2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
32 * test parameters for remove member from group/list - done
33 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
34 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
36 * test parameters for creating and/or populating a group/list - done
37 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
38 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
40 * test parameters for deleting a group/list - done
41 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
42 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
44 * test parameters for renaming a group/list - done
45 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
46 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
47 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
49 * test parameters for adding a file system - done
50 * filesys 0 11 addusr5 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr5 /mit/addusr5 w UserLocker addusr5 wheel 1 HOMEDIR
52 * test parameters for deleting a file system - done
53 * filesys 11 0 addusr8 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr8 /mit/addusr8 w none dtanner wheel 1 HOMEDIR
55 #include <mit-copyright.h>
67 #include <moira_site.h>
77 #define ECONNABORTED WSAECONNABORTED
80 #define ECONNREFUSED WSAECONNREFUSED
83 #define EHOSTUNREACH WSAEHOSTUNREACH
85 #define krb5_xfree free
87 #define sleep(A) Sleep(A * 1000);
91 #include <sys/types.h>
92 #include <netinet/in.h>
93 #include <arpa/nameser.h>
95 #include <sys/utsname.h>
98 #define WINADCFG "/moira/winad/winad.cfg"
99 #define strnicmp(A,B,C) strncasecmp(A,B,C)
100 #define UCHAR unsigned char
102 #define UF_SCRIPT 0x0001
103 #define UF_ACCOUNTDISABLE 0x0002
104 #define UF_HOMEDIR_REQUIRED 0x0008
105 #define UF_LOCKOUT 0x0010
106 #define UF_PASSWD_NOTREQD 0x0020
107 #define UF_PASSWD_CANT_CHANGE 0x0040
108 #define UF_DONT_EXPIRE_PASSWD 0x10000
110 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
111 #define UF_NORMAL_ACCOUNT 0x0200
112 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
113 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
114 #define UF_SERVER_TRUST_ACCOUNT 0x2000
117 #define BYTE unsigned char
119 typedef unsigned int DWORD;
120 typedef unsigned long ULONG;
125 unsigned short Data2;
126 unsigned short Data3;
127 unsigned char Data4[8];
130 typedef struct _SID_IDENTIFIER_AUTHORITY {
132 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
134 typedef struct _SID {
136 BYTE SubAuthorityCount;
137 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
138 DWORD SubAuthority[512];
143 #define WINADCFG "winad.cfg"
147 #define WINAFS "\\\\afs\\all\\"
149 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
150 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
151 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
152 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
153 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
155 #define QUERY_VERSION -1
156 #define PRIMARY_REALM "ATHENA.MIT.EDU"
165 #define MEMBER_REMOVE 2
166 #define MEMBER_CHANGE_NAME 3
167 #define MEMBER_ACTIVATE 4
168 #define MEMBER_DEACTIVATE 5
169 #define MEMBER_CREATE 6
171 #define MOIRA_ALL 0x0
172 #define MOIRA_USERS 0x1
173 #define MOIRA_KERBEROS 0x2
174 #define MOIRA_STRINGS 0x4
175 #define MOIRA_LISTS 0x8
177 typedef struct lk_entry {
187 struct lk_entry *next;
190 #define STOP_FILE "/moira/winad/nowinad"
191 #define file_exists(file) (access((file), F_OK) == 0)
193 #define LDAP_BERVAL struct berval
194 #define MAX_SERVER_NAMES 32
196 #define ADD_ATTR(t, v, o) \
197 mods[n] = malloc(sizeof(LDAPMod)); \
198 mods[n]->mod_op = o; \
199 mods[n]->mod_type = t; \
200 mods[n++]->mod_values = v
202 LK_ENTRY *member_base = NULL;
203 LK_ENTRY *sid_base = NULL;
204 LK_ENTRY **sid_ptr = NULL;
205 static char tbl_buf[1024];
206 char kerberos_ou[] = "OU=kerberos, OU=moira";
207 char contact_ou[] = "OU=strings, OU=moira";
208 char user_ou[] = "OU=users, OU=moira";
209 char group_ou_distribution[] = "OU=mail, OU=lists, OU=moira";
210 char group_ou_root[] = "OU=lists, OU=moira";
211 char group_ou_security[] = "OU=group, OU=lists, OU=moira";
212 char group_ou_neither[] = "OU=special, OU=lists, OU=moira";
213 char group_ou_both[] = "OU=mail, OU=group, OU=lists, OU=moira";
215 char ldap_domain[256];
216 int mr_connections = 0;
218 int UserReactivate = 0;
219 char default_server[256];
220 static char tbl_buf[1024];
222 extern int set_password(char *user, char *password, char *domain);
224 void AfsToWinAfs(char* path, char* winPath);
225 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
226 char *Win2kPassword, char *Win2kUser, char *default_server,
228 void ad_kdc_disconnect();
229 void check_winad(void);
230 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
231 char *fs_type, char *fs_pack, int operation);
232 int get_group_membership(char *group_membership, char *group_ou,
233 int *security_flag, char **av);
234 int process_lists(int ac, char **av, void *ptr);
235 int user_create(int ac, char **av, void *ptr);
236 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation);
237 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
238 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
239 char *user_name, char *Uid, char *MitId, int State);
240 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
241 char *uid, char *MitId);
242 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
243 int group_create(int ac, char **av, void *ptr);
244 int group_delete(LDAP *ldap_handle, char *dn_path,
245 char *group_name, char *group_membership);
246 int group_rename(LDAP *ldap_handle, char *dn_path,
247 char *before_group_name, char *before_group_membership,
248 char *before_group_ou, int before_security_flag,
249 char *after_group_name, char *after_group_membership,
250 char *after_group_ou, int after_security_flag);
251 int member_list_build(int ac, char **av, void *ptr);
252 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
253 char *group_ou, char *group_membership,
254 char *user_name, char *pUserOu);
255 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
256 char *group_ou, char *group_membership, char *user_name,
258 int sid_update(LDAP *ldap_handle, char *dn_path);
259 int check_string(char *s);
260 void convert_b_to_a(char *string, UCHAR *binary, int length);
261 int mr_connect_cl(char *server, char *client, int version, int auth);
263 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
264 char **before, int beforec, char **after, int afterc);
265 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
266 char **before, int beforec, char **after, int afterc);
267 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
268 char **before, int beforec, char **after, int afterc);
269 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
270 char **before, int beforec, char **after, int afterc);
271 int linklist_create_entry(char *attribute, char *value,
272 LK_ENTRY **linklist_entry);
273 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
274 char **attr_array, LK_ENTRY **linklist_base,
275 int *linklist_count);
276 void linklist_free(LK_ENTRY *linklist_base);
278 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
279 char *distinguished_name, LK_ENTRY **linklist_current);
280 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
281 LK_ENTRY **linklist_base, int *linklist_count);
282 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
283 char *Attribute, char *distinguished_name,
284 LK_ENTRY **linklist_current);
286 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
287 char *oldValue, char *newValue,
288 char ***modvalues, int type);
289 void free_values(char **modvalues);
291 int convert_domain_to_dn(char *domain, char **bind_path);
292 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
293 char *distinguished_name);
294 int moira_disconnect(void);
295 int moira_connect(void);
296 void print_to_screen(const char *fmt, ...);
298 int main(int argc, char **argv)
311 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
315 com_err(whoami, 0, "%s", "argc < 4");
318 beforec = atoi(argv[2]);
319 afterc = atoi(argv[3]);
321 if (argc < (4 + beforec + afterc))
323 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
329 after = &argv[4 + beforec];
331 for (i = 1; i < argc; i++)
333 strcat(tbl_buf, argv[i]);
334 strcat(tbl_buf, " ");
336 com_err(whoami, 0, "%s", tbl_buf);
340 memset(ldap_domain, '\0', sizeof(ldap_domain));
341 if ((fptr = fopen(WINADCFG, "r")) != NULL)
343 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
346 if (strlen(ldap_domain) == 0)
347 strcpy(ldap_domain, "win.mit.edu");
348 initialize_sms_error_table();
349 initialize_krb_error_table();
351 memset(default_server, '\0', sizeof(default_server));
352 memset(dn_path, '\0', sizeof(dn_path));
353 if (ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))
355 com_err(whoami, 0, "cannot connect to any server in domain %s", ldap_domain);
359 for (i = 0; i < (int)strlen(table); i++)
360 table[i] = tolower(table[i]);
361 if (!strcmp(table, "users"))
362 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
364 else if (!strcmp(table, "list"))
365 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
367 else if (!strcmp(table, "imembers"))
368 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
370 else if (!strcmp(table, "filesys"))
371 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
374 else if (!strcmp(table, "quota"))
375 do_quota(before, beforec, after, afterc);
379 rc = ldap_unbind_s(ldap_handle);
383 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
384 char **before, int beforec, char **after, int afterc)
397 if (afterc < FS_CREATE)
401 atype = !strcmp(after[FS_TYPE], "AFS");
402 acreate = atoi(after[FS_CREATE]);
405 if (beforec < FS_CREATE)
407 if (acreate == 0 || atype == 0)
409 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
413 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
414 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
416 if (rc != LDAP_SUCCESS)
417 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
424 if (rc = moira_connect())
426 critical_alert("AD incremental",
427 "Error contacting Moira server : %s",
431 av[0] = after[FS_NAME];
432 call_args[0] = (char *)ldap_handle;
433 call_args[1] = dn_path;
434 call_args[2] = (char *)MEMBER_ACTIVATE;
439 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
443 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
449 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
452 if (sid_base != NULL)
454 sid_update(ldap_handle, dn_path);
455 linklist_free(sid_base);
463 btype = !strcmp(before[FS_TYPE], "AFS");
464 bcreate = atoi(before[FS_CREATE]);
465 if (afterc < FS_CREATE)
467 if (btype && bcreate)
469 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
470 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
472 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
481 if (!atype && !btype)
483 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
485 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
486 before[FS_NAME], after[FS_NAME]);
490 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
494 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
495 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
497 if (rc != LDAP_SUCCESS)
498 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
505 if (rc = moira_connect())
507 critical_alert("AD incremental",
508 "Error contacting Moira server : %s",
512 av[0] = after[FS_NAME];
513 call_args[0] = (char *)ldap_handle;
514 call_args[1] = dn_path;
515 call_args[2] = (char *)MEMBER_ACTIVATE;
520 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
524 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
530 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
533 if (sid_base != NULL)
535 sid_update(ldap_handle, dn_path);
536 linklist_free(sid_base);
545 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
546 char **before, int beforec, char **after, int afterc)
563 char group_membership[1];
566 char before_group_membership[1];
567 int before_security_flag;
568 char before_group_ou[256];
570 LK_ENTRY *ptr = NULL;
572 if (beforec == 0 && afterc == 0)
575 astatus = bstatus = 0;
577 apublic = bpublic = 0;
578 amaillist = bmaillist = 0;
582 if (beforec > L_GID && atoi(before[L_ACTIVE]))
584 bgid = atoi(before[L_GID]);
585 bstatus = atoi(before[L_ACTIVE]);
586 bhide = atoi(before[L_HIDDEN]);
587 bpublic = atoi(before[L_PUBLIC]);
588 bmaillist = atoi(before[L_MAILLIST]);
589 bgroup = atoi(before[L_GROUP]);
590 before_security_flag = 0;
591 memset(before_group_ou, '\0', sizeof(before_group_ou));
592 memset(before_group_membership, '\0', sizeof(before_group_membership));
593 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
595 if (afterc > L_GID && atoi(after[L_ACTIVE]))
597 agid = atoi(after[L_GID]);
598 astatus = atoi(after[L_ACTIVE]);
599 ahide = atoi(after[L_HIDDEN]);
600 apublic = atoi(after[L_PUBLIC]);
601 amaillist = atoi(after[L_MAILLIST]);
602 agroup = atoi(after[L_GROUP]);
604 memset(group_ou, '\0', sizeof(group_ou));
605 memset(group_membership, '\0', sizeof(group_membership));
606 get_group_membership(group_membership, group_ou, &security_flag, after);
608 if (agid == 0 && bgid == 0)
613 if (strcmp(after[L_NAME], before[L_NAME]))
615 if (astatus && bstatus)
617 com_err(whoami, 0, "Changing list name from %s to %s",
618 before[L_NAME], after[L_NAME]);
619 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
620 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
622 com_err(whoami, 0, "%s", "couldn't find the group OU's");
625 if ((rc = group_rename(ldap_handle, dn_path,
626 before[L_NAME], before_group_membership,
627 before_group_ou, before_security_flag,
628 after[L_NAME], group_membership,
629 group_ou, security_flag)) != LDAP_NO_SUCH_OBJECT)
631 if (rc != LDAP_SUCCESS)
632 com_err(whoami, 0, "Could not change list name from %s to %s",
648 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
650 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
653 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
654 rc = group_delete(ldap_handle, dn_path, before[L_NAME], before_group_membership);
659 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
661 if (rc = moira_connect())
663 critical_alert("AD incremental",
664 "Error contacting Moira server : %s",
669 av[0] = after[L_NAME];
670 call_args[0] = (char *)ldap_handle;
671 call_args[1] = dn_path;
672 call_args[2] = after[L_NAME];
673 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
678 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
681 com_err(whoami, 0, "Couldn't create list %s : %s", after[L_NAME], error_message(rc));
687 com_err(whoami, 0, "Couldn't create list %s", after[L_NAME]);
691 if (sid_base != NULL)
693 sid_update(ldap_handle, dn_path);
694 linklist_free(sid_base);
699 com_err(whoami, 0, "Populating group %s", after[L_NAME]);
700 av[0] = after[L_NAME];
701 call_args[0] = (char *)ldap_handle;
702 call_args[1] = dn_path;
703 call_args[2] = after[L_NAME];
704 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
707 if (rc = mr_query("get_end_members_of_list", 1, av,
708 member_list_build, call_args))
711 com_err(whoami, 0, "Couldn't populate list %s : %s",
712 after[L_NAME], error_message(rc));
715 if (member_base != NULL)
720 if (!strcasecmp(ptr->type, "LIST"))
726 if (!strcasecmp(ptr->type, "STRING"))
728 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
730 pUserOu = contact_ou;
732 else if (!strcasecmp(ptr->type, "KERBEROS"))
734 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
736 pUserOu = kerberos_ou;
738 rc = member_add(ldap_handle, dn_path, after[L_NAME],
739 group_ou, group_membership, ptr->member, pUserOu);
742 linklist_free(member_base);
751 #define LM_EXTRA_ACTIVE (LM_END)
752 #define LM_EXTRA_PUBLIC (LM_END+1)
753 #define LM_EXTRA_HIDDEN (LM_END+2)
754 #define LM_EXTRA_MAILLIST (LM_END+3)
755 #define LM_EXTRA_GROUP (LM_END+4)
756 #define LM_EXTRA_GID (LM_END+5)
757 #define LM_EXTRA_END (LM_END+6)
759 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
760 char **before, int beforec, char **after, int afterc)
762 char group_name[128];
766 char group_membership[1];
777 if (afterc < LM_EXTRA_END)
779 if (!atoi(after[LM_EXTRA_ACTIVE]))
782 strcpy(user_name, after[LM_MEMBER]);
783 strcpy(group_name, after[LM_LIST]);
784 strcpy(user_type, after[LM_TYPE]);
789 if (beforec < LM_EXTRA_END)
791 if (!atoi(before[LM_EXTRA_ACTIVE]))
794 strcpy(user_name, before[LM_MEMBER]);
795 strcpy(group_name, before[LM_LIST]);
796 strcpy(user_type, before[LM_TYPE]);
802 args[L_NAME] = ptr[LM_LIST];
803 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
804 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
805 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
806 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
807 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
808 args[L_GID] = ptr[LM_EXTRA_GID];
811 memset(group_ou, '\0', sizeof(group_ou));
812 get_group_membership(group_membership, group_ou, &security_flag, args);
813 if (strlen(group_ou) == 0)
815 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
822 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
825 com_err(whoami, 0, "Removing user %s from list %s", user_name, group_name);
827 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
829 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
831 pUserOu = contact_ou;
833 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
835 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
837 pUserOu = kerberos_ou;
839 rc = member_remove(ldap_handle, dn_path, group_name,
840 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
844 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
847 com_err(whoami, 0, "Adding user %s to list %s", user_name, group_name);
849 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
851 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
853 pUserOu = contact_ou;
855 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
857 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
859 pUserOu = kerberos_ou;
861 rc = member_add(ldap_handle, dn_path, group_name,
862 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
867 com_err(whoami, 0, "Couldn't add %s to group %s", user_name, group_name);
869 com_err(whoami, 0, "Couldn't remove %s to group %s", user_name, group_name);
875 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
876 char **before, int beforec, char **after,
885 if ((beforec == 0) && (afterc == 0))
890 if (afterc > U_STATE)
891 astate = atoi(after[U_STATE]);
892 if (beforec > U_STATE)
893 bstate = atoi(before[U_STATE]);
900 if ((bstate == 0) && (astate == 0))
903 if (astate == bstate)
905 if (!strcmp(before[U_NAME], after[U_NAME]))
907 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
908 rc = user_update(ldap_handle, dn_path, before[U_NAME],
909 before[U_UID], before[U_MITID]);
914 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
916 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
917 after[U_NAME], after[U_UID], after[U_MITID],
918 atoi(after[U_STATE]))) != LDAP_NO_SUCH_OBJECT)
920 if (rc != LDAP_SUCCESS)
922 com_err(whoami, 0, "Could not change user %s to %s : %s",
924 after[U_NAME], error_message(rc));
934 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
936 if ((rc = user_change_status(ldap_handle, dn_path, before[U_NAME],
937 MEMBER_DEACTIVATE)) != LDAP_SUCCESS)
939 com_err(whoami, 0, "Couldn't deactivate user %s in the AD", before[U_NAME]);
946 if (rc = moira_connect())
948 critical_alert("AD incremental",
949 "Error connection to Moira : %s",
953 com_err(whoami, 0, "Creating/Reactivating user %s", after[U_NAME]);
955 av[0] = after[U_NAME];
956 call_args[0] = (char *)ldap_handle;
957 call_args[1] = dn_path;
958 call_args[2] = (char *)MEMBER_ACTIVATE;
964 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
968 com_err(whoami, 0, "Couldn't create/activate user %s : %s",
969 after[U_NAME], error_message(rc));
975 com_err(whoami, 0, "Couldn't create/activate user %s", after[U_NAME]);
979 if (sid_base != NULL)
981 sid_update(ldap_handle, dn_path);
982 linklist_free(sid_base);
987 av[1] = after[U_NAME];
988 call_args[0] = (char *)ldap_handle;
989 call_args[1] = dn_path;
990 call_args[2] = after[U_NAME];
991 call_args[3] = user_ou;
992 rc = mr_query("get_lists_of_member", 2, av, process_lists,
994 if (rc && rc != MR_NO_MATCH)
996 com_err(whoami, 0, "Couldn't retrieve membership of user %s: %s",
997 after[U_NAME], error_message(rc));
1006 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1007 char *oldValue, char *newValue,
1008 char ***modvalues, int type)
1010 LK_ENTRY *linklist_ptr;
1014 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1019 for (i = 0; i < (modvalue_count + 1); i++)
1020 (*modvalues)[i] = NULL;
1021 if (modvalue_count != 0)
1023 linklist_ptr = linklist_base;
1024 for (i = 0; i < modvalue_count; i++)
1026 if ((oldValue != NULL) && (newValue != NULL))
1028 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1031 if (type == REPLACE)
1033 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1036 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1037 strcpy((*modvalues)[i], newValue);
1041 if (((*modvalues)[i] = calloc(1,
1042 (int)(cPtr - linklist_ptr->value) +
1043 (linklist_ptr->length - strlen(oldValue)) +
1044 strlen(newValue) + 1)) == NULL)
1046 memset((*modvalues)[i], '\0',
1047 (int)(cPtr - linklist_ptr->value) +
1048 (linklist_ptr->length - strlen(oldValue)) +
1049 strlen(newValue) + 1);
1050 memcpy((*modvalues)[i], linklist_ptr->value,
1051 (int)(cPtr - linklist_ptr->value));
1052 strcat((*modvalues)[i], newValue);
1053 strcat((*modvalues)[i],
1054 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1059 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1060 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1061 memcpy((*modvalues)[i], linklist_ptr->value,
1062 linklist_ptr->length);
1067 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1068 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1069 memcpy((*modvalues)[i], linklist_ptr->value,
1070 linklist_ptr->length);
1072 linklist_ptr = linklist_ptr->next;
1074 (*modvalues)[i] = NULL;
1080 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1081 char **attr_array, LK_ENTRY **linklist_base,
1082 int *linklist_count)
1085 LDAPMessage *ldap_entry;
1089 (*linklist_base) = NULL;
1090 (*linklist_count) = 0;
1091 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1092 search_exp, attr_array, 0, &ldap_entry))
1095 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1097 ldap_msgfree(ldap_entry);
1102 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1103 LK_ENTRY **linklist_base, int *linklist_count)
1105 char distinguished_name[1024];
1106 LK_ENTRY *linklist_ptr;
1109 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1112 memset(distinguished_name, '\0', sizeof(distinguished_name));
1113 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1115 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1116 linklist_base)) != 0)
1119 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1121 memset(distinguished_name, '\0', sizeof(distinguished_name));
1122 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1124 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1125 linklist_base)) != 0)
1129 linklist_ptr = (*linklist_base);
1130 (*linklist_count) = 0;
1131 while (linklist_ptr != NULL)
1133 ++(*linklist_count);
1134 linklist_ptr = linklist_ptr->next;
1139 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1140 char *distinguished_name, LK_ENTRY **linklist_current)
1146 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1148 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1150 ldap_memfree(Attribute);
1151 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1154 retrieve_values(ldap_handle, ldap_entry, Attribute,
1155 distinguished_name, linklist_current);
1156 ldap_memfree(Attribute);
1159 ldap_ber_free(ptr, 0);
1163 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1164 char *Attribute, char *distinguished_name,
1165 LK_ENTRY **linklist_current)
1171 LK_ENTRY *linklist_previous;
1172 LDAP_BERVAL **ber_value;
1180 SID_IDENTIFIER_AUTHORITY *sid_auth;
1181 unsigned char *subauth_count;
1182 #endif /*LDAP_BEGUG*/
1185 memset(temp, '\0', sizeof(temp));
1186 if ((!strcmp(Attribute, "objectSid")) ||
1187 (!strcmp(Attribute, "objectGUID")))
1192 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1193 Ptr = (void **)ber_value;
1198 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1199 Ptr = (void **)str_value;
1206 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1208 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1209 linklist_previous->next = (*linklist_current);
1210 (*linklist_current) = linklist_previous;
1212 if (((*linklist_current)->attribute = calloc(1,
1213 strlen(Attribute) + 1)) == NULL)
1215 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1216 strcpy((*linklist_current)->attribute, Attribute);
1219 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1220 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1222 memset((*linklist_current)->value, '\0', ber_length);
1223 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1225 (*linklist_current)->length = ber_length;
1229 if (((*linklist_current)->value = calloc(1,
1230 strlen(*Ptr) + 1)) == NULL)
1232 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1233 (*linklist_current)->length = strlen(*Ptr);
1234 strcpy((*linklist_current)->value, *Ptr);
1236 (*linklist_current)->ber_value = use_bervalue;
1237 if (((*linklist_current)->dn = calloc(1,
1238 strlen(distinguished_name) + 1)) == NULL)
1240 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1241 strcpy((*linklist_current)->dn, distinguished_name);
1244 if (!strcmp(Attribute, "objectGUID"))
1246 guid = (GUID *)((*linklist_current)->value);
1247 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1248 guid->Data1, guid->Data2, guid->Data3,
1249 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1250 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1251 guid->Data4[6], guid->Data4[7]);
1252 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1254 else if (!strcmp(Attribute, "objectSid"))
1256 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1258 print_to_screen(" Revision = %d\n", sid->Revision);
1259 print_to_screen(" SID Identifier Authority:\n");
1260 sid_auth = &sid->IdentifierAuthority;
1261 if (sid_auth->Value[0])
1262 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1263 else if (sid_auth->Value[1])
1264 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1265 else if (sid_auth->Value[2])
1266 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1267 else if (sid_auth->Value[3])
1268 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1269 else if (sid_auth->Value[5])
1270 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1272 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1273 subauth_count = GetSidSubAuthorityCount(sid);
1274 print_to_screen(" SidSubAuthorityCount = %d\n",
1276 print_to_screen(" SidSubAuthority:\n");
1277 for (i = 0; i < *subauth_count; i++)
1279 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1280 print_to_screen(" %u\n", *subauth);
1284 else if ((!memcmp(Attribute, "userAccountControl",
1285 strlen("userAccountControl"))) ||
1286 (!memcmp(Attribute, "sAMAccountType",
1287 strlen("sAmAccountType"))))
1289 intValue = atoi(*Ptr);
1290 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1291 if (!memcmp(Attribute, "userAccountControl",
1292 strlen("userAccountControl")))
1294 if (intValue & UF_ACCOUNTDISABLE)
1295 print_to_screen(" %20s : %s\n",
1296 "", "Account disabled");
1298 print_to_screen(" %20s : %s\n",
1299 "", "Account active");
1300 if (intValue & UF_HOMEDIR_REQUIRED)
1301 print_to_screen(" %20s : %s\n",
1302 "", "Home directory required");
1303 if (intValue & UF_LOCKOUT)
1304 print_to_screen(" %20s : %s\n",
1305 "", "Account locked out");
1306 if (intValue & UF_PASSWD_NOTREQD)
1307 print_to_screen(" %20s : %s\n",
1308 "", "No password required");
1309 if (intValue & UF_PASSWD_CANT_CHANGE)
1310 print_to_screen(" %20s : %s\n",
1311 "", "Cannot change password");
1312 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1313 print_to_screen(" %20s : %s\n",
1314 "", "Temp duplicate account");
1315 if (intValue & UF_NORMAL_ACCOUNT)
1316 print_to_screen(" %20s : %s\n",
1317 "", "Normal account");
1318 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1319 print_to_screen(" %20s : %s\n",
1320 "", "Interdomain trust account");
1321 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1322 print_to_screen(" %20s : %s\n",
1323 "", "Workstation trust account");
1324 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1325 print_to_screen(" %20s : %s\n",
1326 "", "Server trust account");
1331 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1333 #endif /*LDAP_DEBUG*/
1335 if (str_value != NULL)
1336 ldap_value_free(str_value);
1337 if (ber_value != NULL)
1338 ldap_value_free_len(ber_value);
1340 (*linklist_current) = linklist_previous;
1344 int moira_connect(void)
1349 if (!mr_connections++)
1352 memset(HostName, '\0', sizeof(HostName));
1353 strcpy(HostName, "ttsp");
1354 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1356 rc = mr_connect(HostName);
1361 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1363 rc = mr_connect(uts.nodename);
1368 rc = mr_auth("winad.incr");
1375 void check_winad(void)
1379 for (i = 0; file_exists(STOP_FILE); i++)
1383 critical_alert("AD incremental",
1384 "WINAD incremental failed (%s exists): %s",
1385 STOP_FILE, tbl_buf);
1392 int moira_disconnect(void)
1395 if (!--mr_connections)
1402 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1403 char *distinguished_name)
1407 CName = ldap_get_dn(ldap_handle, ldap_entry);
1410 strcpy(distinguished_name, CName);
1411 ldap_memfree(CName);
1414 int linklist_create_entry(char *attribute, char *value,
1415 LK_ENTRY **linklist_entry)
1417 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1418 if (!(*linklist_entry))
1422 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1423 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1424 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1425 strcpy((*linklist_entry)->attribute, attribute);
1426 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1427 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1428 strcpy((*linklist_entry)->value, value);
1429 (*linklist_entry)->length = strlen(value);
1430 (*linklist_entry)->next = NULL;
1434 void print_to_screen(const char *fmt, ...)
1438 va_start(pvar, fmt);
1439 vfprintf(stderr, fmt, pvar);
1444 int get_group_membership(char *group_membership, char *group_ou,
1445 int *security_flag, char **av)
1450 maillist_flag = atoi(av[L_MAILLIST]);
1451 group_flag = atoi(av[L_GROUP]);
1452 if (security_flag != NULL)
1453 (*security_flag) = 0;
1455 if ((maillist_flag) && (group_flag))
1457 if (group_membership != NULL)
1458 group_membership[0] = 'B';
1459 if (security_flag != NULL)
1460 (*security_flag) = 1;
1461 if (group_ou != NULL)
1462 strcpy(group_ou, group_ou_both);
1464 else if ((!maillist_flag) && (group_flag))
1466 if (group_membership != NULL)
1467 group_membership[0] = 'S';
1468 if (security_flag != NULL)
1469 (*security_flag) = 1;
1470 if (group_ou != NULL)
1471 strcpy(group_ou, group_ou_security);
1473 else if ((maillist_flag) && (!group_flag))
1475 if (group_membership != NULL)
1476 group_membership[0] = 'D';
1477 if (group_ou != NULL)
1478 strcpy(group_ou, group_ou_distribution);
1482 if (group_membership != NULL)
1483 group_membership[0] = 'N';
1484 if (group_ou != NULL)
1485 strcpy(group_ou, group_ou_neither);
1490 int group_rename(LDAP *ldap_handle, char *dn_path,
1491 char *before_group_name, char *before_group_membership,
1492 char *before_group_ou, int before_security_flag,
1493 char *after_group_name, char *after_group_membership,
1494 char *after_group_ou, int after_security_flag)
1499 char new_dn_path[512];
1501 char filter_exp[4096];
1502 char *attr_array[3];
1503 char *name_v[] = {NULL, NULL};
1504 char *samAccountName_v[] = {NULL, NULL};
1508 LK_ENTRY *group_base;
1511 if (!check_string(before_group_name))
1513 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1516 if (!check_string(after_group_name))
1518 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1522 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", before_group_name, before_group_membership[0]);
1523 attr_array[0] = "distinguishedName";
1524 attr_array[1] = NULL;
1525 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1526 &group_base, &group_count)) != 0)
1528 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1529 after_group_name, ldap_err2string(rc));
1532 if (group_count != 1)
1534 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1536 callback_rc = LDAP_NO_SUCH_OBJECT;
1539 strcpy(old_dn, group_base->value);
1540 linklist_free(group_base);
1544 sprintf(sam_name, "%s_zZx%c", after_group_name, after_group_membership[0]);
1545 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1546 sprintf(new_dn, "cn=%s", after_group_name);
1547 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1548 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1550 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1551 after_group_name, after_group_name, ldap_err2string(rc));
1555 name_v[0] = after_group_name;
1556 samAccountName_v[0] = sam_name;
1558 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1559 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1561 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1562 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1564 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1565 after_group_name, ldap_err2string(rc));
1567 for (i = 0; i < n; i++)
1572 int group_create(int ac, char **av, void *ptr)
1575 LK_ENTRY *group_base;
1578 char new_group_name[256];
1579 char sam_group_name[256];
1580 char cn_group_name[256];
1581 char *cn_v[] = {NULL, NULL};
1582 char *objectClass_v[] = {"top", "group", NULL};
1584 char *samAccountName_v[] = {NULL, NULL};
1585 char *managedBy_v[] = {NULL, NULL};
1586 char *altSecurityIdentities_v[] = {NULL, NULL};
1587 char *name_v[] = {NULL, NULL};
1588 char *desc_v[] = {NULL, NULL};
1589 char *info_v[] = {NULL, NULL};
1590 char *groupTypeControl_v[] = {NULL, NULL};
1591 char groupTypeControlStr[80];
1592 char group_membership[1];
1595 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1599 char filter_exp[256];
1600 char *attr_array[3];
1605 if (!atoi(av[L_ACTIVE]))
1607 if (!check_string(av[L_NAME]))
1609 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1613 memset(group_ou, 0, sizeof(group_ou));
1614 memset(group_membership, 0, sizeof(group_membership));
1616 get_group_membership(group_membership, group_ou, &security_flag, av);
1619 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1620 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1621 groupTypeControl_v[0] = groupTypeControlStr;
1623 strcpy(new_group_name, av[L_NAME]);
1624 strcpy(cn_group_name, av[L_NAME]);
1625 sprintf(sam_group_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1627 samAccountName_v[0] = sam_group_name;
1628 name_v[0] = new_group_name;
1629 cn_v[0] = new_group_name;
1631 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1633 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1634 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1635 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1636 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1637 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1638 if (strlen(av[L_DESC]) != 0)
1640 desc_v[0] = av[L_DESC];
1641 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1643 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1644 if (strlen(av[L_ACE_NAME]) != 0)
1646 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1648 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1652 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1654 for (i = 0; i < n; i++)
1656 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1658 com_err(whoami, 0, "Unable to create list %s in AD : %s",
1659 av[L_NAME], ldap_err2string(rc));
1663 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1664 attr_array[0] = "objectSid";
1665 attr_array[1] = NULL;
1668 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1669 &group_base, &group_count)) == LDAP_SUCCESS)
1671 if (group_count == 1)
1673 (*sid_ptr) = group_base;
1674 (*sid_ptr)->member = strdup(av[L_NAME]);
1675 (*sid_ptr)->type = (char *)GROUPS;
1676 sid_ptr = &(*sid_ptr)->next;
1680 if (group_base != NULL)
1681 linklist_free(group_base);
1686 if (group_base != NULL)
1687 linklist_free(group_base);
1689 return(LDAP_SUCCESS);
1692 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name, char *group_membership)
1694 LK_ENTRY *group_base;
1695 char *attr_array[3];
1696 char filter_exp[1024];
1697 char sam_group_name[256];
1702 if (!check_string(group_name))
1704 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
1710 attr_array[0] = "distinguishedName";
1711 attr_array[1] = NULL;
1712 strcpy(sam_group_name, group_name);
1713 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1714 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1715 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1716 &group_base, &group_count) != 0)
1718 if (group_count == 1)
1720 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1722 linklist_free(group_base);
1723 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
1724 group_name, ldap_err2string(rc));
1727 linklist_free(group_base);
1731 linklist_free(group_base);
1732 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
1739 int process_lists(int ac, char **av, void *ptr)
1744 char group_membership[2];
1750 memset(group_ou, '\0', sizeof(group_ou));
1751 memset(group_membership, '\0', sizeof(group_membership));
1752 get_group_membership(group_membership, group_ou, &security_flag, av);
1753 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
1754 group_ou, group_membership, call_args[2], (char *)call_args[3]);
1757 com_err(whoami, 0, "Couldn't add %s to group %s", call_args[2], av[L_NAME]);
1762 int member_list_build(int ac, char **av, void *ptr)
1770 strcpy(temp, av[ACE_NAME]);
1771 if (!check_string(temp))
1773 if (!strcmp(av[ACE_TYPE], "USER"))
1775 if (!((int)call_args[3] & MOIRA_USERS))
1778 else if (!strcmp(av[ACE_TYPE], "STRING"))
1780 if (!((int)call_args[3] & MOIRA_STRINGS))
1782 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1785 else if (!strcmp(av[ACE_TYPE], "LIST"))
1787 if (!((int)call_args[3] & MOIRA_LISTS))
1790 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
1792 if (!((int)call_args[3] & MOIRA_KERBEROS))
1794 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1800 linklist = member_base;
1803 if (!strcasecmp(temp, linklist->member))
1805 linklist = linklist->next;
1807 linklist = calloc(1, sizeof(LK_ENTRY));
1809 linklist->dn = NULL;
1810 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1811 strcpy(linklist->list, call_args[2]);
1812 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1813 strcpy(linklist->type, av[ACE_TYPE]);
1814 linklist->member = calloc(1, strlen(temp) + 1);
1815 strcpy(linklist->member, temp);
1816 linklist->next = member_base;
1817 member_base = linklist;
1821 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1822 char *group_ou, char *group_membership, char *user_name,
1825 char distinguished_name[1024];
1827 char filter_exp[4096];
1828 char *attr_array[3];
1834 LK_ENTRY *group_base;
1837 if (!check_string(group_name))
1839 strcpy(temp, group_name);
1840 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1841 attr_array[0] = "distinguishedName";
1842 attr_array[1] = NULL;
1843 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1844 &group_base, &group_count)) != 0)
1846 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1847 group_name, ldap_err2string(rc));
1850 if (group_count != 1)
1852 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1854 linklist_free(group_base);
1859 strcpy(distinguished_name, group_base->value);
1860 linklist_free(group_base);
1864 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1865 modvalues[0] = temp;
1866 modvalues[1] = NULL;
1869 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1871 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1872 for (i = 0; i < n; i++)
1874 if (rc != LDAP_SUCCESS)
1876 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
1877 group_name, ldap_err2string(rc));
1885 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
1886 char *group_ou, char *group_membership, char *user_name, char *UserOu)
1888 char distinguished_name[1024];
1890 char filter_exp[4096];
1891 char *attr_array[3];
1897 LK_ENTRY *group_base;
1904 if (!check_string(group_name))
1907 strcpy(temp, group_name);
1908 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1909 attr_array[0] = "distinguishedName";
1910 attr_array[1] = NULL;
1911 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1912 &group_base, &group_count)) != 0)
1914 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1915 group_name, ldap_err2string(rc));
1918 if (group_count != 1)
1920 linklist_free(group_base);
1923 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1928 strcpy(distinguished_name, group_base->value);
1929 linklist_free(group_base);
1933 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1934 modvalues[0] = temp;
1935 modvalues[1] = NULL;
1938 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
1940 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1941 if (rc == LDAP_ALREADY_EXISTS)
1943 for (i = 0; i < n; i++)
1945 if (rc != LDAP_SUCCESS)
1947 com_err(whoami, 0, "LDAP server unable to modify list %s members in AD : %s",
1948 group_name, ldap_err2string(rc));
1954 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
1958 char cn_user_name[256];
1959 char contact_name[256];
1960 char *email_v[] = {NULL, NULL};
1961 char *cn_v[] = {NULL, NULL};
1962 char *contact_v[] = {NULL, NULL};
1963 char *objectClass_v[] = {"top", "person",
1964 "organizationalPerson",
1966 char *name_v[] = {NULL, NULL};
1967 char *desc_v[] = {NULL, NULL};
1972 if (!check_string(user))
1974 com_err(whoami, 0, "invalid LDAP name %s", user);
1977 strcpy(contact_name, user);
1978 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
1979 cn_v[0] = cn_user_name;
1980 contact_v[0] = contact_name;
1982 desc_v[0] = "Auto account created by Moira";
1985 strcpy(new_dn, cn_user_name);
1987 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
1988 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1989 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1990 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1991 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1992 if (!strcmp(group_ou, contact_ou))
1994 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
1998 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
1999 for (i = 0; i < n; i++)
2001 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2004 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2005 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2006 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2007 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2008 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2010 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2011 for (i = 0; i < n; i++)
2014 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2016 com_err(whoami, 0, "could not create contact %s : %s",
2017 user, ldap_err2string(rc));
2023 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2024 char *Uid, char *MitId)
2027 LK_ENTRY *group_base;
2029 char distinguished_name[256];
2030 char *uid_v[] = {NULL, NULL};
2031 char *mitid_v[] = {NULL, NULL};
2032 char *homedir_v[] = {NULL, NULL};
2033 char *winProfile_v[] = {NULL, NULL};
2034 char *drives_v[] = {NULL, NULL};
2038 char filter_exp[256];
2039 char *attr_array[3];
2043 char winProfile[256];
2045 if (!check_string(user_name))
2047 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2053 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2054 attr_array[0] = "cn";
2055 attr_array[1] = NULL;
2056 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2057 &group_base, &group_count)) != 0)
2059 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2060 user_name, ldap_err2string(rc));
2064 if (group_count != 1)
2066 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2068 linklist_free(group_base);
2069 return(LDAP_NO_SUCH_OBJECT);
2071 strcpy(distinguished_name, group_base->dn);
2073 linklist_free(group_base);
2076 if (strlen(Uid) != 0)
2079 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2080 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2082 if (strlen(MitId) != 0)
2085 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2087 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2089 memset(path, 0, sizeof(path));
2090 memset(winPath, 0, sizeof(winPath));
2091 sscanf(hp[0], "%*s %s", path);
2092 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2094 AfsToWinAfs(path, winPath);
2095 homedir_v[0] = winPath;
2096 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2097 strcpy(winProfile, winPath);
2098 strcat(winProfile, "\\.winprofile");
2099 winProfile_v[0] = winProfile;
2100 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2102 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2108 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2110 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2111 user_name, ldap_err2string(rc));
2113 for (i = 0; i < n; i++)
2129 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2130 char *user_name, char *Uid, char *MitId, int State)
2137 char *userPrincipalName_v[] = {NULL, NULL};
2138 char *altSecurityIdentities_v[] = {NULL, NULL};
2139 char *name_v[] = {NULL, NULL};
2140 char *samAccountName_v[] = {NULL, NULL};
2141 char *uid_v[] = {NULL, NULL};
2142 char *mitid_v[] = {NULL, NULL};
2147 if ((State != US_REGISTERED) && (State != US_NO_PASSWD) && (State != US_ENROLL_NOT_ALLOWED))
2150 if (!check_string(before_user_name))
2152 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2155 if (!check_string(user_name))
2157 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2161 strcpy(user_name, user_name);
2162 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2163 sprintf(new_dn, "cn=%s", user_name);
2164 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2165 NULL, NULL)) != LDAP_SUCCESS)
2167 if (rc != LDAP_NO_SUCH_OBJECT)
2168 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2169 before_user_name, user_name, ldap_err2string(rc));
2173 name_v[0] = user_name;
2174 sprintf(upn, "%s@%s", user_name, ldap_domain);
2175 userPrincipalName_v[0] = upn;
2176 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2177 altSecurityIdentities_v[0] = temp;
2178 samAccountName_v[0] = user_name;
2181 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2182 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2183 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2184 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2185 if (strlen(Uid) != 0)
2188 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2189 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2191 if (strlen(MitId) != 0)
2194 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2197 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2198 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2200 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2201 user_name, ldap_err2string(rc));
2203 for (i = 0; i < n; i++)
2208 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2209 char *fs_type, char *fs_pack, int operation)
2211 char distinguished_name[256];
2213 char winProfile[256];
2214 char filter_exp[256];
2215 char *attr_array[3];
2216 char *homedir_v[] = {NULL, NULL};
2217 char *winProfile_v[] = {NULL, NULL};
2218 char *drives_v[] = {NULL, NULL};
2224 LK_ENTRY *group_base;
2226 if (!check_string(fs_name))
2228 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2232 if (strcmp(fs_type, "AFS"))
2234 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2240 sprintf(filter_exp, "(sAMAccountName=%s)", fs_name);
2241 attr_array[0] = "cn";
2242 attr_array[1] = NULL;
2243 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2244 &group_base, &group_count)) != 0)
2246 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2247 fs_name, ldap_err2string(rc));
2251 if (group_count != 1)
2253 linklist_free(group_base);
2254 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2256 return(LDAP_NO_SUCH_OBJECT);
2258 strcpy(distinguished_name, group_base->dn);
2259 linklist_free(group_base);
2263 if (operation == LDAP_MOD_ADD)
2265 memset(winPath, 0, sizeof(winPath));
2266 AfsToWinAfs(fs_pack, winPath);
2267 homedir_v[0] = winPath;
2269 memset(winProfile, 0, sizeof(winProfile));
2270 strcpy(winProfile, winPath);
2271 strcat(winProfile, "\\.winprofile");
2272 winProfile_v[0] = winProfile;
2276 homedir_v[0] = NULL;
2278 winProfile_v[0] = NULL;
2280 ADD_ATTR("profilePath", winProfile_v, operation);
2281 ADD_ATTR("homeDrive", drives_v, operation);
2282 ADD_ATTR("homeDirectory", homedir_v, operation);
2285 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2286 if (rc != LDAP_SUCCESS)
2288 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2289 fs_name, ldap_err2string(rc));
2291 for (i = 0; i < n; i++)
2297 int user_create(int ac, char **av, void *ptr)
2299 LK_ENTRY *group_base;
2302 char user_name[256];
2305 char *cn_v[] = {NULL, NULL};
2306 char *objectClass_v[] = {"top", "person",
2307 "organizationalPerson",
2310 char *samAccountName_v[] = {NULL, NULL};
2311 char *altSecurityIdentities_v[] = {NULL, NULL};
2312 char *name_v[] = {NULL, NULL};
2313 char *desc_v[] = {NULL, NULL};
2314 char *userPrincipalName_v[] = {NULL, NULL};
2315 char *userAccountControl_v[] = {NULL, NULL};
2316 char *uid_v[] = {NULL, NULL};
2317 char *mitid_v[] = {NULL, NULL};
2318 char userAccountControlStr[80];
2320 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2325 char filter_exp[256];
2326 char *attr_array[3];
2331 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2332 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2337 if (!strncmp(av[U_NAME], "#", 1))
2342 if (!check_string(av[U_NAME]))
2345 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2349 strcpy(user_name, av[U_NAME]);
2350 sprintf(upn, "%s@%s", user_name, ldap_domain);
2351 sprintf(sam_name, "%s", av[U_NAME]);
2352 samAccountName_v[0] = sam_name;
2353 if (atoi(av[U_STATE]) == US_DELETED)
2354 userAccountControl |= UF_ACCOUNTDISABLE;
2355 sprintf(userAccountControlStr, "%ld", userAccountControl);
2356 userAccountControl_v[0] = userAccountControlStr;
2357 userPrincipalName_v[0] = upn;
2359 cn_v[0] = user_name;
2360 name_v[0] = user_name;
2361 desc_v[0] = "Auto account created by Moira";
2362 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2363 altSecurityIdentities_v[0] = temp;
2364 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2367 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2368 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2369 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2370 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2371 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2372 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2373 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2374 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2375 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2376 if (strlen(av[U_UID]) != 0)
2378 uid_v[0] = av[U_UID];
2379 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2380 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2382 if (strlen(av[U_MITID]) != 0)
2383 mitid_v[0] = av[U_MITID];
2385 mitid_v[0] = "none";
2386 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2389 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2390 for (i = 0; i < n; i++)
2392 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2394 com_err(whoami, 0, "could not create user %s : %s",
2395 user_name, ldap_err2string(rc));
2399 if (rc == LDAP_ALREADY_EXISTS)
2402 rc = user_change_status((LDAP *)call_args[0], call_args[1], av[U_NAME], MEMBER_ACTIVATE);
2405 if (rc == LDAP_SUCCESS)
2407 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2409 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2413 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2414 attr_array[0] = "objectSid";
2415 attr_array[1] = NULL;
2418 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2419 &group_base, &group_count)) == LDAP_SUCCESS)
2421 if (group_count == 1)
2423 (*sid_ptr) = group_base;
2424 (*sid_ptr)->member = strdup(av[L_NAME]);
2425 (*sid_ptr)->type = (char *)GROUPS;
2426 sid_ptr = &(*sid_ptr)->next;
2430 if (group_base != NULL)
2431 linklist_free(group_base);
2436 if (group_base != NULL)
2437 linklist_free(group_base);
2442 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation)
2444 char filter_exp[1024];
2445 char *attr_array[3];
2447 char distinguished_name[1024];
2450 LK_ENTRY *group_base;
2457 if (!check_string(user_name))
2459 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2465 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2466 attr_array[0] = "UserAccountControl";
2467 attr_array[1] = NULL;
2468 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2469 &group_base, &group_count)) != 0)
2471 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2472 user_name, ldap_err2string(rc));
2476 if (group_count != 1)
2478 linklist_free(group_base);
2479 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2481 return(LDAP_NO_SUCH_OBJECT);
2484 strcpy(distinguished_name, group_base->dn);
2485 ulongValue = atoi((*group_base).value);
2486 if (operation == MEMBER_DEACTIVATE)
2487 ulongValue |= UF_ACCOUNTDISABLE;
2489 ulongValue &= ~UF_ACCOUNTDISABLE;
2490 sprintf(temp, "%ld", ulongValue);
2491 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2492 temp, &modvalues, REPLACE)) == 1)
2494 linklist_free(group_base);
2498 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2500 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2501 for (i = 0; i < n; i++)
2503 free_values(modvalues);
2504 if (rc != LDAP_SUCCESS)
2506 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2507 user_name, ldap_err2string(rc));
2513 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2515 char filter_exp[1024];
2516 char *attr_array[3];
2517 char distinguished_name[1024];
2518 char user_name[512];
2519 LK_ENTRY *group_base;
2523 if (!check_string(u_name))
2525 strcpy(user_name, u_name);
2528 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2529 attr_array[0] = "name";
2530 attr_array[1] = NULL;
2531 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2532 &group_base, &group_count)) != 0)
2534 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2535 user_name, ldap_err2string(rc));
2539 if (group_count != 1)
2541 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2546 strcpy(distinguished_name, group_base->dn);
2547 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2549 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2550 user_name, ldap_err2string(rc));
2554 linklist_free(group_base);
2558 void linklist_free(LK_ENTRY *linklist_base)
2560 LK_ENTRY *linklist_previous;
2562 while (linklist_base != NULL)
2564 if (linklist_base->dn != NULL)
2565 free(linklist_base->dn);
2566 if (linklist_base->attribute != NULL)
2567 free(linklist_base->attribute);
2568 if (linklist_base->value != NULL)
2569 free(linklist_base->value);
2570 if (linklist_base->member != NULL)
2571 free(linklist_base->member);
2572 if (linklist_base->type != NULL)
2573 free(linklist_base->type);
2574 if (linklist_base->list != NULL)
2575 free(linklist_base->list);
2576 linklist_previous = linklist_base;
2577 linklist_base = linklist_previous->next;
2578 free(linklist_previous);
2582 void free_values(char **modvalues)
2587 if (modvalues != NULL)
2589 while (modvalues[i] != NULL)
2592 modvalues[i] = NULL;
2599 int sid_update(LDAP *ldap_handle, char *dn_path)
2603 unsigned char temp[126];
2610 memset(temp, 0, sizeof(temp));
2611 convert_b_to_a(temp, ptr->value, ptr->length);
2614 av[0] = ptr->member;
2616 if (ptr->type == (char *)GROUPS)
2619 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2621 else if (ptr->type == (char *)USERS)
2624 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2631 void convert_b_to_a(char *string, UCHAR *binary, int length)
2638 for (i = 0; i < length; i++)
2645 if (string[j] > '9')
2648 string[j] = tmp & 0x0f;
2650 if (string[j] > '9')
2657 static int illegalchars[] = {
2658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2659 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2660 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2661 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2662 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2664 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2665 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2668 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2669 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2670 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2676 int check_string(char *s)
2683 if (isupper(character))
2684 character = tolower(character);
2685 if (illegalchars[(unsigned) character])
2691 int mr_connect_cl(char *server, char *client, int version, int auth)
2697 status = mr_connect(server);
2700 com_err(whoami, status, "while connecting to Moira");
2704 status = mr_motd(&motd);
2708 com_err(whoami, status, "while checking server status");
2713 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2714 com_err(whoami, status, temp);
2719 status = mr_version(version);
2722 if (status == MR_UNKNOWN_PROC)
2725 status = MR_VERSION_HIGH;
2727 status = MR_SUCCESS;
2730 if (status == MR_VERSION_HIGH)
2732 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2733 com_err(whoami, 0, "Some operations may not work.");
2735 else if (status && status != MR_VERSION_LOW)
2737 com_err(whoami, status, "while setting query version number.");
2745 status = mr_auth(client);
2748 com_err(whoami, status, "while authenticating to Moira.");
2757 void AfsToWinAfs(char* path, char* winPath)
2761 strcpy(winPath, WINAFS);
2762 pathPtr = path + strlen(AFS);
2763 winPathPtr = winPath + strlen(WINAFS);
2767 if (*pathPtr == '/')
2770 *winPathPtr = *pathPtr;