2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
106 #include <lmaccess.h>
113 #include <moira_site.h>
114 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
216 #define MEMBER_REMOVE 2
217 #define MEMBER_CHANGE_NAME 3
218 #define MEMBER_ACTIVATE 4
219 #define MEMBER_DEACTIVATE 5
220 #define MEMBER_CREATE 6
222 #define MOIRA_ALL 0x0
223 #define MOIRA_USERS 0x1
224 #define MOIRA_KERBEROS 0x2
225 #define MOIRA_STRINGS 0x4
226 #define MOIRA_LISTS 0x8
228 #define CHECK_GROUPS 1
229 #define CLEANUP_GROUPS 2
231 #define AD_NO_GROUPS_FOUND -1
232 #define AD_WRONG_GROUP_DN_FOUND -2
233 #define AD_MULTIPLE_GROUPS_FOUND -3
234 #define AD_INVALID_NAME -4
235 #define AD_LDAP_FAILURE -5
236 #define AD_INVALID_FILESYS -6
237 #define AD_NO_ATTRIBUTE_FOUND -7
238 #define AD_NO_OU_FOUND -8
239 #define AD_NO_USER_FOUND -9
241 /* container arguments */
242 #define CONTAINER_NAME 0
243 #define CONTAINER_DESC 1
244 #define CONTAINER_LOCATION 2
245 #define CONTAINER_CONTACT 3
246 #define CONTAINER_TYPE 4
247 #define CONTAINER_ID 5
248 #define CONTAINER_ROWID 6
249 #define CONTAINER_GROUP_NAME 7
251 /*mcntmap arguments*/
252 #define OU_MACHINE_NAME 0
253 #define OU_CONTAINER_NAME 1
254 #define OU_MACHINE_ID 2
255 #define OU_CONTAINER_ID 3
256 #define OU_CONTAINER_GROUP 4
258 typedef struct lk_entry {
268 struct lk_entry *next;
271 #define STOP_FILE "/moira/winad/nowinad"
272 #define file_exists(file) (access((file), F_OK) == 0)
274 #define N_SD_BER_BYTES 5
275 #define LDAP_BERVAL struct berval
276 #define MAX_SERVER_NAMES 32
278 #define HIDDEN_GROUP "HiddenGroup.g"
279 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
280 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
281 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
283 #define ADD_ATTR(t, v, o) \
284 mods[n] = malloc(sizeof(LDAPMod)); \
285 mods[n]->mod_op = o; \
286 mods[n]->mod_type = t; \
287 mods[n++]->mod_values = v
289 #define DEL_ATTR(t, o) \
290 DelMods[i] = malloc(sizeof(LDAPMod)); \
291 DelMods[i]->mod_op = o; \
292 DelMods[i]->mod_type = t; \
293 DelMods[i++]->mod_values = NULL
295 #define DOMAIN_SUFFIX "MIT.EDU"
296 #define DOMAIN "DOMAIN: "
297 #define SERVER "SERVER: "
298 #define MSSFU "SFU: "
301 LK_ENTRY *member_base = NULL;
302 LK_ENTRY *sid_base = NULL;
303 LK_ENTRY **sid_ptr = NULL;
304 static char tbl_buf[1024];
305 char kerberos_ou[] = "OU=kerberos,OU=moira";
306 char contact_ou[] = "OU=strings,OU=moira";
307 char user_ou[] = "OU=users,OU=moira";
308 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
309 char group_ou_root[] = "OU=lists,OU=moira";
310 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
311 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
312 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
313 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
314 char orphans_other_ou[] = "OU=Other,OU=Orphans";
315 char security_template_ou[] = "OU=security_templates";
317 char ldap_domain[256];
318 char *ServerList[MAX_SERVER_NAMES];
319 int mr_connections = 0;
321 char default_server[256];
322 static char tbl_buf[1024];
325 extern int set_password(char *user, char *password, char *domain);
327 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
328 char *group_membership, char *MoiraId, char *attribute,
329 LK_ENTRY **linklist_base, int *linklist_count,
331 void AfsToWinAfs(char* path, char* winPath);
332 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
333 char *Win2kPassword, char *Win2kUser, char *default_server,
334 int connect_to_kdc, char **ServerList, int *IgnoreMasterSeverError);
335 void ad_kdc_disconnect();
336 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
337 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
338 void check_winad(void);
339 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
341 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
342 char *distinguishedName, int count, char **av);
343 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
344 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
345 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
346 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
347 char *distinguishedName, int count, char **av);
348 void container_get_dn(char *src, char *dest);
349 void container_get_name(char *src, char *dest);
350 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
351 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
352 int afterc, char **after);
353 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
354 int afterc, char **after);
356 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
357 char *fs_type, char *fs_pack, int operation);
358 int GetAceInfo(int ac, char **av, void *ptr);
359 int GetServerList(char *ldap_domain, char **MasterServe);
360 int get_group_membership(char *group_membership, char *group_ou,
361 int *security_flag, char **av);
362 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou);
363 int Moira_container_group_create(char **after);
364 int Moira_container_group_delete(char **before);
365 int Moira_groupname_create(char *GroupName, char *ContainerName,
366 char *ContainerRowID);
367 int Moira_container_group_update(char **before, char **after);
368 int Moira_process_machine_container_group(char *MachineName, char* groupName,
370 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
371 int Moira_getContainerGroup(int ac, char **av, void *ptr);
372 int Moira_getGroupName(char *origContainerName, char *GroupName,
374 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
375 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
376 int UpdateGroup, int *ProcessGroup);
377 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
378 char *group_name, char *group_ou, char *group_membership,
379 int group_security_flag, int type);
380 int process_lists(int ac, char **av, void *ptr);
381 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
382 int HiddenGroup, char *AceType, char *AceName);
383 int ProcessMachineName(int ac, char **av, void *ptr);
384 int user_create(int ac, char **av, void *ptr);
385 int user_change_status(LDAP *ldap_handle, char *dn_path,
386 char *user_name, char *MoiraId, int operation);
387 int user_delete(LDAP *ldap_handle, char *dn_path,
388 char *u_name, char *MoiraId);
389 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
391 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
392 char *uid, char *MitId, char *MoiraId, int State,
393 char *WinHomeDir, char *WinProfileDir);
394 void change_to_lower_case(char *ptr);
395 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
396 int group_create(int ac, char **av, void *ptr);
397 int group_delete(LDAP *ldap_handle, char *dn_path,
398 char *group_name, char *group_membership, char *MoiraId);
399 int group_rename(LDAP *ldap_handle, char *dn_path,
400 char *before_group_name, char *before_group_membership,
401 char *before_group_ou, int before_security_flag, char *before_desc,
402 char *after_group_name, char *after_group_membership,
403 char *after_group_ou, int after_security_flag, char *after_desc,
404 char *MoiraId, char *filter);
405 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
406 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
407 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
408 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
409 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
410 char *group_name, char *group_ou, char *group_membership,
411 int group_security_flag, int updateGroup);
412 int member_list_build(int ac, char **av, void *ptr);
413 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
414 char *group_ou, char *group_membership,
415 char *user_name, char *pUserOu, char *MoiraId);
416 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
417 char *group_ou, char *group_membership, char *user_name,
418 char *pUserOu, char *MoiraId);
419 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
420 char *group_ou, char *group_membership,
421 int group_security_flag, char *MoiraId);
422 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
423 char *WinHomeDir, char *WinProfileDir,
424 char **homedir_v, char **winProfile_v,
425 char **drives_v, LDAPMod **mods,
427 int sid_update(LDAP *ldap_handle, char *dn_path);
428 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
429 int check_string(char *s);
430 int check_container_name(char* s);
431 void convert_b_to_a(char *string, UCHAR *binary, int length);
432 int mr_connect_cl(char *server, char *client, int version, int auth);
434 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
435 char **before, int beforec, char **after, int afterc);
436 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
437 char **before, int beforec, char **after, int afterc);
438 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
439 char **before, int beforec, char **after, int afterc);
440 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
441 char **before, int beforec, char **after, int afterc);
442 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
443 char **before, int beforec, char **after, int afterc);
444 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
445 char **before, int beforec, char **after, int afterc);
446 int linklist_create_entry(char *attribute, char *value,
447 LK_ENTRY **linklist_entry);
448 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
449 char **attr_array, LK_ENTRY **linklist_base,
450 int *linklist_count, unsigned long ScopeType);
451 void linklist_free(LK_ENTRY *linklist_base);
453 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
454 char *distinguished_name, LK_ENTRY **linklist_current);
455 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
456 LK_ENTRY **linklist_base, int *linklist_count);
457 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
458 char *Attribute, char *distinguished_name,
459 LK_ENTRY **linklist_current);
461 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
462 char *oldValue, char *newValue,
463 char ***modvalues, int type);
464 void free_values(char **modvalues);
466 int convert_domain_to_dn(char *domain, char **bind_path);
467 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
468 char *distinguished_name);
469 int moira_disconnect(void);
470 int moira_connect(void);
471 void print_to_screen(const char *fmt, ...);
472 int GetMachineName(char *MachineName);
474 int main(int argc, char **argv)
484 int IgnoreServerListError;
493 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
497 com_err(whoami, 0, "%s", "argc < 4");
500 beforec = atoi(argv[2]);
501 afterc = atoi(argv[3]);
503 if (argc < (4 + beforec + afterc))
505 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
511 after = &argv[4 + beforec];
513 for (i = 1; i < argc; i++)
515 strcat(tbl_buf, argv[i]);
516 strcat(tbl_buf, " ");
518 com_err(whoami, 0, "%s", tbl_buf);
522 memset(ldap_domain, '\0', sizeof(ldap_domain));
523 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
524 memset(temp, '\0', sizeof(temp));
529 if ((fptr = fopen(WINADCFG, "r")) != NULL)
531 while (fgets(temp, sizeof(temp), fptr) != 0)
533 for (i = 0; i < (int)strlen(temp); i++)
534 temp[i] = toupper(temp[i]);
535 if (temp[strlen(temp) - 1] == '\n')
536 temp[strlen(temp) - 1] = '\0';
537 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
539 if (strlen(temp) > (strlen(DOMAIN)))
541 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
544 else if (!strncmp(temp, SERVER, strlen(SERVER)))
546 if (strlen(temp) > (strlen(SERVER)))
548 ServerList[Count] = calloc(1, 256);
549 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
553 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
555 if (strlen(temp) > (strlen(MSSFU)))
557 if (!strcmp(&temp[strlen(MSSFU)], SFUTYPE))
563 strcpy(ldap_domain, temp);
569 if (strlen(ldap_domain) == 0)
570 strcpy(ldap_domain, "win.mit.edu");
571 /* zero trailing newline, if there is one. */
572 if (ldap_domain[strlen(ldap_domain) - 1] == '\n')
573 ldap_domain[strlen(ldap_domain) - 1] = '\0';
575 initialize_sms_error_table();
576 initialize_krb_error_table();
578 IgnoreServerListError = 0;
579 if (ServerList[0] == NULL)
581 IgnoreServerListError = 1;
582 GetServerList(ldap_domain, ServerList);
584 for (i = 0; i < MAX_SERVER_NAMES; i++)
586 if (ServerList[i] != 0)
588 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
589 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
590 strcat(ServerList[i], ".");
591 strcat(ServerList[i], ldap_domain);
592 for (k = 0; k < (int)strlen(ServerList[i]); k++)
593 ServerList[i][k] = toupper(ServerList[i][k]);
597 memset(default_server, '\0', sizeof(default_server));
598 memset(dn_path, '\0', sizeof(dn_path));
599 for (i = 0; i < 5; i++)
601 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
602 default_server, 1, ServerList, &IgnoreServerListError)))
604 if (IgnoreServerListError < 0)
606 GetServerList(ldap_domain, ServerList);
607 for (j = 0; j < MAX_SERVER_NAMES; j++)
609 if (ServerList[j] != NULL)
611 if (ServerList[j][strlen(ServerList[j]) - 1] == '\n')
612 ServerList[j][strlen(ServerList[j]) - 1] = '\0';
613 strcat(ServerList[j], ".");
614 strcat(ServerList[j], ldap_domain);
615 for (k = 0; k < (int)strlen(ServerList[j]); k++)
616 ServerList[j][k] = toupper(ServerList[j][k]);
619 IgnoreServerListError = 1;
626 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
630 for (i = 0; i < (int)strlen(table); i++)
631 table[i] = tolower(table[i]);
632 if (!strcmp(table, "users"))
633 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
635 else if (!strcmp(table, "list"))
636 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
638 else if (!strcmp(table, "imembers"))
639 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
641 else if (!strcmp(table, "filesys"))
642 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
644 else if (!strcmp(table, "containers"))
645 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
647 else if (!strcmp(table, "mcntmap"))
648 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
650 if (OldUseSFU30 != UseSFU30)
652 GetServerList(ldap_domain, ServerList);
655 for (i = 0; i < MAX_SERVER_NAMES; i++)
657 if (ServerList[i] != NULL)
660 ServerList[i] = NULL;
663 rc = ldap_unbind_s(ldap_handle);
667 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
668 char **before, int beforec, char **after, int afterc)
670 char MoiraContainerName[128];
671 char ADContainerName[128];
672 char MachineName[1024];
673 char OriginalMachineName[1024];
676 char MoiraContainerGroup[64];
679 memset(ADContainerName, '\0', sizeof(ADContainerName));
680 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
682 if ((beforec == 0) && (afterc == 0))
685 if (rc = moira_connect())
687 critical_alert("AD incremental",
688 "Error contacting Moira server : %s",
693 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
695 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
696 strcpy(MachineName, before[OU_MACHINE_NAME]);
697 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
699 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
701 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
703 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
704 strcpy(MachineName, after[OU_MACHINE_NAME]);
705 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
706 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
714 rc = GetMachineName(MachineName);
715 if (strlen(MachineName) == 0)
718 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
721 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
723 if (machine_check(ldap_handle, dn_path, MachineName))
725 com_err(whoami, 0, "machine %s (alias %s) not found in AD.", OriginalMachineName, MachineName);
729 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
730 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
731 if (strlen(MoiraContainerName) == 0)
733 com_err(whoami, 0, "machine %s (alias %s) container not found in Moira - moving to orphans OU.",
734 OriginalMachineName, MachineName);
735 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
739 container_get_dn(MoiraContainerName, ADContainerName);
740 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
741 strcat(MoiraContainerName, "/");
742 container_check(ldap_handle, dn_path, MoiraContainerName);
743 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
748 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
749 char **before, int beforec, char **after, int afterc)
753 if ((beforec == 0) && (afterc == 0))
756 if (rc = moira_connect())
758 critical_alert("AD incremental", "Error contacting Moira server : %s",
763 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
765 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
766 container_delete(ldap_handle, dn_path, beforec, before);
767 Moira_container_group_delete(before);
771 if ((beforec == 0) && (afterc != 0)) /*create a container*/
773 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
774 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
775 container_create(ldap_handle, dn_path, afterc, after);
776 Moira_container_group_create(after);
781 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
783 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
784 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
785 Moira_container_group_update(before, after);
789 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
790 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
791 Moira_container_group_update(before, after);
796 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
797 char **before, int beforec, char **after, int afterc)
810 if (afterc < FS_CREATE)
814 atype = !strcmp(after[FS_TYPE], "AFS");
815 acreate = atoi(after[FS_CREATE]);
818 if (beforec < FS_CREATE)
820 if (acreate == 0 || atype == 0)
822 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
826 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
827 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
829 if (rc != LDAP_SUCCESS)
830 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
837 if (rc = moira_connect())
839 critical_alert("AD incremental",
840 "Error contacting Moira server : %s",
844 av[0] = after[FS_NAME];
845 call_args[0] = (char *)ldap_handle;
846 call_args[1] = dn_path;
852 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
856 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
862 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
865 if (sid_base != NULL)
867 sid_update(ldap_handle, dn_path);
868 linklist_free(sid_base);
876 btype = !strcmp(before[FS_TYPE], "AFS");
877 bcreate = atoi(before[FS_CREATE]);
878 if (afterc < FS_CREATE)
880 if (btype && bcreate)
882 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
883 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
885 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
894 if (!atype && !btype)
896 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
898 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
899 before[FS_NAME], after[FS_NAME]);
903 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
907 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
908 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
910 if (rc != LDAP_SUCCESS)
911 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
918 if (rc = moira_connect())
920 critical_alert("AD incremental",
921 "Error contacting Moira server : %s",
925 av[0] = after[FS_NAME];
926 call_args[0] = (char *)ldap_handle;
927 call_args[1] = dn_path;
933 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
937 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
943 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
946 if (sid_base != NULL)
948 sid_update(ldap_handle, dn_path);
949 linklist_free(sid_base);
959 #define L_LIST_DESC 9
962 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
963 char **before, int beforec, char **after, int afterc)
968 char group_membership[6];
973 char before_list_id[32];
974 char before_group_membership[1];
975 int before_security_flag;
976 char before_group_ou[256];
977 LK_ENTRY *ptr = NULL;
979 if (beforec == 0 && afterc == 0)
982 memset(list_id, '\0', sizeof(list_id));
983 memset(before_list_id, '\0', sizeof(before_list_id));
984 memset(before_group_ou, '\0', sizeof(before_group_ou));
985 memset(before_group_membership, '\0', sizeof(before_group_membership));
986 memset(group_ou, '\0', sizeof(group_ou));
987 memset(group_membership, '\0', sizeof(group_membership));
992 if (beforec < L_LIST_ID)
994 if (beforec > L_LIST_DESC)
996 strcpy(before_list_id, before[L_LIST_ID]);
998 before_security_flag = 0;
999 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
1003 if (afterc < L_LIST_ID)
1005 if (afterc > L_LIST_DESC)
1007 strcpy(list_id, before[L_LIST_ID]);
1010 get_group_membership(group_membership, group_ou, &security_flag, after);
1013 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1020 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1021 before_group_ou, before_group_membership,
1022 before_security_flag, CHECK_GROUPS)))
1024 if (rc == AD_NO_GROUPS_FOUND)
1028 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1030 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
1031 before_group_ou, before_group_membership,
1032 before_security_flag, CLEANUP_GROUPS);
1034 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1036 com_err(whoami, 0, "Could not change list name from %s to %s",
1037 before[L_NAME], after[L_NAME]);
1040 if (rc == AD_NO_GROUPS_FOUND)
1046 if ((beforec != 0) && (afterc != 0))
1048 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1049 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1050 (strcmp(before_group_ou, group_ou)))) &&
1053 com_err(whoami, 0, "Changing list name from %s to %s",
1054 before[L_NAME], after[L_NAME]);
1055 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
1056 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1058 com_err(whoami, 0, "%s", "couldn't find the group OU's");
1061 memset(filter, '\0', sizeof(filter));
1062 if ((rc = group_rename(ldap_handle, dn_path,
1063 before[L_NAME], before_group_membership,
1064 before_group_ou, before_security_flag, before[L_LIST_DESC],
1065 after[L_NAME], group_membership,
1066 group_ou, security_flag, after[L_LIST_DESC],
1069 if (rc != AD_NO_GROUPS_FOUND)
1071 com_err(whoami, 0, "Could not change list name from %s to %s",
1072 before[L_NAME], after[L_NAME]);
1085 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
1087 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1099 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1100 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1101 group_ou, group_membership,
1102 security_flag, CHECK_GROUPS))
1104 if (rc != AD_NO_GROUPS_FOUND)
1106 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
1108 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1109 group_ou, group_membership,
1110 security_flag, CLEANUP_GROUPS);
1114 com_err(whoami, 0, "Could not create list %s", after[L_NAME]);
1121 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1123 if (rc = moira_connect())
1125 critical_alert("AD incremental",
1126 "Error contacting Moira server : %s",
1132 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
1139 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1140 group_ou, group_membership, security_flag, updateGroup))
1145 if (atoi(after[L_ACTIVE]))
1147 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1148 group_membership, security_flag, list_id);
1155 #define LM_EXTRA_ACTIVE (LM_END)
1156 #define LM_EXTRA_PUBLIC (LM_END+1)
1157 #define LM_EXTRA_HIDDEN (LM_END+2)
1158 #define LM_EXTRA_MAILLIST (LM_END+3)
1159 #define LM_EXTRA_GROUP (LM_END+4)
1160 #define LM_EXTRA_GID (LM_END+5)
1161 #define LMN_LIST_ID (LM_END+6)
1162 #define LM_LIST_ID (LM_END+7)
1163 #define LM_USER_ID (LM_END+8)
1164 #define LM_EXTRA_END (LM_END+9)
1166 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1167 char **before, int beforec, char **after, int afterc)
1169 char group_name[128];
1170 char user_name[128];
1171 char user_type[128];
1172 char moira_list_id[32];
1173 char moira_user_id[32];
1174 char group_membership[1];
1176 char machine_ou[256];
1188 memset(moira_list_id, '\0', sizeof(moira_list_id));
1189 memset(moira_user_id, '\0', sizeof(moira_user_id));
1192 if (afterc < LM_EXTRA_GID)
1194 if (!atoi(after[LM_EXTRA_ACTIVE]))
1197 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1199 strcpy(user_name, after[LM_MEMBER]);
1200 strcpy(group_name, after[LM_LIST]);
1201 strcpy(user_type, after[LM_TYPE]);
1202 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1204 if (afterc > LM_EXTRA_GROUP)
1206 strcpy(moira_list_id, after[LMN_LIST_ID]);
1207 strcpy(moira_user_id, after[LM_LIST_ID]);
1210 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1212 if (afterc > LMN_LIST_ID)
1214 strcpy(moira_list_id, after[LM_LIST_ID]);
1215 strcpy(moira_user_id, after[LM_USER_ID]);
1220 if (afterc > LM_EXTRA_GID)
1221 strcpy(moira_list_id, after[LMN_LIST_ID]);
1226 if (beforec < LM_EXTRA_GID)
1228 if (!atoi(before[LM_EXTRA_ACTIVE]))
1231 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, before[LM_MEMBER]);
1234 strcpy(group_name, before[LM_LIST]);
1235 strcpy(user_type, before[LM_TYPE]);
1236 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1238 if (beforec > LM_EXTRA_GROUP)
1240 strcpy(moira_list_id, before[LMN_LIST_ID]);
1241 strcpy(moira_user_id, before[LM_LIST_ID]);
1244 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1246 if (beforec > LMN_LIST_ID)
1248 strcpy(moira_list_id, before[LM_LIST_ID]);
1249 strcpy(moira_user_id, before[LM_USER_ID]);
1254 if (beforec > LM_EXTRA_GID)
1255 strcpy(moira_list_id, before[LMN_LIST_ID]);
1262 args[L_NAME] = ptr[LM_LIST];
1263 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1264 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1265 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1266 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1267 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1268 args[L_GID] = ptr[LM_EXTRA_GID];
1271 memset(group_ou, '\0', sizeof(group_ou));
1272 get_group_membership(group_membership, group_ou, &security_flag, args);
1273 if (strlen(group_ou) == 0)
1275 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
1278 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1280 if (rc != AD_NO_GROUPS_FOUND)
1282 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1284 if (rc != AD_NO_GROUPS_FOUND)
1287 com_err(whoami, 0, "Couldn't add %s to group %s - unable to process group", user_name, group_name);
1289 com_err(whoami, 0, "Couldn't remove %s from group %s - unable to process group", user_name, group_name);
1295 if (rc == AD_NO_GROUPS_FOUND)
1297 if (rc = moira_connect())
1299 critical_alert("AD incremental",
1300 "Error contacting Moira server : %s",
1305 com_err(whoami, 0, "creating group %s", group_name);
1307 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1311 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1314 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1315 group_ou, group_membership, security_flag, 0))
1320 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1322 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1323 group_membership, security_flag, moira_list_id);
1330 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1332 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1334 memset(machine_ou, '\0', sizeof(machine_ou));
1335 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1337 pUserOu = machine_ou;
1339 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1341 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1343 pUserOu = contact_ou;
1345 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1347 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1349 pUserOu = kerberos_ou;
1351 if (rc = member_remove(ldap_handle, dn_path, group_name,
1352 group_ou, group_membership, ptr[LM_MEMBER],
1353 pUserOu, moira_list_id))
1354 com_err(whoami, 0, "couldn't remove %s from group %s", user_name, group_name);
1358 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1361 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1363 memset(machine_ou, '\0', sizeof(machine_ou));
1364 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou))
1366 pUserOu = machine_ou;
1368 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1370 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1372 pUserOu = contact_ou;
1374 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1376 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1378 pUserOu = kerberos_ou;
1380 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1382 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1383 moira_user_id)) == AD_NO_USER_FOUND)
1385 if (rc = moira_connect())
1387 critical_alert("AD incremental",
1388 "Error connection to Moira : %s",
1392 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1393 av[0] = ptr[LM_MEMBER];
1394 call_args[0] = (char *)ldap_handle;
1395 call_args[1] = dn_path;
1396 call_args[2] = moira_user_id;
1397 call_args[3] = NULL;
1399 sid_ptr = &sid_base;
1401 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1405 com_err(whoami, 0, "couldn't create user %s : %s",
1406 ptr[LM_MEMBER], error_message(rc));
1412 com_err(whoami, 0, "couldn't create user %s", ptr[LM_MEMBER]);
1416 if (sid_base != NULL)
1418 sid_update(ldap_handle, dn_path);
1419 linklist_free(sid_base);
1430 if (rc = member_add(ldap_handle, dn_path, group_name,
1431 group_ou, group_membership, ptr[LM_MEMBER],
1432 pUserOu, moira_list_id))
1434 com_err(whoami, 0, "couldn't add %s to group %s", user_name, group_name);
1440 #define U_USER_ID 10
1441 #define U_HOMEDIR 11
1442 #define U_PROFILEDIR 12
1444 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1445 char **before, int beforec, char **after,
1450 char after_user_id[32];
1451 char before_user_id[32];
1454 if ((beforec == 0) && (afterc == 0))
1457 memset(after_user_id, '\0', sizeof(after_user_id));
1458 memset(before_user_id, '\0', sizeof(before_user_id));
1459 if (beforec > U_USER_ID)
1460 strcpy(before_user_id, before[U_USER_ID]);
1461 if (afterc > U_USER_ID)
1462 strcpy(after_user_id, after[U_USER_ID]);
1464 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1467 if ((beforec == 0) && (afterc != 0)) /*this case only happens when the account*/
1468 return; /*account is first created but not usable*/
1470 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1472 if (atoi(before[U_STATE]) == 0)
1474 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1475 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1480 /*process anything that gets here*/
1481 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1482 before_user_id)) == AD_NO_USER_FOUND)
1484 if (!check_string(after[U_NAME]))
1486 if (rc = moira_connect())
1488 critical_alert("AD incremental",
1489 "Error connection to Moira : %s",
1493 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1495 av[0] = after[U_NAME];
1496 call_args[0] = (char *)ldap_handle;
1497 call_args[1] = dn_path;
1498 call_args[2] = after_user_id;
1499 call_args[3] = NULL;
1501 sid_ptr = &sid_base;
1503 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1507 com_err(whoami, 0, "couldn't create user %s : %s",
1508 after[U_NAME], error_message(rc));
1514 com_err(whoami, 0, "couldn't create user %s", after[U_NAME]);
1518 if (sid_base != NULL)
1520 sid_update(ldap_handle, dn_path);
1521 linklist_free(sid_base);
1530 if (strcmp(before[U_NAME], after[U_NAME]))
1532 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1534 com_err(whoami, 0, "changing user %s to %s",
1535 before[U_NAME], after[U_NAME]);
1536 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1537 after[U_NAME])) != LDAP_SUCCESS)
1543 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1544 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1545 after[U_UID], after[U_MITID],
1546 after_user_id, atoi(after[U_STATE]),
1547 after[U_HOMEDIR], after[U_PROFILEDIR]);
1551 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1552 char *oldValue, char *newValue,
1553 char ***modvalues, int type)
1555 LK_ENTRY *linklist_ptr;
1559 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1564 for (i = 0; i < (modvalue_count + 1); i++)
1565 (*modvalues)[i] = NULL;
1566 if (modvalue_count != 0)
1568 linklist_ptr = linklist_base;
1569 for (i = 0; i < modvalue_count; i++)
1571 if ((oldValue != NULL) && (newValue != NULL))
1573 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1576 if (type == REPLACE)
1578 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1581 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1582 strcpy((*modvalues)[i], newValue);
1586 if (((*modvalues)[i] = calloc(1,
1587 (int)(cPtr - linklist_ptr->value) +
1588 (linklist_ptr->length - strlen(oldValue)) +
1589 strlen(newValue) + 1)) == NULL)
1591 memset((*modvalues)[i], '\0',
1592 (int)(cPtr - linklist_ptr->value) +
1593 (linklist_ptr->length - strlen(oldValue)) +
1594 strlen(newValue) + 1);
1595 memcpy((*modvalues)[i], linklist_ptr->value,
1596 (int)(cPtr - linklist_ptr->value));
1597 strcat((*modvalues)[i], newValue);
1598 strcat((*modvalues)[i],
1599 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1604 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1605 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1606 memcpy((*modvalues)[i], linklist_ptr->value,
1607 linklist_ptr->length);
1612 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1613 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1614 memcpy((*modvalues)[i], linklist_ptr->value,
1615 linklist_ptr->length);
1617 linklist_ptr = linklist_ptr->next;
1619 (*modvalues)[i] = NULL;
1625 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1626 char **attr_array, LK_ENTRY **linklist_base,
1627 int *linklist_count, unsigned long ScopeType)
1630 LDAPMessage *ldap_entry;
1634 (*linklist_base) = NULL;
1635 (*linklist_count) = 0;
1636 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1637 search_exp, attr_array, 0, &ldap_entry))
1640 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1644 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1646 ldap_msgfree(ldap_entry);
1651 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1652 LK_ENTRY **linklist_base, int *linklist_count)
1654 char distinguished_name[1024];
1655 LK_ENTRY *linklist_ptr;
1658 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1661 memset(distinguished_name, '\0', sizeof(distinguished_name));
1662 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1664 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1665 linklist_base)) != 0)
1668 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1670 memset(distinguished_name, '\0', sizeof(distinguished_name));
1671 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1673 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1674 linklist_base)) != 0)
1678 linklist_ptr = (*linklist_base);
1679 (*linklist_count) = 0;
1680 while (linklist_ptr != NULL)
1682 ++(*linklist_count);
1683 linklist_ptr = linklist_ptr->next;
1688 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1689 char *distinguished_name, LK_ENTRY **linklist_current)
1695 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1697 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1699 ldap_memfree(Attribute);
1700 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1703 retrieve_values(ldap_handle, ldap_entry, Attribute,
1704 distinguished_name, linklist_current);
1705 ldap_memfree(Attribute);
1708 ldap_ber_free(ptr, 0);
1712 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1713 char *Attribute, char *distinguished_name,
1714 LK_ENTRY **linklist_current)
1720 LK_ENTRY *linklist_previous;
1721 LDAP_BERVAL **ber_value;
1729 SID_IDENTIFIER_AUTHORITY *sid_auth;
1730 unsigned char *subauth_count;
1731 #endif /*LDAP_BEGUG*/
1734 memset(temp, '\0', sizeof(temp));
1735 if ((!strcmp(Attribute, "objectSid")) ||
1736 (!strcmp(Attribute, "objectGUID")))
1741 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1742 Ptr = (void **)ber_value;
1747 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1748 Ptr = (void **)str_value;
1755 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1757 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1758 linklist_previous->next = (*linklist_current);
1759 (*linklist_current) = linklist_previous;
1761 if (((*linklist_current)->attribute = calloc(1,
1762 strlen(Attribute) + 1)) == NULL)
1764 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1765 strcpy((*linklist_current)->attribute, Attribute);
1768 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1769 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1771 memset((*linklist_current)->value, '\0', ber_length);
1772 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1774 (*linklist_current)->length = ber_length;
1778 if (((*linklist_current)->value = calloc(1,
1779 strlen(*Ptr) + 1)) == NULL)
1781 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1782 (*linklist_current)->length = strlen(*Ptr);
1783 strcpy((*linklist_current)->value, *Ptr);
1785 (*linklist_current)->ber_value = use_bervalue;
1786 if (((*linklist_current)->dn = calloc(1,
1787 strlen(distinguished_name) + 1)) == NULL)
1789 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1790 strcpy((*linklist_current)->dn, distinguished_name);
1793 if (!strcmp(Attribute, "objectGUID"))
1795 guid = (GUID *)((*linklist_current)->value);
1796 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1797 guid->Data1, guid->Data2, guid->Data3,
1798 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1799 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1800 guid->Data4[6], guid->Data4[7]);
1801 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1803 else if (!strcmp(Attribute, "objectSid"))
1805 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1807 print_to_screen(" Revision = %d\n", sid->Revision);
1808 print_to_screen(" SID Identifier Authority:\n");
1809 sid_auth = &sid->IdentifierAuthority;
1810 if (sid_auth->Value[0])
1811 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1812 else if (sid_auth->Value[1])
1813 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1814 else if (sid_auth->Value[2])
1815 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1816 else if (sid_auth->Value[3])
1817 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1818 else if (sid_auth->Value[5])
1819 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1821 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1822 subauth_count = GetSidSubAuthorityCount(sid);
1823 print_to_screen(" SidSubAuthorityCount = %d\n",
1825 print_to_screen(" SidSubAuthority:\n");
1826 for (i = 0; i < *subauth_count; i++)
1828 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1829 print_to_screen(" %u\n", *subauth);
1833 else if ((!memcmp(Attribute, "userAccountControl",
1834 strlen("userAccountControl"))) ||
1835 (!memcmp(Attribute, "sAMAccountType",
1836 strlen("sAmAccountType"))))
1838 intValue = atoi(*Ptr);
1839 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1840 if (!memcmp(Attribute, "userAccountControl",
1841 strlen("userAccountControl")))
1843 if (intValue & UF_ACCOUNTDISABLE)
1844 print_to_screen(" %20s : %s\n",
1845 "", "Account disabled");
1847 print_to_screen(" %20s : %s\n",
1848 "", "Account active");
1849 if (intValue & UF_HOMEDIR_REQUIRED)
1850 print_to_screen(" %20s : %s\n",
1851 "", "Home directory required");
1852 if (intValue & UF_LOCKOUT)
1853 print_to_screen(" %20s : %s\n",
1854 "", "Account locked out");
1855 if (intValue & UF_PASSWD_NOTREQD)
1856 print_to_screen(" %20s : %s\n",
1857 "", "No password required");
1858 if (intValue & UF_PASSWD_CANT_CHANGE)
1859 print_to_screen(" %20s : %s\n",
1860 "", "Cannot change password");
1861 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1862 print_to_screen(" %20s : %s\n",
1863 "", "Temp duplicate account");
1864 if (intValue & UF_NORMAL_ACCOUNT)
1865 print_to_screen(" %20s : %s\n",
1866 "", "Normal account");
1867 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1868 print_to_screen(" %20s : %s\n",
1869 "", "Interdomain trust account");
1870 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1871 print_to_screen(" %20s : %s\n",
1872 "", "Workstation trust account");
1873 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1874 print_to_screen(" %20s : %s\n",
1875 "", "Server trust account");
1880 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1882 #endif /*LDAP_DEBUG*/
1884 if (str_value != NULL)
1885 ldap_value_free(str_value);
1886 if (ber_value != NULL)
1887 ldap_value_free_len(ber_value);
1889 (*linklist_current) = linklist_previous;
1893 int moira_connect(void)
1898 if (!mr_connections++)
1901 memset(HostName, '\0', sizeof(HostName));
1902 strcpy(HostName, "ttsp");
1903 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1905 rc = mr_connect(HostName);
1910 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1912 rc = mr_connect(uts.nodename);
1917 rc = mr_auth("winad.incr");
1924 void check_winad(void)
1928 for (i = 0; file_exists(STOP_FILE); i++)
1932 critical_alert("AD incremental",
1933 "WINAD incremental failed (%s exists): %s",
1934 STOP_FILE, tbl_buf);
1941 int moira_disconnect(void)
1944 if (!--mr_connections)
1951 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1952 char *distinguished_name)
1956 CName = ldap_get_dn(ldap_handle, ldap_entry);
1959 strcpy(distinguished_name, CName);
1960 ldap_memfree(CName);
1963 int linklist_create_entry(char *attribute, char *value,
1964 LK_ENTRY **linklist_entry)
1966 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1967 if (!(*linklist_entry))
1971 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1972 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1973 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1974 strcpy((*linklist_entry)->attribute, attribute);
1975 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1976 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1977 strcpy((*linklist_entry)->value, value);
1978 (*linklist_entry)->length = strlen(value);
1979 (*linklist_entry)->next = NULL;
1983 void print_to_screen(const char *fmt, ...)
1987 va_start(pvar, fmt);
1988 vfprintf(stderr, fmt, pvar);
1993 int get_group_membership(char *group_membership, char *group_ou,
1994 int *security_flag, char **av)
1999 maillist_flag = atoi(av[L_MAILLIST]);
2000 group_flag = atoi(av[L_GROUP]);
2001 if (security_flag != NULL)
2002 (*security_flag) = 0;
2004 if ((maillist_flag) && (group_flag))
2006 if (group_membership != NULL)
2007 group_membership[0] = 'B';
2008 if (security_flag != NULL)
2009 (*security_flag) = 1;
2010 if (group_ou != NULL)
2011 strcpy(group_ou, group_ou_both);
2013 else if ((!maillist_flag) && (group_flag))
2015 if (group_membership != NULL)
2016 group_membership[0] = 'S';
2017 if (security_flag != NULL)
2018 (*security_flag) = 1;
2019 if (group_ou != NULL)
2020 strcpy(group_ou, group_ou_security);
2022 else if ((maillist_flag) && (!group_flag))
2024 if (group_membership != NULL)
2025 group_membership[0] = 'D';
2026 if (group_ou != NULL)
2027 strcpy(group_ou, group_ou_distribution);
2031 if (group_membership != NULL)
2032 group_membership[0] = 'N';
2033 if (group_ou != NULL)
2034 strcpy(group_ou, group_ou_neither);
2039 int group_rename(LDAP *ldap_handle, char *dn_path,
2040 char *before_group_name, char *before_group_membership,
2041 char *before_group_ou, int before_security_flag, char *before_desc,
2042 char *after_group_name, char *after_group_membership,
2043 char *after_group_ou, int after_security_flag, char *after_desc,
2044 char *MoiraId, char *filter)
2049 char new_dn_path[512];
2051 char *attr_array[3];
2052 char *mitMoiraId_v[] = {NULL, NULL};
2053 char *name_v[] = {NULL, NULL};
2054 char *desc_v[] = {NULL, NULL};
2055 char *samAccountName_v[] = {NULL, NULL};
2056 char *groupTypeControl_v[] = {NULL, NULL};
2057 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2058 char groupTypeControlStr[80];
2062 LK_ENTRY *group_base;
2065 if (!check_string(before_group_name))
2067 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
2068 return(AD_INVALID_NAME);
2070 if (!check_string(after_group_name))
2072 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
2073 return(AD_INVALID_NAME);
2078 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2079 before_group_membership,
2080 MoiraId, "distinguishedName", &group_base,
2081 &group_count, filter))
2084 if (group_count == 0)
2086 return(AD_NO_GROUPS_FOUND);
2088 if (group_count != 1)
2091 "multiple groups with MoiraId = %s exist in the AD",
2093 return(AD_MULTIPLE_GROUPS_FOUND);
2095 strcpy(old_dn, group_base->value);
2097 linklist_free(group_base);
2100 attr_array[0] = "sAMAccountName";
2101 attr_array[1] = NULL;
2102 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2103 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2105 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
2106 after_group_name, ldap_err2string(rc));
2109 if (group_count != 1)
2112 "Unable to get sAMAccountName for group %s",
2114 return(AD_LDAP_FAILURE);
2117 strcpy(sam_name, group_base->value);
2118 linklist_free(group_base);
2122 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2123 sprintf(new_dn, "cn=%s", after_group_name);
2124 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2125 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2127 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
2128 before_group_name, after_group_name, ldap_err2string(rc));
2132 name_v[0] = after_group_name;
2133 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
2135 sprintf(sam_name, "%s_group", after_group_name);
2139 com_err(whoami, 0, "Couldn't rename list from %s to %s : sAMAccountName not found",
2140 before_group_name, after_group_name);
2143 samAccountName_v[0] = sam_name;
2144 if (after_security_flag)
2145 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2146 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2147 groupTypeControl_v[0] = groupTypeControlStr;
2149 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2150 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2151 desc_v[0] = after_desc;
2152 if (strlen(after_desc) == 0)
2154 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2155 mitMoiraId_v[0] = MoiraId;
2156 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2157 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2159 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2160 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2162 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
2163 after_group_name, ldap_err2string(rc));
2165 for (i = 0; i < n; i++)
2170 int group_create(int ac, char **av, void *ptr)
2173 LK_ENTRY *group_base;
2176 char new_group_name[256];
2177 char sam_group_name[256];
2178 char cn_group_name[256];
2179 char *cn_v[] = {NULL, NULL};
2180 char *objectClass_v[] = {"top", "group", NULL};
2182 char *samAccountName_v[] = {NULL, NULL};
2183 char *altSecurityIdentities_v[] = {NULL, NULL};
2184 char *member_v[] = {NULL, NULL};
2185 char *name_v[] = {NULL, NULL};
2186 char *desc_v[] = {NULL, NULL};
2187 char *info_v[] = {NULL, NULL};
2188 char *mitMoiraId_v[] = {NULL, NULL};
2189 char *groupTypeControl_v[] = {NULL, NULL};
2190 char groupTypeControlStr[80];
2191 char group_membership[1];
2194 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2200 char *attr_array[3];
2205 if (!check_string(av[L_NAME]))
2207 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
2208 return(AD_INVALID_NAME);
2211 updateGroup = (int)call_args[4];
2212 memset(group_ou, 0, sizeof(group_ou));
2213 memset(group_membership, 0, sizeof(group_membership));
2215 get_group_membership(group_membership, group_ou, &security_flag, av);
2216 strcpy(new_group_name, av[L_NAME]);
2217 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2219 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2221 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2226 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2227 groupTypeControl_v[0] = groupTypeControlStr;
2229 strcpy(cn_group_name, av[L_NAME]);
2231 samAccountName_v[0] = sam_group_name;
2232 name_v[0] = new_group_name;
2233 cn_v[0] = new_group_name;
2236 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2237 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2238 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2239 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2240 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2241 if (strlen(av[L_DESC]) != 0)
2243 desc_v[0] = av[L_DESC];
2244 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2246 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2247 if (strlen(av[L_ACE_NAME]) != 0)
2249 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2251 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2253 if (strlen(call_args[5]) != 0)
2255 mitMoiraId_v[0] = call_args[5];
2256 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2260 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2262 for (i = 0; i < n; i++)
2264 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2266 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2267 av[L_NAME], ldap_err2string(rc));
2272 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2276 if (strlen(av[L_DESC]) != 0)
2277 desc_v[0] = av[L_DESC];
2278 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
2280 if (strlen(av[L_ACE_NAME]) != 0)
2282 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2285 ADD_ATTR("info", info_v, LDAP_MOD_REPLACE);
2286 if (strlen(call_args[5]) != 0)
2288 mitMoiraId_v[0] = call_args[5];
2289 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2291 if (!(atoi(av[L_ACTIVE])))
2294 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2297 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2298 for (i = 0; i < n; i++)
2300 if (rc != LDAP_SUCCESS)
2302 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2303 av[L_NAME], ldap_err2string(rc));
2309 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2310 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2312 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2313 if (strlen(call_args[5]) != 0)
2314 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", call_args[5]);
2315 attr_array[0] = "objectSid";
2316 attr_array[1] = NULL;
2319 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
2320 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
2322 if (group_count != 1)
2324 if (strlen(call_args[5]) != 0)
2326 linklist_free(group_base);
2329 sprintf(filter, "(sAMAccountName=%s)", sam_group_name);
2330 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
2331 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
2334 if (group_count == 1)
2336 (*sid_ptr) = group_base;
2337 (*sid_ptr)->member = strdup(av[L_NAME]);
2338 (*sid_ptr)->type = (char *)GROUPS;
2339 sid_ptr = &(*sid_ptr)->next;
2343 if (group_base != NULL)
2344 linklist_free(group_base);
2349 if (group_base != NULL)
2350 linklist_free(group_base);
2352 return(LDAP_SUCCESS);
2355 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2356 int HiddenGroup, char *AceType, char *AceName)
2358 char filter_exp[1024];
2359 char *attr_array[5];
2360 char search_path[512];
2362 char TemplateDn[512];
2363 char TemplateSamName[128];
2365 char TargetSamName[128];
2366 char AceSamAccountName[128];
2368 unsigned char AceSid[128];
2369 unsigned char UserTemplateSid[128];
2370 char acBERBuf[N_SD_BER_BYTES];
2371 char GroupSecurityTemplate[256];
2373 int UserTemplateSidCount;
2380 int array_count = 0;
2382 LK_ENTRY *group_base;
2383 LDAP_BERVAL **ppsValues;
2384 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2385 { N_SD_BER_BYTES, acBERBuf },
2388 LDAPControl *apsServerControls[] = {&sControl, NULL};
2391 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2392 BEREncodeSecurityBits(dwInfo, acBERBuf);
2394 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2395 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2396 attr_array[0] = "sAMAccountName";
2397 attr_array[1] = NULL;
2400 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2401 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2403 if (group_count != 1)
2405 linklist_free(group_base);
2408 strcpy(TargetDn, group_base->dn);
2409 strcpy(TargetSamName, group_base->value);
2410 linklist_free(group_base);
2414 UserTemplateSidCount = 0;
2415 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2416 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2417 memset(AceSid, '\0', sizeof(AceSid));
2421 if (strlen(AceName) != 0)
2423 if (!strcmp(AceType, "LIST"))
2425 sprintf(AceSamAccountName, "%s_group", AceName);
2426 strcpy(root_ou, group_ou_root);
2428 else if (!strcmp(AceType, "USER"))
2430 sprintf(AceSamAccountName, "%s", AceName);
2431 strcpy(root_ou, user_ou);
2433 if (strlen(AceSamAccountName) != 0)
2435 sprintf(search_path, "%s", dn_path);
2436 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2437 attr_array[0] = "objectSid";
2438 attr_array[1] = NULL;
2441 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2442 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2444 if (group_count == 1)
2446 strcpy(AceDn, group_base->dn);
2447 AceSidCount = group_base->length;
2448 memcpy(AceSid, group_base->value, AceSidCount);
2450 linklist_free(group_base);
2455 if (AceSidCount == 0)
2457 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2458 com_err(whoami, 0, " Non-admin security group template will be used.");
2462 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2463 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2464 attr_array[0] = "objectSid";
2465 attr_array[1] = NULL;
2469 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2470 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2472 if ((rc != 0) || (group_count != 1))
2474 com_err(whoami, 0, "Couldn't process user security template: %s", "UserTemplate");
2479 UserTemplateSidCount = group_base->length;
2480 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2482 linklist_free(group_base);
2489 if (AceSidCount == 0)
2491 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2492 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2496 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2497 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2502 if (AceSidCount == 0)
2504 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2505 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2509 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2510 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2514 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2515 attr_array[0] = "sAMAccountName";
2516 attr_array[1] = NULL;
2519 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2520 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2522 if (group_count != 1)
2524 linklist_free(group_base);
2525 com_err(whoami, 0, "Couldn't process group security template: %s - security not set", GroupSecurityTemplate);
2528 strcpy(TemplateDn, group_base->dn);
2529 strcpy(TemplateSamName, group_base->value);
2530 linklist_free(group_base);
2534 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2535 rc = ldap_search_ext_s(ldap_handle,
2547 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2549 com_err(whoami, 0, "Couldn't find group security template: %s - security not set", GroupSecurityTemplate);
2552 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2553 if (ppsValues == NULL)
2555 com_err(whoami, 0, "Couldn't find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2559 if (AceSidCount != 0)
2561 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2563 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2565 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2567 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2575 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2578 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2579 for (i = 0; i < n; i++)
2581 ldap_value_free_len(ppsValues);
2582 ldap_msgfree(psMsg);
2583 if (rc != LDAP_SUCCESS)
2585 com_err(whoami, 0, "Couldn't set security settings for group %s : %s",
2586 TargetGroupName, ldap_err2string(rc));
2587 if (AceSidCount != 0)
2589 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2591 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2592 HiddenGroup, "", ""))
2594 com_err(whoami, 0, "Unable to set security for group %s.",
2601 com_err(whoami, 0, "Security set for group %s.", TargetGroupName);
2605 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2606 char *group_membership, char *MoiraId)
2608 LK_ENTRY *group_base;
2614 if (!check_string(group_name))
2616 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
2617 return(AD_INVALID_NAME);
2620 memset(filter, '\0', sizeof(filter));
2623 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2624 if (rc = ad_get_group(ldap_handle, temp, group_name,
2625 group_membership, MoiraId,
2626 "distinguishedName", &group_base,
2627 &group_count, filter))
2630 if (group_count == 1)
2632 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2634 linklist_free(group_base);
2635 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2636 group_name, ldap_err2string(rc));
2639 linklist_free(group_base);
2643 linklist_free(group_base);
2644 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2645 return(AD_NO_GROUPS_FOUND);
2651 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2657 return(N_SD_BER_BYTES);
2660 int process_lists(int ac, char **av, void *ptr)
2665 char group_membership[2];
2671 memset(group_ou, '\0', sizeof(group_ou));
2672 memset(group_membership, '\0', sizeof(group_membership));
2673 get_group_membership(group_membership, group_ou, &security_flag, av);
2674 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2675 group_ou, group_membership, call_args[2],
2676 (char *)call_args[3], "");
2680 int member_list_build(int ac, char **av, void *ptr)
2688 strcpy(temp, av[ACE_NAME]);
2689 if (!check_string(temp))
2691 if (!strcmp(av[ACE_TYPE], "USER"))
2693 if (!((int)call_args[3] & MOIRA_USERS))
2696 else if (!strcmp(av[ACE_TYPE], "STRING"))
2698 if (!((int)call_args[3] & MOIRA_STRINGS))
2700 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2703 else if (!strcmp(av[ACE_TYPE], "LIST"))
2705 if (!((int)call_args[3] & MOIRA_LISTS))
2708 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2710 if (!((int)call_args[3] & MOIRA_KERBEROS))
2712 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2718 linklist = member_base;
2721 if (!strcasecmp(temp, linklist->member))
2723 linklist = linklist->next;
2725 linklist = calloc(1, sizeof(LK_ENTRY));
2727 linklist->dn = NULL;
2728 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2729 strcpy(linklist->list, call_args[2]);
2730 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2731 strcpy(linklist->type, av[ACE_TYPE]);
2732 linklist->member = calloc(1, strlen(temp) + 1);
2733 strcpy(linklist->member, temp);
2734 linklist->next = member_base;
2735 member_base = linklist;
2739 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2740 char *group_ou, char *group_membership, char *user_name,
2741 char *UserOu, char *MoiraId)
2743 char distinguished_name[1024];
2751 LK_ENTRY *group_base;
2754 if (!check_string(group_name))
2755 return(AD_INVALID_NAME);
2757 memset(filter, '\0', sizeof(filter));
2760 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2761 group_membership, MoiraId,
2762 "distinguishedName", &group_base,
2763 &group_count, filter))
2766 if (group_count != 1)
2768 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2770 linklist_free(group_base);
2775 strcpy(distinguished_name, group_base->value);
2776 linklist_free(group_base);
2780 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2781 modvalues[0] = temp;
2782 modvalues[1] = NULL;
2785 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2787 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2788 for (i = 0; i < n; i++)
2790 if (rc == LDAP_UNWILLING_TO_PERFORM)
2792 if (rc != LDAP_SUCCESS)
2794 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
2795 group_name, ldap_err2string(rc));
2803 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2804 char *group_ou, char *group_membership, char *user_name,
2805 char *UserOu, char *MoiraId)
2807 char distinguished_name[1024];
2815 LK_ENTRY *group_base;
2818 if (!check_string(group_name))
2819 return(AD_INVALID_NAME);
2822 memset(filter, '\0', sizeof(filter));
2825 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2826 group_membership, MoiraId,
2827 "distinguishedName", &group_base,
2828 &group_count, filter))
2831 if (group_count != 1)
2833 linklist_free(group_base);
2836 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
2838 return(AD_MULTIPLE_GROUPS_FOUND);
2841 strcpy(distinguished_name, group_base->value);
2842 linklist_free(group_base);
2846 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2847 modvalues[0] = temp;
2848 modvalues[1] = NULL;
2851 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2853 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2854 if (rc == LDAP_ALREADY_EXISTS)
2856 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2858 if (rc == LDAP_UNWILLING_TO_PERFORM)
2861 for (i = 0; i < n; i++)
2863 if (rc != LDAP_SUCCESS)
2865 com_err(whoami, 0, "LDAP server unable to add %s to list %s as a member : %s",
2866 user_name, group_name, ldap_err2string(rc));
2872 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2876 char cn_user_name[256];
2877 char contact_name[256];
2878 char *email_v[] = {NULL, NULL};
2879 char *cn_v[] = {NULL, NULL};
2880 char *contact_v[] = {NULL, NULL};
2881 char *objectClass_v[] = {"top", "person",
2882 "organizationalPerson",
2884 char *name_v[] = {NULL, NULL};
2885 char *desc_v[] = {NULL, NULL};
2890 if (!check_string(user))
2892 com_err(whoami, 0, "invalid LDAP name %s", user);
2893 return(AD_INVALID_NAME);
2895 strcpy(contact_name, user);
2896 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2897 cn_v[0] = cn_user_name;
2898 contact_v[0] = contact_name;
2900 desc_v[0] = "Auto account created by Moira";
2903 strcpy(new_dn, cn_user_name);
2905 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2906 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2907 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2908 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2909 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2910 if (!strcmp(group_ou, contact_ou))
2912 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2916 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2917 for (i = 0; i < n; i++)
2919 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2922 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2923 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2924 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2925 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2926 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2928 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2929 for (i = 0; i < n; i++)
2932 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2934 com_err(whoami, 0, "could not create contact %s : %s",
2935 user, ldap_err2string(rc));
2941 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2942 char *Uid, char *MitId, char *MoiraId, int State,
2943 char *WinHomeDir, char *WinProfileDir)
2946 LK_ENTRY *group_base;
2948 char distinguished_name[512];
2949 char *mitMoiraId_v[] = {NULL, NULL};
2950 char *uid_v[] = {NULL, NULL};
2951 char *mitid_v[] = {NULL, NULL};
2952 char *homedir_v[] = {NULL, NULL};
2953 char *winProfile_v[] = {NULL, NULL};
2954 char *drives_v[] = {NULL, NULL};
2955 char *userAccountControl_v[] = {NULL, NULL};
2956 char userAccountControlStr[80];
2961 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2963 char *attr_array[3];
2966 if (!check_string(user_name))
2968 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2969 return(AD_INVALID_NAME);
2975 if (strlen(MoiraId) != 0)
2977 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2978 attr_array[0] = "cn";
2979 attr_array[1] = NULL;
2980 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2981 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2983 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2984 user_name, ldap_err2string(rc));
2988 if (group_count != 1)
2990 linklist_free(group_base);
2993 sprintf(filter, "(sAMAccountName=%s)", user_name);
2994 attr_array[0] = "cn";
2995 attr_array[1] = NULL;
2996 sprintf(temp, "%s,%s", user_ou, dn_path);
2997 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2998 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3000 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3001 user_name, ldap_err2string(rc));
3006 if (group_count != 1)
3008 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3010 linklist_free(group_base);
3011 return(AD_NO_USER_FOUND);
3013 strcpy(distinguished_name, group_base->dn);
3015 linklist_free(group_base);
3019 if (strlen(Uid) == 0)
3021 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
3024 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
3028 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
3031 if (strlen(MitId) == 0)
3033 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
3034 mitMoiraId_v[0] = MoiraId;
3035 if (strlen(MoiraId) == 0)
3036 mitMoiraId_v[0] = NULL;
3037 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3038 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
3039 userAccountControl |= UF_ACCOUNTDISABLE;
3040 sprintf(userAccountControlStr, "%ld", userAccountControl);
3041 userAccountControl_v[0] = userAccountControlStr;
3042 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
3044 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
3045 WinProfileDir, homedir_v, winProfile_v,
3046 drives_v, mods, LDAP_MOD_REPLACE, n);
3049 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
3051 OldUseSFU30 = UseSFU30;
3052 SwitchSFU(mods, &UseSFU30, n);
3053 if (OldUseSFU30 != UseSFU30)
3054 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3057 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
3058 user_name, ldap_err2string(rc));
3061 for (i = 0; i < n; i++)
3066 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
3074 char *userPrincipalName_v[] = {NULL, NULL};
3075 char *altSecurityIdentities_v[] = {NULL, NULL};
3076 char *name_v[] = {NULL, NULL};
3077 char *samAccountName_v[] = {NULL, NULL};
3082 if (!check_string(before_user_name))
3084 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
3085 return(AD_INVALID_NAME);
3087 if (!check_string(user_name))
3089 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
3090 return(AD_INVALID_NAME);
3093 strcpy(user_name, user_name);
3094 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
3095 sprintf(new_dn, "cn=%s", user_name);
3096 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
3097 NULL, NULL)) != LDAP_SUCCESS)
3099 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
3100 before_user_name, user_name, ldap_err2string(rc));
3104 name_v[0] = user_name;
3105 sprintf(upn, "%s@%s", user_name, ldap_domain);
3106 userPrincipalName_v[0] = upn;
3107 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3108 altSecurityIdentities_v[0] = temp;
3109 samAccountName_v[0] = user_name;
3112 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
3113 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
3114 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
3115 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
3117 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
3118 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
3120 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
3121 user_name, ldap_err2string(rc));
3123 for (i = 0; i < n; i++)
3128 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
3129 char *fs_type, char *fs_pack, int operation)
3131 char distinguished_name[256];
3133 char winProfile[256];
3135 char *attr_array[3];
3136 char *homedir_v[] = {NULL, NULL};
3137 char *winProfile_v[] = {NULL, NULL};
3138 char *drives_v[] = {NULL, NULL};
3144 LK_ENTRY *group_base;
3146 if (!check_string(fs_name))
3148 com_err(whoami, 0, "invalid filesys name %s", fs_name);
3149 return(AD_INVALID_NAME);
3152 if (strcmp(fs_type, "AFS"))
3154 com_err(whoami, 0, "invalid filesys type %s", fs_type);
3155 return(AD_INVALID_FILESYS);
3160 sprintf(filter, "(sAMAccountName=%s)", fs_name);
3161 attr_array[0] = "cn";
3162 attr_array[1] = NULL;
3163 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3164 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3166 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
3167 fs_name, ldap_err2string(rc));
3171 if (group_count != 1)
3173 linklist_free(group_base);
3174 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3176 return(LDAP_NO_SUCH_OBJECT);
3178 strcpy(distinguished_name, group_base->dn);
3179 linklist_free(group_base);
3183 if (operation == LDAP_MOD_ADD)
3185 memset(winPath, 0, sizeof(winPath));
3186 AfsToWinAfs(fs_pack, winPath);
3187 homedir_v[0] = winPath;
3189 memset(winProfile, 0, sizeof(winProfile));
3190 strcpy(winProfile, winPath);
3191 strcat(winProfile, "\\.winprofile");
3192 winProfile_v[0] = winProfile;
3196 homedir_v[0] = NULL;
3198 winProfile_v[0] = NULL;
3200 ADD_ATTR("profilePath", winProfile_v, operation);
3201 ADD_ATTR("homeDrive", drives_v, operation);
3202 ADD_ATTR("homeDirectory", homedir_v, operation);
3205 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3206 if (rc != LDAP_SUCCESS)
3208 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
3209 fs_name, ldap_err2string(rc));
3211 for (i = 0; i < n; i++)
3217 int user_create(int ac, char **av, void *ptr)
3219 LK_ENTRY *group_base;
3222 char user_name[256];
3225 char *cn_v[] = {NULL, NULL};
3226 char *objectClass_v[] = {"top", "person",
3227 "organizationalPerson",
3230 char *samAccountName_v[] = {NULL, NULL};
3231 char *altSecurityIdentities_v[] = {NULL, NULL};
3232 char *mitMoiraId_v[] = {NULL, NULL};
3233 char *name_v[] = {NULL, NULL};
3234 char *desc_v[] = {NULL, NULL};
3235 char *userPrincipalName_v[] = {NULL, NULL};
3236 char *userAccountControl_v[] = {NULL, NULL};
3237 char *uid_v[] = {NULL, NULL};
3238 char *mitid_v[] = {NULL, NULL};
3239 char *homedir_v[] = {NULL, NULL};
3240 char *winProfile_v[] = {NULL, NULL};
3241 char *drives_v[] = {NULL, NULL};
3242 char userAccountControlStr[80];
3244 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
3251 char *attr_array[3];
3253 char WinHomeDir[1024];
3254 char WinProfileDir[1024];
3258 if (!check_string(av[U_NAME]))
3260 callback_rc = AD_INVALID_NAME;
3261 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
3262 return(AD_INVALID_NAME);
3265 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
3266 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
3267 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
3268 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
3269 strcpy(user_name, av[U_NAME]);
3270 sprintf(upn, "%s@%s", user_name, ldap_domain);
3271 sprintf(sam_name, "%s", av[U_NAME]);
3272 samAccountName_v[0] = sam_name;
3273 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
3274 userAccountControl |= UF_ACCOUNTDISABLE;
3275 sprintf(userAccountControlStr, "%ld", userAccountControl);
3276 userAccountControl_v[0] = userAccountControlStr;
3277 userPrincipalName_v[0] = upn;
3279 cn_v[0] = user_name;
3280 name_v[0] = user_name;
3281 desc_v[0] = "Auto account created by Moira";
3282 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
3283 altSecurityIdentities_v[0] = temp;
3284 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
3287 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
3288 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3289 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
3290 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
3291 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
3292 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3293 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3294 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3295 if (strlen(call_args[2]) != 0)
3297 mitMoiraId_v[0] = call_args[2];
3298 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
3300 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
3301 if (strlen(av[U_UID]) != 0)
3303 uid_v[0] = av[U_UID];
3304 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3307 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
3311 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
3314 if (strlen(av[U_MITID]) != 0)
3315 mitid_v[0] = av[U_MITID];
3317 mitid_v[0] = "none";
3318 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
3320 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
3321 WinProfileDir, homedir_v, winProfile_v,
3322 drives_v, mods, LDAP_MOD_ADD, n);
3326 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3327 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3329 OldUseSFU30 = UseSFU30;
3330 SwitchSFU(mods, &UseSFU30, n);
3331 if (OldUseSFU30 != UseSFU30)
3332 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3335 for (i = 0; i < n; i++)
3337 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3339 com_err(whoami, 0, "could not create user %s : %s",
3340 user_name, ldap_err2string(rc));
3344 if (rc == LDAP_SUCCESS)
3346 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3348 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
3352 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3353 if (strlen(call_args[2]) != 0)
3354 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", call_args[2]);
3355 attr_array[0] = "objectSid";
3356 attr_array[1] = NULL;
3359 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter, attr_array,
3360 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
3362 if (group_count != 1)
3364 if (strlen(call_args[2]) != 0)
3366 linklist_free(group_base);
3369 sprintf(filter, "(sAMAccountName=%s)", av[U_NAME]);
3370 rc = linklist_build((LDAP *)call_args[0], call_args[1], filter,
3371 attr_array, &group_base, &group_count, LDAP_SCOPE_SUBTREE);
3374 if (group_count == 1)
3376 (*sid_ptr) = group_base;
3377 (*sid_ptr)->member = strdup(av[U_NAME]);
3378 (*sid_ptr)->type = (char *)GROUPS;
3379 sid_ptr = &(*sid_ptr)->next;
3383 if (group_base != NULL)
3384 linklist_free(group_base);
3389 if (group_base != NULL)
3390 linklist_free(group_base);
3395 int user_change_status(LDAP *ldap_handle, char *dn_path,
3396 char *user_name, char *MoiraId,
3400 char *attr_array[3];
3402 char distinguished_name[1024];
3404 char *mitMoiraId_v[] = {NULL, NULL};
3406 LK_ENTRY *group_base;
3413 if (!check_string(user_name))
3415 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
3416 return(AD_INVALID_NAME);
3422 if (strlen(MoiraId) != 0)
3424 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3425 attr_array[0] = "UserAccountControl";
3426 attr_array[1] = NULL;
3427 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3428 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3430 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3431 user_name, ldap_err2string(rc));
3435 if (group_count != 1)
3437 linklist_free(group_base);
3440 sprintf(filter, "(sAMAccountName=%s)", user_name);
3441 attr_array[0] = "UserAccountControl";
3442 attr_array[1] = NULL;
3443 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3444 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3446 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3447 user_name, ldap_err2string(rc));
3452 if (group_count != 1)
3454 linklist_free(group_base);
3455 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3457 return(LDAP_NO_SUCH_OBJECT);
3460 strcpy(distinguished_name, group_base->dn);
3461 ulongValue = atoi((*group_base).value);
3462 if (operation == MEMBER_DEACTIVATE)
3463 ulongValue |= UF_ACCOUNTDISABLE;
3465 ulongValue &= ~UF_ACCOUNTDISABLE;
3466 sprintf(temp, "%ld", ulongValue);
3467 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3468 temp, &modvalues, REPLACE)) == 1)
3470 linklist_free(group_base);
3474 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3475 if (strlen(MoiraId) != 0)
3477 mitMoiraId_v[0] = MoiraId;
3478 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3481 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3482 for (i = 0; i < n; i++)
3484 free_values(modvalues);
3485 if (rc != LDAP_SUCCESS)
3487 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
3488 user_name, ldap_err2string(rc));
3494 int user_delete(LDAP *ldap_handle, char *dn_path,
3495 char *u_name, char *MoiraId)
3498 char *attr_array[3];
3499 char distinguished_name[1024];
3500 char user_name[512];
3501 LK_ENTRY *group_base;
3505 if (!check_string(u_name))
3506 return(AD_INVALID_NAME);
3508 strcpy(user_name, u_name);
3512 if (strlen(MoiraId) != 0)
3514 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3515 attr_array[0] = "name";
3516 attr_array[1] = NULL;
3517 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3518 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3520 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3521 user_name, ldap_err2string(rc));
3525 if (group_count != 1)
3527 linklist_free(group_base);
3530 sprintf(filter, "(sAMAccountName=%s)", user_name);
3531 attr_array[0] = "name";
3532 attr_array[1] = NULL;
3533 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3534 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3536 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3537 user_name, ldap_err2string(rc));
3542 if (group_count != 1)
3544 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
3549 strcpy(distinguished_name, group_base->dn);
3550 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3552 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
3553 user_name, ldap_err2string(rc));
3557 linklist_free(group_base);
3561 void linklist_free(LK_ENTRY *linklist_base)
3563 LK_ENTRY *linklist_previous;
3565 while (linklist_base != NULL)
3567 if (linklist_base->dn != NULL)
3568 free(linklist_base->dn);
3569 if (linklist_base->attribute != NULL)
3570 free(linklist_base->attribute);
3571 if (linklist_base->value != NULL)
3572 free(linklist_base->value);
3573 if (linklist_base->member != NULL)
3574 free(linklist_base->member);
3575 if (linklist_base->type != NULL)
3576 free(linklist_base->type);
3577 if (linklist_base->list != NULL)
3578 free(linklist_base->list);
3579 linklist_previous = linklist_base;
3580 linklist_base = linklist_previous->next;
3581 free(linklist_previous);
3585 void free_values(char **modvalues)
3590 if (modvalues != NULL)
3592 while (modvalues[i] != NULL)
3595 modvalues[i] = NULL;
3602 int sid_update(LDAP *ldap_handle, char *dn_path)
3606 unsigned char temp[126];
3613 memset(temp, 0, sizeof(temp));
3614 convert_b_to_a(temp, ptr->value, ptr->length);
3617 av[0] = ptr->member;
3619 if (ptr->type == (char *)GROUPS)
3622 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
3624 else if (ptr->type == (char *)USERS)
3627 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
3634 void convert_b_to_a(char *string, UCHAR *binary, int length)
3641 for (i = 0; i < length; i++)
3648 if (string[j] > '9')
3651 string[j] = tmp & 0x0f;
3653 if (string[j] > '9')
3660 static int illegalchars[] = {
3661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3663 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3664 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3665 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3667 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3668 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3669 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3670 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3671 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3672 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3673 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3674 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3675 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3676 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3679 int check_string(char *s)
3686 if (isupper(character))
3687 character = tolower(character);
3688 if (illegalchars[(unsigned) character])
3694 int check_container_name(char *s)
3701 if (isupper(character))
3702 character = tolower(character);
3704 if (character == ' ')
3706 if (illegalchars[(unsigned) character])
3712 int mr_connect_cl(char *server, char *client, int version, int auth)
3718 status = mr_connect(server);
3721 com_err(whoami, status, "while connecting to Moira");
3725 status = mr_motd(&motd);
3729 com_err(whoami, status, "while checking server status");
3734 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3735 com_err(whoami, status, temp);
3740 status = mr_version(version);
3743 if (status == MR_UNKNOWN_PROC)
3746 status = MR_VERSION_HIGH;
3748 status = MR_SUCCESS;
3751 if (status == MR_VERSION_HIGH)
3753 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3754 com_err(whoami, 0, "Some operations may not work.");
3756 else if (status && status != MR_VERSION_LOW)
3758 com_err(whoami, status, "while setting query version number.");
3766 status = mr_auth(client);
3769 com_err(whoami, status, "while authenticating to Moira.");
3778 void AfsToWinAfs(char* path, char* winPath)
3782 strcpy(winPath, WINAFS);
3783 pathPtr = path + strlen(AFS);
3784 winPathPtr = winPath + strlen(WINAFS);
3788 if (*pathPtr == '/')
3791 *winPathPtr = *pathPtr;
3798 int GetAceInfo(int ac, char **av, void *ptr)
3805 strcpy(call_args[0], av[L_ACE_TYPE]);
3806 strcpy(call_args[1], av[L_ACE_NAME]);
3808 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3809 return(LDAP_SUCCESS);
3813 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3816 char *attr_array[3];
3819 LK_ENTRY *group_base;
3824 sprintf(filter, "(sAMAccountName=%s)", Name);
3825 attr_array[0] = "sAMAccountName";
3826 attr_array[1] = NULL;
3827 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3828 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3830 com_err(whoami, 0, "LDAP server couldn't process ACE name %s : %s",
3831 Name, ldap_err2string(rc));
3835 linklist_free(group_base);
3837 if (group_count == 0)
3844 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3847 char GroupName[256];
3853 char AceMembership[2];
3857 strcpy(GroupName, Name);
3859 if (strcasecmp(Type, "LIST"))
3864 AceInfo[0] = AceType;
3865 AceInfo[1] = AceName;
3866 AceInfo[2] = AceMembership;
3868 memset(AceType, '\0', sizeof(AceType));
3869 memset(AceName, '\0', sizeof(AceName));
3870 memset(AceMembership, '\0', sizeof(AceMembership));
3871 memset(AceOu, '\0', sizeof(AceOu));
3873 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3875 com_err(whoami, 0, "Couldn't get ACE info for list %s : %s", GroupName, error_message(rc));
3880 com_err(whoami, 0, "Couldn't get ACE info for list %s", GroupName);
3883 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3885 strcpy(temp, AceName);
3886 if (!strcasecmp(AceType, "LIST"))
3887 sprintf(temp, "%s_group", AceName);
3890 if (checkADname(ldap_handle, dn_path, temp))
3892 (*ProcessGroup) = 1;
3894 if (!strcasecmp(AceInfo[0], "LIST"))
3896 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3899 else if (!strcasecmp(AceInfo[0], "USER"))
3902 call_args[0] = (char *)ldap_handle;
3903 call_args[1] = dn_path;
3905 call_args[3] = NULL;
3907 sid_ptr = &sid_base;
3909 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3911 com_err(whoami, 0, "Couldn't process user ACE %s for group %s.", Name, AceName);
3916 com_err(whoami, 0, "Couldn't process user Ace %s for group %s", Name, AceName);
3919 if (sid_base != NULL)
3921 sid_update(ldap_handle, dn_path);
3922 linklist_free(sid_base);
3929 if (!strcasecmp(AceType, "LIST"))
3931 if (!strcasecmp(GroupName, AceName))
3934 strcpy(GroupName, AceName);
3939 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3940 char *group_name, char *group_ou, char *group_membership,
3941 int group_security_flag, int updateGroup)
3948 call_args[0] = (char *)ldap_handle;
3949 call_args[1] = dn_path;
3950 call_args[2] = group_name;
3951 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3952 call_args[4] = (char *)updateGroup;
3953 call_args[5] = MoiraId;
3954 call_args[6] = NULL;
3956 sid_ptr = &sid_base;
3958 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3961 com_err(whoami, 0, "Couldn't create list %s : %s", group_name, error_message(rc));
3967 com_err(whoami, 0, "Couldn't create list %s", group_name);
3968 return(callback_rc);
3971 if (sid_base != NULL)
3973 sid_update(ldap_handle, dn_path);
3974 linklist_free(sid_base);
3980 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3981 char *group_ou, char *group_membership,
3982 int group_security_flag, char *MoiraId)
3990 com_err(whoami, 0, "Populating group %s", group_name);
3992 call_args[0] = (char *)ldap_handle;
3993 call_args[1] = dn_path;
3994 call_args[2] = group_name;
3995 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3996 call_args[4] = NULL;
3998 if (rc = mr_query("get_end_members_of_list", 1, av,
3999 member_list_build, call_args))
4001 com_err(whoami, 0, "Couldn't populate list %s : %s",
4002 group_name, error_message(rc));
4005 if (member_base != NULL)
4010 if (!strcasecmp(ptr->type, "LIST"))
4016 if (!strcasecmp(ptr->type, "STRING"))
4018 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
4020 pUserOu = contact_ou;
4022 else if (!strcasecmp(ptr->type, "KERBEROS"))
4024 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
4026 pUserOu = kerberos_ou;
4028 rc = member_add(ldap_handle, dn_path, group_name,
4029 group_ou, group_membership, ptr->member,
4033 linklist_free(member_base);
4039 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
4040 char *group_name, char *group_ou, char *group_membership,
4041 int group_security_flag, int type)
4043 char before_desc[512];
4044 char before_name[256];
4045 char before_group_ou[256];
4046 char before_group_membership[2];
4047 char distinguishedName[256];
4048 char ad_distinguishedName[256];
4050 char *attr_array[3];
4051 int before_security_flag;
4054 LK_ENTRY *group_base;
4057 char ou_security[512];
4058 char ou_distribution[512];
4059 char ou_neither[512];
4061 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
4062 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
4065 memset(filter, '\0', sizeof(filter));
4068 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4070 "distinguishedName", &group_base,
4071 &group_count, filter))
4074 if (type == CHECK_GROUPS)
4076 if (group_count == 1)
4078 if (!strcasecmp(group_base->value, distinguishedName))
4080 linklist_free(group_base);
4084 linklist_free(group_base);
4085 if (group_count == 0)
4086 return(AD_NO_GROUPS_FOUND);
4087 if (group_count == 1)
4088 return(AD_WRONG_GROUP_DN_FOUND);
4089 return(AD_MULTIPLE_GROUPS_FOUND);
4091 if (group_count == 0)
4093 return(AD_NO_GROUPS_FOUND);
4095 if (group_count > 1)
4100 if (!strcasecmp(distinguishedName, ptr->value))
4106 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
4110 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
4113 linklist_free(group_base);
4114 return(AD_MULTIPLE_GROUPS_FOUND);
4119 if (strcasecmp(distinguishedName, ptr->value))
4120 rc = ldap_delete_s(ldap_handle, ptr->value);
4123 linklist_free(group_base);
4124 memset(filter, '\0', sizeof(filter));
4127 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
4129 "distinguishedName", &group_base,
4130 &group_count, filter))
4132 if (group_count == 0)
4133 return(AD_NO_GROUPS_FOUND);
4134 if (group_count > 1)
4135 return(AD_MULTIPLE_GROUPS_FOUND);
4138 strcpy(ad_distinguishedName, group_base->value);
4139 linklist_free(group_base);
4143 attr_array[0] = "sAMAccountName";
4144 attr_array[1] = NULL;
4145 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4146 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4148 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4149 MoiraId, ldap_err2string(rc));
4152 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
4154 if (!strcasecmp(ad_distinguishedName, distinguishedName))
4156 linklist_free(group_base);
4161 linklist_free(group_base);
4164 memset(ou_both, '\0', sizeof(ou_both));
4165 memset(ou_security, '\0', sizeof(ou_security));
4166 memset(ou_distribution, '\0', sizeof(ou_distribution));
4167 memset(ou_neither, '\0', sizeof(ou_neither));
4168 memset(before_name, '\0', sizeof(before_name));
4169 memset(before_desc, '\0', sizeof(before_desc));
4170 memset(before_group_membership, '\0', sizeof(before_group_membership));
4171 attr_array[0] = "name";
4172 attr_array[1] = NULL;
4173 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4174 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4176 com_err(whoami, 0, "LDAP server unable to get list name with MoiraId = %s: %s",
4177 MoiraId, ldap_err2string(rc));
4180 strcpy(before_name, group_base->value);
4181 linklist_free(group_base);
4184 attr_array[0] = "description";
4185 attr_array[1] = NULL;
4186 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4187 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4190 "LDAP server unable to get list description with MoiraId = %s: %s",
4191 MoiraId, ldap_err2string(rc));
4194 if (group_count != 0)
4196 strcpy(before_desc, group_base->value);
4197 linklist_free(group_base);
4201 change_to_lower_case(ad_distinguishedName);
4202 strcpy(ou_both, group_ou_both);
4203 change_to_lower_case(ou_both);
4204 strcpy(ou_security, group_ou_security);
4205 change_to_lower_case(ou_security);
4206 strcpy(ou_distribution, group_ou_distribution);
4207 change_to_lower_case(ou_distribution);
4208 strcpy(ou_neither, group_ou_neither);
4209 change_to_lower_case(ou_neither);
4210 if (strstr(ad_distinguishedName, ou_both))
4212 strcpy(before_group_ou, group_ou_both);
4213 before_group_membership[0] = 'B';
4214 before_security_flag = 1;
4216 else if (strstr(ad_distinguishedName, ou_security))
4218 strcpy(before_group_ou, group_ou_security);
4219 before_group_membership[0] = 'S';
4220 before_security_flag = 1;
4222 else if (strstr(ad_distinguishedName, ou_distribution))
4224 strcpy(before_group_ou, group_ou_distribution);
4225 before_group_membership[0] = 'D';
4226 before_security_flag = 0;
4228 else if (strstr(ad_distinguishedName, ou_neither))
4230 strcpy(before_group_ou, group_ou_neither);
4231 before_group_membership[0] = 'N';
4232 before_security_flag = 0;
4235 return(AD_NO_OU_FOUND);
4236 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
4237 before_group_ou, before_security_flag, before_desc,
4238 group_name, group_membership, group_ou, group_security_flag,
4239 before_desc, MoiraId, filter);
4243 void change_to_lower_case(char *ptr)
4247 for (i = 0; i < (int)strlen(ptr); i++)
4249 ptr[i] = tolower(ptr[i]);
4253 int ad_get_group(LDAP *ldap_handle, char *dn_path,
4254 char *group_name, char *group_membership,
4255 char *MoiraId, char *attribute,
4256 LK_ENTRY **linklist_base, int *linklist_count,
4261 char *attr_array[3];
4264 (*linklist_base) = NULL;
4265 (*linklist_count) = 0;
4266 if (strlen(rFilter) != 0)
4268 strcpy(filter, rFilter);
4269 attr_array[0] = attribute;
4270 attr_array[1] = NULL;
4271 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4272 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4274 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4275 MoiraId, ldap_err2string(rc));
4278 if ((*linklist_count) == 1)
4280 strcpy(rFilter, filter);
4285 linklist_free((*linklist_base));
4286 (*linklist_base) = NULL;
4287 (*linklist_count) = 0;
4288 if (strlen(MoiraId) != 0)
4290 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
4291 attr_array[0] = attribute;
4292 attr_array[1] = NULL;
4293 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4294 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4296 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4297 MoiraId, ldap_err2string(rc));
4301 if ((*linklist_count) > 1)
4303 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
4304 pPtr = (*linklist_base);
4307 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
4310 linklist_free((*linklist_base));
4311 (*linklist_base) = NULL;
4312 (*linklist_count) = 0;
4314 if ((*linklist_count) == 1)
4316 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
4318 strcpy(rFilter, filter);
4323 linklist_free((*linklist_base));
4324 (*linklist_base) = NULL;
4325 (*linklist_count) = 0;
4326 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
4327 attr_array[0] = attribute;
4328 attr_array[1] = NULL;
4329 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4330 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
4332 com_err(whoami, 0, "LDAP server unable to get list info with MoiraId = %s: %s",
4333 MoiraId, ldap_err2string(rc));
4336 if ((*linklist_count) == 1)
4338 strcpy(rFilter, filter);
4345 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
4348 char *attr_array[3];
4349 char SamAccountName[64];
4352 LK_ENTRY *group_base;
4358 if (strlen(MoiraId) != 0)
4360 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4361 attr_array[0] = "sAMAccountName";
4362 attr_array[1] = NULL;
4363 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4364 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4366 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4367 UserName, ldap_err2string(rc));
4370 if (group_count > 1)
4372 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
4377 com_err(whoami, 0, "user %s exist with MoiraId = %s",
4378 gPtr->value, MoiraId);
4383 if (group_count != 1)
4385 linklist_free(group_base);
4388 sprintf(filter, "(sAMAccountName=%s)", UserName);
4389 attr_array[0] = "sAMAccountName";
4390 attr_array[1] = NULL;
4391 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4392 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4394 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
4395 UserName, ldap_err2string(rc));
4400 if (group_count != 1)
4402 linklist_free(group_base);
4403 return(AD_NO_USER_FOUND);
4405 strcpy(SamAccountName, group_base->value);
4406 linklist_free(group_base);
4409 if (strcmp(SamAccountName, UserName))
4411 rc = user_rename(ldap_handle, dn_path, SamAccountName,
4417 void container_get_dn(char *src, char *dest)
4424 memset(array, '\0', 20 * sizeof(array[0]));
4426 if (strlen(src) == 0)
4445 strcpy(dest, "OU=");
4448 strcat(dest, array[n-1]);
4452 strcat(dest, ",OU=");
4458 void container_get_name(char *src, char *dest)
4463 if (strlen(src) == 0)
4480 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4487 strcpy(cName, name);
4488 for (i = 0; i < (int)strlen(cName); i++)
4490 if (cName[i] == '/')
4493 av[CONTAINER_NAME] = cName;
4494 av[CONTAINER_DESC] = "";
4495 av[CONTAINER_LOCATION] = "";
4496 av[CONTAINER_CONTACT] = "";
4497 av[CONTAINER_TYPE] = "";
4498 av[CONTAINER_ID] = "";
4499 av[CONTAINER_ROWID] = "";
4500 rc = container_create(ldap_handle, dn_path, 7, av);
4501 if (rc == LDAP_SUCCESS)
4503 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4511 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4512 int afterc, char **after)
4517 char new_dn_path[256];
4519 char distinguishedName[256];
4524 memset(cName, '\0', sizeof(cName));
4525 container_get_name(after[CONTAINER_NAME], cName);
4526 if (!check_container_name(cName))
4528 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4529 return(AD_INVALID_NAME);
4532 memset(distinguishedName, '\0', sizeof(distinguishedName));
4533 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4535 if (strlen(distinguishedName) == 0)
4537 rc = container_create(ldap_handle, dn_path, afterc, after);
4541 strcpy(temp, after[CONTAINER_NAME]);
4543 for (i = 0; i < (int)strlen(temp); i++)
4552 container_get_dn(temp, dName);
4553 if (strlen(temp) != 0)
4554 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4556 sprintf(new_dn_path, "%s", dn_path);
4557 sprintf(new_cn, "OU=%s", cName);
4559 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4561 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4562 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4564 com_err(whoami, 0, "couldn't rename container from %s to %s : %s",
4565 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4569 memset(dName, '\0', sizeof(dName));
4570 container_get_dn(after[CONTAINER_NAME], dName);
4571 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4575 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4577 char distinguishedName[256];
4580 memset(distinguishedName, '\0', sizeof(distinguishedName));
4581 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4583 if (strlen(distinguishedName) == 0)
4585 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4587 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4588 container_move_objects(ldap_handle, dn_path, distinguishedName);
4590 com_err(whoami, 0, "unable to delete container %s from AD : %s",
4591 av[CONTAINER_NAME], ldap_err2string(rc));
4596 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4598 char *attr_array[3];
4599 LK_ENTRY *group_base;
4602 char *objectClass_v[] = {"top",
4603 "organizationalUnit",
4606 char *ou_v[] = {NULL, NULL};
4607 char *name_v[] = {NULL, NULL};
4608 char *moiraId_v[] = {NULL, NULL};
4609 char *desc_v[] = {NULL, NULL};
4610 char *managedBy_v[] = {NULL, NULL};
4613 char managedByDN[256];
4620 memset(filter, '\0', sizeof(filter));
4621 memset(dName, '\0', sizeof(dName));
4622 memset(cName, '\0', sizeof(cName));
4623 memset(managedByDN, '\0', sizeof(managedByDN));
4624 container_get_dn(av[CONTAINER_NAME], dName);
4625 container_get_name(av[CONTAINER_NAME], cName);
4627 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4629 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4630 return(AD_INVALID_NAME);
4633 if (!check_container_name(cName))
4635 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4636 return(AD_INVALID_NAME);
4640 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4642 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4644 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4645 if (strlen(av[CONTAINER_ROWID]) != 0)
4647 moiraId_v[0] = av[CONTAINER_ROWID];
4648 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4650 if (strlen(av[CONTAINER_DESC]) != 0)
4652 desc_v[0] = av[CONTAINER_DESC];
4653 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4655 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4657 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4659 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4661 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4662 managedBy_v[0] = managedByDN;
4663 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4668 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4670 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4672 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4674 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4676 if (strlen(filter) != 0)
4678 attr_array[0] = "distinguishedName";
4679 attr_array[1] = NULL;
4682 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4683 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4685 if (group_count == 1)
4687 strcpy(managedByDN, group_base->value);
4688 managedBy_v[0] = managedByDN;
4689 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4691 linklist_free(group_base);
4700 sprintf(temp, "%s,%s", dName, dn_path);
4701 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4702 for (i = 0; i < n; i++)
4704 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4706 com_err(whoami, 0, "couldn't create container %s : %s",
4707 cName, ldap_err2string(rc));
4710 if (rc == LDAP_ALREADY_EXISTS)
4712 if (strlen(av[CONTAINER_ROWID]) != 0)
4713 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4718 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4719 int afterc, char **after)
4721 char distinguishedName[256];
4724 memset(distinguishedName, '\0', sizeof(distinguishedName));
4725 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4727 if (strlen(distinguishedName) == 0)
4729 rc = container_create(ldap_handle, dn_path, afterc, after);
4733 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4734 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4739 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4741 char *attr_array[3];
4742 LK_ENTRY *group_base;
4749 memset(filter, '\0', sizeof(filter));
4750 memset(dName, '\0', sizeof(dName));
4751 memset(cName, '\0', sizeof(cName));
4752 container_get_dn(av[CONTAINER_NAME], dName);
4753 container_get_name(av[CONTAINER_NAME], cName);
4755 if (strlen(dName) == 0)
4757 com_err(whoami, 0, "invalid LDAP container name %s", av[CONTAINER_NAME]);
4758 return(AD_INVALID_NAME);
4761 if (!check_container_name(cName))
4763 com_err(whoami, 0, "invalid LDAP container name %s", cName);
4764 return(AD_INVALID_NAME);
4767 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4768 attr_array[0] = "distinguishedName";
4769 attr_array[1] = NULL;
4772 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4773 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4775 if (group_count == 1)
4777 strcpy(distinguishedName, group_base->value);
4779 linklist_free(group_base);
4783 if (strlen(distinguishedName) == 0)
4785 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4786 attr_array[0] = "distinguishedName";
4787 attr_array[1] = NULL;
4790 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4791 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4793 if (group_count == 1)
4795 strcpy(distinguishedName, group_base->value);
4797 linklist_free(group_base);
4805 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4806 char *distinguishedName, int count, char **av)
4808 char *attr_array[5];
4809 LK_ENTRY *group_base;
4815 char *moiraId_v[] = {NULL, NULL};
4816 char *desc_v[] = {NULL, NULL};
4817 char *managedBy_v[] = {NULL, NULL};
4818 char managedByDN[256];
4826 strcpy(temp, distinguishedName);
4827 if (strlen(dName) != 0)
4828 sprintf(temp, "%s,%s", dName, dn_path);
4830 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", temp);
4831 if (strlen(av[CONTAINER_ID]) != 0)
4832 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4833 attr_array[0] = "mitMoiraId";
4834 attr_array[1] = "description";
4835 attr_array[2] = "managedBy";
4836 attr_array[3] = NULL;
4839 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4840 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4842 com_err(whoami, 0, "couldn't retreive container info for %s : %s",
4843 av[CONTAINER_NAME], ldap_err2string(rc));
4846 memset(managedByDN, '\0', sizeof(managedByDN));
4847 memset(moiraId, '\0', sizeof(moiraId));
4848 memset(desc, '\0', sizeof(desc));
4852 if (!strcasecmp(pPtr->attribute, "description"))
4853 strcpy(desc, pPtr->value);
4854 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4855 strcpy(managedByDN, pPtr->value);
4856 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4857 strcpy(moiraId, pPtr->value);
4860 linklist_free(group_base);
4865 if (strlen(av[CONTAINER_ROWID]) != 0)
4867 moiraId_v[0] = av[CONTAINER_ROWID];
4868 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4870 if (strlen(av[CONTAINER_DESC]) != 0)
4872 desc_v[0] = av[CONTAINER_DESC];
4873 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4877 if (strlen(desc) != 0)
4880 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
4883 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4885 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4887 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4889 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4890 managedBy_v[0] = managedByDN;
4891 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4895 if (strlen(managedByDN) != 0)
4897 managedBy_v[0] = NULL;
4898 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4904 memset(filter, '\0', sizeof(filter));
4905 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4907 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4909 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4911 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4913 if (strlen(filter) != 0)
4915 attr_array[0] = "distinguishedName";
4916 attr_array[1] = NULL;
4919 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4920 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4922 if (group_count == 1)
4924 strcpy(managedByDN, group_base->value);
4925 managedBy_v[0] = managedByDN;
4926 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4930 if (strlen(managedByDN) != 0)
4932 managedBy_v[0] = NULL;
4933 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4936 linklist_free(group_base);
4943 if (strlen(managedByDN) != 0)
4945 managedBy_v[0] = NULL;
4946 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4953 return(LDAP_SUCCESS);
4955 strcpy(temp, distinguishedName);
4956 if (strlen(dName) != 0)
4957 sprintf(temp, "%s,%s", dName, dn_path);
4958 rc = ldap_modify_s(ldap_handle, temp, mods);
4959 for (i = 0; i < n; i++)
4961 if (rc != LDAP_SUCCESS)
4963 com_err(whoami, 0, "couldn't modify container info for %s : %s",
4964 av[CONTAINER_NAME], ldap_err2string(rc));
4970 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4972 char *attr_array[3];
4973 LK_ENTRY *group_base;
4980 int NumberOfEntries = 10;
4984 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4986 for (i = 0; i < 3; i++)
4988 memset(filter, '\0', sizeof(filter));
4991 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4992 attr_array[0] = "cn";
4993 attr_array[1] = NULL;
4997 strcpy(filter, "(objectClass=computer)");
4998 attr_array[0] = "cn";
4999 attr_array[1] = NULL;
5003 strcpy(filter, "(objectClass=organizationalUnit)");
5004 attr_array[0] = "ou";
5005 attr_array[1] = NULL;
5010 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
5011 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
5015 if (group_count == 0)
5020 if (!strcasecmp(pPtr->attribute, "cn"))
5022 sprintf(new_cn, "cn=%s", pPtr->value);
5024 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
5026 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
5030 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
5032 if (rc == LDAP_ALREADY_EXISTS)
5034 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
5041 else if (!strcasecmp(pPtr->attribute, "ou"))
5043 rc = ldap_delete_s(ldap_handle, pPtr->dn);
5047 linklist_free(group_base);
5055 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou)
5057 LK_ENTRY *group_base;
5061 char *attr_array[3];
5066 char NewMachineName[1024];
5069 strcpy(NewMachineName, member);
5070 rc = GetMachineName(NewMachineName);
5071 if (strlen(NewMachineName) == 0)
5073 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
5078 pPtr = strchr(NewMachineName, '.');
5084 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
5085 attr_array[0] = "cn";
5086 attr_array[1] = NULL;
5087 sprintf(temp, "%s", dn_path);
5088 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
5089 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5091 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
5092 member, ldap_err2string(rc));
5095 if (group_count != 1)
5097 com_err(whoami, 0, "LDAP server couldn't process machine %s : machine not found in AD",
5101 strcpy(dn, group_base->dn);
5102 strcpy(cn, group_base->value);
5103 for (i = 0; i < (int)strlen(dn); i++)
5104 dn[i] = tolower(dn[i]);
5105 for (i = 0; i < (int)strlen(cn); i++)
5106 cn[i] = tolower(cn[i]);
5107 linklist_free(group_base);
5109 pPtr = strstr(dn, cn);
5112 com_err(whoami, 0, "LDAP server couldn't process machine %s",
5116 pPtr += strlen(cn) + 1;
5117 strcpy(machine_ou, pPtr);
5119 pPtr = strstr(machine_ou, "dc=");
5122 com_err(whoami, 0, "LDAP server couldn't process machine %s",
5131 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
5136 char MachineName[128];
5138 char *attr_array[3];
5143 LK_ENTRY *group_base;
5148 strcpy(MachineName, MoiraMachineName);
5149 rc = GetMachineName(MachineName);
5150 if (strlen(MachineName) == 0)
5152 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
5156 cPtr = strchr(MachineName, '.');
5159 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
5160 attr_array[0] = "sAMAccountName";
5161 attr_array[1] = NULL;
5162 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
5163 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5165 com_err(whoami, 0, "LDAP server couldn't process machine %s : %s",
5166 MoiraMachineName, ldap_err2string(rc));
5170 if (group_count == 1)
5171 strcpy(OldDn, group_base->dn);
5172 linklist_free(group_base);
5174 if (group_count != 1)
5176 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
5179 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
5180 cPtr = strchr(OldDn, ',');
5184 if (!strcasecmp(cPtr, NewOu))
5187 sprintf(NewCn, "CN=%s", MachineName);
5188 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
5192 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
5198 memset(Name, '\0', sizeof(Name));
5199 strcpy(Name, machine_name);
5201 pPtr = strchr(Name, '.');
5205 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
5208 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
5214 av[0] = machine_name;
5215 call_args[0] = (char *)container_name;
5216 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
5221 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
5226 strcpy(call_args[0], av[1]);
5230 int Moira_container_group_create(char **after)
5236 memset(GroupName, '\0', sizeof(GroupName));
5237 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
5238 after[CONTAINER_ROWID]);
5242 argv[L_NAME] = GroupName;
5243 argv[L_ACTIVE] = "1";
5244 argv[L_PUBLIC] = "0";
5245 argv[L_HIDDEN] = "0";
5246 argv[L_MAILLIST] = "0";
5247 argv[L_GROUP] = "1";
5248 argv[L_GID] = UNIQUE_GID;
5249 argv[L_NFSGROUP] = "0";
5250 argv[L_MAILMAN] = "0";
5251 argv[L_MAILMAN_SERVER] = "[NONE]";
5252 argv[L_DESC] = "auto created container group";
5253 argv[L_ACE_TYPE] = "USER";
5254 argv[L_MEMACE_TYPE] = "USER";
5255 argv[L_ACE_NAME] = "sms";
5256 argv[L_MEMACE_NAME] = "sms";
5258 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
5260 com_err(whoami, 0, "couldn't create container group %s for container %s: %s",
5261 GroupName, after[CONTAINER_NAME], error_message(rc));
5264 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
5265 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
5270 int Moira_container_group_update(char **before, char **after)
5273 char BeforeGroupName[64];
5274 char AfterGroupName[64];
5277 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
5280 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
5281 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
5282 if (strlen(BeforeGroupName) == 0)
5285 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
5286 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
5287 after[CONTAINER_ROWID]);
5291 if (strcasecmp(BeforeGroupName, AfterGroupName))
5293 argv[L_NAME] = BeforeGroupName;
5294 argv[L_NAME + 1] = AfterGroupName;
5295 argv[L_ACTIVE + 1] = "1";
5296 argv[L_PUBLIC + 1] = "0";
5297 argv[L_HIDDEN + 1] = "1";
5298 argv[L_MAILLIST + 1] = "0";
5299 argv[L_GROUP + 1] = "1";
5300 argv[L_GID + 1] = UNIQUE_GID;
5301 argv[L_NFSGROUP + 1] = "0";
5302 argv[L_MAILMAN + 1] = "0";
5303 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
5304 argv[L_DESC + 1] = "auto created container group";
5305 argv[L_ACE_TYPE + 1] = "USER";
5306 argv[L_MEMACE_TYPE + 1] = "USER";
5307 argv[L_ACE_NAME + 1] = "sms";
5308 argv[L_MEMACE_NAME + 1] = "sms";
5310 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
5312 com_err(whoami, 0, "couldn't rename container group from %s to %s: %s",
5313 BeforeGroupName, AfterGroupName, error_message(rc));
5320 int Moira_container_group_delete(char **before)
5325 char ParentGroupName[64];
5327 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
5328 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
5330 memset(GroupName, '\0', sizeof(GroupName));
5331 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
5332 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
5334 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
5336 argv[0] = ParentGroupName;
5338 argv[2] = GroupName;
5339 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
5341 com_err(whoami, 0, "couldn't delete container group %s from list: %s",
5342 GroupName, ParentGroupName, error_message(rc));
5346 if (strlen(GroupName) != 0)
5348 argv[0] = GroupName;
5349 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
5351 com_err(whoami, 0, "couldn't delete container group %s : %s",
5352 GroupName, error_message(rc));
5359 int Moira_groupname_create(char *GroupName, char *ContainerName,
5360 char *ContainerRowID)
5365 char newGroupName[64];
5366 char tempGroupName[64];
5371 strcpy(temp, ContainerName);
5373 ptr1 = strrchr(temp, '/');
5379 if (strlen(ptr) > 25)
5382 sprintf(newGroupName, "cnt-%s", ptr);
5384 /* change everything to lower case */
5389 *ptr = tolower(*ptr);
5395 strcpy(tempGroupName, newGroupName);
5397 /* append 0-9 then a-z if a duplicate is found */
5400 argv[0] = newGroupName;
5401 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
5403 if (rc == MR_NO_MATCH)
5405 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
5406 ContainerName, error_message(rc));
5409 sprintf(newGroupName, "%s-%c", tempGroupName, i);
5412 com_err(whoami, 0, "Can not find a unique group name for container %s: too many duplicate container names",
5422 strcpy(GroupName, newGroupName);
5426 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5431 argv[0] = origContainerName;
5432 argv[1] = GroupName;
5434 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5436 com_err(whoami, 0, "couldn't set container group %s in container %s: %s",
5437 GroupName, origContainerName, error_message(rc));
5443 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5445 char ContainerName[64];
5446 char ParentGroupName[64];
5450 strcpy(ContainerName, origContainerName);
5452 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5453 /* top-level container */
5454 if (strlen(ParentGroupName) == 0)
5457 argv[0] = ParentGroupName;
5459 argv[2] = GroupName;
5460 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5462 com_err(whoami, 0, "couldn't add container group %s to parent group %s: %s",
5463 GroupName, ParentGroupName, error_message(rc));
5468 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5473 strcpy(call_args[0], av[1]);
5477 int Moira_getGroupName(char *origContainerName, char *GroupName,
5480 char ContainerName[64];
5486 strcpy(ContainerName, origContainerName);
5490 ptr = strrchr(ContainerName, '/');
5497 argv[0] = ContainerName;
5499 call_args[0] = GroupName;
5500 call_args[1] = NULL;
5502 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5505 if (strlen(GroupName) != 0)
5510 com_err(whoami, 0, "couldn't get container group from container %s: %s",
5511 ContainerName, error_message(rc));
5513 com_err(whoami, 0, "couldn't get container group from container %s",
5518 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5524 if (strcmp(GroupName, "[none]") == 0)
5527 argv[0] = GroupName;
5528 argv[1] = "MACHINE";
5529 argv[2] = MachineName;
5531 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5533 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5536 com_err(whoami, 0, "couldn't add machine %s to container group%s: %s",
5537 MachineName, GroupName, error_message(rc));
5542 int GetMachineName(char *MachineName)
5545 char NewMachineName[1024];
5552 // If the address happens to be in the top-level MIT domain, great!
5553 strcpy(NewMachineName, MachineName);
5554 for (i = 0; i < (int)strlen(NewMachineName); i++)
5555 NewMachineName[i] = toupper(NewMachineName[i]);
5556 szDot = strchr(NewMachineName,'.');
5557 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5562 // If not, see if it has a Moira alias in the top-level MIT domain.
5563 memset(NewMachineName, '\0', sizeof(NewMachineName));
5565 args[1] = MachineName;
5566 call_args[0] = NewMachineName;
5567 call_args[1] = NULL;
5568 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5570 com_err(whoami, 0, "couldn't resolve machine name %s : %s",
5571 MachineName, error_message(rc));
5572 strcpy(MachineName, "");
5576 if (strlen(NewMachineName) != 0)
5577 strcpy(MachineName, NewMachineName);
5579 strcpy(MachineName, "");
5584 int ProcessMachineName(int ac, char **av, void *ptr)
5587 char MachineName[1024];
5592 if (strlen(call_args[0]) == 0)
5594 strcpy(MachineName, av[0]);
5595 for (i = 0; i < (int)strlen(MachineName); i++)
5596 MachineName[i] = toupper(MachineName[i]);
5597 szDot = strchr(MachineName,'.');
5598 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5600 strcpy(call_args[0], MachineName);
5606 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5612 for (i = 0; i < n; i++)
5614 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5615 mods[i]->mod_type = "uidNumber";
5621 for (i = 0; i < n; i++)
5623 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5624 mods[i]->mod_type = "msSFU30UidNumber";
5630 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5631 char *WinHomeDir, char *WinProfileDir,
5632 char **homedir_v, char **winProfile_v,
5633 char **drives_v, LDAPMod **mods,
5641 char winProfile[1024];
5646 LDAPMod *DelMods[20];
5648 memset(homeDrive, '\0', sizeof(homeDrive));
5649 memset(path, '\0', sizeof(path));
5650 memset(winPath, '\0', sizeof(winPath));
5651 memset(winProfile, '\0', sizeof(winProfile));
5653 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5655 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5657 memset(cWeight, 0, sizeof(cWeight));
5658 memset(cPath, 0, sizeof(cPath));
5661 while (hp[i] != NULL)
5663 if (sscanf(hp[i], "%*s %s", cPath))
5665 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5667 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5669 if (atoi(cWeight) < last_weight)
5671 strcpy(path, cPath);
5672 last_weight = (int)atoi(cWeight);
5676 strcpy(path, cPath);
5683 if (!strnicmp(path, AFS, strlen(AFS)))
5685 AfsToWinAfs(path, winPath);
5686 strcpy(winProfile, winPath);
5687 strcat(winProfile, "\\.winprofile");
5703 if (!strcasecmp(WinHomeDir, "[local]"))
5704 memset(winPath, '\0', sizeof(winPath));
5705 else if (!strcasecmp(WinHomeDir, "[afs]"))
5707 strcpy(homeDrive, "H:");
5711 strcpy(winPath, WinHomeDir);
5712 if (!strncmp(WinHomeDir, "\\\\", 2))
5714 strcpy(homeDrive, "H:");
5718 // nothing needs to be done if WinProfileDir is [afs].
5719 if (!strcasecmp(WinProfileDir, "[local]"))
5720 memset(winProfile, '\0', sizeof(winProfile));
5721 else if (strcasecmp(WinProfileDir, "[afs]"))
5723 strcpy(winProfile, WinProfileDir);
5726 if (strlen(winProfile) != 0)
5728 if (winProfile[strlen(winProfile) - 1] == '\\')
5729 winProfile[strlen(winProfile) - 1] = '\0';
5731 if (strlen(winPath) != 0)
5733 if (winPath[strlen(winPath) - 1] == '\\')
5734 winPath[strlen(winPath) - 1] = '\0';
5737 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5738 strcat(winProfile, "\\");
5739 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5740 strcat(winPath, "\\");
5742 if (strlen(winPath) == 0)
5744 if (OpType == LDAP_MOD_REPLACE)
5747 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5749 //unset homeDirectory attribute for user.
5750 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5756 homedir_v[0] = strdup(winPath);
5757 ADD_ATTR("homeDirectory", homedir_v, OpType);
5760 if (strlen(winProfile) == 0)
5762 if (OpType == LDAP_MOD_REPLACE)
5765 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5767 //unset profilePate attribute for user.
5768 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5774 winProfile_v[0] = strdup(winProfile);
5775 ADD_ATTR("profilePath", winProfile_v, OpType);
5778 if (strlen(homeDrive) == 0)
5780 if (OpType == LDAP_MOD_REPLACE)
5783 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5785 //unset homeDrive attribute for user
5786 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5792 drives_v[0] = strdup(homeDrive);
5793 ADD_ATTR("homeDrive", drives_v, OpType);
5799 int GetServerList(char *ldap_domain, char **ServerList)
5806 int IgnoreServerListError;
5807 int ServerListFound;
5808 char default_server[256];
5810 char *attr_array[3];
5814 LK_ENTRY *group_base;
5819 memset(default_server, '\0', sizeof(default_server));
5820 memset(dn_path, '\0', sizeof(dn_path));
5821 for (i = 0; i < MAX_SERVER_NAMES; i++)
5823 if (ServerList[i] != NULL)
5825 free(ServerList[i]);
5826 ServerList[i] = NULL;
5829 IgnoreServerListError = 1;
5830 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5831 ServerList, &IgnoreServerListError))
5833 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5837 ServerListFound = 0;
5839 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5840 attr_array[0] = "fSMORoleOwner";
5841 attr_array[1] = NULL;
5842 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5843 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5845 if (group_count != 0)
5847 sPtr = strstr(group_base->value, ",CN=");
5850 sPtr += strlen(",CN=");
5851 if (ServerList[0] == NULL)
5852 ServerList[0] = calloc(1, 256);
5853 strcpy(ServerList[0], sPtr);
5854 sPtr = strstr(ServerList[0], ",");
5858 ServerListFound = 1;
5862 linklist_free(group_base);
5866 attr_array[0] = "cn";
5867 attr_array[1] = NULL;
5868 strcpy(filter, "(cn=*)");
5869 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5871 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5872 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5874 if (group_count != 0)
5877 while (gPtr != NULL)
5879 if (ServerListFound != 0)
5881 if (!strcasecmp(ServerList[0], gPtr->value))
5887 if (Count < MAX_SERVER_NAMES)
5889 if (ServerList[Count] == NULL)
5890 ServerList[Count] = calloc(1, 256);
5891 strcpy(ServerList[Count], gPtr->value);
5898 linklist_free(group_base);
5904 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5905 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5907 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5908 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5910 if (group_count != 0)
5915 linklist_free(group_base);
5919 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5921 fprintf(fptr, "%s%s\n", DOMAIN, ldap_domain);
5923 fprintf(fptr, "%s%s\n", MSSFU, SFUTYPE);
5924 for (i = 0; i < MAX_SERVER_NAMES; i++)
5926 if (ServerList[i] != NULL)
5928 fprintf(fptr, "%s%s\n", SERVER, ServerList[i]);
5933 ldap_unbind_s(ldap_handle);