 strcpy(GroupName, newGroupName);
7777 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7782 argv[0] = origContainerName;
7783 argv[1] = GroupName;
7785 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7788 "Unable to set container group %s in container %s: %s",
7789 GroupName, origContainerName, error_message(rc));
7795 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7797 char ContainerName[64];
7798 char ParentGroupName[64];
7802 strcpy(ContainerName, origContainerName);
7804 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7806 /* top-level container */
7807 if (strlen(ParentGroupName) == 0)
7810 argv[0] = ParentGroupName;
7812 argv[2] = GroupName;
7814 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7817 "Unable to add container group %s to parent group %s: %s",
7818 GroupName, ParentGroupName, error_message(rc));
7824 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7829 strcpy(call_args[0], av[1]);
7834 int Moira_getGroupName(char *origContainerName, char *GroupName,
7837 char ContainerName[64];
7843 strcpy(ContainerName, origContainerName);
7847 ptr = strrchr(ContainerName, '/');
7855 argv[0] = ContainerName;
7857 call_args[0] = GroupName;
7858 call_args[1] = NULL;
7860 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7863 if (strlen(GroupName) != 0)
7868 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7869 ContainerName, error_message(rc));
7871 com_err(whoami, 0, "Unable to get container group from container %s",
7877 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7883 if (strcmp(GroupName, "[none]") == 0)
7886 argv[0] = GroupName;
7887 argv[1] = "MACHINE";
7888 argv[2] = MachineName;
7891 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7893 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7897 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7898 MachineName, GroupName, error_message(rc));
7904 int GetMachineName(char *MachineName)
7907 char NewMachineName[1024];
7914 // If the address happens to be in the top-level MIT domain, great!
7915 strcpy(NewMachineName, MachineName);
7917 for (i = 0; i < (int)strlen(NewMachineName); i++)
7918 NewMachineName[i] = toupper(NewMachineName[i]);
7920 szDot = strchr(NewMachineName,'.');
7922 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
7927 // If not, see if it has a Moira alias in the top-level MIT domain.
7928 memset(NewMachineName, '\0', sizeof(NewMachineName));
7930 args[1] = MachineName;
7931 call_args[0] = NewMachineName;
7932 call_args[1] = NULL;
7934 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
7936 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
7937 MachineName, error_message(rc));
7938 strcpy(MachineName, "");
7942 if (strlen(NewMachineName) != 0)
7943 strcpy(MachineName, NewMachineName);
7945 strcpy(MachineName, "");
7950 int ProcessMachineName(int ac, char **av, void *ptr)
7953 char MachineName[1024];
7959 if (strlen(call_args[0]) == 0)
7961 strcpy(MachineName, av[0]);
7963 for (i = 0; i < (int)strlen(MachineName); i++)
7964 MachineName[i] = toupper(MachineName[i]);
7966 szDot = strchr(MachineName,'.');
7968 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
7970 strcpy(call_args[0], MachineName);
7977 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
7983 for (i = 0; i < n; i++)
7985 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
7986 mods[i]->mod_type = "uidNumber";
7993 for (i = 0; i < n; i++)
7995 if (!strcmp(mods[i]->mod_type, "uidNumber"))
7996 mods[i]->mod_type = "msSFU30UidNumber";
8003 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8004 char *DistinguishedName,
8005 char *WinHomeDir, char *WinProfileDir,
8006 char **homedir_v, char **winProfile_v,
8007 char **drives_v, LDAPMod **mods,
8015 char winProfile[1024];
8018 char apple_homedir[1024];
8019 char *apple_homedir_v[] = {NULL, NULL};
8023 LDAPMod *DelMods[20];
8025 memset(homeDrive, '\0', sizeof(homeDrive));
8026 memset(path, '\0', sizeof(path));
8027 memset(winPath, '\0', sizeof(winPath));
8028 memset(winProfile, '\0', sizeof(winProfile));
8031 if(!ActiveDirectory)
8033 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8035 memset(cWeight, 0, sizeof(cWeight));
8036 memset(cPath, 0, sizeof(cPath));
8040 while (hp[i] != NULL)
8042 if (sscanf(hp[i], "%*s %s", cPath))
8044 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8046 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8048 if (atoi(cWeight) < last_weight)
8050 strcpy(path, cPath);
8051 last_weight = (int)atoi(cWeight);
8055 strcpy(path, cPath);
8063 if (!strnicmp(path, AFS, strlen(AFS)))
8065 sprintf(homedir, "%s", path);
8066 sprintf(apple_homedir, "%s/MacData", path);
8067 homedir_v[0] = homedir;
8068 apple_homedir_v[0] = apple_homedir;
8069 ADD_ATTR("homeDirectory", homedir_v, OpType);
8070 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8076 if(user_name[0] && user_name[1])
8078 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8079 user_name[0], user_name[1], user_name);
8080 sprintf(apple_homedir, "%s/MacData", homedir);
8081 homedir_v[0] = "NONE";
8082 apple_homedir_v[0] = "NONE";
8083 ADD_ATTR("homeDirectory", homedir_v, OpType);
8084 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8091 if(user_name[0] && user_name[1])
8093 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8094 user_name[0], user_name[1], user_name);
8095 sprintf(apple_homedir, "%s/MacData", homedir);
8096 homedir_v[0] = "NONE";
8097 apple_homedir_v[0] = "NONE";
8098 ADD_ATTR("homeDirectory", homedir_v, OpType);
8099 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8106 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8107 (!strcasecmp(WinProfileDir, "[afs]")))
8109 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8111 memset(cWeight, 0, sizeof(cWeight));
8112 memset(cPath, 0, sizeof(cPath));
8116 while (hp[i] != NULL)
8118 if (sscanf(hp[i], "%*s %s", cPath))
8120 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8122 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8124 if (atoi(cWeight) < last_weight)
8126 strcpy(path, cPath);
8127 last_weight = (int)atoi(cWeight);
8131 strcpy(path, cPath);
8139 if (!strnicmp(path, AFS, strlen(AFS)))
8141 AfsToWinAfs(path, winPath);
8142 strcpy(winProfile, winPath);
8143 strcat(winProfile, "\\.winprofile");
8151 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8152 (!strcasecmp(WinProfileDir, "[dfs]")))
8154 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8155 user_name[0], user_name);
8157 if (!strcasecmp(WinProfileDir, "[dfs]"))
8159 strcpy(winProfile, path);
8160 strcat(winProfile, "\\.winprofile");
8163 if (!strcasecmp(WinHomeDir, "[dfs]"))
8164 strcpy(winPath, path);
8177 if (!strcasecmp(WinHomeDir, "[local]"))
8178 memset(winPath, '\0', sizeof(winPath));
8179 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8180 !strcasecmp(WinHomeDir, "[dfs]"))
8182 strcpy(homeDrive, "H:");
8186 strcpy(winPath, WinHomeDir);
8187 if (!strncmp(WinHomeDir, "\\\\", 2))
8189 strcpy(homeDrive, "H:");
8193 // nothing needs to be done if WinProfileDir is [afs].
8194 if (!strcasecmp(WinProfileDir, "[local]"))
8195 memset(winProfile, '\0', sizeof(winProfile));
8196 else if (strcasecmp(WinProfileDir, "[afs]") &&
8197 strcasecmp(WinProfileDir, "[dfs]"))
8199 strcpy(winProfile, WinProfileDir);
8202 if (strlen(winProfile) != 0)
8204 if (winProfile[strlen(winProfile) - 1] == '\\')
8205 winProfile[strlen(winProfile) - 1] = '\0';
8208 if (strlen(winPath) != 0)
8210 if (winPath[strlen(winPath) - 1] == '\\')
8211 winPath[strlen(winPath) - 1] = '\0';
8214 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8215 strcat(winProfile, "\\");
8217 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8218 strcat(winPath, "\\");
8220 if (strlen(winPath) == 0)
8222 if (OpType == LDAP_MOD_REPLACE)
8225 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8227 //unset homeDirectory attribute for user.
8228 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8234 homedir_v[0] = strdup(winPath);
8235 ADD_ATTR("homeDirectory", homedir_v, OpType);
8238 if (strlen(winProfile) == 0)
8240 if (OpType == LDAP_MOD_REPLACE)
8243 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8245 //unset profilePate attribute for user.
8246 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8252 winProfile_v[0] = strdup(winProfile);
8253 ADD_ATTR("profilePath", winProfile_v, OpType);
8256 if (strlen(homeDrive) == 0)
8258 if (OpType == LDAP_MOD_REPLACE)
8261 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8263 //unset homeDrive attribute for user
8264 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8270 drives_v[0] = strdup(homeDrive);
8271 ADD_ATTR("homeDrive", drives_v, OpType);
8277 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8278 char *attribute_value, char *attribute, char *user_name)
8280 char *mod_v[] = {NULL, NULL};
8281 LDAPMod *DelMods[20];
8287 if (strlen(attribute_value) == 0)
8290 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8292 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8298 mod_v[0] = attribute_value;
8299 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8302 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8303 mods)) != LDAP_SUCCESS)
8307 mod_v[0] = attribute_value;
8308 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8311 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8312 mods)) != LDAP_SUCCESS)
8314 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8316 attribute, user_name, ldap_err2string(rc));
8326 void StringTrim(char *StringToTrim)
8331 save = strdup(StringToTrim);
8338 /* skip to end of string */
8343 strcpy(StringToTrim, save);
8347 for (t = s; *t; t++)
8363 strcpy(StringToTrim, s);
8367 int ReadConfigFile(char *DomainName)
8378 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8380 if ((fptr = fopen(temp, "r")) != NULL)
8382 while (fgets(temp, sizeof(temp), fptr) != 0)
8384 for (i = 0; i < (int)strlen(temp); i++)
8385 temp[i] = toupper(temp[i]);
8387 if (temp[strlen(temp) - 1] == '\n')
8388 temp[strlen(temp) - 1] = '\0';
8392 if (strlen(temp) == 0)
8395 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8397 if (strlen(temp) > (strlen(DOMAIN)))
8399 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8400 StringTrim(ldap_domain);
8403 else if (!strncmp(temp, REALM, strlen(REALM)))
8405 if (strlen(temp) > (strlen(REALM)))
8407 strcpy(ldap_realm, &temp[strlen(REALM)]);
8408 StringTrim(ldap_realm);
8411 else if (!strncmp(temp, PORT, strlen(PORT)))
8413 if (strlen(temp) > (strlen(PORT)))
8415 strcpy(ldap_port, &temp[strlen(PORT)]);
8416 StringTrim(ldap_port);
8419 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8421 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8423 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8424 StringTrim(PrincipalName);
8427 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8429 if (strlen(temp) > (strlen(SERVER)))
8431 ServerList[Count] = calloc(1, 256);
8432 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8433 StringTrim(ServerList[Count]);
8437 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8439 if (strlen(temp) > (strlen(MSSFU)))
8441 strcpy(temp1, &temp[strlen(MSSFU)]);
8443 if (!strcmp(temp1, SFUTYPE))
8447 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8449 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8451 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8453 if (!strcasecmp(temp1, "NO"))
8456 memset(group_suffix, '\0', sizeof(group_suffix));
8460 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8462 if (strlen(temp) > (strlen(GROUP_TYPE)))
8464 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8466 if (!strcasecmp(temp1, "UNIVERSAL"))
8467 UseGroupUniversal = 1;
8470 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8472 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8474 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8476 if (!strcasecmp(temp1, "NO"))
8480 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8482 if (strlen(temp) > (strlen(SET_PASSWORD)))
8484 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8486 if (!strcasecmp(temp1, "NO"))
8490 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8492 if (strlen(temp) > (strlen(EXCHANGE)))
8494 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8496 if (!strcasecmp(temp1, "YES"))
8500 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8501 strlen(PROCESS_MACHINE_CONTAINER)))
8503 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8505 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8507 if (!strcasecmp(temp1, "NO"))
8508 ProcessMachineContainer = 0;
8511 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8512 strlen(ACTIVE_DIRECTORY)))
8514 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8516 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8518 if (!strcasecmp(temp1, "NO"))
8519 ActiveDirectory = 0;
8524 if (strlen(ldap_domain) != 0)
8526 memset(ldap_domain, '\0', sizeof(ldap_domain));
8530 if (strlen(temp) != 0)
8531 strcpy(ldap_domain, temp);
8537 if (strlen(ldap_domain) == 0)
8539 strcpy(ldap_domain, DomainName);
8545 for (i = 0; i < Count; i++)
8547 if (ServerList[i] != 0)
8549 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8550 ServerList[i][k] = toupper(ServerList[i][k]);
8557 int ReadDomainList()
8564 unsigned char c[11];
8565 unsigned char stuff[256];
8570 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8572 if ((fptr = fopen(temp, "r")) != NULL)
8574 while (fgets(temp, sizeof(temp), fptr) != 0)
8576 for (i = 0; i < (int)strlen(temp); i++)
8577 temp[i] = toupper(temp[i]);
8579 if (temp[strlen(temp) - 1] == '\n')
8580 temp[strlen(temp) - 1] = '\0';
8584 if (strlen(temp) == 0)
8587 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8589 if (strlen(temp) > (strlen(DOMAIN)))
8591 strcpy(temp1, &temp[strlen(DOMAIN)]);
8593 strcpy(temp, temp1);
8597 strcpy(DomainNames[Count], temp);
8598 StringTrim(DomainNames[Count]);
8607 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8608 "configuration error in ldap.cfg");
8615 int email_isvalid(const char *address) {
8617 const char *c, *domain;
8618 static char *rfc822_specials = "()<>@,;:\\\"[]";
8620 if(address[strlen(address) - 1] == '.')
8623 /* first we validate the name portion (name@domain) */
8624 for (c = address; *c; c++) {
8625 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8630 if (*c == '\\' && (*++c == ' '))
8632 if (*c <= ' ' || *c >= 127)
8647 if (*c <= ' ' || *c >= 127)
8649 if (strchr(rfc822_specials, *c))
8653 if (c == address || *(c - 1) == '.')
8656 /* next we validate the domain portion (name@domain) */
8657 if (!*(domain = ++c)) return 0;
8660 if (c == domain || *(c - 1) == '.')
8664 if (*c <= ' ' || *c >= 127)
8666 if (strchr(rfc822_specials, *c))
8670 return (count >= 1);
8673 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8674 char **homeServerName)
8676 LK_ENTRY *group_base;
8677 LK_ENTRY *sub_group_base;
8681 int sub_group_count;
8683 char sub_filter[1024];
8684 char search_path[1024];
8686 char *attr_array[3];
8688 int homeMDB_count = -1;
8692 int rangeStep = 1500;
8694 int rangeHigh = rangeLow + (rangeStep - 1);
8697 /* Grumble..... microsoft not making it searchable from the root *grr* */
8699 memset(filter, '\0', sizeof(filter));
8700 memset(search_path, '\0', sizeof(search_path));
8702 sprintf(filter, "(objectClass=msExchMDB)");
8703 sprintf(search_path, "CN=Configuration,%s", dn_path);
8704 attr_array[0] = "distinguishedName";
8705 attr_array[1] = NULL;
8710 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8711 &group_base, &group_count,
8712 LDAP_SCOPE_SUBTREE)) != 0)
8714 com_err(whoami, 0, "Unable to find msExchMDB %s",
8715 ldap_err2string(rc));
8724 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8725 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8726 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8733 * Due to limits in active directory we need to use the LDAP
8734 * range semantics to query and return all the values in
8735 * large lists, we will stop increasing the range when
8736 * the result count is 0.
8744 memset(sub_filter, '\0', sizeof(sub_filter));
8745 memset(range, '\0', sizeof(range));
8746 sprintf(sub_filter, "(objectClass=msExchMDB)");
8749 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8751 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8753 attr_array[0] = range;
8754 attr_array[1] = NULL;
8756 sub_group_base = NULL;
8757 sub_group_count = 0;
8759 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8760 attr_array, &sub_group_base,
8762 LDAP_SCOPE_SUBTREE)) != 0)
8764 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8765 ldap_err2string(rc));
8769 if(!sub_group_count)
8775 rangeHigh = rangeLow + (rangeStep - 1);
8782 mdbbl_count += sub_group_count;
8783 rangeLow = rangeHigh + 1;
8784 rangeHigh = rangeLow + (rangeStep - 1);
8787 /* First time through, need to initialize or update the least used */
8789 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8792 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8794 homeMDB_count = mdbbl_count;
8795 *homeMDB = strdup(gPtr->dn);
8799 linklist_free(sub_group_base);
8803 linklist_free(group_base);
8806 * Ok found the server least allocated need to now query to get its
8807 * msExchHomeServerName so we can set it as a user attribute
8810 attr_array[0] = "legacyExchangeDN";
8811 attr_array[1] = NULL;
8816 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8817 attr_array, &group_base,
8819 LDAP_SCOPE_SUBTREE)) != 0)
8821 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8822 ldap_err2string(rc));
8828 *homeServerName = strdup(group_base->value);
8829 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8835 linklist_free(group_base);
8840 char *lowercase(char *s)
8844 for (p = s; *p; p++)
8852 char *uppercase(char *s)
8856 for (p = s; *p; p++)
8864 char *escape_string(char *s)
8872 memset(string, '\0', sizeof(string));
8876 /* Replace leading spaces */
8878 while(isspace(*q)) {
8885 /* Escape any special characters */
8887 for(; *q != '\0'; q++) {
8910 return strdup(string);
8913 int save_query_info(int argc, char **argv, void *hint)
8916 char **nargv = hint;
8918 for(i = 0; i < argc; i++)
8919 nargv[i] = strdup(argv[i]);