2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("Ldap incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("Ldap incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("Ldap incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("Ldap incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("Ldap incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("Ldap incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("Ldap incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("Ldap incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from directory",
1733 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1737 com_err(whoami, 0, "Unable to process because user %s has been "
1738 "previously expungeded", before[U_NAME]);
1743 /*process anything that gets here*/
1745 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1746 before_user_id)) == AD_NO_USER_FOUND)
1748 if (!check_string(after[U_NAME]))
1751 if (rc = moira_connect())
1753 critical_alert("Ldap incremental",
1754 "Error connection to Moira : %s",
1759 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1761 av[0] = after[U_NAME];
1762 call_args[0] = (char *)ldap_handle;
1763 call_args[1] = dn_path;
1764 call_args[2] = after_user_id;
1765 call_args[3] = NULL;
1773 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1774 attr_array[0] = "cn";
1775 attr_array[1] = NULL;
1777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1778 &group_base, &group_count,
1779 LDAP_SCOPE_SUBTREE)) != 0)
1781 com_err(whoami, 0, "Unable to process user %s : %s",
1782 after[U_NAME], ldap_err2string(rc));
1786 if (group_count >= 1)
1788 com_err(whoami, 0, "Object already exists with name %s",
1793 linklist_free(group_base);
1798 if (rc = mr_query("get_user_account_by_login", 1, av,
1799 save_query_info, save_argv))
1802 com_err(whoami, 0, "Unable to create user %s : %s",
1803 after[U_NAME], error_message(rc));
1807 if (rc = user_create(U_END, save_argv, call_args))
1809 com_err(whoami, 0, "Unable to create user %s : %s",
1810 after[U_NAME], error_message(rc));
1817 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1829 if (strcmp(before[U_NAME], after[U_NAME]))
1831 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1833 com_err(whoami, 0, "changing user %s to %s",
1834 before[U_NAME], after[U_NAME]);
1836 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1837 after[U_NAME])) != LDAP_SUCCESS)
1844 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1845 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1846 after[U_UID], after[U_MITID],
1847 after_user_id, atoi(after[U_STATE]),
1848 after[U_HOMEDIR], after[U_PROFILEDIR],
1849 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1850 after[U_SHELL], after[U_CLASS]);
1855 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1856 char *oldValue, char *newValue,
1857 char ***modvalues, int type)
1859 LK_ENTRY *linklist_ptr;
1863 if (((*modvalues) = calloc(1,
1864 (modvalue_count + 1) * sizeof(char *))) == NULL)
1869 for (i = 0; i < (modvalue_count + 1); i++)
1870 (*modvalues)[i] = NULL;
1872 if (modvalue_count != 0)
1874 linklist_ptr = linklist_base;
1875 for (i = 0; i < modvalue_count; i++)
1877 if ((oldValue != NULL) && (newValue != NULL))
1879 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1882 if (type == REPLACE)
1884 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1887 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1888 strcpy((*modvalues)[i], newValue);
1892 if (((*modvalues)[i] = calloc(1,
1893 (int)(cPtr - linklist_ptr->value) +
1894 (linklist_ptr->length -
1896 strlen(newValue) + 1)) == NULL)
1898 memset((*modvalues)[i], '\0',
1899 (int)(cPtr - linklist_ptr->value) +
1900 (linklist_ptr->length - strlen(oldValue)) +
1901 strlen(newValue) + 1);
1902 memcpy((*modvalues)[i], linklist_ptr->value,
1903 (int)(cPtr - linklist_ptr->value));
1904 strcat((*modvalues)[i], newValue);
1905 strcat((*modvalues)[i],
1906 &linklist_ptr->value[(int)(cPtr -
1907 linklist_ptr->value) + strlen(oldValue)]);
1912 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1913 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1914 memcpy((*modvalues)[i], linklist_ptr->value,
1915 linklist_ptr->length);
1920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1922 memcpy((*modvalues)[i], linklist_ptr->value,
1923 linklist_ptr->length);
1925 linklist_ptr = linklist_ptr->next;
1927 (*modvalues)[i] = NULL;
1933 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1934 char **attr_array, LK_ENTRY **linklist_base,
1935 int *linklist_count, unsigned long ScopeType)
1938 LDAPMessage *ldap_entry;
1942 (*linklist_base) = NULL;
1943 (*linklist_count) = 0;
1945 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1946 search_exp, attr_array, 0,
1947 &ldap_entry)) != LDAP_SUCCESS)
1949 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1953 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1956 ldap_msgfree(ldap_entry);
1960 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1961 LK_ENTRY **linklist_base, int *linklist_count)
1963 char distinguished_name[1024];
1964 LK_ENTRY *linklist_ptr;
1967 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1970 memset(distinguished_name, '\0', sizeof(distinguished_name));
1971 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1973 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1974 linklist_base)) != 0)
1977 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1983 distinguished_name, linklist_base)) != 0)
1987 linklist_ptr = (*linklist_base);
1988 (*linklist_count) = 0;
1990 while (linklist_ptr != NULL)
1992 ++(*linklist_count);
1993 linklist_ptr = linklist_ptr->next;
1999 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2000 char *distinguished_name, LK_ENTRY **linklist_current)
2007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2010 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2012 ldap_memfree(Attribute);
2013 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2016 retrieve_values(ldap_handle, ldap_entry, Attribute,
2017 distinguished_name, linklist_current);
2018 ldap_memfree(Attribute);
2022 ldap_ber_free(ptr, 0);
2027 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2028 char *Attribute, char *distinguished_name,
2029 LK_ENTRY **linklist_current)
2035 LK_ENTRY *linklist_previous;
2036 LDAP_BERVAL **ber_value;
2045 SID_IDENTIFIER_AUTHORITY *sid_auth;
2046 unsigned char *subauth_count;
2047 #endif /*LDAP_BEGUG*/
2050 memset(temp, '\0', sizeof(temp));
2052 if ((!strcmp(Attribute, "objectSid")) ||
2053 (!strcmp(Attribute, "objectGUID")))
2058 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2059 Ptr = (void **)ber_value;
2064 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2065 Ptr = (void **)str_value;
2073 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2076 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2077 linklist_previous->next = (*linklist_current);
2078 (*linklist_current) = linklist_previous;
2080 if (((*linklist_current)->attribute = calloc(1,
2081 strlen(Attribute) + 1)) == NULL)
2084 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2085 strcpy((*linklist_current)->attribute, Attribute);
2089 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2091 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2094 memset((*linklist_current)->value, '\0', ber_length);
2095 memcpy((*linklist_current)->value,
2096 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2097 (*linklist_current)->length = ber_length;
2101 if (((*linklist_current)->value = calloc(1,
2102 strlen(*Ptr) + 1)) == NULL)
2105 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2106 (*linklist_current)->length = strlen(*Ptr);
2107 strcpy((*linklist_current)->value, *Ptr);
2110 (*linklist_current)->ber_value = use_bervalue;
2112 if (((*linklist_current)->dn = calloc(1,
2113 strlen(distinguished_name) + 1)) == NULL)
2116 memset((*linklist_current)->dn, '\0',
2117 strlen(distinguished_name) + 1);
2118 strcpy((*linklist_current)->dn, distinguished_name);
2121 if (!strcmp(Attribute, "objectGUID"))
2123 guid = (GUID *)((*linklist_current)->value);
2125 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2126 guid->Data1, guid->Data2, guid->Data3,
2127 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2128 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2129 guid->Data4[6], guid->Data4[7]);
2130 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2132 else if (!strcmp(Attribute, "objectSid"))
2134 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2137 print_to_screen(" Revision = %d\n", sid->Revision);
2138 print_to_screen(" SID Identifier Authority:\n");
2139 sid_auth = &sid->IdentifierAuthority;
2140 if (sid_auth->Value[0])
2141 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2142 else if (sid_auth->Value[1])
2143 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2144 else if (sid_auth->Value[2])
2145 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2146 else if (sid_auth->Value[3])
2147 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2148 else if (sid_auth->Value[5])
2149 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2151 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2152 subauth_count = GetSidSubAuthorityCount(sid);
2153 print_to_screen(" SidSubAuthorityCount = %d\n",
2155 print_to_screen(" SidSubAuthority:\n");
2156 for (i = 0; i < *subauth_count; i++)
2158 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2159 print_to_screen(" %u\n", *subauth);
2163 else if ((!memcmp(Attribute, "userAccountControl",
2164 strlen("userAccountControl"))) ||
2165 (!memcmp(Attribute, "sAMAccountType",
2166 strlen("sAmAccountType"))))
2168 intValue = atoi(*Ptr);
2169 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2171 if (!memcmp(Attribute, "userAccountControl",
2172 strlen("userAccountControl")))
2174 if (intValue & UF_ACCOUNTDISABLE)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Account disabled");
2178 print_to_screen(" %20s : %s\n",
2179 "", "Account active");
2180 if (intValue & UF_HOMEDIR_REQUIRED)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Home directory required");
2183 if (intValue & UF_LOCKOUT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account locked out");
2186 if (intValue & UF_PASSWD_NOTREQD)
2187 print_to_screen(" %20s : %s\n",
2188 "", "No password required");
2189 if (intValue & UF_PASSWD_CANT_CHANGE)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Cannot change password");
2192 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Temp duplicate account");
2195 if (intValue & UF_NORMAL_ACCOUNT)
2196 print_to_screen(" %20s : %s\n",
2197 "", "Normal account");
2198 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Interdomain trust account");
2201 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Workstation trust account");
2204 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Server trust account");
2211 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2213 #endif /*LDAP_DEBUG*/
2216 if (str_value != NULL)
2217 ldap_value_free(str_value);
2219 if (ber_value != NULL)
2220 ldap_value_free_len(ber_value);
2223 (*linklist_current) = linklist_previous;
2228 int moira_connect(void)
2233 if (!mr_connections++)
2237 memset(HostName, '\0', sizeof(HostName));
2238 strcpy(HostName, "ttsp");
2239 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2243 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2252 int check_winad(void)
2256 for (i = 0; file_exists(STOP_FILE); i++)
2260 critical_alert("Ldap incremental",
2261 "Ldap incremental failed (%s exists): %s",
2262 STOP_FILE, tbl_buf);
2272 int moira_disconnect(void)
2275 if (!--mr_connections)
2283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2284 char *distinguished_name)
2288 CName = ldap_get_dn(ldap_handle, ldap_entry);
2293 strcpy(distinguished_name, CName);
2294 ldap_memfree(CName);
2297 int linklist_create_entry(char *attribute, char *value,
2298 LK_ENTRY **linklist_entry)
2300 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2302 if (!(*linklist_entry))
2307 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2308 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2309 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2310 strcpy((*linklist_entry)->attribute, attribute);
2311 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2312 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2313 strcpy((*linklist_entry)->value, value);
2314 (*linklist_entry)->length = strlen(value);
2315 (*linklist_entry)->next = NULL;
2320 void print_to_screen(const char *fmt, ...)
2324 va_start(pvar, fmt);
2325 vfprintf(stderr, fmt, pvar);
2330 int get_group_membership(char *group_membership, char *group_ou,
2331 int *security_flag, char **av)
2336 maillist_flag = atoi(av[L_MAILLIST]);
2337 group_flag = atoi(av[L_GROUP]);
2339 if (security_flag != NULL)
2340 (*security_flag) = 0;
2342 if ((maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'B';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_both);
2353 else if ((!maillist_flag) && (group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'S';
2358 if (security_flag != NULL)
2359 (*security_flag) = 1;
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_security);
2364 else if ((maillist_flag) && (!group_flag))
2366 if (group_membership != NULL)
2367 group_membership[0] = 'D';
2369 if (group_ou != NULL)
2370 strcpy(group_ou, group_ou_distribution);
2374 if (group_membership != NULL)
2375 group_membership[0] = 'N';
2377 if (group_ou != NULL)
2378 strcpy(group_ou, group_ou_neither);
2384 int group_rename(LDAP *ldap_handle, char *dn_path,
2385 char *before_group_name, char *before_group_membership,
2386 char *before_group_ou, int before_security_flag,
2387 char *before_desc, char *after_group_name,
2388 char *after_group_membership, char *after_group_ou,
2389 int after_security_flag, char *after_desc,
2390 char *MoiraId, char *filter, char *maillist)
2395 char new_dn_path[512];
2398 char mail_nickname[256];
2399 char proxy_address[256];
2400 char address_book[256];
2401 char *attr_array[3];
2402 char *mitMoiraId_v[] = {NULL, NULL};
2403 char *name_v[] = {NULL, NULL};
2404 char *samAccountName_v[] = {NULL, NULL};
2405 char *groupTypeControl_v[] = {NULL, NULL};
2406 char *mail_v[] = {NULL, NULL};
2407 char *proxy_address_v[] = {NULL, NULL};
2408 char *mail_nickname_v[] = {NULL, NULL};
2409 char *report_to_originator_v[] = {NULL, NULL};
2410 char *address_book_v[] = {NULL, NULL};
2411 char *legacy_exchange_dn_v[] = {NULL, NULL};
2412 char *null_v[] = {NULL, NULL};
2413 u_int groupTypeControl;
2414 char groupTypeControlStr[80];
2415 char contact_mail[256];
2419 LK_ENTRY *group_base;
2421 int MailDisabled = 0;
2423 if(UseGroupUniversal)
2424 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2426 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2428 if (!check_string(before_group_name))
2431 "Unable to process invalid LDAP list name %s",
2433 return(AD_INVALID_NAME);
2436 if (!check_string(after_group_name))
2439 "Unable to process invalid LDAP list name %s", after_group_name);
2440 return(AD_INVALID_NAME);
2450 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2451 attr_array[0] = "cn";
2452 attr_array[1] = NULL;
2454 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2455 &group_base, &group_count,
2456 LDAP_SCOPE_SUBTREE)) != 0)
2458 com_err(whoami, 0, "Unable to process group %s : %s",
2459 after_group_name, ldap_err2string(rc));
2465 com_err(whoami, 0, "Object already exists with name %s",
2470 linklist_free(group_base);
2479 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2480 before_group_membership,
2481 MoiraId, "samAccountName", &group_base,
2482 &group_count, filter))
2485 if (group_count == 0)
2487 return(AD_NO_GROUPS_FOUND);
2490 if (group_count != 1)
2492 com_err(whoami, 0, "Unable to process multiple groups with "
2493 "MoiraId = %s exist in the directory", MoiraId);
2494 return(AD_MULTIPLE_GROUPS_FOUND);
2497 strcpy(old_dn, group_base->dn);
2499 linklist_free(group_base);
2502 attr_array[0] = "sAMAccountName";
2503 attr_array[1] = NULL;
2505 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2506 &group_base, &group_count,
2507 LDAP_SCOPE_SUBTREE)) != 0)
2509 com_err(whoami, 0, "Unable to get list %s dn : %s",
2510 after_group_name, ldap_err2string(rc));
2514 if (group_count != 1)
2517 "Unable to get sAMAccountName for group %s",
2519 return(AD_LDAP_FAILURE);
2522 strcpy(sam_name, group_base->value);
2523 linklist_free(group_base);
2527 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2528 sprintf(new_dn, "cn=%s", after_group_name);
2529 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2530 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2531 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2532 lowercase(ldap_domain));
2533 sprintf(mail_nickname, "%s", after_group_name);
2535 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2537 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2538 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2540 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2541 before_group_name, after_group_name, ldap_err2string(rc));
2545 name_v[0] = after_group_name;
2547 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2548 group_suffix, strlen(group_suffix)))
2550 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2555 "Unable to rename list from %s to %s : sAMAccountName not found",
2556 before_group_name, after_group_name);
2560 samAccountName_v[0] = sam_name;
2562 if (after_security_flag)
2563 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2565 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2566 groupTypeControl_v[0] = groupTypeControlStr;
2567 mitMoiraId_v[0] = MoiraId;
2569 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2570 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2573 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2580 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2582 mail_nickname_v[0] = mail_nickname;
2583 proxy_address_v[0] = proxy_address;
2585 report_to_originator_v[0] = "TRUE";
2587 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("reportToOriginator", report_to_originator_v,
2595 mail_nickname_v[0] = NULL;
2596 proxy_address_v[0] = NULL;
2598 legacy_exchange_dn_v[0] = NULL;
2599 address_book_v[0] = NULL;
2600 report_to_originator_v[0] = NULL;
2602 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2603 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2604 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2605 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2606 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2607 ADD_ATTR("reportToOriginator", report_to_originator_v,
2613 if(atoi(maillist) && email_isvalid(contact_mail))
2615 mail_v[0] = contact_mail;
2616 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2618 if(!ActiveDirectory)
2620 null_v[0] = "/dev/null";
2621 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2628 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2631 "Unable to modify list data for %s after renaming: %s",
2632 after_group_name, ldap_err2string(rc));
2635 for (i = 0; i < n; i++)
2641 int group_create(int ac, char **av, void *ptr)
2646 char new_group_name[256];
2647 char sam_group_name[256];
2648 char cn_group_name[256];
2650 char contact_mail[256];
2651 char mail_nickname[256];
2652 char proxy_address[256];
2653 char address_book[256];
2654 char *cn_v[] = {NULL, NULL};
2655 char *objectClass_v[] = {"top", "group", NULL};
2656 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2657 "group", "mailRecipient", NULL};
2659 char *samAccountName_v[] = {NULL, NULL};
2660 char *altSecurityIdentities_v[] = {NULL, NULL};
2661 char *member_v[] = {NULL, NULL};
2662 char *name_v[] = {NULL, NULL};
2663 char *desc_v[] = {NULL, NULL};
2664 char *info_v[] = {NULL, NULL};
2665 char *mitMoiraId_v[] = {NULL, NULL};
2666 char *mitMoiraPublic_v[] = {NULL, NULL};
2667 char *mitMoiraHidden_v[] = {NULL, NULL};
2668 char *groupTypeControl_v[] = {NULL, NULL};
2669 char *mail_v[] = {NULL, NULL};
2670 char *proxy_address_v[] = {NULL, NULL};
2671 char *mail_nickname_v[] = {NULL, NULL};
2672 char *report_to_originator_v[] = {NULL, NULL};
2673 char *address_book_v[] = {NULL, NULL};
2674 char *legacy_exchange_dn_v[] = {NULL, NULL};
2675 char *gidNumber_v[] = {NULL, NULL};
2676 char *null_v[] = {NULL, NULL};
2677 char groupTypeControlStr[80];
2678 char group_membership[1];
2681 u_int groupTypeControl;
2685 int MailDisabled = 0;
2687 LK_ENTRY *group_base;
2690 char *attr_array[3];
2694 if(UseGroupUniversal)
2695 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2697 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2699 if (!check_string(av[L_NAME]))
2701 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2703 return(AD_INVALID_NAME);
2706 updateGroup = (int)call_args[4];
2707 memset(group_ou, 0, sizeof(group_ou));
2708 memset(group_membership, 0, sizeof(group_membership));
2711 get_group_membership(group_membership, group_ou, &security_flag, av);
2713 strcpy(new_group_name, av[L_NAME]);
2714 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2715 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2716 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2717 sprintf(mail_nickname, "%s", av[L_NAME]);
2720 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2722 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2726 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2727 groupTypeControl_v[0] = groupTypeControlStr;
2729 strcpy(cn_group_name, av[L_NAME]);
2731 samAccountName_v[0] = sam_group_name;
2732 name_v[0] = new_group_name;
2733 cn_v[0] = new_group_name;
2736 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2740 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2744 mitMoiraPublic_v[0] = av[L_PUBLIC];
2745 mitMoiraHidden_v[0] = av[L_HIDDEN];
2746 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2747 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2748 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2750 if(atoi(av[L_GROUP]))
2752 gidNumber_v[0] = av[L_GID];
2753 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2757 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2758 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2759 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2763 if(atoi(av[L_MAILLIST]))
2768 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2769 attr_array[0] = "cn";
2770 attr_array[1] = NULL;
2772 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2773 filter, attr_array, &group_base,
2775 LDAP_SCOPE_SUBTREE)) != 0)
2777 com_err(whoami, 0, "Unable to process group %s : %s",
2778 av[L_NAME], ldap_err2string(rc));
2784 com_err(whoami, 0, "Object already exists with name %s",
2789 linklist_free(group_base);
2794 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2796 mail_nickname_v[0] = mail_nickname;
2797 report_to_originator_v[0] = "TRUE";
2799 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2800 ADD_ATTR("reportToOriginator", report_to_originator_v,
2806 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2808 mail_v[0] = contact_mail;
2809 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2811 if(!ActiveDirectory)
2813 null_v[0] = "/dev/null";
2814 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2819 if (strlen(av[L_DESC]) != 0)
2821 desc_v[0] = av[L_DESC];
2822 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2825 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2827 if (strlen(av[L_ACE_NAME]) != 0)
2829 sprintf(info, "The Administrator of this list is: %s",
2832 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2835 if (strlen(call_args[5]) != 0)
2837 mitMoiraId_v[0] = call_args[5];
2838 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2843 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2845 for (i = 0; i < n; i++)
2848 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2850 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2851 av[L_NAME], ldap_err2string(rc));
2857 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2859 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2860 "description", av[L_NAME]);
2861 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2863 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2868 if (strlen(call_args[5]) != 0)
2870 mitMoiraId_v[0] = call_args[5];
2871 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2874 if (!(atoi(av[L_ACTIVE])))
2877 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2880 if (!ActiveDirectory)
2882 mitMoiraPublic_v[0] = av[L_PUBLIC];
2883 mitMoiraHidden_v[0] = av[L_HIDDEN];
2884 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2885 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2887 if(atoi(av[L_GROUP]))
2889 gidNumber_v[0] = av[L_GID];
2890 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2894 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2900 if(atoi(av[L_MAILLIST]))
2905 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2906 attr_array[0] = "cn";
2907 attr_array[1] = NULL;
2909 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2910 filter, attr_array, &group_base,
2912 LDAP_SCOPE_SUBTREE)) != 0)
2914 com_err(whoami, 0, "Unable to process group %s : %s",
2915 av[L_NAME], ldap_err2string(rc));
2921 com_err(whoami, 0, "Object already exists with name %s",
2926 linklist_free(group_base);
2931 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2933 mail_nickname_v[0] = mail_nickname;
2934 report_to_originator_v[0] = "TRUE";
2936 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("reportToOriginator", report_to_originator_v,
2943 mail_nickname_v[0] = NULL;
2944 proxy_address_v[0] = NULL;
2945 legacy_exchange_dn_v[0] = NULL;
2946 address_book_v[0] = NULL;
2947 report_to_originator_v[0] = NULL;
2949 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2950 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2951 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2952 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2954 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2955 ADD_ATTR("reportToOriginator", report_to_originator_v,
2961 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2963 mail_v[0] = contact_mail;
2964 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2966 if(!ActiveDirectory)
2968 null_v[0] = "/dev/null";
2969 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2975 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2977 if(!ActiveDirectory)
2980 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2990 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2992 for (i = 0; i < n; i++)
2995 if (rc != LDAP_SUCCESS)
2997 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2998 av[L_NAME], ldap_err2string(rc));
3005 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3006 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3008 return(LDAP_SUCCESS);
3011 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3012 char *TargetGroupName, int HiddenGroup,
3013 char *AceType, char *AceName)
3015 char filter_exp[1024];
3016 char *attr_array[5];
3017 char search_path[512];
3019 char TemplateDn[512];
3020 char TemplateSamName[128];
3022 char TargetSamName[128];
3023 char AceSamAccountName[128];
3025 unsigned char AceSid[128];
3026 unsigned char UserTemplateSid[128];
3027 char acBERBuf[N_SD_BER_BYTES];
3028 char GroupSecurityTemplate[256];
3029 char hide_addres_lists[256];
3030 char address_book[256];
3031 char *hide_address_lists_v[] = {NULL, NULL};
3032 char *address_book_v[] = {NULL, NULL};
3033 char *owner_v[] = {NULL, NULL};
3035 int UserTemplateSidCount;
3042 int array_count = 0;
3044 LK_ENTRY *group_base;
3045 LDAP_BERVAL **ppsValues;
3046 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3047 { N_SD_BER_BYTES, acBERBuf },
3050 LDAPControl *apsServerControls[] = {&sControl, NULL};
3053 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3054 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3055 BEREncodeSecurityBits(dwInfo, acBERBuf);
3057 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3058 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3059 attr_array[0] = "sAMAccountName";
3060 attr_array[1] = NULL;
3064 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3065 &group_base, &group_count,
3066 LDAP_SCOPE_SUBTREE) != 0))
3069 if (group_count != 1)
3071 linklist_free(group_base);
3075 strcpy(TargetDn, group_base->dn);
3076 strcpy(TargetSamName, group_base->value);
3077 linklist_free(group_base);
3081 UserTemplateSidCount = 0;
3082 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3083 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3084 memset(AceSid, '\0', sizeof(AceSid));
3089 if (strlen(AceName) != 0)
3091 if (!strcmp(AceType, "LIST"))
3093 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3094 strcpy(root_ou, group_ou_root);
3096 else if (!strcmp(AceType, "USER"))
3098 sprintf(AceSamAccountName, "%s", AceName);
3099 strcpy(root_ou, user_ou);
3102 if (ActiveDirectory)
3104 if (strlen(AceSamAccountName) != 0)
3106 sprintf(search_path, "%s", dn_path);
3107 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3108 attr_array[0] = "objectSid";
3109 attr_array[1] = NULL;
3113 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3114 attr_array, &group_base, &group_count,
3115 LDAP_SCOPE_SUBTREE) != 0))
3117 if (group_count == 1)
3119 strcpy(AceDn, group_base->dn);
3120 AceSidCount = group_base->length;
3121 memcpy(AceSid, group_base->value, AceSidCount);
3123 linklist_free(group_base);
3130 if (strlen(AceSamAccountName) != 0)
3132 sprintf(search_path, "%s", dn_path);
3133 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3134 attr_array[0] = "samAccountName";
3135 attr_array[1] = NULL;
3139 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3140 attr_array, &group_base, &group_count,
3141 LDAP_SCOPE_SUBTREE) != 0))
3143 if (group_count == 1)
3145 strcpy(AceDn, group_base->dn);
3147 linklist_free(group_base);
3154 if (!ActiveDirectory)
3156 if (strlen(AceDn) != 0)
3158 owner_v[0] = strdup(AceDn);
3160 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3164 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3166 for (i = 0; i < n; i++)
3169 if (rc != LDAP_SUCCESS)
3170 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3171 TargetGroupName, ldap_err2string(rc));
3177 if (AceSidCount == 0)
3179 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3180 "have a directory SID.", TargetGroupName, AceName, AceType);
3181 com_err(whoami, 0, " Non-admin security group template will be used.");
3185 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3186 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3187 attr_array[0] = "objectSid";
3188 attr_array[1] = NULL;
3193 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3194 attr_array, &group_base, &group_count,
3195 LDAP_SCOPE_SUBTREE) != 0))
3198 if ((rc != 0) || (group_count != 1))
3200 com_err(whoami, 0, "Unable to process user security template: %s",
3206 UserTemplateSidCount = group_base->length;
3207 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3209 linklist_free(group_base);
3216 if (AceSidCount == 0)
3218 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3219 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3223 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3224 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3229 if (AceSidCount == 0)
3231 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3232 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3236 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3237 sprintf(filter_exp, "(sAMAccountName=%s)",
3238 NOT_HIDDEN_GROUP_WITH_ADMIN);
3242 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3243 attr_array[0] = "sAMAccountName";
3244 attr_array[1] = NULL;
3248 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3249 &group_base, &group_count,
3250 LDAP_SCOPE_SUBTREE) != 0))
3253 if (group_count != 1)
3255 linklist_free(group_base);
3256 com_err(whoami, 0, "Unable to process group security template: %s - "
3257 "security not set", GroupSecurityTemplate);
3261 strcpy(TemplateDn, group_base->dn);
3262 strcpy(TemplateSamName, group_base->value);
3263 linklist_free(group_base);
3267 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3268 rc = ldap_search_ext_s(ldap_handle,
3280 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3282 com_err(whoami, 0, "Unable to find group security template: %s - "
3283 "security not set", GroupSecurityTemplate);
3287 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3289 if (ppsValues == NULL)
3291 com_err(whoami, 0, "Unable to find group security descriptor for group "
3292 "%s - security not set", GroupSecurityTemplate);
3296 if (AceSidCount != 0)
3298 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3301 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3303 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3304 UserTemplateSidCount))
3306 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3314 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3315 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3321 hide_address_lists_v[0] = "TRUE";
3322 address_book_v[0] = NULL;
3323 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3325 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3327 hide_address_lists_v[0] = NULL;
3328 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3335 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3337 for (i = 0; i < n; i++)
3340 ldap_value_free_len(ppsValues);
3341 ldap_msgfree(psMsg);
3343 if (rc != LDAP_SUCCESS)
3345 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3346 TargetGroupName, ldap_err2string(rc));
3348 if (AceSidCount != 0)
3351 "Trying to set security for group %s without admin.",
3354 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3355 HiddenGroup, "", ""))
3357 com_err(whoami, 0, "Unable to set security for group %s.",
3368 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3369 char *group_membership, char *MoiraId)
3371 LK_ENTRY *group_base;
3377 if (!check_string(group_name))
3380 "Unable to process invalid LDAP list name %s", group_name);
3381 return(AD_INVALID_NAME);
3384 memset(filter, '\0', sizeof(filter));
3387 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3389 if (rc = ad_get_group(ldap_handle, temp, group_name,
3390 group_membership, MoiraId,
3391 "samAccountName", &group_base,
3392 &group_count, filter))
3395 if (group_count == 1)
3397 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3399 linklist_free(group_base);
3400 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3401 group_name, ldap_err2string(rc));
3404 linklist_free(group_base);
3408 linklist_free(group_base);
3409 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3410 return(AD_NO_GROUPS_FOUND);
3416 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3422 return(N_SD_BER_BYTES);
3425 int process_lists(int ac, char **av, void *ptr)
3430 char group_membership[2];
3436 memset(group_ou, '\0', sizeof(group_ou));
3437 memset(group_membership, '\0', sizeof(group_membership));
3438 get_group_membership(group_membership, group_ou, &security_flag, av);
3439 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3440 av[L_NAME], group_ou, group_membership,
3446 int member_list_build(int ac, char **av, void *ptr)
3454 strcpy(temp, av[ACE_NAME]);
3457 if (!check_string(temp))
3460 if (!strcmp(av[ACE_TYPE], "USER"))
3462 if (!((int)call_args[3] & MOIRA_USERS))
3465 else if (!strcmp(av[ACE_TYPE], "STRING"))
3469 if((s = strchr(temp, '@')) == (char *) NULL)
3471 strcat(temp, "@mit.edu");
3474 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3476 s = strrchr(temp, '.');
3478 strcat(s, ".mit.edu");
3482 if (!((int)call_args[3] & MOIRA_STRINGS))
3485 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3488 else if (!strcmp(av[ACE_TYPE], "LIST"))
3490 if (!((int)call_args[3] & MOIRA_LISTS))
3493 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3495 if (!((int)call_args[3] & MOIRA_KERBEROS))
3498 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3503 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3505 if (!((int)call_args[3] & MOIRA_MACHINE))
3511 linklist = member_base;
3515 if (!strcasecmp(temp, linklist->member) &&
3516 !strcasecmp(av[ACE_TYPE], linklist->type))
3519 linklist = linklist->next;
3522 linklist = calloc(1, sizeof(LK_ENTRY));
3524 linklist->dn = NULL;
3525 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3526 strcpy(linklist->list, call_args[2]);
3527 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3528 strcpy(linklist->type, av[ACE_TYPE]);
3529 linklist->member = calloc(1, strlen(temp) + 1);
3530 strcpy(linklist->member, temp);
3531 linklist->next = member_base;
3532 member_base = linklist;
3537 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3538 char *group_ou, char *group_membership, char *user_name,
3539 char *UserOu, char *MoiraId)
3541 char distinguished_name[1024];
3545 char *attr_array[3];
3550 LK_ENTRY *group_base;
3554 if (!check_string(group_name))
3555 return(AD_INVALID_NAME);
3557 memset(filter, '\0', sizeof(filter));
3561 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3562 group_membership, MoiraId,
3563 "samAccountName", &group_base,
3564 &group_count, filter))
3567 if (group_count != 1)
3569 com_err(whoami, 0, "Unable to find list %s in directory",
3571 linklist_free(group_base);
3577 strcpy(distinguished_name, group_base->dn);
3578 linklist_free(group_base);
3584 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3588 if(!strcmp(UserOu, user_ou))
3589 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3591 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3594 modvalues[0] = temp;
3595 modvalues[1] = NULL;
3598 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3600 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3602 for (i = 0; i < n; i++)
3605 if (rc == LDAP_UNWILLING_TO_PERFORM)
3608 if (rc != LDAP_SUCCESS)
3610 com_err(whoami, 0, "Unable to modify list %s members : %s",
3611 group_name, ldap_err2string(rc));
3615 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3619 if(!strcmp(UserOu, contact_ou) &&
3620 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3622 memset(temp, '\0', sizeof(temp));
3623 strcpy(temp, user_name);
3624 s = strchr(temp, '@');
3627 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3629 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3630 &group_base, &group_count,
3631 LDAP_SCOPE_SUBTREE) != 0))
3637 linklist_free(group_base);
3642 sprintf(filter, "(distinguishedName=%s)", temp);
3643 attr_array[0] = "memberOf";
3644 attr_array[1] = NULL;
3646 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3647 &group_base, &group_count,
3648 LDAP_SCOPE_SUBTREE) != 0))
3654 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3656 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3666 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3667 char *group_ou, char *group_membership, char *user_name,
3668 char *UserOu, char *MoiraId)
3670 char distinguished_name[1024];
3678 LK_ENTRY *group_base;
3681 if (!check_string(group_name))
3682 return(AD_INVALID_NAME);
3685 memset(filter, '\0', sizeof(filter));
3689 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3690 group_membership, MoiraId,
3691 "samAccountName", &group_base,
3692 &group_count, filter))
3695 if (group_count != 1)
3697 linklist_free(group_base);
3700 com_err(whoami, 0, "Unable to find list %s %d in directory",
3701 group_name, group_count);
3702 return(AD_MULTIPLE_GROUPS_FOUND);
3705 strcpy(distinguished_name, group_base->dn);
3706 linklist_free(group_base);
3712 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3716 if(!strcmp(UserOu, user_ou))
3717 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3719 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3722 modvalues[0] = temp;
3723 modvalues[1] = NULL;
3726 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3728 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3730 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3733 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3735 if (rc == LDAP_UNWILLING_TO_PERFORM)
3739 for (i = 0; i < n; i++)
3742 if (rc != LDAP_SUCCESS)
3744 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3745 user_name, group_name, ldap_err2string(rc));
3751 int contact_remove_email(LDAP *ld, char *bind_path,
3752 LK_ENTRY **linklist_base, int linklist_current)
3756 char *mail_v[] = {NULL, NULL};
3764 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3765 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3766 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3767 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3770 gPtr = (*linklist_base);
3773 rc = ldap_modify_s(ld, gPtr->dn, mods);
3775 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3777 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3778 gPtr->dn, ldap_err2string(rc));
3785 for (i = 0; i < n; i++)
3791 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3794 LK_ENTRY *group_base;
3797 char cn_user_name[256];
3798 char contact_name[256];
3799 char mail_nickname[256];
3800 char proxy_address_internal[256];
3801 char proxy_address_external[256];
3802 char target_address[256];
3803 char internal_contact_name[256];
3806 char principal[256];
3807 char mit_address_book[256];
3808 char default_address_book[256];
3809 char contact_address_book[256];
3811 char *email_v[] = {NULL, NULL};
3812 char *cn_v[] = {NULL, NULL};
3813 char *contact_v[] = {NULL, NULL};
3814 char *uid_v[] = {NULL, NULL};
3815 char *mail_nickname_v[] = {NULL, NULL};
3816 char *proxy_address_internal_v[] = {NULL, NULL};
3817 char *proxy_address_external_v[] = {NULL, NULL};
3818 char *target_address_v[] = {NULL, NULL};
3819 char *mit_address_book_v[] = {NULL, NULL};
3820 char *default_address_book_v[] = {NULL, NULL};
3821 char *contact_address_book_v[] = {NULL, NULL};
3822 char *hide_address_lists_v[] = {NULL, NULL};
3823 char *attr_array[3];
3824 char *objectClass_v[] = {"top", "person",
3825 "organizationalPerson",
3827 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3828 "inetOrgPerson", "organizationalPerson",
3829 "contact", "mailRecipient", "eduPerson",
3831 char *name_v[] = {NULL, NULL};
3832 char *desc_v[] = {NULL, NULL};
3839 char *mail_routing_v[] = {NULL, NULL};
3840 char *principal_v[] = {NULL, NULL};
3842 if (!check_string(user))
3844 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3845 return(AD_INVALID_NAME);
3849 strcpy(contact_name, mail);
3850 strcpy(internal_contact_name, mail);
3852 if((s = strchr(internal_contact_name, '@')) != NULL) {
3856 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3859 sprintf(target_address, "SMTP:%s", contact_name);
3860 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3861 sprintf(mail_nickname, "%s", internal_contact_name);
3863 cn_v[0] = cn_user_name;
3864 contact_v[0] = contact_name;
3867 desc_v[0] = "Auto account created by Moira";
3869 proxy_address_internal_v[0] = proxy_address_internal;
3870 proxy_address_external_v[0] = proxy_address_external;
3871 mail_nickname_v[0] = mail_nickname;
3872 target_address_v[0] = target_address;
3873 mit_address_book_v[0] = mit_address_book;
3874 default_address_book_v[0] = default_address_book;
3875 contact_address_book_v[0] = contact_address_book;
3876 strcpy(new_dn, cn_user_name);
3879 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3881 if(!ActiveDirectory)
3883 if(!strcmp(group_ou, contact_ou))
3884 sprintf(uid, "%s%s", contact_name, "_strings");
3886 if(!strcmp(group_ou, kerberos_ou))
3887 sprintf(uid, "%s%s", contact_name, "_kerberos");
3891 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3892 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3897 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3901 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3904 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3905 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3906 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3910 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3915 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3916 attr_array[0] = "cn";
3917 attr_array[1] = NULL;
3919 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3920 &group_base, &group_count,
3921 LDAP_SCOPE_SUBTREE)) != 0)
3923 com_err(whoami, 0, "Unable to process contact %s : %s",
3924 user, ldap_err2string(rc));
3930 com_err(whoami, 0, "Object already exists with name %s",
3935 linklist_free(group_base);
3939 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3940 attr_array[0] = "cn";
3941 attr_array[1] = NULL;
3943 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3944 &group_base, &group_count,
3945 LDAP_SCOPE_SUBTREE)) != 0)
3947 com_err(whoami, 0, "Unable to process contact %s : %s",
3948 user, ldap_err2string(rc));
3954 com_err(whoami, 0, "Object already exists with name %s",
3959 linklist_free(group_base);
3963 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3964 attr_array[0] = "cn";
3965 attr_array[1] = NULL;
3967 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3968 &group_base, &group_count,
3969 LDAP_SCOPE_SUBTREE)) != 0)
3971 com_err(whoami, 0, "Unable to process contact %s : %s",
3972 user, ldap_err2string(rc));
3978 com_err(whoami, 0, "Object already exists with name %s",
3983 linklist_free(group_base);
3987 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3988 attr_array[0] = "cn";
3989 attr_array[1] = NULL;
3991 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3992 &group_base, &group_count,
3993 LDAP_SCOPE_SUBTREE)) != 0)
3995 com_err(whoami, 0, "Unable to process contact %s : %s",
3996 user, ldap_err2string(rc));
4002 com_err(whoami, 0, "Object already exists with name %s",
4007 linklist_free(group_base);
4011 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4012 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4013 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4014 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4016 hide_address_lists_v[0] = "TRUE";
4017 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4022 if(!ActiveDirectory)
4024 if((c = strchr(mail, '@')) == NULL)
4025 sprintf(temp, "%s@mit.edu", mail);
4027 sprintf(temp, "%s", mail);
4029 mail_routing_v[0] = temp;
4031 principal_v[0] = principal;
4033 if(!strcmp(group_ou, contact_ou))
4035 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4036 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4042 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4044 for (i = 0; i < n; i++)
4049 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4050 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4054 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4055 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4056 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4058 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4060 hide_address_lists_v[0] = "TRUE";
4061 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4065 rc = ldap_modify_s(ld, new_dn, mods);
4069 com_err(whoami, 0, "Unable to update contact %s", mail);
4072 for (i = 0; i < n; i++)
4077 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4079 com_err(whoami, 0, "Unable to create contact %s : %s",
4080 user, ldap_err2string(rc));
4087 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4088 char *Uid, char *MitId, char *MoiraId, int State,
4089 char *WinHomeDir, char *WinProfileDir, char *first,
4090 char *middle, char *last, char *shell, char *class)
4093 LK_ENTRY *group_base;
4095 char distinguished_name[512];
4096 char displayName[256];
4097 char *mitMoiraId_v[] = {NULL, NULL};
4098 char *mitMoiraClass_v[] = {NULL, NULL};
4099 char *mitMoiraStatus_v[] = {NULL, NULL};
4100 char *uid_v[] = {NULL, NULL};
4101 char *mitid_v[] = {NULL, NULL};
4102 char *homedir_v[] = {NULL, NULL};
4103 char *winProfile_v[] = {NULL, NULL};
4104 char *drives_v[] = {NULL, NULL};
4105 char *userAccountControl_v[] = {NULL, NULL};
4106 char *alt_recipient_v[] = {NULL, NULL};
4107 char *hide_address_lists_v[] = {NULL, NULL};
4108 char *mail_v[] = {NULL, NULL};
4109 char *gid_v[] = {NULL, NULL};
4110 char *loginshell_v[] = {NULL, NULL};
4111 char *principal_v[] = {NULL, NULL};
4112 char userAccountControlStr[80];
4117 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4118 UF_PASSWD_CANT_CHANGE;
4120 char *attr_array[3];
4123 char contact_mail[256];
4124 char filter_exp[1024];
4125 char search_path[512];
4126 char TemplateDn[512];
4127 char TemplateSamName[128];
4128 char alt_recipient[256];
4129 char principal[256];
4131 char acBERBuf[N_SD_BER_BYTES];
4132 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4133 { N_SD_BER_BYTES, acBERBuf },
4135 LDAPControl *apsServerControls[] = {&sControl, NULL};
4137 LDAP_BERVAL **ppsValues;
4141 char *homeServerName;
4143 char search_string[256];
4145 char *mail_routing_v[] = {NULL, NULL};
4148 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4149 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4150 BEREncodeSecurityBits(dwInfo, acBERBuf);
4152 if (!check_string(user_name))
4154 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4156 return(AD_INVALID_NAME);
4159 memset(contact_mail, '\0', sizeof(contact_mail));
4160 sprintf(contact_mail, "%s@mit.edu", user_name);
4161 memset(mail, '\0', sizeof(mail));
4162 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4163 memset(alt_recipient, '\0', sizeof(alt_recipient));
4164 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4166 sprintf(search_string, "@%s", uppercase(ldap_domain));
4170 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4172 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4179 memset(displayName, '\0', sizeof(displayName));
4181 if (strlen(MoiraId) != 0)
4185 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4190 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4193 attr_array[0] = "cn";
4194 attr_array[1] = NULL;
4195 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4196 &group_base, &group_count,
4197 LDAP_SCOPE_SUBTREE)) != 0)
4199 com_err(whoami, 0, "Unable to process user %s : %s",
4200 user_name, ldap_err2string(rc));
4205 if (group_count != 1)
4207 linklist_free(group_base);
4210 sprintf(filter, "(sAMAccountName=%s)", user_name);
4211 attr_array[0] = "cn";
4212 attr_array[1] = NULL;
4213 sprintf(temp, "%s,%s", user_ou, dn_path);
4214 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4215 &group_base, &group_count,
4216 LDAP_SCOPE_SUBTREE)) != 0)
4218 com_err(whoami, 0, "Unable to process user %s : %s",
4219 user_name, ldap_err2string(rc));
4224 if (group_count != 1)
4226 com_err(whoami, 0, "Unable to find user %s in directory",
4228 linklist_free(group_base);
4229 return(AD_NO_USER_FOUND);
4232 strcpy(distinguished_name, group_base->dn);
4234 linklist_free(group_base);
4237 if(!ActiveDirectory)
4239 if (rc = moira_connect())
4241 critical_alert("Ldap incremental",
4242 "Error contacting Moira server : %s",
4247 argv[0] = user_name;
4249 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4252 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4254 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4256 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4261 "Unable to set the mailRoutingAddress for %s : %s",
4262 user_name, ldap_err2string(rc));
4264 p = strdup(save_argv[3]);
4266 if((c = strchr(p, ',')) != NULL)
4271 if ((c = strchr(q, '@')) == NULL)
4272 sprintf(temp, "%s@mit.edu", q);
4274 sprintf(temp, "%s", q);
4276 if(email_isvalid(temp) && State != US_DELETED)
4278 mail_routing_v[0] = temp;
4281 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4283 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4285 if (rc == LDAP_ALREADY_EXISTS ||
4286 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4291 "Unable to set the mailRoutingAddress for %s : %s",
4292 user_name, ldap_err2string(rc));
4295 while((q = strtok(NULL, ",")) != NULL) {
4298 if((c = strchr(q, '@')) == NULL)
4299 sprintf(temp, "%s@mit.edu", q);
4301 sprintf(temp, "%s", q);
4303 if(email_isvalid(temp) && State != US_DELETED)
4305 mail_routing_v[0] = temp;
4308 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4311 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4313 if (rc == LDAP_ALREADY_EXISTS ||
4314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4319 "Unable to set the mailRoutingAddress for "
4321 user_name, ldap_err2string(rc));
4327 if((c = strchr(p, '@')) == NULL)
4328 sprintf(temp, "%s@mit.edu", p);
4330 sprintf(temp, "%s", p);
4332 if(email_isvalid(temp) && State != US_DELETED)
4334 mail_routing_v[0] = temp;
4337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4339 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4341 if (rc == LDAP_ALREADY_EXISTS ||
4342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4347 "Unable to set the mailRoutingAddress for %s : %s",
4348 user_name, ldap_err2string(rc));
4355 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4356 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4357 "employeeID", user_name);
4359 rc = attribute_update(ldap_handle, distinguished_name, "none",
4360 "employeeID", user_name);
4363 strcat(displayName, first);
4366 if(strlen(middle)) {
4368 strcat(displayName, " ");
4370 strcat(displayName, middle);
4374 if(strlen(middle) || strlen(first))
4375 strcat(displayName, " ");
4377 strcat(displayName, last);
4380 if(strlen(displayName))
4381 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4382 "displayName", user_name);
4384 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4385 "displayName", user_name);
4387 if(!ActiveDirectory)
4389 if(strlen(displayName))
4390 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4393 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4397 if(!ActiveDirectory)
4399 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4400 "eduPersonNickname", user_name);
4404 rc = attribute_update(ldap_handle, distinguished_name, first,
4405 "givenName", user_name);
4407 rc = attribute_update(ldap_handle, distinguished_name, "",
4408 "givenName", user_name);
4410 if(strlen(middle) == 1)
4411 rc = attribute_update(ldap_handle, distinguished_name, middle,
4412 "initials", user_name);
4414 rc = attribute_update(ldap_handle, distinguished_name, "",
4415 "initials", user_name);
4418 rc = attribute_update(ldap_handle, distinguished_name, last,
4421 rc = attribute_update(ldap_handle, distinguished_name, "",
4426 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4431 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4435 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4436 "mitMoiraId", user_name);
4445 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4454 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4455 sprintf(status, "%d", State);
4456 principal_v[0] = principal;
4457 loginshell_v[0] = shell;
4458 mitMoiraClass_v[0] = class;
4459 mitMoiraStatus_v[0] = status;
4461 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4462 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4463 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4464 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4465 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4466 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4469 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4471 userAccountControl |= UF_ACCOUNTDISABLE;
4475 hide_address_lists_v[0] = "TRUE";
4476 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4484 hide_address_lists_v[0] = NULL;
4485 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4490 sprintf(userAccountControlStr, "%ld", userAccountControl);
4491 userAccountControl_v[0] = userAccountControlStr;
4492 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4496 if (rc = moira_connect())
4498 critical_alert("Ldap incremental",
4499 "Error contacting Moira server : %s",
4504 argv[0] = user_name;
4506 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4508 if(!strcmp(save_argv[1], "EXCHANGE") ||
4509 (strstr(save_argv[3], search_string) != NULL))
4511 alt_recipient_v[0] = NULL;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_EXISTS))
4522 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4523 user_name, exchange_acl, error_message(rc));
4528 alt_recipient_v[0] = alt_recipient;
4529 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4531 argv[0] = exchange_acl;
4533 argv[2] = user_name;
4535 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4537 if ((rc) && (rc != MR_NO_MATCH))
4540 "Unable to remove user %s from %s: %s, %d",
4541 user_name, exchange_acl, error_message(rc), rc);
4547 alt_recipient_v[0] = alt_recipient;
4548 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4550 argv[0] = exchange_acl;
4552 argv[2] = user_name;
4554 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4556 if ((rc) && (rc != MR_NO_MATCH))
4559 "Unable to remove user %s from %s: %s, %d",
4560 user_name, exchange_acl, error_message(rc), rc);
4568 mail_v[0] = contact_mail;
4569 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4571 if(!ActiveDirectory)
4573 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4577 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4578 WinProfileDir, homedir_v, winProfile_v,
4579 drives_v, mods, LDAP_MOD_REPLACE, n);
4583 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4584 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4585 attr_array[0] = "sAMAccountName";
4586 attr_array[1] = NULL;
4590 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4592 &group_base, &group_count,
4593 LDAP_SCOPE_SUBTREE) != 0))
4596 if (group_count != 1)
4598 com_err(whoami, 0, "Unable to process user security template: %s - "
4599 "security not set", "UserTemplate.u");
4603 strcpy(TemplateDn, group_base->dn);
4604 strcpy(TemplateSamName, group_base->value);
4605 linklist_free(group_base);
4609 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4610 filter_exp, NULL, 0, apsServerControls, NULL,
4613 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4615 com_err(whoami, 0, "Unable to find user security template: %s - "
4616 "security not set", "UserTemplate.u");
4620 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4621 "ntSecurityDescriptor");
4623 if (ppsValues == NULL)
4625 com_err(whoami, 0, "Unable to find user security template: %s - "
4626 "security not set", "UserTemplate.u");
4630 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4631 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4636 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4637 mods)) != LDAP_SUCCESS)
4639 OldUseSFU30 = UseSFU30;
4640 SwitchSFU(mods, &UseSFU30, n);
4641 if (OldUseSFU30 != UseSFU30)
4642 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4645 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4646 user_name, ldap_err2string(rc));
4650 for (i = 0; i < n; i++)
4656 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4664 char contact_mail[256];
4665 char proxy_address[256];
4666 char query_base_dn[256];
4668 char *userPrincipalName_v[] = {NULL, NULL};
4669 char *altSecurityIdentities_v[] = {NULL, NULL};
4670 char *name_v[] = {NULL, NULL};
4671 char *samAccountName_v[] = {NULL, NULL};
4672 char *mail_v[] = {NULL, NULL};
4673 char *mail_nickname_v[] = {NULL, NULL};
4674 char *proxy_address_v[] = {NULL, NULL};
4675 char *query_base_dn_v[] = {NULL, NULL};
4676 char *principal_v[] = {NULL, NULL};
4677 char principal[256];
4682 if (!check_string(before_user_name))
4685 "Unable to process invalid LDAP user name %s", before_user_name);
4686 return(AD_INVALID_NAME);
4689 if (!check_string(user_name))
4692 "Unable to process invalid LDAP user name %s", user_name);
4693 return(AD_INVALID_NAME);
4696 strcpy(user_name, user_name);
4699 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4701 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4704 sprintf(new_dn, "cn=%s", user_name);
4706 sprintf(new_dn, "uid=%s", user_name);
4708 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4709 sprintf(contact_mail, "%s@mit.edu", user_name);
4710 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4711 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4713 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4714 NULL, NULL)) != LDAP_SUCCESS)
4716 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4717 before_user_name, user_name, ldap_err2string(rc));
4723 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4726 if(rc = ldap_delete_s(ldap_handle, temp))
4728 com_err(whoami, 0, "Unable to delete user contact for %s",
4732 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4734 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4738 name_v[0] = user_name;
4739 sprintf(upn, "%s@%s", user_name, ldap_domain);
4740 userPrincipalName_v[0] = upn;
4741 principal_v[0] = principal;
4742 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4743 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4744 altSecurityIdentities_v[0] = temp;
4745 samAccountName_v[0] = user_name;
4747 mail_nickname_v[0] = user_name;
4748 proxy_address_v[0] = proxy_address;
4749 query_base_dn_v[0] = query_base_dn;
4752 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4753 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4754 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4755 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4757 if(!ActiveDirectory)
4759 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4760 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4761 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4762 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4767 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4768 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4769 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4770 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4774 mail_v[0] = contact_mail;
4775 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4777 if(!ActiveDirectory)
4779 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4786 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4788 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4790 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4793 "Unable to modify user data for %s after renaming : %s",
4794 user_name, ldap_err2string(rc));
4797 for (i = 0; i < n; i++)
4803 int user_create(int ac, char **av, void *ptr)
4807 char user_name[256];
4811 char contact_mail[256];
4812 char proxy_address[256];
4813 char mail_nickname[256];
4814 char query_base_dn[256];
4815 char displayName[256];
4816 char address_book[256];
4817 char alt_recipient[256];
4818 char *cn_v[] = {NULL, NULL};
4819 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4821 char *objectClass_ldap_v[] = {"top",
4822 "eduPerson", "posixAccount",
4823 "apple-user", "shadowAccount",
4824 "microsoftComTop", "securityPrincipal",
4825 "inetOrgPerson", "user",
4826 "organizationalPerson", "person",
4827 "mailRecipient", NULL};
4829 char *samAccountName_v[] = {NULL, NULL};
4830 char *altSecurityIdentities_v[] = {NULL, NULL};
4831 char *mitMoiraId_v[] = {NULL, NULL};
4832 char *mitMoiraClass_v[] = {NULL, NULL};
4833 char *mitMoiraStatus_v[] = {NULL, NULL};
4834 char *name_v[] = {NULL, NULL};
4835 char *desc_v[] = {NULL, NULL};
4836 char *userPrincipalName_v[] = {NULL, NULL};
4837 char *userAccountControl_v[] = {NULL, NULL};
4838 char *uid_v[] = {NULL, NULL};
4839 char *gid_v[] = {NULL, NULL};
4840 char *mitid_v[] = {NULL, NULL};
4841 char *homedir_v[] = {NULL, NULL};
4842 char *winProfile_v[] = {NULL, NULL};
4843 char *drives_v[] = {NULL, NULL};
4844 char *mail_v[] = {NULL, NULL};
4845 char *givenName_v[] = {NULL, NULL};
4846 char *sn_v[] = {NULL, NULL};
4847 char *initials_v[] = {NULL, NULL};
4848 char *displayName_v[] = {NULL, NULL};
4849 char *proxy_address_v[] = {NULL, NULL};
4850 char *mail_nickname_v[] = {NULL, NULL};
4851 char *query_base_dn_v[] = {NULL, NULL};
4852 char *address_book_v[] = {NULL, NULL};
4853 char *homeMDB_v[] = {NULL, NULL};
4854 char *homeServerName_v[] = {NULL, NULL};
4855 char *mdbUseDefaults_v[] = {NULL, NULL};
4856 char *mailbox_guid_v[] = {NULL, NULL};
4857 char *user_culture_v[] = {NULL, NULL};
4858 char *user_account_control_v[] = {NULL, NULL};
4859 char *msexch_version_v[] = {NULL, NULL};
4860 char *alt_recipient_v[] = {NULL, NULL};
4861 char *hide_address_lists_v[] = {NULL, NULL};
4862 char *principal_v[] = {NULL, NULL};
4863 char *loginshell_v[] = {NULL, NULL};
4864 char userAccountControlStr[80];
4866 char principal[256];
4867 char filter_exp[1024];
4868 char search_path[512];
4869 char *attr_array[3];
4870 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4871 UF_PASSWD_CANT_CHANGE;
4877 char WinHomeDir[1024];
4878 char WinProfileDir[1024];
4880 char *homeServerName;
4882 char acBERBuf[N_SD_BER_BYTES];
4883 LK_ENTRY *group_base;
4885 char TemplateDn[512];
4886 char TemplateSamName[128];
4887 LDAP_BERVAL **ppsValues;
4888 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4889 { N_SD_BER_BYTES, acBERBuf },
4891 LDAPControl *apsServerControls[] = {&sControl, NULL};
4895 char search_string[256];
4896 char *o_v[] = {NULL, NULL};
4898 char *mail_routing_v[] = {NULL, NULL};
4903 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4904 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4905 BEREncodeSecurityBits(dwInfo, acBERBuf);
4907 if (!check_string(av[U_NAME]))
4909 callback_rc = AD_INVALID_NAME;
4910 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4912 return(AD_INVALID_NAME);
4915 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4916 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4917 memset(displayName, '\0', sizeof(displayName));
4918 memset(query_base_dn, '\0', sizeof(query_base_dn));
4919 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4920 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4921 strcpy(user_name, av[U_NAME]);
4922 sprintf(upn, "%s@%s", user_name, ldap_domain);
4923 sprintf(sam_name, "%s", av[U_NAME]);
4925 if(strlen(av[U_FIRST])) {
4926 strcat(displayName, av[U_FIRST]);
4929 if(strlen(av[U_MIDDLE])) {
4930 if(strlen(av[U_FIRST]))
4931 strcat(displayName, " ");
4933 strcat(displayName, av[U_MIDDLE]);
4936 if(strlen(av[U_LAST])) {
4937 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4938 strcat(displayName, " ");
4940 strcat(displayName, av[U_LAST]);
4943 samAccountName_v[0] = sam_name;
4944 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4945 (atoi(av[U_STATE]) != US_REGISTERED))
4947 userAccountControl |= UF_ACCOUNTDISABLE;
4951 hide_address_lists_v[0] = "TRUE";
4952 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4957 sprintf(userAccountControlStr, "%ld", userAccountControl);
4958 userAccountControl_v[0] = userAccountControlStr;
4959 userPrincipalName_v[0] = upn;
4962 cn_v[0] = user_name;
4964 cn_v[0] = displayName;
4966 name_v[0] = user_name;
4967 desc_v[0] = "Auto account created by Moira";
4969 givenName_v[0] = av[U_FIRST];
4972 sn_v[0] = av[U_LAST];
4974 if(strlen(av[U_LAST]))
4975 sn_v[0] = av[U_LAST];
4977 sn_v[0] = av[U_NAME];
4979 displayName_v[0] = displayName;
4980 mail_nickname_v[0] = user_name;
4981 o_v[0] = "Massachusetts Institute of Technology";
4983 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4984 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4985 altSecurityIdentities_v[0] = temp;
4986 principal_v[0] = principal;
4989 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4991 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4993 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4994 sprintf(contact_mail, "%s@mit.edu", user_name);
4995 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4996 query_base_dn_v[0] = query_base_dn;
4997 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4999 sprintf(search_string, "@%s", uppercase(ldap_domain));
5003 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5006 com_err(whoami, 0, "Unable to create user contact %s",
5010 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5013 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5017 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5018 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5020 homeMDB_v[0] = homeMDB;
5021 homeServerName_v[0] = homeServerName;
5026 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5030 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5034 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5037 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5038 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5039 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5040 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5041 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5045 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5046 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5047 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5048 mdbUseDefaults_v[0] = "TRUE";
5049 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5050 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5052 argv[0] = user_name;
5054 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5056 if(!strcmp(save_argv[1], "EXCHANGE") ||
5057 (strstr(save_argv[3], search_string) != NULL))
5059 argv[0] = exchange_acl;
5061 argv[2] = user_name;
5063 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5065 if ((rc) && (rc != MR_EXISTS))
5067 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5068 user_name, exchange_acl, error_message(rc));
5073 alt_recipient_v[0] = alt_recipient;
5074 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5079 alt_recipient_v[0] = alt_recipient;
5080 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5082 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5087 mail_v[0] = contact_mail;
5088 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5090 if(!ActiveDirectory)
5092 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5096 if(strlen(av[U_FIRST])) {
5097 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5100 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5101 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5104 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5105 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5107 if(!ActiveDirectory)
5109 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5112 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5114 if(!ActiveDirectory)
5116 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5120 if (strlen(av[U_MIDDLE]) == 1) {
5121 initials_v[0] = av[U_MIDDLE];
5122 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5125 if (strlen(call_args[2]) != 0)
5127 mitMoiraId_v[0] = call_args[2];
5128 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5131 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5133 if(!ActiveDirectory)
5135 loginshell_v[0] = av[U_SHELL];
5136 mitMoiraClass_v[0] = av[U_CLASS];
5137 mitMoiraStatus_v[0] = av[U_STATE];
5138 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5139 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5140 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5141 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5142 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5143 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5146 if (strlen(av[U_UID]) != 0)
5148 uid_v[0] = av[U_UID];
5152 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5157 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5158 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5165 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5169 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5174 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5175 mitid_v[0] = av[U_MITID];
5177 mitid_v[0] = "none";
5179 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5181 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5182 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5183 drives_v, mods, LDAP_MOD_ADD, n);
5187 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5188 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5189 attr_array[0] = "sAMAccountName";
5190 attr_array[1] = NULL;
5194 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5195 attr_array, &group_base, &group_count,
5196 LDAP_SCOPE_SUBTREE) != 0))
5199 if (group_count != 1)
5201 com_err(whoami, 0, "Unable to process user security template: %s - "
5202 "security not set", "UserTemplate.u");
5206 strcpy(TemplateDn, group_base->dn);
5207 strcpy(TemplateSamName, group_base->value);
5208 linklist_free(group_base);
5212 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5213 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5214 apsServerControls, NULL,
5217 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5219 com_err(whoami, 0, "Unable to find user security template: %s - "
5220 "security not set", "UserTemplate.u");
5224 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5225 "ntSecurityDescriptor");
5226 if (ppsValues == NULL)
5228 com_err(whoami, 0, "Unable to find user security template: %s - "
5229 "security not set", "UserTemplate.u");
5233 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5234 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5239 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5241 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5243 OldUseSFU30 = UseSFU30;
5244 SwitchSFU(mods, &UseSFU30, n);
5245 if (OldUseSFU30 != UseSFU30)
5246 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5249 for (i = 0; i < n; i++)
5252 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5254 com_err(whoami, 0, "Unable to create user %s : %s",
5255 user_name, ldap_err2string(rc));
5260 if ((rc == LDAP_SUCCESS) && (SetPassword))
5262 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5264 ad_kdc_disconnect();
5265 if (!ad_server_connect(default_server, ldap_domain))
5267 com_err(whoami, 0, "Unable to set password for user %s : %s",
5269 "cannot get changepw ticket from windows domain");
5273 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5275 com_err(whoami, 0, "Unable to set password for user %s "
5276 ": %ld", user_name, rc);
5282 if(!ActiveDirectory)
5284 if (rc = moira_connect())
5286 critical_alert("Ldap incremental",
5287 "Error contacting Moira server : %s",
5292 argv[0] = user_name;
5294 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5297 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5299 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5301 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5306 "Unable to set the mailRoutingAddress for %s : %s",
5307 user_name, ldap_err2string(rc));
5309 p = strdup(save_argv[3]);
5311 if((c = strchr(p, ',')) != NULL) {
5315 if ((c = strchr(q, '@')) == NULL)
5316 sprintf(temp, "%s@mit.edu", q);
5318 sprintf(temp, "%s", q);
5320 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5322 mail_routing_v[0] = temp;
5325 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5327 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5329 if (rc == LDAP_ALREADY_EXISTS ||
5330 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5335 "Unable to set the mailRoutingAddress for %s : %s",
5336 user_name, ldap_err2string(rc));
5339 while((q = strtok(NULL, ",")) != NULL) {
5342 if((c = strchr(q, '@')) == NULL)
5343 sprintf(temp, "%s@mit.edu", q);
5345 sprintf(temp, "%s", q);
5347 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5349 mail_routing_v[0] = temp;
5352 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5354 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5356 if (rc == LDAP_ALREADY_EXISTS ||
5357 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5362 "Unable to set the mailRoutingAddress for %s : %s",
5363 user_name, ldap_err2string(rc));
5369 if((c = strchr(p, '@')) == NULL)
5370 sprintf(temp, "%s@mit.edu", p);
5372 sprintf(temp, "%s", p);
5374 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5376 mail_routing_v[0] = temp;
5379 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5381 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5383 if (rc == LDAP_ALREADY_EXISTS ||
5384 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5389 "Unable to set the mailRoutingAddress for %s : %s",
5390 user_name, ldap_err2string(rc));
5400 int user_change_status(LDAP *ldap_handle, char *dn_path,
5401 char *user_name, char *MoiraId,
5405 char *attr_array[3];
5407 char distinguished_name[1024];
5409 char *mitMoiraId_v[] = {NULL, NULL};
5411 LK_ENTRY *group_base;
5418 if (!check_string(user_name))
5420 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5422 return(AD_INVALID_NAME);
5428 if (strlen(MoiraId) != 0)
5430 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5431 attr_array[0] = "UserAccountControl";
5432 attr_array[1] = NULL;
5433 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5434 &group_base, &group_count,
5435 LDAP_SCOPE_SUBTREE)) != 0)
5437 com_err(whoami, 0, "Unable to process user %s : %s",
5438 user_name, ldap_err2string(rc));
5443 if (group_count != 1)
5445 linklist_free(group_base);
5448 sprintf(filter, "(sAMAccountName=%s)", user_name);
5449 attr_array[0] = "UserAccountControl";
5450 attr_array[1] = NULL;
5451 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5452 &group_base, &group_count,
5453 LDAP_SCOPE_SUBTREE)) != 0)
5455 com_err(whoami, 0, "Unable to process user %s : %s",
5456 user_name, ldap_err2string(rc));
5461 if (group_count != 1)
5463 linklist_free(group_base);
5464 com_err(whoami, 0, "Unable to find user %s in directory",
5466 return(LDAP_NO_SUCH_OBJECT);
5469 strcpy(distinguished_name, group_base->dn);
5470 ulongValue = atoi((*group_base).value);
5472 if (operation == MEMBER_DEACTIVATE)
5473 ulongValue |= UF_ACCOUNTDISABLE;
5475 ulongValue &= ~UF_ACCOUNTDISABLE;
5477 sprintf(temp, "%ld", ulongValue);
5479 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5480 temp, &modvalues, REPLACE)) == 1)
5483 linklist_free(group_base);
5487 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5489 if (strlen(MoiraId) != 0)
5491 mitMoiraId_v[0] = MoiraId;
5492 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5496 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5498 for (i = 0; i < n; i++)
5501 free_values(modvalues);
5503 if (rc != LDAP_SUCCESS)
5505 com_err(whoami, 0, "Unable to change status of user %s : %s",
5506 user_name, ldap_err2string(rc));
5513 int user_delete(LDAP *ldap_handle, char *dn_path,
5514 char *u_name, char *MoiraId)
5517 char *attr_array[3];
5518 char distinguished_name[1024];
5519 char user_name[512];
5520 LK_ENTRY *group_base;
5525 if (!check_string(u_name))
5526 return(AD_INVALID_NAME);
5528 strcpy(user_name, u_name);
5532 if (strlen(MoiraId) != 0)
5534 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5535 attr_array[0] = "name";
5536 attr_array[1] = NULL;
5537 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5538 &group_base, &group_count,
5539 LDAP_SCOPE_SUBTREE)) != 0)
5541 com_err(whoami, 0, "Unable to process user %s : %s",
5542 user_name, ldap_err2string(rc));
5547 if (group_count != 1)
5549 linklist_free(group_base);
5552 sprintf(filter, "(sAMAccountName=%s)", user_name);
5553 attr_array[0] = "name";
5554 attr_array[1] = NULL;
5555 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5556 &group_base, &group_count,
5557 LDAP_SCOPE_SUBTREE)) != 0)
5559 com_err(whoami, 0, "Unable to process user %s : %s",
5560 user_name, ldap_err2string(rc));
5565 if (group_count != 1)
5567 com_err(whoami, 0, "Unable to find user %s in directory",
5572 strcpy(distinguished_name, group_base->dn);
5574 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5576 com_err(whoami, 0, "Unable to process user %s : %s",
5577 user_name, ldap_err2string(rc));
5580 /* Need to add code to delete mit.edu contact */
5584 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5586 if(rc = ldap_delete_s(ldap_handle, temp))
5588 com_err(whoami, 0, "Unable to delete user contact for %s",
5594 linklist_free(group_base);
5599 void linklist_free(LK_ENTRY *linklist_base)
5601 LK_ENTRY *linklist_previous;
5603 while (linklist_base != NULL)
5605 if (linklist_base->dn != NULL)
5606 free(linklist_base->dn);
5608 if (linklist_base->attribute != NULL)
5609 free(linklist_base->attribute);
5611 if (linklist_base->value != NULL)
5612 free(linklist_base->value);
5614 if (linklist_base->member != NULL)
5615 free(linklist_base->member);
5617 if (linklist_base->type != NULL)
5618 free(linklist_base->type);
5620 if (linklist_base->list != NULL)
5621 free(linklist_base->list);
5623 linklist_previous = linklist_base;
5624 linklist_base = linklist_previous->next;
5625 free(linklist_previous);
5629 void free_values(char **modvalues)
5635 if (modvalues != NULL)
5637 while (modvalues[i] != NULL)
5640 modvalues[i] = NULL;
5647 static int illegalchars[] = {
5648 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5649 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5650 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5651 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5652 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5654 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5655 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5656 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5666 static int illegalchars_ldap[] = {
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5669 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5670 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5671 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5673 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5674 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5676 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5677 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5678 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5679 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5680 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5681 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5682 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5685 int check_string(char *s)
5693 if (isupper(character))
5694 character = tolower(character);
5698 if (illegalchars[(unsigned) character])
5700 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5701 character, (unsigned) character, s);
5707 if (illegalchars_ldap[(unsigned) character])
5709 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5710 character, (unsigned) character, s);
5719 int check_container_name(char *s)
5727 if (isupper(character))
5728 character = tolower(character);
5730 if (character == ' ')
5733 if (illegalchars[(unsigned) character])
5740 int mr_connect_cl(char *server, char *client, int version, int auth)
5746 status = mr_connect(server);
5750 com_err(whoami, status, "while connecting to Moira");
5754 status = mr_motd(&motd);
5759 com_err(whoami, status, "while checking server status");
5765 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5766 com_err(whoami, status, temp);
5771 status = mr_version(version);
5775 if (status == MR_UNKNOWN_PROC)
5778 status = MR_VERSION_HIGH;
5780 status = MR_SUCCESS;
5783 if (status == MR_VERSION_HIGH)
5785 com_err(whoami, 0, "Warning: This client is running newer code "
5786 "than the server.");
5787 com_err(whoami, 0, "Some operations may not work.");
5789 else if (status && status != MR_VERSION_LOW)
5791 com_err(whoami, status, "while setting query version number.");
5799 status = mr_krb5_auth(client);
5802 com_err(whoami, status, "while authenticating to Moira.");
5811 void AfsToWinAfs(char* path, char* winPath)
5815 strcpy(winPath, WINAFS);
5816 pathPtr = path + strlen(AFS);
5817 winPathPtr = winPath + strlen(WINAFS);
5821 if (*pathPtr == '/')
5824 *winPathPtr = *pathPtr;
5831 int GetAceInfo(int ac, char **av, void *ptr)
5838 strcpy(call_args[0], av[L_ACE_TYPE]);
5839 strcpy(call_args[1], av[L_ACE_NAME]);
5841 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5842 return(LDAP_SUCCESS);
5845 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5848 char *attr_array[3];
5851 LK_ENTRY *group_base;
5856 sprintf(filter, "(sAMAccountName=%s)", Name);
5857 attr_array[0] = "sAMAccountName";
5858 attr_array[1] = NULL;
5860 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5861 &group_base, &group_count,
5862 LDAP_SCOPE_SUBTREE)) != 0)
5864 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5865 Name, ldap_err2string(rc));
5869 linklist_free(group_base);
5872 if (group_count == 0)
5880 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5881 int UpdateGroup, int *ProcessGroup, char *maillist)
5884 char GroupName[256];
5890 char AceMembership[2];
5893 char *save_argv[U_END];
5897 com_err(whoami, 0, "ProcessAce disabled, skipping");
5901 strcpy(GroupName, Name);
5903 if (strcasecmp(Type, "LIST"))
5909 AceInfo[0] = AceType;
5910 AceInfo[1] = AceName;
5911 AceInfo[2] = AceMembership;
5913 memset(AceType, '\0', sizeof(AceType));
5914 memset(AceName, '\0', sizeof(AceName));
5915 memset(AceMembership, '\0', sizeof(AceMembership));
5916 memset(AceOu, '\0', sizeof(AceOu));
5919 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5921 if(rc != MR_NO_MATCH)
5922 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5923 GroupName, error_message(rc));
5930 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5934 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5937 strcpy(temp, AceName);
5939 if (!strcasecmp(AceType, "LIST"))
5940 sprintf(temp, "%s%s", AceName, group_suffix);
5944 if (checkADname(ldap_handle, dn_path, temp))
5947 (*ProcessGroup) = 1;
5950 if (!strcasecmp(AceInfo[0], "LIST"))
5952 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5953 AceMembership, 0, UpdateGroup, maillist))
5956 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5959 else if (!strcasecmp(AceInfo[0], "USER"))
5962 call_args[0] = (char *)ldap_handle;
5963 call_args[1] = dn_path;
5965 call_args[3] = NULL;
5968 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
5969 !strcasecmp(AceName, TEST_PRINCIPAL))
5974 if (rc = mr_query("get_user_account_by_login", 1, av,
5975 save_query_info, save_argv))
5977 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5982 if (rc = user_create(U_END, save_argv, call_args))
5984 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5991 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6001 if (!strcasecmp(AceType, "LIST"))
6003 if (!strcasecmp(GroupName, AceName))
6007 strcpy(GroupName, AceName);
6013 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6014 char *group_name, char *group_ou, char *group_membership,
6015 int group_security_flag, int updateGroup, char *maillist)
6020 LK_ENTRY *group_base;
6023 char *attr_array[3];
6026 call_args[0] = (char *)ldap_handle;
6027 call_args[1] = dn_path;
6028 call_args[2] = group_name;
6029 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6030 call_args[4] = (char *)updateGroup;
6031 call_args[5] = MoiraId;
6033 call_args[7] = NULL;
6039 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6042 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6050 com_err(whoami, 0, "Unable to create list %s", group_name);
6051 return(callback_rc);
6057 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6058 char *group_ou, char *group_membership,
6059 int group_security_flag, char *MoiraId)
6074 char *member_v[] = {NULL, NULL};
6075 char *save_argv[U_END];
6076 char machine_ou[256];
6077 char NewMachineName[1024];
6079 com_err(whoami, 0, "Populating group %s", group_name);
6081 call_args[0] = (char *)ldap_handle;
6082 call_args[1] = dn_path;
6083 call_args[2] = group_name;
6084 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6086 call_args[4] = NULL;
6089 if (rc = mr_query("get_end_members_of_list", 1, av,
6090 member_list_build, call_args))
6095 com_err(whoami, 0, "Unable to populate list %s : %s",
6096 group_name, error_message(rc));
6100 members = (char **)malloc(sizeof(char *) * 2);
6102 if (member_base != NULL)
6108 if (!strcasecmp(ptr->type, "LIST"))
6114 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6120 if(!strcasecmp(ptr->type, "USER"))
6122 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6123 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6129 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6130 "")) == AD_NO_USER_FOUND)
6132 com_err(whoami, 0, "creating user %s", ptr->member);
6134 av[0] = ptr->member;
6135 call_args[0] = (char *)ldap_handle;
6136 call_args[1] = dn_path;
6138 call_args[3] = NULL;
6141 if (rc = mr_query("get_user_account_by_login", 1, av,
6142 save_query_info, save_argv))
6144 com_err(whoami, 0, "Unable to create user %s "
6145 "while populating group %s.", ptr->member,
6151 if (rc = user_create(U_END, save_argv, call_args))
6153 com_err(whoami, 0, "Unable to create user %s "
6154 "while populating group %s.", ptr->member,
6162 com_err(whoami, 0, "Unable to create user %s "
6163 "while populating group %s", ptr->member,
6174 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6179 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6183 else if (!strcasecmp(ptr->type, "STRING"))
6185 if (contact_create(ldap_handle, dn_path, ptr->member,
6189 pUserOu = contact_ou;
6190 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6193 else if (!strcasecmp(ptr->type, "KERBEROS"))
6195 if (contact_create(ldap_handle, dn_path, ptr->member,
6199 pUserOu = kerberos_ou;
6200 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6203 else if (!strcasecmp(ptr->type, "MACHINE"))
6205 memset(machine_ou, '\0', sizeof(machine_ou));
6206 memset(NewMachineName, '\0', sizeof(NewMachineName));
6208 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6209 machine_ou, NewMachineName))
6211 pUserOu = machine_ou;
6212 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6223 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6224 members[i++] = strdup(member);
6229 linklist_free(member_base);
6235 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6237 if(GroupPopulateDelete)
6240 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6243 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6244 mods)) != LDAP_SUCCESS)
6247 "Unable to populate group membership for %s: %s",
6248 group_dn, ldap_err2string(rc));
6251 for (i = 0; i < n; i++)
6256 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6259 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6260 mods)) != LDAP_SUCCESS)
6263 "Unable to populate group membership for %s: %s",
6264 group_dn, ldap_err2string(rc));
6267 for (i = 0; i < n; i++)
6275 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6276 char *group_name, char *group_ou, char *group_membership,
6277 int group_security_flag, int type, char *maillist)
6279 char before_desc[512];
6280 char before_name[256];
6281 char before_group_ou[256];
6282 char before_group_membership[2];
6283 char distinguishedName[256];
6284 char ad_distinguishedName[256];
6286 char *attr_array[3];
6287 int before_security_flag;
6290 LK_ENTRY *group_base;
6293 char ou_security[512];
6294 char ou_distribution[512];
6295 char ou_neither[512];
6298 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6299 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6301 memset(filter, '\0', sizeof(filter));
6305 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6307 "samAccountName", &group_base,
6308 &group_count, filter))
6311 if (type == CHECK_GROUPS)
6313 if (group_count == 1)
6315 strcpy(group_dn, group_base->dn);
6317 if (!strcasecmp(group_dn, distinguishedName))
6319 linklist_free(group_base);
6324 linklist_free(group_base);
6326 if (group_count == 0)
6327 return(AD_NO_GROUPS_FOUND);
6329 if (group_count == 1)
6330 return(AD_WRONG_GROUP_DN_FOUND);
6332 return(AD_MULTIPLE_GROUPS_FOUND);
6335 if (group_count == 0)
6337 return(AD_NO_GROUPS_FOUND);
6340 if (group_count > 1)
6344 strcpy(group_dn, ptr->dn);
6348 if (!strcasecmp(group_dn, ptr->value))
6356 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6362 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6366 linklist_free(group_base);
6367 return(AD_MULTIPLE_GROUPS_FOUND);
6374 strcpy(group_dn, ptr->dn);
6376 if (strcasecmp(group_dn, ptr->value))
6377 rc = ldap_delete_s(ldap_handle, ptr->value);
6382 linklist_free(group_base);
6383 memset(filter, '\0', sizeof(filter));
6387 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6389 "samAccountName", &group_base,
6390 &group_count, filter))
6393 if (group_count == 0)
6394 return(AD_NO_GROUPS_FOUND);
6396 if (group_count > 1)
6397 return(AD_MULTIPLE_GROUPS_FOUND);
6400 strcpy(ad_distinguishedName, group_base->dn);
6401 linklist_free(group_base);
6405 attr_array[0] = "sAMAccountName";
6406 attr_array[1] = NULL;
6408 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6409 &group_base, &group_count,
6410 LDAP_SCOPE_SUBTREE)) != 0)
6412 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6413 MoiraId, ldap_err2string(rc));
6417 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6419 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6421 linklist_free(group_base);
6427 linklist_free(group_base);
6430 memset(ou_both, '\0', sizeof(ou_both));
6431 memset(ou_security, '\0', sizeof(ou_security));
6432 memset(ou_distribution, '\0', sizeof(ou_distribution));
6433 memset(ou_neither, '\0', sizeof(ou_neither));
6434 memset(before_name, '\0', sizeof(before_name));
6435 memset(before_desc, '\0', sizeof(before_desc));
6436 memset(before_group_membership, '\0', sizeof(before_group_membership));
6438 attr_array[0] = "name";
6439 attr_array[1] = NULL;
6441 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6442 &group_base, &group_count,
6443 LDAP_SCOPE_SUBTREE)) != 0)
6445 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6446 MoiraId, ldap_err2string(rc));
6450 strcpy(before_name, group_base->value);
6451 linklist_free(group_base);
6455 attr_array[0] = "description";
6456 attr_array[1] = NULL;
6458 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6459 &group_base, &group_count,
6460 LDAP_SCOPE_SUBTREE)) != 0)
6463 "Unable to get list description with MoiraId = %s: %s",
6464 MoiraId, ldap_err2string(rc));
6468 if (group_count != 0)
6470 strcpy(before_desc, group_base->value);
6471 linklist_free(group_base);
6476 change_to_lower_case(ad_distinguishedName);
6477 strcpy(ou_both, group_ou_both);
6478 change_to_lower_case(ou_both);
6479 strcpy(ou_security, group_ou_security);
6480 change_to_lower_case(ou_security);
6481 strcpy(ou_distribution, group_ou_distribution);
6482 change_to_lower_case(ou_distribution);
6483 strcpy(ou_neither, group_ou_neither);
6484 change_to_lower_case(ou_neither);
6486 if (strstr(ad_distinguishedName, ou_both))
6488 strcpy(before_group_ou, group_ou_both);
6489 before_group_membership[0] = 'B';
6490 before_security_flag = 1;
6492 else if (strstr(ad_distinguishedName, ou_security))
6494 strcpy(before_group_ou, group_ou_security);
6495 before_group_membership[0] = 'S';
6496 before_security_flag = 1;
6498 else if (strstr(ad_distinguishedName, ou_distribution))
6500 strcpy(before_group_ou, group_ou_distribution);
6501 before_group_membership[0] = 'D';
6502 before_security_flag = 0;
6504 else if (strstr(ad_distinguishedName, ou_neither))
6506 strcpy(before_group_ou, group_ou_neither);
6507 before_group_membership[0] = 'N';
6508 before_security_flag = 0;
6511 return(AD_NO_OU_FOUND);
6513 rc = group_rename(ldap_handle, dn_path, before_name,
6514 before_group_membership,
6515 before_group_ou, before_security_flag, before_desc,
6516 group_name, group_membership, group_ou,
6517 group_security_flag,
6518 before_desc, MoiraId, filter, maillist);
6523 void change_to_lower_case(char *ptr)
6527 for (i = 0; i < (int)strlen(ptr); i++)
6529 ptr[i] = tolower(ptr[i]);
6533 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6534 char *group_name, char *group_membership,
6535 char *MoiraId, char *attribute,
6536 LK_ENTRY **linklist_base, int *linklist_count,
6541 char *attr_array[3];
6545 (*linklist_base) = NULL;
6546 (*linklist_count) = 0;
6548 if (strlen(rFilter) != 0)
6550 strcpy(filter, rFilter);
6551 attr_array[0] = attribute;
6552 attr_array[1] = NULL;
6554 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6555 linklist_base, linklist_count,
6556 LDAP_SCOPE_SUBTREE)) != 0)
6558 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6559 MoiraId, ldap_err2string(rc));
6563 if ((*linklist_count) == 1)
6565 strcpy(rFilter, filter);
6570 linklist_free((*linklist_base));
6571 (*linklist_base) = NULL;
6572 (*linklist_count) = 0;
6574 if (strlen(MoiraId) != 0)
6576 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6578 attr_array[0] = attribute;
6579 attr_array[1] = NULL;
6581 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6582 linklist_base, linklist_count,
6583 LDAP_SCOPE_SUBTREE)) != 0)
6585 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6586 MoiraId, ldap_err2string(rc));
6591 if ((*linklist_count) > 1)
6593 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6594 pPtr = (*linklist_base);
6598 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6603 linklist_free((*linklist_base));
6604 (*linklist_base) = NULL;
6605 (*linklist_count) = 0;
6608 if ((*linklist_count) == 1)
6611 pPtr = (*linklist_base);
6612 dn = strdup(pPtr->dn);
6615 if (!memcmp(dn, group_name, strlen(group_name)))
6617 strcpy(rFilter, filter);
6622 linklist_free((*linklist_base));
6623 (*linklist_base) = NULL;
6624 (*linklist_count) = 0;
6625 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6627 attr_array[0] = attribute;
6628 attr_array[1] = NULL;
6630 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6631 linklist_base, linklist_count,
6632 LDAP_SCOPE_SUBTREE)) != 0)
6634 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6635 MoiraId, ldap_err2string(rc));
6639 if ((*linklist_count) == 1)
6641 strcpy(rFilter, filter);
6648 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6651 char *attr_array[3];
6652 char SamAccountName[64];
6655 LK_ENTRY *group_base;
6661 if (strlen(MoiraId) != 0)
6663 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6665 attr_array[0] = "sAMAccountName";
6666 attr_array[1] = NULL;
6667 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6668 &group_base, &group_count,
6669 LDAP_SCOPE_SUBTREE)) != 0)
6671 com_err(whoami, 0, "Unable to process user %s : %s",
6672 UserName, ldap_err2string(rc));
6676 if (group_count > 1)
6678 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6684 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6685 gPtr->value, MoiraId);
6691 if (group_count != 1)
6693 linklist_free(group_base);
6696 sprintf(filter, "(sAMAccountName=%s)", UserName);
6697 attr_array[0] = "sAMAccountName";
6698 attr_array[1] = NULL;
6700 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6701 &group_base, &group_count,
6702 LDAP_SCOPE_SUBTREE)) != 0)
6704 com_err(whoami, 0, "Unable to process user %s : %s",
6705 UserName, ldap_err2string(rc));
6710 if (group_count != 1)
6712 linklist_free(group_base);
6713 return(AD_NO_USER_FOUND);
6716 strcpy(SamAccountName, group_base->value);
6717 linklist_free(group_base);
6721 if (strcmp(SamAccountName, UserName))
6724 "User object %s with MoiraId %s has mismatched usernames "
6725 "(LDAP username %s, Moira username %s)", SamAccountName,
6726 MoiraId, SamAccountName, UserName);
6732 void container_get_dn(char *src, char *dest)
6739 memset(array, '\0', 20 * sizeof(array[0]));
6741 if (strlen(src) == 0)
6763 strcpy(dest, "OU=");
6767 strcat(dest, array[n-1]);
6771 strcat(dest, ",OU=");
6778 void container_get_name(char *src, char *dest)
6783 if (strlen(src) == 0)
6803 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6810 strcpy(cName, name);
6812 for (i = 0; i < (int)strlen(cName); i++)
6814 if (cName[i] == '/')
6817 av[CONTAINER_NAME] = cName;
6818 av[CONTAINER_DESC] = "";
6819 av[CONTAINER_LOCATION] = "";
6820 av[CONTAINER_CONTACT] = "";
6821 av[CONTAINER_TYPE] = "";
6822 av[CONTAINER_ID] = "";
6823 av[CONTAINER_ROWID] = "";
6824 rc = container_create(ldap_handle, dn_path, 7, av);
6826 if (rc == LDAP_SUCCESS)
6828 com_err(whoami, 0, "container %s created without a mitMoiraId",
6837 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6838 char **before, int afterc, char **after)
6843 char new_dn_path[256];
6845 char distinguishedName[256];
6850 memset(cName, '\0', sizeof(cName));
6851 container_get_name(after[CONTAINER_NAME], cName);
6853 if (!check_container_name(cName))
6855 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6857 return(AD_INVALID_NAME);
6860 memset(distinguishedName, '\0', sizeof(distinguishedName));
6862 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6863 distinguishedName, beforec, before))
6866 if (strlen(distinguishedName) == 0)
6868 rc = container_create(ldap_handle, dn_path, afterc, after);
6872 strcpy(temp, after[CONTAINER_NAME]);
6875 for (i = 0; i < (int)strlen(temp); i++)
6885 container_get_dn(temp, dName);
6887 if (strlen(temp) != 0)
6888 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6890 sprintf(new_dn_path, "%s", dn_path);
6892 sprintf(new_cn, "OU=%s", cName);
6894 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6896 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6897 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6899 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6900 before[CONTAINER_NAME], after[CONTAINER_NAME],
6901 ldap_err2string(rc));
6905 memset(dName, '\0', sizeof(dName));
6906 container_get_dn(after[CONTAINER_NAME], dName);
6907 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6912 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6914 char distinguishedName[256];
6917 memset(distinguishedName, '\0', sizeof(distinguishedName));
6919 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6920 distinguishedName, count, av))
6923 if (strlen(distinguishedName) == 0)
6926 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6928 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6929 container_move_objects(ldap_handle, dn_path, distinguishedName);
6931 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6932 av[CONTAINER_NAME], ldap_err2string(rc));
6938 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6940 char *attr_array[3];
6941 LK_ENTRY *group_base;
6944 char *objectClass_v[] = {"top",
6945 "organizationalUnit",
6948 char *ou_v[] = {NULL, NULL};
6949 char *name_v[] = {NULL, NULL};
6950 char *moiraId_v[] = {NULL, NULL};
6951 char *desc_v[] = {NULL, NULL};
6952 char *managedBy_v[] = {NULL, NULL};
6955 char managedByDN[256];
6962 memset(filter, '\0', sizeof(filter));
6963 memset(dName, '\0', sizeof(dName));
6964 memset(cName, '\0', sizeof(cName));
6965 memset(managedByDN, '\0', sizeof(managedByDN));
6966 container_get_dn(av[CONTAINER_NAME], dName);
6967 container_get_name(av[CONTAINER_NAME], cName);
6969 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6971 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6973 return(AD_INVALID_NAME);
6976 if (!check_container_name(cName))
6978 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6980 return(AD_INVALID_NAME);
6984 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6986 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6988 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6990 if (strlen(av[CONTAINER_ROWID]) != 0)
6992 moiraId_v[0] = av[CONTAINER_ROWID];
6993 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6996 if (strlen(av[CONTAINER_DESC]) != 0)
6998 desc_v[0] = av[CONTAINER_DESC];
6999 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7002 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7004 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7006 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7009 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7010 kerberos_ou, dn_path);
7011 managedBy_v[0] = managedByDN;
7012 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7017 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7019 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7020 "(objectClass=user)))", av[CONTAINER_ID]);
7023 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7025 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7029 if (strlen(filter) != 0)
7031 attr_array[0] = "distinguishedName";
7032 attr_array[1] = NULL;
7035 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7037 &group_base, &group_count,
7038 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7040 if (group_count == 1)
7042 strcpy(managedByDN, group_base->value);
7043 managedBy_v[0] = managedByDN;
7044 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7046 linklist_free(group_base);
7056 sprintf(temp, "%s,%s", dName, dn_path);
7057 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7059 for (i = 0; i < n; i++)
7062 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7064 com_err(whoami, 0, "Unable to create container %s : %s",
7065 cName, ldap_err2string(rc));
7069 if (rc == LDAP_ALREADY_EXISTS)
7071 if (strlen(av[CONTAINER_ROWID]) != 0)
7072 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7078 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7079 char **before, int afterc, char **after)
7081 char distinguishedName[256];
7084 memset(distinguishedName, '\0', sizeof(distinguishedName));
7086 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7087 distinguishedName, afterc, after))
7090 if (strlen(distinguishedName) == 0)
7092 rc = container_create(ldap_handle, dn_path, afterc, after);
7096 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7097 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7103 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7104 char *distinguishedName, int count,
7107 char *attr_array[3];
7108 LK_ENTRY *group_base;
7115 memset(filter, '\0', sizeof(filter));
7116 memset(dName, '\0', sizeof(dName));
7117 memset(cName, '\0', sizeof(cName));
7118 container_get_dn(av[CONTAINER_NAME], dName);
7119 container_get_name(av[CONTAINER_NAME], cName);
7121 if (strlen(dName) == 0)
7123 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7124 av[CONTAINER_NAME]);
7125 return(AD_INVALID_NAME);
7128 if (!check_container_name(cName))
7130 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7132 return(AD_INVALID_NAME);
7135 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7136 av[CONTAINER_ROWID]);
7137 attr_array[0] = "distinguishedName";
7138 attr_array[1] = NULL;
7142 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7143 &group_base, &group_count,
7144 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7146 if (group_count == 1)
7148 strcpy(distinguishedName, group_base->value);
7151 linklist_free(group_base);
7156 if (strlen(distinguishedName) == 0)
7158 sprintf(filter, "(&(objectClass=organizationalUnit)"
7159 "(distinguishedName=%s,%s))", dName, dn_path);
7160 attr_array[0] = "distinguishedName";
7161 attr_array[1] = NULL;
7165 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7166 &group_base, &group_count,
7167 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7169 if (group_count == 1)
7171 strcpy(distinguishedName, group_base->value);
7174 linklist_free(group_base);
7183 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7184 char *distinguishedName, int count, char **av)
7186 char *attr_array[5];
7187 LK_ENTRY *group_base;
7192 char *moiraId_v[] = {NULL, NULL};
7193 char *desc_v[] = {NULL, NULL};
7194 char *managedBy_v[] = {NULL, NULL};
7195 char managedByDN[256];
7204 strcpy(ad_path, distinguishedName);
7206 if (strlen(dName) != 0)
7207 sprintf(ad_path, "%s,%s", dName, dn_path);
7209 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7212 if (strlen(av[CONTAINER_ID]) != 0)
7213 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7214 av[CONTAINER_ROWID]);
7216 attr_array[0] = "mitMoiraId";
7217 attr_array[1] = "description";
7218 attr_array[2] = "managedBy";
7219 attr_array[3] = NULL;
7223 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7224 &group_base, &group_count,
7225 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7227 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7228 av[CONTAINER_NAME], ldap_err2string(rc));
7232 memset(managedByDN, '\0', sizeof(managedByDN));
7233 memset(moiraId, '\0', sizeof(moiraId));
7234 memset(desc, '\0', sizeof(desc));
7239 if (!strcasecmp(pPtr->attribute, "description"))
7240 strcpy(desc, pPtr->value);
7241 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7242 strcpy(managedByDN, pPtr->value);
7243 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7244 strcpy(moiraId, pPtr->value);
7248 linklist_free(group_base);
7253 if (strlen(av[CONTAINER_ROWID]) != 0)
7255 moiraId_v[0] = av[CONTAINER_ROWID];
7256 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7259 if (strlen(av[CONTAINER_DESC]) != 0)
7261 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7266 if (strlen(desc) != 0)
7268 attribute_update(ldap_handle, ad_path, "", "description", dName);
7272 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7274 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7276 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7279 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7280 kerberos_ou, dn_path);
7281 managedBy_v[0] = managedByDN;
7282 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7286 if (strlen(managedByDN) != 0)
7288 attribute_update(ldap_handle, ad_path, "", "managedBy",
7295 memset(filter, '\0', sizeof(filter));
7297 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7299 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7300 "(objectClass=user)))", av[CONTAINER_ID]);
7303 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7305 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7309 if (strlen(filter) != 0)
7311 attr_array[0] = "distinguishedName";
7312 attr_array[1] = NULL;
7315 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7316 attr_array, &group_base, &group_count,
7317 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7319 if (group_count == 1)
7321 strcpy(managedByDN, group_base->value);
7322 managedBy_v[0] = managedByDN;
7323 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7327 if (strlen(managedByDN) != 0)
7329 attribute_update(ldap_handle, ad_path, "",
7330 "managedBy", dName);
7334 linklist_free(group_base);
7341 if (strlen(managedByDN) != 0)
7343 attribute_update(ldap_handle, ad_path, "", "managedBy",
7353 return(LDAP_SUCCESS);
7355 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7357 for (i = 0; i < n; i++)
7360 if (rc != LDAP_SUCCESS)
7362 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7363 av[CONTAINER_NAME], ldap_err2string(rc));
7370 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7372 char *attr_array[3];
7373 LK_ENTRY *group_base;
7380 int NumberOfEntries = 10;
7384 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7386 for (i = 0; i < 3; i++)
7388 memset(filter, '\0', sizeof(filter));
7392 strcpy(filter, "(!(|(objectClass=computer)"
7393 "(objectClass=organizationalUnit)))");
7394 attr_array[0] = "cn";
7395 attr_array[1] = NULL;
7399 strcpy(filter, "(objectClass=computer)");
7400 attr_array[0] = "cn";
7401 attr_array[1] = NULL;
7405 strcpy(filter, "(objectClass=organizationalUnit)");
7406 attr_array[0] = "ou";
7407 attr_array[1] = NULL;
7412 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7413 &group_base, &group_count,
7414 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7419 if (group_count == 0)
7426 if (!strcasecmp(pPtr->attribute, "cn"))
7428 sprintf(new_cn, "cn=%s", pPtr->value);
7430 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7432 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7437 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7439 if (rc == LDAP_ALREADY_EXISTS)
7441 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7448 else if (!strcasecmp(pPtr->attribute, "ou"))
7450 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7456 linklist_free(group_base);
7465 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7466 char *machine_ou, char *NewMachineName)
7468 LK_ENTRY *group_base;
7472 char *attr_array[3];
7479 strcpy(NewMachineName, member);
7480 rc = moira_connect();
7481 rc = GetMachineName(NewMachineName);
7484 if (strlen(NewMachineName) == 0)
7486 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7492 pPtr = strchr(NewMachineName, '.');
7499 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7500 attr_array[0] = "cn";
7501 attr_array[1] = NULL;
7502 sprintf(temp, "%s", dn_path);
7504 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7505 &group_base, &group_count,
7506 LDAP_SCOPE_SUBTREE)) != 0)
7508 com_err(whoami, 0, "Unable to process machine %s : %s",
7509 member, ldap_err2string(rc));
7513 if (group_count != 1)
7518 strcpy(dn, group_base->dn);
7519 strcpy(cn, group_base->value);
7521 for (i = 0; i < (int)strlen(dn); i++)
7522 dn[i] = tolower(dn[i]);
7524 for (i = 0; i < (int)strlen(cn); i++)
7525 cn[i] = tolower(cn[i]);
7527 linklist_free(group_base);
7529 pPtr = strstr(dn, cn);
7533 com_err(whoami, 0, "Unable to process machine %s",
7538 pPtr += strlen(cn) + 1;
7539 strcpy(machine_ou, pPtr);
7541 pPtr = strstr(machine_ou, "dc=");
7545 com_err(whoami, 0, "Unable to process machine %s",
7556 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7557 char *MoiraMachineName, char *DestinationOu)
7561 char MachineName[128];
7563 char *attr_array[3];
7568 LK_ENTRY *group_base;
7573 strcpy(MachineName, MoiraMachineName);
7574 rc = GetMachineName(MachineName);
7576 if (strlen(MachineName) == 0)
7578 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7583 cPtr = strchr(MachineName, '.');
7588 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7589 attr_array[0] = "sAMAccountName";
7590 attr_array[1] = NULL;
7592 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7594 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7596 com_err(whoami, 0, "Unable to process machine %s : %s",
7597 MoiraMachineName, ldap_err2string(rc));
7601 if (group_count == 1)
7602 strcpy(OldDn, group_base->dn);
7604 linklist_free(group_base);
7607 if (group_count != 1)
7609 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7614 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7615 cPtr = strchr(OldDn, ',');
7620 if (!strcasecmp(cPtr, NewOu))
7624 sprintf(NewCn, "CN=%s", MachineName);
7625 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7630 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7636 memset(Name, '\0', sizeof(Name));
7637 strcpy(Name, machine_name);
7639 pPtr = strchr(Name, '.');
7645 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7648 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7649 char *machine_name, char *container_name)
7655 av[0] = machine_name;
7656 call_args[0] = (char *)container_name;
7657 rc = mr_query("get_machine_to_container_map", 1, av,
7658 machine_GetMoiraContainer, call_args);
7662 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7667 strcpy(call_args[0], av[1]);
7671 int Moira_container_group_create(char **after)
7677 memset(GroupName, '\0', sizeof(GroupName));
7678 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7679 after[CONTAINER_ROWID]);
7683 argv[L_NAME] = GroupName;
7684 argv[L_ACTIVE] = "1";
7685 argv[L_PUBLIC] = "0";
7686 argv[L_HIDDEN] = "0";
7687 argv[L_MAILLIST] = "0";
7688 argv[L_GROUP] = "1";
7689 argv[L_GID] = UNIQUE_GID;
7690 argv[L_NFSGROUP] = "0";
7691 argv[L_MAILMAN] = "0";
7692 argv[L_MAILMAN_SERVER] = "[NONE]";
7693 argv[L_DESC] = "auto created container group";
7694 argv[L_ACE_TYPE] = "USER";
7695 argv[L_MEMACE_TYPE] = "USER";
7696 argv[L_ACE_NAME] = "sms";
7697 argv[L_MEMACE_NAME] = "sms";
7699 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7702 "Unable to create container group %s for container %s: %s",
7703 GroupName, after[CONTAINER_NAME], error_message(rc));
7706 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7707 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7712 int Moira_container_group_update(char **before, char **after)
7715 char BeforeGroupName[64];
7716 char AfterGroupName[64];
7719 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7722 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7723 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7724 if (strlen(BeforeGroupName) == 0)
7727 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7728 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7729 after[CONTAINER_ROWID]);
7733 if (strcasecmp(BeforeGroupName, AfterGroupName))
7735 argv[L_NAME] = BeforeGroupName;
7736 argv[L_NAME + 1] = AfterGroupName;
7737 argv[L_ACTIVE + 1] = "1";
7738 argv[L_PUBLIC + 1] = "0";
7739 argv[L_HIDDEN + 1] = "0";
7740 argv[L_MAILLIST + 1] = "0";
7741 argv[L_GROUP + 1] = "1";
7742 argv[L_GID + 1] = UNIQUE_GID;
7743 argv[L_NFSGROUP + 1] = "0";
7744 argv[L_MAILMAN + 1] = "0";
7745 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7746 argv[L_DESC + 1] = "auto created container group";
7747 argv[L_ACE_TYPE + 1] = "USER";
7748 argv[L_MEMACE_TYPE + 1] = "USER";
7749 argv[L_ACE_NAME + 1] = "sms";
7750 argv[L_MEMACE_NAME + 1] = "sms";
7752 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7755 "Unable to rename container group from %s to %s: %s",
7756 BeforeGroupName, AfterGroupName, error_message(rc));
7763 int Moira_container_group_delete(char **before)
7768 char ParentGroupName[64];
7770 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7771 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7773 memset(GroupName, '\0', sizeof(GroupName));
7775 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7776 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7778 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7780 argv[0] = ParentGroupName;
7782 argv[2] = GroupName;
7784 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7787 "Unable to delete container group %s from list: %s",
7788 GroupName, ParentGroupName, error_message(rc));
7792 if (strlen(GroupName) != 0)
7794 argv[0] = GroupName;
7796 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7798 com_err(whoami, 0, "Unable to delete container group %s : %s",
7799 GroupName, error_message(rc));
7806 int Moira_groupname_create(char *GroupName, char *ContainerName,
7807 char *ContainerRowID)
7812 char newGroupName[64];
7813 char tempGroupName[64];
7819 strcpy(temp, ContainerName);
7821 ptr1 = strrchr(temp, '/');
7827 ptr1 = strrchr(temp, '/');
7831 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7834 strcpy(tempgname, ptr);
7837 strcpy(tempgname, temp);
7839 if (strlen(tempgname) > 25)
7840 tempgname[25] ='\0';
7842 sprintf(newGroupName, "cnt-%s", tempgname);
7844 /* change everything to lower case */
7850 *ptr = tolower(*ptr);
7858 strcpy(tempGroupName, newGroupName);
7861 /* append 0-9 then a-z if a duplicate is found */
7864 argv[0] = newGroupName;
7866 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7868 if (rc == MR_NO_MATCH)
7870 com_err(whoami, 0, "Moira error while creating group name for "
7871 "container %s : %s", ContainerName, error_message(rc));
7875 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7879 com_err(whoami, 0, "Unable to find a unique group name for "
7880 "container %s: too many duplicate container names",
7891 strcpy(GroupName, newGroupName);
7895 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7900 argv[0] = origContainerName;
7901 argv[1] = GroupName;
7903 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7906 "Unable to set container group %s in container %s: %s",
7907 GroupName, origContainerName, error_message(rc));
7913 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7915 char ContainerName[64];
7916 char ParentGroupName[64];
7920 strcpy(ContainerName, origContainerName);
7922 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7924 /* top-level container */
7925 if (strlen(ParentGroupName) == 0)
7928 argv[0] = ParentGroupName;
7930 argv[2] = GroupName;
7932 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7935 "Unable to add container group %s to parent group %s: %s",
7936 GroupName, ParentGroupName, error_message(rc));
7942 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7947 strcpy(call_args[0], av[1]);
7952 int Moira_getGroupName(char *origContainerName, char *GroupName,
7955 char ContainerName[64];
7961 strcpy(ContainerName, origContainerName);
7965 ptr = strrchr(ContainerName, '/');
7973 argv[0] = ContainerName;
7975 call_args[0] = GroupName;
7976 call_args[1] = NULL;
7978 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7981 if (strlen(GroupName) != 0)
7986 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7987 ContainerName, error_message(rc));
7989 com_err(whoami, 0, "Unable to get container group from container %s",
7995 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8001 if (strcmp(GroupName, "[none]") == 0)
8004 argv[0] = GroupName;
8005 argv[1] = "MACHINE";
8006 argv[2] = MachineName;
8009 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8011 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8015 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8016 MachineName, GroupName, error_message(rc));
8022 int GetMachineName(char *MachineName)
8025 char NewMachineName[1024];
8032 // If the address happens to be in the top-level MIT domain, great!
8033 strcpy(NewMachineName, MachineName);
8035 for (i = 0; i < (int)strlen(NewMachineName); i++)
8036 NewMachineName[i] = toupper(NewMachineName[i]);
8038 szDot = strchr(NewMachineName,'.');
8040 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8045 // If not, see if it has a Moira alias in the top-level MIT domain.
8046 memset(NewMachineName, '\0', sizeof(NewMachineName));
8048 args[1] = MachineName;
8049 call_args[0] = NewMachineName;
8050 call_args[1] = NULL;
8052 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8054 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8055 MachineName, error_message(rc));
8056 strcpy(MachineName, "");
8060 if (strlen(NewMachineName) != 0)
8061 strcpy(MachineName, NewMachineName);
8063 strcpy(MachineName, "");
8068 int ProcessMachineName(int ac, char **av, void *ptr)
8071 char MachineName[1024];
8077 if (strlen(call_args[0]) == 0)
8079 strcpy(MachineName, av[0]);
8081 for (i = 0; i < (int)strlen(MachineName); i++)
8082 MachineName[i] = toupper(MachineName[i]);
8084 szDot = strchr(MachineName,'.');
8086 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8088 strcpy(call_args[0], MachineName);
8095 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8101 for (i = 0; i < n; i++)
8103 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8104 mods[i]->mod_type = "uidNumber";
8111 for (i = 0; i < n; i++)
8113 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8114 mods[i]->mod_type = "msSFU30UidNumber";
8121 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8122 char *DistinguishedName,
8123 char *WinHomeDir, char *WinProfileDir,
8124 char **homedir_v, char **winProfile_v,
8125 char **drives_v, LDAPMod **mods,
8132 char winProfile[1024];
8135 char apple_homedir[1024];
8136 char *apple_homedir_v[] = {NULL, NULL};
8140 LDAPMod *DelMods[20];
8142 char *save_argv[FS_END];
8143 char *fsgroup_save_argv[2];
8145 memset(homeDrive, '\0', sizeof(homeDrive));
8146 memset(path, '\0', sizeof(path));
8147 memset(winPath, '\0', sizeof(winPath));
8148 memset(winProfile, '\0', sizeof(winProfile));
8150 if(!ActiveDirectory)
8152 if (rc = moira_connect())
8154 critical_alert("Ldap incremental",
8155 "Error contacting Moira server : %s",
8160 argv[0] = user_name;
8162 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8165 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8166 !strcmp(save_argv[FS_TYPE], "MUL"))
8169 argv[0] = save_argv[FS_NAME];
8172 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8173 save_fsgroup_info, fsgroup_save_argv)))
8177 argv[0] = fsgroup_save_argv[0];
8179 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8180 save_query_info, save_argv)))
8182 strcpy(path, save_argv[FS_PACK]);
8189 strcpy(path, save_argv[FS_PACK]);
8197 if (!strnicmp(path, AFS, strlen(AFS)))
8199 sprintf(homedir, "%s", path);
8200 sprintf(apple_homedir, "%s/MacData", path);
8201 homedir_v[0] = homedir;
8202 apple_homedir_v[0] = apple_homedir;
8203 ADD_ATTR("homeDirectory", homedir_v, OpType);
8204 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8210 homedir_v[0] = "NONE";
8211 apple_homedir_v[0] = "NONE";
8212 ADD_ATTR("homeDirectory", homedir_v, OpType);
8213 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8220 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8221 (!strcasecmp(WinProfileDir, "[afs]")))
8223 if (rc = moira_connect())
8225 critical_alert("Ldap incremental",
8226 "Error contacting Moira server : %s",
8231 argv[0] = user_name;
8233 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8236 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8237 !strcmp(save_argv[FS_TYPE], "MUL"))
8240 argv[0] = save_argv[FS_NAME];
8243 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8244 save_fsgroup_info, fsgroup_save_argv)))
8248 argv[0] = fsgroup_save_argv[0];
8250 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8251 save_query_info, save_argv)))
8253 strcpy(path, save_argv[FS_PACK]);
8260 strcpy(path, save_argv[FS_PACK]);
8268 if (!strnicmp(path, AFS, strlen(AFS)))
8270 AfsToWinAfs(path, winPath);
8271 strcpy(winProfile, winPath);
8272 strcat(winProfile, "\\.winprofile");
8279 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8280 (!strcasecmp(WinProfileDir, "[dfs]")))
8282 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8283 user_name[0], user_name);
8285 if (!strcasecmp(WinProfileDir, "[dfs]"))
8287 strcpy(winProfile, path);
8288 strcat(winProfile, "\\.winprofile");
8291 if (!strcasecmp(WinHomeDir, "[dfs]"))
8292 strcpy(winPath, path);
8295 if (!strcasecmp(WinHomeDir, "[local]"))
8296 memset(winPath, '\0', sizeof(winPath));
8297 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8298 !strcasecmp(WinHomeDir, "[dfs]"))
8300 strcpy(homeDrive, "H:");
8304 strcpy(winPath, WinHomeDir);
8305 if (!strncmp(WinHomeDir, "\\\\", 2))
8307 strcpy(homeDrive, "H:");
8311 // nothing needs to be done if WinProfileDir is [afs].
8312 if (!strcasecmp(WinProfileDir, "[local]"))
8313 memset(winProfile, '\0', sizeof(winProfile));
8314 else if (strcasecmp(WinProfileDir, "[afs]") &&
8315 strcasecmp(WinProfileDir, "[dfs]"))
8317 strcpy(winProfile, WinProfileDir);
8320 if (strlen(winProfile) != 0)
8322 if (winProfile[strlen(winProfile) - 1] == '\\')
8323 winProfile[strlen(winProfile) - 1] = '\0';
8326 if (strlen(winPath) != 0)
8328 if (winPath[strlen(winPath) - 1] == '\\')
8329 winPath[strlen(winPath) - 1] = '\0';
8332 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8333 strcat(winProfile, "\\");
8335 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8336 strcat(winPath, "\\");
8338 if (strlen(winPath) == 0)
8340 if (OpType == LDAP_MOD_REPLACE)
8343 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8345 //unset homeDirectory attribute for user.
8346 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8352 homedir_v[0] = strdup(winPath);
8353 ADD_ATTR("homeDirectory", homedir_v, OpType);
8356 if (strlen(winProfile) == 0)
8358 if (OpType == LDAP_MOD_REPLACE)
8361 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8363 //unset profilePate attribute for user.
8364 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8370 winProfile_v[0] = strdup(winProfile);
8371 ADD_ATTR("profilePath", winProfile_v, OpType);
8374 if (strlen(homeDrive) == 0)
8376 if (OpType == LDAP_MOD_REPLACE)
8379 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8381 //unset homeDrive attribute for user
8382 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8388 drives_v[0] = strdup(homeDrive);
8389 ADD_ATTR("homeDrive", drives_v, OpType);
8395 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8396 char *attribute_value, char *attribute, char *user_name)
8398 char *mod_v[] = {NULL, NULL};
8399 LDAPMod *DelMods[20];
8405 if (strlen(attribute_value) == 0)
8408 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8410 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8416 mod_v[0] = attribute_value;
8417 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8420 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8421 mods)) != LDAP_SUCCESS)
8425 mod_v[0] = attribute_value;
8426 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8429 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8430 mods)) != LDAP_SUCCESS)
8432 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8433 "in the directory : %s",
8434 attribute, user_name, ldap_err2string(rc));
8444 void StringTrim(char *StringToTrim)
8449 save = strdup(StringToTrim);
8456 /* skip to end of string */
8461 strcpy(StringToTrim, save);
8465 for (t = s; *t; t++)
8481 strcpy(StringToTrim, s);
8485 int ReadConfigFile(char *DomainName)
8496 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8498 if ((fptr = fopen(temp, "r")) != NULL)
8500 while (fgets(temp, sizeof(temp), fptr) != 0)
8502 for (i = 0; i < (int)strlen(temp); i++)
8503 temp[i] = toupper(temp[i]);
8505 if (temp[strlen(temp) - 1] == '\n')
8506 temp[strlen(temp) - 1] = '\0';
8510 if (strlen(temp) == 0)
8513 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8515 if (strlen(temp) > (strlen(DOMAIN)))
8517 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8518 StringTrim(ldap_domain);
8521 else if (!strncmp(temp, REALM, strlen(REALM)))
8523 if (strlen(temp) > (strlen(REALM)))
8525 strcpy(ldap_realm, &temp[strlen(REALM)]);
8526 StringTrim(ldap_realm);
8529 else if (!strncmp(temp, PORT, strlen(PORT)))
8531 if (strlen(temp) > (strlen(PORT)))
8533 strcpy(ldap_port, &temp[strlen(PORT)]);
8534 StringTrim(ldap_port);
8537 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8539 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8541 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8542 StringTrim(PrincipalName);
8545 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8547 if (strlen(temp) > (strlen(SERVER)))
8549 ServerList[Count] = calloc(1, 256);
8550 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8551 StringTrim(ServerList[Count]);
8555 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8557 if (strlen(temp) > (strlen(MSSFU)))
8559 strcpy(temp1, &temp[strlen(MSSFU)]);
8561 if (!strcmp(temp1, SFUTYPE))
8565 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8567 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8569 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8571 if (!strcasecmp(temp1, "NO"))
8574 memset(group_suffix, '\0', sizeof(group_suffix));
8578 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8580 if (strlen(temp) > (strlen(GROUP_TYPE)))
8582 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8584 if (!strcasecmp(temp1, "UNIVERSAL"))
8585 UseGroupUniversal = 1;
8588 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8590 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8592 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8594 if (!strcasecmp(temp1, "NO"))
8598 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8600 if (strlen(temp) > (strlen(SET_PASSWORD)))
8602 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8604 if (!strcasecmp(temp1, "NO"))
8608 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8610 if (strlen(temp) > (strlen(EXCHANGE)))
8612 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8614 if (!strcasecmp(temp1, "YES"))
8618 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8619 strlen(PROCESS_MACHINE_CONTAINER)))
8621 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8623 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8625 if (!strcasecmp(temp1, "NO"))
8626 ProcessMachineContainer = 0;
8629 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8630 strlen(ACTIVE_DIRECTORY)))
8632 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8634 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8636 if (!strcasecmp(temp1, "NO"))
8637 ActiveDirectory = 0;
8640 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8641 strlen(GROUP_POPULATE_MEMBERS)))
8643 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8645 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8647 if (!strcasecmp(temp1, "DELETE"))
8649 GroupPopulateDelete = 1;
8655 if (strlen(ldap_domain) != 0)
8657 memset(ldap_domain, '\0', sizeof(ldap_domain));
8661 if (strlen(temp) != 0)
8662 strcpy(ldap_domain, temp);
8668 if (strlen(ldap_domain) == 0)
8670 strcpy(ldap_domain, DomainName);
8676 for (i = 0; i < Count; i++)
8678 if (ServerList[i] != 0)
8680 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8681 ServerList[i][k] = toupper(ServerList[i][k]);
8688 int ReadDomainList()
8695 unsigned char c[11];
8696 unsigned char stuff[256];
8701 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8703 if ((fptr = fopen(temp, "r")) != NULL)
8705 while (fgets(temp, sizeof(temp), fptr) != 0)
8707 for (i = 0; i < (int)strlen(temp); i++)
8708 temp[i] = toupper(temp[i]);
8710 if (temp[strlen(temp) - 1] == '\n')
8711 temp[strlen(temp) - 1] = '\0';
8715 if (strlen(temp) == 0)
8718 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8720 if (strlen(temp) > (strlen(DOMAIN)))
8722 strcpy(temp1, &temp[strlen(DOMAIN)]);
8724 strcpy(temp, temp1);
8728 strcpy(DomainNames[Count], temp);
8729 StringTrim(DomainNames[Count]);
8738 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8739 "configuration error in ldap.cfg");
8746 int email_isvalid(const char *address) {
8748 const char *c, *domain;
8749 static char *rfc822_specials = "()<>@,;:\\\"[]";
8751 if(address[strlen(address) - 1] == '.')
8754 /* first we validate the name portion (name@domain) */
8755 for (c = address; *c; c++) {
8756 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8761 if (*c == '\\' && (*++c == ' '))
8763 if (*c <= ' ' || *c >= 127)
8778 if (*c <= ' ' || *c >= 127)
8780 if (strchr(rfc822_specials, *c))
8784 if (c == address || *(c - 1) == '.')
8787 /* next we validate the domain portion (name@domain) */
8788 if (!*(domain = ++c)) return 0;
8791 if (c == domain || *(c - 1) == '.')
8795 if (*c <= ' ' || *c >= 127)
8797 if (strchr(rfc822_specials, *c))
8801 return (count >= 1);
8804 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8805 char **homeServerName)
8807 LK_ENTRY *group_base;
8808 LK_ENTRY *sub_group_base;
8812 int sub_group_count;
8814 char sub_filter[1024];
8815 char search_path[1024];
8817 char *attr_array[3];
8819 int homeMDB_count = -1;
8823 int rangeStep = 1500;
8825 int rangeHigh = rangeLow + (rangeStep - 1);
8828 /* Grumble..... microsoft not making it searchable from the root *grr* */
8830 memset(filter, '\0', sizeof(filter));
8831 memset(search_path, '\0', sizeof(search_path));
8833 sprintf(filter, "(objectClass=msExchMDB)");
8834 sprintf(search_path, "CN=Configuration,%s", dn_path);
8835 attr_array[0] = "distinguishedName";
8836 attr_array[1] = NULL;
8841 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8842 &group_base, &group_count,
8843 LDAP_SCOPE_SUBTREE)) != 0)
8845 com_err(whoami, 0, "Unable to find msExchMDB %s",
8846 ldap_err2string(rc));
8855 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8856 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8857 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8864 * Due to limits in active directory we need to use the LDAP
8865 * range semantics to query and return all the values in
8866 * large lists, we will stop increasing the range when
8867 * the result count is 0.
8875 memset(sub_filter, '\0', sizeof(sub_filter));
8876 memset(range, '\0', sizeof(range));
8877 sprintf(sub_filter, "(objectClass=msExchMDB)");
8880 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8882 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8884 attr_array[0] = range;
8885 attr_array[1] = NULL;
8887 sub_group_base = NULL;
8888 sub_group_count = 0;
8890 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8891 attr_array, &sub_group_base,
8893 LDAP_SCOPE_SUBTREE)) != 0)
8895 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8896 ldap_err2string(rc));
8900 if(!sub_group_count)
8906 rangeHigh = rangeLow + (rangeStep - 1);
8913 mdbbl_count += sub_group_count;
8914 rangeLow = rangeHigh + 1;
8915 rangeHigh = rangeLow + (rangeStep - 1);
8918 /* First time through, need to initialize or update the least used */
8920 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8923 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8925 homeMDB_count = mdbbl_count;
8926 *homeMDB = strdup(gPtr->dn);
8930 linklist_free(sub_group_base);
8934 linklist_free(group_base);
8937 * Ok found the server least allocated need to now query to get its
8938 * msExchHomeServerName so we can set it as a user attribute
8941 attr_array[0] = "legacyExchangeDN";
8942 attr_array[1] = NULL;
8947 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8948 attr_array, &group_base,
8950 LDAP_SCOPE_SUBTREE)) != 0)
8952 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8953 ldap_err2string(rc));
8959 *homeServerName = strdup(group_base->value);
8960 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8966 linklist_free(group_base);
8971 char *lowercase(char *s)
8975 for (p = s; *p; p++)
8983 char *uppercase(char *s)
8987 for (p = s; *p; p++)
8995 char *escape_string(char *s)
9003 memset(string, '\0', sizeof(string));
9007 /* Escape any special characters */
9009 for(; *q != '\0'; q++) {
9032 return strdup(string);
9035 int save_query_info(int argc, char **argv, void *hint)
9038 char **nargv = hint;
9040 for(i = 0; i < argc; i++)
9041 nargv[i] = strdup(argv[i]);
9046 int save_fsgroup_info(int argc, char **argv, void *hint)
9049 char **nargv = hint;
9053 for(i = 0; i < argc; i++)
9054 nargv[i] = strdup(argv[i]);