2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
295 #define CHECK_GROUPS 1
296 #define CLEANUP_GROUPS 2
298 #define AD_NO_GROUPS_FOUND -1
299 #define AD_WRONG_GROUP_DN_FOUND -2
300 #define AD_MULTIPLE_GROUPS_FOUND -3
301 #define AD_INVALID_NAME -4
302 #define AD_LDAP_FAILURE -5
303 #define AD_INVALID_FILESYS -6
304 #define AD_NO_ATTRIBUTE_FOUND -7
305 #define AD_NO_OU_FOUND -8
306 #define AD_NO_USER_FOUND -9
308 /* container arguments */
309 #define CONTAINER_NAME 0
310 #define CONTAINER_DESC 1
311 #define CONTAINER_LOCATION 2
312 #define CONTAINER_CONTACT 3
313 #define CONTAINER_TYPE 4
314 #define CONTAINER_ID 5
315 #define CONTAINER_ROWID 6
316 #define CONTAINER_GROUP_NAME 7
318 /*mcntmap arguments*/
319 #define OU_MACHINE_NAME 0
320 #define OU_CONTAINER_NAME 1
321 #define OU_MACHINE_ID 2
322 #define OU_CONTAINER_ID 3
323 #define OU_CONTAINER_GROUP 4
325 typedef struct lk_entry {
335 struct lk_entry *next;
338 #define STOP_FILE "/moira/ldap/noldap"
339 #define file_exists(file) (access((file), F_OK) == 0)
341 #define N_SD_BER_BYTES 5
342 #define LDAP_BERVAL struct berval
343 #define MAX_SERVER_NAMES 32
345 #define HIDDEN_GROUP "HiddenGroup.g"
346 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
347 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
348 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
350 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
351 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
352 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
354 #define ADD_ATTR(t, v, o) \
355 mods[n] = malloc(sizeof(LDAPMod)); \
356 mods[n]->mod_op = o; \
357 mods[n]->mod_type = t; \
358 mods[n++]->mod_values = v
360 #define DEL_ATTR(t, o) \
361 DelMods[i] = malloc(sizeof(LDAPMod)); \
362 DelMods[i]->mod_op = o; \
363 DelMods[i]->mod_type = t; \
364 DelMods[i++]->mod_values = NULL
366 #define DOMAIN_SUFFIX "MIT.EDU"
367 #define DOMAIN "DOMAIN:"
368 #define PRINCIPALNAME "PRINCIPAL:"
369 #define SERVER "SERVER:"
372 #define GROUP_SUFFIX "GROUP_SUFFIX:"
373 #define GROUP_TYPE "GROUP_TYPE:"
374 #define SET_GROUP_ACE "SET_GROUP_ACE:"
375 #define SET_PASSWORD "SET_PASSWORD:"
376 #define EXCHANGE "EXCHANGE:"
377 #define REALM "REALM:"
378 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
380 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
381 #define MAX_DOMAINS 10
382 char DomainNames[MAX_DOMAINS][128];
384 LK_ENTRY *member_base = NULL;
386 char PrincipalName[128];
387 static char tbl_buf[1024];
388 char kerberos_ou[] = "OU=kerberos,OU=moira";
389 char contact_ou[] = "OU=strings,OU=moira";
390 char user_ou[] = "OU=users,OU=moira";
391 char group_ou_distribution[1024];
392 char group_ou_root[1024];
393 char group_ou_security[1024];
394 char group_ou_neither[1024];
395 char group_ou_both[1024];
396 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
397 char orphans_other_ou[] = "OU=Other,OU=Orphans";
398 char security_template_ou[] = "OU=security_templates";
400 char ldap_domain[256];
401 char ldap_realm[256];
403 char *ServerList[MAX_SERVER_NAMES];
404 char default_server[256];
405 static char tbl_buf[1024];
406 char group_suffix[256];
407 char exchange_acl[256];
408 int mr_connections = 0;
411 int UseGroupSuffix = 1;
412 int UseGroupUniversal = 0;
416 int ProcessMachineContainer = 1;
417 int ActiveDirectory = 1;
418 int UpdateDomainList;
420 extern int set_password(char *user, char *password, char *domain);
422 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_membership, char *MoiraId, char *attribute,
424 LK_ENTRY **linklist_base, int *linklist_count,
426 void AfsToWinAfs(char* path, char* winPath);
427 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
428 char *Win2kPassword, char *Win2kUser, char *default_server,
429 int connect_to_kdc, char **ServerList, char *ldap_realm,
431 void ad_kdc_disconnect();
432 int ad_server_connect(char *connectedServer, char *domain);
433 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
434 char *attribute_value, char *attribute, char *user_name);
435 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
436 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
437 int check_winad(void);
438 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
441 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
442 char *distinguishedName, int count, char **av);
443 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
444 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
445 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
446 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
447 char *distinguishedName, int count,
449 void container_get_dn(char *src, char *dest);
450 void container_get_name(char *src, char *dest);
451 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
452 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
453 char **before, int afterc, char **after);
454 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
455 char **before, int afterc, char **after);
457 int GetAceInfo(int ac, char **av, void *ptr);
458 int get_group_membership(char *group_membership, char *group_ou,
459 int *security_flag, char **av);
460 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
461 char *machine_ou, char *pPtr);
462 int Moira_container_group_create(char **after);
463 int Moira_container_group_delete(char **before);
464 int Moira_groupname_create(char *GroupName, char *ContainerName,
465 char *ContainerRowID);
466 int Moira_container_group_update(char **before, char **after);
467 int Moira_process_machine_container_group(char *MachineName, char* groupName,
469 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
470 int Moira_getContainerGroup(int ac, char **av, void *ptr);
471 int Moira_getGroupName(char *origContainerName, char *GroupName,
473 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
474 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
475 int UpdateGroup, int *ProcessGroup, char *maillist);
476 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
477 char *group_name, char *group_ou, char *group_membership,
478 int group_security_flag, int type, char *maillist);
479 int process_lists(int ac, char **av, void *ptr);
480 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
481 char *TargetGroupName, int HiddenGroup,
482 char *AceType, char *AceName);
483 int ProcessMachineName(int ac, char **av, void *ptr);
484 int ReadConfigFile(char *DomainName);
485 int ReadDomainList();
486 void StringTrim(char *StringToTrim);
487 char *escape_string(char *s);
488 int save_query_info(int argc, char **argv, void *hint);
489 int user_create(int ac, char **av, void *ptr);
490 int user_change_status(LDAP *ldap_handle, char *dn_path,
491 char *user_name, char *MoiraId, int operation);
492 int user_delete(LDAP *ldap_handle, char *dn_path,
493 char *u_name, char *MoiraId);
494 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
496 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
497 char *uid, char *MitId, char *MoiraId, int State,
498 char *WinHomeDir, char *WinProfileDir, char *first,
499 char *middle, char *last, char *shell, char *class);
500 void change_to_lower_case(char *ptr);
501 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
502 int contact_remove_email(LDAP *ld, char *bind_path,
503 LK_ENTRY **linklist_entry, int linklist_current);
504 int group_create(int ac, char **av, void *ptr);
505 int group_delete(LDAP *ldap_handle, char *dn_path,
506 char *group_name, char *group_membership, char *MoiraId);
507 int group_rename(LDAP *ldap_handle, char *dn_path,
508 char *before_group_name, char *before_group_membership,
509 char *before_group_ou, int before_security_flag,
510 char *before_desc, char *after_group_name,
511 char *after_group_membership, char *after_group_ou,
512 int after_security_flag, char *after_desc,
513 char *MoiraId, char *filter, char *maillist);
514 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
515 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
516 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
517 char *machine_name, char *container_name);
518 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
519 char *MoiraMachineName, char *DestinationOu);
520 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
521 char *group_name, char *group_ou, char *group_membership,
522 int group_security_flag, int updateGroup, char *maillist);
523 int member_list_build(int ac, char **av, void *ptr);
524 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
525 char *group_ou, char *group_membership,
526 char *user_name, char *pUserOu, char *MoiraId);
527 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
528 char *group_ou, char *group_membership, char *user_name,
529 char *pUserOu, char *MoiraId);
530 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
531 char *group_ou, char *group_membership,
532 int group_security_flag, char *MoiraId);
533 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
534 char *DistinguishedName,
535 char *WinHomeDir, char *WinProfileDir,
536 char **homedir_v, char **winProfile_v,
537 char **drives_v, LDAPMod **mods,
539 int sid_update(LDAP *ldap_handle, char *dn_path);
540 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
541 int check_string(char *s);
542 int check_container_name(char* s);
544 int mr_connect_cl(char *server, char *client, int version, int auth);
545 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
546 char **before, int beforec, char **after, int afterc);
547 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
548 char **before, int beforec, char **after, int afterc);
549 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
550 char **before, int beforec, char **after, int afterc);
551 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
552 char **before, int beforec, char **after, int afterc);
553 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
554 char **before, int beforec, char **after, int afterc);
555 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 int linklist_create_entry(char *attribute, char *value,
558 LK_ENTRY **linklist_entry);
559 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
560 char **attr_array, LK_ENTRY **linklist_base,
561 int *linklist_count, unsigned long ScopeType);
562 void linklist_free(LK_ENTRY *linklist_base);
564 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
565 char *distinguished_name, LK_ENTRY **linklist_current);
566 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
567 LK_ENTRY **linklist_base, int *linklist_count);
568 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
569 char *Attribute, char *distinguished_name,
570 LK_ENTRY **linklist_current);
572 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
573 char *oldValue, char *newValue,
574 char ***modvalues, int type);
575 void free_values(char **modvalues);
577 int convert_domain_to_dn(char *domain, char **bind_path);
578 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
579 char *distinguished_name);
580 int moira_disconnect(void);
581 int moira_connect(void);
582 void print_to_screen(const char *fmt, ...);
583 int GetMachineName(char *MachineName);
584 int tickets_get_k5();
585 int destroy_cache(void);
588 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
589 char **homeServerName);
591 int main(int argc, char **argv)
607 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
611 com_err(whoami, 0, "Unable to process %s", "argc < 4");
615 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
617 com_err(whoami, 0, "Unable to process %s",
618 "argc < (4 + beforec + afterc)");
622 if (!strcmp(argv[1], "filesys"))
625 for (i = 1; i < argc; i++)
627 strcat(tbl_buf, argv[i]);
628 strcat(tbl_buf, " ");
631 com_err(whoami, 0, "%s", tbl_buf);
635 com_err(whoami, 0, "%s failed", "check_winad()");
639 initialize_sms_error_table();
640 initialize_krb_error_table();
642 UpdateDomainList = 0;
643 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
645 if (ReadDomainList())
647 com_err(whoami, 0, "%s failed", "ReadDomainList()");
651 for (i = 0; i < argc; i++)
654 for (k = 0; k < MAX_DOMAINS; k++)
656 if (strlen(DomainNames[k]) == 0)
658 for (i = 0; i < argc; i++)
660 if (orig_argv[i] != NULL)
662 orig_argv[i] = strdup(argv[i]);
665 memset(PrincipalName, '\0', sizeof(PrincipalName));
666 memset(ldap_domain, '\0', sizeof(ldap_domain));
667 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
668 memset(default_server, '\0', sizeof(default_server));
669 memset(dn_path, '\0', sizeof(dn_path));
670 memset(group_suffix, '\0', sizeof(group_suffix));
671 memset(exchange_acl, '\0', sizeof(exchange_acl));
675 UseGroupUniversal = 0;
679 ProcessMachineContainer = 1;
682 sprintf(group_suffix, "%s", "_group");
683 sprintf(exchange_acl, "%s", "exchange-acl");
685 beforec = atoi(orig_argv[2]);
686 afterc = atoi(orig_argv[3]);
687 table = orig_argv[1];
688 before = &orig_argv[4];
689 after = &orig_argv[4 + beforec];
697 if (ReadConfigFile(DomainNames[k]))
702 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
703 sprintf(group_ou_root, "OU=lists,OU=moira");
704 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
705 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
706 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_distribution, "OU=lists,OU=moira");
711 sprintf(group_ou_root, "OU=lists,OU=moira");
712 sprintf(group_ou_security, "OU=lists,OU=moira");
713 sprintf(group_ou_neither, "OU=lists,OU=moira");
714 sprintf(group_ou_both, "OU=lists,OU=moira");
717 OldUseSFU30 = UseSFU30;
719 for (i = 0; i < 5; i++)
721 ldap_handle = (LDAP *)NULL;
722 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
723 default_server, SetPassword, ServerList,
724 ldap_realm, ldap_port)))
726 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
731 if ((rc) || (ldap_handle == NULL))
733 critical_alert("incremental",
734 "ldap.incr cannot connect to any server in "
735 "domain %s", DomainNames[k]);
739 for (i = 0; i < (int)strlen(table); i++)
740 table[i] = tolower(table[i]);
742 if (!strcmp(table, "users"))
743 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
745 else if (!strcmp(table, "list"))
746 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
748 else if (!strcmp(table, "imembers"))
749 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
751 else if (!strcmp(table, "containers"))
752 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
754 else if (!strcmp(table, "mcntmap"))
755 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
761 for (i = 0; i < MAX_SERVER_NAMES; i++)
763 if (ServerList[i] != NULL)
766 ServerList[i] = NULL;
770 rc = ldap_unbind_s(ldap_handle);
776 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
777 char **before, int beforec, char **after, int afterc)
779 char MoiraContainerName[128];
780 char ADContainerName[128];
781 char MachineName[1024];
782 char OriginalMachineName[1024];
785 char MoiraContainerGroup[64];
787 if (!ProcessMachineContainer)
789 com_err(whoami, 0, "Process machines and containers disabled, skipping");
794 memset(ADContainerName, '\0', sizeof(ADContainerName));
795 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
797 if ((beforec == 0) && (afterc == 0))
800 if (rc = moira_connect())
802 critical_alert("AD incremental",
803 "Error contacting Moira server : %s",
808 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
810 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
811 strcpy(MachineName, before[OU_MACHINE_NAME]);
812 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
814 com_err(whoami, 0, "removing machine %s from %s",
815 OriginalMachineName, before[OU_CONTAINER_NAME]);
817 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
819 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
820 strcpy(MachineName, after[OU_MACHINE_NAME]);
821 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
822 com_err(whoami, 0, "adding machine %s to container %s",
823 OriginalMachineName, after[OU_CONTAINER_NAME]);
831 rc = GetMachineName(MachineName);
833 if (strlen(MachineName) == 0)
836 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
837 OriginalMachineName);
841 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
844 if (machine_check(ldap_handle, dn_path, MachineName))
846 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.",
847 OriginalMachineName, MachineName);
852 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
853 machine_get_moira_container(ldap_handle, dn_path, MachineName,
856 if (strlen(MoiraContainerName) == 0)
858 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
859 "in Moira - moving to orphans OU.",
860 OriginalMachineName, MachineName);
861 machine_move_to_ou(ldap_handle, dn_path, MachineName,
862 orphans_machines_ou);
867 container_get_dn(MoiraContainerName, ADContainerName);
869 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
870 strcat(MoiraContainerName, "/");
872 container_check(ldap_handle, dn_path, MoiraContainerName);
873 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
878 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
879 char **before, int beforec, char **after, int afterc)
883 if (!ProcessMachineContainer)
885 com_err(whoami, 0, "Process machines and containers disabled, skipping");
889 if ((beforec == 0) && (afterc == 0))
892 if (rc = moira_connect())
894 critical_alert("AD incremental", "Error contacting Moira server : %s",
899 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
901 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
902 container_delete(ldap_handle, dn_path, beforec, before);
903 Moira_container_group_delete(before);
908 if ((beforec == 0) && (afterc != 0)) /*create a container*/
910 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
911 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
912 container_create(ldap_handle, dn_path, afterc, after);
913 Moira_container_group_create(after);
918 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
920 com_err(whoami, 0, "renaming container %s to %s",
921 before[CONTAINER_NAME], after[CONTAINER_NAME]);
922 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
923 Moira_container_group_update(before, after);
928 com_err(whoami, 0, "updating container %s information",
929 after[CONTAINER_NAME]);
930 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
931 Moira_container_group_update(before, after);
936 #define L_LIST_DESC 9
939 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
940 char **before, int beforec, char **after, int afterc)
945 char group_membership[6];
950 char before_list_id[32];
951 char before_group_membership[1];
952 int before_security_flag;
953 char before_group_ou[256];
954 LK_ENTRY *ptr = NULL;
956 if (beforec == 0 && afterc == 0)
959 memset(list_id, '\0', sizeof(list_id));
960 memset(before_list_id, '\0', sizeof(before_list_id));
961 memset(before_group_ou, '\0', sizeof(before_group_ou));
962 memset(before_group_membership, '\0', sizeof(before_group_membership));
963 memset(group_ou, '\0', sizeof(group_ou));
964 memset(group_membership, '\0', sizeof(group_membership));
969 if (beforec < L_LIST_ID)
971 if (beforec > L_LIST_DESC)
973 strcpy(before_list_id, before[L_LIST_ID]);
975 before_security_flag = 0;
976 get_group_membership(before_group_membership, before_group_ou,
977 &before_security_flag, before);
982 if (afterc < L_LIST_ID)
984 if (afterc > L_LIST_DESC)
986 strcpy(list_id, after[L_LIST_ID]);
989 get_group_membership(group_membership, group_ou, &security_flag, after);
992 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1001 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1002 before[L_NAME], before_group_ou,
1003 before_group_membership,
1004 before_security_flag, CHECK_GROUPS,
1005 before[L_MAILLIST])))
1007 if (rc == AD_NO_GROUPS_FOUND)
1011 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1012 (rc == AD_MULTIPLE_GROUPS_FOUND))
1014 rc = process_group(ldap_handle, dn_path, before_list_id,
1015 before[L_NAME], before_group_ou,
1016 before_group_membership,
1017 before_security_flag, CLEANUP_GROUPS,
1018 before[L_MAILLIST]);
1020 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1022 com_err(whoami, 0, "Unable to process list %s",
1026 if (rc == AD_NO_GROUPS_FOUND)
1032 if ((beforec != 0) && (afterc != 0))
1034 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1035 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1036 (strcmp(before_group_ou, group_ou)))) &&
1039 com_err(whoami, 0, "Changing list name from %s to %s",
1040 before[L_NAME], after[L_NAME]);
1042 if ((strlen(before_group_ou) == 0) ||
1043 (strlen(before_group_membership) == 0) ||
1044 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1046 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1050 memset(filter, '\0', sizeof(filter));
1052 if ((rc = group_rename(ldap_handle, dn_path,
1053 before[L_NAME], before_group_membership,
1054 before_group_ou, before_security_flag,
1055 before[L_LIST_DESC], after[L_NAME],
1056 group_membership, group_ou, security_flag,
1058 list_id, filter, after[L_MAILLIST])))
1060 if (rc != AD_NO_GROUPS_FOUND)
1063 "Unable to change list name from %s to %s",
1064 before[L_NAME], after[L_NAME]);
1077 if ((strlen(before_group_ou) == 0) ||
1078 (strlen(before_group_membership) == 0))
1081 "Unable to find the group OU for group %s", before[L_NAME]);
1085 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1086 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1087 before_group_membership, before_list_id);
1095 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1097 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1098 group_ou, group_membership,
1099 security_flag, CHECK_GROUPS,
1102 if (rc != AD_NO_GROUPS_FOUND)
1104 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1105 (rc == AD_MULTIPLE_GROUPS_FOUND))
1107 rc = process_group(ldap_handle, dn_path, list_id,
1109 group_ou, group_membership,
1110 security_flag, CLEANUP_GROUPS,
1117 "Unable to create list %s", after[L_NAME]);
1124 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1126 if (rc = moira_connect())
1128 critical_alert("AD incremental",
1129 "Error contacting Moira server : %s",
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1137 &ProcessGroup, after[L_MAILLIST]))
1142 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1143 &ProcessGroup, after[L_MAILLIST]))
1147 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1148 group_ou, group_membership, security_flag,
1149 updateGroup, after[L_MAILLIST]))
1155 if (atoi(after[L_ACTIVE]))
1157 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1158 group_membership, security_flag, list_id);
1166 #define LM_EXTRA_ACTIVE (LM_END)
1167 #define LM_EXTRA_PUBLIC (LM_END+1)
1168 #define LM_EXTRA_HIDDEN (LM_END+2)
1169 #define LM_EXTRA_MAILLIST (LM_END+3)
1170 #define LM_EXTRA_GROUP (LM_END+4)
1171 #define LM_EXTRA_GID (LM_END+5)
1172 #define LMN_LIST_ID (LM_END+6)
1173 #define LM_LIST_ID (LM_END+7)
1174 #define LM_USER_ID (LM_END+8)
1175 #define LM_EXTRA_END (LM_END+9)
1177 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1178 char **before, int beforec, char **after, int afterc)
1180 LK_ENTRY *group_base;
1183 char *attr_array[3];
1184 char group_name[128];
1185 char user_name[128];
1186 char user_type[128];
1187 char moira_list_id[32];
1188 char moira_user_id[32];
1189 char group_membership[1];
1191 char machine_ou[256];
1199 char NewMachineName[1024];
1203 char *save_argv[U_END];
1207 memset(moira_list_id, '\0', sizeof(moira_list_id));
1208 memset(moira_user_id, '\0', sizeof(moira_user_id));
1212 if (afterc < LM_EXTRA_GID)
1215 if (!atoi(after[LM_EXTRA_ACTIVE]))
1218 "Unable to add %s to group %s : group not active",
1219 after[2], after[0]);
1225 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1228 strcpy(user_name, after[LM_MEMBER]);
1229 strcpy(group_name, after[LM_LIST]);
1230 strcpy(user_type, after[LM_TYPE]);
1232 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1234 if (afterc > LM_EXTRA_GROUP)
1236 strcpy(moira_list_id, after[LMN_LIST_ID]);
1237 strcpy(moira_user_id, after[LM_LIST_ID]);
1240 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1242 if (afterc > LMN_LIST_ID)
1244 strcpy(moira_list_id, after[LM_LIST_ID]);
1245 strcpy(moira_user_id, after[LM_USER_ID]);
1250 if (afterc > LM_EXTRA_GID)
1251 strcpy(moira_list_id, after[LMN_LIST_ID]);
1256 if (beforec < LM_EXTRA_GID)
1258 if (!atoi(before[LM_EXTRA_ACTIVE]))
1261 "Unable to add %s to group %s : group not active",
1262 before[2], before[0]);
1268 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1271 strcpy(user_name, before[LM_MEMBER]);
1272 strcpy(group_name, before[LM_LIST]);
1273 strcpy(user_type, before[LM_TYPE]);
1275 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1277 if (beforec > LM_EXTRA_GROUP)
1279 strcpy(moira_list_id, before[LMN_LIST_ID]);
1280 strcpy(moira_user_id, before[LM_LIST_ID]);
1283 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1285 if (beforec > LMN_LIST_ID)
1287 strcpy(moira_list_id, before[LM_LIST_ID]);
1288 strcpy(moira_user_id, before[LM_USER_ID]);
1293 if (beforec > LM_EXTRA_GID)
1294 strcpy(moira_list_id, before[LMN_LIST_ID]);
1301 "Unable to process group : beforec = %d, afterc = %d",
1306 args[L_NAME] = ptr[LM_LIST];
1307 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1308 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1309 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1310 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1311 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1312 args[L_GID] = ptr[LM_EXTRA_GID];
1315 memset(group_ou, '\0', sizeof(group_ou));
1316 get_group_membership(group_membership, group_ou, &security_flag, args);
1318 if (strlen(group_ou) == 0)
1320 com_err(whoami, 0, "Unable to find the group OU for group %s",
1325 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1326 group_ou, group_membership, security_flag,
1327 CHECK_GROUPS, args[L_MAILLIST]))
1329 if (rc != AD_NO_GROUPS_FOUND)
1331 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1332 group_name, group_ou, group_membership,
1333 security_flag, CLEANUP_GROUPS,
1336 if (rc != AD_NO_GROUPS_FOUND)
1339 com_err(whoami, 0, "Unable to add %s to group %s - "
1340 "unable to process group", user_name, group_name);
1342 com_err(whoami, 0, "Unable to remove %s from group %s - "
1343 "unable to process group", user_name, group_name);
1350 if (rc == AD_NO_GROUPS_FOUND)
1352 if (rc = moira_connect())
1354 critical_alert("AD incremental",
1355 "Error contacting Moira server : %s",
1360 com_err(whoami, 0, "creating group %s", group_name);
1363 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1364 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1369 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1370 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1375 group_ou, group_membership, security_flag, 0,
1376 ptr[LM_EXTRA_MAILLIST]))
1382 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1384 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1385 group_membership, security_flag, moira_list_id);
1395 com_err(whoami, 0, "removing user %s from list %s", user_name,
1399 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1401 memset(machine_ou, '\0', sizeof(machine_ou));
1402 memset(NewMachineName, '\0', sizeof(NewMachineName));
1403 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1404 machine_ou, NewMachineName))
1406 if (ptr[LM_MEMBER] != NULL)
1407 free(ptr[LM_MEMBER]);
1408 ptr[LM_MEMBER] = strdup(NewMachineName);
1409 pUserOu = machine_ou;
1412 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1414 strcpy(member, ptr[LM_MEMBER]);
1418 if((s = strchr(member, '@')) == (char *) NULL)
1420 strcat(member, "@mit.edu");
1422 if (ptr[LM_MEMBER] != NULL)
1423 free(ptr[LM_MEMBER]);
1424 ptr[LM_MEMBER] = strdup(member);
1427 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1429 s = strrchr(member, '.');
1431 strcat(s, ".mit.edu");
1433 if (ptr[LM_MEMBER] != NULL)
1434 free(ptr[LM_MEMBER]);
1435 ptr[LM_MEMBER] = strdup(member);
1439 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1443 pUserOu = contact_ou;
1445 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1447 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1451 pUserOu = kerberos_ou;
1454 if (rc = moira_connect()) {
1455 critical_alert("AD incremental",
1456 "Error contacting Moira server : %s",
1461 if (rc = populate_group(ldap_handle, dn_path, group_name,
1462 group_ou, group_membership,
1463 security_flag, moira_list_id))
1464 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1469 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1471 if (rc = moira_connect())
1473 critical_alert("AD incremental",
1474 "Error contacting Moira server : %s",
1479 if (rc = populate_group(ldap_handle, dn_path, group_name,
1480 group_ou, group_membership, security_flag,
1482 com_err(whoami, 0, "Unable to remove %s from group %s",
1483 user_name, group_name);
1490 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1493 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1495 memset(machine_ou, '\0', sizeof(machine_ou));
1496 memset(NewMachineName, '\0', sizeof(NewMachineName));
1498 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1502 if (ptr[LM_MEMBER] != NULL)
1503 free(ptr[LM_MEMBER]);
1505 ptr[LM_MEMBER] = strdup(NewMachineName);
1506 pUserOu = machine_ou;
1508 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1510 strcpy(member, ptr[LM_MEMBER]);
1514 if((s = strchr(member, '@')) == (char *) NULL)
1516 strcat(member, "@mit.edu");
1518 if (ptr[LM_MEMBER] != NULL)
1519 free(ptr[LM_MEMBER]);
1520 ptr[LM_MEMBER] = strdup(member);
1523 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1525 s = strrchr(member, '.');
1527 strcat(s, ".mit.edu");
1529 if (ptr[LM_MEMBER] != NULL)
1530 free(ptr[LM_MEMBER]);
1531 ptr[LM_MEMBER] = strdup(member);
1535 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1539 pUserOu = contact_ou;
1541 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1543 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1547 pUserOu = kerberos_ou;
1549 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1551 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1552 moira_user_id)) == AD_NO_USER_FOUND)
1554 if (rc = moira_connect())
1556 critical_alert("AD incremental",
1557 "Error connection to Moira : %s",
1562 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1563 av[0] = ptr[LM_MEMBER];
1564 call_args[0] = (char *)ldap_handle;
1565 call_args[1] = dn_path;
1566 call_args[2] = moira_user_id;
1567 call_args[3] = NULL;
1576 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1577 attr_array[0] = "cn";
1578 attr_array[1] = NULL;
1579 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1580 attr_array, &group_base, &group_count,
1581 LDAP_SCOPE_SUBTREE)) != 0)
1583 com_err(whoami, 0, "Unable to process user %s : %s",
1584 ptr[LM_MEMBER], ldap_err2string(rc));
1590 com_err(whoami, 0, "Object already exists with name %s",
1595 linklist_free(group_base);
1600 if (rc = mr_query("get_user_account_by_login", 1, av,
1601 save_query_info, save_argv))
1604 com_err(whoami, 0, "Unable to create user %s : %s",
1605 ptr[LM_MEMBER], error_message(rc));
1609 if (rc = user_create(U_END, save_argv, call_args))
1612 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1619 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 if (rc = moira_connect()) {
1632 critical_alert("AD incremental",
1633 "Error contacting Moira server : %s",
1638 if (rc = populate_group(ldap_handle, dn_path, group_name,
1639 group_ou, group_membership, security_flag,
1641 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1646 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1648 if (rc = moira_connect())
1650 critical_alert("AD incremental",
1651 "Error contacting Moira server : %s",
1656 if (rc = populate_group(ldap_handle, dn_path, group_name,
1657 group_ou, group_membership, security_flag,
1659 com_err(whoami, 0, "Unable to add %s to group %s",
1660 user_name, group_name);
1669 #define U_USER_ID 10
1670 #define U_HOMEDIR 11
1671 #define U_PROFILEDIR 12
1673 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1674 char **before, int beforec, char **after,
1677 LK_ENTRY *group_base;
1680 char *attr_array[3];
1683 char after_user_id[32];
1684 char before_user_id[32];
1686 char *save_argv[U_END];
1688 if ((beforec == 0) && (afterc == 0))
1691 memset(after_user_id, '\0', sizeof(after_user_id));
1692 memset(before_user_id, '\0', sizeof(before_user_id));
1694 if (beforec > U_USER_ID)
1695 strcpy(before_user_id, before[U_USER_ID]);
1697 if (afterc > U_USER_ID)
1698 strcpy(after_user_id, after[U_USER_ID]);
1700 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1703 if ((beforec == 0) && (afterc != 0))
1705 /*this case only happens when the account*/
1706 /*account is first created but not usable*/
1708 com_err(whoami, 0, "Unable to process user %s because the user account "
1709 "is not yet usable", after[U_NAME]);
1713 /*this case only happens when the account is expunged */
1715 if ((beforec != 0) && (afterc == 0))
1717 if (atoi(before[U_STATE]) == 0)
1719 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1720 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1724 com_err(whoami, 0, "Unable to process because user %s has been "
1725 "previously expungeded", before[U_NAME]);
1730 /*process anything that gets here*/
1732 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1733 before_user_id)) == AD_NO_USER_FOUND)
1735 if (!check_string(after[U_NAME]))
1738 if (rc = moira_connect())
1740 critical_alert("AD incremental",
1741 "Error connection to Moira : %s",
1746 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1748 av[0] = after[U_NAME];
1749 call_args[0] = (char *)ldap_handle;
1750 call_args[1] = dn_path;
1751 call_args[2] = after_user_id;
1752 call_args[3] = NULL;
1760 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1761 attr_array[0] = "cn";
1762 attr_array[1] = NULL;
1764 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1765 &group_base, &group_count,
1766 LDAP_SCOPE_SUBTREE)) != 0)
1768 com_err(whoami, 0, "Unable to process user %s : %s",
1769 after[U_NAME], ldap_err2string(rc));
1773 if (group_count >= 1)
1775 com_err(whoami, 0, "Object already exists with name %s",
1780 linklist_free(group_base);
1785 if (rc = mr_query("get_user_account_by_login", 1, av,
1786 save_query_info, save_argv))
1789 com_err(whoami, 0, "Unable to create user %s : %s",
1790 after[U_NAME], error_message(rc));
1794 if (rc = user_create(U_END, save_argv, call_args))
1796 com_err(whoami, 0, "Unable to create user %s : %s",
1797 after[U_NAME], error_message(rc));
1804 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1816 if (strcmp(before[U_NAME], after[U_NAME]))
1818 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1820 com_err(whoami, 0, "changing user %s to %s",
1821 before[U_NAME], after[U_NAME]);
1823 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1824 after[U_NAME])) != LDAP_SUCCESS)
1831 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1832 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1833 after[U_UID], after[U_MITID],
1834 after_user_id, atoi(after[U_STATE]),
1835 after[U_HOMEDIR], after[U_PROFILEDIR],
1836 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1837 after[U_SHELL], after[U_CLASS]);
1842 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1843 char *oldValue, char *newValue,
1844 char ***modvalues, int type)
1846 LK_ENTRY *linklist_ptr;
1850 if (((*modvalues) = calloc(1,
1851 (modvalue_count + 1) * sizeof(char *))) == NULL)
1856 for (i = 0; i < (modvalue_count + 1); i++)
1857 (*modvalues)[i] = NULL;
1859 if (modvalue_count != 0)
1861 linklist_ptr = linklist_base;
1862 for (i = 0; i < modvalue_count; i++)
1864 if ((oldValue != NULL) && (newValue != NULL))
1866 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1869 if (type == REPLACE)
1871 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1874 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1875 strcpy((*modvalues)[i], newValue);
1879 if (((*modvalues)[i] = calloc(1,
1880 (int)(cPtr - linklist_ptr->value) +
1881 (linklist_ptr->length -
1883 strlen(newValue) + 1)) == NULL)
1885 memset((*modvalues)[i], '\0',
1886 (int)(cPtr - linklist_ptr->value) +
1887 (linklist_ptr->length - strlen(oldValue)) +
1888 strlen(newValue) + 1);
1889 memcpy((*modvalues)[i], linklist_ptr->value,
1890 (int)(cPtr - linklist_ptr->value));
1891 strcat((*modvalues)[i], newValue);
1892 strcat((*modvalues)[i],
1893 &linklist_ptr->value[(int)(cPtr -
1894 linklist_ptr->value) + strlen(oldValue)]);
1899 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1900 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 linklist_ptr->length);
1907 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1908 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1909 memcpy((*modvalues)[i], linklist_ptr->value,
1910 linklist_ptr->length);
1912 linklist_ptr = linklist_ptr->next;
1914 (*modvalues)[i] = NULL;
1920 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1921 char **attr_array, LK_ENTRY **linklist_base,
1922 int *linklist_count, unsigned long ScopeType)
1925 LDAPMessage *ldap_entry;
1929 (*linklist_base) = NULL;
1930 (*linklist_count) = 0;
1932 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1933 search_exp, attr_array, 0,
1934 &ldap_entry)) != LDAP_SUCCESS)
1936 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1940 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1943 ldap_msgfree(ldap_entry);
1947 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1948 LK_ENTRY **linklist_base, int *linklist_count)
1950 char distinguished_name[1024];
1951 LK_ENTRY *linklist_ptr;
1954 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1957 memset(distinguished_name, '\0', sizeof(distinguished_name));
1958 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1960 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1961 linklist_base)) != 0)
1964 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1966 memset(distinguished_name, '\0', sizeof(distinguished_name));
1967 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1969 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1970 distinguished_name, linklist_base)) != 0)
1974 linklist_ptr = (*linklist_base);
1975 (*linklist_count) = 0;
1977 while (linklist_ptr != NULL)
1979 ++(*linklist_count);
1980 linklist_ptr = linklist_ptr->next;
1986 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1987 char *distinguished_name, LK_ENTRY **linklist_current)
1994 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1997 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1999 ldap_memfree(Attribute);
2000 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2003 retrieve_values(ldap_handle, ldap_entry, Attribute,
2004 distinguished_name, linklist_current);
2005 ldap_memfree(Attribute);
2009 ldap_ber_free(ptr, 0);
2014 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2015 char *Attribute, char *distinguished_name,
2016 LK_ENTRY **linklist_current)
2022 LK_ENTRY *linklist_previous;
2023 LDAP_BERVAL **ber_value;
2032 SID_IDENTIFIER_AUTHORITY *sid_auth;
2033 unsigned char *subauth_count;
2034 #endif /*LDAP_BEGUG*/
2037 memset(temp, '\0', sizeof(temp));
2039 if ((!strcmp(Attribute, "objectSid")) ||
2040 (!strcmp(Attribute, "objectGUID")))
2045 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2046 Ptr = (void **)ber_value;
2051 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2052 Ptr = (void **)str_value;
2060 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2063 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2064 linklist_previous->next = (*linklist_current);
2065 (*linklist_current) = linklist_previous;
2067 if (((*linklist_current)->attribute = calloc(1,
2068 strlen(Attribute) + 1)) == NULL)
2071 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2072 strcpy((*linklist_current)->attribute, Attribute);
2076 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2078 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2081 memset((*linklist_current)->value, '\0', ber_length);
2082 memcpy((*linklist_current)->value,
2083 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2084 (*linklist_current)->length = ber_length;
2088 if (((*linklist_current)->value = calloc(1,
2089 strlen(*Ptr) + 1)) == NULL)
2092 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2093 (*linklist_current)->length = strlen(*Ptr);
2094 strcpy((*linklist_current)->value, *Ptr);
2097 (*linklist_current)->ber_value = use_bervalue;
2099 if (((*linklist_current)->dn = calloc(1,
2100 strlen(distinguished_name) + 1)) == NULL)
2103 memset((*linklist_current)->dn, '\0',
2104 strlen(distinguished_name) + 1);
2105 strcpy((*linklist_current)->dn, distinguished_name);
2108 if (!strcmp(Attribute, "objectGUID"))
2110 guid = (GUID *)((*linklist_current)->value);
2112 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2113 guid->Data1, guid->Data2, guid->Data3,
2114 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2115 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2116 guid->Data4[6], guid->Data4[7]);
2117 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2119 else if (!strcmp(Attribute, "objectSid"))
2121 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2124 print_to_screen(" Revision = %d\n", sid->Revision);
2125 print_to_screen(" SID Identifier Authority:\n");
2126 sid_auth = &sid->IdentifierAuthority;
2127 if (sid_auth->Value[0])
2128 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2129 else if (sid_auth->Value[1])
2130 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2131 else if (sid_auth->Value[2])
2132 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2133 else if (sid_auth->Value[3])
2134 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2135 else if (sid_auth->Value[5])
2136 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2138 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2139 subauth_count = GetSidSubAuthorityCount(sid);
2140 print_to_screen(" SidSubAuthorityCount = %d\n",
2142 print_to_screen(" SidSubAuthority:\n");
2143 for (i = 0; i < *subauth_count; i++)
2145 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2146 print_to_screen(" %u\n", *subauth);
2150 else if ((!memcmp(Attribute, "userAccountControl",
2151 strlen("userAccountControl"))) ||
2152 (!memcmp(Attribute, "sAMAccountType",
2153 strlen("sAmAccountType"))))
2155 intValue = atoi(*Ptr);
2156 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2158 if (!memcmp(Attribute, "userAccountControl",
2159 strlen("userAccountControl")))
2161 if (intValue & UF_ACCOUNTDISABLE)
2162 print_to_screen(" %20s : %s\n",
2163 "", "Account disabled");
2165 print_to_screen(" %20s : %s\n",
2166 "", "Account active");
2167 if (intValue & UF_HOMEDIR_REQUIRED)
2168 print_to_screen(" %20s : %s\n",
2169 "", "Home directory required");
2170 if (intValue & UF_LOCKOUT)
2171 print_to_screen(" %20s : %s\n",
2172 "", "Account locked out");
2173 if (intValue & UF_PASSWD_NOTREQD)
2174 print_to_screen(" %20s : %s\n",
2175 "", "No password required");
2176 if (intValue & UF_PASSWD_CANT_CHANGE)
2177 print_to_screen(" %20s : %s\n",
2178 "", "Cannot change password");
2179 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2180 print_to_screen(" %20s : %s\n",
2181 "", "Temp duplicate account");
2182 if (intValue & UF_NORMAL_ACCOUNT)
2183 print_to_screen(" %20s : %s\n",
2184 "", "Normal account");
2185 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2186 print_to_screen(" %20s : %s\n",
2187 "", "Interdomain trust account");
2188 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2189 print_to_screen(" %20s : %s\n",
2190 "", "Workstation trust account");
2191 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2192 print_to_screen(" %20s : %s\n",
2193 "", "Server trust account");
2198 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2200 #endif /*LDAP_DEBUG*/
2203 if (str_value != NULL)
2204 ldap_value_free(str_value);
2206 if (ber_value != NULL)
2207 ldap_value_free_len(ber_value);
2210 (*linklist_current) = linklist_previous;
2215 int moira_connect(void)
2220 if (!mr_connections++)
2224 memset(HostName, '\0', sizeof(HostName));
2225 strcpy(HostName, "ttsp");
2226 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2230 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2239 int check_winad(void)
2243 for (i = 0; file_exists(STOP_FILE); i++)
2247 critical_alert("AD incremental",
2248 "WINAD incremental failed (%s exists): %s",
2249 STOP_FILE, tbl_buf);
2259 int moira_disconnect(void)
2262 if (!--mr_connections)
2270 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2271 char *distinguished_name)
2275 CName = ldap_get_dn(ldap_handle, ldap_entry);
2280 strcpy(distinguished_name, CName);
2281 ldap_memfree(CName);
2284 int linklist_create_entry(char *attribute, char *value,
2285 LK_ENTRY **linklist_entry)
2287 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2289 if (!(*linklist_entry))
2294 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2295 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2296 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2297 strcpy((*linklist_entry)->attribute, attribute);
2298 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2299 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2300 strcpy((*linklist_entry)->value, value);
2301 (*linklist_entry)->length = strlen(value);
2302 (*linklist_entry)->next = NULL;
2307 void print_to_screen(const char *fmt, ...)
2311 va_start(pvar, fmt);
2312 vfprintf(stderr, fmt, pvar);
2317 int get_group_membership(char *group_membership, char *group_ou,
2318 int *security_flag, char **av)
2323 maillist_flag = atoi(av[L_MAILLIST]);
2324 group_flag = atoi(av[L_GROUP]);
2326 if (security_flag != NULL)
2327 (*security_flag) = 0;
2329 if ((maillist_flag) && (group_flag))
2331 if (group_membership != NULL)
2332 group_membership[0] = 'B';
2334 if (security_flag != NULL)
2335 (*security_flag) = 1;
2337 if (group_ou != NULL)
2338 strcpy(group_ou, group_ou_both);
2340 else if ((!maillist_flag) && (group_flag))
2342 if (group_membership != NULL)
2343 group_membership[0] = 'S';
2345 if (security_flag != NULL)
2346 (*security_flag) = 1;
2348 if (group_ou != NULL)
2349 strcpy(group_ou, group_ou_security);
2351 else if ((maillist_flag) && (!group_flag))
2353 if (group_membership != NULL)
2354 group_membership[0] = 'D';
2356 if (group_ou != NULL)
2357 strcpy(group_ou, group_ou_distribution);
2361 if (group_membership != NULL)
2362 group_membership[0] = 'N';
2364 if (group_ou != NULL)
2365 strcpy(group_ou, group_ou_neither);
2371 int group_rename(LDAP *ldap_handle, char *dn_path,
2372 char *before_group_name, char *before_group_membership,
2373 char *before_group_ou, int before_security_flag,
2374 char *before_desc, char *after_group_name,
2375 char *after_group_membership, char *after_group_ou,
2376 int after_security_flag, char *after_desc,
2377 char *MoiraId, char *filter, char *maillist)
2382 char new_dn_path[512];
2385 char mail_nickname[256];
2386 char proxy_address[256];
2387 char address_book[256];
2388 char *attr_array[3];
2389 char *mitMoiraId_v[] = {NULL, NULL};
2390 char *name_v[] = {NULL, NULL};
2391 char *samAccountName_v[] = {NULL, NULL};
2392 char *groupTypeControl_v[] = {NULL, NULL};
2393 char *mail_v[] = {NULL, NULL};
2394 char *proxy_address_v[] = {NULL, NULL};
2395 char *mail_nickname_v[] = {NULL, NULL};
2396 char *report_to_originator_v[] = {NULL, NULL};
2397 char *address_book_v[] = {NULL, NULL};
2398 char *legacy_exchange_dn_v[] = {NULL, NULL};
2399 u_int groupTypeControl;
2400 char groupTypeControlStr[80];
2401 char contact_mail[256];
2405 LK_ENTRY *group_base;
2407 int MailDisabled = 0;
2409 if(UseGroupUniversal)
2410 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2412 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2414 if (!check_string(before_group_name))
2417 "Unable to process invalid LDAP list name %s",
2419 return(AD_INVALID_NAME);
2422 if (!check_string(after_group_name))
2425 "Unable to process invalid LDAP list name %s", after_group_name);
2426 return(AD_INVALID_NAME);
2436 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2437 attr_array[0] = "cn";
2438 attr_array[1] = NULL;
2440 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2441 &group_base, &group_count,
2442 LDAP_SCOPE_SUBTREE)) != 0)
2444 com_err(whoami, 0, "Unable to process group %s : %s",
2445 after_group_name, ldap_err2string(rc));
2451 com_err(whoami, 0, "Object already exists with name %s",
2456 linklist_free(group_base);
2465 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2466 before_group_membership,
2467 MoiraId, "samAccountName", &group_base,
2468 &group_count, filter))
2471 if (group_count == 0)
2473 return(AD_NO_GROUPS_FOUND);
2476 if (group_count != 1)
2478 com_err(whoami, 0, "Unable to process multiple groups with "
2479 "MoiraId = %s exist in the AD", MoiraId);
2480 return(AD_MULTIPLE_GROUPS_FOUND);
2483 strcpy(old_dn, group_base->dn);
2485 linklist_free(group_base);
2488 attr_array[0] = "sAMAccountName";
2489 attr_array[1] = NULL;
2491 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2492 &group_base, &group_count,
2493 LDAP_SCOPE_SUBTREE)) != 0)
2495 com_err(whoami, 0, "Unable to get list %s dn : %s",
2496 after_group_name, ldap_err2string(rc));
2500 if (group_count != 1)
2503 "Unable to get sAMAccountName for group %s",
2505 return(AD_LDAP_FAILURE);
2508 strcpy(sam_name, group_base->value);
2509 linklist_free(group_base);
2513 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2514 sprintf(new_dn, "cn=%s", after_group_name);
2515 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2516 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2517 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2518 lowercase(ldap_domain));
2519 sprintf(mail_nickname, "%s", after_group_name);
2521 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2523 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2524 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2526 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2527 before_group_name, after_group_name, ldap_err2string(rc));
2531 name_v[0] = after_group_name;
2533 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2534 group_suffix, strlen(group_suffix)))
2536 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2541 "Unable to rename list from %s to %s : sAMAccountName not found",
2542 before_group_name, after_group_name);
2546 samAccountName_v[0] = sam_name;
2548 if (after_security_flag)
2549 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2551 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2552 groupTypeControl_v[0] = groupTypeControlStr;
2553 mitMoiraId_v[0] = MoiraId;
2555 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2556 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2559 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2560 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2561 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2562 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2566 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2568 mail_nickname_v[0] = mail_nickname;
2569 proxy_address_v[0] = proxy_address;
2571 report_to_originator_v[0] = "TRUE";
2573 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("reportToOriginator", report_to_originator_v,
2581 mail_nickname_v[0] = NULL;
2582 proxy_address_v[0] = NULL;
2584 legacy_exchange_dn_v[0] = NULL;
2585 address_book_v[0] = NULL;
2586 report_to_originator_v[0] = NULL;
2588 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2593 ADD_ATTR("reportToOriginator", report_to_originator_v,
2599 if(atoi(maillist) && email_isvalid(contact_mail))
2601 mail_v[0] = contact_mail;
2602 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2608 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2611 "Unable to modify list data for %s after renaming: %s",
2612 after_group_name, ldap_err2string(rc));
2615 for (i = 0; i < n; i++)
2621 int group_create(int ac, char **av, void *ptr)
2626 char new_group_name[256];
2627 char sam_group_name[256];
2628 char cn_group_name[256];
2630 char contact_mail[256];
2631 char mail_nickname[256];
2632 char proxy_address[256];
2633 char address_book[256];
2634 char *cn_v[] = {NULL, NULL};
2635 char *objectClass_v[] = {"top", "group", NULL};
2636 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2637 "group", "mailRecipient", NULL};
2639 char *samAccountName_v[] = {NULL, NULL};
2640 char *altSecurityIdentities_v[] = {NULL, NULL};
2641 char *member_v[] = {NULL, NULL};
2642 char *name_v[] = {NULL, NULL};
2643 char *desc_v[] = {NULL, NULL};
2644 char *info_v[] = {NULL, NULL};
2645 char *mitMoiraId_v[] = {NULL, NULL};
2646 char *mitMoiraPublic_v[] = {NULL, NULL};
2647 char *mitMoiraHidden_v[] = {NULL, NULL};
2648 char *groupTypeControl_v[] = {NULL, NULL};
2649 char *mail_v[] = {NULL, NULL};
2650 char *proxy_address_v[] = {NULL, NULL};
2651 char *mail_nickname_v[] = {NULL, NULL};
2652 char *report_to_originator_v[] = {NULL, NULL};
2653 char *address_book_v[] = {NULL, NULL};
2654 char *legacy_exchange_dn_v[] = {NULL, NULL};
2655 char *gidNumber_v[] = {NULL, NULL};
2656 char groupTypeControlStr[80];
2657 char group_membership[1];
2660 u_int groupTypeControl;
2664 int MailDisabled = 0;
2666 LK_ENTRY *group_base;
2669 char *attr_array[3];
2673 if(UseGroupUniversal)
2674 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2676 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2678 if (!check_string(av[L_NAME]))
2680 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2682 return(AD_INVALID_NAME);
2685 updateGroup = (int)call_args[4];
2686 memset(group_ou, 0, sizeof(group_ou));
2687 memset(group_membership, 0, sizeof(group_membership));
2690 get_group_membership(group_membership, group_ou, &security_flag, av);
2692 strcpy(new_group_name, av[L_NAME]);
2693 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2694 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2695 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2696 sprintf(mail_nickname, "%s", av[L_NAME]);
2699 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2701 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2705 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2706 groupTypeControl_v[0] = groupTypeControlStr;
2708 strcpy(cn_group_name, av[L_NAME]);
2710 samAccountName_v[0] = sam_group_name;
2711 name_v[0] = new_group_name;
2712 cn_v[0] = new_group_name;
2715 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2719 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2723 mitMoiraPublic_v[0] = av[L_PUBLIC];
2724 mitMoiraHidden_v[0] = av[L_HIDDEN];
2725 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2726 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2727 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2729 if(atoi(av[L_GROUP]))
2731 gidNumber_v[0] = av[L_GID];
2732 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2736 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2737 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2738 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2742 if(atoi(av[L_MAILLIST]))
2747 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2748 attr_array[0] = "cn";
2749 attr_array[1] = NULL;
2751 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2752 filter, attr_array, &group_base,
2754 LDAP_SCOPE_SUBTREE)) != 0)
2756 com_err(whoami, 0, "Unable to process group %s : %s",
2757 av[L_NAME], ldap_err2string(rc));
2763 com_err(whoami, 0, "Object already exists with name %s",
2768 linklist_free(group_base);
2773 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2775 mail_nickname_v[0] = mail_nickname;
2776 report_to_originator_v[0] = "TRUE";
2778 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2779 ADD_ATTR("reportToOriginator", report_to_originator_v,
2785 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2787 mail_v[0] = contact_mail;
2788 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2792 if (strlen(av[L_DESC]) != 0)
2794 desc_v[0] = av[L_DESC];
2795 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2798 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2800 if (strlen(av[L_ACE_NAME]) != 0)
2802 sprintf(info, "The Administrator of this list is: %s",
2805 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2808 if (strlen(call_args[5]) != 0)
2810 mitMoiraId_v[0] = call_args[5];
2811 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2816 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2818 for (i = 0; i < n; i++)
2821 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2823 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2824 av[L_NAME], ldap_err2string(rc));
2830 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2832 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2833 "description", av[L_NAME]);
2834 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2836 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2841 if (strlen(call_args[5]) != 0)
2843 mitMoiraId_v[0] = call_args[5];
2844 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2847 if (!(atoi(av[L_ACTIVE])))
2850 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2853 if (!ActiveDirectory)
2855 mitMoiraPublic_v[0] = av[L_PUBLIC];
2856 mitMoiraHidden_v[0] = av[L_HIDDEN];
2857 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2858 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2860 if(atoi(av[L_GROUP]))
2862 gidNumber_v[0] = av[L_GID];
2863 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2867 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2873 if(atoi(av[L_MAILLIST]))
2878 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2879 attr_array[0] = "cn";
2880 attr_array[1] = NULL;
2882 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2883 filter, attr_array, &group_base,
2885 LDAP_SCOPE_SUBTREE)) != 0)
2887 com_err(whoami, 0, "Unable to process group %s : %s",
2888 av[L_NAME], ldap_err2string(rc));
2894 com_err(whoami, 0, "Object already exists with name %s",
2899 linklist_free(group_base);
2904 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2906 mail_nickname_v[0] = mail_nickname;
2907 report_to_originator_v[0] = "TRUE";
2909 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2910 ADD_ATTR("reportToOriginator", report_to_originator_v,
2916 mail_nickname_v[0] = NULL;
2917 proxy_address_v[0] = NULL;
2918 legacy_exchange_dn_v[0] = NULL;
2919 address_book_v[0] = NULL;
2920 report_to_originator_v[0] = NULL;
2922 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2923 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2924 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2925 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2927 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2928 ADD_ATTR("reportToOriginator", report_to_originator_v,
2934 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2936 mail_v[0] = contact_mail;
2937 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2942 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2951 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2953 for (i = 0; i < n; i++)
2956 if (rc != LDAP_SUCCESS)
2958 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2959 av[L_NAME], ldap_err2string(rc));
2966 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2967 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2969 return(LDAP_SUCCESS);
2972 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2973 char *TargetGroupName, int HiddenGroup,
2974 char *AceType, char *AceName)
2976 char filter_exp[1024];
2977 char *attr_array[5];
2978 char search_path[512];
2980 char TemplateDn[512];
2981 char TemplateSamName[128];
2983 char TargetSamName[128];
2984 char AceSamAccountName[128];
2986 unsigned char AceSid[128];
2987 unsigned char UserTemplateSid[128];
2988 char acBERBuf[N_SD_BER_BYTES];
2989 char GroupSecurityTemplate[256];
2990 char hide_addres_lists[256];
2991 char address_book[256];
2992 char *hide_address_lists_v[] = {NULL, NULL};
2993 char *address_book_v[] = {NULL, NULL};
2994 char *owner_v[] = {NULL, NULL};
2996 int UserTemplateSidCount;
3003 int array_count = 0;
3005 LK_ENTRY *group_base;
3006 LDAP_BERVAL **ppsValues;
3007 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3008 { N_SD_BER_BYTES, acBERBuf },
3011 LDAPControl *apsServerControls[] = {&sControl, NULL};
3014 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3015 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3016 BEREncodeSecurityBits(dwInfo, acBERBuf);
3018 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3019 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3020 attr_array[0] = "sAMAccountName";
3021 attr_array[1] = NULL;
3025 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3026 &group_base, &group_count,
3027 LDAP_SCOPE_SUBTREE) != 0))
3030 if (group_count != 1)
3032 linklist_free(group_base);
3036 strcpy(TargetDn, group_base->dn);
3037 strcpy(TargetSamName, group_base->value);
3038 linklist_free(group_base);
3042 UserTemplateSidCount = 0;
3043 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3044 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3045 memset(AceSid, '\0', sizeof(AceSid));
3050 if (strlen(AceName) != 0)
3052 if (!strcmp(AceType, "LIST"))
3054 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3055 strcpy(root_ou, group_ou_root);
3057 else if (!strcmp(AceType, "USER"))
3059 sprintf(AceSamAccountName, "%s", AceName);
3060 strcpy(root_ou, user_ou);
3063 if (ActiveDirectory)
3065 if (strlen(AceSamAccountName) != 0)
3067 sprintf(search_path, "%s", dn_path);
3068 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3069 attr_array[0] = "objectSid";
3070 attr_array[1] = NULL;
3074 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3075 attr_array, &group_base, &group_count,
3076 LDAP_SCOPE_SUBTREE) != 0))
3078 if (group_count == 1)
3080 strcpy(AceDn, group_base->dn);
3081 AceSidCount = group_base->length;
3082 memcpy(AceSid, group_base->value, AceSidCount);
3084 linklist_free(group_base);
3091 if (strlen(AceSamAccountName) != 0)
3093 sprintf(search_path, "%s", dn_path);
3094 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3095 attr_array[0] = "samAccountName";
3096 attr_array[1] = NULL;
3100 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3101 attr_array, &group_base, &group_count,
3102 LDAP_SCOPE_SUBTREE) != 0))
3104 if (group_count == 1)
3106 strcpy(AceDn, group_base->dn);
3108 linklist_free(group_base);
3115 if (!ActiveDirectory)
3117 if (strlen(AceDn) != 0)
3119 owner_v[0] = strdup(AceDn);
3121 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3125 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3127 for (i = 0; i < n; i++)
3130 if (rc != LDAP_SUCCESS)
3131 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3132 TargetGroupName, ldap_err2string(rc));
3138 if (AceSidCount == 0)
3140 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3141 "have an AD SID.", TargetGroupName, AceName, AceType);
3142 com_err(whoami, 0, " Non-admin security group template will be used.");
3146 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3147 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3148 attr_array[0] = "objectSid";
3149 attr_array[1] = NULL;
3154 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3155 attr_array, &group_base, &group_count,
3156 LDAP_SCOPE_SUBTREE) != 0))
3159 if ((rc != 0) || (group_count != 1))
3161 com_err(whoami, 0, "Unable to process user security template: %s",
3167 UserTemplateSidCount = group_base->length;
3168 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3170 linklist_free(group_base);
3177 if (AceSidCount == 0)
3179 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3180 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3184 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3185 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3190 if (AceSidCount == 0)
3192 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3193 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3197 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3198 sprintf(filter_exp, "(sAMAccountName=%s)",
3199 NOT_HIDDEN_GROUP_WITH_ADMIN);
3203 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3204 attr_array[0] = "sAMAccountName";
3205 attr_array[1] = NULL;
3209 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3210 &group_base, &group_count,
3211 LDAP_SCOPE_SUBTREE) != 0))
3214 if (group_count != 1)
3216 linklist_free(group_base);
3217 com_err(whoami, 0, "Unable to process group security template: %s - "
3218 "security not set", GroupSecurityTemplate);
3222 strcpy(TemplateDn, group_base->dn);
3223 strcpy(TemplateSamName, group_base->value);
3224 linklist_free(group_base);
3228 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3229 rc = ldap_search_ext_s(ldap_handle,
3241 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3243 com_err(whoami, 0, "Unable to find group security template: %s - "
3244 "security not set", GroupSecurityTemplate);
3248 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3250 if (ppsValues == NULL)
3252 com_err(whoami, 0, "Unable to find group security descriptor for group "
3253 "%s - security not set", GroupSecurityTemplate);
3257 if (AceSidCount != 0)
3259 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3262 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3264 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3265 UserTemplateSidCount))
3267 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3275 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3276 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3282 hide_address_lists_v[0] = "TRUE";
3283 address_book_v[0] = NULL;
3284 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3286 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3288 hide_address_lists_v[0] = NULL;
3289 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3296 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3298 for (i = 0; i < n; i++)
3301 ldap_value_free_len(ppsValues);
3302 ldap_msgfree(psMsg);
3304 if (rc != LDAP_SUCCESS)
3306 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3307 TargetGroupName, ldap_err2string(rc));
3309 if (AceSidCount != 0)
3312 "Trying to set security for group %s without admin.",
3315 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3316 HiddenGroup, "", ""))
3318 com_err(whoami, 0, "Unable to set security for group %s.",
3329 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3330 char *group_membership, char *MoiraId)
3332 LK_ENTRY *group_base;
3338 if (!check_string(group_name))
3341 "Unable to process invalid LDAP list name %s", group_name);
3342 return(AD_INVALID_NAME);
3345 memset(filter, '\0', sizeof(filter));
3348 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3350 if (rc = ad_get_group(ldap_handle, temp, group_name,
3351 group_membership, MoiraId,
3352 "samAccountName", &group_base,
3353 &group_count, filter))
3356 if (group_count == 1)
3358 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3360 linklist_free(group_base);
3361 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
3362 group_name, ldap_err2string(rc));
3365 linklist_free(group_base);
3369 linklist_free(group_base);
3370 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
3371 return(AD_NO_GROUPS_FOUND);
3377 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3383 return(N_SD_BER_BYTES);
3386 int process_lists(int ac, char **av, void *ptr)
3391 char group_membership[2];
3397 memset(group_ou, '\0', sizeof(group_ou));
3398 memset(group_membership, '\0', sizeof(group_membership));
3399 get_group_membership(group_membership, group_ou, &security_flag, av);
3400 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3401 av[L_NAME], group_ou, group_membership,
3407 int member_list_build(int ac, char **av, void *ptr)
3415 strcpy(temp, av[ACE_NAME]);
3417 if (!check_string(temp))
3420 if (!strcmp(av[ACE_TYPE], "USER"))
3422 if (!((int)call_args[3] & MOIRA_USERS))
3425 else if (!strcmp(av[ACE_TYPE], "STRING"))
3429 if((s = strchr(temp, '@')) == (char *) NULL)
3431 strcat(temp, "@mit.edu");
3434 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3436 s = strrchr(temp, '.');
3438 strcat(s, ".mit.edu");
3442 if (!((int)call_args[3] & MOIRA_STRINGS))
3445 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3449 else if (!strcmp(av[ACE_TYPE], "LIST"))
3451 if (!((int)call_args[3] & MOIRA_LISTS))
3454 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3456 if (!((int)call_args[3] & MOIRA_KERBEROS))
3459 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3467 linklist = member_base;
3471 if (!strcasecmp(temp, linklist->member))
3474 linklist = linklist->next;
3477 linklist = calloc(1, sizeof(LK_ENTRY));
3479 linklist->dn = NULL;
3480 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3481 strcpy(linklist->list, call_args[2]);
3482 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3483 strcpy(linklist->type, av[ACE_TYPE]);
3484 linklist->member = calloc(1, strlen(temp) + 1);
3485 strcpy(linklist->member, temp);
3486 linklist->next = member_base;
3487 member_base = linklist;
3492 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3493 char *group_ou, char *group_membership, char *user_name,
3494 char *UserOu, char *MoiraId)
3496 char distinguished_name[1024];
3500 char *attr_array[3];
3505 LK_ENTRY *group_base;
3509 if (!check_string(group_name))
3510 return(AD_INVALID_NAME);
3512 memset(filter, '\0', sizeof(filter));
3516 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3517 group_membership, MoiraId,
3518 "samAccountName", &group_base,
3519 &group_count, filter))
3522 if (group_count != 1)
3524 com_err(whoami, 0, "Unable to find list %s in AD",
3526 linklist_free(group_base);
3532 strcpy(distinguished_name, group_base->dn);
3533 linklist_free(group_base);
3539 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3543 if(!strcmp(UserOu, user_ou))
3544 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3546 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3549 modvalues[0] = temp;
3550 modvalues[1] = NULL;
3553 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3555 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3557 for (i = 0; i < n; i++)
3560 if (rc == LDAP_UNWILLING_TO_PERFORM)
3563 if (rc != LDAP_SUCCESS)
3565 com_err(whoami, 0, "Unable to modify list %s members : %s",
3566 group_name, ldap_err2string(rc));
3570 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3574 if(!strcmp(UserOu, contact_ou) &&
3575 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3577 memset(temp, '\0', sizeof(temp));
3578 strcpy(temp, user_name);
3579 s = strchr(temp, '@');
3582 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3584 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3585 &group_base, &group_count,
3586 LDAP_SCOPE_SUBTREE) != 0))
3592 linklist_free(group_base);
3597 sprintf(filter, "(distinguishedName=%s)", temp);
3598 attr_array[0] = "memberOf";
3599 attr_array[1] = NULL;
3601 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3602 &group_base, &group_count,
3603 LDAP_SCOPE_SUBTREE) != 0))
3609 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3611 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3621 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3622 char *group_ou, char *group_membership, char *user_name,
3623 char *UserOu, char *MoiraId)
3625 char distinguished_name[1024];
3633 LK_ENTRY *group_base;
3636 if (!check_string(group_name))
3637 return(AD_INVALID_NAME);
3640 memset(filter, '\0', sizeof(filter));
3644 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3645 group_membership, MoiraId,
3646 "samAccountName", &group_base,
3647 &group_count, filter))
3650 if (group_count != 1)
3652 linklist_free(group_base);
3655 com_err(whoami, 0, "Unable to find list %s %d in AD",
3656 group_name, group_count);
3657 return(AD_MULTIPLE_GROUPS_FOUND);
3660 strcpy(distinguished_name, group_base->dn);
3661 linklist_free(group_base);
3667 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3671 if(!strcmp(UserOu, user_ou))
3672 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3674 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3677 modvalues[0] = temp;
3678 modvalues[1] = NULL;
3681 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3683 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3685 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3688 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3690 if (rc == LDAP_UNWILLING_TO_PERFORM)
3694 for (i = 0; i < n; i++)
3697 if (rc != LDAP_SUCCESS)
3699 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3700 user_name, group_name, ldap_err2string(rc));
3706 int contact_remove_email(LDAP *ld, char *bind_path,
3707 LK_ENTRY **linklist_base, int linklist_current)
3711 char *mail_v[] = {NULL, NULL};
3719 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3720 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3721 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3722 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3725 gPtr = (*linklist_base);
3728 rc = ldap_modify_s(ld, gPtr->dn, mods);
3730 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3732 com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
3733 gPtr->dn, ldap_err2string(rc));
3740 for (i = 0; i < n; i++)
3746 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3749 LK_ENTRY *group_base;
3752 char cn_user_name[256];
3753 char contact_name[256];
3754 char mail_nickname[256];
3755 char proxy_address_internal[256];
3756 char proxy_address_external[256];
3757 char target_address[256];
3758 char internal_contact_name[256];
3761 char principal[256];
3762 char mit_address_book[256];
3763 char default_address_book[256];
3764 char contact_address_book[256];
3766 char *email_v[] = {NULL, NULL};
3767 char *cn_v[] = {NULL, NULL};
3768 char *contact_v[] = {NULL, NULL};
3769 char *uid_v[] = {NULL, NULL};
3770 char *mail_nickname_v[] = {NULL, NULL};
3771 char *proxy_address_internal_v[] = {NULL, NULL};
3772 char *proxy_address_external_v[] = {NULL, NULL};
3773 char *target_address_v[] = {NULL, NULL};
3774 char *mit_address_book_v[] = {NULL, NULL};
3775 char *default_address_book_v[] = {NULL, NULL};
3776 char *contact_address_book_v[] = {NULL, NULL};
3777 char *hide_address_lists_v[] = {NULL, NULL};
3778 char *attr_array[3];
3779 char *objectClass_v[] = {"top", "person",
3780 "organizationalPerson",
3782 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3783 "inetOrgPerson", "organizationalPerson",
3784 "contact", "mailRecipient", "eduPerson",
3786 char *name_v[] = {NULL, NULL};
3787 char *desc_v[] = {NULL, NULL};
3794 char *mail_routing_v[] = {NULL, NULL};
3795 char *principal_v[] = {NULL, NULL};
3797 if (!check_string(user))
3799 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3800 return(AD_INVALID_NAME);
3804 strcpy(contact_name, mail);
3805 strcpy(internal_contact_name, mail);
3807 if((s = strchr(internal_contact_name, '@')) != NULL) {
3811 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3814 sprintf(target_address, "SMTP:%s", contact_name);
3815 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3816 sprintf(mail_nickname, "%s", internal_contact_name);
3818 cn_v[0] = cn_user_name;
3819 contact_v[0] = contact_name;
3822 desc_v[0] = "Auto account created by Moira";
3824 proxy_address_internal_v[0] = proxy_address_internal;
3825 proxy_address_external_v[0] = proxy_address_external;
3826 mail_nickname_v[0] = mail_nickname;
3827 target_address_v[0] = target_address;
3828 mit_address_book_v[0] = mit_address_book;
3829 default_address_book_v[0] = default_address_book;
3830 contact_address_book_v[0] = contact_address_book;
3831 strcpy(new_dn, cn_user_name);
3834 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3836 if(!ActiveDirectory)
3838 if(!strcmp(group_ou, contact_ou))
3839 sprintf(uid, "%s%s", contact_name, "_strings");
3841 if(!strcmp(group_ou, kerberos_ou))
3842 sprintf(uid, "%s%s", contact_name, "_kerberos");
3846 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3847 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3852 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3856 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3859 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3860 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3861 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3865 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3870 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3871 attr_array[0] = "cn";
3872 attr_array[1] = NULL;
3874 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3875 &group_base, &group_count,
3876 LDAP_SCOPE_SUBTREE)) != 0)
3878 com_err(whoami, 0, "Unable to process contact %s : %s",
3879 user, ldap_err2string(rc));
3885 com_err(whoami, 0, "Object already exists with name %s",
3890 linklist_free(group_base);
3894 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3895 attr_array[0] = "cn";
3896 attr_array[1] = NULL;
3898 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3899 &group_base, &group_count,
3900 LDAP_SCOPE_SUBTREE)) != 0)
3902 com_err(whoami, 0, "Unable to process contact %s : %s",
3903 user, ldap_err2string(rc));
3909 com_err(whoami, 0, "Object already exists with name %s",
3914 linklist_free(group_base);
3918 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3919 attr_array[0] = "cn";
3920 attr_array[1] = NULL;
3922 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3923 &group_base, &group_count,
3924 LDAP_SCOPE_SUBTREE)) != 0)
3926 com_err(whoami, 0, "Unable to process contact %s : %s",
3927 user, ldap_err2string(rc));
3933 com_err(whoami, 0, "Object already exists with name %s",
3938 linklist_free(group_base);
3942 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3943 attr_array[0] = "cn";
3944 attr_array[1] = NULL;
3946 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3947 &group_base, &group_count,
3948 LDAP_SCOPE_SUBTREE)) != 0)
3950 com_err(whoami, 0, "Unable to process contact %s : %s",
3951 user, ldap_err2string(rc));
3957 com_err(whoami, 0, "Object already exists with name %s",
3962 linklist_free(group_base);
3966 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3967 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3968 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3969 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
3971 hide_address_lists_v[0] = "TRUE";
3972 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3977 if(!ActiveDirectory)
3979 if((c = strchr(mail, '@')) == NULL)
3980 sprintf(temp, "%s@mit.edu", mail);
3982 sprintf(temp, "%s", mail);
3984 mail_routing_v[0] = temp;
3986 principal_v[0] = principal;
3988 if(!strcmp(group_ou, contact_ou))
3990 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
3993 if(!strcmp(group_ou, contact_ou))
3995 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4001 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4003 for (i = 0; i < n; i++)
4008 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4009 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4013 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4014 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4015 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4017 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4019 hide_address_lists_v[0] = "TRUE";
4020 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4024 rc = ldap_modify_s(ld, new_dn, mods);
4028 com_err(whoami, 0, "Unable to update contact %s", mail);
4031 for (i = 0; i < n; i++)
4036 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4039 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
4043 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4047 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
4050 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4051 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
4052 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4054 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4056 for (i = 0; i < n; i++)
4060 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4062 com_err(whoami, 0, "Unable to create contact %s : %s",
4063 user, ldap_err2string(rc));
4070 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4071 char *Uid, char *MitId, char *MoiraId, int State,
4072 char *WinHomeDir, char *WinProfileDir, char *first,
4073 char *middle, char *last, char *shell, char *class)
4076 LK_ENTRY *group_base;
4078 char distinguished_name[512];
4079 char displayName[256];
4080 char *mitMoiraId_v[] = {NULL, NULL};
4081 char *mitMoiraClass_v[] = {NULL, NULL};
4082 char *mitMoiraStatus_v[] = {NULL, NULL};
4083 char *uid_v[] = {NULL, NULL};
4084 char *mitid_v[] = {NULL, NULL};
4085 char *homedir_v[] = {NULL, NULL};
4086 char *winProfile_v[] = {NULL, NULL};
4087 char *drives_v[] = {NULL, NULL};
4088 char *userAccountControl_v[] = {NULL, NULL};
4089 char *alt_recipient_v[] = {NULL, NULL};
4090 char *hide_address_lists_v[] = {NULL, NULL};
4091 char *mail_v[] = {NULL, NULL};
4092 char *gid_v[] = {NULL, NULL};
4093 char *loginshell_v[] = {NULL, NULL};
4094 char *principal_v[] = {NULL, NULL};
4095 char userAccountControlStr[80];
4100 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4101 UF_PASSWD_CANT_CHANGE;
4103 char *attr_array[3];
4106 char contact_mail[256];
4107 char filter_exp[1024];
4108 char search_path[512];
4109 char TemplateDn[512];
4110 char TemplateSamName[128];
4111 char alt_recipient[256];
4112 char principal[256];
4114 char acBERBuf[N_SD_BER_BYTES];
4115 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4116 { N_SD_BER_BYTES, acBERBuf },
4118 LDAPControl *apsServerControls[] = {&sControl, NULL};
4120 LDAP_BERVAL **ppsValues;
4124 char *homeServerName;
4126 char search_string[256];
4128 char *mail_routing_v[] = {NULL, NULL};
4131 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4132 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4133 BEREncodeSecurityBits(dwInfo, acBERBuf);
4135 if (!check_string(user_name))
4137 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4139 return(AD_INVALID_NAME);
4142 memset(contact_mail, '\0', sizeof(contact_mail));
4143 sprintf(contact_mail, "%s@mit.edu", user_name);
4144 memset(mail, '\0', sizeof(mail));
4145 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4146 memset(alt_recipient, '\0', sizeof(alt_recipient));
4147 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4149 sprintf(search_string, "@%s", uppercase(ldap_domain));
4153 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4155 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4162 memset(displayName, '\0', sizeof(displayName));
4164 if (strlen(MoiraId) != 0)
4168 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4173 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4176 attr_array[0] = "cn";
4177 attr_array[1] = NULL;
4178 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4179 &group_base, &group_count,
4180 LDAP_SCOPE_SUBTREE)) != 0)
4182 com_err(whoami, 0, "Unable to process user %s : %s",
4183 user_name, ldap_err2string(rc));
4188 if (group_count != 1)
4190 linklist_free(group_base);
4193 sprintf(filter, "(sAMAccountName=%s)", user_name);
4194 attr_array[0] = "cn";
4195 attr_array[1] = NULL;
4196 sprintf(temp, "%s,%s", user_ou, dn_path);
4197 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4198 &group_base, &group_count,
4199 LDAP_SCOPE_SUBTREE)) != 0)
4201 com_err(whoami, 0, "Unable to process user %s : %s",
4202 user_name, ldap_err2string(rc));
4207 if (group_count != 1)
4209 com_err(whoami, 0, "Unable to find user %s in AD",
4211 linklist_free(group_base);
4212 return(AD_NO_USER_FOUND);
4215 strcpy(distinguished_name, group_base->dn);
4217 linklist_free(group_base);
4220 if(!ActiveDirectory)
4222 if (rc = moira_connect())
4224 critical_alert("AD incremental",
4225 "Error contacting Moira server : %s",
4230 argv[0] = user_name;
4232 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4235 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4237 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4239 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4244 "Unable to set the mailRoutingAddress for %s : %s",
4245 user_name, ldap_err2string(rc));
4247 p = strdup(save_argv[3]);
4249 if((c = strchr(p, ',')) != NULL)
4254 if ((c = strchr(q, '@')) == NULL)
4255 sprintf(temp, "%s@mit.edu", q);
4257 sprintf(temp, "%s", q);
4259 if(email_isvalid(temp) && State != US_DELETED)
4261 mail_routing_v[0] = temp;
4264 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4266 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4268 if (rc == LDAP_ALREADY_EXISTS ||
4269 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4274 "Unable to set the mailRoutingAddress for %s : %s",
4275 user_name, ldap_err2string(rc));
4278 while((q = strtok(NULL, ",")) != NULL) {
4281 if((c = strchr(q, '@')) == NULL)
4282 sprintf(temp, "%s@mit.edu", q);
4284 sprintf(temp, "%s", q);
4286 if(email_isvalid(temp) && State != US_DELETED)
4288 mail_routing_v[0] = temp;
4291 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4294 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4296 if (rc == LDAP_ALREADY_EXISTS ||
4297 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4302 "Unable to set the mailRoutingAddress for "
4304 user_name, ldap_err2string(rc));
4310 if((c = strchr(p, '@')) == NULL)
4311 sprintf(temp, "%s@mit.edu", p);
4313 sprintf(temp, "%s", p);
4315 if(email_isvalid(temp) && State != US_DELETED)
4317 mail_routing_v[0] = temp;
4320 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4322 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4324 if (rc == LDAP_ALREADY_EXISTS ||
4325 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4330 "Unable to set the mailRoutingAddress for %s : %s",
4331 user_name, ldap_err2string(rc));
4338 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4339 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4340 "employeeID", user_name);
4342 rc = attribute_update(ldap_handle, distinguished_name, "none",
4343 "employeeID", user_name);
4346 strcat(displayName, first);
4349 if(strlen(middle)) {
4351 strcat(displayName, " ");
4353 strcat(displayName, middle);
4357 if(strlen(middle) || strlen(first))
4358 strcat(displayName, " ");
4360 strcat(displayName, last);
4363 if(strlen(displayName))
4364 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4365 "displayName", user_name);
4367 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4368 "displayName", user_name);
4370 if(!ActiveDirectory)
4372 if(strlen(displayName))
4373 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4376 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4380 if(!ActiveDirectory)
4382 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4383 "eduPersonNickname", user_name);
4387 rc = attribute_update(ldap_handle, distinguished_name, first,
4388 "givenName", user_name);
4390 rc = attribute_update(ldap_handle, distinguished_name, "",
4391 "givenName", user_name);
4393 if(strlen(middle) == 1)
4394 rc = attribute_update(ldap_handle, distinguished_name, middle,
4395 "initials", user_name);
4397 rc = attribute_update(ldap_handle, distinguished_name, "",
4398 "initials", user_name);
4401 rc = attribute_update(ldap_handle, distinguished_name, last,
4404 rc = attribute_update(ldap_handle, distinguished_name, "",
4409 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4414 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4418 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4419 "mitMoiraId", user_name);
4428 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4432 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4437 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4438 sprintf(status, "%d", State);
4439 principal_v[0] = principal;
4440 loginshell_v[0] = shell;
4441 mitMoiraClass_v[0] = class;
4442 mitMoiraStatus_v[0] = status;
4444 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4445 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4446 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4448 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4452 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4454 userAccountControl |= UF_ACCOUNTDISABLE;
4458 hide_address_lists_v[0] = "TRUE";
4459 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4467 hide_address_lists_v[0] = NULL;
4468 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4473 sprintf(userAccountControlStr, "%ld", userAccountControl);
4474 userAccountControl_v[0] = userAccountControlStr;
4475 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4479 if (rc = moira_connect())
4481 critical_alert("AD incremental",
4482 "Error contacting Moira server : %s",
4487 argv[0] = user_name;
4489 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4491 if(!strcmp(save_argv[1], "EXCHANGE") ||
4492 (strstr(save_argv[3], search_string) != NULL))
4494 alt_recipient_v[0] = NULL;
4495 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4497 argv[0] = exchange_acl;
4499 argv[2] = user_name;
4501 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4503 if ((rc) && (rc != MR_EXISTS))
4505 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4506 user_name, exchange_acl, error_message(rc));
4511 alt_recipient_v[0] = alt_recipient;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_NO_MATCH))
4523 "Unable to remove user %s from %s: %s, %d",
4524 user_name, exchange_acl, error_message(rc), rc);
4530 alt_recipient_v[0] = alt_recipient;
4531 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4533 argv[0] = exchange_acl;
4535 argv[2] = user_name;
4537 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4539 if ((rc) && (rc != MR_NO_MATCH))
4542 "Unable to remove user %s from %s: %s, %d",
4543 user_name, exchange_acl, error_message(rc), rc);
4551 mail_v[0] = contact_mail;
4552 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4555 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4556 WinProfileDir, homedir_v, winProfile_v,
4557 drives_v, mods, LDAP_MOD_REPLACE, n);
4561 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4562 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4563 attr_array[0] = "sAMAccountName";
4564 attr_array[1] = NULL;
4568 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4570 &group_base, &group_count,
4571 LDAP_SCOPE_SUBTREE) != 0))
4574 if (group_count != 1)
4576 com_err(whoami, 0, "Unable to process user security template: %s - "
4577 "security not set", "UserTemplate.u");
4581 strcpy(TemplateDn, group_base->dn);
4582 strcpy(TemplateSamName, group_base->value);
4583 linklist_free(group_base);
4587 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4588 filter_exp, NULL, 0, apsServerControls, NULL,
4591 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4593 com_err(whoami, 0, "Unable to find user security template: %s - "
4594 "security not set", "UserTemplate.u");
4598 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4599 "ntSecurityDescriptor");
4601 if (ppsValues == NULL)
4603 com_err(whoami, 0, "Unable to find user security template: %s - "
4604 "security not set", "UserTemplate.u");
4608 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4609 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4614 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4615 mods)) != LDAP_SUCCESS)
4617 OldUseSFU30 = UseSFU30;
4618 SwitchSFU(mods, &UseSFU30, n);
4619 if (OldUseSFU30 != UseSFU30)
4620 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4623 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4624 user_name, ldap_err2string(rc));
4628 for (i = 0; i < n; i++)
4634 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4642 char contact_mail[256];
4643 char proxy_address[256];
4644 char query_base_dn[256];
4646 char *userPrincipalName_v[] = {NULL, NULL};
4647 char *altSecurityIdentities_v[] = {NULL, NULL};
4648 char *name_v[] = {NULL, NULL};
4649 char *samAccountName_v[] = {NULL, NULL};
4650 char *mail_v[] = {NULL, NULL};
4651 char *mail_nickname_v[] = {NULL, NULL};
4652 char *proxy_address_v[] = {NULL, NULL};
4653 char *query_base_dn_v[] = {NULL, NULL};
4654 char *principal_v[] = {NULL, NULL};
4655 char principal[256];
4660 if (!check_string(before_user_name))
4663 "Unable to process invalid LDAP user name %s", before_user_name);
4664 return(AD_INVALID_NAME);
4667 if (!check_string(user_name))
4670 "Unable to process invalid LDAP user name %s", user_name);
4671 return(AD_INVALID_NAME);
4674 strcpy(user_name, user_name);
4677 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4679 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4682 sprintf(new_dn, "cn=%s", user_name);
4684 sprintf(new_dn, "uid=%s", user_name);
4686 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4687 sprintf(contact_mail, "%s@mit.edu", user_name);
4688 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4689 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4691 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4692 NULL, NULL)) != LDAP_SUCCESS)
4694 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4695 before_user_name, user_name, ldap_err2string(rc));
4701 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4704 if(rc = ldap_delete_s(ldap_handle, temp))
4706 com_err(whoami, 0, "Unable to delete user contact for %s",
4710 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4712 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4716 name_v[0] = user_name;
4717 sprintf(upn, "%s@%s", user_name, ldap_domain);
4718 userPrincipalName_v[0] = upn;
4719 principal_v[0] = principal;
4720 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4721 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4722 altSecurityIdentities_v[0] = temp;
4723 samAccountName_v[0] = user_name;
4725 mail_nickname_v[0] = user_name;
4726 proxy_address_v[0] = proxy_address;
4727 query_base_dn_v[0] = query_base_dn;
4730 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4731 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4732 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4733 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4735 if(!ActiveDirectory)
4737 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4738 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4739 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4740 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4745 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4746 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4747 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4752 mail_v[0] = contact_mail;
4753 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4759 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4761 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4763 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4766 "Unable to modify user data for %s after renaming : %s",
4767 user_name, ldap_err2string(rc));
4770 for (i = 0; i < n; i++)
4776 int user_create(int ac, char **av, void *ptr)
4780 char user_name[256];
4784 char contact_mail[256];
4785 char proxy_address[256];
4786 char mail_nickname[256];
4787 char query_base_dn[256];
4788 char displayName[256];
4789 char address_book[256];
4790 char alt_recipient[256];
4791 char *cn_v[] = {NULL, NULL};
4792 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4794 char *objectClass_ldap_v[] = {"top",
4795 "eduPerson", "posixAccount",
4796 "apple-user", "shadowAccount",
4797 "microsoftComTop", "securityPrincipal",
4798 "inetOrgPerson", "user",
4799 "organizationalPerson", "person",
4800 "mailRecipient", NULL};
4802 char *samAccountName_v[] = {NULL, NULL};
4803 char *altSecurityIdentities_v[] = {NULL, NULL};
4804 char *mitMoiraId_v[] = {NULL, NULL};
4805 char *mitMoiraClass_v[] = {NULL, NULL};
4806 char *mitMoiraStatus_v[] = {NULL, NULL};
4807 char *name_v[] = {NULL, NULL};
4808 char *desc_v[] = {NULL, NULL};
4809 char *userPrincipalName_v[] = {NULL, NULL};
4810 char *userAccountControl_v[] = {NULL, NULL};
4811 char *uid_v[] = {NULL, NULL};
4812 char *gid_v[] = {NULL, NULL};
4813 char *mitid_v[] = {NULL, NULL};
4814 char *homedir_v[] = {NULL, NULL};
4815 char *winProfile_v[] = {NULL, NULL};
4816 char *drives_v[] = {NULL, NULL};
4817 char *mail_v[] = {NULL, NULL};
4818 char *givenName_v[] = {NULL, NULL};
4819 char *sn_v[] = {NULL, NULL};
4820 char *initials_v[] = {NULL, NULL};
4821 char *displayName_v[] = {NULL, NULL};
4822 char *proxy_address_v[] = {NULL, NULL};
4823 char *mail_nickname_v[] = {NULL, NULL};
4824 char *query_base_dn_v[] = {NULL, NULL};
4825 char *address_book_v[] = {NULL, NULL};
4826 char *homeMDB_v[] = {NULL, NULL};
4827 char *homeServerName_v[] = {NULL, NULL};
4828 char *mdbUseDefaults_v[] = {NULL, NULL};
4829 char *mailbox_guid_v[] = {NULL, NULL};
4830 char *user_culture_v[] = {NULL, NULL};
4831 char *user_account_control_v[] = {NULL, NULL};
4832 char *msexch_version_v[] = {NULL, NULL};
4833 char *alt_recipient_v[] = {NULL, NULL};
4834 char *hide_address_lists_v[] = {NULL, NULL};
4835 char *principal_v[] = {NULL, NULL};
4836 char *loginshell_v[] = {NULL, NULL};
4837 char userAccountControlStr[80];
4839 char principal[256];
4840 char filter_exp[1024];
4841 char search_path[512];
4842 char *attr_array[3];
4843 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4844 UF_PASSWD_CANT_CHANGE;
4850 char WinHomeDir[1024];
4851 char WinProfileDir[1024];
4853 char *homeServerName;
4855 char acBERBuf[N_SD_BER_BYTES];
4856 LK_ENTRY *group_base;
4858 char TemplateDn[512];
4859 char TemplateSamName[128];
4860 LDAP_BERVAL **ppsValues;
4861 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4862 { N_SD_BER_BYTES, acBERBuf },
4864 LDAPControl *apsServerControls[] = {&sControl, NULL};
4868 char search_string[256];
4869 char *o_v[] = {NULL, NULL};
4871 char *mail_routing_v[] = {NULL, NULL};
4876 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4877 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4878 BEREncodeSecurityBits(dwInfo, acBERBuf);
4880 if (!check_string(av[U_NAME]))
4882 callback_rc = AD_INVALID_NAME;
4883 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4885 return(AD_INVALID_NAME);
4888 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4889 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4890 memset(displayName, '\0', sizeof(displayName));
4891 memset(query_base_dn, '\0', sizeof(query_base_dn));
4892 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4893 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4894 strcpy(user_name, av[U_NAME]);
4895 sprintf(upn, "%s@%s", user_name, ldap_domain);
4896 sprintf(sam_name, "%s", av[U_NAME]);
4898 if(strlen(av[U_FIRST])) {
4899 strcat(displayName, av[U_FIRST]);
4902 if(strlen(av[U_MIDDLE])) {
4903 if(strlen(av[U_FIRST]))
4904 strcat(displayName, " ");
4906 strcat(displayName, av[U_MIDDLE]);
4909 if(strlen(av[U_LAST])) {
4910 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4911 strcat(displayName, " ");
4913 strcat(displayName, av[U_LAST]);
4916 samAccountName_v[0] = sam_name;
4917 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4918 (atoi(av[U_STATE]) != US_REGISTERED))
4920 userAccountControl |= UF_ACCOUNTDISABLE;
4924 hide_address_lists_v[0] = "TRUE";
4925 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4930 sprintf(userAccountControlStr, "%ld", userAccountControl);
4931 userAccountControl_v[0] = userAccountControlStr;
4932 userPrincipalName_v[0] = upn;
4935 cn_v[0] = user_name;
4937 cn_v[0] = displayName;
4939 name_v[0] = user_name;
4940 desc_v[0] = "Auto account created by Moira";
4942 givenName_v[0] = av[U_FIRST];
4945 sn_v[0] = av[U_LAST];
4947 if(strlen(av[U_LAST]))
4948 sn_v[0] = av[U_LAST];
4950 sn_v[0] = av[U_NAME];
4952 displayName_v[0] = displayName;
4953 mail_nickname_v[0] = user_name;
4954 o_v[0] = "Massachusetts Institute of Technology";
4956 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4957 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4958 altSecurityIdentities_v[0] = temp;
4959 principal_v[0] = principal;
4962 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4964 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4966 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4967 sprintf(contact_mail, "%s@mit.edu", user_name);
4968 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4969 query_base_dn_v[0] = query_base_dn;
4970 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4972 sprintf(search_string, "@%s", uppercase(ldap_domain));
4976 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4979 com_err(whoami, 0, "Unable to create user contact %s",
4983 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4986 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
4990 com_err(whoami, 0, "homeMDB:%s", homeMDB);
4991 com_err(whoami, 0, "homeServerName:%s", homeServerName);
4993 homeMDB_v[0] = homeMDB;
4994 homeServerName_v[0] = homeServerName;
4999 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5003 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5007 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5010 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5011 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5012 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5013 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5014 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5018 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5019 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5020 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5021 mdbUseDefaults_v[0] = "TRUE";
5022 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5023 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5025 argv[0] = user_name;
5027 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5029 if(!strcmp(save_argv[1], "EXCHANGE") ||
5030 (strstr(save_argv[3], search_string) != NULL))
5032 argv[0] = exchange_acl;
5034 argv[2] = user_name;
5036 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5038 if ((rc) && (rc != MR_EXISTS))
5040 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5041 user_name, exchange_acl, error_message(rc));
5046 alt_recipient_v[0] = alt_recipient;
5047 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5052 alt_recipient_v[0] = alt_recipient;
5053 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5055 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5060 mail_v[0] = contact_mail;
5061 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5064 if(strlen(av[U_FIRST])) {
5065 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5068 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5069 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5072 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5073 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5075 if(!ActiveDirectory)
5077 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5080 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5082 if(!ActiveDirectory)
5084 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5088 if (strlen(av[U_MIDDLE]) == 1) {
5089 initials_v[0] = av[U_MIDDLE];
5090 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5093 if (strlen(call_args[2]) != 0)
5095 mitMoiraId_v[0] = call_args[2];
5096 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5099 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5101 if(!ActiveDirectory)
5103 loginshell_v[0] = av[U_SHELL];
5104 mitMoiraClass_v[0] = av[U_CLASS];
5105 mitMoiraStatus_v[0] = av[U_STATE];
5106 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5107 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5108 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5109 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5110 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5111 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5114 if (strlen(av[U_UID]) != 0)
5116 uid_v[0] = av[U_UID];
5120 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5125 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5126 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5133 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5137 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5142 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5143 mitid_v[0] = av[U_MITID];
5145 mitid_v[0] = "none";
5147 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5149 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5150 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5151 drives_v, mods, LDAP_MOD_ADD, n);
5155 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5156 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5157 attr_array[0] = "sAMAccountName";
5158 attr_array[1] = NULL;
5162 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5163 attr_array, &group_base, &group_count,
5164 LDAP_SCOPE_SUBTREE) != 0))
5167 if (group_count != 1)
5169 com_err(whoami, 0, "Unable to process user security template: %s - "
5170 "security not set", "UserTemplate.u");
5174 strcpy(TemplateDn, group_base->dn);
5175 strcpy(TemplateSamName, group_base->value);
5176 linklist_free(group_base);
5180 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5181 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5182 apsServerControls, NULL,
5185 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5187 com_err(whoami, 0, "Unable to find user security template: %s - "
5188 "security not set", "UserTemplate.u");
5192 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5193 "ntSecurityDescriptor");
5194 if (ppsValues == NULL)
5196 com_err(whoami, 0, "Unable to find user security template: %s - "
5197 "security not set", "UserTemplate.u");
5201 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5202 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5207 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5209 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5211 OldUseSFU30 = UseSFU30;
5212 SwitchSFU(mods, &UseSFU30, n);
5213 if (OldUseSFU30 != UseSFU30)
5214 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5217 for (i = 0; i < n; i++)
5220 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5222 com_err(whoami, 0, "Unable to create user %s : %s",
5223 user_name, ldap_err2string(rc));
5228 if ((rc == LDAP_SUCCESS) && (SetPassword))
5230 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5232 ad_kdc_disconnect();
5233 if (!ad_server_connect(default_server, ldap_domain))
5235 com_err(whoami, 0, "Unable to set password for user %s : %s",
5237 "cannot get changepw ticket from windows domain");
5241 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5243 com_err(whoami, 0, "Unable to set password for user %s "
5244 ": %ld", user_name, rc);
5250 if(!ActiveDirectory)
5252 if (rc = moira_connect())
5254 critical_alert("AD incremental",
5255 "Error contacting Moira server : %s",
5260 argv[0] = user_name;
5262 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5264 p = strdup(save_argv[3]);
5266 if((c = strchr(p, ',')) != NULL) {
5270 if ((c = strchr(q, '@')) == NULL)
5271 sprintf(temp, "%s@mit.edu", q);
5273 sprintf(temp, "%s", q);
5275 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5277 mail_routing_v[0] = temp;
5280 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5282 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5284 if (rc == LDAP_ALREADY_EXISTS ||
5285 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5290 "Unable to set the mailRoutingAddress for %s : %s",
5291 user_name, ldap_err2string(rc));
5294 while((q = strtok(NULL, ",")) != NULL) {
5297 if((c = strchr(q, '@')) == NULL)
5298 sprintf(temp, "%s@mit.edu", q);
5300 sprintf(temp, "%s", q);
5302 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5304 mail_routing_v[0] = temp;
5307 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5309 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5311 if (rc == LDAP_ALREADY_EXISTS ||
5312 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5317 "Unable to set the mailRoutingAddress for %s : %s",
5318 user_name, ldap_err2string(rc));
5324 if((c = strchr(p, '@')) == NULL)
5325 sprintf(temp, "%s@mit.edu", p);
5327 sprintf(temp, "%s", p);
5329 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5331 mail_routing_v[0] = temp;
5334 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5336 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5338 if (rc == LDAP_ALREADY_EXISTS ||
5339 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5344 "Unable to set the mailRoutingAddress for %s : %s",
5345 user_name, ldap_err2string(rc));
5355 int user_change_status(LDAP *ldap_handle, char *dn_path,
5356 char *user_name, char *MoiraId,
5360 char *attr_array[3];
5362 char distinguished_name[1024];
5364 char *mitMoiraId_v[] = {NULL, NULL};
5366 LK_ENTRY *group_base;
5373 if (!check_string(user_name))
5375 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5377 return(AD_INVALID_NAME);
5383 if (strlen(MoiraId) != 0)
5385 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5386 attr_array[0] = "UserAccountControl";
5387 attr_array[1] = NULL;
5388 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5389 &group_base, &group_count,
5390 LDAP_SCOPE_SUBTREE)) != 0)
5392 com_err(whoami, 0, "Unable to process user %s : %s",
5393 user_name, ldap_err2string(rc));
5398 if (group_count != 1)
5400 linklist_free(group_base);
5403 sprintf(filter, "(sAMAccountName=%s)", user_name);
5404 attr_array[0] = "UserAccountControl";
5405 attr_array[1] = NULL;
5406 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5407 &group_base, &group_count,
5408 LDAP_SCOPE_SUBTREE)) != 0)
5410 com_err(whoami, 0, "Unable to process user %s : %s",
5411 user_name, ldap_err2string(rc));
5416 if (group_count != 1)
5418 linklist_free(group_base);
5419 com_err(whoami, 0, "Unable to find user %s in AD",
5421 return(LDAP_NO_SUCH_OBJECT);
5424 strcpy(distinguished_name, group_base->dn);
5425 ulongValue = atoi((*group_base).value);
5427 if (operation == MEMBER_DEACTIVATE)
5428 ulongValue |= UF_ACCOUNTDISABLE;
5430 ulongValue &= ~UF_ACCOUNTDISABLE;
5432 sprintf(temp, "%ld", ulongValue);
5434 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5435 temp, &modvalues, REPLACE)) == 1)
5438 linklist_free(group_base);
5442 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5444 if (strlen(MoiraId) != 0)
5446 mitMoiraId_v[0] = MoiraId;
5447 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5451 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5453 for (i = 0; i < n; i++)
5456 free_values(modvalues);
5458 if (rc != LDAP_SUCCESS)
5460 com_err(whoami, 0, "Unable to change status of user %s : %s",
5461 user_name, ldap_err2string(rc));
5468 int user_delete(LDAP *ldap_handle, char *dn_path,
5469 char *u_name, char *MoiraId)
5472 char *attr_array[3];
5473 char distinguished_name[1024];
5474 char user_name[512];
5475 LK_ENTRY *group_base;
5480 if (!check_string(u_name))
5481 return(AD_INVALID_NAME);
5483 strcpy(user_name, u_name);
5487 if (strlen(MoiraId) != 0)
5489 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5490 attr_array[0] = "name";
5491 attr_array[1] = NULL;
5492 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5493 &group_base, &group_count,
5494 LDAP_SCOPE_SUBTREE)) != 0)
5496 com_err(whoami, 0, "Unable to process user %s : %s",
5497 user_name, ldap_err2string(rc));
5502 if (group_count != 1)
5504 linklist_free(group_base);
5507 sprintf(filter, "(sAMAccountName=%s)", user_name);
5508 attr_array[0] = "name";
5509 attr_array[1] = NULL;
5510 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5511 &group_base, &group_count,
5512 LDAP_SCOPE_SUBTREE)) != 0)
5514 com_err(whoami, 0, "Unable to process user %s : %s",
5515 user_name, ldap_err2string(rc));
5520 if (group_count != 1)
5522 com_err(whoami, 0, "Unable to find user %s in AD",
5527 strcpy(distinguished_name, group_base->dn);
5529 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5531 com_err(whoami, 0, "Unable to process user %s : %s",
5532 user_name, ldap_err2string(rc));
5535 /* Need to add code to delete mit.edu contact */
5539 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5541 if(rc = ldap_delete_s(ldap_handle, temp))
5543 com_err(whoami, 0, "Unable to delete user contact for %s",
5549 linklist_free(group_base);
5554 void linklist_free(LK_ENTRY *linklist_base)
5556 LK_ENTRY *linklist_previous;
5558 while (linklist_base != NULL)
5560 if (linklist_base->dn != NULL)
5561 free(linklist_base->dn);
5563 if (linklist_base->attribute != NULL)
5564 free(linklist_base->attribute);
5566 if (linklist_base->value != NULL)
5567 free(linklist_base->value);
5569 if (linklist_base->member != NULL)
5570 free(linklist_base->member);
5572 if (linklist_base->type != NULL)
5573 free(linklist_base->type);
5575 if (linklist_base->list != NULL)
5576 free(linklist_base->list);
5578 linklist_previous = linklist_base;
5579 linklist_base = linklist_previous->next;
5580 free(linklist_previous);
5584 void free_values(char **modvalues)
5590 if (modvalues != NULL)
5592 while (modvalues[i] != NULL)
5595 modvalues[i] = NULL;
5602 static int illegalchars[] = {
5603 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5604 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5605 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5606 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5607 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5608 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5609 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5610 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5611 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5612 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5613 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5614 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5615 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5616 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5617 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5618 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5621 static int illegalchars_ldap[] = {
5622 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5623 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5624 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5625 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5626 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5627 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5628 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5629 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5630 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5631 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5635 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5637 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5640 int check_string(char *s)
5648 if (isupper(character))
5649 character = tolower(character);
5653 if (illegalchars[(unsigned) character])
5658 if (illegalchars_ldap[(unsigned) character])
5666 int check_container_name(char *s)
5674 if (isupper(character))
5675 character = tolower(character);
5677 if (character == ' ')
5680 if (illegalchars[(unsigned) character])
5687 int mr_connect_cl(char *server, char *client, int version, int auth)
5693 status = mr_connect(server);
5697 com_err(whoami, status, "while connecting to Moira");
5701 status = mr_motd(&motd);
5706 com_err(whoami, status, "while checking server status");
5712 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5713 com_err(whoami, status, temp);
5718 status = mr_version(version);
5722 if (status == MR_UNKNOWN_PROC)
5725 status = MR_VERSION_HIGH;
5727 status = MR_SUCCESS;
5730 if (status == MR_VERSION_HIGH)
5732 com_err(whoami, 0, "Warning: This client is running newer code "
5733 "than the server.");
5734 com_err(whoami, 0, "Some operations may not work.");
5736 else if (status && status != MR_VERSION_LOW)
5738 com_err(whoami, status, "while setting query version number.");
5746 status = mr_krb5_auth(client);
5749 com_err(whoami, status, "while authenticating to Moira.");
5758 void AfsToWinAfs(char* path, char* winPath)
5762 strcpy(winPath, WINAFS);
5763 pathPtr = path + strlen(AFS);
5764 winPathPtr = winPath + strlen(WINAFS);
5768 if (*pathPtr == '/')
5771 *winPathPtr = *pathPtr;
5778 int GetAceInfo(int ac, char **av, void *ptr)
5785 strcpy(call_args[0], av[L_ACE_TYPE]);
5786 strcpy(call_args[1], av[L_ACE_NAME]);
5788 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5789 return(LDAP_SUCCESS);
5792 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5795 char *attr_array[3];
5798 LK_ENTRY *group_base;
5803 sprintf(filter, "(sAMAccountName=%s)", Name);
5804 attr_array[0] = "sAMAccountName";
5805 attr_array[1] = NULL;
5807 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5808 &group_base, &group_count,
5809 LDAP_SCOPE_SUBTREE)) != 0)
5811 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5812 Name, ldap_err2string(rc));
5816 linklist_free(group_base);
5819 if (group_count == 0)
5827 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5828 int UpdateGroup, int *ProcessGroup, char *maillist)
5831 char GroupName[256];
5837 char AceMembership[2];
5840 char *save_argv[U_END];
5844 com_err(whoami, 0, "ProcessAce disabled, skipping");
5848 strcpy(GroupName, Name);
5850 if (strcasecmp(Type, "LIST"))
5856 AceInfo[0] = AceType;
5857 AceInfo[1] = AceName;
5858 AceInfo[2] = AceMembership;
5860 memset(AceType, '\0', sizeof(AceType));
5861 memset(AceName, '\0', sizeof(AceName));
5862 memset(AceMembership, '\0', sizeof(AceMembership));
5863 memset(AceOu, '\0', sizeof(AceOu));
5866 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5868 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5869 GroupName, error_message(rc));
5875 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5879 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5882 strcpy(temp, AceName);
5884 if (!strcasecmp(AceType, "LIST"))
5885 sprintf(temp, "%s%s", AceName, group_suffix);
5889 if (checkADname(ldap_handle, dn_path, temp))
5892 (*ProcessGroup) = 1;
5895 if (!strcasecmp(AceInfo[0], "LIST"))
5897 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5898 AceMembership, 0, UpdateGroup, maillist))
5901 else if (!strcasecmp(AceInfo[0], "USER"))
5904 call_args[0] = (char *)ldap_handle;
5905 call_args[1] = dn_path;
5907 call_args[3] = NULL;
5910 if (rc = mr_query("get_user_account_by_login", 1, av,
5911 save_query_info, save_argv))
5913 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5918 if (rc = user_create(U_END, save_argv, call_args))
5920 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5927 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5937 if (!strcasecmp(AceType, "LIST"))
5939 if (!strcasecmp(GroupName, AceName))
5943 strcpy(GroupName, AceName);
5949 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5950 char *group_name, char *group_ou, char *group_membership,
5951 int group_security_flag, int updateGroup, char *maillist)
5956 LK_ENTRY *group_base;
5959 char *attr_array[3];
5962 call_args[0] = (char *)ldap_handle;
5963 call_args[1] = dn_path;
5964 call_args[2] = group_name;
5965 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
5966 call_args[4] = (char *)updateGroup;
5967 call_args[5] = MoiraId;
5969 call_args[7] = NULL;
5975 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
5978 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
5986 com_err(whoami, 0, "Unable to create list %s", group_name);
5987 return(callback_rc);
5993 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
5994 char *group_ou, char *group_membership,
5995 int group_security_flag, char *MoiraId)
6010 char *save_argv[U_END];
6012 com_err(whoami, 0, "Populating group %s", group_name);
6014 call_args[0] = (char *)ldap_handle;
6015 call_args[1] = dn_path;
6016 call_args[2] = group_name;
6017 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6018 call_args[4] = NULL;
6021 if (rc = mr_query("get_end_members_of_list", 1, av,
6022 member_list_build, call_args))
6024 com_err(whoami, 0, "Unable to populate list %s : %s",
6025 group_name, error_message(rc));
6029 members = (char **)malloc(sizeof(char *) * 2);
6031 if (member_base != NULL)
6037 if (!strcasecmp(ptr->type, "LIST"))
6043 if(!strcasecmp(ptr->type, "USER"))
6045 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6046 "")) == AD_NO_USER_FOUND)
6048 com_err(whoami, 0, "creating user %s", ptr->member);
6050 av[0] = ptr->member;
6051 call_args[0] = (char *)ldap_handle;
6052 call_args[1] = dn_path;
6054 call_args[3] = NULL;
6057 if (rc = mr_query("get_user_account_by_login", 1, av,
6058 save_query_info, save_argv))
6060 com_err(whoami, 0, "Unable to create user %s "
6061 "while populating group %s.", ptr->member,
6067 if (rc = user_create(U_END, save_argv, call_args))
6069 com_err(whoami, 0, "Unable to create user %s "
6070 "while populating group %s.", ptr->member,
6078 com_err(whoami, 0, "Unable to create user %s "
6079 "while populating group %s", ptr->member,
6090 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6095 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6100 else if (!strcasecmp(ptr->type, "STRING"))
6102 if (contact_create(ldap_handle, dn_path, ptr->member,
6106 pUserOu = contact_ou;
6107 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6110 else if (!strcasecmp(ptr->type, "KERBEROS"))
6112 if (contact_create(ldap_handle, dn_path, ptr->member,
6116 pUserOu = kerberos_ou;
6117 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6122 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6123 members[i++] = strdup(member);
6128 linklist_free(member_base);
6135 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6138 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6140 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6141 mods)) != LDAP_SUCCESS)
6144 "Unable to populate group membership for %s: %s",
6145 group_dn, ldap_err2string(rc));
6148 for (i = 0; i < n; i++)
6156 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6157 char *group_name, char *group_ou, char *group_membership,
6158 int group_security_flag, int type, char *maillist)
6160 char before_desc[512];
6161 char before_name[256];
6162 char before_group_ou[256];
6163 char before_group_membership[2];
6164 char distinguishedName[256];
6165 char ad_distinguishedName[256];
6167 char *attr_array[3];
6168 int before_security_flag;
6171 LK_ENTRY *group_base;
6174 char ou_security[512];
6175 char ou_distribution[512];
6176 char ou_neither[512];
6179 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6180 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6182 memset(filter, '\0', sizeof(filter));
6186 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6188 "samAccountName", &group_base,
6189 &group_count, filter))
6192 if (type == CHECK_GROUPS)
6194 if (group_count == 1)
6196 strcpy(group_dn, group_base->dn);
6198 if (!strcasecmp(group_dn, distinguishedName))
6200 linklist_free(group_base);
6205 linklist_free(group_base);
6207 if (group_count == 0)
6208 return(AD_NO_GROUPS_FOUND);
6210 if (group_count == 1)
6211 return(AD_WRONG_GROUP_DN_FOUND);
6213 return(AD_MULTIPLE_GROUPS_FOUND);
6216 if (group_count == 0)
6218 return(AD_NO_GROUPS_FOUND);
6221 if (group_count > 1)
6225 strcpy(group_dn, ptr->dn);
6229 if (!strcasecmp(group_dn, ptr->value))
6237 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6243 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6247 linklist_free(group_base);
6248 return(AD_MULTIPLE_GROUPS_FOUND);
6255 strcpy(group_dn, ptr->dn);
6257 if (strcasecmp(group_dn, ptr->value))
6258 rc = ldap_delete_s(ldap_handle, ptr->value);
6263 linklist_free(group_base);
6264 memset(filter, '\0', sizeof(filter));
6268 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6270 "samAccountName", &group_base,
6271 &group_count, filter))
6274 if (group_count == 0)
6275 return(AD_NO_GROUPS_FOUND);
6277 if (group_count > 1)
6278 return(AD_MULTIPLE_GROUPS_FOUND);
6281 strcpy(ad_distinguishedName, group_base->dn);
6282 linklist_free(group_base);
6286 attr_array[0] = "sAMAccountName";
6287 attr_array[1] = NULL;
6289 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6290 &group_base, &group_count,
6291 LDAP_SCOPE_SUBTREE)) != 0)
6293 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6294 MoiraId, ldap_err2string(rc));
6298 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6300 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6302 linklist_free(group_base);
6308 linklist_free(group_base);
6311 memset(ou_both, '\0', sizeof(ou_both));
6312 memset(ou_security, '\0', sizeof(ou_security));
6313 memset(ou_distribution, '\0', sizeof(ou_distribution));
6314 memset(ou_neither, '\0', sizeof(ou_neither));
6315 memset(before_name, '\0', sizeof(before_name));
6316 memset(before_desc, '\0', sizeof(before_desc));
6317 memset(before_group_membership, '\0', sizeof(before_group_membership));
6319 attr_array[0] = "name";
6320 attr_array[1] = NULL;
6322 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6323 &group_base, &group_count,
6324 LDAP_SCOPE_SUBTREE)) != 0)
6326 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6327 MoiraId, ldap_err2string(rc));
6331 strcpy(before_name, group_base->value);
6332 linklist_free(group_base);
6336 attr_array[0] = "description";
6337 attr_array[1] = NULL;
6339 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6340 &group_base, &group_count,
6341 LDAP_SCOPE_SUBTREE)) != 0)
6344 "Unable to get list description with MoiraId = %s: %s",
6345 MoiraId, ldap_err2string(rc));
6349 if (group_count != 0)
6351 strcpy(before_desc, group_base->value);
6352 linklist_free(group_base);
6357 change_to_lower_case(ad_distinguishedName);
6358 strcpy(ou_both, group_ou_both);
6359 change_to_lower_case(ou_both);
6360 strcpy(ou_security, group_ou_security);
6361 change_to_lower_case(ou_security);
6362 strcpy(ou_distribution, group_ou_distribution);
6363 change_to_lower_case(ou_distribution);
6364 strcpy(ou_neither, group_ou_neither);
6365 change_to_lower_case(ou_neither);
6367 if (strstr(ad_distinguishedName, ou_both))
6369 strcpy(before_group_ou, group_ou_both);
6370 before_group_membership[0] = 'B';
6371 before_security_flag = 1;
6373 else if (strstr(ad_distinguishedName, ou_security))
6375 strcpy(before_group_ou, group_ou_security);
6376 before_group_membership[0] = 'S';
6377 before_security_flag = 1;
6379 else if (strstr(ad_distinguishedName, ou_distribution))
6381 strcpy(before_group_ou, group_ou_distribution);
6382 before_group_membership[0] = 'D';
6383 before_security_flag = 0;
6385 else if (strstr(ad_distinguishedName, ou_neither))
6387 strcpy(before_group_ou, group_ou_neither);
6388 before_group_membership[0] = 'N';
6389 before_security_flag = 0;
6392 return(AD_NO_OU_FOUND);
6394 rc = group_rename(ldap_handle, dn_path, before_name,
6395 before_group_membership,
6396 before_group_ou, before_security_flag, before_desc,
6397 group_name, group_membership, group_ou,
6398 group_security_flag,
6399 before_desc, MoiraId, filter, maillist);
6404 void change_to_lower_case(char *ptr)
6408 for (i = 0; i < (int)strlen(ptr); i++)
6410 ptr[i] = tolower(ptr[i]);
6414 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6415 char *group_name, char *group_membership,
6416 char *MoiraId, char *attribute,
6417 LK_ENTRY **linklist_base, int *linklist_count,
6422 char *attr_array[3];
6426 (*linklist_base) = NULL;
6427 (*linklist_count) = 0;
6429 if (strlen(rFilter) != 0)
6431 strcpy(filter, rFilter);
6432 attr_array[0] = attribute;
6433 attr_array[1] = NULL;
6435 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6436 linklist_base, linklist_count,
6437 LDAP_SCOPE_SUBTREE)) != 0)
6439 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6440 MoiraId, ldap_err2string(rc));
6444 if ((*linklist_count) == 1)
6446 strcpy(rFilter, filter);
6451 linklist_free((*linklist_base));
6452 (*linklist_base) = NULL;
6453 (*linklist_count) = 0;
6455 if (strlen(MoiraId) != 0)
6457 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6459 attr_array[0] = attribute;
6460 attr_array[1] = NULL;
6462 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6463 linklist_base, linklist_count,
6464 LDAP_SCOPE_SUBTREE)) != 0)
6466 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6467 MoiraId, ldap_err2string(rc));
6472 if ((*linklist_count) > 1)
6474 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6475 pPtr = (*linklist_base);
6479 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6484 linklist_free((*linklist_base));
6485 (*linklist_base) = NULL;
6486 (*linklist_count) = 0;
6489 if ((*linklist_count) == 1)
6492 pPtr = (*linklist_base);
6493 dn = strdup(pPtr->dn);
6496 if (!memcmp(dn, group_name, strlen(group_name)))
6498 strcpy(rFilter, filter);
6503 linklist_free((*linklist_base));
6504 (*linklist_base) = NULL;
6505 (*linklist_count) = 0;
6506 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6508 attr_array[0] = attribute;
6509 attr_array[1] = NULL;
6511 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6512 linklist_base, linklist_count,
6513 LDAP_SCOPE_SUBTREE)) != 0)
6515 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6516 MoiraId, ldap_err2string(rc));
6520 if ((*linklist_count) == 1)
6522 strcpy(rFilter, filter);
6529 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6532 char *attr_array[3];
6533 char SamAccountName[64];
6536 LK_ENTRY *group_base;
6542 if (strlen(MoiraId) != 0)
6544 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6546 attr_array[0] = "sAMAccountName";
6547 attr_array[1] = NULL;
6548 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6549 &group_base, &group_count,
6550 LDAP_SCOPE_SUBTREE)) != 0)
6552 com_err(whoami, 0, "Unable to process user %s : %s",
6553 UserName, ldap_err2string(rc));
6557 if (group_count > 1)
6559 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6565 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6566 gPtr->value, MoiraId);
6572 if (group_count != 1)
6574 linklist_free(group_base);
6577 sprintf(filter, "(sAMAccountName=%s)", UserName);
6578 attr_array[0] = "sAMAccountName";
6579 attr_array[1] = NULL;
6581 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6582 &group_base, &group_count,
6583 LDAP_SCOPE_SUBTREE)) != 0)
6585 com_err(whoami, 0, "Unable to process user %s : %s",
6586 UserName, ldap_err2string(rc));
6591 if (group_count != 1)
6593 linklist_free(group_base);
6594 return(AD_NO_USER_FOUND);
6597 strcpy(SamAccountName, group_base->value);
6598 linklist_free(group_base);
6602 if (strcmp(SamAccountName, UserName))
6605 "User object %s with MoiraId %s has mismatched usernames "
6606 "(LDAP username %s, Moira username %s)", SamAccountName,
6607 MoiraId, SamAccountName, UserName);
6613 void container_get_dn(char *src, char *dest)
6620 memset(array, '\0', 20 * sizeof(array[0]));
6622 if (strlen(src) == 0)
6644 strcpy(dest, "OU=");
6648 strcat(dest, array[n-1]);
6652 strcat(dest, ",OU=");
6659 void container_get_name(char *src, char *dest)
6664 if (strlen(src) == 0)
6684 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6691 strcpy(cName, name);
6693 for (i = 0; i < (int)strlen(cName); i++)
6695 if (cName[i] == '/')
6698 av[CONTAINER_NAME] = cName;
6699 av[CONTAINER_DESC] = "";
6700 av[CONTAINER_LOCATION] = "";
6701 av[CONTAINER_CONTACT] = "";
6702 av[CONTAINER_TYPE] = "";
6703 av[CONTAINER_ID] = "";
6704 av[CONTAINER_ROWID] = "";
6705 rc = container_create(ldap_handle, dn_path, 7, av);
6707 if (rc == LDAP_SUCCESS)
6709 com_err(whoami, 0, "container %s created without a mitMoiraId",
6718 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6719 char **before, int afterc, char **after)
6724 char new_dn_path[256];
6726 char distinguishedName[256];
6731 memset(cName, '\0', sizeof(cName));
6732 container_get_name(after[CONTAINER_NAME], cName);
6734 if (!check_container_name(cName))
6736 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6738 return(AD_INVALID_NAME);
6741 memset(distinguishedName, '\0', sizeof(distinguishedName));
6743 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6744 distinguishedName, beforec, before))
6747 if (strlen(distinguishedName) == 0)
6749 rc = container_create(ldap_handle, dn_path, afterc, after);
6753 strcpy(temp, after[CONTAINER_NAME]);
6756 for (i = 0; i < (int)strlen(temp); i++)
6766 container_get_dn(temp, dName);
6768 if (strlen(temp) != 0)
6769 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6771 sprintf(new_dn_path, "%s", dn_path);
6773 sprintf(new_cn, "OU=%s", cName);
6775 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6777 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6778 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6780 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6781 before[CONTAINER_NAME], after[CONTAINER_NAME],
6782 ldap_err2string(rc));
6786 memset(dName, '\0', sizeof(dName));
6787 container_get_dn(after[CONTAINER_NAME], dName);
6788 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6793 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6795 char distinguishedName[256];
6798 memset(distinguishedName, '\0', sizeof(distinguishedName));
6800 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6801 distinguishedName, count, av))
6804 if (strlen(distinguishedName) == 0)
6807 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6809 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6810 container_move_objects(ldap_handle, dn_path, distinguishedName);
6812 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6813 av[CONTAINER_NAME], ldap_err2string(rc));
6819 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6821 char *attr_array[3];
6822 LK_ENTRY *group_base;
6825 char *objectClass_v[] = {"top",
6826 "organizationalUnit",
6829 char *ou_v[] = {NULL, NULL};
6830 char *name_v[] = {NULL, NULL};
6831 char *moiraId_v[] = {NULL, NULL};
6832 char *desc_v[] = {NULL, NULL};
6833 char *managedBy_v[] = {NULL, NULL};
6836 char managedByDN[256];
6843 memset(filter, '\0', sizeof(filter));
6844 memset(dName, '\0', sizeof(dName));
6845 memset(cName, '\0', sizeof(cName));
6846 memset(managedByDN, '\0', sizeof(managedByDN));
6847 container_get_dn(av[CONTAINER_NAME], dName);
6848 container_get_name(av[CONTAINER_NAME], cName);
6850 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6852 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6854 return(AD_INVALID_NAME);
6857 if (!check_container_name(cName))
6859 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6861 return(AD_INVALID_NAME);
6865 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6867 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6869 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6871 if (strlen(av[CONTAINER_ROWID]) != 0)
6873 moiraId_v[0] = av[CONTAINER_ROWID];
6874 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6877 if (strlen(av[CONTAINER_DESC]) != 0)
6879 desc_v[0] = av[CONTAINER_DESC];
6880 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6883 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6885 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6887 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6890 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6891 kerberos_ou, dn_path);
6892 managedBy_v[0] = managedByDN;
6893 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6898 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6900 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6901 "(objectClass=user)))", av[CONTAINER_ID]);
6904 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6906 sprintf(filter, "(&(objectClass=group)(cn=%s))",
6910 if (strlen(filter) != 0)
6912 attr_array[0] = "distinguishedName";
6913 attr_array[1] = NULL;
6916 if ((rc = linklist_build(ldap_handle, dn_path, filter,
6918 &group_base, &group_count,
6919 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6921 if (group_count == 1)
6923 strcpy(managedByDN, group_base->value);
6924 managedBy_v[0] = managedByDN;
6925 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6927 linklist_free(group_base);
6937 sprintf(temp, "%s,%s", dName, dn_path);
6938 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
6940 for (i = 0; i < n; i++)
6943 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
6945 com_err(whoami, 0, "Unable to create container %s : %s",
6946 cName, ldap_err2string(rc));
6950 if (rc == LDAP_ALREADY_EXISTS)
6952 if (strlen(av[CONTAINER_ROWID]) != 0)
6953 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
6959 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
6960 char **before, int afterc, char **after)
6962 char distinguishedName[256];
6965 memset(distinguishedName, '\0', sizeof(distinguishedName));
6967 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6968 distinguishedName, afterc, after))
6971 if (strlen(distinguishedName) == 0)
6973 rc = container_create(ldap_handle, dn_path, afterc, after);
6977 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6978 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
6984 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
6985 char *distinguishedName, int count,
6988 char *attr_array[3];
6989 LK_ENTRY *group_base;
6996 memset(filter, '\0', sizeof(filter));
6997 memset(dName, '\0', sizeof(dName));
6998 memset(cName, '\0', sizeof(cName));
6999 container_get_dn(av[CONTAINER_NAME], dName);
7000 container_get_name(av[CONTAINER_NAME], cName);
7002 if (strlen(dName) == 0)
7004 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7005 av[CONTAINER_NAME]);
7006 return(AD_INVALID_NAME);
7009 if (!check_container_name(cName))
7011 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7013 return(AD_INVALID_NAME);
7016 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7017 av[CONTAINER_ROWID]);
7018 attr_array[0] = "distinguishedName";
7019 attr_array[1] = NULL;
7023 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7024 &group_base, &group_count,
7025 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7027 if (group_count == 1)
7029 strcpy(distinguishedName, group_base->value);
7032 linklist_free(group_base);
7037 if (strlen(distinguishedName) == 0)
7039 sprintf(filter, "(&(objectClass=organizationalUnit)"
7040 "(distinguishedName=%s,%s))", dName, dn_path);
7041 attr_array[0] = "distinguishedName";
7042 attr_array[1] = NULL;
7046 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7047 &group_base, &group_count,
7048 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7050 if (group_count == 1)
7052 strcpy(distinguishedName, group_base->value);
7055 linklist_free(group_base);
7064 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7065 char *distinguishedName, int count, char **av)
7067 char *attr_array[5];
7068 LK_ENTRY *group_base;
7073 char *moiraId_v[] = {NULL, NULL};
7074 char *desc_v[] = {NULL, NULL};
7075 char *managedBy_v[] = {NULL, NULL};
7076 char managedByDN[256];
7085 strcpy(ad_path, distinguishedName);
7087 if (strlen(dName) != 0)
7088 sprintf(ad_path, "%s,%s", dName, dn_path);
7090 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7093 if (strlen(av[CONTAINER_ID]) != 0)
7094 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7095 av[CONTAINER_ROWID]);
7097 attr_array[0] = "mitMoiraId";
7098 attr_array[1] = "description";
7099 attr_array[2] = "managedBy";
7100 attr_array[3] = NULL;
7104 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7105 &group_base, &group_count,
7106 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7108 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7109 av[CONTAINER_NAME], ldap_err2string(rc));
7113 memset(managedByDN, '\0', sizeof(managedByDN));
7114 memset(moiraId, '\0', sizeof(moiraId));
7115 memset(desc, '\0', sizeof(desc));
7120 if (!strcasecmp(pPtr->attribute, "description"))
7121 strcpy(desc, pPtr->value);
7122 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7123 strcpy(managedByDN, pPtr->value);
7124 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7125 strcpy(moiraId, pPtr->value);
7129 linklist_free(group_base);
7134 if (strlen(av[CONTAINER_ROWID]) != 0)
7136 moiraId_v[0] = av[CONTAINER_ROWID];
7137 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7140 if (strlen(av[CONTAINER_DESC]) != 0)
7142 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7147 if (strlen(desc) != 0)
7149 attribute_update(ldap_handle, ad_path, "", "description", dName);
7153 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7155 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7157 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7160 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7161 kerberos_ou, dn_path);
7162 managedBy_v[0] = managedByDN;
7163 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7167 if (strlen(managedByDN) != 0)
7169 attribute_update(ldap_handle, ad_path, "", "managedBy",
7176 memset(filter, '\0', sizeof(filter));
7178 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7180 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7181 "(objectClass=user)))", av[CONTAINER_ID]);
7184 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7186 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7190 if (strlen(filter) != 0)
7192 attr_array[0] = "distinguishedName";
7193 attr_array[1] = NULL;
7196 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7197 attr_array, &group_base, &group_count,
7198 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7200 if (group_count == 1)
7202 strcpy(managedByDN, group_base->value);
7203 managedBy_v[0] = managedByDN;
7204 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7208 if (strlen(managedByDN) != 0)
7210 attribute_update(ldap_handle, ad_path, "",
7211 "managedBy", dName);
7215 linklist_free(group_base);
7222 if (strlen(managedByDN) != 0)
7224 attribute_update(ldap_handle, ad_path, "", "managedBy",
7234 return(LDAP_SUCCESS);
7236 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7238 for (i = 0; i < n; i++)
7241 if (rc != LDAP_SUCCESS)
7243 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7244 av[CONTAINER_NAME], ldap_err2string(rc));
7251 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7253 char *attr_array[3];
7254 LK_ENTRY *group_base;
7261 int NumberOfEntries = 10;
7265 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7267 for (i = 0; i < 3; i++)
7269 memset(filter, '\0', sizeof(filter));
7273 strcpy(filter, "(!(|(objectClass=computer)"
7274 "(objectClass=organizationalUnit)))");
7275 attr_array[0] = "cn";
7276 attr_array[1] = NULL;
7280 strcpy(filter, "(objectClass=computer)");
7281 attr_array[0] = "cn";
7282 attr_array[1] = NULL;
7286 strcpy(filter, "(objectClass=organizationalUnit)");
7287 attr_array[0] = "ou";
7288 attr_array[1] = NULL;
7293 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7294 &group_base, &group_count,
7295 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7300 if (group_count == 0)
7307 if (!strcasecmp(pPtr->attribute, "cn"))
7309 sprintf(new_cn, "cn=%s", pPtr->value);
7311 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7313 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7318 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7320 if (rc == LDAP_ALREADY_EXISTS)
7322 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7329 else if (!strcasecmp(pPtr->attribute, "ou"))
7331 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7337 linklist_free(group_base);
7346 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7347 char *machine_ou, char *NewMachineName)
7349 LK_ENTRY *group_base;
7353 char *attr_array[3];
7360 strcpy(NewMachineName, member);
7361 rc = moira_connect();
7362 rc = GetMachineName(NewMachineName);
7365 if (strlen(NewMachineName) == 0)
7367 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7373 pPtr = strchr(NewMachineName, '.');
7380 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7381 attr_array[0] = "cn";
7382 attr_array[1] = NULL;
7383 sprintf(temp, "%s", dn_path);
7385 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7386 &group_base, &group_count,
7387 LDAP_SCOPE_SUBTREE)) != 0)
7389 com_err(whoami, 0, "Unable to process machine %s : %s",
7390 member, ldap_err2string(rc));
7394 if (group_count != 1)
7397 "Unable to process machine %s : machine not found in AD",
7402 strcpy(dn, group_base->dn);
7403 strcpy(cn, group_base->value);
7405 for (i = 0; i < (int)strlen(dn); i++)
7406 dn[i] = tolower(dn[i]);
7408 for (i = 0; i < (int)strlen(cn); i++)
7409 cn[i] = tolower(cn[i]);
7411 linklist_free(group_base);
7413 pPtr = strstr(dn, cn);
7417 com_err(whoami, 0, "Unable to process machine %s",
7422 pPtr += strlen(cn) + 1;
7423 strcpy(machine_ou, pPtr);
7425 pPtr = strstr(machine_ou, "dc=");
7429 com_err(whoami, 0, "Unable to process machine %s",
7440 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7441 char *MoiraMachineName, char *DestinationOu)
7445 char MachineName[128];
7447 char *attr_array[3];
7452 LK_ENTRY *group_base;
7457 strcpy(MachineName, MoiraMachineName);
7458 rc = GetMachineName(MachineName);
7460 if (strlen(MachineName) == 0)
7462 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7467 cPtr = strchr(MachineName, '.');
7472 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7473 attr_array[0] = "sAMAccountName";
7474 attr_array[1] = NULL;
7476 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7478 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7480 com_err(whoami, 0, "Unable to process machine %s : %s",
7481 MoiraMachineName, ldap_err2string(rc));
7485 if (group_count == 1)
7486 strcpy(OldDn, group_base->dn);
7488 linklist_free(group_base);
7491 if (group_count != 1)
7493 com_err(whoami, 0, "Unable to find machine %s in AD: %s",
7498 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7499 cPtr = strchr(OldDn, ',');
7504 if (!strcasecmp(cPtr, NewOu))
7508 sprintf(NewCn, "CN=%s", MachineName);
7509 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7514 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7520 memset(Name, '\0', sizeof(Name));
7521 strcpy(Name, machine_name);
7523 pPtr = strchr(Name, '.');
7529 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7532 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7533 char *machine_name, char *container_name)
7539 av[0] = machine_name;
7540 call_args[0] = (char *)container_name;
7541 rc = mr_query("get_machine_to_container_map", 1, av,
7542 machine_GetMoiraContainer, call_args);
7546 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7551 strcpy(call_args[0], av[1]);
7555 int Moira_container_group_create(char **after)
7561 memset(GroupName, '\0', sizeof(GroupName));
7562 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7563 after[CONTAINER_ROWID]);
7567 argv[L_NAME] = GroupName;
7568 argv[L_ACTIVE] = "1";
7569 argv[L_PUBLIC] = "0";
7570 argv[L_HIDDEN] = "0";
7571 argv[L_MAILLIST] = "0";
7572 argv[L_GROUP] = "1";
7573 argv[L_GID] = UNIQUE_GID;
7574 argv[L_NFSGROUP] = "0";
7575 argv[L_MAILMAN] = "0";
7576 argv[L_MAILMAN_SERVER] = "[NONE]";
7577 argv[L_DESC] = "auto created container group";
7578 argv[L_ACE_TYPE] = "USER";
7579 argv[L_MEMACE_TYPE] = "USER";
7580 argv[L_ACE_NAME] = "sms";
7581 argv[L_MEMACE_NAME] = "sms";
7583 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7586 "Unable to create container group %s for container %s: %s",
7587 GroupName, after[CONTAINER_NAME], error_message(rc));
7590 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7591 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7596 int Moira_container_group_update(char **before, char **after)
7599 char BeforeGroupName[64];
7600 char AfterGroupName[64];
7603 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7606 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7607 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7608 if (strlen(BeforeGroupName) == 0)
7611 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7612 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7613 after[CONTAINER_ROWID]);
7617 if (strcasecmp(BeforeGroupName, AfterGroupName))
7619 argv[L_NAME] = BeforeGroupName;
7620 argv[L_NAME + 1] = AfterGroupName;
7621 argv[L_ACTIVE + 1] = "1";
7622 argv[L_PUBLIC + 1] = "0";
7623 argv[L_HIDDEN + 1] = "0";
7624 argv[L_MAILLIST + 1] = "0";
7625 argv[L_GROUP + 1] = "1";
7626 argv[L_GID + 1] = UNIQUE_GID;
7627 argv[L_NFSGROUP + 1] = "0";
7628 argv[L_MAILMAN + 1] = "0";
7629 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7630 argv[L_DESC + 1] = "auto created container group";
7631 argv[L_ACE_TYPE + 1] = "USER";
7632 argv[L_MEMACE_TYPE + 1] = "USER";
7633 argv[L_ACE_NAME + 1] = "sms";
7634 argv[L_MEMACE_NAME + 1] = "sms";
7636 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7639 "Unable to rename container group from %s to %s: %s",
7640 BeforeGroupName, AfterGroupName, error_message(rc));
7647 int Moira_container_group_delete(char **before)
7652 char ParentGroupName[64];
7654 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7655 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7657 memset(GroupName, '\0', sizeof(GroupName));
7659 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7660 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7662 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7664 argv[0] = ParentGroupName;
7666 argv[2] = GroupName;
7668 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7671 "Unable to delete container group %s from list: %s",
7672 GroupName, ParentGroupName, error_message(rc));
7676 if (strlen(GroupName) != 0)
7678 argv[0] = GroupName;
7680 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7682 com_err(whoami, 0, "Unable to delete container group %s : %s",
7683 GroupName, error_message(rc));
7690 int Moira_groupname_create(char *GroupName, char *ContainerName,
7691 char *ContainerRowID)
7696 char newGroupName[64];
7697 char tempGroupName[64];
7703 strcpy(temp, ContainerName);
7705 ptr1 = strrchr(temp, '/');
7711 ptr1 = strrchr(temp, '/');
7715 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7718 strcpy(tempgname, ptr);
7721 strcpy(tempgname, temp);
7723 if (strlen(tempgname) > 25)
7724 tempgname[25] ='\0';
7726 sprintf(newGroupName, "cnt-%s", tempgname);
7728 /* change everything to lower case */
7734 *ptr = tolower(*ptr);
7742 strcpy(tempGroupName, newGroupName);
7745 /* append 0-9 then a-z if a duplicate is found */
7748 argv[0] = newGroupName;
7750 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7752 if (rc == MR_NO_MATCH)
7754 com_err(whoami, 0, "Moira error while creating group name for "
7755 "container %s : %s", ContainerName, error_message(rc));
7759 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7763 com_err(whoami, 0, "Unable to find a unique group name for "
7764 "container %s: too many duplicate container names",
7775 strcpy(GroupName, newGroupName);
7779 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7784 argv[0] = origContainerName;
7785 argv[1] = GroupName;
7787 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7790 "Unable to set container group %s in container %s: %s",
7791 GroupName, origContainerName, error_message(rc));
7797 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7799 char ContainerName[64];
7800 char ParentGroupName[64];
7804 strcpy(ContainerName, origContainerName);
7806 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7808 /* top-level container */
7809 if (strlen(ParentGroupName) == 0)
7812 argv[0] = ParentGroupName;
7814 argv[2] = GroupName;
7816 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7819 "Unable to add container group %s to parent group %s: %s",
7820 GroupName, ParentGroupName, error_message(rc));
7826 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7831 strcpy(call_args[0], av[1]);
7836 int Moira_getGroupName(char *origContainerName, char *GroupName,
7839 char ContainerName[64];
7845 strcpy(ContainerName, origContainerName);
7849 ptr = strrchr(ContainerName, '/');
7857 argv[0] = ContainerName;
7859 call_args[0] = GroupName;
7860 call_args[1] = NULL;
7862 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7865 if (strlen(GroupName) != 0)
7870 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7871 ContainerName, error_message(rc));
7873 com_err(whoami, 0, "Unable to get container group from container %s",
7879 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7885 if (strcmp(GroupName, "[none]") == 0)
7888 argv[0] = GroupName;
7889 argv[1] = "MACHINE";
7890 argv[2] = MachineName;
7893 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7895 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7899 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7900 MachineName, GroupName, error_message(rc));
7906 int GetMachineName(char *MachineName)
7909 char NewMachineName[1024];
7916 // If the address happens to be in the top-level MIT domain, great!
7917 strcpy(NewMachineName, MachineName);
7919 for (i = 0; i < (int)strlen(NewMachineName); i++)
7920 NewMachineName[i] = toupper(NewMachineName[i]);
7922 szDot = strchr(NewMachineName,'.');
7924 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
7929 // If not, see if it has a Moira alias in the top-level MIT domain.
7930 memset(NewMachineName, '\0', sizeof(NewMachineName));
7932 args[1] = MachineName;
7933 call_args[0] = NewMachineName;
7934 call_args[1] = NULL;
7936 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
7938 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
7939 MachineName, error_message(rc));
7940 strcpy(MachineName, "");
7944 if (strlen(NewMachineName) != 0)
7945 strcpy(MachineName, NewMachineName);
7947 strcpy(MachineName, "");
7952 int ProcessMachineName(int ac, char **av, void *ptr)
7955 char MachineName[1024];
7961 if (strlen(call_args[0]) == 0)
7963 strcpy(MachineName, av[0]);
7965 for (i = 0; i < (int)strlen(MachineName); i++)
7966 MachineName[i] = toupper(MachineName[i]);
7968 szDot = strchr(MachineName,'.');
7970 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
7972 strcpy(call_args[0], MachineName);
7979 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
7985 for (i = 0; i < n; i++)
7987 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
7988 mods[i]->mod_type = "uidNumber";
7995 for (i = 0; i < n; i++)
7997 if (!strcmp(mods[i]->mod_type, "uidNumber"))
7998 mods[i]->mod_type = "msSFU30UidNumber";
8005 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8006 char *DistinguishedName,
8007 char *WinHomeDir, char *WinProfileDir,
8008 char **homedir_v, char **winProfile_v,
8009 char **drives_v, LDAPMod **mods,
8017 char winProfile[1024];
8020 char apple_homedir[1024];
8021 char *apple_homedir_v[] = {NULL, NULL};
8025 LDAPMod *DelMods[20];
8027 memset(homeDrive, '\0', sizeof(homeDrive));
8028 memset(path, '\0', sizeof(path));
8029 memset(winPath, '\0', sizeof(winPath));
8030 memset(winProfile, '\0', sizeof(winProfile));
8033 if(!ActiveDirectory)
8035 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8037 memset(cWeight, 0, sizeof(cWeight));
8038 memset(cPath, 0, sizeof(cPath));
8042 while (hp[i] != NULL)
8044 if (sscanf(hp[i], "%*s %s", cPath))
8046 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8048 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8050 if (atoi(cWeight) < last_weight)
8052 strcpy(path, cPath);
8053 last_weight = (int)atoi(cWeight);
8057 strcpy(path, cPath);
8065 if (!strnicmp(path, AFS, strlen(AFS)))
8067 sprintf(homedir, "%s", path);
8068 sprintf(apple_homedir, "%s/MacData", path);
8069 homedir_v[0] = homedir;
8070 apple_homedir_v[0] = apple_homedir;
8071 ADD_ATTR("homeDirectory", homedir_v, OpType);
8072 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8078 if(user_name[0] && user_name[1])
8080 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8081 user_name[0], user_name[1], user_name);
8082 sprintf(apple_homedir, "%s/MacData", homedir);
8083 homedir_v[0] = "NONE";
8084 apple_homedir_v[0] = "NONE";
8085 ADD_ATTR("homeDirectory", homedir_v, OpType);
8086 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8093 if(user_name[0] && user_name[1])
8095 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8096 user_name[0], user_name[1], user_name);
8097 sprintf(apple_homedir, "%s/MacData", homedir);
8098 homedir_v[0] = "NONE";
8099 apple_homedir_v[0] = "NONE";
8100 ADD_ATTR("homeDirectory", homedir_v, OpType);
8101 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8108 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8109 (!strcasecmp(WinProfileDir, "[afs]")))
8111 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8113 memset(cWeight, 0, sizeof(cWeight));
8114 memset(cPath, 0, sizeof(cPath));
8118 while (hp[i] != NULL)
8120 if (sscanf(hp[i], "%*s %s", cPath))
8122 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8124 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8126 if (atoi(cWeight) < last_weight)
8128 strcpy(path, cPath);
8129 last_weight = (int)atoi(cWeight);
8133 strcpy(path, cPath);
8141 if (!strnicmp(path, AFS, strlen(AFS)))
8143 AfsToWinAfs(path, winPath);
8144 strcpy(winProfile, winPath);
8145 strcat(winProfile, "\\.winprofile");
8153 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8154 (!strcasecmp(WinProfileDir, "[dfs]")))
8156 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8157 user_name[0], user_name);
8159 if (!strcasecmp(WinProfileDir, "[dfs]"))
8161 strcpy(winProfile, path);
8162 strcat(winProfile, "\\.winprofile");
8165 if (!strcasecmp(WinHomeDir, "[dfs]"))
8166 strcpy(winPath, path);
8179 if (!strcasecmp(WinHomeDir, "[local]"))
8180 memset(winPath, '\0', sizeof(winPath));
8181 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8182 !strcasecmp(WinHomeDir, "[dfs]"))
8184 strcpy(homeDrive, "H:");
8188 strcpy(winPath, WinHomeDir);
8189 if (!strncmp(WinHomeDir, "\\\\", 2))
8191 strcpy(homeDrive, "H:");
8195 // nothing needs to be done if WinProfileDir is [afs].
8196 if (!strcasecmp(WinProfileDir, "[local]"))
8197 memset(winProfile, '\0', sizeof(winProfile));
8198 else if (strcasecmp(WinProfileDir, "[afs]") &&
8199 strcasecmp(WinProfileDir, "[dfs]"))
8201 strcpy(winProfile, WinProfileDir);
8204 if (strlen(winProfile) != 0)
8206 if (winProfile[strlen(winProfile) - 1] == '\\')
8207 winProfile[strlen(winProfile) - 1] = '\0';
8210 if (strlen(winPath) != 0)
8212 if (winPath[strlen(winPath) - 1] == '\\')
8213 winPath[strlen(winPath) - 1] = '\0';
8216 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8217 strcat(winProfile, "\\");
8219 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8220 strcat(winPath, "\\");
8222 if (strlen(winPath) == 0)
8224 if (OpType == LDAP_MOD_REPLACE)
8227 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8229 //unset homeDirectory attribute for user.
8230 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8236 homedir_v[0] = strdup(winPath);
8237 ADD_ATTR("homeDirectory", homedir_v, OpType);
8240 if (strlen(winProfile) == 0)
8242 if (OpType == LDAP_MOD_REPLACE)
8245 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8247 //unset profilePate attribute for user.
8248 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8254 winProfile_v[0] = strdup(winProfile);
8255 ADD_ATTR("profilePath", winProfile_v, OpType);
8258 if (strlen(homeDrive) == 0)
8260 if (OpType == LDAP_MOD_REPLACE)
8263 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8265 //unset homeDrive attribute for user
8266 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8272 drives_v[0] = strdup(homeDrive);
8273 ADD_ATTR("homeDrive", drives_v, OpType);
8279 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8280 char *attribute_value, char *attribute, char *user_name)
8282 char *mod_v[] = {NULL, NULL};
8283 LDAPMod *DelMods[20];
8289 if (strlen(attribute_value) == 0)
8292 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8294 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8300 mod_v[0] = attribute_value;
8301 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8304 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8305 mods)) != LDAP_SUCCESS)
8309 mod_v[0] = attribute_value;
8310 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8313 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8314 mods)) != LDAP_SUCCESS)
8316 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8318 attribute, user_name, ldap_err2string(rc));
8328 void StringTrim(char *StringToTrim)
8333 save = strdup(StringToTrim);
8340 /* skip to end of string */
8345 strcpy(StringToTrim, save);
8349 for (t = s; *t; t++)
8365 strcpy(StringToTrim, s);
8369 int ReadConfigFile(char *DomainName)
8380 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8382 if ((fptr = fopen(temp, "r")) != NULL)
8384 while (fgets(temp, sizeof(temp), fptr) != 0)
8386 for (i = 0; i < (int)strlen(temp); i++)
8387 temp[i] = toupper(temp[i]);
8389 if (temp[strlen(temp) - 1] == '\n')
8390 temp[strlen(temp) - 1] = '\0';
8394 if (strlen(temp) == 0)
8397 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8399 if (strlen(temp) > (strlen(DOMAIN)))
8401 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8402 StringTrim(ldap_domain);
8405 else if (!strncmp(temp, REALM, strlen(REALM)))
8407 if (strlen(temp) > (strlen(REALM)))
8409 strcpy(ldap_realm, &temp[strlen(REALM)]);
8410 StringTrim(ldap_realm);
8413 else if (!strncmp(temp, PORT, strlen(PORT)))
8415 if (strlen(temp) > (strlen(PORT)))
8417 strcpy(ldap_port, &temp[strlen(PORT)]);
8418 StringTrim(ldap_port);
8421 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8423 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8425 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8426 StringTrim(PrincipalName);
8429 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8431 if (strlen(temp) > (strlen(SERVER)))
8433 ServerList[Count] = calloc(1, 256);
8434 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8435 StringTrim(ServerList[Count]);
8439 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8441 if (strlen(temp) > (strlen(MSSFU)))
8443 strcpy(temp1, &temp[strlen(MSSFU)]);
8445 if (!strcmp(temp1, SFUTYPE))
8449 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8451 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8453 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8455 if (!strcasecmp(temp1, "NO"))
8458 memset(group_suffix, '\0', sizeof(group_suffix));
8462 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8464 if (strlen(temp) > (strlen(GROUP_TYPE)))
8466 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8468 if (!strcasecmp(temp1, "UNIVERSAL"))
8469 UseGroupUniversal = 1;
8472 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8474 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8476 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8478 if (!strcasecmp(temp1, "NO"))
8482 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8484 if (strlen(temp) > (strlen(SET_PASSWORD)))
8486 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8488 if (!strcasecmp(temp1, "NO"))
8492 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8494 if (strlen(temp) > (strlen(EXCHANGE)))
8496 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8498 if (!strcasecmp(temp1, "YES"))
8502 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8503 strlen(PROCESS_MACHINE_CONTAINER)))
8505 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8507 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8509 if (!strcasecmp(temp1, "NO"))
8510 ProcessMachineContainer = 0;
8513 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8514 strlen(ACTIVE_DIRECTORY)))
8516 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8518 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8520 if (!strcasecmp(temp1, "NO"))
8521 ActiveDirectory = 0;
8526 if (strlen(ldap_domain) != 0)
8528 memset(ldap_domain, '\0', sizeof(ldap_domain));
8532 if (strlen(temp) != 0)
8533 strcpy(ldap_domain, temp);
8539 if (strlen(ldap_domain) == 0)
8541 strcpy(ldap_domain, DomainName);
8547 for (i = 0; i < Count; i++)
8549 if (ServerList[i] != 0)
8551 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8552 ServerList[i][k] = toupper(ServerList[i][k]);
8559 int ReadDomainList()
8566 unsigned char c[11];
8567 unsigned char stuff[256];
8572 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8574 if ((fptr = fopen(temp, "r")) != NULL)
8576 while (fgets(temp, sizeof(temp), fptr) != 0)
8578 for (i = 0; i < (int)strlen(temp); i++)
8579 temp[i] = toupper(temp[i]);
8581 if (temp[strlen(temp) - 1] == '\n')
8582 temp[strlen(temp) - 1] = '\0';
8586 if (strlen(temp) == 0)
8589 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8591 if (strlen(temp) > (strlen(DOMAIN)))
8593 strcpy(temp1, &temp[strlen(DOMAIN)]);
8595 strcpy(temp, temp1);
8599 strcpy(DomainNames[Count], temp);
8600 StringTrim(DomainNames[Count]);
8609 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8610 "configuration error in ldap.cfg");
8617 int email_isvalid(const char *address) {
8619 const char *c, *domain;
8620 static char *rfc822_specials = "()<>@,;:\\\"[]";
8622 if(address[strlen(address) - 1] == '.')
8625 /* first we validate the name portion (name@domain) */
8626 for (c = address; *c; c++) {
8627 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8632 if (*c == '\\' && (*++c == ' '))
8634 if (*c <= ' ' || *c >= 127)
8649 if (*c <= ' ' || *c >= 127)
8651 if (strchr(rfc822_specials, *c))
8655 if (c == address || *(c - 1) == '.')
8658 /* next we validate the domain portion (name@domain) */
8659 if (!*(domain = ++c)) return 0;
8662 if (c == domain || *(c - 1) == '.')
8666 if (*c <= ' ' || *c >= 127)
8668 if (strchr(rfc822_specials, *c))
8672 return (count >= 1);
8675 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8676 char **homeServerName)
8678 LK_ENTRY *group_base;
8679 LK_ENTRY *sub_group_base;
8683 int sub_group_count;
8685 char sub_filter[1024];
8686 char search_path[1024];
8688 char *attr_array[3];
8690 int homeMDB_count = -1;
8694 int rangeStep = 1500;
8696 int rangeHigh = rangeLow + (rangeStep - 1);
8699 /* Grumble..... microsoft not making it searchable from the root *grr* */
8701 memset(filter, '\0', sizeof(filter));
8702 memset(search_path, '\0', sizeof(search_path));
8704 sprintf(filter, "(objectClass=msExchMDB)");
8705 sprintf(search_path, "CN=Configuration,%s", dn_path);
8706 attr_array[0] = "distinguishedName";
8707 attr_array[1] = NULL;
8712 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8713 &group_base, &group_count,
8714 LDAP_SCOPE_SUBTREE)) != 0)
8716 com_err(whoami, 0, "Unable to find msExchMDB %s",
8717 ldap_err2string(rc));
8726 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8727 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8728 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8735 * Due to limits in active directory we need to use the LDAP
8736 * range semantics to query and return all the values in
8737 * large lists, we will stop increasing the range when
8738 * the result count is 0.
8746 memset(sub_filter, '\0', sizeof(sub_filter));
8747 memset(range, '\0', sizeof(range));
8748 sprintf(sub_filter, "(objectClass=msExchMDB)");
8751 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8753 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8755 attr_array[0] = range;
8756 attr_array[1] = NULL;
8758 sub_group_base = NULL;
8759 sub_group_count = 0;
8761 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8762 attr_array, &sub_group_base,
8764 LDAP_SCOPE_SUBTREE)) != 0)
8766 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8767 ldap_err2string(rc));
8771 if(!sub_group_count)
8777 rangeHigh = rangeLow + (rangeStep - 1);
8784 mdbbl_count += sub_group_count;
8785 rangeLow = rangeHigh + 1;
8786 rangeHigh = rangeLow + (rangeStep - 1);
8789 /* First time through, need to initialize or update the least used */
8791 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8794 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8796 homeMDB_count = mdbbl_count;
8797 *homeMDB = strdup(gPtr->dn);
8801 linklist_free(sub_group_base);
8805 linklist_free(group_base);
8808 * Ok found the server least allocated need to now query to get its
8809 * msExchHomeServerName so we can set it as a user attribute
8812 attr_array[0] = "legacyExchangeDN";
8813 attr_array[1] = NULL;
8818 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8819 attr_array, &group_base,
8821 LDAP_SCOPE_SUBTREE)) != 0)
8823 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8824 ldap_err2string(rc));
8830 *homeServerName = strdup(group_base->value);
8831 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8837 linklist_free(group_base);
8842 char *lowercase(char *s)
8846 for (p = s; *p; p++)
8854 char *uppercase(char *s)
8858 for (p = s; *p; p++)
8866 char *escape_string(char *s)
8874 memset(string, '\0', sizeof(string));
8878 /* Replace leading spaces */
8880 while(isspace(*q)) {
8887 /* Escape any special characters */
8889 for(; *q != '\0'; q++) {
8912 return strdup(string);
8915 int save_query_info(int argc, char **argv, void *hint)
8918 char **nargv = hint;
8920 for(i = 0; i < argc; i++)
8921 nargv[i] = strdup(argv[i]);