2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
124 #define ECONNABORTED WSAECONNABORTED
127 #define ECONNREFUSED WSAECONNREFUSED
130 #define EHOSTUNREACH WSAEHOSTUNREACH
132 #define krb5_xfree free
134 #define sleep(A) Sleep(A * 1000);
138 #include <sys/types.h>
139 #include <netinet/in.h>
140 #include <arpa/nameser.h>
142 #include <sys/utsname.h>
145 #define WINADCFG "/moira/winad/winad.cfg"
146 #define strnicmp(A,B,C) strncasecmp(A,B,C)
147 #define UCHAR unsigned char
149 #define UF_SCRIPT 0x0001
150 #define UF_ACCOUNTDISABLE 0x0002
151 #define UF_HOMEDIR_REQUIRED 0x0008
152 #define UF_LOCKOUT 0x0010
153 #define UF_PASSWD_NOTREQD 0x0020
154 #define UF_PASSWD_CANT_CHANGE 0x0040
155 #define UF_DONT_EXPIRE_PASSWD 0x10000
157 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
158 #define UF_NORMAL_ACCOUNT 0x0200
159 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
160 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
161 #define UF_SERVER_TRUST_ACCOUNT 0x2000
163 #define OWNER_SECURITY_INFORMATION (0x00000001L)
164 #define GROUP_SECURITY_INFORMATION (0x00000002L)
165 #define DACL_SECURITY_INFORMATION (0x00000004L)
166 #define SACL_SECURITY_INFORMATION (0x00000008L)
169 #define BYTE unsigned char
171 typedef unsigned int DWORD;
172 typedef unsigned long ULONG;
177 unsigned short Data2;
178 unsigned short Data3;
179 unsigned char Data4[8];
182 typedef struct _SID_IDENTIFIER_AUTHORITY {
184 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
186 typedef struct _SID {
188 BYTE SubAuthorityCount;
189 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
190 DWORD SubAuthority[512];
195 #define WINADCFG "winad.cfg"
199 #define WINAFS "\\\\afs\\all\\"
201 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
202 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
204 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
205 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
207 #define QUERY_VERSION -1
208 #define PRIMARY_REALM "ATHENA.MIT.EDU"
217 #define MEMBER_REMOVE 2
218 #define MEMBER_CHANGE_NAME 3
219 #define MEMBER_ACTIVATE 4
220 #define MEMBER_DEACTIVATE 5
221 #define MEMBER_CREATE 6
223 #define MOIRA_ALL 0x0
224 #define MOIRA_USERS 0x1
225 #define MOIRA_KERBEROS 0x2
226 #define MOIRA_STRINGS 0x4
227 #define MOIRA_LISTS 0x8
229 #define CHECK_GROUPS 1
230 #define CLEANUP_GROUPS 2
232 #define AD_NO_GROUPS_FOUND -1
233 #define AD_WRONG_GROUP_DN_FOUND -2
234 #define AD_MULTIPLE_GROUPS_FOUND -3
235 #define AD_INVALID_NAME -4
236 #define AD_LDAP_FAILURE -5
237 #define AD_INVALID_FILESYS -6
238 #define AD_NO_ATTRIBUTE_FOUND -7
239 #define AD_NO_OU_FOUND -8
240 #define AD_NO_USER_FOUND -9
242 /* container arguments */
243 #define CONTAINER_NAME 0
244 #define CONTAINER_DESC 1
245 #define CONTAINER_LOCATION 2
246 #define CONTAINER_CONTACT 3
247 #define CONTAINER_TYPE 4
248 #define CONTAINER_ID 5
249 #define CONTAINER_ROWID 6
250 #define CONTAINER_GROUP_NAME 7
252 /*mcntmap arguments*/
253 #define OU_MACHINE_NAME 0
254 #define OU_CONTAINER_NAME 1
255 #define OU_MACHINE_ID 2
256 #define OU_CONTAINER_ID 3
257 #define OU_CONTAINER_GROUP 4
259 typedef struct lk_entry {
269 struct lk_entry *next;
272 #define STOP_FILE "/moira/winad/nowinad"
273 #define file_exists(file) (access((file), F_OK) == 0)
275 #define N_SD_BER_BYTES 5
276 #define LDAP_BERVAL struct berval
277 #define MAX_SERVER_NAMES 32
279 #define HIDDEN_GROUP "HiddenGroup.g"
280 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
281 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
282 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
284 #define ADD_ATTR(t, v, o) \
285 mods[n] = malloc(sizeof(LDAPMod)); \
286 mods[n]->mod_op = o; \
287 mods[n]->mod_type = t; \
288 mods[n++]->mod_values = v
290 #define DEL_ATTR(t, o) \
291 DelMods[i] = malloc(sizeof(LDAPMod)); \
292 DelMods[i]->mod_op = o; \
293 DelMods[i]->mod_type = t; \
294 DelMods[i++]->mod_values = NULL
296 #define DOMAIN_SUFFIX "MIT.EDU"
297 #define DOMAIN "DOMAIN: "
298 #define SERVER "SERVER: "
299 #define MSSFU "SFU: "
302 LK_ENTRY *member_base = NULL;
303 LK_ENTRY *sid_base = NULL;
304 LK_ENTRY **sid_ptr = NULL;
305 static char tbl_buf[1024];
306 char kerberos_ou[] = "OU=kerberos,OU=moira";
307 char contact_ou[] = "OU=strings,OU=moira";
308 char user_ou[] = "OU=users,OU=moira";
309 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
310 char group_ou_root[] = "OU=lists,OU=moira";
311 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
312 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
313 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
314 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
315 char orphans_other_ou[] = "OU=Other,OU=Orphans";
316 char security_template_ou[] = "OU=security_templates";
318 char ldap_domain[256];
319 char *ServerList[MAX_SERVER_NAMES];
320 int mr_connections = 0;
322 char default_server[256];
323 static char tbl_buf[1024];
326 extern int set_password(char *user, char *password, char *domain);
328 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
329 char *group_membership, char *MoiraId, char *attribute,
330 LK_ENTRY **linklist_base, int *linklist_count,
332 void AfsToWinAfs(char* path, char* winPath);
333 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
334 char *Win2kPassword, char *Win2kUser, char *default_server,
335 int connect_to_kdc, char **ServerList, int *IgnoreMasterSeverError);
336 void ad_kdc_disconnect();
337 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
338 char *attribute_value, char *attribute, char *user_name);
339 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
340 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
341 void check_winad(void);
342 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
344 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
345 char *distinguishedName, int count, char **av);
346 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
347 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
348 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
349 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
350 char *distinguishedName, int count, char **av);
351 void container_get_dn(char *src, char *dest);
352 void container_get_name(char *src, char *dest);
353 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
354 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
355 int afterc, char **after);
356 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
357 int afterc, char **after);
359 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
360 char *fs_type, char *fs_pack, int operation);
361 int GetAceInfo(int ac, char **av, void *ptr);
362 int GetServerList(char *ldap_domain, char **MasterServe);
363 int get_group_membership(char *group_membership, char *group_ou,
364 int *security_flag, char **av);
365 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
366 int Moira_container_group_create(char **after);
367 int Moira_container_group_delete(char **before);
368 int Moira_groupname_create(char *GroupName, char *ContainerName,
369 char *ContainerRowID);
370 int Moira_container_group_update(char **before, char **after);
371 int Moira_process_machine_container_group(char *MachineName, char* groupName,
373 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
374 int Moira_getContainerGroup(int ac, char **av, void *ptr);
375 int Moira_getGroupName(char *origContainerName, char *GroupName,
377 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
378 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
379 int UpdateGroup, int *ProcessGroup);
380 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
381 char *group_name, char *group_ou, char *group_membership,
382 int group_security_flag, int type);
383 int process_lists(int ac, char **av, void *ptr);
384 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
385 int HiddenGroup, char *AceType, char *AceName);
386 int ProcessMachineName(int ac, char **av, void *ptr);
387 int user_create(int ac, char **av, void *ptr);
388 int user_change_status(LDAP *ldap_handle, char *dn_path,
389 char *user_name, char *MoiraId, int operation);
390 int user_delete(LDAP *ldap_handle, char *dn_path,
391 char *u_name, char *MoiraId);
392 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
394 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
395 char *uid, char *MitId, char *MoiraId, int State,
396 char *WinHomeDir, char *WinProfileDir);
397 void change_to_lower_case(char *ptr);
398 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
399 int group_create(int ac, char **av, void *ptr);
400 int group_delete(LDAP *ldap_handle, char *dn_path,
401 char *group_name, char *group_membership, char *MoiraId);
402 int group_rename(LDAP *ldap_handle, char *dn_path,
403 char *before_group_name, char *before_group_membership,
404 char *before_group_ou, int before_security_flag, char *before_desc,
405 char *after_group_name, char *after_group_membership,
406 char *after_group_ou, int after_security_flag, char *after_desc,
407 char *MoiraId, char *filter);
408 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
409 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
410 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
411 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
412 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
413 char *group_name, char *group_ou, char *group_membership,
414 int group_security_flag, int updateGroup);
415 int member_list_build(int ac, char **av, void *ptr);
416 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
417 char *group_ou, char *group_membership,
418 char *user_name, char *pUserOu, char *MoiraId);
419 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
420 char *group_ou, char *group_membership, char *user_name,
421 char *pUserOu, char *MoiraId);
422 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_ou, char *group_membership,
424 int group_security_flag, char *MoiraId);
425 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
426 char *WinHomeDir, char *WinProfileDir,
427 char **homedir_v, char **winProfile_v,
428 char **drives_v, LDAPMod **mods,
430 int sid_update(LDAP *ldap_handle, char *dn_path);
431 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
432 int check_string(char *s);
433 int check_container_name(char* s);
434 void convert_b_to_a(char *string, UCHAR *binary, int length);
435 int mr_connect_cl(char *server, char *client, int version, int auth);
437 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
438 char **before, int beforec, char **after, int afterc);
439 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
440 char **before, int beforec, char **after, int afterc);
441 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
442 char **before, int beforec, char **after, int afterc);
443 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
444 char **before, int beforec, char **after, int afterc);
445 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
446 char **before, int beforec, char **after, int afterc);
447 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
448 char **before, int beforec, char **after, int afterc);
449 int linklist_create_entry(char *attribute, char *value,
450 LK_ENTRY **linklist_entry);
451 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
452 char **attr_array, LK_ENTRY **linklist_base,
453 int *linklist_count, unsigned long ScopeType);
454 void linklist_free(LK_ENTRY *linklist_base);
456 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
457 char *distinguished_name, LK_ENTRY **linklist_current);
458 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
459 LK_ENTRY **linklist_base, int *linklist_count);
460 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
461 char *Attribute, char *distinguished_name,
462 LK_ENTRY **linklist_current);
464 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
465 char *oldValue, char *newValue,
466 char ***modvalues, int type);
467 void free_values(char **modvalues);
469 int convert_domain_to_dn(char *domain, char **bind_path);
470 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
471 char *distinguished_name);
472 int moira_disconnect(void);
473 int moira_connect(void);
474 void print_to_screen(const char *fmt, ...);
475 int GetMachineName(char *MachineName);
477 int main(int argc, char **argv)
487 int IgnoreServerListError;
496 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
500 com_err(whoami, 0, "Unable to process %s", "argc < 4");
503 beforec = atoi(argv[2]);
504 afterc = atoi(argv[3]);
506 if (argc < (4 + beforec + afterc))
508 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
514 after = &argv[4 + beforec];
521 for (i = 1; i < argc; i++)
523 strcat(tbl_buf, argv[i]);
524 strcat(tbl_buf, " ");
526 com_err(whoami, 0, "%s", tbl_buf);
530 memset(ldap_domain, '\0', sizeof(ldap_domain));
531 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
532 memset(temp, '\0', sizeof(temp));
537 if ((fptr = fopen(WINADCFG, "r")) != NULL)
539 while (fgets(temp, sizeof(temp), fptr) != 0)
541 for (i = 0; i < (int)strlen(temp); i++)
542 temp[i] = toupper(temp[i]);
543 if (temp[strlen(temp) - 1] == '\n')
544 temp[strlen(temp) - 1] = '\0';
545 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
547 if (strlen(temp) > (strlen(DOMAIN)))
549 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
552 else if (!strncmp(temp, SERVER, strlen(SERVER)))
554 if (strlen(temp) > (strlen(SERVER)))
556 ServerList[Count] = calloc(1, 256);
557 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
561 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
563 if (strlen(temp) > (strlen(MSSFU)))
565 if (!strcmp(&temp[strlen(MSSFU)], SFUTYPE))
571 strcpy(ldap_domain, temp);
577 if (strlen(ldap_domain) == 0)
578 strcpy(ldap_domain, "win.mit.edu");
579 /* zero trailing newline, if there is one. */
580 if (ldap_domain[strlen(ldap_domain) - 1] == '\n')
581 ldap_domain[strlen(ldap_domain) - 1] = '\0';
583 initialize_sms_error_table();
584 initialize_krb_error_table();
586 IgnoreServerListError = 0;
587 if (ServerList[0] == NULL)
589 IgnoreServerListError = 1;
590 GetServerList(ldap_domain, ServerList);
592 for (i = 0; i < MAX_SERVER_NAMES; i++)
594 if (ServerList[i] != 0)
596 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
597 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
598 strcat(ServerList[i], ".");
599 strcat(ServerList[i], ldap_domain);
600 for (k = 0; k < (int)strlen(ServerList[i]); k++)
601 ServerList[i][k] = toupper(ServerList[i][k]);
605 memset(default_server, '\0', sizeof(default_server));
606 memset(dn_path, '\0', sizeof(dn_path));
607 for (i = 0; i < 5; i++)
609 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
610 default_server, 1, ServerList, &IgnoreServerListError)))
612 if (IgnoreServerListError < 0)
614 GetServerList(ldap_domain, ServerList);
615 for (j = 0; j < MAX_SERVER_NAMES; j++)
617 if (ServerList[j] != NULL)
619 if (ServerList[j][strlen(ServerList[j]) - 1] == '\n')
620 ServerList[j][strlen(ServerList[j]) - 1] = '\0';
621 strcat(ServerList[j], ".");
622 strcat(ServerList[j], ldap_domain);
623 for (k = 0; k < (int)strlen(ServerList[j]); k++)
624 ServerList[j][k] = toupper(ServerList[j][k]);
627 IgnoreServerListError = 1;
634 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
638 for (i = 0; i < (int)strlen(table); i++)
639 table[i] = tolower(table[i]);
641 if (!strcmp(table, "users"))
642 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
644 else if (!strcmp(table, "list"))
645 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
647 else if (!strcmp(table, "imembers"))
648 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
650 else if (!strcmp(table, "filesys"))
651 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
653 else if (!strcmp(table, "containers"))
654 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
656 else if (!strcmp(table, "mcntmap"))
657 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
659 if (OldUseSFU30 != UseSFU30)
661 GetServerList(ldap_domain, ServerList);
664 for (i = 0; i < MAX_SERVER_NAMES; i++)
666 if (ServerList[i] != NULL)
669 ServerList[i] = NULL;
672 rc = ldap_unbind_s(ldap_handle);
676 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
677 char **before, int beforec, char **after, int afterc)
679 char MoiraContainerName[128];
680 char ADContainerName[128];
681 char MachineName[1024];
682 char OriginalMachineName[1024];
685 char MoiraContainerGroup[64];
688 memset(ADContainerName, '\0', sizeof(ADContainerName));
689 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
691 if ((beforec == 0) && (afterc == 0))
694 if (rc = moira_connect())
696 critical_alert("AD incremental",
697 "Error contacting Moira server : %s",
702 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
704 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
705 strcpy(MachineName, before[OU_MACHINE_NAME]);
706 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
708 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
710 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
712 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
713 strcpy(MachineName, after[OU_MACHINE_NAME]);
714 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
715 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
723 rc = GetMachineName(MachineName);
724 if (strlen(MachineName) == 0)
727 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
730 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
732 if (machine_check(ldap_handle, dn_path, MachineName))
734 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
738 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
739 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
740 if (strlen(MoiraContainerName) == 0)
742 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
743 OriginalMachineName, MachineName);
744 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
748 container_get_dn(MoiraContainerName, ADContainerName);
749 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
750 strcat(MoiraContainerName, "/");
751 container_check(ldap_handle, dn_path, MoiraContainerName);
752 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
757 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
758 char **before, int beforec, char **after, int afterc)
762 if ((beforec == 0) && (afterc == 0))
765 if (rc = moira_connect())
767 critical_alert("AD incremental", "Error contacting Moira server : %s",
772 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
774 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
775 container_delete(ldap_handle, dn_path, beforec, before);
776 Moira_container_group_delete(before);
780 if ((beforec == 0) && (afterc != 0)) /*create a container*/
782 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
783 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
784 container_create(ldap_handle, dn_path, afterc, after);
785 Moira_container_group_create(after);
790 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
792 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
793 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
794 Moira_container_group_update(before, after);
798 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
799 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
800 Moira_container_group_update(before, after);
805 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
806 char **before, int beforec, char **after, int afterc)
819 if (afterc < FS_CREATE)
823 atype = !strcmp(after[FS_TYPE], "AFS");
824 acreate = atoi(after[FS_CREATE]);
827 if (beforec < FS_CREATE)
829 if (acreate == 0 || atype == 0)
831 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
835 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
836 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
838 if (rc != LDAP_SUCCESS)
839 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
846 if (rc = moira_connect())
848 critical_alert("AD incremental",
849 "Error contacting Moira server : %s",
853 av[0] = after[FS_NAME];
854 call_args[0] = (char *)ldap_handle;
855 call_args[1] = dn_path;
861 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
865 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
871 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
874 if (sid_base != NULL)
876 sid_update(ldap_handle, dn_path);
877 linklist_free(sid_base);
885 btype = !strcmp(before[FS_TYPE], "AFS");
886 bcreate = atoi(before[FS_CREATE]);
887 if (afterc < FS_CREATE)
889 if (btype && bcreate)
891 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
892 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
894 com_err(whoami, 0, "Unable to delete filesys %s", before[FS_NAME]);
903 if (!atype && !btype)
905 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
907 com_err(whoami, 0, "Unable to process Filesystem %s or %s is not AFS",
908 before[FS_NAME], after[FS_NAME]);
912 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
916 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
917 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
919 if (rc != LDAP_SUCCESS)
920 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
927 if (rc = moira_connect())
929 critical_alert("AD incremental",
930 "Error contacting Moira server : %s",
934 av[0] = after[FS_NAME];
935 call_args[0] = (char *)ldap_handle;
936 call_args[1] = dn_path;
942 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
946 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
952 com_err(whoami, 0, "Unable to process filesys %s", after[FS_NAME]);
955 if (sid_base != NULL)
957 sid_update(ldap_handle, dn_path);
958 linklist_free(sid_base);
968 #define L_LIST_DESC 9
971 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
972 char **before, int beforec, char **after, int afterc)
977 char group_membership[6];
982 char before_list_id[32];
983 char before_group_membership[1];
984 int before_security_flag;
985 char before_group_ou[256];
986 LK_ENTRY *ptr = NULL;
988 if (beforec == 0 && afterc == 0)
991 memset(list_id, '\0', sizeof(list_id));
992 memset(before_list_id, '\0', sizeof(before_list_id));
993 memset(before_group_ou, '\0', sizeof(before_group_ou));
994 memset(before_group_membership, '\0', sizeof(before_group_membership));
995 memset(group_ou, '\0', sizeof(group_ou));
996 memset(group_membership, '\0', sizeof(group_membership));
1001 if (beforec < L_LIST_ID)
1003 if (beforec > L_LIST_DESC)
1005 strcpy(before_list_id, before[L_LIST_ID]);
1007 before_security_flag = 0;
1008 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
1012 if (afterc < L_LIST_ID)
1014 if (afterc > L_LIST_DESC)
1016 strcpy(list_id, after[L_LIST_ID]);
1019 get_group_membership(group_membership, group_ou, &security_flag, after);
1022 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1029 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1030 before_group_ou, before_group_membership,
1031 before_security_flag, CHECK_GROUPS)))
1033 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1039 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1040 before_group_ou, before_group_membership,
1041 before_security_flag, CLEANUP_GROUPS);
1043 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1045 com_err(whoami, 0, "Unable to process list %s",
1049 if (rc == AD_NO_GROUPS_FOUND)
1055 if ((beforec != 0) && (afterc != 0))
1057 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1058 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1059 (strcmp(before_group_ou, group_ou)))) &&
1062 com_err(whoami, 0, "Changing list name from %s to %s",
1063 before[L_NAME], after[L_NAME]);
1064 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1065 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1067 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1070 memset(filter, '\0', sizeof(filter));
1071 if ((rc = group_rename(ldap_handle, dn_path,
1072 before[L_NAME], before_group_membership,
1073 before_group_ou, before_security_flag, before[L_LIST_DESC],
1074 after[L_NAME], group_membership,
1075 group_ou, security_flag, after[L_LIST_DESC],
1078 if (rc != AD_NO_GROUPS_FOUND)
1080 com_err(whoami, 0, "Unable to change list name from %s to %s",
1081 before[L_NAME], after[L_NAME]);
1094 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1096 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
1099 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1100 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1101 before_group_membership, before_list_id);
1108 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1109 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1110 group_ou, group_membership,
1111 security_flag, CHECK_GROUPS))
1113 if (rc != AD_NO_GROUPS_FOUND)
1115 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1117 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1118 group_ou, group_membership,
1119 security_flag, CLEANUP_GROUPS);
1123 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
1130 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1132 if (rc = moira_connect())
1134 critical_alert("AD incremental",
1135 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1145 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1148 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1149 group_ou, group_membership, security_flag, updateGroup))
1154 if (atoi(after[L_ACTIVE]))
1156 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1157 group_membership, security_flag, list_id);
1164 #define LM_EXTRA_ACTIVE (LM_END)
1165 #define LM_EXTRA_PUBLIC (LM_END+1)
1166 #define LM_EXTRA_HIDDEN (LM_END+2)
1167 #define LM_EXTRA_MAILLIST (LM_END+3)
1168 #define LM_EXTRA_GROUP (LM_END+4)
1169 #define LM_EXTRA_GID (LM_END+5)
1170 #define LMN_LIST_ID (LM_END+6)
1171 #define LM_LIST_ID (LM_END+7)
1172 #define LM_USER_ID (LM_END+8)
1173 #define LM_EXTRA_END (LM_END+9)
1175 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1176 char **before, int beforec, char **after, int afterc)
1178 char group_name[128];
1179 char user_name[128];
1180 char user_type[128];
1181 char moira_list_id[32];
1182 char moira_user_id[32];
1183 char group_membership[1];
1185 char machine_ou[256];
1191 char NewMachineName[1024];
1198 memset(moira_list_id, '\0', sizeof(moira_list_id));
1199 memset(moira_user_id, '\0', sizeof(moira_user_id));
1202 if (afterc < LM_EXTRA_GID)
1204 if (!atoi(after[LM_EXTRA_ACTIVE]))
1206 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
1210 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1212 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1213 after[2], after[0], after[0]);
1216 strcpy(user_name, after[LM_MEMBER]);
1217 strcpy(group_name, after[LM_LIST]);
1218 strcpy(user_type, after[LM_TYPE]);
1219 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1221 if (afterc > LM_EXTRA_GROUP)
1223 strcpy(moira_list_id, after[LMN_LIST_ID]);
1224 strcpy(moira_user_id, after[LM_LIST_ID]);
1227 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1229 if (afterc > LMN_LIST_ID)
1231 strcpy(moira_list_id, after[LM_LIST_ID]);
1232 strcpy(moira_user_id, after[LM_USER_ID]);
1237 if (afterc > LM_EXTRA_GID)
1238 strcpy(moira_list_id, after[LMN_LIST_ID]);
1243 if (beforec < LM_EXTRA_GID)
1245 if (!atoi(before[LM_EXTRA_ACTIVE]))
1247 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1251 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1253 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1254 before[2], before[0], before[0]);
1257 strcpy(user_name, before[LM_MEMBER]);
1258 strcpy(group_name, before[LM_LIST]);
1259 strcpy(user_type, before[LM_TYPE]);
1260 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1262 if (beforec > LM_EXTRA_GROUP)
1264 strcpy(moira_list_id, before[LMN_LIST_ID]);
1265 strcpy(moira_user_id, before[LM_LIST_ID]);
1268 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1270 if (beforec > LMN_LIST_ID)
1272 strcpy(moira_list_id, before[LM_LIST_ID]);
1273 strcpy(moira_user_id, before[LM_USER_ID]);
1278 if (beforec > LM_EXTRA_GID)
1279 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1289 args[L_NAME] = ptr[LM_LIST];
1290 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1291 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1292 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1293 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1294 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1295 args[L_GID] = ptr[LM_EXTRA_GID];
1298 memset(group_ou, '\0', sizeof(group_ou));
1299 get_group_membership(group_membership, group_ou, &security_flag, args);
1300 if (strlen(group_ou) == 0)
1302 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1305 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1307 if (rc != AD_NO_GROUPS_FOUND)
1309 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1311 if (rc != AD_NO_GROUPS_FOUND)
1314 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1316 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1322 if (rc == AD_NO_GROUPS_FOUND)
1324 if (rc = moira_connect())
1326 critical_alert("AD incremental",
1327 "Error contacting Moira server : %s",
1332 com_err(whoami, 0, "creating group %s", group_name);
1334 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1338 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1341 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1342 group_ou, group_membership, security_flag, 0))
1347 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1349 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1350 group_membership, security_flag, moira_list_id);
1357 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1359 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1361 memset(machine_ou, '\0', sizeof(machine_ou));
1362 memset(NewMachineName, '\0', sizeof(NewMachineName));
1363 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1365 ptr[LM_MEMBER] = NewMachineName;
1366 pUserOu = machine_ou;
1368 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1370 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1372 pUserOu = contact_ou;
1374 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1376 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1378 pUserOu = kerberos_ou;
1380 if (rc = member_remove(ldap_handle, dn_path, group_name,
1381 group_ou, group_membership, ptr[LM_MEMBER],
1382 pUserOu, moira_list_id))
1383 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1387 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1390 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1392 memset(machine_ou, '\0', sizeof(machine_ou));
1393 memset(NewMachineName, '\0', sizeof(NewMachineName));
1394 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1396 ptr[LM_MEMBER] = NewMachineName;
1397 pUserOu = machine_ou;
1399 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1401 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1403 pUserOu = contact_ou;
1405 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1407 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1409 pUserOu = kerberos_ou;
1411 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1413 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1414 moira_user_id)) == AD_NO_USER_FOUND)
1416 if (rc = moira_connect())
1418 critical_alert("AD incremental",
1419 "Error connection to Moira : %s",
1423 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1424 av[0] = ptr[LM_MEMBER];
1425 call_args[0] = (char *)ldap_handle;
1426 call_args[1] = dn_path;
1427 call_args[2] = moira_user_id;
1428 call_args[3] = NULL;
1430 sid_ptr = &sid_base;
1432 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1436 com_err(whoami, 0, "Unable to create user %s : %s",
1437 ptr[LM_MEMBER], error_message(rc));
1443 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1447 if (sid_base != NULL)
1449 sid_update(ldap_handle, dn_path);
1450 linklist_free(sid_base);
1461 if (rc = member_add(ldap_handle, dn_path, group_name,
1462 group_ou, group_membership, ptr[LM_MEMBER],
1463 pUserOu, moira_list_id))
1465 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1471 #define U_USER_ID 10
1472 #define U_HOMEDIR 11
1473 #define U_PROFILEDIR 12
1475 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1476 char **before, int beforec, char **after,
1481 char after_user_id[32];
1482 char before_user_id[32];
1485 if ((beforec == 0) && (afterc == 0))
1488 memset(after_user_id, '\0', sizeof(after_user_id));
1489 memset(before_user_id, '\0', sizeof(before_user_id));
1490 if (beforec > U_USER_ID)
1491 strcpy(before_user_id, before[U_USER_ID]);
1492 if (afterc > U_USER_ID)
1493 strcpy(after_user_id, after[U_USER_ID]);
1495 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1498 if ((beforec == 0) && (afterc != 0))
1500 /*this case only happens when the account*/
1501 /*account is first created but not usable*/
1502 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1505 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1507 if (atoi(before[U_STATE]) == 0)
1509 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1510 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1514 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1519 /*process anything that gets here*/
1520 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1521 before_user_id)) == AD_NO_USER_FOUND)
1523 if (!check_string(after[U_NAME]))
1525 if (rc = moira_connect())
1527 critical_alert("AD incremental",
1528 "Error connection to Moira : %s",
1532 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1534 av[0] = after[U_NAME];
1535 call_args[0] = (char *)ldap_handle;
1536 call_args[1] = dn_path;
1537 call_args[2] = after_user_id;
1538 call_args[3] = NULL;
1540 sid_ptr = &sid_base;
1542 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1546 com_err(whoami, 0, "Unable to create user %s : %s",
1547 after[U_NAME], error_message(rc));
1553 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1557 if (sid_base != NULL)
1559 sid_update(ldap_handle, dn_path);
1560 linklist_free(sid_base);
1569 if (strcmp(before[U_NAME], after[U_NAME]))
1571 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1573 com_err(whoami, 0, "changing user %s to %s",
1574 before[U_NAME], after[U_NAME]);
1575 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1576 after[U_NAME])) != LDAP_SUCCESS)
1582 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1583 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1584 after[U_UID], after[U_MITID],
1585 after_user_id, atoi(after[U_STATE]),
1586 after[U_HOMEDIR], after[U_PROFILEDIR]);
1590 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1591 char *oldValue, char *newValue,
1592 char ***modvalues, int type)
1594 LK_ENTRY *linklist_ptr;
1598 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1603 for (i = 0; i < (modvalue_count + 1); i++)
1604 (*modvalues)[i] = NULL;
1605 if (modvalue_count != 0)
1607 linklist_ptr = linklist_base;
1608 for (i = 0; i < modvalue_count; i++)
1610 if ((oldValue != NULL) && (newValue != NULL))
1612 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1615 if (type == REPLACE)
1617 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1620 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1621 strcpy((*modvalues)[i], newValue);
1625 if (((*modvalues)[i] = calloc(1,
1626 (int)(cPtr - linklist_ptr->value) +
1627 (linklist_ptr->length - strlen(oldValue)) +
1628 strlen(newValue) + 1)) == NULL)
1630 memset((*modvalues)[i], '\0',
1631 (int)(cPtr - linklist_ptr->value) +
1632 (linklist_ptr->length - strlen(oldValue)) +
1633 strlen(newValue) + 1);
1634 memcpy((*modvalues)[i], linklist_ptr->value,
1635 (int)(cPtr - linklist_ptr->value));
1636 strcat((*modvalues)[i], newValue);
1637 strcat((*modvalues)[i],
1638 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1643 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1644 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1645 memcpy((*modvalues)[i], linklist_ptr->value,
1646 linklist_ptr->length);
1651 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1652 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1653 memcpy((*modvalues)[i], linklist_ptr->value,
1654 linklist_ptr->length);
1656 linklist_ptr = linklist_ptr->next;
1658 (*modvalues)[i] = NULL;
1664 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1665 char **attr_array, LK_ENTRY **linklist_base,
1666 int *linklist_count, unsigned long ScopeType)
1669 LDAPMessage *ldap_entry;
1673 (*linklist_base) = NULL;
1674 (*linklist_count) = 0;
1675 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1676 search_exp, attr_array, 0, &ldap_entry))
1679 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1683 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1685 ldap_msgfree(ldap_entry);
1690 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1691 LK_ENTRY **linklist_base, int *linklist_count)
1693 char distinguished_name[1024];
1694 LK_ENTRY *linklist_ptr;
1697 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1700 memset(distinguished_name, '\0', sizeof(distinguished_name));
1701 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1703 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1704 linklist_base)) != 0)
1707 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1709 memset(distinguished_name, '\0', sizeof(distinguished_name));
1710 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1712 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1713 linklist_base)) != 0)
1717 linklist_ptr = (*linklist_base);
1718 (*linklist_count) = 0;
1719 while (linklist_ptr != NULL)
1721 ++(*linklist_count);
1722 linklist_ptr = linklist_ptr->next;
1727 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1728 char *distinguished_name, LK_ENTRY **linklist_current)
1734 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1736 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1738 ldap_memfree(Attribute);
1739 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1742 retrieve_values(ldap_handle, ldap_entry, Attribute,
1743 distinguished_name, linklist_current);
1744 ldap_memfree(Attribute);
1747 ldap_ber_free(ptr, 0);
1751 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1752 char *Attribute, char *distinguished_name,
1753 LK_ENTRY **linklist_current)
1759 LK_ENTRY *linklist_previous;
1760 LDAP_BERVAL **ber_value;
1768 SID_IDENTIFIER_AUTHORITY *sid_auth;
1769 unsigned char *subauth_count;
1770 #endif /*LDAP_BEGUG*/
1773 memset(temp, '\0', sizeof(temp));
1774 if ((!strcmp(Attribute, "objectSid")) ||
1775 (!strcmp(Attribute, "objectGUID")))
1780 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1781 Ptr = (void **)ber_value;
1786 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1787 Ptr = (void **)str_value;
1794 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1796 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1797 linklist_previous->next = (*linklist_current);
1798 (*linklist_current) = linklist_previous;
1800 if (((*linklist_current)->attribute = calloc(1,
1801 strlen(Attribute) + 1)) == NULL)
1803 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1804 strcpy((*linklist_current)->attribute, Attribute);
1807 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1808 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1810 memset((*linklist_current)->value, '\0', ber_length);
1811 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1813 (*linklist_current)->length = ber_length;
1817 if (((*linklist_current)->value = calloc(1,
1818 strlen(*Ptr) + 1)) == NULL)
1820 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1821 (*linklist_current)->length = strlen(*Ptr);
1822 strcpy((*linklist_current)->value, *Ptr);
1824 (*linklist_current)->ber_value = use_bervalue;
1825 if (((*linklist_current)->dn = calloc(1,
1826 strlen(distinguished_name) + 1)) == NULL)
1828 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1829 strcpy((*linklist_current)->dn, distinguished_name);
1832 if (!strcmp(Attribute, "objectGUID"))
1834 guid = (GUID *)((*linklist_current)->value);
1835 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1836 guid->Data1, guid->Data2, guid->Data3,
1837 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1838 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1839 guid->Data4[6], guid->Data4[7]);
1840 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1842 else if (!strcmp(Attribute, "objectSid"))
1844 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1846 print_to_screen(" Revision = %d\n", sid->Revision);
1847 print_to_screen(" SID Identifier Authority:\n");
1848 sid_auth = &sid->IdentifierAuthority;
1849 if (sid_auth->Value[0])
1850 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1851 else if (sid_auth->Value[1])
1852 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1853 else if (sid_auth->Value[2])
1854 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1855 else if (sid_auth->Value[3])
1856 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1857 else if (sid_auth->Value[5])
1858 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1860 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1861 subauth_count = GetSidSubAuthorityCount(sid);
1862 print_to_screen(" SidSubAuthorityCount = %d\n",
1864 print_to_screen(" SidSubAuthority:\n");
1865 for (i = 0; i < *subauth_count; i++)
1867 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1868 print_to_screen(" %u\n", *subauth);
1872 else if ((!memcmp(Attribute, "userAccountControl",
1873 strlen("userAccountControl"))) ||
1874 (!memcmp(Attribute, "sAMAccountType",
1875 strlen("sAmAccountType"))))
1877 intValue = atoi(*Ptr);
1878 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1879 if (!memcmp(Attribute, "userAccountControl",
1880 strlen("userAccountControl")))
1882 if (intValue & UF_ACCOUNTDISABLE)
1883 print_to_screen(" %20s : %s\n",
1884 "", "Account disabled");
1886 print_to_screen(" %20s : %s\n",
1887 "", "Account active");
1888 if (intValue & UF_HOMEDIR_REQUIRED)
1889 print_to_screen(" %20s : %s\n",
1890 "", "Home directory required");
1891 if (intValue & UF_LOCKOUT)
1892 print_to_screen(" %20s : %s\n",
1893 "", "Account locked out");
1894 if (intValue & UF_PASSWD_NOTREQD)
1895 print_to_screen(" %20s : %s\n",
1896 "", "No password required");
1897 if (intValue & UF_PASSWD_CANT_CHANGE)
1898 print_to_screen(" %20s : %s\n",
1899 "", "Cannot change password");
1900 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1901 print_to_screen(" %20s : %s\n",
1902 "", "Temp duplicate account");
1903 if (intValue & UF_NORMAL_ACCOUNT)
1904 print_to_screen(" %20s : %s\n",
1905 "", "Normal account");
1906 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1907 print_to_screen(" %20s : %s\n",
1908 "", "Interdomain trust account");
1909 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1910 print_to_screen(" %20s : %s\n",
1911 "", "Workstation trust account");
1912 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1913 print_to_screen(" %20s : %s\n",
1914 "", "Server trust account");
1919 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1921 #endif /*LDAP_DEBUG*/
1923 if (str_value != NULL)
1924 ldap_value_free(str_value);
1925 if (ber_value != NULL)
1926 ldap_value_free_len(ber_value);
1928 (*linklist_current) = linklist_previous;
1932 int moira_connect(void)
1937 if (!mr_connections++)
1940 memset(HostName, '\0', sizeof(HostName));
1941 strcpy(HostName, "ttsp");
1942 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1944 rc = mr_connect(HostName);
1949 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1951 rc = mr_connect(uts.nodename);
1956 rc = mr_auth("winad.incr");
1963 void check_winad(void)
1967 for (i = 0; file_exists(STOP_FILE); i++)
1971 critical_alert("AD incremental",
1972 "WINAD incremental failed (%s exists): %s",
1973 STOP_FILE, tbl_buf);
1980 int moira_disconnect(void)
1983 if (!--mr_connections)
1990 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1991 char *distinguished_name)
1995 CName = ldap_get_dn(ldap_handle, ldap_entry);
1998 strcpy(distinguished_name, CName);
1999 ldap_memfree(CName);
2002 int linklist_create_entry(char *attribute, char *value,
2003 LK_ENTRY **linklist_entry)
2005 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2006 if (!(*linklist_entry))
2010 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2011 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2012 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2013 strcpy((*linklist_entry)->attribute, attribute);
2014 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2015 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2016 strcpy((*linklist_entry)->value, value);
2017 (*linklist_entry)->length = strlen(value);
2018 (*linklist_entry)->next = NULL;
2022 void print_to_screen(const char *fmt, ...)
2026 va_start(pvar, fmt);
2027 vfprintf(stderr, fmt, pvar);
2032 int get_group_membership(char *group_membership, char *group_ou,
2033 int *security_flag, char **av)
2038 maillist_flag = atoi(av[L_MAILLIST]);
2039 group_flag = atoi(av[L_GROUP]);
2040 if (security_flag != NULL)
2041 (*security_flag) = 0;
2043 if ((maillist_flag) && (group_flag))
2045 if (group_membership != NULL)
2046 group_membership[0] = 'B';
2047 if (security_flag != NULL)
2048 (*security_flag) = 1;
2049 if (group_ou != NULL)
2050 strcpy(group_ou, group_ou_both);
2052 else if ((!maillist_flag) && (group_flag))
2054 if (group_membership != NULL)
2055 group_membership[0] = 'S';
2056 if (security_flag != NULL)
2057 (*security_flag) = 1;
2058 if (group_ou != NULL)
2059 strcpy(group_ou, group_ou_security);
2061 else if ((maillist_flag) && (!group_flag))
2063 if (group_membership != NULL)
2064 group_membership[0] = 'D';
2065 if (group_ou != NULL)
2066 strcpy(group_ou, group_ou_distribution);
2070 if (group_membership != NULL)
2071 group_membership[0] = 'N';
2072 if (group_ou != NULL)
2073 strcpy(group_ou, group_ou_neither);
2078 int group_rename(LDAP *ldap_handle, char *dn_path,
2079 char *before_group_name, char *before_group_membership,
2080 char *before_group_ou, int before_security_flag, char *before_desc,
2081 char *after_group_name, char *after_group_membership,
2082 char *after_group_ou, int after_security_flag, char *after_desc,
2083 char *MoiraId, char *filter)
2088 char new_dn_path[512];
2090 char *attr_array[3];
2091 char *mitMoiraId_v[] = {NULL, NULL};
2092 char *name_v[] = {NULL, NULL};
2093 char *samAccountName_v[] = {NULL, NULL};
2094 char *groupTypeControl_v[] = {NULL, NULL};
2095 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2096 char groupTypeControlStr[80];
2100 LK_ENTRY *group_base;
2103 if (!check_string(before_group_name))
2105 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
2106 return(AD_INVALID_NAME);
2108 if (!check_string(after_group_name))
2110 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
2111 return(AD_INVALID_NAME);
2116 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2117 before_group_membership,
2118 MoiraId, "distinguishedName", &group_base,
2119 &group_count, filter))
2122 if (group_count == 0)
2124 return(AD_NO_GROUPS_FOUND);
2126 if (group_count != 1)
2129 "Unable to process multiple groups with MoiraId = %s exist in the AD",
2131 return(AD_MULTIPLE_GROUPS_FOUND);
2133 strcpy(old_dn, group_base->value);
2135 linklist_free(group_base);
2138 attr_array[0] = "sAMAccountName";
2139 attr_array[1] = NULL;
2140 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2141 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2143 com_err(whoami, 0, "Unable to get list %s dn : %s",
2144 after_group_name, ldap_err2string(rc));
2147 if (group_count != 1)
2150 "Unable to get sAMAccountName for group %s",
2152 return(AD_LDAP_FAILURE);
2155 strcpy(sam_name, group_base->value);
2156 linklist_free(group_base);
2160 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2161 sprintf(new_dn, "cn=%s", after_group_name);
2162 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2163 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2165 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2166 before_group_name, after_group_name, ldap_err2string(rc));
2170 name_v[0] = after_group_name;
2171 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2173 sprintf(sam_name, "%s_group", after_group_name);
2177 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
2178 before_group_name, after_group_name);
2181 samAccountName_v[0] = sam_name;
2182 if (after_security_flag)
2183 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2184 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2185 groupTypeControl_v[0] = groupTypeControlStr;
2186 mitMoiraId_v[0] = MoiraId;
2188 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2189 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
2191 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2192 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2193 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2194 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2196 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2198 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
2199 after_group_name, ldap_err2string(rc));
2201 for (i = 0; i < n; i++)
2206 int group_create(int ac, char **av, void *ptr)
2209 LK_ENTRY *group_base;
2212 char new_group_name[256];
2213 char sam_group_name[256];
2214 char cn_group_name[256];
2215 char *cn_v[] = {NULL, NULL};
2216 char *objectClass_v[] = {"top", "group", NULL};
2218 char *samAccountName_v[] = {NULL, NULL};
2219 char *altSecurityIdentities_v[] = {NULL, NULL};
2220 char *member_v[] = {NULL, NULL};
2221 char *name_v[] = {NULL, NULL};
2222 char *desc_v[] = {NULL, NULL};
2223 char *info_v[] = {NULL, NULL};
2224 char *mitMoiraId_v[] = {NULL, NULL};
2225 char *groupTypeControl_v[] = {NULL, NULL};
2226 char groupTypeControlStr[80];
2227 char group_membership[1];
2230 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2236 char *attr_array[3];
2241 if (!check_string(av[L_NAME]))
2243 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2244 return(AD_INVALID_NAME);
2247 updateGroup = (int)call_args[4];
2248 memset(group_ou, 0, sizeof(group_ou));
2249 memset(group_membership, 0, sizeof(group_membership));
2251 get_group_membership(group_membership, group_ou, &security_flag, av);
2252 strcpy(new_group_name, av[L_NAME]);
2253 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2255 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2257 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2262 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2263 groupTypeControl_v[0] = groupTypeControlStr;
2265 strcpy(cn_group_name, av[L_NAME]);
2267 samAccountName_v[0] = sam_group_name;
2268 name_v[0] = new_group_name;
2269 cn_v[0] = new_group_name;
2272 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2273 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2274 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2275 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2276 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2277 if (strlen(av[L_DESC]) != 0)
2279 desc_v[0] = av[L_DESC];
2280 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2282 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2283 if (strlen(av[L_ACE_NAME]) != 0)
2285 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2287 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2289 if (strlen(call_args[5]) != 0)
2291 mitMoiraId_v[0] = call_args[5];
2292 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2296 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2298 for (i = 0; i < n; i++)
2300 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2302 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2303 av[L_NAME], ldap_err2string(rc));
2308 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2310 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2311 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2312 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2314 if (strlen(call_args[5]) != 0)
2316 mitMoiraId_v[0] = call_args[5];
2317 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2319 if (!(atoi(av[L_ACTIVE])))
2322 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2328 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2329 for (i = 0; i < n; i++)
2331 if (rc != LDAP_SUCCESS)
2333 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2334 av[L_NAME], ldap_err2string(rc));
2341 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2342 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2344 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2345 if (strlen(call_args[5]) != 0)
2346 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2347 attr_array[0] = "objectSid";
2348 attr_array[1] = NULL;
2351 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2352 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2354 if (group_count != 1)
2356 if (strlen(call_args[5]) != 0)
2358 linklist_free(group_base);
2361 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2362 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2363 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2366 if (group_count == 1)
2368 (*sid_ptr) = group_base;
2369 (*sid_ptr)->member = strdup(av[L_NAME]);
2370 (*sid_ptr)->type = (char *)GROUPS;
2371 sid_ptr = &(*sid_ptr)->next;
2375 if (group_base != NULL)
2376 linklist_free(group_base);
2381 if (group_base != NULL)
2382 linklist_free(group_base);
2384 return(LDAP_SUCCESS);
2387 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2388 int HiddenGroup, char *AceType, char *AceName)
2390 char filter_exp[1024];
2391 char *attr_array[5];
2392 char search_path[512];
2394 char TemplateDn[512];
2395 char TemplateSamName[128];
2397 char TargetSamName[128];
2398 char AceSamAccountName[128];
2400 unsigned char AceSid[128];
2401 unsigned char UserTemplateSid[128];
2402 char acBERBuf[N_SD_BER_BYTES];
2403 char GroupSecurityTemplate[256];
2405 int UserTemplateSidCount;
2412 int array_count = 0;
2414 LK_ENTRY *group_base;
2415 LDAP_BERVAL **ppsValues;
2416 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2417 { N_SD_BER_BYTES, acBERBuf },
2420 LDAPControl *apsServerControls[] = {&sControl, NULL};
2423 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2424 BEREncodeSecurityBits(dwInfo, acBERBuf);
2426 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2427 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2428 attr_array[0] = "sAMAccountName";
2429 attr_array[1] = NULL;
2432 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2433 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2435 if (group_count != 1)
2437 linklist_free(group_base);
2440 strcpy(TargetDn, group_base->dn);
2441 strcpy(TargetSamName, group_base->value);
2442 linklist_free(group_base);
2446 UserTemplateSidCount = 0;
2447 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2448 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2449 memset(AceSid, '\0', sizeof(AceSid));
2453 if (strlen(AceName) != 0)
2455 if (!strcmp(AceType, "LIST"))
2457 sprintf(AceSamAccountName, "%s_group", AceName);
2458 strcpy(root_ou, group_ou_root);
2460 else if (!strcmp(AceType, "USER"))
2462 sprintf(AceSamAccountName, "%s", AceName);
2463 strcpy(root_ou, user_ou);
2465 if (strlen(AceSamAccountName) != 0)
2467 sprintf(search_path, "%s", dn_path);
2468 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2469 attr_array[0] = "objectSid";
2470 attr_array[1] = NULL;
2473 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2474 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2476 if (group_count == 1)
2478 strcpy(AceDn, group_base->dn);
2479 AceSidCount = group_base->length;
2480 memcpy(AceSid, group_base->value, AceSidCount);
2482 linklist_free(group_base);
2487 if (AceSidCount == 0)
2489 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2490 com_err(whoami, 0, " Non-admin security group template will be used.");
2494 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2495 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2496 attr_array[0] = "objectSid";
2497 attr_array[1] = NULL;
2501 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2502 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2504 if ((rc != 0) || (group_count != 1))
2506 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2511 UserTemplateSidCount = group_base->length;
2512 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2514 linklist_free(group_base);
2521 if (AceSidCount == 0)
2523 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2524 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2528 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2529 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2534 if (AceSidCount == 0)
2536 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2537 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2541 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2542 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2546 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2547 attr_array[0] = "sAMAccountName";
2548 attr_array[1] = NULL;
2551 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2552 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2554 if (group_count != 1)
2556 linklist_free(group_base);
2557 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2560 strcpy(TemplateDn, group_base->dn);
2561 strcpy(TemplateSamName, group_base->value);
2562 linklist_free(group_base);
2566 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2567 rc = ldap_search_ext_s(ldap_handle,
2579 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2581 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2584 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2585 if (ppsValues == NULL)
2587 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2591 if (AceSidCount != 0)
2593 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2595 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2597 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2599 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2607 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2610 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2611 for (i = 0; i < n; i++)
2613 ldap_value_free_len(ppsValues);
2614 ldap_msgfree(psMsg);
2615 if (rc != LDAP_SUCCESS)
2617 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2618 TargetGroupName, ldap_err2string(rc));
2619 if (AceSidCount != 0)
2621 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2623 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2624 HiddenGroup, "", ""))
2626 com_err(whoami, 0, "Unable to set security for group %s.",
2636 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2637 char *group_membership, char *MoiraId)
2639 LK_ENTRY *group_base;
2645 if (!check_string(group_name))
2647 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2648 return(AD_INVALID_NAME);
2651 memset(filter, '\0', sizeof(filter));
2654 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2655 if (rc = ad_get_group(ldap_handle, temp, group_name,
2656 group_membership, MoiraId,
2657 "distinguishedName", &group_base,
2658 &group_count, filter))
2661 if (group_count == 1)
2663 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2665 linklist_free(group_base);
2666 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2667 group_name, ldap_err2string(rc));
2670 linklist_free(group_base);
2674 linklist_free(group_base);
2675 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2676 return(AD_NO_GROUPS_FOUND);
2682 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2688 return(N_SD_BER_BYTES);
2691 int process_lists(int ac, char **av, void *ptr)
2696 char group_membership[2];
2702 memset(group_ou, '\0', sizeof(group_ou));
2703 memset(group_membership, '\0', sizeof(group_membership));
2704 get_group_membership(group_membership, group_ou, &security_flag, av);
2705 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2706 group_ou, group_membership, call_args[2],
2707 (char *)call_args[3], "");
2711 int member_list_build(int ac, char **av, void *ptr)
2719 strcpy(temp, av[ACE_NAME]);
2720 if (!check_string(temp))
2722 if (!strcmp(av[ACE_TYPE], "USER"))
2724 if (!((int)call_args[3] & MOIRA_USERS))
2727 else if (!strcmp(av[ACE_TYPE], "STRING"))
2729 if (!((int)call_args[3] & MOIRA_STRINGS))
2731 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2734 else if (!strcmp(av[ACE_TYPE], "LIST"))
2736 if (!((int)call_args[3] & MOIRA_LISTS))
2739 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2741 if (!((int)call_args[3] & MOIRA_KERBEROS))
2743 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2749 linklist = member_base;
2752 if (!strcasecmp(temp, linklist->member))
2754 linklist = linklist->next;
2756 linklist = calloc(1, sizeof(LK_ENTRY));
2758 linklist->dn = NULL;
2759 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2760 strcpy(linklist->list, call_args[2]);
2761 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2762 strcpy(linklist->type, av[ACE_TYPE]);
2763 linklist->member = calloc(1, strlen(temp) + 1);
2764 strcpy(linklist->member, temp);
2765 linklist->next = member_base;
2766 member_base = linklist;
2770 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2771 char *group_ou, char *group_membership, char *user_name,
2772 char *UserOu, char *MoiraId)
2774 char distinguished_name[1024];
2782 LK_ENTRY *group_base;
2785 if (!check_string(group_name))
2786 return(AD_INVALID_NAME);
2788 memset(filter, '\0', sizeof(filter));
2791 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2792 group_membership, MoiraId,
2793 "distinguishedName", &group_base,
2794 &group_count, filter))
2797 if (group_count != 1)
2799 com_err(whoami, 0, "Unable to find list %s in AD",
2801 linklist_free(group_base);
2806 strcpy(distinguished_name, group_base->value);
2807 linklist_free(group_base);
2811 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2812 modvalues[0] = temp;
2813 modvalues[1] = NULL;
2816 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2818 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2819 for (i = 0; i < n; i++)
2821 if (rc == LDAP_UNWILLING_TO_PERFORM)
2823 if (rc != LDAP_SUCCESS)
2825 com_err(whoami, 0, "Unable to modify list %s members : %s",
2826 group_name, ldap_err2string(rc));
2834 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2835 char *group_ou, char *group_membership, char *user_name,
2836 char *UserOu, char *MoiraId)
2838 char distinguished_name[1024];
2846 LK_ENTRY *group_base;
2849 if (!check_string(group_name))
2850 return(AD_INVALID_NAME);
2853 memset(filter, '\0', sizeof(filter));
2856 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2857 group_membership, MoiraId,
2858 "distinguishedName", &group_base,
2859 &group_count, filter))
2862 if (group_count != 1)
2864 linklist_free(group_base);
2867 com_err(whoami, 0, "Unable to find list %s in AD",
2869 return(AD_MULTIPLE_GROUPS_FOUND);
2872 strcpy(distinguished_name, group_base->value);
2873 linklist_free(group_base);
2877 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2878 modvalues[0] = temp;
2879 modvalues[1] = NULL;
2882 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2884 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2885 if (rc == LDAP_ALREADY_EXISTS)
2887 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2889 if (rc == LDAP_UNWILLING_TO_PERFORM)
2892 for (i = 0; i < n; i++)
2894 if (rc != LDAP_SUCCESS)
2896 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2897 user_name, group_name, ldap_err2string(rc));
2903 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2907 char cn_user_name[256];
2908 char contact_name[256];
2909 char *email_v[] = {NULL, NULL};
2910 char *cn_v[] = {NULL, NULL};
2911 char *contact_v[] = {NULL, NULL};
2912 char *objectClass_v[] = {"top", "person",
2913 "organizationalPerson",
2915 char *name_v[] = {NULL, NULL};
2916 char *desc_v[] = {NULL, NULL};
2921 if (!check_string(user))
2923 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2924 return(AD_INVALID_NAME);
2926 strcpy(contact_name, user);
2927 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2928 cn_v[0] = cn_user_name;
2929 contact_v[0] = contact_name;
2931 desc_v[0] = "Auto account created by Moira";
2934 strcpy(new_dn, cn_user_name);
2936 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2937 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2938 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2939 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2940 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2941 if (!strcmp(group_ou, contact_ou))
2943 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2947 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2948 for (i = 0; i < n; i++)
2950 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2953 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2954 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2955 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2956 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2957 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2959 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2960 for (i = 0; i < n; i++)
2963 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2965 com_err(whoami, 0, "Unable to create contact %s : %s",
2966 user, ldap_err2string(rc));
2972 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2973 char *Uid, char *MitId, char *MoiraId, int State,
2974 char *WinHomeDir, char *WinProfileDir)
2977 LK_ENTRY *group_base;
2979 char distinguished_name[512];
2980 char *mitMoiraId_v[] = {NULL, NULL};
2981 char *uid_v[] = {NULL, NULL};
2982 char *mitid_v[] = {NULL, NULL};
2983 char *homedir_v[] = {NULL, NULL};
2984 char *winProfile_v[] = {NULL, NULL};
2985 char *drives_v[] = {NULL, NULL};
2986 char *userAccountControl_v[] = {NULL, NULL};
2987 char userAccountControlStr[80];
2992 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2994 char *attr_array[3];
2997 if (!check_string(user_name))
2999 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3000 return(AD_INVALID_NAME);
3006 if (strlen(MoiraId) != 0)
3008 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3009 attr_array[0] = "cn";
3010 attr_array[1] = NULL;
3011 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3012 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3014 com_err(whoami, 0, "Unable to process user %s : %s",
3015 user_name, ldap_err2string(rc));
3019 if (group_count != 1)
3021 linklist_free(group_base);
3024 sprintf(filter, "(sAMAccountName=%s)", user_name);
3025 attr_array[0] = "cn";
3026 attr_array[1] = NULL;
3027 sprintf(temp, "%s,%s", user_ou, dn_path);
3028 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
3029 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3031 com_err(whoami, 0, "Unable to process user %s : %s",
3032 user_name, ldap_err2string(rc));
3037 if (group_count != 1)
3039 com_err(whoami, 0, "Unable to find user %s in AD",
3041 linklist_free(group_base);
3042 return(AD_NO_USER_FOUND);
3044 strcpy(distinguished_name, group_base->dn);
3046 linklist_free(group_base);
3049 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
3050 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
3052 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
3053 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
3054 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
3059 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3063 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3067 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3068 userAccountControl |= UF_ACCOUNTDISABLE;
3069 sprintf(userAccountControlStr, "%ld", userAccountControl);
3070 userAccountControl_v[0] = userAccountControlStr;
3071 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3073 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3074 WinProfileDir, homedir_v, winProfile_v,
3075 drives_v, mods, LDAP_MOD_REPLACE, n);
3078 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3080 OldUseSFU30 = UseSFU30;
3081 SwitchSFU(mods, &UseSFU30, n);
3082 if (OldUseSFU30 != UseSFU30)
3083 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3086 com_err(whoami, 0, "Unable to modify user data for %s : %s",
3087 user_name, ldap_err2string(rc));
3090 for (i = 0; i < n; i++)
3095 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3103 char *userPrincipalName_v[] = {NULL, NULL};
3104 char *altSecurityIdentities_v[] = {NULL, NULL};
3105 char *name_v[] = {NULL, NULL};
3106 char *samAccountName_v[] = {NULL, NULL};
3111 if (!check_string(before_user_name))
3113 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
3114 return(AD_INVALID_NAME);
3116 if (!check_string(user_name))
3118 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3119 return(AD_INVALID_NAME);
3122 strcpy(user_name, user_name);
3123 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3124 sprintf(new_dn, "cn=%s", user_name);
3125 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3126 NULL, NULL)) != LDAP_SUCCESS)
3128 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
3129 before_user_name, user_name, ldap_err2string(rc));
3133 name_v[0] = user_name;
3134 sprintf(upn, "%s@%s", user_name, ldap_domain);
3135 userPrincipalName_v[0] = upn;
3136 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3137 altSecurityIdentities_v[0] = temp;
3138 samAccountName_v[0] = user_name;
3141 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3142 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3143 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3144 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3146 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3147 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3149 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
3150 user_name, ldap_err2string(rc));
3152 for (i = 0; i < n; i++)
3157 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3158 char *fs_type, char *fs_pack, int operation)
3160 char distinguished_name[256];
3162 char winProfile[256];
3164 char *attr_array[3];
3165 char *homedir_v[] = {NULL, NULL};
3166 char *winProfile_v[] = {NULL, NULL};
3167 char *drives_v[] = {NULL, NULL};
3173 LK_ENTRY *group_base;
3175 if (!check_string(fs_name))
3177 com_err(whoami, 0, "Unable to process invalid filesys name %s", fs_name);
3178 return(AD_INVALID_NAME);
3181 if (strcmp(fs_type, "AFS"))
3183 com_err(whoami, 0, "Unable to process invalid filesys type %s", fs_type);
3184 return(AD_INVALID_FILESYS);
3189 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3190 attr_array[0] = "cn";
3191 attr_array[1] = NULL;
3192 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3193 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3195 com_err(whoami, 0, "Unable to process filesys %s : %s",
3196 fs_name, ldap_err2string(rc));
3200 if (group_count != 1)
3202 linklist_free(group_base);
3203 com_err(whoami, 0, "Unable to find user %s in AD",
3205 return(LDAP_NO_SUCH_OBJECT);
3207 strcpy(distinguished_name, group_base->dn);
3208 linklist_free(group_base);
3212 if (operation == LDAP_MOD_ADD)
3214 memset(winPath, 0, sizeof(winPath));
3215 AfsToWinAfs(fs_pack, winPath);
3216 homedir_v[0] = winPath;
3218 memset(winProfile, 0, sizeof(winProfile));
3219 strcpy(winProfile, winPath);
3220 strcat(winProfile, "\\.winprofile");
3221 winProfile_v[0] = winProfile;
3225 homedir_v[0] = NULL;
3227 winProfile_v[0] = NULL;
3229 ADD_ATTR("profilePath", winProfile_v, operation);
3230 ADD_ATTR("homeDrive", drives_v, operation);
3231 ADD_ATTR("homeDirectory", homedir_v, operation);
3234 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3235 if (rc != LDAP_SUCCESS)
3237 com_err(whoami, 0, "Unable to modify user data for filesys %s : %s",
3238 fs_name, ldap_err2string(rc));
3240 for (i = 0; i < n; i++)
3246 int user_create(int ac, char **av, void *ptr)
3248 LK_ENTRY *group_base;
3251 char user_name[256];
3254 char *cn_v[] = {NULL, NULL};
3255 char *objectClass_v[] = {"top", "person",
3256 "organizationalPerson",
3259 char *samAccountName_v[] = {NULL, NULL};
3260 char *altSecurityIdentities_v[] = {NULL, NULL};
3261 char *mitMoiraId_v[] = {NULL, NULL};
3262 char *name_v[] = {NULL, NULL};
3263 char *desc_v[] = {NULL, NULL};
3264 char *userPrincipalName_v[] = {NULL, NULL};
3265 char *userAccountControl_v[] = {NULL, NULL};
3266 char *uid_v[] = {NULL, NULL};
3267 char *mitid_v[] = {NULL, NULL};
3268 char *homedir_v[] = {NULL, NULL};
3269 char *winProfile_v[] = {NULL, NULL};
3270 char *drives_v[] = {NULL, NULL};
3271 char userAccountControlStr[80];
3273 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3280 char *attr_array[3];
3282 char WinHomeDir[1024];
3283 char WinProfileDir[1024];
3287 if (!check_string(av[U_NAME]))
3289 callback_rc = AD_INVALID_NAME;
3290 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
3291 return(AD_INVALID_NAME);
3294 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3295 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3296 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3297 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3298 strcpy(user_name, av[U_NAME]);
3299 sprintf(upn, "%s@%s", user_name, ldap_domain);
3300 sprintf(sam_name, "%s", av[U_NAME]);
3301 samAccountName_v[0] = sam_name;
3302 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3303 userAccountControl |= UF_ACCOUNTDISABLE;
3304 sprintf(userAccountControlStr, "%ld", userAccountControl);
3305 userAccountControl_v[0] = userAccountControlStr;
3306 userPrincipalName_v[0] = upn;
3308 cn_v[0] = user_name;
3309 name_v[0] = user_name;
3310 desc_v[0] = "Auto account created by Moira";
3311 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3312 altSecurityIdentities_v[0] = temp;
3313 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3316 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3317 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3318 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3319 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3320 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3321 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3322 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3323 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3324 if (strlen(call_args[2]) != 0)
3326 mitMoiraId_v[0] = call_args[2];
3327 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3329 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3330 if (strlen(av[U_UID]) != 0)
3332 uid_v[0] = av[U_UID];
3333 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3336 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3340 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3343 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
3344 mitid_v[0] = av[U_MITID];
3346 mitid_v[0] = "none";
3347 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3349 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3350 WinProfileDir, homedir_v, winProfile_v,
3351 drives_v, mods, LDAP_MOD_ADD, n);
3355 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3356 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3358 OldUseSFU30 = UseSFU30;
3359 SwitchSFU(mods, &UseSFU30, n);
3360 if (OldUseSFU30 != UseSFU30)
3361 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3364 for (i = 0; i < n; i++)
3366 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3368 com_err(whoami, 0, "Unable to create user %s : %s",
3369 user_name, ldap_err2string(rc));
3373 if (rc == LDAP_SUCCESS)
3375 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3377 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3381 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3382 if (strlen(call_args[2]) != 0)
3383 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3384 attr_array[0] = "objectSid";
3385 attr_array[1] = NULL;
3388 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3389 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3391 if (group_count != 1)
3393 if (strlen(call_args[2]) != 0)
3395 linklist_free(group_base);
3398 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3399 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3400 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3403 if (group_count == 1)
3405 (*sid_ptr) = group_base;
3406 (*sid_ptr)->member = strdup(av[U_NAME]);
3407 (*sid_ptr)->type = (char *)GROUPS;
3408 sid_ptr = &(*sid_ptr)->next;
3412 if (group_base != NULL)
3413 linklist_free(group_base);
3418 if (group_base != NULL)
3419 linklist_free(group_base);
3424 int user_change_status(LDAP *ldap_handle, char *dn_path,
3425 char *user_name, char *MoiraId,
3429 char *attr_array[3];
3431 char distinguished_name[1024];
3433 char *mitMoiraId_v[] = {NULL, NULL};
3435 LK_ENTRY *group_base;
3442 if (!check_string(user_name))
3444 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3445 return(AD_INVALID_NAME);
3451 if (strlen(MoiraId) != 0)
3453 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3454 attr_array[0] = "UserAccountControl";
3455 attr_array[1] = NULL;
3456 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3457 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3459 com_err(whoami, 0, "Unable to process user %s : %s",
3460 user_name, ldap_err2string(rc));
3464 if (group_count != 1)
3466 linklist_free(group_base);
3469 sprintf(filter, "(sAMAccountName=%s)", user_name);
3470 attr_array[0] = "UserAccountControl";
3471 attr_array[1] = NULL;
3472 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3473 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3475 com_err(whoami, 0, "Unable to process user %s : %s",
3476 user_name, ldap_err2string(rc));
3481 if (group_count != 1)
3483 linklist_free(group_base);
3484 com_err(whoami, 0, "Unable to find user %s in AD",
3486 return(LDAP_NO_SUCH_OBJECT);
3489 strcpy(distinguished_name, group_base->dn);
3490 ulongValue = atoi((*group_base).value);
3491 if (operation == MEMBER_DEACTIVATE)
3492 ulongValue |= UF_ACCOUNTDISABLE;
3494 ulongValue &= ~UF_ACCOUNTDISABLE;
3495 sprintf(temp, "%ld", ulongValue);
3496 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3497 temp, &modvalues, REPLACE)) == 1)
3499 linklist_free(group_base);
3503 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3504 if (strlen(MoiraId) != 0)
3506 mitMoiraId_v[0] = MoiraId;
3507 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3510 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3511 for (i = 0; i < n; i++)
3513 free_values(modvalues);
3514 if (rc != LDAP_SUCCESS)
3516 com_err(whoami, 0, "Unable to change status of user %s : %s",
3517 user_name, ldap_err2string(rc));
3523 int user_delete(LDAP *ldap_handle, char *dn_path,
3524 char *u_name, char *MoiraId)
3527 char *attr_array[3];
3528 char distinguished_name[1024];
3529 char user_name[512];
3530 LK_ENTRY *group_base;
3534 if (!check_string(u_name))
3535 return(AD_INVALID_NAME);
3537 strcpy(user_name, u_name);
3541 if (strlen(MoiraId) != 0)
3543 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3544 attr_array[0] = "name";
3545 attr_array[1] = NULL;
3546 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3547 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3549 com_err(whoami, 0, "Unable to process user %s : %s",
3550 user_name, ldap_err2string(rc));
3554 if (group_count != 1)
3556 linklist_free(group_base);
3559 sprintf(filter, "(sAMAccountName=%s)", user_name);
3560 attr_array[0] = "name";
3561 attr_array[1] = NULL;
3562 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3563 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3565 com_err(whoami, 0, "Unable to process user %s : %s",
3566 user_name, ldap_err2string(rc));
3571 if (group_count != 1)
3573 com_err(whoami, 0, "Unable to find user %s in AD",
3578 strcpy(distinguished_name, group_base->dn);
3579 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3581 com_err(whoami, 0, "Unable to process user %s : %s",
3582 user_name, ldap_err2string(rc));
3586 linklist_free(group_base);
3590 void linklist_free(LK_ENTRY *linklist_base)
3592 LK_ENTRY *linklist_previous;
3594 while (linklist_base != NULL)
3596 if (linklist_base->dn != NULL)
3597 free(linklist_base->dn);
3598 if (linklist_base->attribute != NULL)
3599 free(linklist_base->attribute);
3600 if (linklist_base->value != NULL)
3601 free(linklist_base->value);
3602 if (linklist_base->member != NULL)
3603 free(linklist_base->member);
3604 if (linklist_base->type != NULL)
3605 free(linklist_base->type);
3606 if (linklist_base->list != NULL)
3607 free(linklist_base->list);
3608 linklist_previous = linklist_base;
3609 linklist_base = linklist_previous->next;
3610 free(linklist_previous);
3614 void free_values(char **modvalues)
3619 if (modvalues != NULL)
3621 while (modvalues[i] != NULL)
3624 modvalues[i] = NULL;
3631 int sid_update(LDAP *ldap_handle, char *dn_path)
3635 unsigned char temp[126];
3642 memset(temp, 0, sizeof(temp));
3643 convert_b_to_a(temp, ptr->value, ptr->length);
3646 av[0] = ptr->member;
3648 if (ptr->type == (char *)GROUPS)
3651 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3653 else if (ptr->type == (char *)USERS)
3656 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3663 void convert_b_to_a(char *string, UCHAR *binary, int length)
3670 for (i = 0; i < length; i++)
3677 if (string[j] > '9')
3680 string[j] = tmp & 0x0f;
3682 if (string[j] > '9')
3689 static int illegalchars[] = {
3690 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3691 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3692 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3693 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3694 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3695 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3696 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3697 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3698 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3699 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3700 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3701 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3702 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3703 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3704 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3705 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3708 int check_string(char *s)
3715 if (isupper(character))
3716 character = tolower(character);
3717 if (illegalchars[(unsigned) character])
3723 int check_container_name(char *s)
3730 if (isupper(character))
3731 character = tolower(character);
3733 if (character == ' ')
3735 if (illegalchars[(unsigned) character])
3741 int mr_connect_cl(char *server, char *client, int version, int auth)
3747 status = mr_connect(server);
3750 com_err(whoami, status, "while connecting to Moira");
3754 status = mr_motd(&motd);
3758 com_err(whoami, status, "while checking server status");
3763 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3764 com_err(whoami, status, temp);
3769 status = mr_version(version);
3772 if (status == MR_UNKNOWN_PROC)
3775 status = MR_VERSION_HIGH;
3777 status = MR_SUCCESS;
3780 if (status == MR_VERSION_HIGH)
3782 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3783 com_err(whoami, 0, "Some operations may not work.");
3785 else if (status && status != MR_VERSION_LOW)
3787 com_err(whoami, status, "while setting query version number.");
3795 status = mr_auth(client);
3798 com_err(whoami, status, "while authenticating to Moira.");
3807 void AfsToWinAfs(char* path, char* winPath)
3811 strcpy(winPath, WINAFS);
3812 pathPtr = path + strlen(AFS);
3813 winPathPtr = winPath + strlen(WINAFS);
3817 if (*pathPtr == '/')
3820 *winPathPtr = *pathPtr;
3827 int GetAceInfo(int ac, char **av, void *ptr)
3834 strcpy(call_args[0], av[L_ACE_TYPE]);
3835 strcpy(call_args[1], av[L_ACE_NAME]);
3837 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3838 return(LDAP_SUCCESS);
3842 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3845 char *attr_array[3];
3848 LK_ENTRY *group_base;
3853 sprintf(filter, "(sAMAccountName=%s)", Name);
3854 attr_array[0] = "sAMAccountName";
3855 attr_array[1] = NULL;
3856 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3857 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3859 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3860 Name, ldap_err2string(rc));
3864 linklist_free(group_base);
3866 if (group_count == 0)
3873 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3876 char GroupName[256];
3882 char AceMembership[2];
3886 strcpy(GroupName, Name);
3888 if (strcasecmp(Type, "LIST"))
3893 AceInfo[0] = AceType;
3894 AceInfo[1] = AceName;
3895 AceInfo[2] = AceMembership;
3897 memset(AceType, '\0', sizeof(AceType));
3898 memset(AceName, '\0', sizeof(AceName));
3899 memset(AceMembership, '\0', sizeof(AceMembership));
3900 memset(AceOu, '\0', sizeof(AceOu));
3902 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3904 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3909 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3912 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3914 strcpy(temp, AceName);
3915 if (!strcasecmp(AceType, "LIST"))
3916 sprintf(temp, "%s_group", AceName);
3919 if (checkADname(ldap_handle, dn_path, temp))
3921 (*ProcessGroup) = 1;
3923 if (!strcasecmp(AceInfo[0], "LIST"))
3925 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3928 else if (!strcasecmp(AceInfo[0], "USER"))
3931 call_args[0] = (char *)ldap_handle;
3932 call_args[1] = dn_path;
3934 call_args[3] = NULL;
3936 sid_ptr = &sid_base;
3938 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3940 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3945 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3948 if (sid_base != NULL)
3950 sid_update(ldap_handle, dn_path);
3951 linklist_free(sid_base);
3958 if (!strcasecmp(AceType, "LIST"))
3960 if (!strcasecmp(GroupName, AceName))
3963 strcpy(GroupName, AceName);
3968 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3969 char *group_name, char *group_ou, char *group_membership,
3970 int group_security_flag, int updateGroup)
3977 call_args[0] = (char *)ldap_handle;
3978 call_args[1] = dn_path;
3979 call_args[2] = group_name;
3980 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3981 call_args[4] = (char *)updateGroup;
3982 call_args[5] = MoiraId;
3983 call_args[6] = NULL;
3985 sid_ptr = &sid_base;
3987 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3990 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3996 com_err(whoami, 0, "Unable to create list %s", group_name);
3997 return(callback_rc);
4000 if (sid_base != NULL)
4002 sid_update(ldap_handle, dn_path);
4003 linklist_free(sid_base);
4009 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
4010 char *group_ou, char *group_membership,
4011 int group_security_flag, char *MoiraId)
4019 com_err(whoami, 0, "Populating group %s", group_name);
4021 call_args[0] = (char *)ldap_handle;
4022 call_args[1] = dn_path;
4023 call_args[2] = group_name;
4024 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
4025 call_args[4] = NULL;
4027 if (rc = mr_query("get_end_members_of_list", 1, av,
4028 member_list_build, call_args))
4030 com_err(whoami, 0, "Unable to populate list %s : %s",
4031 group_name, error_message(rc));
4034 if (member_base != NULL)
4039 if (!strcasecmp(ptr->type, "LIST"))
4045 if (!strcasecmp(ptr->type, "STRING"))
4047 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4049 pUserOu = contact_ou;
4051 else if (!strcasecmp(ptr->type, "KERBEROS"))
4053 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4055 pUserOu = kerberos_ou;
4057 rc = member_add(ldap_handle, dn_path, group_name,
4058 group_ou, group_membership, ptr->member,
4062 linklist_free(member_base);
4068 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4069 char *group_name, char *group_ou, char *group_membership,
4070 int group_security_flag, int type)
4072 char before_desc[512];
4073 char before_name[256];
4074 char before_group_ou[256];
4075 char before_group_membership[2];
4076 char distinguishedName[256];
4077 char ad_distinguishedName[256];
4079 char *attr_array[3];
4080 int before_security_flag;
4083 LK_ENTRY *group_base;
4086 char ou_security[512];
4087 char ou_distribution[512];
4088 char ou_neither[512];
4090 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4091 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4094 memset(filter, '\0', sizeof(filter));
4097 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4099 "distinguishedName", &group_base,
4100 &group_count, filter))
4103 if (type == CHECK_GROUPS)
4105 if (group_count == 1)
4107 if (!strcasecmp(group_base->value, distinguishedName))
4109 linklist_free(group_base);
4113 linklist_free(group_base);
4114 if (group_count == 0)
4115 return(AD_NO_GROUPS_FOUND);
4116 if (group_count == 1)
4117 return(AD_WRONG_GROUP_DN_FOUND);
4118 return(AD_MULTIPLE_GROUPS_FOUND);
4120 if (group_count == 0)
4122 return(AD_NO_GROUPS_FOUND);
4124 if (group_count > 1)
4129 if (!strcasecmp(distinguishedName, ptr->value))
4135 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4139 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4142 linklist_free(group_base);
4143 return(AD_MULTIPLE_GROUPS_FOUND);
4148 if (strcasecmp(distinguishedName, ptr->value))
4149 rc = ldap_delete_s(ldap_handle, ptr->value);
4152 linklist_free(group_base);
4153 memset(filter, '\0', sizeof(filter));
4156 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4158 "distinguishedName", &group_base,
4159 &group_count, filter))
4161 if (group_count == 0)
4162 return(AD_NO_GROUPS_FOUND);
4163 if (group_count > 1)
4164 return(AD_MULTIPLE_GROUPS_FOUND);
4167 strcpy(ad_distinguishedName, group_base->value);
4168 linklist_free(group_base);
4172 attr_array[0] = "sAMAccountName";
4173 attr_array[1] = NULL;
4174 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4175 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4177 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4178 MoiraId, ldap_err2string(rc));
4181 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4183 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4185 linklist_free(group_base);
4190 linklist_free(group_base);
4193 memset(ou_both, '\0', sizeof(ou_both));
4194 memset(ou_security, '\0', sizeof(ou_security));
4195 memset(ou_distribution, '\0', sizeof(ou_distribution));
4196 memset(ou_neither, '\0', sizeof(ou_neither));
4197 memset(before_name, '\0', sizeof(before_name));
4198 memset(before_desc, '\0', sizeof(before_desc));
4199 memset(before_group_membership, '\0', sizeof(before_group_membership));
4200 attr_array[0] = "name";
4201 attr_array[1] = NULL;
4202 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4203 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4205 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
4206 MoiraId, ldap_err2string(rc));
4209 strcpy(before_name, group_base->value);
4210 linklist_free(group_base);
4213 attr_array[0] = "description";
4214 attr_array[1] = NULL;
4215 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4216 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4219 "Unable to get list description with MoiraId = %s: %s",
4220 MoiraId, ldap_err2string(rc));
4223 if (group_count != 0)
4225 strcpy(before_desc, group_base->value);
4226 linklist_free(group_base);
4230 change_to_lower_case(ad_distinguishedName);
4231 strcpy(ou_both, group_ou_both);
4232 change_to_lower_case(ou_both);
4233 strcpy(ou_security, group_ou_security);
4234 change_to_lower_case(ou_security);
4235 strcpy(ou_distribution, group_ou_distribution);
4236 change_to_lower_case(ou_distribution);
4237 strcpy(ou_neither, group_ou_neither);
4238 change_to_lower_case(ou_neither);
4239 if (strstr(ad_distinguishedName, ou_both))
4241 strcpy(before_group_ou, group_ou_both);
4242 before_group_membership[0] = 'B';
4243 before_security_flag = 1;
4245 else if (strstr(ad_distinguishedName, ou_security))
4247 strcpy(before_group_ou, group_ou_security);
4248 before_group_membership[0] = 'S';
4249 before_security_flag = 1;
4251 else if (strstr(ad_distinguishedName, ou_distribution))
4253 strcpy(before_group_ou, group_ou_distribution);
4254 before_group_membership[0] = 'D';
4255 before_security_flag = 0;
4257 else if (strstr(ad_distinguishedName, ou_neither))
4259 strcpy(before_group_ou, group_ou_neither);
4260 before_group_membership[0] = 'N';
4261 before_security_flag = 0;
4264 return(AD_NO_OU_FOUND);
4265 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4266 before_group_ou, before_security_flag, before_desc,
4267 group_name, group_membership, group_ou, group_security_flag,
4268 before_desc, MoiraId, filter);
4272 void change_to_lower_case(char *ptr)
4276 for (i = 0; i < (int)strlen(ptr); i++)
4278 ptr[i] = tolower(ptr[i]);
4282 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4283 char *group_name, char *group_membership,
4284 char *MoiraId, char *attribute,
4285 LK_ENTRY **linklist_base, int *linklist_count,
4290 char *attr_array[3];
4293 (*linklist_base) = NULL;
4294 (*linklist_count) = 0;
4295 if (strlen(rFilter) != 0)
4297 strcpy(filter, rFilter);
4298 attr_array[0] = attribute;
4299 attr_array[1] = NULL;
4300 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4301 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4303 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4304 MoiraId, ldap_err2string(rc));
4307 if ((*linklist_count) == 1)
4309 strcpy(rFilter, filter);
4314 linklist_free((*linklist_base));
4315 (*linklist_base) = NULL;
4316 (*linklist_count) = 0;
4317 if (strlen(MoiraId) != 0)
4319 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4320 attr_array[0] = attribute;
4321 attr_array[1] = NULL;
4322 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4323 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4325 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4326 MoiraId, ldap_err2string(rc));
4330 if ((*linklist_count) > 1)
4332 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4333 pPtr = (*linklist_base);
4336 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4339 linklist_free((*linklist_base));
4340 (*linklist_base) = NULL;
4341 (*linklist_count) = 0;
4343 if ((*linklist_count) == 1)
4345 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4347 strcpy(rFilter, filter);
4352 linklist_free((*linklist_base));
4353 (*linklist_base) = NULL;
4354 (*linklist_count) = 0;
4355 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4356 attr_array[0] = attribute;
4357 attr_array[1] = NULL;
4358 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4359 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4361 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
4362 MoiraId, ldap_err2string(rc));
4365 if ((*linklist_count) == 1)
4367 strcpy(rFilter, filter);
4374 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4377 char *attr_array[3];
4378 char SamAccountName[64];
4381 LK_ENTRY *group_base;
4387 if (strlen(MoiraId) != 0)
4389 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4390 attr_array[0] = "sAMAccountName";
4391 attr_array[1] = NULL;
4392 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4393 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4395 com_err(whoami, 0, "Unable to process user %s : %s",
4396 UserName, ldap_err2string(rc));
4399 if (group_count > 1)
4401 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4406 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4407 gPtr->value, MoiraId);
4412 if (group_count != 1)
4414 linklist_free(group_base);
4417 sprintf(filter, "(sAMAccountName=%s)", UserName);
4418 attr_array[0] = "sAMAccountName";
4419 attr_array[1] = NULL;
4420 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4421 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4423 com_err(whoami, 0, "Unable to process user %s : %s",
4424 UserName, ldap_err2string(rc));
4429 if (group_count != 1)
4431 linklist_free(group_base);
4432 return(AD_NO_USER_FOUND);
4434 strcpy(SamAccountName, group_base->value);
4435 linklist_free(group_base);
4438 if (strcmp(SamAccountName, UserName))
4440 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4446 void container_get_dn(char *src, char *dest)
4453 memset(array, '\0', 20 * sizeof(array[0]));
4455 if (strlen(src) == 0)
4474 strcpy(dest, "OU=");
4477 strcat(dest, array[n-1]);
4481 strcat(dest, ",OU=");
4487 void container_get_name(char *src, char *dest)
4492 if (strlen(src) == 0)
4509 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4516 strcpy(cName, name);
4517 for (i = 0; i < (int)strlen(cName); i++)
4519 if (cName[i] == '/')
4522 av[CONTAINER_NAME] = cName;
4523 av[CONTAINER_DESC] = "";
4524 av[CONTAINER_LOCATION] = "";
4525 av[CONTAINER_CONTACT] = "";
4526 av[CONTAINER_TYPE] = "";
4527 av[CONTAINER_ID] = "";
4528 av[CONTAINER_ROWID] = "";
4529 rc = container_create(ldap_handle, dn_path, 7, av);
4530 if (rc == LDAP_SUCCESS)
4532 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4540 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4541 int afterc, char **after)
4546 char new_dn_path[256];
4548 char distinguishedName[256];
4553 memset(cName, '\0', sizeof(cName));
4554 container_get_name(after[CONTAINER_NAME], cName);
4555 if (!check_container_name(cName))
4557 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4558 return(AD_INVALID_NAME);
4561 memset(distinguishedName, '\0', sizeof(distinguishedName));
4562 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4564 if (strlen(distinguishedName) == 0)
4566 rc = container_create(ldap_handle, dn_path, afterc, after);
4570 strcpy(temp, after[CONTAINER_NAME]);
4572 for (i = 0; i < (int)strlen(temp); i++)
4581 container_get_dn(temp, dName);
4582 if (strlen(temp) != 0)
4583 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4585 sprintf(new_dn_path, "%s", dn_path);
4586 sprintf(new_cn, "OU=%s", cName);
4588 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4590 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4591 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4593 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4594 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4598 memset(dName, '\0', sizeof(dName));
4599 container_get_dn(after[CONTAINER_NAME], dName);
4600 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4604 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4606 char distinguishedName[256];
4609 memset(distinguishedName, '\0', sizeof(distinguishedName));
4610 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4612 if (strlen(distinguishedName) == 0)
4614 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4616 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4617 container_move_objects(ldap_handle, dn_path, distinguishedName);
4619 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4620 av[CONTAINER_NAME], ldap_err2string(rc));
4625 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4627 char *attr_array[3];
4628 LK_ENTRY *group_base;
4631 char *objectClass_v[] = {"top",
4632 "organizationalUnit",
4635 char *ou_v[] = {NULL, NULL};
4636 char *name_v[] = {NULL, NULL};
4637 char *moiraId_v[] = {NULL, NULL};
4638 char *desc_v[] = {NULL, NULL};
4639 char *managedBy_v[] = {NULL, NULL};
4642 char managedByDN[256];
4649 memset(filter, '\0', sizeof(filter));
4650 memset(dName, '\0', sizeof(dName));
4651 memset(cName, '\0', sizeof(cName));
4652 memset(managedByDN, '\0', sizeof(managedByDN));
4653 container_get_dn(av[CONTAINER_NAME], dName);
4654 container_get_name(av[CONTAINER_NAME], cName);
4656 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4658 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4659 return(AD_INVALID_NAME);
4662 if (!check_container_name(cName))
4664 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4665 return(AD_INVALID_NAME);
4669 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4671 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4673 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4674 if (strlen(av[CONTAINER_ROWID]) != 0)
4676 moiraId_v[0] = av[CONTAINER_ROWID];
4677 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4679 if (strlen(av[CONTAINER_DESC]) != 0)
4681 desc_v[0] = av[CONTAINER_DESC];
4682 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4684 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4686 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4688 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4690 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4691 managedBy_v[0] = managedByDN;
4692 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4697 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4699 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4701 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4703 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4705 if (strlen(filter) != 0)
4707 attr_array[0] = "distinguishedName";
4708 attr_array[1] = NULL;
4711 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4712 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4714 if (group_count == 1)
4716 strcpy(managedByDN, group_base->value);
4717 managedBy_v[0] = managedByDN;
4718 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4720 linklist_free(group_base);
4729 sprintf(temp, "%s,%s", dName, dn_path);
4730 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4731 for (i = 0; i < n; i++)
4733 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4735 com_err(whoami, 0, "Unable to create container %s : %s",
4736 cName, ldap_err2string(rc));
4739 if (rc == LDAP_ALREADY_EXISTS)
4741 if (strlen(av[CONTAINER_ROWID]) != 0)
4742 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4747 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4748 int afterc, char **after)
4750 char distinguishedName[256];
4753 memset(distinguishedName, '\0', sizeof(distinguishedName));
4754 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4756 if (strlen(distinguishedName) == 0)
4758 rc = container_create(ldap_handle, dn_path, afterc, after);
4762 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4763 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4768 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4770 char *attr_array[3];
4771 LK_ENTRY *group_base;
4778 memset(filter, '\0', sizeof(filter));
4779 memset(dName, '\0', sizeof(dName));
4780 memset(cName, '\0', sizeof(cName));
4781 container_get_dn(av[CONTAINER_NAME], dName);
4782 container_get_name(av[CONTAINER_NAME], cName);
4784 if (strlen(dName) == 0)
4786 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4787 return(AD_INVALID_NAME);
4790 if (!check_container_name(cName))
4792 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4793 return(AD_INVALID_NAME);
4796 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4797 attr_array[0] = "distinguishedName";
4798 attr_array[1] = NULL;
4801 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4802 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4804 if (group_count == 1)
4806 strcpy(distinguishedName, group_base->value);
4808 linklist_free(group_base);
4812 if (strlen(distinguishedName) == 0)
4814 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4815 attr_array[0] = "distinguishedName";
4816 attr_array[1] = NULL;
4819 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4820 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4822 if (group_count == 1)
4824 strcpy(distinguishedName, group_base->value);
4826 linklist_free(group_base);
4834 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4835 char *distinguishedName, int count, char **av)
4837 char *attr_array[5];
4838 LK_ENTRY *group_base;
4843 char *moiraId_v[] = {NULL, NULL};
4844 char *desc_v[] = {NULL, NULL};
4845 char *managedBy_v[] = {NULL, NULL};
4846 char managedByDN[256];
4855 strcpy(ad_path, distinguishedName);
4856 if (strlen(dName) != 0)
4857 sprintf(ad_path, "%s,%s", dName, dn_path);
4859 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4860 if (strlen(av[CONTAINER_ID]) != 0)
4861 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4862 attr_array[0] = "mitMoiraId";
4863 attr_array[1] = "description";
4864 attr_array[2] = "managedBy";
4865 attr_array[3] = NULL;
4868 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4869 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4871 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4872 av[CONTAINER_NAME], ldap_err2string(rc));
4875 memset(managedByDN, '\0', sizeof(managedByDN));
4876 memset(moiraId, '\0', sizeof(moiraId));
4877 memset(desc, '\0', sizeof(desc));
4881 if (!strcasecmp(pPtr->attribute, "description"))
4882 strcpy(desc, pPtr->value);
4883 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4884 strcpy(managedByDN, pPtr->value);
4885 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4886 strcpy(moiraId, pPtr->value);
4889 linklist_free(group_base);
4894 if (strlen(av[CONTAINER_ROWID]) != 0)
4896 moiraId_v[0] = av[CONTAINER_ROWID];
4897 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4899 if (strlen(av[CONTAINER_DESC]) != 0)
4901 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4905 if (strlen(desc) != 0)
4907 attribute_update(ldap_handle, ad_path, "", "description", dName);
4910 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4912 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4914 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4916 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4917 managedBy_v[0] = managedByDN;
4918 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4922 if (strlen(managedByDN) != 0)
4924 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4930 memset(filter, '\0', sizeof(filter));
4931 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4933 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4935 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4937 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4939 if (strlen(filter) != 0)
4941 attr_array[0] = "distinguishedName";
4942 attr_array[1] = NULL;
4945 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4946 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4948 if (group_count == 1)
4950 strcpy(managedByDN, group_base->value);
4951 managedBy_v[0] = managedByDN;
4952 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4956 if (strlen(managedByDN) != 0)
4958 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4961 linklist_free(group_base);
4968 if (strlen(managedByDN) != 0)
4970 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4977 return(LDAP_SUCCESS);
4979 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4980 for (i = 0; i < n; i++)
4982 if (rc != LDAP_SUCCESS)
4984 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4985 av[CONTAINER_NAME], ldap_err2string(rc));
4991 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4993 char *attr_array[3];
4994 LK_ENTRY *group_base;
5001 int NumberOfEntries = 10;
5005 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
5007 for (i = 0; i < 3; i++)
5009 memset(filter, '\0', sizeof(filter));
5012 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
5013 attr_array[0] = "cn";
5014 attr_array[1] = NULL;
5018 strcpy(filter, "(objectClass=computer)");
5019 attr_array[0] = "cn";
5020 attr_array[1] = NULL;
5024 strcpy(filter, "(objectClass=organizationalUnit)");
5025 attr_array[0] = "ou";
5026 attr_array[1] = NULL;
5031 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5032 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5036 if (group_count == 0)
5041 if (!strcasecmp(pPtr->attribute, "cn"))
5043 sprintf(new_cn, "cn=%s", pPtr->value);
5045 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5047 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5051 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5053 if (rc == LDAP_ALREADY_EXISTS)
5055 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5062 else if (!strcasecmp(pPtr->attribute, "ou"))
5064 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5068 linklist_free(group_base);
5076 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
5078 LK_ENTRY *group_base;
5082 char *attr_array[3];
5089 strcpy(NewMachineName, member);
5090 rc = moira_connect();
5091 rc = GetMachineName(NewMachineName);
5093 if (strlen(NewMachineName) == 0)
5095 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5100 pPtr = strchr(NewMachineName, '.');
5106 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5107 attr_array[0] = "cn";
5108 attr_array[1] = NULL;
5109 sprintf(temp, "%s", dn_path);
5110 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5111 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5113 com_err(whoami, 0, "Unable to process machine %s : %s",
5114 member, ldap_err2string(rc));
5117 if (group_count != 1)
5119 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
5123 strcpy(dn, group_base->dn);
5124 strcpy(cn, group_base->value);
5125 for (i = 0; i < (int)strlen(dn); i++)
5126 dn[i] = tolower(dn[i]);
5127 for (i = 0; i < (int)strlen(cn); i++)
5128 cn[i] = tolower(cn[i]);
5129 linklist_free(group_base);
5131 pPtr = strstr(dn, cn);
5134 com_err(whoami, 0, "Unable to process machine %s",
5138 pPtr += strlen(cn) + 1;
5139 strcpy(machine_ou, pPtr);
5141 pPtr = strstr(machine_ou, "dc=");
5144 com_err(whoami, 0, "Unable to process machine %s",
5153 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5158 char MachineName[128];
5160 char *attr_array[3];
5165 LK_ENTRY *group_base;
5170 strcpy(MachineName, MoiraMachineName);
5171 rc = GetMachineName(MachineName);
5172 if (strlen(MachineName) == 0)
5174 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5178 cPtr = strchr(MachineName, '.');
5181 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5182 attr_array[0] = "sAMAccountName";
5183 attr_array[1] = NULL;
5184 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5185 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5187 com_err(whoami, 0, "Unable to process machine %s : %s",
5188 MoiraMachineName, ldap_err2string(rc));
5192 if (group_count == 1)
5193 strcpy(OldDn, group_base->dn);
5194 linklist_free(group_base);
5196 if (group_count != 1)
5198 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5201 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5202 cPtr = strchr(OldDn, ',');
5206 if (!strcasecmp(cPtr, NewOu))
5209 sprintf(NewCn, "CN=%s", MachineName);
5210 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5214 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5220 memset(Name, '\0', sizeof(Name));
5221 strcpy(Name, machine_name);
5223 pPtr = strchr(Name, '.');
5227 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5230 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5236 av[0] = machine_name;
5237 call_args[0] = (char *)container_name;
5238 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5243 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5248 strcpy(call_args[0], av[1]);
5252 int Moira_container_group_create(char **after)
5258 memset(GroupName, '\0', sizeof(GroupName));
5259 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5260 after[CONTAINER_ROWID]);
5264 argv[L_NAME] = GroupName;
5265 argv[L_ACTIVE] = "1";
5266 argv[L_PUBLIC] = "0";
5267 argv[L_HIDDEN] = "0";
5268 argv[L_MAILLIST] = "0";
5269 argv[L_GROUP] = "1";
5270 argv[L_GID] = UNIQUE_GID;
5271 argv[L_NFSGROUP] = "0";
5272 argv[L_MAILMAN] = "0";
5273 argv[L_MAILMAN_SERVER] = "[NONE]";
5274 argv[L_DESC] = "auto created container group";
5275 argv[L_ACE_TYPE] = "USER";
5276 argv[L_MEMACE_TYPE] = "USER";
5277 argv[L_ACE_NAME] = "sms";
5278 argv[L_MEMACE_NAME] = "sms";
5280 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5282 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
5283 GroupName, after[CONTAINER_NAME], error_message(rc));
5286 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5287 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5292 int Moira_container_group_update(char **before, char **after)
5295 char BeforeGroupName[64];
5296 char AfterGroupName[64];
5299 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5302 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5303 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5304 if (strlen(BeforeGroupName) == 0)
5307 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5308 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5309 after[CONTAINER_ROWID]);
5313 if (strcasecmp(BeforeGroupName, AfterGroupName))
5315 argv[L_NAME] = BeforeGroupName;
5316 argv[L_NAME + 1] = AfterGroupName;
5317 argv[L_ACTIVE + 1] = "1";
5318 argv[L_PUBLIC + 1] = "0";
5319 argv[L_HIDDEN + 1] = "1";
5320 argv[L_MAILLIST + 1] = "0";
5321 argv[L_GROUP + 1] = "1";
5322 argv[L_GID + 1] = UNIQUE_GID;
5323 argv[L_NFSGROUP + 1] = "0";
5324 argv[L_MAILMAN + 1] = "0";
5325 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5326 argv[L_DESC + 1] = "auto created container group";
5327 argv[L_ACE_TYPE + 1] = "USER";
5328 argv[L_MEMACE_TYPE + 1] = "USER";
5329 argv[L_ACE_NAME + 1] = "sms";
5330 argv[L_MEMACE_NAME + 1] = "sms";
5332 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5334 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
5335 BeforeGroupName, AfterGroupName, error_message(rc));
5342 int Moira_container_group_delete(char **before)
5347 char ParentGroupName[64];
5349 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5350 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5352 memset(GroupName, '\0', sizeof(GroupName));
5353 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5354 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5356 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5358 argv[0] = ParentGroupName;
5360 argv[2] = GroupName;
5361 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5363 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
5364 GroupName, ParentGroupName, error_message(rc));
5368 if (strlen(GroupName) != 0)
5370 argv[0] = GroupName;
5371 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5373 com_err(whoami, 0, "Unable to delete container group %s : %s",
5374 GroupName, error_message(rc));
5381 int Moira_groupname_create(char *GroupName, char *ContainerName,
5382 char *ContainerRowID)
5387 char newGroupName[64];
5388 char tempGroupName[64];
5393 strcpy(temp, ContainerName);
5395 ptr1 = strrchr(temp, '/');
5401 if (strlen(ptr) > 25)
5404 sprintf(newGroupName, "cnt-%s", ptr);
5406 /* change everything to lower case */
5411 *ptr = tolower(*ptr);
5417 strcpy(tempGroupName, newGroupName);
5419 /* append 0-9 then a-z if a duplicate is found */
5422 argv[0] = newGroupName;
5423 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5425 if (rc == MR_NO_MATCH)
5427 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5428 ContainerName, error_message(rc));
5431 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5434 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
5444 strcpy(GroupName, newGroupName);
5448 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5453 argv[0] = origContainerName;
5454 argv[1] = GroupName;
5456 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5458 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5459 GroupName, origContainerName, error_message(rc));
5465 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5467 char ContainerName[64];
5468 char ParentGroupName[64];
5472 strcpy(ContainerName, origContainerName);
5474 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5475 /* top-level container */
5476 if (strlen(ParentGroupName) == 0)
5479 argv[0] = ParentGroupName;
5481 argv[2] = GroupName;
5482 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5484 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5485 GroupName, ParentGroupName, error_message(rc));
5490 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5495 strcpy(call_args[0], av[1]);
5499 int Moira_getGroupName(char *origContainerName, char *GroupName,
5502 char ContainerName[64];
5508 strcpy(ContainerName, origContainerName);
5512 ptr = strrchr(ContainerName, '/');
5519 argv[0] = ContainerName;
5521 call_args[0] = GroupName;
5522 call_args[1] = NULL;
5524 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5527 if (strlen(GroupName) != 0)
5532 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5533 ContainerName, error_message(rc));
5535 com_err(whoami, 0, "Unable to get container group from container %s",
5540 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5546 if (strcmp(GroupName, "[none]") == 0)
5549 argv[0] = GroupName;
5550 argv[1] = "MACHINE";
5551 argv[2] = MachineName;
5553 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5555 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5558 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5559 MachineName, GroupName, error_message(rc));
5564 int GetMachineName(char *MachineName)
5567 char NewMachineName[1024];
5574 // If the address happens to be in the top-level MIT domain, great!
5575 strcpy(NewMachineName, MachineName);
5576 for (i = 0; i < (int)strlen(NewMachineName); i++)
5577 NewMachineName[i] = toupper(NewMachineName[i]);
5578 szDot = strchr(NewMachineName,'.');
5579 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5584 // If not, see if it has a Moira alias in the top-level MIT domain.
5585 memset(NewMachineName, '\0', sizeof(NewMachineName));
5587 args[1] = MachineName;
5588 call_args[0] = NewMachineName;
5589 call_args[1] = NULL;
5590 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5592 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5593 MachineName, error_message(rc));
5594 strcpy(MachineName, "");
5598 if (strlen(NewMachineName) != 0)
5599 strcpy(MachineName, NewMachineName);
5601 strcpy(MachineName, "");
5606 int ProcessMachineName(int ac, char **av, void *ptr)
5609 char MachineName[1024];
5614 if (strlen(call_args[0]) == 0)
5616 strcpy(MachineName, av[0]);
5617 for (i = 0; i < (int)strlen(MachineName); i++)
5618 MachineName[i] = toupper(MachineName[i]);
5619 szDot = strchr(MachineName,'.');
5620 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5622 strcpy(call_args[0], MachineName);
5628 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5634 for (i = 0; i < n; i++)
5636 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5637 mods[i]->mod_type = "uidNumber";
5643 for (i = 0; i < n; i++)
5645 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5646 mods[i]->mod_type = "msSFU30UidNumber";
5652 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5653 char *WinHomeDir, char *WinProfileDir,
5654 char **homedir_v, char **winProfile_v,
5655 char **drives_v, LDAPMod **mods,
5663 char winProfile[1024];
5668 LDAPMod *DelMods[20];
5670 memset(homeDrive, '\0', sizeof(homeDrive));
5671 memset(path, '\0', sizeof(path));
5672 memset(winPath, '\0', sizeof(winPath));
5673 memset(winProfile, '\0', sizeof(winProfile));
5675 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5677 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5679 memset(cWeight, 0, sizeof(cWeight));
5680 memset(cPath, 0, sizeof(cPath));
5683 while (hp[i] != NULL)
5685 if (sscanf(hp[i], "%*s %s", cPath))
5687 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5689 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5691 if (atoi(cWeight) < last_weight)
5693 strcpy(path, cPath);
5694 last_weight = (int)atoi(cWeight);
5698 strcpy(path, cPath);
5705 if (!strnicmp(path, AFS, strlen(AFS)))
5707 AfsToWinAfs(path, winPath);
5708 strcpy(winProfile, winPath);
5709 strcat(winProfile, "\\.winprofile");
5725 if (!strcasecmp(WinHomeDir, "[local]"))
5726 memset(winPath, '\0', sizeof(winPath));
5727 else if (!strcasecmp(WinHomeDir, "[afs]"))
5729 strcpy(homeDrive, "H:");
5733 strcpy(winPath, WinHomeDir);
5734 if (!strncmp(WinHomeDir, "\\\\", 2))
5736 strcpy(homeDrive, "H:");
5740 // nothing needs to be done if WinProfileDir is [afs].
5741 if (!strcasecmp(WinProfileDir, "[local]"))
5742 memset(winProfile, '\0', sizeof(winProfile));
5743 else if (strcasecmp(WinProfileDir, "[afs]"))
5745 strcpy(winProfile, WinProfileDir);
5748 if (strlen(winProfile) != 0)
5750 if (winProfile[strlen(winProfile) - 1] == '\\')
5751 winProfile[strlen(winProfile) - 1] = '\0';
5753 if (strlen(winPath) != 0)
5755 if (winPath[strlen(winPath) - 1] == '\\')
5756 winPath[strlen(winPath) - 1] = '\0';
5759 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5760 strcat(winProfile, "\\");
5761 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5762 strcat(winPath, "\\");
5764 if (strlen(winPath) == 0)
5766 if (OpType == LDAP_MOD_REPLACE)
5769 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5771 //unset homeDirectory attribute for user.
5772 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5778 homedir_v[0] = strdup(winPath);
5779 ADD_ATTR("homeDirectory", homedir_v, OpType);
5782 if (strlen(winProfile) == 0)
5784 if (OpType == LDAP_MOD_REPLACE)
5787 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5789 //unset profilePate attribute for user.
5790 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5796 winProfile_v[0] = strdup(winProfile);
5797 ADD_ATTR("profilePath", winProfile_v, OpType);
5800 if (strlen(homeDrive) == 0)
5802 if (OpType == LDAP_MOD_REPLACE)
5805 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5807 //unset homeDrive attribute for user
5808 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5814 drives_v[0] = strdup(homeDrive);
5815 ADD_ATTR("homeDrive", drives_v, OpType);
5821 int GetServerList(char *ldap_domain, char **ServerList)
5828 int IgnoreServerListError;
5829 int ServerListFound;
5830 char default_server[256];
5832 char *attr_array[3];
5836 LK_ENTRY *group_base;
5841 memset(default_server, '\0', sizeof(default_server));
5842 memset(dn_path, '\0', sizeof(dn_path));
5843 for (i = 0; i < MAX_SERVER_NAMES; i++)
5845 if (ServerList[i] != NULL)
5847 free(ServerList[i]);
5848 ServerList[i] = NULL;
5851 IgnoreServerListError = 1;
5852 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5853 ServerList, &IgnoreServerListError))
5855 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5859 ServerListFound = 0;
5861 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5862 attr_array[0] = "fSMORoleOwner";
5863 attr_array[1] = NULL;
5864 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5865 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5867 if (group_count != 0)
5869 sPtr = strstr(group_base->value, ",CN=");
5872 sPtr += strlen(",CN=");
5873 if (ServerList[0] == NULL)
5874 ServerList[0] = calloc(1, 256);
5875 strcpy(ServerList[0], sPtr);
5876 sPtr = strstr(ServerList[0], ",");
5880 ServerListFound = 1;
5884 linklist_free(group_base);
5888 attr_array[0] = "cn";
5889 attr_array[1] = NULL;
5890 strcpy(filter, "(cn=*)");
5891 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5893 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5894 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5896 if (group_count != 0)
5899 while (gPtr != NULL)
5901 if (ServerListFound != 0)
5903 if (!strcasecmp(ServerList[0], gPtr->value))
5909 if (Count < MAX_SERVER_NAMES)
5911 if (ServerList[Count] == NULL)
5912 ServerList[Count] = calloc(1, 256);
5913 strcpy(ServerList[Count], gPtr->value);
5920 linklist_free(group_base);
5926 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5927 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5929 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5930 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5932 if (group_count != 0)
5937 linklist_free(group_base);
5941 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5943 fprintf(fptr, "%s%s\n", DOMAIN, ldap_domain);
5945 fprintf(fptr, "%s%s\n", MSSFU, SFUTYPE);
5946 for (i = 0; i < MAX_SERVER_NAMES; i++)
5948 if (ServerList[i] != NULL)
5950 fprintf(fptr, "%s%s\n", SERVER, ServerList[i]);
5955 ldap_unbind_s(ldap_handle);
5960 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5961 char *attribute_value, char *attribute, char *user_name)
5963 char *mod_v[] = {NULL, NULL};
5964 LDAPMod *DelMods[20];
5970 if (strlen(attribute_value) == 0)
5973 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5975 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5981 mod_v[0] = attribute_value;
5982 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5984 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5988 mod_v[0] = attribute_value;
5989 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5991 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5993 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5994 attribute, user_name, ldap_err2string(rc));