2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define GLOBAL_ADDRESS_LIST_PREFIX "CN=Default Global Address List,\
356 CN=All Global Address Lists,CN=Address Lists Container,\
357 CN=Massachusetts Institute of Technology,CN=Microsoft Exchange,CN=Services,\
360 #define EMAIL_ADDRESS_LIST_PREFIX "CN=Email Users,CN=All Users,\
361 CN=All Address Lists,CN=Address Lists Container,\
362 CN=Massachusetts Institute of Technology,CN=Microsoft Exchange,\
363 CN=Services,CN=Configuration,"
365 #define ALL_ADDRESS_LIST_PREFIX "CN=All Users,CN=All Address Lists,\
366 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
367 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
369 #define X500_PREFIX "X500:/o=Massachusetts Institute of Technology/\
370 ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients"
372 #define ADD_ATTR(t, v, o) \
373 mods[n] = malloc(sizeof(LDAPMod)); \
374 mods[n]->mod_op = o; \
375 mods[n]->mod_type = t; \
376 mods[n++]->mod_values = v
378 #define DEL_ATTR(t, o) \
379 DelMods[i] = malloc(sizeof(LDAPMod)); \
380 DelMods[i]->mod_op = o; \
381 DelMods[i]->mod_type = t; \
382 DelMods[i++]->mod_values = NULL
384 #define DOMAIN_SUFFIX "MIT.EDU"
385 #define DOMAIN "DOMAIN:"
386 #define PRINCIPALNAME "PRINCIPAL:"
387 #define SERVER "SERVER:"
390 #define GROUP_SUFFIX "GROUP_SUFFIX:"
391 #define GROUP_TYPE "GROUP_TYPE:"
392 #define SET_GROUP_ACE "SET_GROUP_ACE:"
393 #define SET_PASSWORD "SET_PASSWORD:"
394 #define EXCHANGE "EXCHANGE:"
395 #define REALM "REALM:"
396 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
398 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
399 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
400 #define MAX_MEMBERS "MAX_MEMBERS:"
401 #define MAX_DOMAINS 10
402 char DomainNames[MAX_DOMAINS][128];
404 LK_ENTRY *member_base = NULL;
406 char PrincipalName[128];
407 static char tbl_buf[1024];
408 char kerberos_ou[] = "OU=kerberos,OU=moira";
409 char contact_ou[] = "OU=strings,OU=moira";
410 char user_ou[] = "OU=users,OU=moira";
411 char group_ou_distribution[1024];
412 char group_ou_root[1024];
413 char group_ou_security[1024];
414 char group_ou_neither[1024];
415 char group_ou_both[1024];
416 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
417 char orphans_other_ou[] = "OU=Other,OU=Orphans";
418 char security_template_ou[] = "OU=security_templates";
420 char ldap_domain[256];
421 char ldap_realm[256];
423 char *ServerList[MAX_SERVER_NAMES];
424 char default_server[256];
425 static char tbl_buf[1024];
426 char group_suffix[256];
427 char exchange_acl[256];
428 int mr_connections = 0;
431 int UseGroupSuffix = 1;
432 int UseGroupUniversal = 0;
436 int ProcessMachineContainer = 1;
437 int ActiveDirectory = 1;
438 int UpdateDomainList;
440 int GroupPopulateDelete = 0;
441 int group_members = 0;
442 int max_group_members = 0;
444 extern int set_password(char *user, char *password, char *domain);
446 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
447 char *group_membership, char *MoiraId, char *attribute,
448 LK_ENTRY **linklist_base, int *linklist_count,
450 void AfsToWinAfs(char* path, char* winPath);
451 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
452 char *Win2kPassword, char *Win2kUser, char *default_server,
453 int connect_to_kdc, char **ServerList, char *ldap_realm,
455 void ad_kdc_disconnect();
456 int ad_server_connect(char *connectedServer, char *domain);
457 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
458 char *attribute_value, char *attribute, char *user_name);
459 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
460 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
461 int check_winad(void);
462 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
465 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
466 char *distinguishedName, int count, char **av);
467 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
468 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
469 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
470 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
471 char *distinguishedName, int count,
473 void container_get_dn(char *src, char *dest);
474 void container_get_name(char *src, char *dest);
475 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
476 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
477 char **before, int afterc, char **after);
478 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
479 char **before, int afterc, char **after);
481 int GetAceInfo(int ac, char **av, void *ptr);
482 int get_group_membership(char *group_membership, char *group_ou,
483 int *security_flag, char **av);
484 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
485 char *machine_ou, char *pPtr);
486 int Moira_container_group_create(char **after);
487 int Moira_container_group_delete(char **before);
488 int Moira_groupname_create(char *GroupName, char *ContainerName,
489 char *ContainerRowID);
490 int Moira_container_group_update(char **before, char **after);
491 int Moira_process_machine_container_group(char *MachineName, char* groupName,
493 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
494 int Moira_getContainerGroup(int ac, char **av, void *ptr);
495 int Moira_getGroupName(char *origContainerName, char *GroupName,
497 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
498 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
499 int UpdateGroup, int *ProcessGroup, char *maillist,
501 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
502 char *group_name, char *group_ou, char *group_membership,
503 int group_security_flag, int type, char *maillist,
505 int process_lists(int ac, char **av, void *ptr);
506 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
507 char *TargetGroupName, int HiddenGroup,
508 char *AceType, char *AceName);
509 int ProcessMachineName(int ac, char **av, void *ptr);
510 int ReadConfigFile(char *DomainName);
511 int ReadDomainList();
512 void StringTrim(char *StringToTrim);
513 char *escape_string(char *s);
514 int save_query_info(int argc, char **argv, void *hint);
515 int save_fsgroup_info(int argc, char **argv, void *hint);
516 int user_create(int ac, char **av, void *ptr);
517 int user_change_status(LDAP *ldap_handle, char *dn_path,
518 char *user_name, char *MoiraId, int operation);
519 int user_delete(LDAP *ldap_handle, char *dn_path,
520 char *u_name, char *MoiraId);
521 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
523 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
524 char *uid, char *MitId, char *MoiraId, int State,
525 char *WinHomeDir, char *WinProfileDir, char *first,
526 char *middle, char *last, char *shell, char *class);
527 void change_to_lower_case(char *ptr);
528 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
529 int contact_remove_email(LDAP *ld, char *bind_path,
530 LK_ENTRY **linklist_entry, int linklist_current);
531 int group_create(int ac, char **av, void *ptr);
532 int group_delete(LDAP *ldap_handle, char *dn_path,
533 char *group_name, char *group_membership, char *MoiraId);
534 int group_rename(LDAP *ldap_handle, char *dn_path,
535 char *before_group_name, char *before_group_membership,
536 char *before_group_ou, int before_security_flag,
537 char *before_desc, char *after_group_name,
538 char *after_group_membership, char *after_group_ou,
539 int after_security_flag, char *after_desc,
540 char *MoiraId, char *filter, char *maillist, char *nfsgroup);
541 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
542 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
543 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
544 char *machine_name, char *container_name);
545 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
546 char *MoiraMachineName, char *DestinationOu);
547 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
548 char *group_name, char *group_ou, char *group_membership,
549 int group_security_flag, int updateGroup, char *maillist,
551 int member_list_build(int ac, char **av, void *ptr);
552 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
553 char *group_ou, char *group_membership,
554 char *user_name, char *pUserOu, char *MoiraId);
555 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
556 char *group_ou, char *group_membership, char *user_name,
557 char *pUserOu, char *MoiraId);
558 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
559 char *UserOu, char *member);
560 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
561 char *group_ou, char *group_membership,
562 int group_security_flag, char *MoiraId, int synchronize);
563 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
564 char *DistinguishedName,
565 char *WinHomeDir, char *WinProfileDir,
566 char **homedir_v, char **winProfile_v,
567 char **drives_v, LDAPMod **mods,
569 int sid_update(LDAP *ldap_handle, char *dn_path);
570 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
571 int check_string(char *s);
572 int check_container_name(char* s);
574 int mr_connect_cl(char *server, char *client, int version, int auth);
575 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
576 char **before, int beforec, char **after, int afterc);
577 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
578 char **before, int beforec, char **after, int afterc);
579 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
580 char **before, int beforec, char **after, int afterc);
581 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
582 char **before, int beforec, char **after, int afterc);
583 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
584 char **before, int beforec, char **after, int afterc);
585 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
586 char **before, int beforec, char **after, int afterc);
587 int linklist_create_entry(char *attribute, char *value,
588 LK_ENTRY **linklist_entry);
589 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
590 char **attr_array, LK_ENTRY **linklist_base,
591 int *linklist_count, unsigned long ScopeType);
592 void linklist_free(LK_ENTRY *linklist_base);
594 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
595 char *distinguished_name, LK_ENTRY **linklist_current);
596 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
597 LK_ENTRY **linklist_base, int *linklist_count);
598 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
599 char *Attribute, char *distinguished_name,
600 LK_ENTRY **linklist_current);
602 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
603 char *oldValue, char *newValue,
604 char ***modvalues, int type);
605 void free_values(char **modvalues);
607 int convert_domain_to_dn(char *domain, char **bind_path);
608 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
609 char *distinguished_name);
610 int moira_disconnect(void);
611 int moira_connect(void);
612 void print_to_screen(const char *fmt, ...);
613 int GetMachineName(char *MachineName);
614 int tickets_get_k5();
615 int destroy_cache(void);
618 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
619 char **homeServerName);
621 int main(int argc, char **argv)
637 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
641 com_err(whoami, 0, "Unable to process %s", "argc < 4");
645 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
647 com_err(whoami, 0, "Unable to process %s",
648 "argc < (4 + beforec + afterc)");
652 if (!strcmp(argv[1], "filesys"))
655 for (i = 1; i < argc; i++)
657 strcat(tbl_buf, argv[i]);
658 strcat(tbl_buf, " ");
661 com_err(whoami, 0, "%s", tbl_buf);
665 com_err(whoami, 0, "%s failed", "check_winad()");
669 initialize_sms_error_table();
670 initialize_krb_error_table();
672 UpdateDomainList = 0;
673 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
675 if (ReadDomainList())
677 com_err(whoami, 0, "%s failed", "ReadDomainList()");
681 for (i = 0; i < argc; i++)
684 for (k = 0; k < MAX_DOMAINS; k++)
686 if (strlen(DomainNames[k]) == 0)
688 for (i = 0; i < argc; i++)
690 if (orig_argv[i] != NULL)
692 orig_argv[i] = strdup(argv[i]);
695 memset(PrincipalName, '\0', sizeof(PrincipalName));
696 memset(ldap_domain, '\0', sizeof(ldap_domain));
697 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
698 memset(default_server, '\0', sizeof(default_server));
699 memset(dn_path, '\0', sizeof(dn_path));
700 memset(group_suffix, '\0', sizeof(group_suffix));
701 memset(exchange_acl, '\0', sizeof(exchange_acl));
705 UseGroupUniversal = 0;
709 ProcessMachineContainer = 1;
712 sprintf(group_suffix, "%s", "_group");
713 sprintf(exchange_acl, "%s", "exchange-acl");
715 beforec = atoi(orig_argv[2]);
716 afterc = atoi(orig_argv[3]);
717 table = orig_argv[1];
718 before = &orig_argv[4];
719 after = &orig_argv[4 + beforec];
727 if (ReadConfigFile(DomainNames[k]))
732 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
733 sprintf(group_ou_root, "OU=lists,OU=moira");
734 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
735 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
736 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
740 sprintf(group_ou_distribution, "OU=lists,OU=moira");
741 sprintf(group_ou_root, "OU=lists,OU=moira");
742 sprintf(group_ou_security, "OU=lists,OU=moira");
743 sprintf(group_ou_neither, "OU=lists,OU=moira");
744 sprintf(group_ou_both, "OU=lists,OU=moira");
747 OldUseSFU30 = UseSFU30;
749 for (i = 0; i < 5; i++)
751 ldap_handle = (LDAP *)NULL;
752 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
753 default_server, SetPassword, ServerList,
754 ldap_realm, ldap_port)))
756 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
761 if ((rc) || (ldap_handle == NULL))
763 critical_alert(whoami, "incremental",
764 "ldap.incr cannot connect to any server in "
765 "domain %s", DomainNames[k]);
769 for (i = 0; i < (int)strlen(table); i++)
770 table[i] = tolower(table[i]);
772 if (!strcmp(table, "users"))
773 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
775 else if (!strcmp(table, "list"))
776 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
778 else if (!strcmp(table, "imembers"))
779 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
781 else if (!strcmp(table, "containers"))
782 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
784 else if (!strcmp(table, "mcntmap"))
785 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
791 for (i = 0; i < MAX_SERVER_NAMES; i++)
793 if (ServerList[i] != NULL)
796 ServerList[i] = NULL;
800 rc = ldap_unbind_s(ldap_handle);
806 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
807 char **before, int beforec, char **after, int afterc)
809 char MoiraContainerName[128];
810 char ADContainerName[128];
811 char MachineName[1024];
812 char OriginalMachineName[1024];
815 char MoiraContainerGroup[64];
817 if (!ProcessMachineContainer)
819 com_err(whoami, 0, "Process machines and containers disabled, skipping");
824 memset(ADContainerName, '\0', sizeof(ADContainerName));
825 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
827 if ((beforec == 0) && (afterc == 0))
830 if (rc = moira_connect())
832 critical_alert(whoami, "Ldap incremental",
833 "Error contacting Moira server : %s",
838 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
840 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
841 strcpy(MachineName, before[OU_MACHINE_NAME]);
842 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
844 com_err(whoami, 0, "removing machine %s from %s",
845 OriginalMachineName, before[OU_CONTAINER_NAME]);
847 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
849 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
850 strcpy(MachineName, after[OU_MACHINE_NAME]);
851 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
852 com_err(whoami, 0, "adding machine %s to container %s",
853 OriginalMachineName, after[OU_CONTAINER_NAME]);
861 rc = GetMachineName(MachineName);
863 if (strlen(MachineName) == 0)
866 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
867 OriginalMachineName);
871 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
874 if (machine_check(ldap_handle, dn_path, MachineName))
876 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
877 OriginalMachineName, MachineName);
882 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
883 machine_get_moira_container(ldap_handle, dn_path, MachineName,
886 if (strlen(MoiraContainerName) == 0)
888 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
889 "in Moira - moving to orphans OU.",
890 OriginalMachineName, MachineName);
891 machine_move_to_ou(ldap_handle, dn_path, MachineName,
892 orphans_machines_ou);
897 container_get_dn(MoiraContainerName, ADContainerName);
899 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
900 strcat(MoiraContainerName, "/");
902 container_check(ldap_handle, dn_path, MoiraContainerName);
903 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
908 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
909 char **before, int beforec, char **after, int afterc)
913 if (!ProcessMachineContainer)
915 com_err(whoami, 0, "Process machines and containers disabled, skipping");
919 if ((beforec == 0) && (afterc == 0))
922 if (rc = moira_connect())
924 critical_alert(whoami, "Ldap incremental", "Error contacting Moira server : %s",
929 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
931 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
932 container_delete(ldap_handle, dn_path, beforec, before);
933 Moira_container_group_delete(before);
938 if ((beforec == 0) && (afterc != 0)) /*create a container*/
940 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
941 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
942 container_create(ldap_handle, dn_path, afterc, after);
943 Moira_container_group_create(after);
948 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
950 com_err(whoami, 0, "renaming container %s to %s",
951 before[CONTAINER_NAME], after[CONTAINER_NAME]);
952 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
953 Moira_container_group_update(before, after);
958 com_err(whoami, 0, "updating container %s information",
959 after[CONTAINER_NAME]);
960 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
961 Moira_container_group_update(before, after);
966 #define L_LIST_DESC 9
968 #define L_LIST_NFSGROUP 11
970 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
971 char **before, int beforec, char **after, int afterc)
976 char group_membership[6];
981 char before_list_id[32];
982 char before_group_membership[1];
983 int before_security_flag;
984 char before_group_ou[256];
985 LK_ENTRY *ptr = NULL;
987 if (beforec == 0 && afterc == 0)
990 memset(list_id, '\0', sizeof(list_id));
991 memset(before_list_id, '\0', sizeof(before_list_id));
992 memset(before_group_ou, '\0', sizeof(before_group_ou));
993 memset(before_group_membership, '\0', sizeof(before_group_membership));
994 memset(group_ou, '\0', sizeof(group_ou));
995 memset(group_membership, '\0', sizeof(group_membership));
1000 if (beforec < L_LIST_ID)
1002 if (beforec > L_LIST_DESC)
1004 strcpy(before_list_id, before[L_LIST_ID]);
1006 before_security_flag = 0;
1007 get_group_membership(before_group_membership, before_group_ou,
1008 &before_security_flag, before);
1013 if (afterc < L_LIST_ID)
1015 if (afterc > L_LIST_DESC)
1017 strcpy(list_id, after[L_LIST_ID]);
1020 get_group_membership(group_membership, group_ou, &security_flag, after);
1023 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1032 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1033 before[L_NAME], before_group_ou,
1034 before_group_membership,
1035 before_security_flag, CHECK_GROUPS,
1036 before[L_MAILLIST], before[L_LIST_NFSGROUP])))
1038 if (rc == AD_NO_GROUPS_FOUND)
1042 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1043 (rc == AD_MULTIPLE_GROUPS_FOUND))
1045 rc = process_group(ldap_handle, dn_path, before_list_id,
1046 before[L_NAME], before_group_ou,
1047 before_group_membership,
1048 before_security_flag, CLEANUP_GROUPS,
1050 before[L_LIST_NFSGROUP]);
1052 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1054 com_err(whoami, 0, "Unable to process list %s",
1058 if (rc == AD_NO_GROUPS_FOUND)
1064 if ((beforec != 0) && (afterc != 0))
1066 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1067 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1068 (strcmp(before_group_ou, group_ou)))) &&
1071 com_err(whoami, 0, "Changing list name from %s to %s",
1072 before[L_NAME], after[L_NAME]);
1074 if ((strlen(before_group_ou) == 0) ||
1075 (strlen(before_group_membership) == 0) ||
1076 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1078 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1082 memset(filter, '\0', sizeof(filter));
1084 if ((rc = group_rename(ldap_handle, dn_path,
1085 before[L_NAME], before_group_membership,
1086 before_group_ou, before_security_flag,
1087 before[L_LIST_DESC], after[L_NAME],
1088 group_membership, group_ou, security_flag,
1090 list_id, filter, after[L_MAILLIST],
1091 after[L_LIST_NFSGROUP])))
1093 if (rc != AD_NO_GROUPS_FOUND)
1096 "Unable to change list name from %s to %s",
1097 before[L_NAME], after[L_NAME]);
1110 if ((strlen(before_group_ou) == 0) ||
1111 (strlen(before_group_membership) == 0))
1114 "Unable to find the group OU for group %s", before[L_NAME]);
1118 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1119 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1120 before_group_membership, before_list_id);
1128 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1130 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1131 group_ou, group_membership,
1132 security_flag, CHECK_GROUPS,
1133 after[L_MAILLIST], after[L_LIST_NFSGROUP]))
1135 if (rc != AD_NO_GROUPS_FOUND)
1137 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1138 (rc == AD_MULTIPLE_GROUPS_FOUND))
1140 rc = process_group(ldap_handle, dn_path, list_id,
1142 group_ou, group_membership,
1143 security_flag, CLEANUP_GROUPS,
1145 after[L_LIST_NFSGROUP]);
1151 "Unable to create list %s", after[L_NAME]);
1158 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1160 if (rc = moira_connect())
1162 critical_alert(whoami, "Ldap incremental",
1163 "Error contacting Moira server : %s",
1170 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1171 &ProcessGroup, after[L_MAILLIST], after[L_LIST_NFSGROUP]))
1176 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1177 &ProcessGroup, after[L_MAILLIST],
1178 after[L_LIST_NFSGROUP]))
1182 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1183 group_ou, group_membership, security_flag,
1184 updateGroup, after[L_MAILLIST],
1185 after[L_LIST_NFSGROUP]))
1191 if (atoi(after[L_ACTIVE]))
1193 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1194 group_membership, security_flag, list_id, 1);
1202 #define LM_EXTRA_ACTIVE (LM_END)
1203 #define LM_EXTRA_PUBLIC (LM_END+1)
1204 #define LM_EXTRA_HIDDEN (LM_END+2)
1205 #define LM_EXTRA_MAILLIST (LM_END+3)
1206 #define LM_EXTRA_GROUP (LM_END+4)
1207 #define LM_EXTRA_GID (LM_END+5)
1208 #define LM_EXTRA_NFSGROUP (LM_END+6)
1209 #define LMN_LIST_ID (LM_END+7)
1210 #define LM_LIST_ID (LM_END+8)
1211 #define LM_USER_ID (LM_END+9)
1212 #define LM_EXTRA_END (LM_END+10)
1214 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1215 char **before, int beforec, char **after, int afterc)
1217 LK_ENTRY *group_base;
1220 char *attr_array[3];
1221 char group_name[128];
1222 char user_name[128];
1223 char user_type[128];
1224 char moira_list_id[32];
1225 char moira_user_id[32];
1226 char group_membership[1];
1228 char machine_ou[256];
1236 char NewMachineName[1024];
1240 char *save_argv[U_END];
1244 memset(moira_list_id, '\0', sizeof(moira_list_id));
1245 memset(moira_user_id, '\0', sizeof(moira_user_id));
1249 if (afterc < LM_EXTRA_GID)
1252 if (!atoi(after[LM_EXTRA_ACTIVE]))
1255 "Unable to add %s to group %s : group not active",
1256 after[2], after[0]);
1262 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1265 strcpy(user_name, after[LM_MEMBER]);
1266 strcpy(group_name, after[LM_LIST]);
1267 strcpy(user_type, after[LM_TYPE]);
1269 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1271 if (afterc > LM_EXTRA_GROUP)
1273 strcpy(moira_list_id, after[LMN_LIST_ID]);
1274 strcpy(moira_user_id, after[LM_LIST_ID]);
1277 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1279 if (afterc > LMN_LIST_ID)
1281 strcpy(moira_list_id, after[LM_LIST_ID]);
1282 strcpy(moira_user_id, after[LM_USER_ID]);
1287 if (afterc > LM_EXTRA_GID)
1288 strcpy(moira_list_id, after[LMN_LIST_ID]);
1293 if (beforec < LM_EXTRA_GID)
1295 if (!atoi(before[LM_EXTRA_ACTIVE]))
1298 "Unable to remove %s from group %s : group not active",
1299 before[2], before[0]);
1305 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1308 strcpy(user_name, before[LM_MEMBER]);
1309 strcpy(group_name, before[LM_LIST]);
1310 strcpy(user_type, before[LM_TYPE]);
1312 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1314 if (beforec > LM_EXTRA_GROUP)
1316 strcpy(moira_list_id, before[LMN_LIST_ID]);
1317 strcpy(moira_user_id, before[LM_LIST_ID]);
1320 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1322 if (beforec > LMN_LIST_ID)
1324 strcpy(moira_list_id, before[LM_LIST_ID]);
1325 strcpy(moira_user_id, before[LM_USER_ID]);
1330 if (beforec > LM_EXTRA_GID)
1331 strcpy(moira_list_id, before[LMN_LIST_ID]);
1338 "Unable to process group : beforec = %d, afterc = %d",
1343 args[L_NAME] = ptr[LM_LIST];
1344 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1345 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1346 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1347 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1348 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1349 args[L_GID] = ptr[LM_EXTRA_GID];
1352 memset(group_ou, '\0', sizeof(group_ou));
1353 get_group_membership(group_membership, group_ou, &security_flag, args);
1355 if (strlen(group_ou) == 0)
1357 com_err(whoami, 0, "Unable to find the group OU for group %s",
1362 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1363 group_ou, group_membership, security_flag,
1364 CHECK_GROUPS, args[L_MAILLIST],
1365 args[L_LIST_NFSGROUP]))
1367 if (rc != AD_NO_GROUPS_FOUND)
1369 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1370 group_name, group_ou, group_membership,
1371 security_flag, CLEANUP_GROUPS,
1372 args[L_MAILLIST], args[L_LIST_NFSGROUP]))
1374 if (rc != AD_NO_GROUPS_FOUND)
1377 com_err(whoami, 0, "Unable to add %s to group %s - "
1378 "unable to process group", user_name, group_name);
1380 com_err(whoami, 0, "Unable to remove %s from group %s - "
1381 "unable to process group", user_name, group_name);
1388 if (rc == AD_NO_GROUPS_FOUND)
1390 if (rc = moira_connect())
1392 critical_alert(whoami, "Ldap incremental",
1393 "Error contacting Moira server : %s",
1398 com_err(whoami, 0, "creating group %s", group_name);
1401 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1402 &ProcessGroup, ptr[LM_EXTRA_MAILLIST],
1403 ptr[LM_EXTRA_NFSGROUP]))
1408 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1409 &ProcessGroup, ptr[LM_EXTRA_MAILLIST],
1410 ptr[LM_EXTRA_NFSGROUP]))
1414 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1415 group_ou, group_membership, security_flag, 0,
1416 ptr[LM_EXTRA_MAILLIST], ptr[LM_EXTRA_NFSGROUP]))
1422 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1424 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1425 group_membership, security_flag, moira_list_id, 1);
1435 com_err(whoami, 0, "removing user %s from list %s", user_name,
1439 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1441 if (!ProcessMachineContainer)
1443 com_err(whoami, 0, "Process machines and containers disabled, "
1448 memset(machine_ou, '\0', sizeof(machine_ou));
1449 memset(NewMachineName, '\0', sizeof(NewMachineName));
1450 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1451 machine_ou, NewMachineName))
1453 if (ptr[LM_MEMBER] != NULL)
1454 free(ptr[LM_MEMBER]);
1455 ptr[LM_MEMBER] = strdup(NewMachineName);
1456 pUserOu = machine_ou;
1459 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1461 strcpy(member, ptr[LM_MEMBER]);
1465 if((s = strchr(member, '@')) == (char *) NULL)
1468 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1472 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1476 pUserOu = contact_ou;
1478 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1480 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1484 pUserOu = kerberos_ou;
1487 if (rc = moira_connect()) {
1488 critical_alert(whoami, "Ldap incremental",
1489 "Error contacting Moira server : %s",
1494 if (rc = populate_group(ldap_handle, dn_path, group_name,
1495 group_ou, group_membership,
1496 security_flag, moira_list_id, 0))
1497 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1502 if (rc = member_remove(ldap_handle, dn_path, group_name,
1503 group_ou, group_membership,
1504 escape_string(ptr[LM_MEMBER]),
1505 pUserOu, moira_list_id))
1506 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1512 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1515 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1517 memset(machine_ou, '\0', sizeof(machine_ou));
1518 memset(NewMachineName, '\0', sizeof(NewMachineName));
1520 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1524 if (ptr[LM_MEMBER] != NULL)
1525 free(ptr[LM_MEMBER]);
1527 ptr[LM_MEMBER] = strdup(NewMachineName);
1528 pUserOu = machine_ou;
1530 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1532 strcpy(member, ptr[LM_MEMBER]);
1536 if((s = strchr(member, '@')) == (char *) NULL)
1539 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1543 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1547 pUserOu = contact_ou;
1549 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1551 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1555 pUserOu = kerberos_ou;
1557 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1559 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1560 moira_user_id)) == AD_NO_USER_FOUND)
1562 if (rc = moira_connect())
1564 critical_alert(whoami, "Ldap incremental",
1565 "Error connection to Moira : %s",
1570 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1571 av[0] = ptr[LM_MEMBER];
1572 call_args[0] = (char *)ldap_handle;
1573 call_args[1] = dn_path;
1574 call_args[2] = moira_user_id;
1575 call_args[3] = NULL;
1584 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1585 attr_array[0] = "cn";
1586 attr_array[1] = NULL;
1587 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1588 attr_array, &group_base, &group_count,
1589 LDAP_SCOPE_SUBTREE)) != 0)
1591 com_err(whoami, 0, "Unable to process user %s : %s",
1592 ptr[LM_MEMBER], ldap_err2string(rc));
1598 com_err(whoami, 0, "Object already exists with name %s",
1603 linklist_free(group_base);
1608 if (rc = mr_query("get_user_account_by_login", 1, av,
1609 save_query_info, save_argv))
1612 com_err(whoami, 0, "Unable to create user %s : %s",
1613 ptr[LM_MEMBER], error_message(rc));
1617 if (rc = user_create(U_END, save_argv, call_args))
1620 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1627 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1639 if (rc = moira_connect()) {
1640 critical_alert(whoami, "Ldap incremental",
1641 "Error contacting Moira server : %s",
1646 if (rc = populate_group(ldap_handle, dn_path, group_name,
1647 group_ou, group_membership, security_flag,
1649 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1654 if (rc = member_add(ldap_handle, dn_path, group_name,
1655 group_ou, group_membership,
1656 escape_string(ptr[LM_MEMBER]),
1657 pUserOu, moira_list_id))
1658 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1663 #define U_USER_ID 10
1664 #define U_HOMEDIR 11
1665 #define U_PROFILEDIR 12
1668 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1669 char **before, int beforec, char **after,
1672 LK_ENTRY *group_base;
1675 char *attr_array[3];
1678 char after_user_id[32];
1679 char before_user_id[32];
1681 char *save_argv[U_END];
1683 if ((beforec == 0) && (afterc == 0))
1686 memset(after_user_id, '\0', sizeof(after_user_id));
1687 memset(before_user_id, '\0', sizeof(before_user_id));
1689 if (beforec > U_USER_ID)
1690 strcpy(before_user_id, before[U_USER_ID]);
1692 if (afterc > U_USER_ID)
1693 strcpy(after_user_id, after[U_USER_ID]);
1695 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1698 if ((beforec == 0) && (afterc != 0))
1700 /*this case only happens when the account*/
1701 /*account is first created but not usable*/
1703 com_err(whoami, 0, "Unable to process user %s because the user account "
1704 "is not yet usable", after[U_NAME]);
1708 /*this case only happens when the account is expunged */
1710 if ((beforec != 0) && (afterc == 0))
1712 if (atoi(before[U_STATE]) == 0)
1714 com_err(whoami, 0, "expunging user %s from directory",
1716 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1720 com_err(whoami, 0, "Unable to process because user %s has been "
1721 "previously expungeded", before[U_NAME]);
1726 /*process anything that gets here*/
1728 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1729 before_user_id)) == AD_NO_USER_FOUND)
1731 if (!check_string(after[U_NAME]))
1734 if (rc = moira_connect())
1736 critical_alert(whoami, "Ldap incremental",
1737 "Error connection to Moira : %s",
1742 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1744 av[0] = after[U_NAME];
1745 call_args[0] = (char *)ldap_handle;
1746 call_args[1] = dn_path;
1747 call_args[2] = after_user_id;
1748 call_args[3] = NULL;
1756 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1757 attr_array[0] = "cn";
1758 attr_array[1] = NULL;
1760 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1761 &group_base, &group_count,
1762 LDAP_SCOPE_SUBTREE)) != 0)
1764 com_err(whoami, 0, "Unable to process user %s : %s",
1765 after[U_NAME], ldap_err2string(rc));
1769 if (group_count >= 1)
1771 com_err(whoami, 0, "Object already exists with name %s",
1776 linklist_free(group_base);
1781 if (rc = mr_query("get_user_account_by_login", 1, av,
1782 save_query_info, save_argv))
1785 com_err(whoami, 0, "Unable to create user %s : %s",
1786 after[U_NAME], error_message(rc));
1790 if (rc = user_create(U_END, save_argv, call_args))
1792 com_err(whoami, 0, "Unable to create user %s : %s",
1793 after[U_NAME], error_message(rc));
1800 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1812 if (strcmp(before[U_NAME], after[U_NAME]))
1814 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1816 com_err(whoami, 0, "changing user %s to %s",
1817 before[U_NAME], after[U_NAME]);
1819 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1820 after[U_NAME])) != LDAP_SUCCESS)
1827 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1829 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1830 after[U_UID], after[U_MITID],
1831 after_user_id, atoi(after[U_STATE]),
1832 after[U_HOMEDIR], after[U_PROFILEDIR],
1833 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1834 after[U_SHELL], after[U_CLASS]);
1839 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1840 char *oldValue, char *newValue,
1841 char ***modvalues, int type)
1843 LK_ENTRY *linklist_ptr;
1847 if (((*modvalues) = calloc(1,
1848 (modvalue_count + 1) * sizeof(char *))) == NULL)
1853 for (i = 0; i < (modvalue_count + 1); i++)
1854 (*modvalues)[i] = NULL;
1856 if (modvalue_count != 0)
1858 linklist_ptr = linklist_base;
1859 for (i = 0; i < modvalue_count; i++)
1861 if ((oldValue != NULL) && (newValue != NULL))
1863 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1866 if (type == REPLACE)
1868 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1871 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1872 strcpy((*modvalues)[i], newValue);
1876 if (((*modvalues)[i] = calloc(1,
1877 (int)(cPtr - linklist_ptr->value) +
1878 (linklist_ptr->length -
1880 strlen(newValue) + 1)) == NULL)
1882 memset((*modvalues)[i], '\0',
1883 (int)(cPtr - linklist_ptr->value) +
1884 (linklist_ptr->length - strlen(oldValue)) +
1885 strlen(newValue) + 1);
1886 memcpy((*modvalues)[i], linklist_ptr->value,
1887 (int)(cPtr - linklist_ptr->value));
1888 strcat((*modvalues)[i], newValue);
1889 strcat((*modvalues)[i],
1890 &linklist_ptr->value[(int)(cPtr -
1891 linklist_ptr->value) + strlen(oldValue)]);
1896 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1897 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1898 memcpy((*modvalues)[i], linklist_ptr->value,
1899 linklist_ptr->length);
1904 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1905 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1906 memcpy((*modvalues)[i], linklist_ptr->value,
1907 linklist_ptr->length);
1909 linklist_ptr = linklist_ptr->next;
1911 (*modvalues)[i] = NULL;
1917 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1918 char **attr_array, LK_ENTRY **linklist_base,
1919 int *linklist_count, unsigned long ScopeType)
1922 LDAPMessage *ldap_entry;
1926 (*linklist_base) = NULL;
1927 (*linklist_count) = 0;
1929 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1930 search_exp, attr_array, 0,
1931 &ldap_entry)) != LDAP_SUCCESS)
1933 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1937 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1940 ldap_msgfree(ldap_entry);
1944 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1945 LK_ENTRY **linklist_base, int *linklist_count)
1947 char distinguished_name[1024];
1948 LK_ENTRY *linklist_ptr;
1951 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1954 memset(distinguished_name, '\0', sizeof(distinguished_name));
1955 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1957 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1958 linklist_base)) != 0)
1961 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1963 memset(distinguished_name, '\0', sizeof(distinguished_name));
1964 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1966 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1967 distinguished_name, linklist_base)) != 0)
1971 linklist_ptr = (*linklist_base);
1972 (*linklist_count) = 0;
1974 while (linklist_ptr != NULL)
1976 ++(*linklist_count);
1977 linklist_ptr = linklist_ptr->next;
1983 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1984 char *distinguished_name, LK_ENTRY **linklist_current)
1991 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1994 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1996 ldap_memfree(Attribute);
1997 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2000 retrieve_values(ldap_handle, ldap_entry, Attribute,
2001 distinguished_name, linklist_current);
2002 ldap_memfree(Attribute);
2006 ldap_ber_free(ptr, 0);
2011 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2012 char *Attribute, char *distinguished_name,
2013 LK_ENTRY **linklist_current)
2019 LK_ENTRY *linklist_previous;
2020 LDAP_BERVAL **ber_value;
2029 SID_IDENTIFIER_AUTHORITY *sid_auth;
2030 unsigned char *subauth_count;
2031 #endif /*LDAP_BEGUG*/
2034 memset(temp, '\0', sizeof(temp));
2036 if ((!strcmp(Attribute, "objectSid")) ||
2037 (!strcmp(Attribute, "objectGUID")))
2042 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2043 Ptr = (void **)ber_value;
2048 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2049 Ptr = (void **)str_value;
2057 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2060 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2061 linklist_previous->next = (*linklist_current);
2062 (*linklist_current) = linklist_previous;
2064 if (((*linklist_current)->attribute = calloc(1,
2065 strlen(Attribute) + 1)) == NULL)
2068 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2069 strcpy((*linklist_current)->attribute, Attribute);
2073 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2075 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2078 memset((*linklist_current)->value, '\0', ber_length);
2079 memcpy((*linklist_current)->value,
2080 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2081 (*linklist_current)->length = ber_length;
2085 if (((*linklist_current)->value = calloc(1,
2086 strlen(*Ptr) + 1)) == NULL)
2089 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2090 (*linklist_current)->length = strlen(*Ptr);
2091 strcpy((*linklist_current)->value, *Ptr);
2094 (*linklist_current)->ber_value = use_bervalue;
2096 if (((*linklist_current)->dn = calloc(1,
2097 strlen(distinguished_name) + 1)) == NULL)
2100 memset((*linklist_current)->dn, '\0',
2101 strlen(distinguished_name) + 1);
2102 strcpy((*linklist_current)->dn, distinguished_name);
2105 if (!strcmp(Attribute, "objectGUID"))
2107 guid = (GUID *)((*linklist_current)->value);
2109 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2110 guid->Data1, guid->Data2, guid->Data3,
2111 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2112 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2113 guid->Data4[6], guid->Data4[7]);
2114 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2116 else if (!strcmp(Attribute, "objectSid"))
2118 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2121 print_to_screen(" Revision = %d\n", sid->Revision);
2122 print_to_screen(" SID Identifier Authority:\n");
2123 sid_auth = &sid->IdentifierAuthority;
2124 if (sid_auth->Value[0])
2125 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2126 else if (sid_auth->Value[1])
2127 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2128 else if (sid_auth->Value[2])
2129 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2130 else if (sid_auth->Value[3])
2131 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2132 else if (sid_auth->Value[5])
2133 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2135 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2136 subauth_count = GetSidSubAuthorityCount(sid);
2137 print_to_screen(" SidSubAuthorityCount = %d\n",
2139 print_to_screen(" SidSubAuthority:\n");
2140 for (i = 0; i < *subauth_count; i++)
2142 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2143 print_to_screen(" %u\n", *subauth);
2147 else if ((!memcmp(Attribute, "userAccountControl",
2148 strlen("userAccountControl"))) ||
2149 (!memcmp(Attribute, "sAMAccountType",
2150 strlen("sAmAccountType"))))
2152 intValue = atoi(*Ptr);
2153 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2155 if (!memcmp(Attribute, "userAccountControl",
2156 strlen("userAccountControl")))
2158 if (intValue & UF_ACCOUNTDISABLE)
2159 print_to_screen(" %20s : %s\n",
2160 "", "Account disabled");
2162 print_to_screen(" %20s : %s\n",
2163 "", "Account active");
2164 if (intValue & UF_HOMEDIR_REQUIRED)
2165 print_to_screen(" %20s : %s\n",
2166 "", "Home directory required");
2167 if (intValue & UF_LOCKOUT)
2168 print_to_screen(" %20s : %s\n",
2169 "", "Account locked out");
2170 if (intValue & UF_PASSWD_NOTREQD)
2171 print_to_screen(" %20s : %s\n",
2172 "", "No password required");
2173 if (intValue & UF_PASSWD_CANT_CHANGE)
2174 print_to_screen(" %20s : %s\n",
2175 "", "Cannot change password");
2176 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2177 print_to_screen(" %20s : %s\n",
2178 "", "Temp duplicate account");
2179 if (intValue & UF_NORMAL_ACCOUNT)
2180 print_to_screen(" %20s : %s\n",
2181 "", "Normal account");
2182 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2183 print_to_screen(" %20s : %s\n",
2184 "", "Interdomain trust account");
2185 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2186 print_to_screen(" %20s : %s\n",
2187 "", "Workstation trust account");
2188 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2189 print_to_screen(" %20s : %s\n",
2190 "", "Server trust account");
2195 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2197 #endif /*LDAP_DEBUG*/
2200 if (str_value != NULL)
2201 ldap_value_free(str_value);
2203 if (ber_value != NULL)
2204 ldap_value_free_len(ber_value);
2207 (*linklist_current) = linklist_previous;
2212 int moira_connect(void)
2217 if (!mr_connections++)
2221 memset(HostName, '\0', sizeof(HostName));
2222 strcpy(HostName, "ttsp");
2223 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2227 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2236 int check_winad(void)
2240 for (i = 0; file_exists(STOP_FILE); i++)
2244 critical_alert(whoami, "Ldap incremental",
2245 "Ldap incremental failed (%s exists): %s",
2246 STOP_FILE, tbl_buf);
2256 int moira_disconnect(void)
2259 if (!--mr_connections)
2267 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2268 char *distinguished_name)
2272 CName = ldap_get_dn(ldap_handle, ldap_entry);
2277 strcpy(distinguished_name, CName);
2278 ldap_memfree(CName);
2281 int linklist_create_entry(char *attribute, char *value,
2282 LK_ENTRY **linklist_entry)
2284 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2286 if (!(*linklist_entry))
2291 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2292 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2293 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2294 strcpy((*linklist_entry)->attribute, attribute);
2295 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2296 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2297 strcpy((*linklist_entry)->value, value);
2298 (*linklist_entry)->length = strlen(value);
2299 (*linklist_entry)->next = NULL;
2304 void print_to_screen(const char *fmt, ...)
2308 va_start(pvar, fmt);
2309 vfprintf(stderr, fmt, pvar);
2314 int get_group_membership(char *group_membership, char *group_ou,
2315 int *security_flag, char **av)
2320 maillist_flag = atoi(av[L_MAILLIST]);
2321 group_flag = atoi(av[L_GROUP]);
2323 if (security_flag != NULL)
2324 (*security_flag) = 0;
2326 if ((maillist_flag) && (group_flag))
2328 if (group_membership != NULL)
2329 group_membership[0] = 'B';
2331 if (security_flag != NULL)
2332 (*security_flag) = 1;
2334 if (group_ou != NULL)
2335 strcpy(group_ou, group_ou_both);
2337 else if ((!maillist_flag) && (group_flag))
2339 if (group_membership != NULL)
2340 group_membership[0] = 'S';
2342 if (security_flag != NULL)
2343 (*security_flag) = 1;
2345 if (group_ou != NULL)
2346 strcpy(group_ou, group_ou_security);
2348 else if ((maillist_flag) && (!group_flag))
2350 if (group_membership != NULL)
2351 group_membership[0] = 'D';
2353 if (group_ou != NULL)
2354 strcpy(group_ou, group_ou_distribution);
2358 if (group_membership != NULL)
2359 group_membership[0] = 'N';
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_neither);
2368 int group_rename(LDAP *ldap_handle, char *dn_path,
2369 char *before_group_name, char *before_group_membership,
2370 char *before_group_ou, int before_security_flag,
2371 char *before_desc, char *after_group_name,
2372 char *after_group_membership, char *after_group_ou,
2373 int after_security_flag, char *after_desc,
2374 char *MoiraId, char *filter, char *maillist, char *nfsgroup)
2379 char new_dn_path[512];
2382 char mail_nickname[256];
2383 char proxy_address[256];
2384 char address_book[256];
2385 char *attr_array[3];
2386 char *mitMoiraId_v[] = {NULL, NULL};
2387 char *name_v[] = {NULL, NULL};
2388 char *samAccountName_v[] = {NULL, NULL};
2389 char *groupTypeControl_v[] = {NULL, NULL};
2390 char *mail_v[] = {NULL, NULL};
2391 char *proxy_address_v[] = {NULL, NULL};
2392 char *mail_nickname_v[] = {NULL, NULL};
2393 char *report_to_originator_v[] = {NULL, NULL};
2394 char *address_book_v[] = {NULL, NULL};
2395 char *legacy_exchange_dn_v[] = {NULL, NULL};
2396 char *null_v[] = {NULL, NULL};
2397 u_int groupTypeControl;
2398 char groupTypeControlStr[80];
2399 char contact_mail[256];
2403 LK_ENTRY *group_base;
2405 int MailDisabled = 0;
2406 char search_filter[1024];
2408 if(UseGroupUniversal)
2409 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2411 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2413 if (!check_string(before_group_name))
2416 "Unable to process invalid LDAP list name %s",
2418 return(AD_INVALID_NAME);
2421 if (!check_string(after_group_name))
2424 "Unable to process invalid LDAP list name %s", after_group_name);
2425 return(AD_INVALID_NAME);
2435 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2437 attr_array[0] = "cn";
2438 attr_array[1] = NULL;
2440 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2441 attr_array, &group_base, &group_count,
2442 LDAP_SCOPE_SUBTREE)) != 0)
2444 com_err(whoami, 0, "Unable to process group %s : %s",
2445 after_group_name, ldap_err2string(rc));
2451 com_err(whoami, 0, "Object already exists with name %s",
2456 linklist_free(group_base);
2465 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2466 before_group_membership,
2467 MoiraId, "samAccountName", &group_base,
2468 &group_count, filter))
2471 if (group_count == 0)
2473 return(AD_NO_GROUPS_FOUND);
2476 if (group_count != 1)
2478 com_err(whoami, 0, "Unable to process multiple groups with "
2479 "MoiraId = %s exist in the directory", MoiraId);
2480 return(AD_MULTIPLE_GROUPS_FOUND);
2483 strcpy(old_dn, group_base->dn);
2485 linklist_free(group_base);
2488 attr_array[0] = "sAMAccountName";
2489 attr_array[1] = NULL;
2491 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2492 &group_base, &group_count,
2493 LDAP_SCOPE_SUBTREE)) != 0)
2495 com_err(whoami, 0, "Unable to get list %s dn : %s",
2496 after_group_name, ldap_err2string(rc));
2500 if (group_count != 1)
2503 "Unable to get sAMAccountName for group %s",
2505 return(AD_LDAP_FAILURE);
2508 strcpy(sam_name, group_base->value);
2509 linklist_free(group_base);
2513 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2514 sprintf(new_dn, "cn=%s", after_group_name);
2515 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2516 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2517 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2518 lowercase(ldap_domain));
2519 sprintf(mail_nickname, "%s", after_group_name);
2521 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2523 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2524 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2526 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2527 before_group_name, after_group_name, ldap_err2string(rc));
2531 name_v[0] = after_group_name;
2533 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2534 group_suffix, strlen(group_suffix)))
2536 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2541 "Unable to rename list from %s to %s : sAMAccountName not found",
2542 before_group_name, after_group_name);
2546 samAccountName_v[0] = sam_name;
2548 if (after_security_flag)
2549 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2551 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2552 groupTypeControl_v[0] = groupTypeControlStr;
2553 mitMoiraId_v[0] = MoiraId;
2555 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2556 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2559 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2560 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2561 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2562 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2566 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2568 mail_nickname_v[0] = mail_nickname;
2569 proxy_address_v[0] = proxy_address;
2571 report_to_originator_v[0] = "TRUE";
2573 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("reportToOriginator", report_to_originator_v,
2581 mail_nickname_v[0] = NULL;
2582 proxy_address_v[0] = NULL;
2584 legacy_exchange_dn_v[0] = NULL;
2585 address_book_v[0] = NULL;
2586 report_to_originator_v[0] = NULL;
2588 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2593 ADD_ATTR("reportToOriginator", report_to_originator_v,
2599 if(atoi(maillist) && email_isvalid(contact_mail))
2601 mail_v[0] = contact_mail;
2602 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2604 if(!ActiveDirectory)
2606 null_v[0] = "/dev/null";
2607 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2608 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
2615 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2618 "Unable to modify list data for %s after renaming: %s",
2619 after_group_name, ldap_err2string(rc));
2622 for (i = 0; i < n; i++)
2628 int group_create(int ac, char **av, void *ptr)
2633 char new_group_name[256];
2634 char sam_group_name[256];
2635 char cn_group_name[256];
2637 char contact_mail[256];
2638 char mail_nickname[256];
2639 char proxy_address[256];
2640 char address_book[256];
2641 char *cn_v[] = {NULL, NULL};
2642 char *objectClass_v[] = {"top", "group", NULL};
2643 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2644 "group", "mailRecipient", NULL};
2646 char *samAccountName_v[] = {NULL, NULL};
2647 char *altSecurityIdentities_v[] = {NULL, NULL};
2648 char *member_v[] = {NULL, NULL};
2649 char *name_v[] = {NULL, NULL};
2650 char *desc_v[] = {NULL, NULL};
2651 char *info_v[] = {NULL, NULL};
2652 char *mitMoiraId_v[] = {NULL, NULL};
2653 char *mitMoiraPublic_v[] = {NULL, NULL};
2654 char *mitMoiraHidden_v[] = {NULL, NULL};
2655 char *mitMoiraActive_v[] = {NULL, NULL};
2656 char *mitMoiraNFSGroup_v[] = {NULL, NULL};
2657 char *groupTypeControl_v[] = {NULL, NULL};
2658 char *mail_v[] = {NULL, NULL};
2659 char *proxy_address_v[] = {NULL, NULL};
2660 char *mail_nickname_v[] = {NULL, NULL};
2661 char *report_to_originator_v[] = {NULL, NULL};
2662 char *address_book_v[] = {NULL, NULL};
2663 char *legacy_exchange_dn_v[] = {NULL, NULL};
2664 char *gidNumber_v[] = {NULL, NULL};
2665 char *null_v[] = {NULL, NULL};
2666 char groupTypeControlStr[80];
2667 char group_membership[1];
2670 u_int groupTypeControl;
2674 int MailDisabled = 0;
2676 LK_ENTRY *group_base;
2679 char *attr_array[3];
2683 if(UseGroupUniversal)
2684 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2686 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2688 if (!check_string(av[L_NAME]))
2690 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2692 return(AD_INVALID_NAME);
2695 updateGroup = (int)call_args[4];
2696 memset(group_ou, 0, sizeof(group_ou));
2697 memset(group_membership, 0, sizeof(group_membership));
2700 get_group_membership(group_membership, group_ou, &security_flag, av);
2702 strcpy(new_group_name, av[L_NAME]);
2703 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2704 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2705 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2706 sprintf(mail_nickname, "%s", av[L_NAME]);
2709 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2711 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2715 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2716 groupTypeControl_v[0] = groupTypeControlStr;
2718 strcpy(cn_group_name, av[L_NAME]);
2720 samAccountName_v[0] = sam_group_name;
2721 name_v[0] = new_group_name;
2722 cn_v[0] = new_group_name;
2725 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2729 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2733 mitMoiraPublic_v[0] = av[L_PUBLIC];
2734 mitMoiraHidden_v[0] = av[L_HIDDEN];
2735 mitMoiraActive_v[0] = av[L_ACTIVE];
2736 mitMoiraNFSGroup_v[0] = av[L_NFSGROUP];
2737 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2738 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2739 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2740 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD);
2741 ADD_ATTR("mitMoiraNFSGroup", mitMoiraNFSGroup_v, LDAP_MOD_ADD);
2743 if(atoi(av[L_GROUP]))
2745 gidNumber_v[0] = av[L_GID];
2746 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2750 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2751 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2752 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2756 if(atoi(av[L_MAILLIST]))
2761 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2762 attr_array[0] = "cn";
2763 attr_array[1] = NULL;
2765 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2766 filter, attr_array, &group_base,
2768 LDAP_SCOPE_SUBTREE)) != 0)
2770 com_err(whoami, 0, "Unable to process group %s : %s",
2771 av[L_NAME], ldap_err2string(rc));
2777 com_err(whoami, 0, "Object already exists with name %s",
2782 linklist_free(group_base);
2787 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2789 mail_nickname_v[0] = mail_nickname;
2790 report_to_originator_v[0] = "TRUE";
2792 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2793 ADD_ATTR("reportToOriginator", report_to_originator_v,
2799 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2801 mail_v[0] = contact_mail;
2802 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2804 if(!ActiveDirectory)
2806 null_v[0] = "/dev/null";
2807 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2808 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
2813 if (strlen(av[L_DESC]) != 0)
2815 desc_v[0] = av[L_DESC];
2816 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2819 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2821 if (strlen(av[L_ACE_NAME]) != 0)
2823 sprintf(info, "The Administrator of this list is: %s",
2826 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2829 if (strlen(call_args[5]) != 0)
2831 mitMoiraId_v[0] = call_args[5];
2832 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2837 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2839 for (i = 0; i < n; i++)
2842 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2844 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2845 av[L_NAME], ldap_err2string(rc));
2851 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2853 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2854 "description", av[L_NAME]);
2855 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2857 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2862 if (strlen(call_args[5]) != 0)
2864 mitMoiraId_v[0] = call_args[5];
2865 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2868 if (!(atoi(av[L_ACTIVE])))
2871 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2874 if (!ActiveDirectory)
2876 mitMoiraPublic_v[0] = av[L_PUBLIC];
2877 mitMoiraHidden_v[0] = av[L_HIDDEN];
2878 mitMoiraActive_v[0] = av[L_ACTIVE];
2879 mitMoiraNFSGroup_v[0] = av[L_NFSGROUP];
2880 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2881 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2882 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE);
2883 ADD_ATTR("mitMoiraNFSGroup", mitMoiraNFSGroup_v, LDAP_MOD_REPLACE);
2885 if(atoi(av[L_GROUP]))
2887 gidNumber_v[0] = av[L_GID];
2888 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2892 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2898 if(atoi(av[L_MAILLIST]))
2903 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2904 attr_array[0] = "cn";
2905 attr_array[1] = NULL;
2907 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2908 filter, attr_array, &group_base,
2910 LDAP_SCOPE_SUBTREE)) != 0)
2912 com_err(whoami, 0, "Unable to process group %s : %s",
2913 av[L_NAME], ldap_err2string(rc));
2919 com_err(whoami, 0, "Object already exists with name %s",
2924 linklist_free(group_base);
2929 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2931 mail_nickname_v[0] = mail_nickname;
2932 report_to_originator_v[0] = "TRUE";
2934 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2935 ADD_ATTR("reportToOriginator", report_to_originator_v,
2941 mail_nickname_v[0] = NULL;
2942 proxy_address_v[0] = NULL;
2943 legacy_exchange_dn_v[0] = NULL;
2944 address_book_v[0] = NULL;
2945 report_to_originator_v[0] = NULL;
2947 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2948 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2949 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2950 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2952 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2953 ADD_ATTR("reportToOriginator", report_to_originator_v,
2959 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2961 mail_v[0] = contact_mail;
2962 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2964 if(!ActiveDirectory)
2966 null_v[0] = "/dev/null";
2967 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2968 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
2974 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2976 if(!ActiveDirectory)
2979 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2980 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
2990 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2992 for (i = 0; i < n; i++)
2995 if (rc != LDAP_SUCCESS)
2997 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2998 av[L_NAME], ldap_err2string(rc));
3005 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3006 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3008 return(LDAP_SUCCESS);
3011 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3012 char *TargetGroupName, int HiddenGroup,
3013 char *AceType, char *AceName)
3015 char filter_exp[1024];
3016 char *attr_array[5];
3017 char search_path[512];
3019 char TemplateDn[512];
3020 char TemplateSamName[128];
3022 char TargetSamName[128];
3023 char AceSamAccountName[128];
3025 unsigned char AceSid[128];
3026 unsigned char UserTemplateSid[128];
3027 char acBERBuf[N_SD_BER_BYTES];
3028 char GroupSecurityTemplate[256];
3029 char hide_addres_lists[256];
3030 char address_book[256];
3031 char *hide_address_lists_v[] = {NULL, NULL};
3032 char *address_book_v[] = {NULL, NULL};
3033 char *owner_v[] = {NULL, NULL};
3035 int UserTemplateSidCount;
3042 int array_count = 0;
3044 LK_ENTRY *group_base;
3045 LDAP_BERVAL **ppsValues;
3046 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3047 { N_SD_BER_BYTES, acBERBuf },
3050 LDAPControl *apsServerControls[] = {&sControl, NULL};
3053 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3054 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3055 BEREncodeSecurityBits(dwInfo, acBERBuf);
3057 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3058 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3059 attr_array[0] = "sAMAccountName";
3060 attr_array[1] = NULL;
3064 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3065 &group_base, &group_count,
3066 LDAP_SCOPE_SUBTREE) != 0))
3069 if (group_count != 1)
3071 linklist_free(group_base);
3075 strcpy(TargetDn, group_base->dn);
3076 strcpy(TargetSamName, group_base->value);
3077 linklist_free(group_base);
3081 UserTemplateSidCount = 0;
3082 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3083 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3084 memset(AceSid, '\0', sizeof(AceSid));
3089 if (strlen(AceName) != 0)
3091 if (!strcmp(AceType, "LIST"))
3093 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3094 strcpy(root_ou, group_ou_root);
3096 else if (!strcmp(AceType, "USER"))
3098 sprintf(AceSamAccountName, "%s", AceName);
3099 strcpy(root_ou, user_ou);
3102 if (ActiveDirectory)
3104 if (strlen(AceSamAccountName) != 0)
3106 sprintf(search_path, "%s", dn_path);
3107 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3108 attr_array[0] = "objectSid";
3109 attr_array[1] = NULL;
3113 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3114 attr_array, &group_base, &group_count,
3115 LDAP_SCOPE_SUBTREE) != 0))
3117 if (group_count == 1)
3119 strcpy(AceDn, group_base->dn);
3120 AceSidCount = group_base->length;
3121 memcpy(AceSid, group_base->value, AceSidCount);
3123 linklist_free(group_base);
3130 if (strlen(AceSamAccountName) != 0)
3132 sprintf(search_path, "%s", dn_path);
3133 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3134 attr_array[0] = "samAccountName";
3135 attr_array[1] = NULL;
3139 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3140 attr_array, &group_base, &group_count,
3141 LDAP_SCOPE_SUBTREE) != 0))
3143 if (group_count == 1)
3145 strcpy(AceDn, group_base->dn);
3147 linklist_free(group_base);
3154 if (!ActiveDirectory)
3156 if (strlen(AceDn) != 0)
3158 owner_v[0] = strdup(AceDn);
3160 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3164 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3166 for (i = 0; i < n; i++)
3169 if (rc != LDAP_SUCCESS)
3170 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3171 TargetGroupName, ldap_err2string(rc));
3177 if (AceSidCount == 0)
3179 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3180 "have a directory SID.", TargetGroupName, AceName, AceType);
3181 com_err(whoami, 0, " Non-admin security group template will be used.");
3185 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3186 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3187 attr_array[0] = "objectSid";
3188 attr_array[1] = NULL;
3193 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3194 attr_array, &group_base, &group_count,
3195 LDAP_SCOPE_SUBTREE) != 0))
3198 if ((rc != 0) || (group_count != 1))
3200 com_err(whoami, 0, "Unable to process user security template: %s",
3206 UserTemplateSidCount = group_base->length;
3207 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3209 linklist_free(group_base);
3216 if (AceSidCount == 0)
3218 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3219 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3223 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3224 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3229 if (AceSidCount == 0)
3231 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3232 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3236 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3237 sprintf(filter_exp, "(sAMAccountName=%s)",
3238 NOT_HIDDEN_GROUP_WITH_ADMIN);
3242 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3243 attr_array[0] = "sAMAccountName";
3244 attr_array[1] = NULL;
3248 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3249 &group_base, &group_count,
3250 LDAP_SCOPE_SUBTREE) != 0))
3253 if (group_count != 1)
3255 linklist_free(group_base);
3256 com_err(whoami, 0, "Unable to process group security template: %s - "
3257 "security not set", GroupSecurityTemplate);
3261 strcpy(TemplateDn, group_base->dn);
3262 strcpy(TemplateSamName, group_base->value);
3263 linklist_free(group_base);
3267 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3268 rc = ldap_search_ext_s(ldap_handle,
3280 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3282 com_err(whoami, 0, "Unable to find group security template: %s - "
3283 "security not set", GroupSecurityTemplate);
3287 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3289 if (ppsValues == NULL)
3291 com_err(whoami, 0, "Unable to find group security descriptor for group "
3292 "%s - security not set", GroupSecurityTemplate);
3296 if (AceSidCount != 0)
3298 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3301 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3303 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3304 UserTemplateSidCount))
3306 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3314 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3315 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3321 hide_address_lists_v[0] = "TRUE";
3322 address_book_v[0] = NULL;
3323 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3325 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3327 hide_address_lists_v[0] = NULL;
3328 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3335 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3337 for (i = 0; i < n; i++)
3340 ldap_value_free_len(ppsValues);
3341 ldap_msgfree(psMsg);
3343 if (rc != LDAP_SUCCESS)
3345 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3346 TargetGroupName, ldap_err2string(rc));
3348 if (AceSidCount != 0)
3351 "Trying to set security for group %s without admin.",
3354 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3355 HiddenGroup, "", ""))
3357 com_err(whoami, 0, "Unable to set security for group %s.",
3368 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3369 char *group_membership, char *MoiraId)
3371 LK_ENTRY *group_base;
3377 if (!check_string(group_name))
3380 "Unable to process invalid LDAP list name %s", group_name);
3381 return(AD_INVALID_NAME);
3384 memset(filter, '\0', sizeof(filter));
3387 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3389 if (rc = ad_get_group(ldap_handle, temp, group_name,
3390 group_membership, MoiraId,
3391 "samAccountName", &group_base,
3392 &group_count, filter))
3395 if (group_count == 1)
3397 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3399 linklist_free(group_base);
3400 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3401 group_name, ldap_err2string(rc));
3404 linklist_free(group_base);
3408 linklist_free(group_base);
3409 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3410 return(AD_NO_GROUPS_FOUND);
3416 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3422 return(N_SD_BER_BYTES);
3425 int process_lists(int ac, char **av, void *ptr)
3430 char group_membership[2];
3436 memset(group_ou, '\0', sizeof(group_ou));
3437 memset(group_membership, '\0', sizeof(group_membership));
3438 get_group_membership(group_membership, group_ou, &security_flag, av);
3439 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3440 av[L_NAME], group_ou, group_membership,
3441 security_flag, "", 1);
3446 int member_list_build(int ac, char **av, void *ptr)
3454 strcpy(temp, av[ACE_NAME]);
3457 if (!check_string(temp))
3460 if (!strcmp(av[ACE_TYPE], "USER"))
3462 if (!((int)call_args[3] & MOIRA_USERS))
3465 else if (!strcmp(av[ACE_TYPE], "STRING"))
3469 if((s = strchr(temp, '@')) == (char *) NULL)
3472 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3476 if (!((int)call_args[3] & MOIRA_STRINGS))
3479 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3482 else if (!strcmp(av[ACE_TYPE], "LIST"))
3484 if (!((int)call_args[3] & MOIRA_LISTS))
3487 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3489 if (!((int)call_args[3] & MOIRA_KERBEROS))
3492 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3497 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3499 if (!((int)call_args[3] & MOIRA_MACHINE))
3505 linklist = member_base;
3509 if (!strcasecmp(temp, linklist->member) &&
3510 !strcasecmp(av[ACE_TYPE], linklist->type))
3513 linklist = linklist->next;
3516 linklist = calloc(1, sizeof(LK_ENTRY));
3518 linklist->dn = NULL;
3519 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3520 strcpy(linklist->list, call_args[2]);
3521 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3522 strcpy(linklist->type, av[ACE_TYPE]);
3523 linklist->member = calloc(1, strlen(temp) + 1);
3524 strcpy(linklist->member, temp);
3525 linklist->next = member_base;
3526 member_base = linklist;
3531 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3532 char *group_ou, char *group_membership, char *user_name,
3533 char *UserOu, char *MoiraId)
3535 char distinguished_name[1024];
3539 char *attr_array[3];
3544 LK_ENTRY *group_base;
3548 if (max_group_members && (group_members < max_group_members))
3551 if (!check_string(group_name))
3552 return(AD_INVALID_NAME);
3554 if(!contains_member(ldap_handle, dn_path, group_name, UserOu,
3555 escape_string(user_name)))
3558 memset(filter, '\0', sizeof(filter));
3562 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3563 group_membership, MoiraId,
3564 "samAccountName", &group_base,
3565 &group_count, filter))
3568 if (group_count != 1)
3570 com_err(whoami, 0, "Unable to find list %s in directory",
3572 linklist_free(group_base);
3578 strcpy(distinguished_name, group_base->dn);
3579 linklist_free(group_base);
3585 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3589 if(!strcmp(UserOu, user_ou))
3590 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3592 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3595 modvalues[0] = temp;
3596 modvalues[1] = NULL;
3599 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3601 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3603 for (i = 0; i < n; i++)
3606 if (rc == LDAP_UNWILLING_TO_PERFORM)
3609 if (rc != LDAP_SUCCESS)
3611 com_err(whoami, 0, "Unable to modify list %s members : %s",
3612 group_name, ldap_err2string(rc));
3616 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3620 if(!strcmp(UserOu, contact_ou) &&
3621 ((s = strstr(user_name,
3622 "@exchange-forwarding.mit.edu")) != (char *) NULL))
3624 memset(temp, '\0', sizeof(temp));
3625 strcpy(temp, user_name);
3626 s = strchr(temp, '@');
3629 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3631 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3632 &group_base, &group_count,
3633 LDAP_SCOPE_SUBTREE) != 0))
3639 linklist_free(group_base);
3644 sprintf(filter, "(distinguishedName=%s)", temp);
3645 attr_array[0] = "memberOf";
3646 attr_array[1] = NULL;
3648 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3649 &group_base, &group_count,
3650 LDAP_SCOPE_SUBTREE) != 0))
3656 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3658 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3668 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3669 char *group_ou, char *group_membership, char *user_name,
3670 char *UserOu, char *MoiraId)
3672 char distinguished_name[1024];
3680 LK_ENTRY *group_base;
3683 if (max_group_members && (group_members < max_group_members))
3686 if (!check_string(group_name))
3687 return(AD_INVALID_NAME);
3689 if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0)
3693 memset(filter, '\0', sizeof(filter));
3697 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3698 group_membership, MoiraId,
3699 "samAccountName", &group_base,
3700 &group_count, filter))
3703 if (group_count != 1)
3705 linklist_free(group_base);
3708 com_err(whoami, 0, "Unable to find list %s %d in directory",
3709 group_name, group_count);
3710 return(AD_MULTIPLE_GROUPS_FOUND);
3713 strcpy(distinguished_name, group_base->dn);
3714 linklist_free(group_base);
3720 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3724 if(!strcmp(UserOu, user_ou))
3725 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3727 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3730 modvalues[0] = temp;
3731 modvalues[1] = NULL;
3734 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3736 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3738 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3741 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3743 if (rc == LDAP_UNWILLING_TO_PERFORM)
3747 for (i = 0; i < n; i++)
3750 if (rc != LDAP_SUCCESS)
3752 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3753 user_name, group_name, ldap_err2string(rc));
3759 int contact_remove_email(LDAP *ld, char *bind_path,
3760 LK_ENTRY **linklist_base, int linklist_current)
3764 char *mail_v[] = {NULL, NULL};
3772 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3773 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3774 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3775 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3778 gPtr = (*linklist_base);
3781 rc = ldap_modify_s(ld, gPtr->dn, mods);
3783 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3785 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3786 gPtr->dn, ldap_err2string(rc));
3793 for (i = 0; i < n; i++)
3799 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3802 LK_ENTRY *group_base;
3805 char cn_user_name[256];
3806 char contact_name[256];
3807 char mail_nickname[256];
3808 char proxy_address_internal[256];
3809 char proxy_address_external[256];
3810 char target_address[256];
3811 char internal_contact_name[256];
3814 char principal[256];
3815 char mit_address_book[256];
3816 char default_address_book[256];
3817 char contact_address_book[256];
3819 char *email_v[] = {NULL, NULL};
3820 char *cn_v[] = {NULL, NULL};
3821 char *contact_v[] = {NULL, NULL};
3822 char *uid_v[] = {NULL, NULL};
3823 char *mail_nickname_v[] = {NULL, NULL};
3824 char *proxy_address_internal_v[] = {NULL, NULL};
3825 char *proxy_address_external_v[] = {NULL, NULL};
3826 char *target_address_v[] = {NULL, NULL};
3827 char *mit_address_book_v[] = {NULL, NULL};
3828 char *default_address_book_v[] = {NULL, NULL};
3829 char *contact_address_book_v[] = {NULL, NULL};
3830 char *hide_address_lists_v[] = {NULL, NULL};
3831 char *attr_array[3];
3832 char *objectClass_v[] = {"top", "person",
3833 "organizationalPerson",
3835 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3836 "inetOrgPerson", "organizationalPerson",
3837 "contact", "mailRecipient", "eduPerson",
3839 char *name_v[] = {NULL, NULL};
3840 char *desc_v[] = {NULL, NULL};
3847 char *mail_routing_v[] = {NULL, NULL};
3848 char *principal_v[] = {NULL, NULL};
3850 if (!check_string(user))
3852 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3853 return(AD_INVALID_NAME);
3857 strcpy(contact_name, mail);
3858 strcpy(internal_contact_name, mail);
3860 if((s = strchr(internal_contact_name, '@')) != NULL) {
3864 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3867 sprintf(target_address, "SMTP:%s", contact_name);
3868 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3869 sprintf(mail_nickname, "%s", internal_contact_name);
3871 cn_v[0] = cn_user_name;
3872 contact_v[0] = contact_name;
3875 desc_v[0] = "Auto account created by Moira";
3877 proxy_address_internal_v[0] = proxy_address_internal;
3878 proxy_address_external_v[0] = proxy_address_external;
3879 mail_nickname_v[0] = mail_nickname;
3880 target_address_v[0] = target_address;
3881 mit_address_book_v[0] = mit_address_book;
3882 default_address_book_v[0] = default_address_book;
3883 contact_address_book_v[0] = contact_address_book;
3884 strcpy(new_dn, cn_user_name);
3887 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3889 if(!ActiveDirectory)
3891 if(!strcmp(group_ou, contact_ou))
3892 sprintf(uid, "%s%s", contact_name, "_strings");
3894 if(!strcmp(group_ou, kerberos_ou))
3895 sprintf(uid, "%s%s", contact_name, "_kerberos");
3899 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3900 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3905 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3909 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3912 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3913 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3914 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3918 if((s = strstr(mail, "@mit.edu")) != (char *) NULL)
3921 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3926 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3927 attr_array[0] = "cn";
3928 attr_array[1] = NULL;
3930 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3931 &group_base, &group_count,
3932 LDAP_SCOPE_SUBTREE)) != 0)
3934 com_err(whoami, 0, "Unable to process contact %s : %s",
3935 user, ldap_err2string(rc));
3941 com_err(whoami, 0, "Object already exists with name %s",
3946 linklist_free(group_base);
3950 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3951 attr_array[0] = "cn";
3952 attr_array[1] = NULL;
3954 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3955 &group_base, &group_count,
3956 LDAP_SCOPE_SUBTREE)) != 0)
3958 com_err(whoami, 0, "Unable to process contact %s : %s",
3959 user, ldap_err2string(rc));
3965 com_err(whoami, 0, "Object already exists with name %s",
3970 linklist_free(group_base);
3974 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3975 attr_array[0] = "cn";
3976 attr_array[1] = NULL;
3978 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3979 &group_base, &group_count,
3980 LDAP_SCOPE_SUBTREE)) != 0)
3982 com_err(whoami, 0, "Unable to process contact %s : %s",
3983 user, ldap_err2string(rc));
3989 com_err(whoami, 0, "Object already exists with name %s",
3994 linklist_free(group_base);
3998 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3999 attr_array[0] = "cn";
4000 attr_array[1] = NULL;
4002 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
4003 &group_base, &group_count,
4004 LDAP_SCOPE_SUBTREE)) != 0)
4006 com_err(whoami, 0, "Unable to process contact %s : %s",
4007 user, ldap_err2string(rc));
4013 com_err(whoami, 0, "Object already exists with name %s",
4018 linklist_free(group_base);
4022 sprintf(filter, "(&(objectClass=user)(proxyAddresses=smtp:%s))", mail);
4023 attr_array[0] = "cn";
4024 attr_array[1] = NULL;
4026 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
4027 &group_base, &group_count,
4028 LDAP_SCOPE_SUBTREE)) != 0)
4030 com_err(whoami, 0, "Unable to process contact %s : %s",
4031 user, ldap_err2string(rc));
4037 com_err(whoami, 0, "Object already exists with name %s",
4042 linklist_free(group_base);
4046 sprintf(filter, "(&(objectClass=group)(proxyAddresses=smtp:%s))", mail);
4047 attr_array[0] = "cn";
4048 attr_array[1] = NULL;
4050 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
4051 &group_base, &group_count,
4052 LDAP_SCOPE_SUBTREE)) != 0)
4054 com_err(whoami, 0, "Unable to process contact %s : %s",
4055 user, ldap_err2string(rc));
4061 com_err(whoami, 0, "Object already exists with name %s",
4066 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4067 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4068 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4069 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4071 hide_address_lists_v[0] = "TRUE";
4072 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4077 if(!ActiveDirectory)
4079 if((c = strchr(mail, '@')) == NULL)
4080 sprintf(temp, "%s@mit.edu", mail);
4082 sprintf(temp, "%s", mail);
4084 mail_routing_v[0] = temp;
4086 principal_v[0] = principal;
4088 if(!strcmp(group_ou, contact_ou))
4090 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4091 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4097 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4099 for (i = 0; i < n; i++)
4104 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4105 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4109 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4110 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4111 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4113 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4115 hide_address_lists_v[0] = "TRUE";
4116 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4120 rc = ldap_modify_s(ld, new_dn, mods);
4124 com_err(whoami, 0, "Unable to update contact %s", mail);
4127 for (i = 0; i < n; i++)
4132 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4134 com_err(whoami, 0, "Unable to create contact %s : %s",
4135 user, ldap_err2string(rc));
4142 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4143 char *Uid, char *MitId, char *MoiraId, int State,
4144 char *WinHomeDir, char *WinProfileDir, char *first,
4145 char *middle, char *last, char *shell, char *class)
4148 LK_ENTRY *group_base;
4150 char distinguished_name[512];
4151 char displayName[256];
4152 char address_book[1024];
4153 char *mitMoiraId_v[] = {NULL, NULL};
4154 char *mitMoiraClass_v[] = {NULL, NULL};
4155 char *mitMoiraStatus_v[] = {NULL, NULL};
4156 char *uid_v[] = {NULL, NULL};
4157 char *mitid_v[] = {NULL, NULL};
4158 char *homedir_v[] = {NULL, NULL};
4159 char *winProfile_v[] = {NULL, NULL};
4160 char *drives_v[] = {NULL, NULL};
4161 char *userAccountControl_v[] = {NULL, NULL};
4162 char *alt_recipient_v[] = {NULL, NULL};
4163 char *hide_address_lists_v[] = {NULL, NULL};
4164 char *mail_v[] = {NULL, NULL};
4165 char *gid_v[] = {NULL, NULL};
4166 char *loginshell_v[] = {NULL, NULL};
4167 char *principal_v[] = {NULL, NULL};
4168 char *address_book_v[] = {NULL, NULL, NULL, NULL, NULL};
4169 char userAccountControlStr[80];
4174 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4175 UF_PASSWD_CANT_CHANGE;
4177 char *attr_array[3];
4180 char filesys_name[256];
4181 char contact_mail[256];
4182 char filter_exp[1024];
4183 char search_path[512];
4184 char TemplateDn[512];
4185 char TemplateSamName[128];
4186 char alt_recipient[256];
4187 char principal[256];
4189 char acBERBuf[N_SD_BER_BYTES];
4190 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4191 { N_SD_BER_BYTES, acBERBuf },
4193 LDAPControl *apsServerControls[] = {&sControl, NULL};
4195 LDAP_BERVAL **ppsValues;
4199 char *homeServerName;
4201 char search_string[256];
4203 char *mail_routing_v[] = {NULL, NULL};
4204 char *mail_alternate_v[] = {NULL, NULL};
4205 char *mit_moira_imap_address_v[] = {NULL, NULL};
4206 char *deliver_and_redirect_v[] = {NULL, NULL};
4209 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4210 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4211 BEREncodeSecurityBits(dwInfo, acBERBuf);
4213 if (!check_string(user_name))
4215 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4217 return(AD_INVALID_NAME);
4220 memset(contact_mail, '\0', sizeof(contact_mail));
4222 sprintf(contact_mail, "%s@exchange-forwarding.mit.edu", user_name);
4224 sprintf(contact_mail, "%s@mit.edu", user_name);
4225 memset(mail, '\0', sizeof(mail));
4226 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4227 memset(alt_recipient, '\0', sizeof(alt_recipient));
4228 sprintf(alt_recipient, "cn=%s@exchange-forwarding.mit.edu,%s,%s", user_name,
4229 contact_ou, dn_path);
4230 sprintf(search_string, "@%s", uppercase(ldap_domain));
4231 memset(filesys_name, '\0', sizeof(filesys_name));
4232 sprintf(filesys_name, "%s.po", user_name);
4236 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4238 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4245 memset(displayName, '\0', sizeof(displayName));
4247 if (strlen(MoiraId) != 0)
4251 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4256 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4259 attr_array[0] = "cn";
4260 attr_array[1] = NULL;
4261 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4262 &group_base, &group_count,
4263 LDAP_SCOPE_SUBTREE)) != 0)
4265 com_err(whoami, 0, "Unable to process user %s : %s",
4266 user_name, ldap_err2string(rc));
4271 if (group_count != 1)
4273 linklist_free(group_base);
4276 sprintf(filter, "(sAMAccountName=%s)", user_name);
4277 attr_array[0] = "cn";
4278 attr_array[1] = NULL;
4279 sprintf(temp, "%s,%s", user_ou, dn_path);
4280 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4281 &group_base, &group_count,
4282 LDAP_SCOPE_SUBTREE)) != 0)
4284 com_err(whoami, 0, "Unable to process user %s : %s",
4285 user_name, ldap_err2string(rc));
4290 if (group_count != 1)
4292 com_err(whoami, 0, "Unable to find user %s in directory",
4294 linklist_free(group_base);
4295 return(AD_NO_USER_FOUND);
4298 strcpy(distinguished_name, group_base->dn);
4300 linklist_free(group_base);
4303 if(!ActiveDirectory)
4305 if (rc = moira_connect())
4307 critical_alert(whoami, "Ldap incremental",
4308 "Error contacting Moira server : %s",
4313 argv[0] = filesys_name;
4315 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
4319 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
4322 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4324 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4329 "Unable to set the mitMoiraIMAPAddress for %s : %s",
4330 user_name, ldap_err2string(rc));
4332 sprintf(temp, "%s@%s", user_name, save_argv[FS_MACHINE]);
4334 mit_moira_imap_address_v[0] = temp;
4337 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
4340 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4342 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4346 com_err(whoami, 0, "Unable to set the mitMoiraIMAPAddress for "
4347 "%s : %s", user_name, ldap_err2string(rc));
4348 } else if(rc==MR_NO_MATCH) {
4351 ADD_ATTR("mitMoiraIMAPServer", mit_moira_imap_address_v,
4354 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4356 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4361 "Unable to set the mitMoiraIMAPAddress for %s : %s",
4362 user_name, ldap_err2string(rc));
4366 argv[0] = user_name;
4368 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4371 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4373 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4375 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4380 "Unable to set the mailRoutingAddress for %s : %s",
4381 user_name, ldap_err2string(rc));
4383 p = strdup(save_argv[3]);
4385 if((c = strchr(p, ',')) != NULL)
4390 if ((c = strchr(q, '@')) == NULL)
4391 sprintf(temp, "%s@mit.edu", q);
4393 sprintf(temp, "%s", q);
4395 if(email_isvalid(temp) && State != US_DELETED)
4397 mail_routing_v[0] = temp;
4400 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4402 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4404 if (rc == LDAP_ALREADY_EXISTS ||
4405 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4410 "Unable to set the mailRoutingAddress for %s : %s",
4411 user_name, ldap_err2string(rc));
4414 while((q = strtok(NULL, ",")) != NULL) {
4417 if((c = strchr(q, '@')) == NULL)
4418 sprintf(temp, "%s@mit.edu", q);
4420 sprintf(temp, "%s", q);
4422 if(email_isvalid(temp) && State != US_DELETED)
4424 mail_routing_v[0] = temp;
4427 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4430 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4432 if (rc == LDAP_ALREADY_EXISTS ||
4433 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4438 "Unable to set the mailRoutingAddress for "
4440 user_name, ldap_err2string(rc));
4446 if((c = strchr(p, '@')) == NULL)
4447 sprintf(temp, "%s@mit.edu", p);
4449 sprintf(temp, "%s", p);
4451 if(email_isvalid(temp) && State != US_DELETED)
4453 mail_routing_v[0] = temp;
4456 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4458 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4460 if (rc == LDAP_ALREADY_EXISTS ||
4461 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4466 "Unable to set the mailRoutingAddress for %s : %s",
4467 user_name, ldap_err2string(rc));
4470 } else if(rc==MR_NO_MATCH) {
4473 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4475 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4477 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4482 "Unable to set the mailRoutingAddress for %s : %s",
4483 user_name, ldap_err2string(rc));
4488 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4489 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4490 "employeeID", user_name);
4492 rc = attribute_update(ldap_handle, distinguished_name, "none",
4493 "employeeID", user_name);
4496 strcat(displayName, first);
4499 if(strlen(middle)) {
4501 strcat(displayName, " ");
4503 strcat(displayName, middle);
4507 if(strlen(middle) || strlen(first))
4508 strcat(displayName, " ");
4510 strcat(displayName, last);
4513 if(strlen(displayName))
4514 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4515 "displayName", user_name);
4517 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4518 "displayName", user_name);
4520 if(!ActiveDirectory)
4522 if(strlen(displayName))
4523 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4526 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4530 if(!ActiveDirectory)
4532 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4533 "eduPersonNickname", user_name);
4537 rc = attribute_update(ldap_handle, distinguished_name, first,
4538 "givenName", user_name);
4540 rc = attribute_update(ldap_handle, distinguished_name, "",
4541 "givenName", user_name);
4543 if(strlen(middle) == 1)
4544 rc = attribute_update(ldap_handle, distinguished_name, middle,
4545 "initials", user_name);
4547 rc = attribute_update(ldap_handle, distinguished_name, "",
4548 "initials", user_name);
4551 rc = attribute_update(ldap_handle, distinguished_name, last,
4554 rc = attribute_update(ldap_handle, distinguished_name, "",
4559 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4564 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4568 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4569 "mitMoiraId", user_name);
4578 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4582 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4587 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4588 sprintf(status, "%d", State);
4589 principal_v[0] = principal;
4590 loginshell_v[0] = shell;
4591 mitMoiraClass_v[0] = class;
4592 mitMoiraStatus_v[0] = status;
4594 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4595 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4596 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4597 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4598 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4599 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4602 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4604 userAccountControl |= UF_ACCOUNTDISABLE;
4608 hide_address_lists_v[0] = "TRUE";
4609 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4617 hide_address_lists_v[0] = NULL;
4618 address_book_v[0] = address_book;
4619 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4623 sprintf(address_book, "%s%s", GLOBAL_ADDRESS_LIST_PREFIX, dn_path);
4624 address_book_v[0] = strdup(address_book);
4625 memset(address_book, '\0', sizeof(address_book));
4626 sprintf(address_book, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4627 address_book_v[1] = strdup(address_book);
4628 memset(address_book, '\0', sizeof(address_book));
4629 sprintf(address_book, "%s%s", EMAIL_ADDRESS_LIST_PREFIX, dn_path);
4630 address_book_v[2] = strdup(address_book);
4631 memset(address_book, '\0', sizeof(address_book));
4632 sprintf(address_book, "%s%s", ALL_ADDRESS_LIST_PREFIX, dn_path);
4633 address_book_v[3] = strdup(address_book);
4634 memset(address_book, '\0', sizeof(address_book));
4636 ADD_ATTR("showInAddressBook", address_book_v,
4642 sprintf(userAccountControlStr, "%ld", userAccountControl);
4643 userAccountControl_v[0] = userAccountControlStr;
4644 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4648 if (rc = moira_connect())
4650 critical_alert(whoami, "Ldap incremental",
4651 "Error contacting Moira server : %s",
4656 argv[0] = user_name;
4658 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4660 if(!strcmp(save_argv[1], "EXCHANGE") ||
4661 (strstr(save_argv[3], search_string) != NULL))
4663 alt_recipient_v[0] = NULL;
4664 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4666 argv[0] = exchange_acl;
4668 argv[2] = user_name;
4670 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4672 if ((rc) && (rc != MR_EXISTS))
4674 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4675 user_name, exchange_acl, error_message(rc));
4678 if(!strcmp(save_argv[1], "SPLIT") ||
4679 !strcmp(save_argv[1], "SMTP")) {
4681 deliver_and_redirect_v[0] = "TRUE";
4682 alt_recipient_v[0] = alt_recipient;
4683 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4684 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4690 deliver_and_redirect_v[0] = "FALSE";
4691 alt_recipient_v[0] = alt_recipient;
4692 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4693 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4696 argv[0] = exchange_acl;
4698 argv[2] = user_name;
4700 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4702 if ((rc) && (rc != MR_NO_MATCH))
4705 "Unable to remove user %s from %s: %s, %d",
4706 user_name, exchange_acl, error_message(rc), rc);
4712 deliver_and_redirect_v[0] = "FALSE";
4713 alt_recipient_v[0] = alt_recipient;
4714 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4715 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4718 argv[0] = exchange_acl;
4720 argv[2] = user_name;
4722 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4724 if ((rc) && (rc != MR_NO_MATCH))
4727 "Unable to remove user %s from %s: %s, %d",
4728 user_name, exchange_acl, error_message(rc), rc);
4736 mail_v[0] = contact_mail;
4737 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4739 if(!ActiveDirectory)
4741 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4745 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4746 WinProfileDir, homedir_v, winProfile_v,
4747 drives_v, mods, LDAP_MOD_REPLACE, n);
4751 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4752 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4753 attr_array[0] = "sAMAccountName";
4754 attr_array[1] = NULL;
4758 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4760 &group_base, &group_count,
4761 LDAP_SCOPE_SUBTREE) != 0))
4764 if (group_count != 1)
4766 com_err(whoami, 0, "Unable to process user security template: %s - "
4767 "security not set", "UserTemplate.u");
4771 strcpy(TemplateDn, group_base->dn);
4772 strcpy(TemplateSamName, group_base->value);
4773 linklist_free(group_base);
4777 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4778 filter_exp, NULL, 0, apsServerControls, NULL,
4781 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4783 com_err(whoami, 0, "Unable to find user security template: %s - "
4784 "security not set", "UserTemplate.u");
4788 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4789 "ntSecurityDescriptor");
4791 if (ppsValues == NULL)
4793 com_err(whoami, 0, "Unable to find user security template: %s - "
4794 "security not set", "UserTemplate.u");
4798 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4799 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4804 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4805 mods)) != LDAP_SUCCESS)
4807 OldUseSFU30 = UseSFU30;
4808 SwitchSFU(mods, &UseSFU30, n);
4809 if (OldUseSFU30 != UseSFU30)
4810 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4813 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4814 user_name, ldap_err2string(rc));
4818 for (i = 0; i < n; i++)
4824 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4832 char contact_mail[256];
4833 char proxy_address[256];
4834 char proxy_address_mit[256];
4835 char proxy_address_x500[256];
4836 char query_base_dn[256];
4838 char *userPrincipalName_v[] = {NULL, NULL};
4839 char *altSecurityIdentities_v[] = {NULL, NULL};
4840 char *name_v[] = {NULL, NULL};
4841 char *samAccountName_v[] = {NULL, NULL};
4842 char *mail_v[] = {NULL, NULL};
4843 char *mail_nickname_v[] = {NULL, NULL};
4844 char *proxy_address_v[] = {NULL, NULL, NULL, NULL};
4845 char *query_base_dn_v[] = {NULL, NULL};
4846 char *principal_v[] = {NULL, NULL};
4847 char principal[256];
4852 if (!check_string(before_user_name))
4855 "Unable to process invalid LDAP user name %s", before_user_name);
4856 return(AD_INVALID_NAME);
4859 if (!check_string(user_name))
4862 "Unable to process invalid LDAP user name %s", user_name);
4863 return(AD_INVALID_NAME);
4866 strcpy(user_name, user_name);
4869 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4871 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4874 sprintf(new_dn, "cn=%s", user_name);
4876 sprintf(new_dn, "uid=%s", user_name);
4878 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4880 sprintf(contact_mail, "%s@exchange-forwarding.mit.edu", user_name);
4882 sprintf(contact_mail, "%s@mit.edu", user_name);
4883 sprintf(proxy_address, "smtp:%s@%s", user_name, lowercase(ldap_domain));
4884 sprintf(proxy_address_mit, "SMTP:%s@mit.edu", user_name);
4885 sprintf(proxy_address_x500, "%s/cn=%s?mit.edu", X500_PREFIX, user_name);
4887 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4889 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4890 NULL, NULL)) != LDAP_SUCCESS)
4892 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4893 before_user_name, user_name, ldap_err2string(rc));
4899 sprintf(temp, "cn=%s@exchange-forwarding.mit.edu,%s,%s", before_user_name,
4900 contact_ou, dn_path);
4902 if(rc = ldap_delete_s(ldap_handle, temp))
4904 com_err(whoami, 0, "Unable to delete user contact for %s",
4908 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4910 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4914 name_v[0] = user_name;
4915 sprintf(upn, "%s@%s", user_name, ldap_domain);
4916 userPrincipalName_v[0] = upn;
4917 principal_v[0] = principal;
4918 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4919 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4920 altSecurityIdentities_v[0] = temp;
4921 samAccountName_v[0] = user_name;
4923 mail_nickname_v[0] = user_name;
4924 proxy_address_v[0] = proxy_address_mit;
4925 proxy_address_v[1] = proxy_address;
4926 query_base_dn_v[0] = query_base_dn;
4929 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4930 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4931 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4932 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4934 if(!ActiveDirectory)
4936 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4937 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4938 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4939 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4944 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4945 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4946 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4947 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4951 mail_v[0] = contact_mail;
4952 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4954 if(!ActiveDirectory)
4956 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4963 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4965 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4967 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4970 "Unable to modify user data for %s after renaming : %s",
4971 user_name, ldap_err2string(rc));
4974 for (i = 0; i < n; i++)
4980 int user_create(int ac, char **av, void *ptr)
4984 char user_name[256];
4988 char contact_mail[256];
4989 char proxy_address[256];
4990 char mail_nickname[256];
4991 char query_base_dn[256];
4992 char displayName[256];
4993 char address_book[1024];
4994 char alt_recipient[256];
4995 char filesys_name[256];
4996 char *cn_v[] = {NULL, NULL};
4997 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4999 char *objectClass_ldap_v[] = {"top",
5000 "eduPerson", "posixAccount",
5001 "apple-user", "shadowAccount",
5002 "microsoftComTop", "securityPrincipal",
5003 "inetOrgPerson", "user",
5004 "organizationalPerson", "person",
5005 "mailRecipient", NULL};
5007 char *samAccountName_v[] = {NULL, NULL};
5008 char *altSecurityIdentities_v[] = {NULL, NULL};
5009 char *mitMoiraId_v[] = {NULL, NULL};
5010 char *mitMoiraClass_v[] = {NULL, NULL};
5011 char *mitMoiraStatus_v[] = {NULL, NULL};
5012 char *name_v[] = {NULL, NULL};
5013 char *desc_v[] = {NULL, NULL};
5014 char *userPrincipalName_v[] = {NULL, NULL};
5015 char *userAccountControl_v[] = {NULL, NULL};
5016 char *uid_v[] = {NULL, NULL};
5017 char *gid_v[] = {NULL, NULL};
5018 char *mitid_v[] = {NULL, NULL};
5019 char *homedir_v[] = {NULL, NULL};
5020 char *winProfile_v[] = {NULL, NULL};
5021 char *drives_v[] = {NULL, NULL};
5022 char *mail_v[] = {NULL, NULL};
5023 char *givenName_v[] = {NULL, NULL};
5024 char *sn_v[] = {NULL, NULL};
5025 char *initials_v[] = {NULL, NULL};
5026 char *displayName_v[] = {NULL, NULL};
5027 char *proxy_address_v[] = {NULL, NULL};
5028 char *mail_nickname_v[] = {NULL, NULL};
5029 char *query_base_dn_v[] = {NULL, NULL};
5030 char *address_book_v[] = {NULL, NULL, NULL, NULL, NULL};
5031 char *homeMDB_v[] = {NULL, NULL};
5032 char *homeServerName_v[] = {NULL, NULL};
5033 char *mdbUseDefaults_v[] = {NULL, NULL};
5034 char *mailbox_guid_v[] = {NULL, NULL};
5035 char *user_culture_v[] = {NULL, NULL};
5036 char *user_account_control_v[] = {NULL, NULL};
5037 char *msexch_version_v[] = {NULL, NULL};
5038 char *alt_recipient_v[] = {NULL, NULL};
5039 char *hide_address_lists_v[] = {NULL, NULL};
5040 char *principal_v[] = {NULL, NULL};
5041 char *loginshell_v[] = {NULL, NULL};
5042 char userAccountControlStr[80];
5044 char principal[256];
5045 char filter_exp[1024];
5046 char search_path[512];
5047 char *attr_array[3];
5048 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
5049 UF_PASSWD_CANT_CHANGE;
5055 char WinHomeDir[1024];
5056 char WinProfileDir[1024];
5058 char *homeServerName;
5060 char acBERBuf[N_SD_BER_BYTES];
5061 LK_ENTRY *group_base;
5063 char TemplateDn[512];
5064 char TemplateSamName[128];
5065 LDAP_BERVAL **ppsValues;
5066 LDAPControl sControl = {"1.2.840.113556.1.4.801",
5067 { N_SD_BER_BYTES, acBERBuf },
5069 LDAPControl *apsServerControls[] = {&sControl, NULL};
5073 char search_string[256];
5074 char *o_v[] = {NULL, NULL};
5076 char *mail_routing_v[] = {NULL, NULL};
5077 char *mail_alternate_v[] = {NULL, NULL};
5078 char *mit_moira_imap_address_v[] = {NULL, NULL};
5079 char *deliver_and_redirect_v[] = {NULL, NULL};
5084 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
5085 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
5086 BEREncodeSecurityBits(dwInfo, acBERBuf);
5088 if (!check_string(av[U_NAME]))
5090 callback_rc = AD_INVALID_NAME;
5091 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5093 return(AD_INVALID_NAME);
5096 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
5097 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
5098 memset(displayName, '\0', sizeof(displayName));
5099 memset(query_base_dn, '\0', sizeof(query_base_dn));
5100 memset(filesys_name, '\0', sizeof(filesys_name));
5101 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
5102 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
5103 strcpy(user_name, av[U_NAME]);
5104 sprintf(upn, "%s@%s", user_name, ldap_domain);
5105 sprintf(sam_name, "%s", av[U_NAME]);
5106 sprintf(filesys_name, "%s.po", user_name);
5108 if(strlen(av[U_FIRST])) {
5109 strcat(displayName, av[U_FIRST]);
5112 if(strlen(av[U_MIDDLE])) {
5113 if(strlen(av[U_FIRST]))
5114 strcat(displayName, " ");
5116 strcat(displayName, av[U_MIDDLE]);
5119 if(strlen(av[U_LAST])) {
5120 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
5121 strcat(displayName, " ");
5123 strcat(displayName, av[U_LAST]);
5126 samAccountName_v[0] = sam_name;
5127 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
5128 (atoi(av[U_STATE]) != US_REGISTERED))
5130 userAccountControl |= UF_ACCOUNTDISABLE;
5134 hide_address_lists_v[0] = "TRUE";
5136 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
5140 sprintf(address_book, "%s%s", GLOBAL_ADDRESS_LIST_PREFIX,
5142 address_book_v[0] = strdup(address_book);
5143 memset(address_book, '\0', sizeof(address_book));
5144 sprintf(address_book, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5145 address_book_v[1] = strdup(address_book);
5146 memset(address_book, '\0', sizeof(address_book));
5147 sprintf(address_book, "%s%s", EMAIL_ADDRESS_LIST_PREFIX,
5149 address_book_v[2] = strdup(address_book);
5150 memset(address_book, '\0', sizeof(address_book));
5151 sprintf(address_book, "%s%s", ALL_ADDRESS_LIST_PREFIX,
5153 address_book_v[3] = strdup(address_book);
5154 memset(address_book, '\0', sizeof(address_book));
5156 ADD_ATTR("showInAddressBook", address_book_v,
5162 sprintf(userAccountControlStr, "%ld", userAccountControl);
5163 userAccountControl_v[0] = userAccountControlStr;
5164 userPrincipalName_v[0] = upn;
5167 cn_v[0] = user_name;
5169 cn_v[0] = displayName;
5171 name_v[0] = user_name;
5172 desc_v[0] = "Auto account created by Moira";
5174 givenName_v[0] = av[U_FIRST];
5177 sn_v[0] = av[U_LAST];
5179 if(strlen(av[U_LAST]))
5180 sn_v[0] = av[U_LAST];
5182 sn_v[0] = av[U_NAME];
5184 displayName_v[0] = displayName;
5185 mail_nickname_v[0] = user_name;
5186 o_v[0] = "Massachusetts Institute of Technology";
5188 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
5189 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
5190 altSecurityIdentities_v[0] = temp;
5191 principal_v[0] = principal;
5194 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
5196 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
5198 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
5200 sprintf(contact_mail, "%s@exchange-forwarding.mit.edu", user_name);
5202 sprintf(contact_mail, "%s@mit.edu", user_name);
5203 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5204 query_base_dn_v[0] = query_base_dn;
5205 sprintf(alt_recipient, "cn=%s@exchange-forwarding.mit.edu,%s,%s", user_name,
5206 contact_ou, call_args[1]);
5207 sprintf(search_string, "@%s", uppercase(ldap_domain));
5211 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5214 com_err(whoami, 0, "Unable to create user contact %s",
5218 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5221 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5225 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5226 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5228 homeMDB_v[0] = homeMDB;
5229 homeServerName_v[0] = homeServerName;
5234 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5238 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5242 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5245 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5246 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5247 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5248 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5249 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5253 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5254 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5255 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5256 mdbUseDefaults_v[0] = "TRUE";
5257 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5258 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5260 argv[0] = user_name;
5262 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5264 if(!strcmp(save_argv[1], "EXCHANGE") ||
5265 (strstr(save_argv[3], search_string) != NULL))
5267 argv[0] = exchange_acl;
5269 argv[2] = user_name;
5271 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5273 if ((rc) && (rc != MR_EXISTS))
5275 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5276 user_name, exchange_acl, error_message(rc));
5279 if(!strcmp(save_argv[1], "SPLIT") ||
5280 !strcmp(save_argv[1], "SMTP")) {
5282 deliver_and_redirect_v[0] = "TRUE";
5283 alt_recipient_v[0] = alt_recipient;
5285 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5286 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
5292 alt_recipient_v[0] = alt_recipient;
5293 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5298 alt_recipient_v[0] = alt_recipient;
5299 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5301 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5306 mail_v[0] = contact_mail;
5307 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5309 if(!ActiveDirectory)
5311 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5315 if(strlen(av[U_FIRST])) {
5316 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5319 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5320 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5323 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5324 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5326 if(!ActiveDirectory)
5328 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5331 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5333 if(!ActiveDirectory)
5335 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5339 if (strlen(av[U_MIDDLE]) == 1) {
5340 initials_v[0] = av[U_MIDDLE];
5341 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5344 if (strlen(call_args[2]) != 0)
5346 mitMoiraId_v[0] = call_args[2];
5347 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5350 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5352 if(!ActiveDirectory)
5354 loginshell_v[0] = av[U_SHELL];
5355 mitMoiraClass_v[0] = av[U_CLASS];
5356 mitMoiraStatus_v[0] = av[U_STATE];
5357 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5358 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5359 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5360 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5361 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5362 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5365 if (strlen(av[U_UID]) != 0)
5367 uid_v[0] = av[U_UID];
5371 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5376 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5377 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5384 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5388 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5393 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5394 mitid_v[0] = av[U_MITID];
5396 mitid_v[0] = "none";
5398 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5400 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5401 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5402 drives_v, mods, LDAP_MOD_ADD, n);
5406 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5407 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5408 attr_array[0] = "sAMAccountName";
5409 attr_array[1] = NULL;
5413 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5414 attr_array, &group_base, &group_count,
5415 LDAP_SCOPE_SUBTREE) != 0))
5418 if (group_count != 1)
5420 com_err(whoami, 0, "Unable to process user security template: %s - "
5421 "security not set", "UserTemplate.u");
5425 strcpy(TemplateDn, group_base->dn);
5426 strcpy(TemplateSamName, group_base->value);
5427 linklist_free(group_base);
5431 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5432 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5433 apsServerControls, NULL,
5436 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5438 com_err(whoami, 0, "Unable to find user security template: %s - "
5439 "security not set", "UserTemplate.u");
5443 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5444 "ntSecurityDescriptor");
5445 if (ppsValues == NULL)
5447 com_err(whoami, 0, "Unable to find user security template: %s - "
5448 "security not set", "UserTemplate.u");
5452 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5453 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5458 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5460 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5462 OldUseSFU30 = UseSFU30;
5463 SwitchSFU(mods, &UseSFU30, n);
5464 if (OldUseSFU30 != UseSFU30)
5465 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5468 for (i = 0; i < n; i++)
5471 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5473 com_err(whoami, 0, "Unable to create user %s : %s",
5474 user_name, ldap_err2string(rc));
5479 if ((rc == LDAP_SUCCESS) && (SetPassword))
5481 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5483 ad_kdc_disconnect();
5484 if (!ad_server_connect(default_server, ldap_domain))
5486 com_err(whoami, 0, "Unable to set password for user %s : %s",
5488 "cannot get changepw ticket from windows domain");
5492 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5494 com_err(whoami, 0, "Unable to set password for user %s "
5495 ": %ld", user_name, rc);
5501 if(!ActiveDirectory)
5503 if (rc = moira_connect())
5505 critical_alert(whoami, "Ldap incremental",
5506 "Error contacting Moira server : %s",
5511 argv[0] = filesys_name;
5513 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
5517 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5520 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5522 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5527 "Unable to set the mitMoiraIMAPAddress for %s : %s",
5528 user_name, ldap_err2string(rc));
5530 sprintf(temp, "%s@%s", user_name, save_argv[FS_MACHINE]);
5532 mit_moira_imap_address_v[0] = temp;
5535 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5538 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5540 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5544 com_err(whoami, 0, "Unable to set the mitMoiraIMAPAddress for "
5545 "%s : %s", user_name, ldap_err2string(rc));
5546 } else if(rc==MR_NO_MATCH) {
5549 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5552 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5554 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5559 "Unable to set the mitMoiraIMAPAddress for %s : %s",
5560 user_name, ldap_err2string(rc));
5564 argv[0] = user_name;
5566 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5569 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5571 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5573 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5578 "Unable to set the mailRoutingAddress for %s : %s",
5579 user_name, ldap_err2string(rc));
5581 p = strdup(save_argv[3]);
5583 if((c = strchr(p, ',')) != NULL) {
5587 if ((c = strchr(q, '@')) == NULL)
5588 sprintf(temp, "%s@mit.edu", q);
5590 sprintf(temp, "%s", q);
5592 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5594 mail_routing_v[0] = temp;
5597 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5599 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5601 if (rc == LDAP_ALREADY_EXISTS ||
5602 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5607 "Unable to set the mailRoutingAddress for %s : %s",
5608 user_name, ldap_err2string(rc));
5611 while((q = strtok(NULL, ",")) != NULL) {
5614 if((c = strchr(q, '@')) == NULL)
5615 sprintf(temp, "%s@mit.edu", q);
5617 sprintf(temp, "%s", q);
5619 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5621 mail_routing_v[0] = temp;
5624 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5626 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5628 if (rc == LDAP_ALREADY_EXISTS ||
5629 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5634 "Unable to set the mailRoutingAddress for %s : %s",
5635 user_name, ldap_err2string(rc));
5641 if((c = strchr(p, '@')) == NULL)
5642 sprintf(temp, "%s@mit.edu", p);
5644 sprintf(temp, "%s", p);
5646 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5648 mail_routing_v[0] = temp;
5651 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5653 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5655 if (rc == LDAP_ALREADY_EXISTS ||
5656 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5661 "Unable to set the mailRoutingAddress for %s : %s",
5662 user_name, ldap_err2string(rc));
5672 int user_change_status(LDAP *ldap_handle, char *dn_path,
5673 char *user_name, char *MoiraId,
5677 char *attr_array[3];
5679 char distinguished_name[1024];
5681 char *mitMoiraId_v[] = {NULL, NULL};
5683 LK_ENTRY *group_base;
5690 if (!check_string(user_name))
5692 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5694 return(AD_INVALID_NAME);
5700 if (strlen(MoiraId) != 0)
5702 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5703 attr_array[0] = "UserAccountControl";
5704 attr_array[1] = NULL;
5705 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5706 &group_base, &group_count,
5707 LDAP_SCOPE_SUBTREE)) != 0)
5709 com_err(whoami, 0, "Unable to process user %s : %s",
5710 user_name, ldap_err2string(rc));
5715 if (group_count != 1)
5717 linklist_free(group_base);
5720 sprintf(filter, "(sAMAccountName=%s)", user_name);
5721 attr_array[0] = "UserAccountControl";
5722 attr_array[1] = NULL;
5723 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5724 &group_base, &group_count,
5725 LDAP_SCOPE_SUBTREE)) != 0)
5727 com_err(whoami, 0, "Unable to process user %s : %s",
5728 user_name, ldap_err2string(rc));
5733 if (group_count != 1)
5735 linklist_free(group_base);
5736 com_err(whoami, 0, "Unable to find user %s in directory",
5738 return(LDAP_NO_SUCH_OBJECT);
5741 strcpy(distinguished_name, group_base->dn);
5742 ulongValue = atoi((*group_base).value);
5744 if (operation == MEMBER_DEACTIVATE)
5745 ulongValue |= UF_ACCOUNTDISABLE;
5747 ulongValue &= ~UF_ACCOUNTDISABLE;
5749 sprintf(temp, "%ld", ulongValue);
5751 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5752 temp, &modvalues, REPLACE)) == 1)
5755 linklist_free(group_base);
5759 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5761 if (strlen(MoiraId) != 0)
5763 mitMoiraId_v[0] = MoiraId;
5764 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5768 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5770 for (i = 0; i < n; i++)
5773 free_values(modvalues);
5775 if (rc != LDAP_SUCCESS)
5777 com_err(whoami, 0, "Unable to change status of user %s : %s",
5778 user_name, ldap_err2string(rc));
5785 int user_delete(LDAP *ldap_handle, char *dn_path,
5786 char *u_name, char *MoiraId)
5789 char *attr_array[3];
5790 char distinguished_name[1024];
5791 char user_name[512];
5792 LK_ENTRY *group_base;
5797 if (!check_string(u_name))
5798 return(AD_INVALID_NAME);
5800 strcpy(user_name, u_name);
5804 if (strlen(MoiraId) != 0)
5806 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5807 attr_array[0] = "name";
5808 attr_array[1] = NULL;
5809 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5810 &group_base, &group_count,
5811 LDAP_SCOPE_SUBTREE)) != 0)
5813 com_err(whoami, 0, "Unable to process user %s : %s",
5814 user_name, ldap_err2string(rc));
5819 if (group_count != 1)
5821 linklist_free(group_base);
5824 sprintf(filter, "(sAMAccountName=%s)", user_name);
5825 attr_array[0] = "name";
5826 attr_array[1] = NULL;
5827 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5828 &group_base, &group_count,
5829 LDAP_SCOPE_SUBTREE)) != 0)
5831 com_err(whoami, 0, "Unable to process user %s : %s",
5832 user_name, ldap_err2string(rc));
5837 if (group_count != 1)
5842 strcpy(distinguished_name, group_base->dn);
5844 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5846 com_err(whoami, 0, "Unable to process user %s : %s",
5847 user_name, ldap_err2string(rc));
5850 /* Need to add code to delete mit.edu contact */
5854 sprintf(temp, "cn=%s@exchange-forwarding.mit.edu,%s,%s", user_name,
5855 contact_ou, dn_path);
5857 if(rc = ldap_delete_s(ldap_handle, temp))
5859 com_err(whoami, 0, "Unable to delete user contact for %s",
5865 linklist_free(group_base);
5870 void linklist_free(LK_ENTRY *linklist_base)
5872 LK_ENTRY *linklist_previous;
5874 while (linklist_base != NULL)
5876 if (linklist_base->dn != NULL)
5877 free(linklist_base->dn);
5879 if (linklist_base->attribute != NULL)
5880 free(linklist_base->attribute);
5882 if (linklist_base->value != NULL)
5883 free(linklist_base->value);
5885 if (linklist_base->member != NULL)
5886 free(linklist_base->member);
5888 if (linklist_base->type != NULL)
5889 free(linklist_base->type);
5891 if (linklist_base->list != NULL)
5892 free(linklist_base->list);
5894 linklist_previous = linklist_base;
5895 linklist_base = linklist_previous->next;
5896 free(linklist_previous);
5900 void free_values(char **modvalues)
5906 if (modvalues != NULL)
5908 while (modvalues[i] != NULL)
5911 modvalues[i] = NULL;
5918 static int illegalchars[] = {
5919 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5920 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5921 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5922 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5923 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5924 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5925 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5926 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5927 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5928 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5929 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5930 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5931 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5932 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5933 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5934 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5937 static int illegalchars_ldap[] = {
5938 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5939 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5940 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5941 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5942 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5943 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5944 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5945 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5946 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5947 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5948 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5949 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5950 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5951 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5952 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5953 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5956 int check_string(char *s)
5967 if (isupper(character))
5968 character = tolower(character);
5972 if (illegalchars[(unsigned) character])
5974 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5975 character, (unsigned) character, string);
5981 if (illegalchars_ldap[(unsigned) character])
5983 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5984 character, (unsigned) character, string);
5993 int check_container_name(char *s)
6001 if (isupper(character))
6002 character = tolower(character);
6004 if (character == ' ')
6007 if (illegalchars[(unsigned) character])
6014 int mr_connect_cl(char *server, char *client, int version, int auth)
6020 status = mr_connect(server);
6024 com_err(whoami, status, "while connecting to Moira");
6028 status = mr_motd(&motd);
6033 com_err(whoami, status, "while checking server status");
6039 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
6040 com_err(whoami, status, temp);
6045 status = mr_version(version);
6049 if (status == MR_UNKNOWN_PROC)
6052 status = MR_VERSION_HIGH;
6054 status = MR_SUCCESS;
6057 if (status == MR_VERSION_HIGH)
6059 com_err(whoami, 0, "Warning: This client is running newer code "
6060 "than the server.");
6061 com_err(whoami, 0, "Some operations may not work.");
6063 else if (status && status != MR_VERSION_LOW)
6065 com_err(whoami, status, "while setting query version number.");
6073 status = mr_krb5_auth(client);
6076 com_err(whoami, status, "while authenticating to Moira.");
6085 void AfsToWinAfs(char* path, char* winPath)
6089 strcpy(winPath, WINAFS);
6090 pathPtr = path + strlen(AFS);
6091 winPathPtr = winPath + strlen(WINAFS);
6095 if (*pathPtr == '/')
6098 *winPathPtr = *pathPtr;
6105 int GetAceInfo(int ac, char **av, void *ptr)
6112 strcpy(call_args[0], av[L_ACE_TYPE]);
6113 strcpy(call_args[1], av[L_ACE_NAME]);
6115 get_group_membership(call_args[2], call_args[3], &security_flag, av);
6116 return(LDAP_SUCCESS);
6119 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
6122 char *attr_array[3];
6125 LK_ENTRY *group_base;
6130 sprintf(filter, "(sAMAccountName=%s)", Name);
6131 attr_array[0] = "sAMAccountName";
6132 attr_array[1] = NULL;
6134 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6135 &group_base, &group_count,
6136 LDAP_SCOPE_SUBTREE)) != 0)
6138 com_err(whoami, 0, "Unable to process ACE name %s : %s",
6139 Name, ldap_err2string(rc));
6143 linklist_free(group_base);
6146 if (group_count == 0)
6154 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
6155 int UpdateGroup, int *ProcessGroup, char *maillist,
6159 char GroupName[256];
6165 char AceMembership[2];
6168 char *save_argv[U_END];
6172 com_err(whoami, 0, "ProcessAce disabled, skipping");
6176 strcpy(GroupName, Name);
6178 if (strcasecmp(Type, "LIST"))
6184 AceInfo[0] = AceType;
6185 AceInfo[1] = AceName;
6186 AceInfo[2] = AceMembership;
6188 memset(AceType, '\0', sizeof(AceType));
6189 memset(AceName, '\0', sizeof(AceName));
6190 memset(AceMembership, '\0', sizeof(AceMembership));
6191 memset(AceOu, '\0', sizeof(AceOu));
6194 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
6196 if(rc != MR_NO_MATCH)
6197 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
6198 GroupName, error_message(rc));
6205 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
6209 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
6212 strcpy(temp, AceName);
6214 if (!strcasecmp(AceType, "LIST"))
6215 sprintf(temp, "%s%s", AceName, group_suffix);
6219 if (checkADname(ldap_handle, dn_path, temp))
6222 (*ProcessGroup) = 1;
6225 if (!strcasecmp(AceInfo[0], "LIST"))
6227 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
6228 AceMembership, 0, UpdateGroup, maillist,
6232 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
6235 else if (!strcasecmp(AceInfo[0], "USER"))
6238 call_args[0] = (char *)ldap_handle;
6239 call_args[1] = dn_path;
6241 call_args[3] = NULL;
6244 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
6245 !strcasecmp(AceName, TEST_PRINCIPAL))
6250 if (rc = mr_query("get_user_account_by_login", 1, av,
6251 save_query_info, save_argv))
6253 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6258 if (rc = user_create(U_END, save_argv, call_args))
6260 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6267 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6277 if (!strcasecmp(AceType, "LIST"))
6279 if (!strcasecmp(GroupName, AceName))
6283 strcpy(GroupName, AceName);
6289 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6290 char *group_name, char *group_ou, char *group_membership,
6291 int group_security_flag, int updateGroup, char *maillist,
6297 LK_ENTRY *group_base;
6300 char *attr_array[3];
6303 call_args[0] = (char *)ldap_handle;
6304 call_args[1] = dn_path;
6305 call_args[2] = group_name;
6306 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6307 call_args[4] = (char *)updateGroup;
6308 call_args[5] = MoiraId;
6310 call_args[7] = NULL;
6316 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6319 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6327 com_err(whoami, 0, "Unable to create list %s", group_name);
6328 return(callback_rc);
6334 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6335 char *group_ou, char *group_membership,
6336 int group_security_flag, char *MoiraId,
6352 char *member_v[] = {NULL, NULL};
6353 char *save_argv[U_END];
6354 char machine_ou[256];
6355 char NewMachineName[1024];
6357 com_err(whoami, 0, "Populating group %s", group_name);
6359 call_args[0] = (char *)ldap_handle;
6360 call_args[1] = dn_path;
6361 call_args[2] = group_name;
6362 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6364 call_args[4] = NULL;
6368 if (rc = mr_query("get_end_members_of_list", 1, av,
6369 member_list_build, call_args))
6374 com_err(whoami, 0, "Unable to populate list %s : %s",
6375 group_name, error_message(rc));
6379 if (member_base != NULL)
6385 if (!strcasecmp(ptr->type, "LIST"))
6391 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6397 if(!strcasecmp(ptr->type, "USER"))
6399 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6400 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6412 if(max_group_members && !synchronize && (group_members > max_group_members))
6415 "Group %s membership of %d exceeds maximum %d, skipping",
6416 group_name, group_members, max_group_members);
6420 members = (char **)malloc(sizeof(char *) * 2);
6422 if (member_base != NULL)
6428 if (!strcasecmp(ptr->type, "LIST"))
6434 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6440 if(!strcasecmp(ptr->type, "USER"))
6442 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6443 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6449 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6450 "")) == AD_NO_USER_FOUND)
6452 com_err(whoami, 0, "creating user %s", ptr->member);
6454 av[0] = ptr->member;
6455 call_args[0] = (char *)ldap_handle;
6456 call_args[1] = dn_path;
6458 call_args[3] = NULL;
6461 if (rc = mr_query("get_user_account_by_login", 1, av,
6462 save_query_info, save_argv))
6464 com_err(whoami, 0, "Unable to create user %s "
6465 "while populating group %s.", ptr->member,
6471 if (rc = user_create(U_END, save_argv, call_args))
6473 com_err(whoami, 0, "Unable to create user %s "
6474 "while populating group %s.", ptr->member,
6482 com_err(whoami, 0, "Unable to create user %s "
6483 "while populating group %s", ptr->member,
6494 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6499 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6503 else if (!strcasecmp(ptr->type, "STRING"))
6505 if (contact_create(ldap_handle, dn_path, ptr->member,
6509 pUserOu = contact_ou;
6510 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6513 else if (!strcasecmp(ptr->type, "KERBEROS"))
6515 if (contact_create(ldap_handle, dn_path, ptr->member,
6519 pUserOu = kerberos_ou;
6520 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6523 else if (!strcasecmp(ptr->type, "MACHINE"))
6525 memset(machine_ou, '\0', sizeof(machine_ou));
6526 memset(NewMachineName, '\0', sizeof(NewMachineName));
6528 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6529 machine_ou, NewMachineName))
6531 pUserOu = machine_ou;
6532 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6543 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6544 members[i++] = strdup(member);
6549 linklist_free(member_base);
6555 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6557 if(GroupPopulateDelete)
6560 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6563 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6564 mods)) != LDAP_SUCCESS)
6567 "Unable to populate group membership for %s: %s",
6568 group_dn, ldap_err2string(rc));
6571 for (i = 0; i < n; i++)
6576 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6579 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6580 mods)) != LDAP_SUCCESS)
6583 "Unable to populate group membership for %s: %s",
6584 group_dn, ldap_err2string(rc));
6587 for (i = 0; i < n; i++)
6595 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6596 char *group_name, char *group_ou, char *group_membership,
6597 int group_security_flag, int type, char *maillist,
6600 char before_desc[512];
6601 char before_name[256];
6602 char before_group_ou[256];
6603 char before_group_membership[2];
6604 char distinguishedName[256];
6605 char ad_distinguishedName[256];
6607 char *attr_array[3];
6608 int before_security_flag;
6611 LK_ENTRY *group_base;
6614 char ou_security[512];
6615 char ou_distribution[512];
6616 char ou_neither[512];
6619 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6620 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6622 memset(filter, '\0', sizeof(filter));
6626 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6628 "samAccountName", &group_base,
6629 &group_count, filter))
6632 if (type == CHECK_GROUPS)
6634 if (group_count == 1)
6636 strcpy(group_dn, group_base->dn);
6638 if (!strcasecmp(group_dn, distinguishedName))
6640 linklist_free(group_base);
6645 linklist_free(group_base);
6647 if (group_count == 0)
6648 return(AD_NO_GROUPS_FOUND);
6650 if (group_count == 1)
6651 return(AD_WRONG_GROUP_DN_FOUND);
6653 return(AD_MULTIPLE_GROUPS_FOUND);
6656 if (group_count == 0)
6658 return(AD_NO_GROUPS_FOUND);
6661 if (group_count > 1)
6665 strcpy(group_dn, ptr->dn);
6669 if (!strcasecmp(group_dn, ptr->value))
6677 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6683 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6687 linklist_free(group_base);
6688 return(AD_MULTIPLE_GROUPS_FOUND);
6695 strcpy(group_dn, ptr->dn);
6697 if (strcasecmp(group_dn, ptr->value))
6698 rc = ldap_delete_s(ldap_handle, ptr->value);
6703 linklist_free(group_base);
6704 memset(filter, '\0', sizeof(filter));
6708 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6710 "samAccountName", &group_base,
6711 &group_count, filter))
6714 if (group_count == 0)
6715 return(AD_NO_GROUPS_FOUND);
6717 if (group_count > 1)
6718 return(AD_MULTIPLE_GROUPS_FOUND);
6721 strcpy(ad_distinguishedName, group_base->dn);
6722 linklist_free(group_base);
6726 attr_array[0] = "sAMAccountName";
6727 attr_array[1] = NULL;
6729 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6730 &group_base, &group_count,
6731 LDAP_SCOPE_SUBTREE)) != 0)
6733 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6734 MoiraId, ldap_err2string(rc));
6738 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6740 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6742 linklist_free(group_base);
6748 linklist_free(group_base);
6751 memset(ou_both, '\0', sizeof(ou_both));
6752 memset(ou_security, '\0', sizeof(ou_security));
6753 memset(ou_distribution, '\0', sizeof(ou_distribution));
6754 memset(ou_neither, '\0', sizeof(ou_neither));
6755 memset(before_name, '\0', sizeof(before_name));
6756 memset(before_desc, '\0', sizeof(before_desc));
6757 memset(before_group_membership, '\0', sizeof(before_group_membership));
6759 attr_array[0] = "name";
6760 attr_array[1] = NULL;
6762 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6763 &group_base, &group_count,
6764 LDAP_SCOPE_SUBTREE)) != 0)
6766 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6767 MoiraId, ldap_err2string(rc));
6771 strcpy(before_name, group_base->value);
6772 linklist_free(group_base);
6776 attr_array[0] = "description";
6777 attr_array[1] = NULL;
6779 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6780 &group_base, &group_count,
6781 LDAP_SCOPE_SUBTREE)) != 0)
6784 "Unable to get list description with MoiraId = %s: %s",
6785 MoiraId, ldap_err2string(rc));
6789 if (group_count != 0)
6791 strcpy(before_desc, group_base->value);
6792 linklist_free(group_base);
6797 change_to_lower_case(ad_distinguishedName);
6798 strcpy(ou_both, group_ou_both);
6799 change_to_lower_case(ou_both);
6800 strcpy(ou_security, group_ou_security);
6801 change_to_lower_case(ou_security);
6802 strcpy(ou_distribution, group_ou_distribution);
6803 change_to_lower_case(ou_distribution);
6804 strcpy(ou_neither, group_ou_neither);
6805 change_to_lower_case(ou_neither);
6807 if (strstr(ad_distinguishedName, ou_both))
6809 strcpy(before_group_ou, group_ou_both);
6810 before_group_membership[0] = 'B';
6811 before_security_flag = 1;
6813 else if (strstr(ad_distinguishedName, ou_security))
6815 strcpy(before_group_ou, group_ou_security);
6816 before_group_membership[0] = 'S';
6817 before_security_flag = 1;
6819 else if (strstr(ad_distinguishedName, ou_distribution))
6821 strcpy(before_group_ou, group_ou_distribution);
6822 before_group_membership[0] = 'D';
6823 before_security_flag = 0;
6825 else if (strstr(ad_distinguishedName, ou_neither))
6827 strcpy(before_group_ou, group_ou_neither);
6828 before_group_membership[0] = 'N';
6829 before_security_flag = 0;
6832 return(AD_NO_OU_FOUND);
6834 rc = group_rename(ldap_handle, dn_path, before_name,
6835 before_group_membership,
6836 before_group_ou, before_security_flag, before_desc,
6837 group_name, group_membership, group_ou,
6838 group_security_flag,
6839 before_desc, MoiraId, filter, maillist, nfsgroup);
6844 void change_to_lower_case(char *ptr)
6848 for (i = 0; i < (int)strlen(ptr); i++)
6850 ptr[i] = tolower(ptr[i]);
6854 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6855 char *group_name, char *group_membership,
6856 char *MoiraId, char *attribute,
6857 LK_ENTRY **linklist_base, int *linklist_count,
6862 char *attr_array[3];
6866 (*linklist_base) = NULL;
6867 (*linklist_count) = 0;
6869 if (strlen(rFilter) != 0)
6871 strcpy(filter, rFilter);
6872 attr_array[0] = attribute;
6873 attr_array[1] = NULL;
6875 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6876 linklist_base, linklist_count,
6877 LDAP_SCOPE_SUBTREE)) != 0)
6879 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6880 MoiraId, ldap_err2string(rc));
6884 if ((*linklist_count) == 1)
6886 strcpy(rFilter, filter);
6891 linklist_free((*linklist_base));
6892 (*linklist_base) = NULL;
6893 (*linklist_count) = 0;
6895 if (strlen(MoiraId) != 0)
6897 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6899 attr_array[0] = attribute;
6900 attr_array[1] = NULL;
6902 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6903 linklist_base, linklist_count,
6904 LDAP_SCOPE_SUBTREE)) != 0)
6906 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6907 MoiraId, ldap_err2string(rc));
6912 if ((*linklist_count) > 1)
6914 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6915 pPtr = (*linklist_base);
6919 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6924 linklist_free((*linklist_base));
6925 (*linklist_base) = NULL;
6926 (*linklist_count) = 0;
6929 if ((*linklist_count) == 1)
6932 pPtr = (*linklist_base);
6933 dn = strdup(pPtr->dn);
6936 if (!memcmp(dn, group_name, strlen(group_name)))
6938 strcpy(rFilter, filter);
6943 linklist_free((*linklist_base));
6944 (*linklist_base) = NULL;
6945 (*linklist_count) = 0;
6946 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6948 attr_array[0] = attribute;
6949 attr_array[1] = NULL;
6951 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6952 linklist_base, linklist_count,
6953 LDAP_SCOPE_SUBTREE)) != 0)
6955 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6956 MoiraId, ldap_err2string(rc));
6960 if ((*linklist_count) == 1)
6962 strcpy(rFilter, filter);
6969 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6972 char *attr_array[3];
6973 char SamAccountName[64];
6976 LK_ENTRY *group_base;
6982 if (strlen(MoiraId) != 0)
6984 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6986 attr_array[0] = "sAMAccountName";
6987 attr_array[1] = NULL;
6988 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6989 &group_base, &group_count,
6990 LDAP_SCOPE_SUBTREE)) != 0)
6992 com_err(whoami, 0, "Unable to process user %s : %s",
6993 UserName, ldap_err2string(rc));
6997 if (group_count > 1)
6999 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
7005 com_err(whoami, 0, "user %s exist with MoiraId = %s",
7006 gPtr->value, MoiraId);
7012 if (group_count != 1)
7014 linklist_free(group_base);
7017 sprintf(filter, "(sAMAccountName=%s)", UserName);
7018 attr_array[0] = "sAMAccountName";
7019 attr_array[1] = NULL;
7021 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7022 &group_base, &group_count,
7023 LDAP_SCOPE_SUBTREE)) != 0)
7025 com_err(whoami, 0, "Unable to process user %s : %s",
7026 UserName, ldap_err2string(rc));
7031 if (group_count != 1)
7033 linklist_free(group_base);
7034 return(AD_NO_USER_FOUND);
7037 strcpy(SamAccountName, group_base->value);
7038 linklist_free(group_base);
7042 if (strcmp(SamAccountName, UserName))
7045 "User object %s with MoiraId %s has mismatched usernames "
7046 "(LDAP username %s, Moira username %s)", SamAccountName,
7047 MoiraId, SamAccountName, UserName);
7053 void container_get_dn(char *src, char *dest)
7060 memset(array, '\0', 20 * sizeof(array[0]));
7062 if (strlen(src) == 0)
7084 strcpy(dest, "OU=");
7088 strcat(dest, array[n-1]);
7092 strcat(dest, ",OU=");
7099 void container_get_name(char *src, char *dest)
7104 if (strlen(src) == 0)
7124 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
7131 strcpy(cName, name);
7133 for (i = 0; i < (int)strlen(cName); i++)
7135 if (cName[i] == '/')
7138 av[CONTAINER_NAME] = cName;
7139 av[CONTAINER_DESC] = "";
7140 av[CONTAINER_LOCATION] = "";
7141 av[CONTAINER_CONTACT] = "";
7142 av[CONTAINER_TYPE] = "";
7143 av[CONTAINER_ID] = "";
7144 av[CONTAINER_ROWID] = "";
7145 rc = container_create(ldap_handle, dn_path, 7, av);
7147 if (rc == LDAP_SUCCESS)
7149 com_err(whoami, 0, "container %s created without a mitMoiraId",
7158 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
7159 char **before, int afterc, char **after)
7164 char new_dn_path[256];
7166 char distinguishedName[256];
7171 memset(cName, '\0', sizeof(cName));
7172 container_get_name(after[CONTAINER_NAME], cName);
7174 if (!check_container_name(cName))
7176 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7178 return(AD_INVALID_NAME);
7181 memset(distinguishedName, '\0', sizeof(distinguishedName));
7183 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7184 distinguishedName, beforec, before))
7187 if (strlen(distinguishedName) == 0)
7189 rc = container_create(ldap_handle, dn_path, afterc, after);
7193 strcpy(temp, after[CONTAINER_NAME]);
7196 for (i = 0; i < (int)strlen(temp); i++)
7206 container_get_dn(temp, dName);
7208 if (strlen(temp) != 0)
7209 sprintf(new_dn_path, "%s,%s", dName, dn_path);
7211 sprintf(new_dn_path, "%s", dn_path);
7213 sprintf(new_cn, "OU=%s", cName);
7215 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7217 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
7218 TRUE, NULL, NULL)) != LDAP_SUCCESS)
7220 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
7221 before[CONTAINER_NAME], after[CONTAINER_NAME],
7222 ldap_err2string(rc));
7226 memset(dName, '\0', sizeof(dName));
7227 container_get_dn(after[CONTAINER_NAME], dName);
7228 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
7233 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
7235 char distinguishedName[256];
7238 memset(distinguishedName, '\0', sizeof(distinguishedName));
7240 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7241 distinguishedName, count, av))
7244 if (strlen(distinguishedName) == 0)
7247 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
7249 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
7250 container_move_objects(ldap_handle, dn_path, distinguishedName);
7252 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
7253 av[CONTAINER_NAME], ldap_err2string(rc));
7259 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
7261 char *attr_array[3];
7262 LK_ENTRY *group_base;
7265 char *objectClass_v[] = {"top",
7266 "organizationalUnit",
7269 char *ou_v[] = {NULL, NULL};
7270 char *name_v[] = {NULL, NULL};
7271 char *moiraId_v[] = {NULL, NULL};
7272 char *desc_v[] = {NULL, NULL};
7273 char *managedBy_v[] = {NULL, NULL};
7276 char managedByDN[256];
7283 memset(filter, '\0', sizeof(filter));
7284 memset(dName, '\0', sizeof(dName));
7285 memset(cName, '\0', sizeof(cName));
7286 memset(managedByDN, '\0', sizeof(managedByDN));
7287 container_get_dn(av[CONTAINER_NAME], dName);
7288 container_get_name(av[CONTAINER_NAME], cName);
7290 if ((strlen(cName) == 0) || (strlen(dName) == 0))
7292 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7294 return(AD_INVALID_NAME);
7297 if (!check_container_name(cName))
7299 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7301 return(AD_INVALID_NAME);
7305 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
7307 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
7309 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
7311 if (strlen(av[CONTAINER_ROWID]) != 0)
7313 moiraId_v[0] = av[CONTAINER_ROWID];
7314 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7317 if (strlen(av[CONTAINER_DESC]) != 0)
7319 desc_v[0] = av[CONTAINER_DESC];
7320 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7323 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7325 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7327 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7330 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7331 kerberos_ou, dn_path);
7332 managedBy_v[0] = managedByDN;
7333 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7338 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7340 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7341 "(objectClass=user)))", av[CONTAINER_ID]);
7344 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7346 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7350 if (strlen(filter) != 0)
7352 attr_array[0] = "distinguishedName";
7353 attr_array[1] = NULL;
7356 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7358 &group_base, &group_count,
7359 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7361 if (group_count == 1)
7363 strcpy(managedByDN, group_base->value);
7364 managedBy_v[0] = managedByDN;
7365 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7367 linklist_free(group_base);
7377 sprintf(temp, "%s,%s", dName, dn_path);
7378 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7380 for (i = 0; i < n; i++)
7383 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7385 com_err(whoami, 0, "Unable to create container %s : %s",
7386 cName, ldap_err2string(rc));
7390 if (rc == LDAP_ALREADY_EXISTS)
7392 if (strlen(av[CONTAINER_ROWID]) != 0)
7393 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7399 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7400 char **before, int afterc, char **after)
7402 char distinguishedName[256];
7405 memset(distinguishedName, '\0', sizeof(distinguishedName));
7407 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7408 distinguishedName, afterc, after))
7411 if (strlen(distinguishedName) == 0)
7413 rc = container_create(ldap_handle, dn_path, afterc, after);
7417 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7418 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7424 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7425 char *distinguishedName, int count,
7428 char *attr_array[3];
7429 LK_ENTRY *group_base;
7436 memset(filter, '\0', sizeof(filter));
7437 memset(dName, '\0', sizeof(dName));
7438 memset(cName, '\0', sizeof(cName));
7439 container_get_dn(av[CONTAINER_NAME], dName);
7440 container_get_name(av[CONTAINER_NAME], cName);
7442 if (strlen(dName) == 0)
7444 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7445 av[CONTAINER_NAME]);
7446 return(AD_INVALID_NAME);
7449 if (!check_container_name(cName))
7451 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7453 return(AD_INVALID_NAME);
7456 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7457 av[CONTAINER_ROWID]);
7458 attr_array[0] = "distinguishedName";
7459 attr_array[1] = NULL;
7463 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7464 &group_base, &group_count,
7465 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7467 if (group_count == 1)
7469 strcpy(distinguishedName, group_base->value);
7472 linklist_free(group_base);
7477 if (strlen(distinguishedName) == 0)
7479 sprintf(filter, "(&(objectClass=organizationalUnit)"
7480 "(distinguishedName=%s,%s))", dName, dn_path);
7481 attr_array[0] = "distinguishedName";
7482 attr_array[1] = NULL;
7486 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7487 &group_base, &group_count,
7488 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7490 if (group_count == 1)
7492 strcpy(distinguishedName, group_base->value);
7495 linklist_free(group_base);
7504 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7505 char *distinguishedName, int count, char **av)
7507 char *attr_array[5];
7508 LK_ENTRY *group_base;
7513 char *moiraId_v[] = {NULL, NULL};
7514 char *desc_v[] = {NULL, NULL};
7515 char *managedBy_v[] = {NULL, NULL};
7516 char managedByDN[256];
7525 strcpy(ad_path, distinguishedName);
7527 if (strlen(dName) != 0)
7528 sprintf(ad_path, "%s,%s", dName, dn_path);
7530 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7533 if (strlen(av[CONTAINER_ID]) != 0)
7534 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7535 av[CONTAINER_ROWID]);
7537 attr_array[0] = "mitMoiraId";
7538 attr_array[1] = "description";
7539 attr_array[2] = "managedBy";
7540 attr_array[3] = NULL;
7544 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7545 &group_base, &group_count,
7546 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7548 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7549 av[CONTAINER_NAME], ldap_err2string(rc));
7553 memset(managedByDN, '\0', sizeof(managedByDN));
7554 memset(moiraId, '\0', sizeof(moiraId));
7555 memset(desc, '\0', sizeof(desc));
7560 if (!strcasecmp(pPtr->attribute, "description"))
7561 strcpy(desc, pPtr->value);
7562 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7563 strcpy(managedByDN, pPtr->value);
7564 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7565 strcpy(moiraId, pPtr->value);
7569 linklist_free(group_base);
7574 if (strlen(av[CONTAINER_ROWID]) != 0)
7576 moiraId_v[0] = av[CONTAINER_ROWID];
7577 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7580 if (strlen(av[CONTAINER_DESC]) != 0)
7582 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7587 if (strlen(desc) != 0)
7589 attribute_update(ldap_handle, ad_path, "", "description", dName);
7593 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7595 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7597 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7600 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7601 kerberos_ou, dn_path);
7602 managedBy_v[0] = managedByDN;
7603 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7607 if (strlen(managedByDN) != 0)
7609 attribute_update(ldap_handle, ad_path, "", "managedBy",
7616 memset(filter, '\0', sizeof(filter));
7618 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7620 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7621 "(objectClass=user)))", av[CONTAINER_ID]);
7624 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7626 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7630 if (strlen(filter) != 0)
7632 attr_array[0] = "distinguishedName";
7633 attr_array[1] = NULL;
7636 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7637 attr_array, &group_base, &group_count,
7638 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7640 if (group_count == 1)
7642 strcpy(managedByDN, group_base->value);
7643 managedBy_v[0] = managedByDN;
7644 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7648 if (strlen(managedByDN) != 0)
7650 attribute_update(ldap_handle, ad_path, "",
7651 "managedBy", dName);
7655 linklist_free(group_base);
7662 if (strlen(managedByDN) != 0)
7664 attribute_update(ldap_handle, ad_path, "", "managedBy",
7674 return(LDAP_SUCCESS);
7676 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7678 for (i = 0; i < n; i++)
7681 if (rc != LDAP_SUCCESS)
7683 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7684 av[CONTAINER_NAME], ldap_err2string(rc));
7691 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7693 char *attr_array[3];
7694 LK_ENTRY *group_base;
7701 int NumberOfEntries = 10;
7705 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7707 for (i = 0; i < 3; i++)
7709 memset(filter, '\0', sizeof(filter));
7713 strcpy(filter, "(!(|(objectClass=computer)"
7714 "(objectClass=organizationalUnit)))");
7715 attr_array[0] = "cn";
7716 attr_array[1] = NULL;
7720 strcpy(filter, "(objectClass=computer)");
7721 attr_array[0] = "cn";
7722 attr_array[1] = NULL;
7726 strcpy(filter, "(objectClass=organizationalUnit)");
7727 attr_array[0] = "ou";
7728 attr_array[1] = NULL;
7733 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7734 &group_base, &group_count,
7735 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7740 if (group_count == 0)
7747 if (!strcasecmp(pPtr->attribute, "cn"))
7749 sprintf(new_cn, "cn=%s", pPtr->value);
7751 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7753 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7758 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7760 if (rc == LDAP_ALREADY_EXISTS)
7762 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7769 else if (!strcasecmp(pPtr->attribute, "ou"))
7771 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7777 linklist_free(group_base);
7786 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7787 char *machine_ou, char *NewMachineName)
7789 LK_ENTRY *group_base;
7793 char *attr_array[3];
7800 strcpy(NewMachineName, member);
7801 rc = moira_connect();
7802 rc = GetMachineName(NewMachineName);
7805 if (strlen(NewMachineName) == 0)
7807 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7813 pPtr = strchr(NewMachineName, '.');
7820 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7821 attr_array[0] = "cn";
7822 attr_array[1] = NULL;
7823 sprintf(temp, "%s", dn_path);
7825 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7826 &group_base, &group_count,
7827 LDAP_SCOPE_SUBTREE)) != 0)
7829 com_err(whoami, 0, "Unable to process machine %s : %s",
7830 member, ldap_err2string(rc));
7834 if (group_count != 1)
7839 strcpy(dn, group_base->dn);
7840 strcpy(cn, group_base->value);
7842 for (i = 0; i < (int)strlen(dn); i++)
7843 dn[i] = tolower(dn[i]);
7845 for (i = 0; i < (int)strlen(cn); i++)
7846 cn[i] = tolower(cn[i]);
7848 linklist_free(group_base);
7850 pPtr = strstr(dn, cn);
7854 com_err(whoami, 0, "Unable to process machine %s",
7859 pPtr += strlen(cn) + 1;
7860 strcpy(machine_ou, pPtr);
7862 pPtr = strstr(machine_ou, "dc=");
7866 com_err(whoami, 0, "Unable to process machine %s",
7877 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7878 char *MoiraMachineName, char *DestinationOu)
7882 char MachineName[128];
7884 char *attr_array[3];
7889 LK_ENTRY *group_base;
7894 strcpy(MachineName, MoiraMachineName);
7895 rc = GetMachineName(MachineName);
7897 if (strlen(MachineName) == 0)
7899 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7904 cPtr = strchr(MachineName, '.');
7909 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7910 attr_array[0] = "sAMAccountName";
7911 attr_array[1] = NULL;
7913 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7915 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7917 com_err(whoami, 0, "Unable to process machine %s : %s",
7918 MoiraMachineName, ldap_err2string(rc));
7922 if (group_count == 1)
7923 strcpy(OldDn, group_base->dn);
7925 linklist_free(group_base);
7928 if (group_count != 1)
7930 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7935 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7936 cPtr = strchr(OldDn, ',');
7941 if (!strcasecmp(cPtr, NewOu))
7945 sprintf(NewCn, "CN=%s", MachineName);
7946 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7951 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7957 memset(Name, '\0', sizeof(Name));
7958 strcpy(Name, machine_name);
7960 pPtr = strchr(Name, '.');
7966 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7969 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7970 char *machine_name, char *container_name)
7976 av[0] = machine_name;
7977 call_args[0] = (char *)container_name;
7978 rc = mr_query("get_machine_to_container_map", 1, av,
7979 machine_GetMoiraContainer, call_args);
7983 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7988 strcpy(call_args[0], av[1]);
7992 int Moira_container_group_create(char **after)
7998 memset(GroupName, '\0', sizeof(GroupName));
7999 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
8000 after[CONTAINER_ROWID]);
8004 argv[L_NAME] = GroupName;
8005 argv[L_ACTIVE] = "1";
8006 argv[L_PUBLIC] = "0";
8007 argv[L_HIDDEN] = "0";
8008 argv[L_MAILLIST] = "0";
8009 argv[L_GROUP] = "1";
8010 argv[L_GID] = UNIQUE_GID;
8011 argv[L_NFSGROUP] = "0";
8012 argv[L_MAILMAN] = "0";
8013 argv[L_MAILMAN_SERVER] = "[NONE]";
8014 argv[L_DESC] = "auto created container group";
8015 argv[L_ACE_TYPE] = "USER";
8016 argv[L_MEMACE_TYPE] = "USER";
8017 argv[L_ACE_NAME] = "sms";
8018 argv[L_MEMACE_NAME] = "sms";
8020 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
8023 "Unable to create container group %s for container %s: %s",
8024 GroupName, after[CONTAINER_NAME], error_message(rc));
8027 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
8028 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
8033 int Moira_container_group_update(char **before, char **after)
8036 char BeforeGroupName[64];
8037 char AfterGroupName[64];
8040 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
8043 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
8044 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
8045 if (strlen(BeforeGroupName) == 0)
8048 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
8049 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
8050 after[CONTAINER_ROWID]);
8054 if (strcasecmp(BeforeGroupName, AfterGroupName))
8056 argv[L_NAME] = BeforeGroupName;
8057 argv[L_NAME + 1] = AfterGroupName;
8058 argv[L_ACTIVE + 1] = "1";
8059 argv[L_PUBLIC + 1] = "0";
8060 argv[L_HIDDEN + 1] = "0";
8061 argv[L_MAILLIST + 1] = "0";
8062 argv[L_GROUP + 1] = "1";
8063 argv[L_GID + 1] = UNIQUE_GID;
8064 argv[L_NFSGROUP + 1] = "0";
8065 argv[L_MAILMAN + 1] = "0";
8066 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
8067 argv[L_DESC + 1] = "auto created container group";
8068 argv[L_ACE_TYPE + 1] = "USER";
8069 argv[L_MEMACE_TYPE + 1] = "USER";
8070 argv[L_ACE_NAME + 1] = "sms";
8071 argv[L_MEMACE_NAME + 1] = "sms";
8073 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
8076 "Unable to rename container group from %s to %s: %s",
8077 BeforeGroupName, AfterGroupName, error_message(rc));
8084 int Moira_container_group_delete(char **before)
8089 char ParentGroupName[64];
8091 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
8092 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
8094 memset(GroupName, '\0', sizeof(GroupName));
8096 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
8097 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
8099 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
8101 argv[0] = ParentGroupName;
8103 argv[2] = GroupName;
8105 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
8108 "Unable to delete container group %s from list: %s",
8109 GroupName, ParentGroupName, error_message(rc));
8113 if (strlen(GroupName) != 0)
8115 argv[0] = GroupName;
8117 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
8119 com_err(whoami, 0, "Unable to delete container group %s : %s",
8120 GroupName, error_message(rc));
8127 int Moira_groupname_create(char *GroupName, char *ContainerName,
8128 char *ContainerRowID)
8133 char newGroupName[64];
8134 char tempGroupName[64];
8140 strcpy(temp, ContainerName);
8142 ptr1 = strrchr(temp, '/');
8148 ptr1 = strrchr(temp, '/');
8152 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
8155 strcpy(tempgname, ptr);
8158 strcpy(tempgname, temp);
8160 if (strlen(tempgname) > 25)
8161 tempgname[25] ='\0';
8163 sprintf(newGroupName, "cnt-%s", tempgname);
8165 /* change everything to lower case */
8171 *ptr = tolower(*ptr);
8179 strcpy(tempGroupName, newGroupName);
8182 /* append 0-9 then a-z if a duplicate is found */
8185 argv[0] = newGroupName;
8187 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
8189 if (rc == MR_NO_MATCH)
8191 com_err(whoami, 0, "Moira error while creating group name for "
8192 "container %s : %s", ContainerName, error_message(rc));
8196 sprintf(newGroupName, "%s-%c", tempGroupName, i);
8200 com_err(whoami, 0, "Unable to find a unique group name for "
8201 "container %s: too many duplicate container names",
8212 strcpy(GroupName, newGroupName);
8216 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
8221 argv[0] = origContainerName;
8222 argv[1] = GroupName;
8224 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
8227 "Unable to set container group %s in container %s: %s",
8228 GroupName, origContainerName, error_message(rc));
8234 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
8236 char ContainerName[64];
8237 char ParentGroupName[64];
8241 strcpy(ContainerName, origContainerName);
8243 Moira_getGroupName(ContainerName, ParentGroupName, 1);
8245 /* top-level container */
8246 if (strlen(ParentGroupName) == 0)
8249 argv[0] = ParentGroupName;
8251 argv[2] = GroupName;
8253 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
8256 "Unable to add container group %s to parent group %s: %s",
8257 GroupName, ParentGroupName, error_message(rc));
8263 int Moira_getContainerGroup(int ac, char **av, void *ptr)
8268 strcpy(call_args[0], av[1]);
8273 int Moira_getGroupName(char *origContainerName, char *GroupName,
8276 char ContainerName[64];
8282 strcpy(ContainerName, origContainerName);
8286 ptr = strrchr(ContainerName, '/');
8294 argv[0] = ContainerName;
8296 call_args[0] = GroupName;
8297 call_args[1] = NULL;
8299 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
8302 if (strlen(GroupName) != 0)
8307 com_err(whoami, 0, "Unable to get container group from container %s: %s",
8308 ContainerName, error_message(rc));
8310 com_err(whoami, 0, "Unable to get container group from container %s",
8316 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8322 if (strcmp(GroupName, "[none]") == 0)
8325 argv[0] = GroupName;
8326 argv[1] = "MACHINE";
8327 argv[2] = MachineName;
8330 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8332 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8336 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8337 MachineName, GroupName, error_message(rc));
8343 int GetMachineName(char *MachineName)
8346 char NewMachineName[1024];
8353 // If the address happens to be in the top-level MIT domain, great!
8354 strcpy(NewMachineName, MachineName);
8356 for (i = 0; i < (int)strlen(NewMachineName); i++)
8357 NewMachineName[i] = toupper(NewMachineName[i]);
8359 szDot = strchr(NewMachineName,'.');
8361 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8366 // If not, see if it has a Moira alias in the top-level MIT domain.
8367 memset(NewMachineName, '\0', sizeof(NewMachineName));
8369 args[1] = MachineName;
8370 call_args[0] = NewMachineName;
8371 call_args[1] = NULL;
8373 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8375 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8376 MachineName, error_message(rc));
8377 strcpy(MachineName, "");
8381 if (strlen(NewMachineName) != 0)
8382 strcpy(MachineName, NewMachineName);
8384 strcpy(MachineName, "");
8389 int ProcessMachineName(int ac, char **av, void *ptr)
8392 char MachineName[1024];
8398 if (strlen(call_args[0]) == 0)
8400 strcpy(MachineName, av[0]);
8402 for (i = 0; i < (int)strlen(MachineName); i++)
8403 MachineName[i] = toupper(MachineName[i]);
8405 szDot = strchr(MachineName,'.');
8407 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8409 strcpy(call_args[0], MachineName);
8416 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8422 for (i = 0; i < n; i++)
8424 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8425 mods[i]->mod_type = "uidNumber";
8432 for (i = 0; i < n; i++)
8434 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8435 mods[i]->mod_type = "msSFU30UidNumber";
8442 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8443 char *DistinguishedName,
8444 char *WinHomeDir, char *WinProfileDir,
8445 char **homedir_v, char **winProfile_v,
8446 char **drives_v, LDAPMod **mods,
8453 char winProfile[1024];
8456 char apple_homedir[1024];
8457 char *apple_homedir_v[] = {NULL, NULL};
8461 LDAPMod *DelMods[20];
8463 char *save_argv[FS_END];
8464 char *fsgroup_save_argv[2];
8466 memset(homeDrive, '\0', sizeof(homeDrive));
8467 memset(path, '\0', sizeof(path));
8468 memset(winPath, '\0', sizeof(winPath));
8469 memset(winProfile, '\0', sizeof(winProfile));
8471 if(!ActiveDirectory)
8473 if (rc = moira_connect())
8475 critical_alert(whoami, "Ldap incremental",
8476 "Error contacting Moira server : %s",
8481 argv[0] = user_name;
8483 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8486 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8487 !strcmp(save_argv[FS_TYPE], "MUL"))
8490 argv[0] = save_argv[FS_NAME];
8493 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8494 save_fsgroup_info, fsgroup_save_argv)))
8498 argv[0] = fsgroup_save_argv[0];
8500 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8501 save_query_info, save_argv)))
8503 strcpy(path, save_argv[FS_PACK]);
8510 strcpy(path, save_argv[FS_PACK]);
8518 if (!strnicmp(path, AFS, strlen(AFS)))
8520 sprintf(homedir, "%s", path);
8521 sprintf(apple_homedir, "%s/MacData", path);
8522 homedir_v[0] = homedir;
8523 apple_homedir_v[0] = apple_homedir;
8524 ADD_ATTR("homeDirectory", homedir_v, OpType);
8525 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8531 homedir_v[0] = "NONE";
8532 apple_homedir_v[0] = "NONE";
8533 ADD_ATTR("homeDirectory", homedir_v, OpType);
8534 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8541 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8542 (!strcasecmp(WinProfileDir, "[afs]")))
8544 if (rc = moira_connect())
8546 critical_alert(whoami, "Ldap incremental",
8547 "Error contacting Moira server : %s",
8552 argv[0] = user_name;
8554 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8557 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8558 !strcmp(save_argv[FS_TYPE], "MUL"))
8561 argv[0] = save_argv[FS_NAME];
8564 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8565 save_fsgroup_info, fsgroup_save_argv)))
8569 argv[0] = fsgroup_save_argv[0];
8571 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8572 save_query_info, save_argv)))
8574 strcpy(path, save_argv[FS_PACK]);
8581 strcpy(path, save_argv[FS_PACK]);
8589 if (!strnicmp(path, AFS, strlen(AFS)))
8591 AfsToWinAfs(path, winPath);
8592 strcpy(winProfile, winPath);
8593 strcat(winProfile, "\\.winprofile");
8600 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8601 (!strcasecmp(WinProfileDir, "[dfs]")))
8603 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8604 user_name[0], user_name);
8606 if (!strcasecmp(WinProfileDir, "[dfs]"))
8608 strcpy(winProfile, path);
8609 strcat(winProfile, "\\.winprofile");
8612 if (!strcasecmp(WinHomeDir, "[dfs]"))
8613 strcpy(winPath, path);
8616 if (!strcasecmp(WinHomeDir, "[local]"))
8617 memset(winPath, '\0', sizeof(winPath));
8618 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8619 !strcasecmp(WinHomeDir, "[dfs]"))
8621 strcpy(homeDrive, "H:");
8625 strcpy(winPath, WinHomeDir);
8626 if (!strncmp(WinHomeDir, "\\\\", 2))
8628 strcpy(homeDrive, "H:");
8632 // nothing needs to be done if WinProfileDir is [afs].
8633 if (!strcasecmp(WinProfileDir, "[local]"))
8634 memset(winProfile, '\0', sizeof(winProfile));
8635 else if (strcasecmp(WinProfileDir, "[afs]") &&
8636 strcasecmp(WinProfileDir, "[dfs]"))
8638 strcpy(winProfile, WinProfileDir);
8641 if (strlen(winProfile) != 0)
8643 if (winProfile[strlen(winProfile) - 1] == '\\')
8644 winProfile[strlen(winProfile) - 1] = '\0';
8647 if (strlen(winPath) != 0)
8649 if (winPath[strlen(winPath) - 1] == '\\')
8650 winPath[strlen(winPath) - 1] = '\0';
8653 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8654 strcat(winProfile, "\\");
8656 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8657 strcat(winPath, "\\");
8659 if (strlen(winPath) == 0)
8661 if (OpType == LDAP_MOD_REPLACE)
8664 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8666 //unset homeDirectory attribute for user.
8667 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8673 homedir_v[0] = strdup(winPath);
8674 ADD_ATTR("homeDirectory", homedir_v, OpType);
8677 if (strlen(winProfile) == 0)
8679 if (OpType == LDAP_MOD_REPLACE)
8682 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8684 //unset profilePate attribute for user.
8685 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8691 winProfile_v[0] = strdup(winProfile);
8692 ADD_ATTR("profilePath", winProfile_v, OpType);
8695 if (strlen(homeDrive) == 0)
8697 if (OpType == LDAP_MOD_REPLACE)
8700 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8702 //unset homeDrive attribute for user
8703 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8709 drives_v[0] = strdup(homeDrive);
8710 ADD_ATTR("homeDrive", drives_v, OpType);
8716 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8717 char *attribute_value, char *attribute, char *user_name)
8719 char *mod_v[] = {NULL, NULL};
8720 LDAPMod *DelMods[20];
8726 if (strlen(attribute_value) == 0)
8729 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8731 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8737 mod_v[0] = attribute_value;
8738 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8741 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8742 mods)) != LDAP_SUCCESS)
8746 mod_v[0] = attribute_value;
8747 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8750 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8751 mods)) != LDAP_SUCCESS)
8753 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8754 "in the directory : %s",
8755 attribute, user_name, ldap_err2string(rc));
8765 void StringTrim(char *StringToTrim)
8770 save = strdup(StringToTrim);
8777 /* skip to end of string */
8782 strcpy(StringToTrim, save);
8786 for (t = s; *t; t++)
8802 strcpy(StringToTrim, s);
8806 int ReadConfigFile(char *DomainName)
8817 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8819 if ((fptr = fopen(temp, "r")) != NULL)
8821 while (fgets(temp, sizeof(temp), fptr) != 0)
8823 for (i = 0; i < (int)strlen(temp); i++)
8824 temp[i] = toupper(temp[i]);
8826 if (temp[strlen(temp) - 1] == '\n')
8827 temp[strlen(temp) - 1] = '\0';
8831 if (strlen(temp) == 0)
8834 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8836 if (strlen(temp) > (strlen(DOMAIN)))
8838 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8839 StringTrim(ldap_domain);
8842 else if (!strncmp(temp, REALM, strlen(REALM)))
8844 if (strlen(temp) > (strlen(REALM)))
8846 strcpy(ldap_realm, &temp[strlen(REALM)]);
8847 StringTrim(ldap_realm);
8850 else if (!strncmp(temp, PORT, strlen(PORT)))
8852 if (strlen(temp) > (strlen(PORT)))
8854 strcpy(ldap_port, &temp[strlen(PORT)]);
8855 StringTrim(ldap_port);
8858 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8860 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8862 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8863 StringTrim(PrincipalName);
8866 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8868 if (strlen(temp) > (strlen(SERVER)))
8870 ServerList[Count] = calloc(1, 256);
8871 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8872 StringTrim(ServerList[Count]);
8876 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8878 if (strlen(temp) > (strlen(MSSFU)))
8880 strcpy(temp1, &temp[strlen(MSSFU)]);
8882 if (!strcmp(temp1, SFUTYPE))
8886 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8888 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8890 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8892 if (!strcasecmp(temp1, "NO"))
8895 memset(group_suffix, '\0', sizeof(group_suffix));
8899 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8901 if (strlen(temp) > (strlen(GROUP_TYPE)))
8903 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8905 if (!strcasecmp(temp1, "UNIVERSAL"))
8906 UseGroupUniversal = 1;
8909 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8911 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8913 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8915 if (!strcasecmp(temp1, "NO"))
8919 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8921 if (strlen(temp) > (strlen(SET_PASSWORD)))
8923 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8925 if (!strcasecmp(temp1, "NO"))
8929 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8931 if (strlen(temp) > (strlen(EXCHANGE)))
8933 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8935 if (!strcasecmp(temp1, "YES"))
8939 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8940 strlen(PROCESS_MACHINE_CONTAINER)))
8942 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8944 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8946 if (!strcasecmp(temp1, "NO"))
8947 ProcessMachineContainer = 0;
8950 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8951 strlen(ACTIVE_DIRECTORY)))
8953 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8955 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8957 if (!strcasecmp(temp1, "NO"))
8958 ActiveDirectory = 0;
8961 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8962 strlen(GROUP_POPULATE_MEMBERS)))
8964 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8966 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8968 if (!strcasecmp(temp1, "DELETE"))
8970 GroupPopulateDelete = 1;
8974 else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
8976 if (strlen(temp) > (strlen(MAX_MEMBERS)))
8978 strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
8980 max_group_members = atoi(temp1);
8985 if (strlen(ldap_domain) != 0)
8987 memset(ldap_domain, '\0', sizeof(ldap_domain));
8991 if (strlen(temp) != 0)
8992 strcpy(ldap_domain, temp);
8998 if (strlen(ldap_domain) == 0)
9000 strcpy(ldap_domain, DomainName);
9006 for (i = 0; i < Count; i++)
9008 if (ServerList[i] != 0)
9010 for (k = 0; k < (int)strlen(ServerList[i]); k++)
9011 ServerList[i][k] = toupper(ServerList[i][k]);
9018 int ReadDomainList()
9025 unsigned char c[11];
9026 unsigned char stuff[256];
9031 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
9033 if ((fptr = fopen(temp, "r")) != NULL)
9035 while (fgets(temp, sizeof(temp), fptr) != 0)
9037 for (i = 0; i < (int)strlen(temp); i++)
9038 temp[i] = toupper(temp[i]);
9040 if (temp[strlen(temp) - 1] == '\n')
9041 temp[strlen(temp) - 1] = '\0';
9045 if (strlen(temp) == 0)
9048 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
9050 if (strlen(temp) > (strlen(DOMAIN)))
9052 strcpy(temp1, &temp[strlen(DOMAIN)]);
9054 strcpy(temp, temp1);
9058 strcpy(DomainNames[Count], temp);
9059 StringTrim(DomainNames[Count]);
9068 critical_alert(whoami, "incremental", "%s", "ldap.incr cannot run due to a "
9069 "configuration error in ldap.cfg");
9076 int email_isvalid(const char *address) {
9078 const char *c, *domain;
9079 static char *rfc822_specials = "()<>@,;:\\\"[]";
9081 if(address[strlen(address) - 1] == '.')
9084 /* first we validate the name portion (name@domain) */
9085 for (c = address; *c; c++) {
9086 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
9091 if (*c == '\\' && (*++c == ' '))
9093 if (*c <= ' ' || *c >= 127)
9108 if (*c <= ' ' || *c >= 127)
9110 if (strchr(rfc822_specials, *c))
9114 if (c == address || *(c - 1) == '.')
9117 /* next we validate the domain portion (name@domain) */
9118 if (!*(domain = ++c)) return 0;
9121 if (c == domain || *(c - 1) == '.')
9125 if (*c <= ' ' || *c >= 127)
9127 if (strchr(rfc822_specials, *c))
9131 return (count >= 1);
9134 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
9135 char **homeServerName)
9137 LK_ENTRY *group_base;
9138 LK_ENTRY *sub_group_base;
9142 int sub_group_count;
9144 char sub_filter[1024];
9145 char search_path[1024];
9147 char *attr_array[3];
9149 int homeMDB_count = -1;
9153 int rangeStep = 1500;
9155 int rangeHigh = rangeLow + (rangeStep - 1);
9158 /* Grumble..... microsoft not making it searchable from the root *grr* */
9160 memset(filter, '\0', sizeof(filter));
9161 memset(search_path, '\0', sizeof(search_path));
9163 sprintf(filter, "(objectClass=msExchMDB)");
9164 sprintf(search_path, "CN=Configuration,%s", dn_path);
9165 attr_array[0] = "distinguishedName";
9166 attr_array[1] = NULL;
9171 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
9172 &group_base, &group_count,
9173 LDAP_SCOPE_SUBTREE)) != 0)
9175 com_err(whoami, 0, "Unable to find msExchMDB %s",
9176 ldap_err2string(rc));
9185 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
9186 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
9187 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
9194 * Due to limits in active directory we need to use the LDAP
9195 * range semantics to query and return all the values in
9196 * large lists, we will stop increasing the range when
9197 * the result count is 0.
9205 memset(sub_filter, '\0', sizeof(sub_filter));
9206 memset(range, '\0', sizeof(range));
9207 sprintf(sub_filter, "(objectClass=msExchMDB)");
9210 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
9212 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
9214 attr_array[0] = range;
9215 attr_array[1] = NULL;
9217 sub_group_base = NULL;
9218 sub_group_count = 0;
9220 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
9221 attr_array, &sub_group_base,
9223 LDAP_SCOPE_SUBTREE)) != 0)
9225 com_err(whoami, 0, "Unable to find homeMDBBL %s",
9226 ldap_err2string(rc));
9230 if(!sub_group_count)
9236 rangeHigh = rangeLow + (rangeStep - 1);
9243 mdbbl_count += sub_group_count;
9244 rangeLow = rangeHigh + 1;
9245 rangeHigh = rangeLow + (rangeStep - 1);
9248 /* First time through, need to initialize or update the least used */
9250 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
9253 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
9255 homeMDB_count = mdbbl_count;
9256 *homeMDB = strdup(gPtr->dn);
9260 linklist_free(sub_group_base);
9264 linklist_free(group_base);
9267 * Ok found the server least allocated need to now query to get its
9268 * msExchHomeServerName so we can set it as a user attribute
9271 attr_array[0] = "legacyExchangeDN";
9272 attr_array[1] = NULL;
9277 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
9278 attr_array, &group_base,
9280 LDAP_SCOPE_SUBTREE)) != 0)
9282 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
9283 ldap_err2string(rc));
9289 *homeServerName = strdup(group_base->value);
9290 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
9296 linklist_free(group_base);
9301 char *lowercase(char *s)
9305 for (p = s; *p; p++)
9313 char *uppercase(char *s)
9317 for (p = s; *p; p++)
9325 char *escape_string(char *s)
9333 if(ActiveDirectory) {
9337 memset(string, '\0', sizeof(string));
9341 /* Escape any special characters */
9343 for(; *q != '\0'; q++) {
9366 return strdup(string);
9369 int save_query_info(int argc, char **argv, void *hint)
9372 char **nargv = hint;
9374 for(i = 0; i < argc; i++)
9375 nargv[i] = strdup(argv[i]);
9380 int save_fsgroup_info(int argc, char **argv, void *hint)
9383 char **nargv = hint;
9387 for(i = 0; i < argc; i++)
9388 nargv[i] = strdup(argv[i]);
9396 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
9397 char *UserOu, char *user_name)
9399 char search_filter[1024];
9400 char *attr_array[3];
9401 LK_ENTRY *group_base;
9408 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9412 if(!strcmp(UserOu, user_ou))
9413 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
9415 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9421 sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))",
9424 attr_array[0] = "mitMoiraId";
9425 attr_array[1] = NULL;
9427 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
9428 attr_array, &group_base, &group_count,
9429 LDAP_SCOPE_SUBTREE)) != 0)
9431 com_err(whoami, 0, "Unable to check group %s for membership of %s : %s",
9432 group_name, user_name, ldap_err2string(rc));
9445 linklist_free(group_base);