2 /* winad.incr arguments examples
4 * arguments when moira creates the account - ignored by winad.incr since the account is unusable.
5 * users 0 11 #45198 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
6 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
8 * arguments for creating or updating a user account
9 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
10 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
11 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
13 * arguments for deactivating/deleting a user account
14 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
16 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
18 * arguments for reactivating a user account
19 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058
20 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 121058
21 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
23 * arguments for changing user name
24 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
25 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
27 * arguments for expunging a user
28 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000 121049
29 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, mitid, type, moiraid
31 * arguments for creating a "special" group/list
32 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
33 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
35 * arguments for creating a "mail" group/list
36 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
37 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
39 * arguments for creating a "group" group/list
40 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
41 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
43 * arguments for creating a "group/mail" group/list
44 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
45 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraid
47 * arguments to add a USER member to group/list
48 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
49 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
51 * arguments to add a STRING or KERBEROS member to group/list
52 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
53 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
54 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
56 * NOTE: group members of type LIST are ignored.
58 * arguments to remove a USER member to group/list
59 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
60 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, userStatus, moiraListId, moiraUserId
62 * arguments to remove a STRING or KERBEROS member to group/list
63 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
64 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
65 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid, moiraListId
67 * NOTE: group members of type LIST are ignored.
69 * arguments for renaming a group/list
70 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1 1 0 0 0 -1 description 0 92616
71 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
73 * arguments for deleting a group/list
74 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
75 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description, moiraListId
77 * arguments for adding a file system
78 * filesys 0 12 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
80 * arguments for deleting a file system
81 * filesys 12 0 username AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username wheel 1 HOMEDIR 101727
83 * arguments when moira creates a container (OU).
84 * containers 0 8 machines/test/bottom description location contact USER 105316 2222 [none]
86 * arguments when moira deletes a container (OU).
87 * containers 8 0 machines/test/bottom description location contact USER 105316 2222 groupname
89 * arguments when moira modifies a container information (OU).
90 * containers 8 8 machines/test/bottom description location contact USER 105316 2222 groupname machines/test/bottom description1 location contact USER 105316 2222 groupname
92 * arguments when moira adds a machine from an OU
93 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
94 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
96 * arguments when moira removes a machine from an OU
97 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
98 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
101 #include <mit-copyright.h>
103 #include <winsock2.h>
107 #include <lmaccess.h>
114 #include <moira_site.h>
115 #include <mrclient.h>
123 #define ECONNABORTED WSAECONNABORTED
126 #define ECONNREFUSED WSAECONNREFUSED
129 #define EHOSTUNREACH WSAEHOSTUNREACH
131 #define krb5_xfree free
133 #define sleep(A) Sleep(A * 1000);
137 #include <sys/types.h>
138 #include <netinet/in.h>
139 #include <arpa/nameser.h>
141 #include <sys/utsname.h>
144 #define WINADCFG "/moira/winad/winad.cfg"
145 #define strnicmp(A,B,C) strncasecmp(A,B,C)
146 #define UCHAR unsigned char
148 #define UF_SCRIPT 0x0001
149 #define UF_ACCOUNTDISABLE 0x0002
150 #define UF_HOMEDIR_REQUIRED 0x0008
151 #define UF_LOCKOUT 0x0010
152 #define UF_PASSWD_NOTREQD 0x0020
153 #define UF_PASSWD_CANT_CHANGE 0x0040
154 #define UF_DONT_EXPIRE_PASSWD 0x10000
156 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
157 #define UF_NORMAL_ACCOUNT 0x0200
158 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
159 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
160 #define UF_SERVER_TRUST_ACCOUNT 0x2000
162 #define OWNER_SECURITY_INFORMATION (0x00000001L)
163 #define GROUP_SECURITY_INFORMATION (0x00000002L)
164 #define DACL_SECURITY_INFORMATION (0x00000004L)
165 #define SACL_SECURITY_INFORMATION (0x00000008L)
168 #define BYTE unsigned char
170 typedef unsigned int DWORD;
171 typedef unsigned long ULONG;
176 unsigned short Data2;
177 unsigned short Data3;
178 unsigned char Data4[8];
181 typedef struct _SID_IDENTIFIER_AUTHORITY {
183 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
185 typedef struct _SID {
187 BYTE SubAuthorityCount;
188 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
189 DWORD SubAuthority[512];
194 #define WINADCFG "winad.cfg"
198 #define WINAFS "\\\\afs\\all\\"
200 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
201 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
202 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
203 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
204 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
206 #define QUERY_VERSION -1
207 #define PRIMARY_REALM "ATHENA.MIT.EDU"
208 #define PRIMARY_DOMAIN "win.mit.edu"
209 #define PRODUCTION_PRINCIPAL "sms"
210 #define TEST_PRINCIPAL "smstest"
219 #define MEMBER_REMOVE 2
220 #define MEMBER_CHANGE_NAME 3
221 #define MEMBER_ACTIVATE 4
222 #define MEMBER_DEACTIVATE 5
223 #define MEMBER_CREATE 6
225 #define MOIRA_ALL 0x0
226 #define MOIRA_USERS 0x1
227 #define MOIRA_KERBEROS 0x2
228 #define MOIRA_STRINGS 0x4
229 #define MOIRA_LISTS 0x8
231 #define CHECK_GROUPS 1
232 #define CLEANUP_GROUPS 2
234 #define AD_NO_GROUPS_FOUND -1
235 #define AD_WRONG_GROUP_DN_FOUND -2
236 #define AD_MULTIPLE_GROUPS_FOUND -3
237 #define AD_INVALID_NAME -4
238 #define AD_LDAP_FAILURE -5
239 #define AD_INVALID_FILESYS -6
240 #define AD_NO_ATTRIBUTE_FOUND -7
241 #define AD_NO_OU_FOUND -8
242 #define AD_NO_USER_FOUND -9
244 /* container arguments */
245 #define CONTAINER_NAME 0
246 #define CONTAINER_DESC 1
247 #define CONTAINER_LOCATION 2
248 #define CONTAINER_CONTACT 3
249 #define CONTAINER_TYPE 4
250 #define CONTAINER_ID 5
251 #define CONTAINER_ROWID 6
252 #define CONTAINER_GROUP_NAME 7
254 /*mcntmap arguments*/
255 #define OU_MACHINE_NAME 0
256 #define OU_CONTAINER_NAME 1
257 #define OU_MACHINE_ID 2
258 #define OU_CONTAINER_ID 3
259 #define OU_CONTAINER_GROUP 4
261 typedef struct lk_entry {
271 struct lk_entry *next;
274 #define STOP_FILE "/moira/winad/nowinad"
275 #define file_exists(file) (access((file), F_OK) == 0)
277 #define N_SD_BER_BYTES 5
278 #define LDAP_BERVAL struct berval
279 #define MAX_SERVER_NAMES 32
281 #define HIDDEN_GROUP "HiddenGroup.g"
282 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
283 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
284 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
286 #define ADD_ATTR(t, v, o) \
287 mods[n] = malloc(sizeof(LDAPMod)); \
288 mods[n]->mod_op = o; \
289 mods[n]->mod_type = t; \
290 mods[n++]->mod_values = v
292 #define DEL_ATTR(t, o) \
293 DelMods[i] = malloc(sizeof(LDAPMod)); \
294 DelMods[i]->mod_op = o; \
295 DelMods[i]->mod_type = t; \
296 DelMods[i++]->mod_values = NULL
298 #define DOMAIN_SUFFIX "MIT.EDU"
299 #define DOMAIN "DOMAIN:"
300 #define PRINCIPALNAME "PRINCIPAL:"
301 #define SERVER "SERVER:"
305 char PrincipalName[128];
307 #define KRB5CCNAME "KRB5CCNAME=/tmp/krb5cc_winad.incr"
308 #define KRBTKFILE "KRBTKFILE=/tmp/tkt_winad.incr"
309 #define KEYTABFILE "/etc/krb5.keytab"
311 #define KRB5CCNAME "KRB5CCNAME=\\tmp\\krb5cc_winad.incr"
312 #define KRBTKFILE "KRBTKFILE=\\tmp\\tkt_winad.incr"
313 #define KEYTABFILE "\\keytabs\\krb5.keytab"
316 LK_ENTRY *member_base = NULL;
317 static char tbl_buf[1024];
318 char kerberos_ou[] = "OU=kerberos,OU=moira";
319 char contact_ou[] = "OU=strings,OU=moira";
320 char user_ou[] = "OU=users,OU=moira";
321 char group_ou_distribution[] = "OU=mail,OU=lists,OU=moira";
322 char group_ou_root[] = "OU=lists,OU=moira";
323 char group_ou_security[] = "OU=group,OU=lists,OU=moira";
324 char group_ou_neither[] = "OU=special,OU=lists,OU=moira";
325 char group_ou_both[] = "OU=mail,OU=group,OU=lists,OU=moira";
326 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
327 char orphans_other_ou[] = "OU=Other,OU=Orphans";
328 char security_template_ou[] = "OU=security_templates";
330 char ldap_domain[256];
331 char *ServerList[MAX_SERVER_NAMES];
332 int mr_connections = 0;
334 char default_server[256];
335 static char tbl_buf[1024];
337 int NoChangeConfigFile;
339 extern int set_password(char *user, char *password, char *domain);
341 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
342 char *group_membership, char *MoiraId, char *attribute,
343 LK_ENTRY **linklist_base, int *linklist_count,
345 void AfsToWinAfs(char* path, char* winPath);
346 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
347 char *Win2kPassword, char *Win2kUser, char *default_server,
348 int connect_to_kdc, char **ServerList);
349 void ad_kdc_disconnect();
350 int ad_server_connect(char *connectedServer, char *domain);
351 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
352 char *attribute_value, char *attribute, char *user_name);
353 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
354 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
355 void check_winad(void);
356 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId);
358 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
359 char *distinguishedName, int count, char **av);
360 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
361 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
362 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
363 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
364 char *distinguishedName, int count, char **av);
365 void container_get_dn(char *src, char *dest);
366 void container_get_name(char *src, char *dest);
367 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
368 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
369 int afterc, char **after);
370 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
371 int afterc, char **after);
373 int GetAceInfo(int ac, char **av, void *ptr);
374 int GetServerList(char *ldap_domain, char **MasterServe);
375 int get_group_membership(char *group_membership, char *group_ou,
376 int *security_flag, char **av);
377 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *pPtr);
378 int Moira_container_group_create(char **after);
379 int Moira_container_group_delete(char **before);
380 int Moira_groupname_create(char *GroupName, char *ContainerName,
381 char *ContainerRowID);
382 int Moira_container_group_update(char **before, char **after);
383 int Moira_process_machine_container_group(char *MachineName, char* groupName,
385 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
386 int Moira_getContainerGroup(int ac, char **av, void *ptr);
387 int Moira_getGroupName(char *origContainerName, char *GroupName,
389 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
390 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
391 int UpdateGroup, int *ProcessGroup);
392 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
393 char *group_name, char *group_ou, char *group_membership,
394 int group_security_flag, int type);
395 int process_lists(int ac, char **av, void *ptr);
396 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
397 int HiddenGroup, char *AceType, char *AceName);
398 int ProcessMachineName(int ac, char **av, void *ptr);
399 void ReadConfigFile();
400 void StringTrim(char *StringToTrim);
401 int user_create(int ac, char **av, void *ptr);
402 int user_change_status(LDAP *ldap_handle, char *dn_path,
403 char *user_name, char *MoiraId, int operation);
404 int user_delete(LDAP *ldap_handle, char *dn_path,
405 char *u_name, char *MoiraId);
406 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
408 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
409 char *uid, char *MitId, char *MoiraId, int State,
410 char *WinHomeDir, char *WinProfileDir);
411 void change_to_lower_case(char *ptr);
412 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
413 int group_create(int ac, char **av, void *ptr);
414 int group_delete(LDAP *ldap_handle, char *dn_path,
415 char *group_name, char *group_membership, char *MoiraId);
416 int group_rename(LDAP *ldap_handle, char *dn_path,
417 char *before_group_name, char *before_group_membership,
418 char *before_group_ou, int before_security_flag, char *before_desc,
419 char *after_group_name, char *after_group_membership,
420 char *after_group_ou, int after_security_flag, char *after_desc,
421 char *MoiraId, char *filter);
422 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
423 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
424 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name);
425 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path, char *MoiraMachineName, char *DestinationOu);
426 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
427 char *group_name, char *group_ou, char *group_membership,
428 int group_security_flag, int updateGroup);
429 int member_list_build(int ac, char **av, void *ptr);
430 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
431 char *group_ou, char *group_membership,
432 char *user_name, char *pUserOu, char *MoiraId);
433 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
434 char *group_ou, char *group_membership, char *user_name,
435 char *pUserOu, char *MoiraId);
436 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
437 char *group_ou, char *group_membership,
438 int group_security_flag, char *MoiraId);
439 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
440 char *WinHomeDir, char *WinProfileDir,
441 char **homedir_v, char **winProfile_v,
442 char **drives_v, LDAPMod **mods,
445 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
446 int check_string(char *s);
447 int check_container_name(char* s);
449 int mr_connect_cl(char *server, char *client, int version, int auth);
451 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
452 char **before, int beforec, char **after, int afterc);
453 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
454 char **before, int beforec, char **after, int afterc);
455 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
456 char **before, int beforec, char **after, int afterc);
457 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
458 char **before, int beforec, char **after, int afterc);
459 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
460 char **before, int beforec, char **after, int afterc);
461 int linklist_create_entry(char *attribute, char *value,
462 LK_ENTRY **linklist_entry);
463 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
464 char **attr_array, LK_ENTRY **linklist_base,
465 int *linklist_count, unsigned long ScopeType);
466 void linklist_free(LK_ENTRY *linklist_base);
468 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
469 char *distinguished_name, LK_ENTRY **linklist_current);
470 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
471 LK_ENTRY **linklist_base, int *linklist_count);
472 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
473 char *Attribute, char *distinguished_name,
474 LK_ENTRY **linklist_current);
476 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
477 char *oldValue, char *newValue,
478 char ***modvalues, int type);
479 void free_values(char **modvalues);
481 int convert_domain_to_dn(char *domain, char **bind_path);
482 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
483 char *distinguished_name);
484 int moira_disconnect(void);
485 int moira_connect(void);
486 void print_to_screen(const char *fmt, ...);
487 int GetMachineName(char *MachineName);
488 int tickets_get_k5();
490 int destroy_cache(void);
493 int main(int argc, char **argv)
507 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
511 com_err(whoami, 0, "Unable to process %s", "argc < 4");
514 beforec = atoi(argv[2]);
515 afterc = atoi(argv[3]);
517 if (argc < (4 + beforec + afterc))
519 com_err(whoami, 0, "Unable to process %s", "argc < (4 + breforec + afterc)");
525 after = &argv[4 + beforec];
527 if (!strcmp(table, "filesys"))
535 for (i = 1; i < argc; i++)
537 strcat(tbl_buf, argv[i]);
538 strcat(tbl_buf, " ");
540 com_err(whoami, 0, "%s", tbl_buf);
542 memset(PrincipalName, '\0', sizeof(PrincipalName));
543 memset(ldap_domain, '\0', sizeof(ldap_domain));
544 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
546 NoChangeConfigFile = 0;
551 OldUseSFU30 = UseSFU30;
555 initialize_sms_error_table();
556 initialize_krb_error_table();
558 memset(default_server, '\0', sizeof(default_server));
559 memset(dn_path, '\0', sizeof(dn_path));
560 for (i = 0; i < 5; i++)
562 ldap_handle = (LDAP *)NULL;
563 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
564 default_server, 1, ServerList)))
566 if (ldap_handle == NULL)
568 if (!NoChangeConfigFile)
570 for (j = 0; j < MAX_SERVER_NAMES; j++)
572 if (ServerList[j] != NULL)
575 ServerList[j] = NULL;
578 GetServerList(ldap_domain, ServerList);
583 if ((rc) || (ldap_handle == NULL))
585 critical_alert("incremental", "winad.incr cannot connect to any server in domain %s", ldap_domain);
590 for (i = 0; i < (int)strlen(table); i++)
591 table[i] = tolower(table[i]);
593 if (!strcmp(table, "users"))
594 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
596 else if (!strcmp(table, "list"))
597 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
599 else if (!strcmp(table, "imembers"))
600 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
602 else if (!strcmp(table, "containers"))
603 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
605 else if (!strcmp(table, "mcntmap"))
606 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
608 if (OldUseSFU30 != UseSFU30)
610 if (!NoChangeConfigFile)
611 GetServerList(ldap_domain, ServerList);
614 for (i = 0; i < MAX_SERVER_NAMES; i++)
616 if (ServerList[i] != NULL)
619 ServerList[i] = NULL;
622 rc = ldap_unbind_s(ldap_handle);
627 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
628 char **before, int beforec, char **after, int afterc)
630 char MoiraContainerName[128];
631 char ADContainerName[128];
632 char MachineName[1024];
633 char OriginalMachineName[1024];
636 char MoiraContainerGroup[64];
639 memset(ADContainerName, '\0', sizeof(ADContainerName));
640 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
642 if ((beforec == 0) && (afterc == 0))
645 if (rc = moira_connect())
647 critical_alert("AD incremental",
648 "Error contacting Moira server : %s",
653 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
655 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
656 strcpy(MachineName, before[OU_MACHINE_NAME]);
657 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
659 com_err(whoami, 0, "removing machine %s from %s", OriginalMachineName, before[OU_CONTAINER_NAME]);
661 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
663 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
664 strcpy(MachineName, after[OU_MACHINE_NAME]);
665 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
666 com_err(whoami, 0, "adding machine %s to container %s", OriginalMachineName, after[OU_CONTAINER_NAME]);
674 rc = GetMachineName(MachineName);
675 if (strlen(MachineName) == 0)
678 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", OriginalMachineName);
681 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
683 if (machine_check(ldap_handle, dn_path, MachineName))
685 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", OriginalMachineName, MachineName);
689 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
690 machine_get_moira_container(ldap_handle, dn_path, MachineName, MoiraContainerName);
691 if (strlen(MoiraContainerName) == 0)
693 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container in Moira - moving to orphans OU.",
694 OriginalMachineName, MachineName);
695 machine_move_to_ou(ldap_handle, dn_path, MachineName, orphans_machines_ou);
699 container_get_dn(MoiraContainerName, ADContainerName);
700 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
701 strcat(MoiraContainerName, "/");
702 container_check(ldap_handle, dn_path, MoiraContainerName);
703 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
708 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
709 char **before, int beforec, char **after, int afterc)
713 if ((beforec == 0) && (afterc == 0))
716 if (rc = moira_connect())
718 critical_alert("AD incremental", "Error contacting Moira server : %s",
723 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
725 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
726 container_delete(ldap_handle, dn_path, beforec, before);
727 Moira_container_group_delete(before);
731 if ((beforec == 0) && (afterc != 0)) /*create a container*/
733 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
734 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
735 container_create(ldap_handle, dn_path, afterc, after);
736 Moira_container_group_create(after);
741 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
743 com_err(whoami, 0, "renaming container %s to %s", before[CONTAINER_NAME], after[CONTAINER_NAME]);
744 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
745 Moira_container_group_update(before, after);
749 com_err(whoami, 0, "updating container %s information", after[CONTAINER_NAME]);
750 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
751 Moira_container_group_update(before, after);
756 #define L_LIST_DESC 9
759 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
760 char **before, int beforec, char **after, int afterc)
765 char group_membership[6];
770 char before_list_id[32];
771 char before_group_membership[1];
772 int before_security_flag;
773 char before_group_ou[256];
774 LK_ENTRY *ptr = NULL;
776 if (beforec == 0 && afterc == 0)
779 memset(list_id, '\0', sizeof(list_id));
780 memset(before_list_id, '\0', sizeof(before_list_id));
781 memset(before_group_ou, '\0', sizeof(before_group_ou));
782 memset(before_group_membership, '\0', sizeof(before_group_membership));
783 memset(group_ou, '\0', sizeof(group_ou));
784 memset(group_membership, '\0', sizeof(group_membership));
789 if (beforec < L_LIST_ID)
791 if (beforec > L_LIST_DESC)
793 strcpy(before_list_id, before[L_LIST_ID]);
795 before_security_flag = 0;
796 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
800 if (afterc < L_LIST_ID)
802 if (afterc > L_LIST_DESC)
804 strcpy(list_id, after[L_LIST_ID]);
807 get_group_membership(group_membership, group_ou, &security_flag, after);
810 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
817 if ((rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
818 before_group_ou, before_group_membership,
819 before_security_flag, CHECK_GROUPS)))
821 if (rc == AD_NO_GROUPS_FOUND)
825 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
827 rc = process_group(ldap_handle, dn_path, before_list_id, before[L_NAME],
828 before_group_ou, before_group_membership,
829 before_security_flag, CLEANUP_GROUPS);
831 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
833 com_err(whoami, 0, "Unable to process list %s",
837 if (rc == AD_NO_GROUPS_FOUND)
843 if ((beforec != 0) && (afterc != 0))
845 if (((strcmp(after[L_NAME], before[L_NAME])) ||
846 ((!strcmp(after[L_NAME], before[L_NAME])) &&
847 (strcmp(before_group_ou, group_ou)))) &&
850 com_err(whoami, 0, "Changing list name from %s to %s",
851 before[L_NAME], after[L_NAME]);
852 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
853 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
855 com_err(whoami, 0, "%s", "Unable to find the group OU's");
858 memset(filter, '\0', sizeof(filter));
859 if ((rc = group_rename(ldap_handle, dn_path,
860 before[L_NAME], before_group_membership,
861 before_group_ou, before_security_flag, before[L_LIST_DESC],
862 after[L_NAME], group_membership,
863 group_ou, security_flag, after[L_LIST_DESC],
866 if (rc != AD_NO_GROUPS_FOUND)
868 com_err(whoami, 0, "Unable to change list name from %s to %s",
869 before[L_NAME], after[L_NAME]);
882 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
884 com_err(whoami, 0, "Unable to find the group OU for group %s", before[L_NAME]);
887 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
888 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
889 before_group_membership, before_list_id);
896 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
897 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
898 group_ou, group_membership,
899 security_flag, CHECK_GROUPS))
901 if (rc != AD_NO_GROUPS_FOUND)
903 if ((rc == AD_WRONG_GROUP_DN_FOUND) || (rc == AD_MULTIPLE_GROUPS_FOUND))
905 rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
906 group_ou, group_membership,
907 security_flag, CLEANUP_GROUPS);
911 com_err(whoami, 0, "Unable to create list %s", after[L_NAME]);
918 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
920 if (rc = moira_connect())
922 critical_alert("AD incremental",
923 "Error contacting Moira server : %s",
929 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0, &ProcessGroup))
933 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1, &ProcessGroup))
936 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
937 group_ou, group_membership, security_flag, updateGroup))
942 if (atoi(after[L_ACTIVE]))
944 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
945 group_membership, security_flag, list_id);
952 #define LM_EXTRA_ACTIVE (LM_END)
953 #define LM_EXTRA_PUBLIC (LM_END+1)
954 #define LM_EXTRA_HIDDEN (LM_END+2)
955 #define LM_EXTRA_MAILLIST (LM_END+3)
956 #define LM_EXTRA_GROUP (LM_END+4)
957 #define LM_EXTRA_GID (LM_END+5)
958 #define LMN_LIST_ID (LM_END+6)
959 #define LM_LIST_ID (LM_END+7)
960 #define LM_USER_ID (LM_END+8)
961 #define LM_EXTRA_END (LM_END+9)
963 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
964 char **before, int beforec, char **after, int afterc)
966 char group_name[128];
969 char moira_list_id[32];
970 char moira_user_id[32];
971 char group_membership[1];
973 char machine_ou[256];
979 char NewMachineName[1024];
986 memset(moira_list_id, '\0', sizeof(moira_list_id));
987 memset(moira_user_id, '\0', sizeof(moira_user_id));
990 if (afterc < LM_EXTRA_GID)
992 if (!atoi(after[LM_EXTRA_ACTIVE]))
994 com_err(whoami, 0, "Unable to add %s to group %s : group not active", after[2], after[0]);
998 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1000 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1001 after[2], after[0], after[0]);
1004 strcpy(user_name, after[LM_MEMBER]);
1005 strcpy(group_name, after[LM_LIST]);
1006 strcpy(user_type, after[LM_TYPE]);
1007 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1009 if (afterc > LM_EXTRA_GROUP)
1011 strcpy(moira_list_id, after[LMN_LIST_ID]);
1012 strcpy(moira_user_id, after[LM_LIST_ID]);
1015 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1017 if (afterc > LMN_LIST_ID)
1019 strcpy(moira_list_id, after[LM_LIST_ID]);
1020 strcpy(moira_user_id, after[LM_USER_ID]);
1025 if (afterc > LM_EXTRA_GID)
1026 strcpy(moira_list_id, after[LMN_LIST_ID]);
1031 if (beforec < LM_EXTRA_GID)
1033 if (!atoi(before[LM_EXTRA_ACTIVE]))
1035 com_err(whoami, 0, "Unable to add %s to group %s : group not active", before[2], before[0]);
1039 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1041 com_err(whoami, 0, "Unable to add %s to group %s : %s is not a group",
1042 before[2], before[0], before[0]);
1045 strcpy(user_name, before[LM_MEMBER]);
1046 strcpy(group_name, before[LM_LIST]);
1047 strcpy(user_type, before[LM_TYPE]);
1048 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1050 if (beforec > LM_EXTRA_GROUP)
1052 strcpy(moira_list_id, before[LMN_LIST_ID]);
1053 strcpy(moira_user_id, before[LM_LIST_ID]);
1056 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1058 if (beforec > LMN_LIST_ID)
1060 strcpy(moira_list_id, before[LM_LIST_ID]);
1061 strcpy(moira_user_id, before[LM_USER_ID]);
1066 if (beforec > LM_EXTRA_GID)
1067 strcpy(moira_list_id, before[LMN_LIST_ID]);
1073 com_err(whoami, 0, "Unable to process group : beforec = %d, afterc = %d", beforec, afterc);
1077 args[L_NAME] = ptr[LM_LIST];
1078 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1079 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1080 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1081 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1082 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1083 args[L_GID] = ptr[LM_EXTRA_GID];
1086 memset(group_ou, '\0', sizeof(group_ou));
1087 get_group_membership(group_membership, group_ou, &security_flag, args);
1088 if (strlen(group_ou) == 0)
1090 com_err(whoami, 0, "Unable to find the group OU for group %s", group_name);
1093 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CHECK_GROUPS))
1095 if (rc != AD_NO_GROUPS_FOUND)
1097 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name, group_ou, group_membership, security_flag, CLEANUP_GROUPS))
1099 if (rc != AD_NO_GROUPS_FOUND)
1102 com_err(whoami, 0, "Unable to add %s to group %s - unable to process group", user_name, group_name);
1104 com_err(whoami, 0, "Unable to remove %s from group %s - unable to process group", user_name, group_name);
1110 if (rc == AD_NO_GROUPS_FOUND)
1112 if (rc = moira_connect())
1114 critical_alert("AD incremental",
1115 "Error contacting Moira server : %s",
1120 com_err(whoami, 0, "creating group %s", group_name);
1122 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0, &ProcessGroup))
1126 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1, &ProcessGroup))
1129 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1130 group_ou, group_membership, security_flag, 0))
1135 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1137 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1138 group_membership, security_flag, moira_list_id);
1145 com_err(whoami, 0, "removing user %s from list %s", user_name, group_name);
1147 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1149 memset(machine_ou, '\0', sizeof(machine_ou));
1150 memset(NewMachineName, '\0', sizeof(NewMachineName));
1151 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1153 ptr[LM_MEMBER] = NewMachineName;
1154 pUserOu = machine_ou;
1156 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1158 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1160 pUserOu = contact_ou;
1162 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1164 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1166 pUserOu = kerberos_ou;
1168 if (rc = member_remove(ldap_handle, dn_path, group_name,
1169 group_ou, group_membership, ptr[LM_MEMBER],
1170 pUserOu, moira_list_id))
1171 com_err(whoami, 0, "Unable to remove %s from group %s", user_name, group_name);
1175 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1178 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1180 memset(machine_ou, '\0', sizeof(machine_ou));
1181 memset(NewMachineName, '\0', sizeof(NewMachineName));
1182 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou, NewMachineName))
1184 ptr[LM_MEMBER] = NewMachineName;
1185 pUserOu = machine_ou;
1187 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1189 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
1191 pUserOu = contact_ou;
1193 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1195 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
1197 pUserOu = kerberos_ou;
1199 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1201 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1202 moira_user_id)) == AD_NO_USER_FOUND)
1204 if (rc = moira_connect())
1206 critical_alert("AD incremental",
1207 "Error connection to Moira : %s",
1211 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1212 av[0] = ptr[LM_MEMBER];
1213 call_args[0] = (char *)ldap_handle;
1214 call_args[1] = dn_path;
1215 call_args[2] = moira_user_id;
1216 call_args[3] = NULL;
1219 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1223 com_err(whoami, 0, "Unable to create user %s : %s",
1224 ptr[LM_MEMBER], error_message(rc));
1230 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1242 if (rc = member_add(ldap_handle, dn_path, group_name,
1243 group_ou, group_membership, ptr[LM_MEMBER],
1244 pUserOu, moira_list_id))
1246 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1252 #define U_USER_ID 10
1253 #define U_HOMEDIR 11
1254 #define U_PROFILEDIR 12
1256 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1257 char **before, int beforec, char **after,
1262 char after_user_id[32];
1263 char before_user_id[32];
1266 if ((beforec == 0) && (afterc == 0))
1269 memset(after_user_id, '\0', sizeof(after_user_id));
1270 memset(before_user_id, '\0', sizeof(before_user_id));
1271 if (beforec > U_USER_ID)
1272 strcpy(before_user_id, before[U_USER_ID]);
1273 if (afterc > U_USER_ID)
1274 strcpy(after_user_id, after[U_USER_ID]);
1276 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1279 if ((beforec == 0) && (afterc != 0))
1281 /*this case only happens when the account*/
1282 /*account is first created but not usable*/
1283 com_err(whoami, 0, "Unable to process user %s because the user account is not yet usable", after[U_NAME]);
1286 if ((beforec != 0) && (afterc == 0)) /*this case only happens when the account*/
1288 if (atoi(before[U_STATE]) == 0)
1290 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1291 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1295 com_err(whoami, 0, "Unable to process because user %s has been previously expungeded", before[U_NAME]);
1300 /*process anything that gets here*/
1301 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1302 before_user_id)) == AD_NO_USER_FOUND)
1304 if (!check_string(after[U_NAME]))
1306 if (rc = moira_connect())
1308 critical_alert("AD incremental",
1309 "Error connection to Moira : %s",
1313 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1315 av[0] = after[U_NAME];
1316 call_args[0] = (char *)ldap_handle;
1317 call_args[1] = dn_path;
1318 call_args[2] = after_user_id;
1319 call_args[3] = NULL;
1321 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
1325 com_err(whoami, 0, "Unable to create user %s : %s",
1326 after[U_NAME], error_message(rc));
1332 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1342 if (strcmp(before[U_NAME], after[U_NAME]))
1344 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1346 com_err(whoami, 0, "changing user %s to %s",
1347 before[U_NAME], after[U_NAME]);
1348 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1349 after[U_NAME])) != LDAP_SUCCESS)
1355 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1356 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1357 after[U_UID], after[U_MITID],
1358 after_user_id, atoi(after[U_STATE]),
1359 after[U_HOMEDIR], after[U_PROFILEDIR]);
1363 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1364 char *oldValue, char *newValue,
1365 char ***modvalues, int type)
1367 LK_ENTRY *linklist_ptr;
1371 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1376 for (i = 0; i < (modvalue_count + 1); i++)
1377 (*modvalues)[i] = NULL;
1378 if (modvalue_count != 0)
1380 linklist_ptr = linklist_base;
1381 for (i = 0; i < modvalue_count; i++)
1383 if ((oldValue != NULL) && (newValue != NULL))
1385 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1388 if (type == REPLACE)
1390 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1393 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1394 strcpy((*modvalues)[i], newValue);
1398 if (((*modvalues)[i] = calloc(1,
1399 (int)(cPtr - linklist_ptr->value) +
1400 (linklist_ptr->length - strlen(oldValue)) +
1401 strlen(newValue) + 1)) == NULL)
1403 memset((*modvalues)[i], '\0',
1404 (int)(cPtr - linklist_ptr->value) +
1405 (linklist_ptr->length - strlen(oldValue)) +
1406 strlen(newValue) + 1);
1407 memcpy((*modvalues)[i], linklist_ptr->value,
1408 (int)(cPtr - linklist_ptr->value));
1409 strcat((*modvalues)[i], newValue);
1410 strcat((*modvalues)[i],
1411 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1416 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1417 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1418 memcpy((*modvalues)[i], linklist_ptr->value,
1419 linklist_ptr->length);
1424 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1425 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1426 memcpy((*modvalues)[i], linklist_ptr->value,
1427 linklist_ptr->length);
1429 linklist_ptr = linklist_ptr->next;
1431 (*modvalues)[i] = NULL;
1437 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1438 char **attr_array, LK_ENTRY **linklist_base,
1439 int *linklist_count, unsigned long ScopeType)
1442 LDAPMessage *ldap_entry;
1446 (*linklist_base) = NULL;
1447 (*linklist_count) = 0;
1448 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1449 search_exp, attr_array, 0, &ldap_entry))
1452 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1456 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1458 ldap_msgfree(ldap_entry);
1463 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1464 LK_ENTRY **linklist_base, int *linklist_count)
1466 char distinguished_name[1024];
1467 LK_ENTRY *linklist_ptr;
1470 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1473 memset(distinguished_name, '\0', sizeof(distinguished_name));
1474 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1476 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1477 linklist_base)) != 0)
1480 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1482 memset(distinguished_name, '\0', sizeof(distinguished_name));
1483 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1485 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1486 linklist_base)) != 0)
1490 linklist_ptr = (*linklist_base);
1491 (*linklist_count) = 0;
1492 while (linklist_ptr != NULL)
1494 ++(*linklist_count);
1495 linklist_ptr = linklist_ptr->next;
1500 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1501 char *distinguished_name, LK_ENTRY **linklist_current)
1507 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1509 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1511 ldap_memfree(Attribute);
1512 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1515 retrieve_values(ldap_handle, ldap_entry, Attribute,
1516 distinguished_name, linklist_current);
1517 ldap_memfree(Attribute);
1520 ldap_ber_free(ptr, 0);
1524 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1525 char *Attribute, char *distinguished_name,
1526 LK_ENTRY **linklist_current)
1532 LK_ENTRY *linklist_previous;
1533 LDAP_BERVAL **ber_value;
1541 SID_IDENTIFIER_AUTHORITY *sid_auth;
1542 unsigned char *subauth_count;
1543 #endif /*LDAP_BEGUG*/
1546 memset(temp, '\0', sizeof(temp));
1547 if ((!strcmp(Attribute, "objectSid")) ||
1548 (!strcmp(Attribute, "objectGUID")))
1553 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1554 Ptr = (void **)ber_value;
1559 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1560 Ptr = (void **)str_value;
1567 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1569 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1570 linklist_previous->next = (*linklist_current);
1571 (*linklist_current) = linklist_previous;
1573 if (((*linklist_current)->attribute = calloc(1,
1574 strlen(Attribute) + 1)) == NULL)
1576 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1577 strcpy((*linklist_current)->attribute, Attribute);
1580 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1581 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1583 memset((*linklist_current)->value, '\0', ber_length);
1584 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1586 (*linklist_current)->length = ber_length;
1590 if (((*linklist_current)->value = calloc(1,
1591 strlen(*Ptr) + 1)) == NULL)
1593 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1594 (*linklist_current)->length = strlen(*Ptr);
1595 strcpy((*linklist_current)->value, *Ptr);
1597 (*linklist_current)->ber_value = use_bervalue;
1598 if (((*linklist_current)->dn = calloc(1,
1599 strlen(distinguished_name) + 1)) == NULL)
1601 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1602 strcpy((*linklist_current)->dn, distinguished_name);
1605 if (!strcmp(Attribute, "objectGUID"))
1607 guid = (GUID *)((*linklist_current)->value);
1608 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1609 guid->Data1, guid->Data2, guid->Data3,
1610 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1611 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1612 guid->Data4[6], guid->Data4[7]);
1613 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1615 else if (!strcmp(Attribute, "objectSid"))
1617 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1619 print_to_screen(" Revision = %d\n", sid->Revision);
1620 print_to_screen(" SID Identifier Authority:\n");
1621 sid_auth = &sid->IdentifierAuthority;
1622 if (sid_auth->Value[0])
1623 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1624 else if (sid_auth->Value[1])
1625 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1626 else if (sid_auth->Value[2])
1627 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1628 else if (sid_auth->Value[3])
1629 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1630 else if (sid_auth->Value[5])
1631 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1633 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1634 subauth_count = GetSidSubAuthorityCount(sid);
1635 print_to_screen(" SidSubAuthorityCount = %d\n",
1637 print_to_screen(" SidSubAuthority:\n");
1638 for (i = 0; i < *subauth_count; i++)
1640 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1641 print_to_screen(" %u\n", *subauth);
1645 else if ((!memcmp(Attribute, "userAccountControl",
1646 strlen("userAccountControl"))) ||
1647 (!memcmp(Attribute, "sAMAccountType",
1648 strlen("sAmAccountType"))))
1650 intValue = atoi(*Ptr);
1651 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1652 if (!memcmp(Attribute, "userAccountControl",
1653 strlen("userAccountControl")))
1655 if (intValue & UF_ACCOUNTDISABLE)
1656 print_to_screen(" %20s : %s\n",
1657 "", "Account disabled");
1659 print_to_screen(" %20s : %s\n",
1660 "", "Account active");
1661 if (intValue & UF_HOMEDIR_REQUIRED)
1662 print_to_screen(" %20s : %s\n",
1663 "", "Home directory required");
1664 if (intValue & UF_LOCKOUT)
1665 print_to_screen(" %20s : %s\n",
1666 "", "Account locked out");
1667 if (intValue & UF_PASSWD_NOTREQD)
1668 print_to_screen(" %20s : %s\n",
1669 "", "No password required");
1670 if (intValue & UF_PASSWD_CANT_CHANGE)
1671 print_to_screen(" %20s : %s\n",
1672 "", "Cannot change password");
1673 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1674 print_to_screen(" %20s : %s\n",
1675 "", "Temp duplicate account");
1676 if (intValue & UF_NORMAL_ACCOUNT)
1677 print_to_screen(" %20s : %s\n",
1678 "", "Normal account");
1679 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1680 print_to_screen(" %20s : %s\n",
1681 "", "Interdomain trust account");
1682 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1683 print_to_screen(" %20s : %s\n",
1684 "", "Workstation trust account");
1685 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1686 print_to_screen(" %20s : %s\n",
1687 "", "Server trust account");
1692 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1694 #endif /*LDAP_DEBUG*/
1696 if (str_value != NULL)
1697 ldap_value_free(str_value);
1698 if (ber_value != NULL)
1699 ldap_value_free_len(ber_value);
1701 (*linklist_current) = linklist_previous;
1705 int moira_connect(void)
1710 if (!mr_connections++)
1713 memset(HostName, '\0', sizeof(HostName));
1714 strcpy(HostName, "ttsp");
1715 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1717 rc = mr_connect(HostName);
1722 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1724 rc = mr_connect(uts.nodename);
1729 rc = mr_krb5_auth("winad.incr");
1736 void check_winad(void)
1740 for (i = 0; file_exists(STOP_FILE); i++)
1744 critical_alert("AD incremental",
1745 "WINAD incremental failed (%s exists): %s",
1746 STOP_FILE, tbl_buf);
1753 int moira_disconnect(void)
1756 if (!--mr_connections)
1763 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1764 char *distinguished_name)
1768 CName = ldap_get_dn(ldap_handle, ldap_entry);
1771 strcpy(distinguished_name, CName);
1772 ldap_memfree(CName);
1775 int linklist_create_entry(char *attribute, char *value,
1776 LK_ENTRY **linklist_entry)
1778 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1779 if (!(*linklist_entry))
1783 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1784 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1785 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1786 strcpy((*linklist_entry)->attribute, attribute);
1787 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1788 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1789 strcpy((*linklist_entry)->value, value);
1790 (*linklist_entry)->length = strlen(value);
1791 (*linklist_entry)->next = NULL;
1795 void print_to_screen(const char *fmt, ...)
1799 va_start(pvar, fmt);
1800 vfprintf(stderr, fmt, pvar);
1805 int get_group_membership(char *group_membership, char *group_ou,
1806 int *security_flag, char **av)
1811 maillist_flag = atoi(av[L_MAILLIST]);
1812 group_flag = atoi(av[L_GROUP]);
1813 if (security_flag != NULL)
1814 (*security_flag) = 0;
1816 if ((maillist_flag) && (group_flag))
1818 if (group_membership != NULL)
1819 group_membership[0] = 'B';
1820 if (security_flag != NULL)
1821 (*security_flag) = 1;
1822 if (group_ou != NULL)
1823 strcpy(group_ou, group_ou_both);
1825 else if ((!maillist_flag) && (group_flag))
1827 if (group_membership != NULL)
1828 group_membership[0] = 'S';
1829 if (security_flag != NULL)
1830 (*security_flag) = 1;
1831 if (group_ou != NULL)
1832 strcpy(group_ou, group_ou_security);
1834 else if ((maillist_flag) && (!group_flag))
1836 if (group_membership != NULL)
1837 group_membership[0] = 'D';
1838 if (group_ou != NULL)
1839 strcpy(group_ou, group_ou_distribution);
1843 if (group_membership != NULL)
1844 group_membership[0] = 'N';
1845 if (group_ou != NULL)
1846 strcpy(group_ou, group_ou_neither);
1851 int group_rename(LDAP *ldap_handle, char *dn_path,
1852 char *before_group_name, char *before_group_membership,
1853 char *before_group_ou, int before_security_flag, char *before_desc,
1854 char *after_group_name, char *after_group_membership,
1855 char *after_group_ou, int after_security_flag, char *after_desc,
1856 char *MoiraId, char *filter)
1861 char new_dn_path[512];
1863 char *attr_array[3];
1864 char *mitMoiraId_v[] = {NULL, NULL};
1865 char *name_v[] = {NULL, NULL};
1866 char *samAccountName_v[] = {NULL, NULL};
1867 char *groupTypeControl_v[] = {NULL, NULL};
1868 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1869 char groupTypeControlStr[80];
1873 LK_ENTRY *group_base;
1876 if (!check_string(before_group_name))
1878 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", before_group_name);
1879 return(AD_INVALID_NAME);
1881 if (!check_string(after_group_name))
1883 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", after_group_name);
1884 return(AD_INVALID_NAME);
1889 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
1890 before_group_membership,
1891 MoiraId, "distinguishedName", &group_base,
1892 &group_count, filter))
1895 if (group_count == 0)
1897 return(AD_NO_GROUPS_FOUND);
1899 if (group_count != 1)
1902 "Unable to process multiple groups with MoiraId = %s exist in the AD",
1904 return(AD_MULTIPLE_GROUPS_FOUND);
1906 strcpy(old_dn, group_base->value);
1908 linklist_free(group_base);
1911 attr_array[0] = "sAMAccountName";
1912 attr_array[1] = NULL;
1913 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1914 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
1916 com_err(whoami, 0, "Unable to get list %s dn : %s",
1917 after_group_name, ldap_err2string(rc));
1920 if (group_count != 1)
1923 "Unable to get sAMAccountName for group %s",
1925 return(AD_LDAP_FAILURE);
1928 strcpy(sam_name, group_base->value);
1929 linklist_free(group_base);
1933 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1934 sprintf(new_dn, "cn=%s", after_group_name);
1935 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1936 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1938 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
1939 before_group_name, after_group_name, ldap_err2string(rc));
1943 name_v[0] = after_group_name;
1944 if (!strncmp(&sam_name[strlen(sam_name) - strlen("_group")], "_group", strlen("_group")))
1946 sprintf(sam_name, "%s_group", after_group_name);
1950 com_err(whoami, 0, "Unable to rename list from %s to %s : sAMAccountName not found",
1951 before_group_name, after_group_name);
1954 samAccountName_v[0] = sam_name;
1955 if (after_security_flag)
1956 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1957 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1958 groupTypeControl_v[0] = groupTypeControlStr;
1959 mitMoiraId_v[0] = MoiraId;
1961 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1962 rc = attribute_update(ldap_handle, new_dn, after_desc, "description", after_group_name);
1964 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1965 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1966 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
1967 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
1969 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1971 com_err(whoami, 0, "Unable to modify list data for %s after renaming: %s",
1972 after_group_name, ldap_err2string(rc));
1974 for (i = 0; i < n; i++)
1979 int group_create(int ac, char **av, void *ptr)
1984 char new_group_name[256];
1985 char sam_group_name[256];
1986 char cn_group_name[256];
1987 char *cn_v[] = {NULL, NULL};
1988 char *objectClass_v[] = {"top", "group", NULL};
1990 char *samAccountName_v[] = {NULL, NULL};
1991 char *altSecurityIdentities_v[] = {NULL, NULL};
1992 char *member_v[] = {NULL, NULL};
1993 char *name_v[] = {NULL, NULL};
1994 char *desc_v[] = {NULL, NULL};
1995 char *info_v[] = {NULL, NULL};
1996 char *mitMoiraId_v[] = {NULL, NULL};
1997 char *groupTypeControl_v[] = {NULL, NULL};
1998 char groupTypeControlStr[80];
1999 char group_membership[1];
2002 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2010 if (!check_string(av[L_NAME]))
2012 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", av[L_NAME]);
2013 return(AD_INVALID_NAME);
2016 updateGroup = (int)call_args[4];
2017 memset(group_ou, 0, sizeof(group_ou));
2018 memset(group_membership, 0, sizeof(group_membership));
2020 get_group_membership(group_membership, group_ou, &security_flag, av);
2021 strcpy(new_group_name, av[L_NAME]);
2022 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2024 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2026 sprintf(sam_group_name, "%s_group", av[L_NAME]);
2031 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2032 groupTypeControl_v[0] = groupTypeControlStr;
2034 strcpy(cn_group_name, av[L_NAME]);
2036 samAccountName_v[0] = sam_group_name;
2037 name_v[0] = new_group_name;
2038 cn_v[0] = new_group_name;
2041 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2042 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2043 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2044 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2045 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2046 if (strlen(av[L_DESC]) != 0)
2048 desc_v[0] = av[L_DESC];
2049 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2051 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2052 if (strlen(av[L_ACE_NAME]) != 0)
2054 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2056 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2058 if (strlen(call_args[5]) != 0)
2060 mitMoiraId_v[0] = call_args[5];
2061 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2065 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2067 for (i = 0; i < n; i++)
2069 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2071 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2072 av[L_NAME], ldap_err2string(rc));
2077 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2079 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC], "description", av[L_NAME]);
2080 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2081 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info", av[L_NAME]);
2083 if (strlen(call_args[5]) != 0)
2085 mitMoiraId_v[0] = call_args[5];
2086 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2088 if (!(atoi(av[L_ACTIVE])))
2091 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2097 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2098 for (i = 0; i < n; i++)
2100 if (rc != LDAP_SUCCESS)
2102 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2103 av[L_NAME], ldap_err2string(rc));
2110 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2111 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2113 return(LDAP_SUCCESS);
2116 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path, char *TargetGroupName,
2117 int HiddenGroup, char *AceType, char *AceName)
2119 char filter_exp[1024];
2120 char *attr_array[5];
2121 char search_path[512];
2123 char TemplateDn[512];
2124 char TemplateSamName[128];
2126 char TargetSamName[128];
2127 char AceSamAccountName[128];
2129 unsigned char AceSid[128];
2130 unsigned char UserTemplateSid[128];
2131 char acBERBuf[N_SD_BER_BYTES];
2132 char GroupSecurityTemplate[256];
2134 int UserTemplateSidCount;
2141 int array_count = 0;
2143 LK_ENTRY *group_base;
2144 LDAP_BERVAL **ppsValues;
2145 LDAPControl sControl = {"1.2.840.113556.1.4.801",
2146 { N_SD_BER_BYTES, acBERBuf },
2149 LDAPControl *apsServerControls[] = {&sControl, NULL};
2152 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
2153 BEREncodeSecurityBits(dwInfo, acBERBuf);
2155 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
2156 sprintf(filter_exp, "(sAMAccountName=%s_group)", TargetGroupName);
2157 attr_array[0] = "sAMAccountName";
2158 attr_array[1] = NULL;
2161 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2162 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2164 if (group_count != 1)
2166 linklist_free(group_base);
2169 strcpy(TargetDn, group_base->dn);
2170 strcpy(TargetSamName, group_base->value);
2171 linklist_free(group_base);
2175 UserTemplateSidCount = 0;
2176 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
2177 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
2178 memset(AceSid, '\0', sizeof(AceSid));
2182 if (strlen(AceName) != 0)
2184 if (!strcmp(AceType, "LIST"))
2186 sprintf(AceSamAccountName, "%s_group", AceName);
2187 strcpy(root_ou, group_ou_root);
2189 else if (!strcmp(AceType, "USER"))
2191 sprintf(AceSamAccountName, "%s", AceName);
2192 strcpy(root_ou, user_ou);
2194 if (strlen(AceSamAccountName) != 0)
2196 sprintf(search_path, "%s", dn_path);
2197 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
2198 attr_array[0] = "objectSid";
2199 attr_array[1] = NULL;
2202 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2203 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2205 if (group_count == 1)
2207 strcpy(AceDn, group_base->dn);
2208 AceSidCount = group_base->length;
2209 memcpy(AceSid, group_base->value, AceSidCount);
2211 linklist_free(group_base);
2216 if (AceSidCount == 0)
2218 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not have an AD SID.", TargetGroupName, AceName, AceType);
2219 com_err(whoami, 0, " Non-admin security group template will be used.");
2223 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2224 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
2225 attr_array[0] = "objectSid";
2226 attr_array[1] = NULL;
2230 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2231 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2233 if ((rc != 0) || (group_count != 1))
2235 com_err(whoami, 0, "Unable to process user security template: %s", "UserTemplate");
2240 UserTemplateSidCount = group_base->length;
2241 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
2243 linklist_free(group_base);
2250 if (AceSidCount == 0)
2252 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
2253 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
2257 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
2258 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
2263 if (AceSidCount == 0)
2265 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
2266 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
2270 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
2271 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP_WITH_ADMIN);
2275 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
2276 attr_array[0] = "sAMAccountName";
2277 attr_array[1] = NULL;
2280 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
2281 &group_base, &group_count, LDAP_SCOPE_SUBTREE) != 0))
2283 if (group_count != 1)
2285 linklist_free(group_base);
2286 com_err(whoami, 0, "Unable to process group security template: %s - security not set", GroupSecurityTemplate);
2289 strcpy(TemplateDn, group_base->dn);
2290 strcpy(TemplateSamName, group_base->value);
2291 linklist_free(group_base);
2295 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
2296 rc = ldap_search_ext_s(ldap_handle,
2308 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
2310 com_err(whoami, 0, "Unable to find group security template: %s - security not set", GroupSecurityTemplate);
2313 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
2314 if (ppsValues == NULL)
2316 com_err(whoami, 0, "Unable to find group security descriptor for group %s - security not set", GroupSecurityTemplate);
2320 if (AceSidCount != 0)
2322 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
2324 for (i = 0; i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
2326 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid, UserTemplateSidCount))
2328 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
2336 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
2339 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
2340 for (i = 0; i < n; i++)
2342 ldap_value_free_len(ppsValues);
2343 ldap_msgfree(psMsg);
2344 if (rc != LDAP_SUCCESS)
2346 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
2347 TargetGroupName, ldap_err2string(rc));
2348 if (AceSidCount != 0)
2350 com_err(whoami, 0, "Trying to set security for group %s without admin.",
2352 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
2353 HiddenGroup, "", ""))
2355 com_err(whoami, 0, "Unable to set security for group %s.",
2365 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
2366 char *group_membership, char *MoiraId)
2368 LK_ENTRY *group_base;
2374 if (!check_string(group_name))
2376 com_err(whoami, 0, "Unable to process invalid LDAP list name %s", group_name);
2377 return(AD_INVALID_NAME);
2380 memset(filter, '\0', sizeof(filter));
2383 sprintf(temp, "%s,%s", group_ou_root, dn_path);
2384 if (rc = ad_get_group(ldap_handle, temp, group_name,
2385 group_membership, MoiraId,
2386 "distinguishedName", &group_base,
2387 &group_count, filter))
2390 if (group_count == 1)
2392 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
2394 linklist_free(group_base);
2395 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
2396 group_name, ldap_err2string(rc));
2399 linklist_free(group_base);
2403 linklist_free(group_base);
2404 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
2405 return(AD_NO_GROUPS_FOUND);
2411 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
2417 return(N_SD_BER_BYTES);
2420 int process_lists(int ac, char **av, void *ptr)
2425 char group_membership[2];
2431 memset(group_ou, '\0', sizeof(group_ou));
2432 memset(group_membership, '\0', sizeof(group_membership));
2433 get_group_membership(group_membership, group_ou, &security_flag, av);
2434 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
2435 group_ou, group_membership, call_args[2],
2436 (char *)call_args[3], "");
2440 int member_list_build(int ac, char **av, void *ptr)
2448 strcpy(temp, av[ACE_NAME]);
2449 if (!check_string(temp))
2451 if (!strcmp(av[ACE_TYPE], "USER"))
2453 if (!((int)call_args[3] & MOIRA_USERS))
2456 else if (!strcmp(av[ACE_TYPE], "STRING"))
2458 if (!((int)call_args[3] & MOIRA_STRINGS))
2460 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
2463 else if (!strcmp(av[ACE_TYPE], "LIST"))
2465 if (!((int)call_args[3] & MOIRA_LISTS))
2468 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
2470 if (!((int)call_args[3] & MOIRA_KERBEROS))
2472 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
2478 linklist = member_base;
2481 if (!strcasecmp(temp, linklist->member))
2483 linklist = linklist->next;
2485 linklist = calloc(1, sizeof(LK_ENTRY));
2487 linklist->dn = NULL;
2488 linklist->list = calloc(1, strlen(call_args[2]) + 1);
2489 strcpy(linklist->list, call_args[2]);
2490 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
2491 strcpy(linklist->type, av[ACE_TYPE]);
2492 linklist->member = calloc(1, strlen(temp) + 1);
2493 strcpy(linklist->member, temp);
2494 linklist->next = member_base;
2495 member_base = linklist;
2499 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
2500 char *group_ou, char *group_membership, char *user_name,
2501 char *UserOu, char *MoiraId)
2503 char distinguished_name[1024];
2511 LK_ENTRY *group_base;
2514 if (!check_string(group_name))
2515 return(AD_INVALID_NAME);
2517 memset(filter, '\0', sizeof(filter));
2520 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2521 group_membership, MoiraId,
2522 "distinguishedName", &group_base,
2523 &group_count, filter))
2526 if (group_count != 1)
2528 com_err(whoami, 0, "Unable to find list %s in AD",
2530 linklist_free(group_base);
2535 strcpy(distinguished_name, group_base->value);
2536 linklist_free(group_base);
2540 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2541 modvalues[0] = temp;
2542 modvalues[1] = NULL;
2545 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
2547 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2548 for (i = 0; i < n; i++)
2550 if (rc == LDAP_UNWILLING_TO_PERFORM)
2552 if (rc != LDAP_SUCCESS)
2554 com_err(whoami, 0, "Unable to modify list %s members : %s",
2555 group_name, ldap_err2string(rc));
2563 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
2564 char *group_ou, char *group_membership, char *user_name,
2565 char *UserOu, char *MoiraId)
2567 char distinguished_name[1024];
2575 LK_ENTRY *group_base;
2578 if (!check_string(group_name))
2579 return(AD_INVALID_NAME);
2582 memset(filter, '\0', sizeof(filter));
2585 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
2586 group_membership, MoiraId,
2587 "distinguishedName", &group_base,
2588 &group_count, filter))
2591 if (group_count != 1)
2593 linklist_free(group_base);
2596 com_err(whoami, 0, "Unable to find list %s in AD",
2598 return(AD_MULTIPLE_GROUPS_FOUND);
2601 strcpy(distinguished_name, group_base->value);
2602 linklist_free(group_base);
2606 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
2607 modvalues[0] = temp;
2608 modvalues[1] = NULL;
2611 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2613 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2614 if (rc == LDAP_ALREADY_EXISTS)
2616 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
2618 if (rc == LDAP_UNWILLING_TO_PERFORM)
2621 for (i = 0; i < n; i++)
2623 if (rc != LDAP_SUCCESS)
2625 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
2626 user_name, group_name, ldap_err2string(rc));
2632 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2636 char cn_user_name[256];
2637 char contact_name[256];
2638 char *email_v[] = {NULL, NULL};
2639 char *cn_v[] = {NULL, NULL};
2640 char *contact_v[] = {NULL, NULL};
2641 char *objectClass_v[] = {"top", "person",
2642 "organizationalPerson",
2644 char *name_v[] = {NULL, NULL};
2645 char *desc_v[] = {NULL, NULL};
2650 if (!check_string(user))
2652 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
2653 return(AD_INVALID_NAME);
2655 strcpy(contact_name, user);
2656 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2657 cn_v[0] = cn_user_name;
2658 contact_v[0] = contact_name;
2660 desc_v[0] = "Auto account created by Moira";
2663 strcpy(new_dn, cn_user_name);
2665 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2666 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2667 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2668 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2669 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2670 if (!strcmp(group_ou, contact_ou))
2672 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2676 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2677 for (i = 0; i < n; i++)
2679 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2682 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2683 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2684 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2685 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2686 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2688 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2689 for (i = 0; i < n; i++)
2692 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2694 com_err(whoami, 0, "Unable to create contact %s : %s",
2695 user, ldap_err2string(rc));
2701 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2702 char *Uid, char *MitId, char *MoiraId, int State,
2703 char *WinHomeDir, char *WinProfileDir)
2706 LK_ENTRY *group_base;
2708 char distinguished_name[512];
2709 char *mitMoiraId_v[] = {NULL, NULL};
2710 char *uid_v[] = {NULL, NULL};
2711 char *mitid_v[] = {NULL, NULL};
2712 char *homedir_v[] = {NULL, NULL};
2713 char *winProfile_v[] = {NULL, NULL};
2714 char *drives_v[] = {NULL, NULL};
2715 char *userAccountControl_v[] = {NULL, NULL};
2716 char userAccountControlStr[80];
2721 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2723 char *attr_array[3];
2726 if (!check_string(user_name))
2728 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2729 return(AD_INVALID_NAME);
2735 if (strlen(MoiraId) != 0)
2737 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
2738 attr_array[0] = "cn";
2739 attr_array[1] = NULL;
2740 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2741 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2743 com_err(whoami, 0, "Unable to process user %s : %s",
2744 user_name, ldap_err2string(rc));
2748 if (group_count != 1)
2750 linklist_free(group_base);
2753 sprintf(filter, "(sAMAccountName=%s)", user_name);
2754 attr_array[0] = "cn";
2755 attr_array[1] = NULL;
2756 sprintf(temp, "%s,%s", user_ou, dn_path);
2757 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
2758 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
2760 com_err(whoami, 0, "Unable to process user %s : %s",
2761 user_name, ldap_err2string(rc));
2766 if (group_count != 1)
2768 com_err(whoami, 0, "Unable to find user %s in AD",
2770 linklist_free(group_base);
2771 return(AD_NO_USER_FOUND);
2773 strcpy(distinguished_name, group_base->dn);
2775 linklist_free(group_base);
2778 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
2779 rc = attribute_update(ldap_handle, distinguished_name, MitId, "employeeID", user_name);
2781 rc = attribute_update(ldap_handle, distinguished_name, "none", "employeeID", user_name);
2782 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid", user_name);
2783 rc = attribute_update(ldap_handle, distinguished_name, MoiraId, "mitMoiraId", user_name);
2789 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2793 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
2797 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
2798 userAccountControl |= UF_ACCOUNTDISABLE;
2799 sprintf(userAccountControlStr, "%ld", userAccountControl);
2800 userAccountControl_v[0] = userAccountControlStr;
2801 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
2803 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
2804 WinProfileDir, homedir_v, winProfile_v,
2805 drives_v, mods, LDAP_MOD_REPLACE, n);
2808 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2810 OldUseSFU30 = UseSFU30;
2811 SwitchSFU(mods, &UseSFU30, n);
2812 if (OldUseSFU30 != UseSFU30)
2813 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2816 com_err(whoami, 0, "Unable to modify user data for %s : %s",
2817 user_name, ldap_err2string(rc));
2820 for (i = 0; i < n; i++)
2825 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2833 char *userPrincipalName_v[] = {NULL, NULL};
2834 char *altSecurityIdentities_v[] = {NULL, NULL};
2835 char *name_v[] = {NULL, NULL};
2836 char *samAccountName_v[] = {NULL, NULL};
2841 if (!check_string(before_user_name))
2843 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", before_user_name);
2844 return(AD_INVALID_NAME);
2846 if (!check_string(user_name))
2848 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
2849 return(AD_INVALID_NAME);
2852 strcpy(user_name, user_name);
2853 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2854 sprintf(new_dn, "cn=%s", user_name);
2855 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2856 NULL, NULL)) != LDAP_SUCCESS)
2858 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
2859 before_user_name, user_name, ldap_err2string(rc));
2863 name_v[0] = user_name;
2864 sprintf(upn, "%s@%s", user_name, ldap_domain);
2865 userPrincipalName_v[0] = upn;
2866 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2867 altSecurityIdentities_v[0] = temp;
2868 samAccountName_v[0] = user_name;
2871 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2872 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2873 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2874 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2876 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2877 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2879 com_err(whoami, 0, "Unable to modify user data for %s after renaming : %s",
2880 user_name, ldap_err2string(rc));
2882 for (i = 0; i < n; i++)
2887 int user_create(int ac, char **av, void *ptr)
2891 char user_name[256];
2894 char *cn_v[] = {NULL, NULL};
2895 char *objectClass_v[] = {"top", "person",
2896 "organizationalPerson",
2899 char *samAccountName_v[] = {NULL, NULL};
2900 char *altSecurityIdentities_v[] = {NULL, NULL};
2901 char *mitMoiraId_v[] = {NULL, NULL};
2902 char *name_v[] = {NULL, NULL};
2903 char *desc_v[] = {NULL, NULL};
2904 char *userPrincipalName_v[] = {NULL, NULL};
2905 char *userAccountControl_v[] = {NULL, NULL};
2906 char *uid_v[] = {NULL, NULL};
2907 char *mitid_v[] = {NULL, NULL};
2908 char *homedir_v[] = {NULL, NULL};
2909 char *winProfile_v[] = {NULL, NULL};
2910 char *drives_v[] = {NULL, NULL};
2911 char userAccountControlStr[80];
2913 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2919 char WinHomeDir[1024];
2920 char WinProfileDir[1024];
2924 if (!check_string(av[U_NAME]))
2926 callback_rc = AD_INVALID_NAME;
2927 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", av[U_NAME]);
2928 return(AD_INVALID_NAME);
2931 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
2932 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
2933 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
2934 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
2935 strcpy(user_name, av[U_NAME]);
2936 sprintf(upn, "%s@%s", user_name, ldap_domain);
2937 sprintf(sam_name, "%s", av[U_NAME]);
2938 samAccountName_v[0] = sam_name;
2939 if ((atoi(av[U_STATE]) != US_NO_PASSWD) && (atoi(av[U_STATE]) != US_REGISTERED))
2940 userAccountControl |= UF_ACCOUNTDISABLE;
2941 sprintf(userAccountControlStr, "%ld", userAccountControl);
2942 userAccountControl_v[0] = userAccountControlStr;
2943 userPrincipalName_v[0] = upn;
2945 cn_v[0] = user_name;
2946 name_v[0] = user_name;
2947 desc_v[0] = "Auto account created by Moira";
2948 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2949 altSecurityIdentities_v[0] = temp;
2950 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2953 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2954 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2955 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2956 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2957 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2958 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2959 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2960 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2961 if (strlen(call_args[2]) != 0)
2963 mitMoiraId_v[0] = call_args[2];
2964 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2966 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2967 if (strlen(av[U_UID]) != 0)
2969 uid_v[0] = av[U_UID];
2970 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2973 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2977 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
2980 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
2981 mitid_v[0] = av[U_MITID];
2983 mitid_v[0] = "none";
2984 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2986 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn, WinHomeDir,
2987 WinProfileDir, homedir_v, winProfile_v,
2988 drives_v, mods, LDAP_MOD_ADD, n);
2992 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2993 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2995 OldUseSFU30 = UseSFU30;
2996 SwitchSFU(mods, &UseSFU30, n);
2997 if (OldUseSFU30 != UseSFU30)
2998 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
3001 for (i = 0; i < n; i++)
3003 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3005 com_err(whoami, 0, "Unable to create user %s : %s",
3006 user_name, ldap_err2string(rc));
3010 if (rc == LDAP_SUCCESS)
3012 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3014 ad_kdc_disconnect();
3016 if (!ad_server_connect(default_server, ldap_domain))
3018 com_err(whoami, 0, "Unable to set password for user %s : %s",
3019 user_name, "cannot get changepw ticket from windows domain");
3023 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
3025 com_err(whoami, 0, "Unable to set password for user %s : %ld",
3034 int user_change_status(LDAP *ldap_handle, char *dn_path,
3035 char *user_name, char *MoiraId,
3039 char *attr_array[3];
3041 char distinguished_name[1024];
3043 char *mitMoiraId_v[] = {NULL, NULL};
3045 LK_ENTRY *group_base;
3052 if (!check_string(user_name))
3054 com_err(whoami, 0, "Unable to process invalid LDAP user name %s", user_name);
3055 return(AD_INVALID_NAME);
3061 if (strlen(MoiraId) != 0)
3063 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3064 attr_array[0] = "UserAccountControl";
3065 attr_array[1] = NULL;
3066 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3067 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3069 com_err(whoami, 0, "Unable to process user %s : %s",
3070 user_name, ldap_err2string(rc));
3074 if (group_count != 1)
3076 linklist_free(group_base);
3079 sprintf(filter, "(sAMAccountName=%s)", user_name);
3080 attr_array[0] = "UserAccountControl";
3081 attr_array[1] = NULL;
3082 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3083 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3085 com_err(whoami, 0, "Unable to process user %s : %s",
3086 user_name, ldap_err2string(rc));
3091 if (group_count != 1)
3093 linklist_free(group_base);
3094 com_err(whoami, 0, "Unable to find user %s in AD",
3096 return(LDAP_NO_SUCH_OBJECT);
3099 strcpy(distinguished_name, group_base->dn);
3100 ulongValue = atoi((*group_base).value);
3101 if (operation == MEMBER_DEACTIVATE)
3102 ulongValue |= UF_ACCOUNTDISABLE;
3104 ulongValue &= ~UF_ACCOUNTDISABLE;
3105 sprintf(temp, "%ld", ulongValue);
3106 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
3107 temp, &modvalues, REPLACE)) == 1)
3109 linklist_free(group_base);
3113 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
3114 if (strlen(MoiraId) != 0)
3116 mitMoiraId_v[0] = MoiraId;
3117 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
3120 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3121 for (i = 0; i < n; i++)
3123 free_values(modvalues);
3124 if (rc != LDAP_SUCCESS)
3126 com_err(whoami, 0, "Unable to change status of user %s : %s",
3127 user_name, ldap_err2string(rc));
3133 int user_delete(LDAP *ldap_handle, char *dn_path,
3134 char *u_name, char *MoiraId)
3137 char *attr_array[3];
3138 char distinguished_name[1024];
3139 char user_name[512];
3140 LK_ENTRY *group_base;
3144 if (!check_string(u_name))
3145 return(AD_INVALID_NAME);
3147 strcpy(user_name, u_name);
3151 if (strlen(MoiraId) != 0)
3153 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3154 attr_array[0] = "name";
3155 attr_array[1] = NULL;
3156 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3157 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3159 com_err(whoami, 0, "Unable to process user %s : %s",
3160 user_name, ldap_err2string(rc));
3164 if (group_count != 1)
3166 linklist_free(group_base);
3169 sprintf(filter, "(sAMAccountName=%s)", user_name);
3170 attr_array[0] = "name";
3171 attr_array[1] = NULL;
3172 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3173 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3175 com_err(whoami, 0, "Unable to process user %s : %s",
3176 user_name, ldap_err2string(rc));
3181 if (group_count != 1)
3183 com_err(whoami, 0, "Unable to find user %s in AD",
3188 strcpy(distinguished_name, group_base->dn);
3189 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
3191 com_err(whoami, 0, "Unable to process user %s : %s",
3192 user_name, ldap_err2string(rc));
3196 linklist_free(group_base);
3200 void linklist_free(LK_ENTRY *linklist_base)
3202 LK_ENTRY *linklist_previous;
3204 while (linklist_base != NULL)
3206 if (linklist_base->dn != NULL)
3207 free(linklist_base->dn);
3208 if (linklist_base->attribute != NULL)
3209 free(linklist_base->attribute);
3210 if (linklist_base->value != NULL)
3211 free(linklist_base->value);
3212 if (linklist_base->member != NULL)
3213 free(linklist_base->member);
3214 if (linklist_base->type != NULL)
3215 free(linklist_base->type);
3216 if (linklist_base->list != NULL)
3217 free(linklist_base->list);
3218 linklist_previous = linklist_base;
3219 linklist_base = linklist_previous->next;
3220 free(linklist_previous);
3224 void free_values(char **modvalues)
3229 if (modvalues != NULL)
3231 while (modvalues[i] != NULL)
3234 modvalues[i] = NULL;
3241 static int illegalchars[] = {
3242 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
3243 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
3244 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
3245 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
3246 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
3247 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
3248 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
3249 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
3250 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3251 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3252 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3253 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3254 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3255 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3256 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3257 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
3260 int check_string(char *s)
3267 if (isupper(character))
3268 character = tolower(character);
3269 if (illegalchars[(unsigned) character])
3275 int check_container_name(char *s)
3282 if (isupper(character))
3283 character = tolower(character);
3285 if (character == ' ')
3287 if (illegalchars[(unsigned) character])
3293 int mr_connect_cl(char *server, char *client, int version, int auth)
3299 status = mr_connect(server);
3302 com_err(whoami, status, "while connecting to Moira");
3306 status = mr_motd(&motd);
3310 com_err(whoami, status, "while checking server status");
3315 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
3316 com_err(whoami, status, temp);
3321 status = mr_version(version);
3324 if (status == MR_UNKNOWN_PROC)
3327 status = MR_VERSION_HIGH;
3329 status = MR_SUCCESS;
3332 if (status == MR_VERSION_HIGH)
3334 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
3335 com_err(whoami, 0, "Some operations may not work.");
3337 else if (status && status != MR_VERSION_LOW)
3339 com_err(whoami, status, "while setting query version number.");
3347 status = mr_krb5_auth(client);
3350 com_err(whoami, status, "while authenticating to Moira.");
3359 void AfsToWinAfs(char* path, char* winPath)
3363 strcpy(winPath, WINAFS);
3364 pathPtr = path + strlen(AFS);
3365 winPathPtr = winPath + strlen(WINAFS);
3369 if (*pathPtr == '/')
3372 *winPathPtr = *pathPtr;
3379 int GetAceInfo(int ac, char **av, void *ptr)
3386 strcpy(call_args[0], av[L_ACE_TYPE]);
3387 strcpy(call_args[1], av[L_ACE_NAME]);
3389 get_group_membership(call_args[2], call_args[3], &security_flag, av);
3390 return(LDAP_SUCCESS);
3394 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
3397 char *attr_array[3];
3400 LK_ENTRY *group_base;
3405 sprintf(filter, "(sAMAccountName=%s)", Name);
3406 attr_array[0] = "sAMAccountName";
3407 attr_array[1] = NULL;
3408 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3409 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3411 com_err(whoami, 0, "Unable to process ACE name %s : %s",
3412 Name, ldap_err2string(rc));
3416 linklist_free(group_base);
3418 if (group_count == 0)
3425 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type, int UpdateGroup, int *ProcessGroup)
3428 char GroupName[256];
3434 char AceMembership[2];
3438 strcpy(GroupName, Name);
3440 if (strcasecmp(Type, "LIST"))
3445 AceInfo[0] = AceType;
3446 AceInfo[1] = AceName;
3447 AceInfo[2] = AceMembership;
3449 memset(AceType, '\0', sizeof(AceType));
3450 memset(AceName, '\0', sizeof(AceName));
3451 memset(AceMembership, '\0', sizeof(AceMembership));
3452 memset(AceOu, '\0', sizeof(AceOu));
3454 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
3456 com_err(whoami, 0, "Unable to get ACE info for list %s : %s", GroupName, error_message(rc));
3461 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
3464 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
3466 strcpy(temp, AceName);
3467 if (!strcasecmp(AceType, "LIST"))
3468 sprintf(temp, "%s_group", AceName);
3471 if (checkADname(ldap_handle, dn_path, temp))
3473 (*ProcessGroup) = 1;
3475 if (!strcasecmp(AceInfo[0], "LIST"))
3477 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, AceMembership, 0, UpdateGroup))
3480 else if (!strcasecmp(AceInfo[0], "USER"))
3483 call_args[0] = (char *)ldap_handle;
3484 call_args[1] = dn_path;
3486 call_args[3] = NULL;
3488 if (rc = mr_query("get_user_account_by_login", 1, av, user_create, call_args))
3490 com_err(whoami, 0, "Unable to process user ACE %s for group %s.", AceName, Name);
3495 com_err(whoami, 0, "Unable to process user Ace %s for group %s", AceName, Name);
3502 if (!strcasecmp(AceType, "LIST"))
3504 if (!strcasecmp(GroupName, AceName))
3507 strcpy(GroupName, AceName);
3512 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3513 char *group_name, char *group_ou, char *group_membership,
3514 int group_security_flag, int updateGroup)
3521 call_args[0] = (char *)ldap_handle;
3522 call_args[1] = dn_path;
3523 call_args[2] = group_name;
3524 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3525 call_args[4] = (char *)updateGroup;
3526 call_args[5] = MoiraId;
3527 call_args[6] = NULL;
3529 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3532 com_err(whoami, 0, "Unable to create list %s : %s", group_name, error_message(rc));
3538 com_err(whoami, 0, "Unable to create list %s", group_name);
3539 return(callback_rc);
3545 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
3546 char *group_ou, char *group_membership,
3547 int group_security_flag, char *MoiraId)
3555 com_err(whoami, 0, "Populating group %s", group_name);
3557 call_args[0] = (char *)ldap_handle;
3558 call_args[1] = dn_path;
3559 call_args[2] = group_name;
3560 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3561 call_args[4] = NULL;
3563 if (rc = mr_query("get_end_members_of_list", 1, av,
3564 member_list_build, call_args))
3566 com_err(whoami, 0, "Unable to populate list %s : %s",
3567 group_name, error_message(rc));
3570 if (member_base != NULL)
3575 if (!strcasecmp(ptr->type, "LIST"))
3581 if (!strcasecmp(ptr->type, "STRING"))
3583 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
3585 pUserOu = contact_ou;
3587 else if (!strcasecmp(ptr->type, "KERBEROS"))
3589 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
3591 pUserOu = kerberos_ou;
3593 rc = member_add(ldap_handle, dn_path, group_name,
3594 group_ou, group_membership, ptr->member,
3598 linklist_free(member_base);
3604 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
3605 char *group_name, char *group_ou, char *group_membership,
3606 int group_security_flag, int type)
3608 char before_desc[512];
3609 char before_name[256];
3610 char before_group_ou[256];
3611 char before_group_membership[2];
3612 char distinguishedName[256];
3613 char ad_distinguishedName[256];
3615 char *attr_array[3];
3616 int before_security_flag;
3619 LK_ENTRY *group_base;
3622 char ou_security[512];
3623 char ou_distribution[512];
3624 char ou_neither[512];
3626 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
3627 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
3630 memset(filter, '\0', sizeof(filter));
3633 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3635 "distinguishedName", &group_base,
3636 &group_count, filter))
3639 if (type == CHECK_GROUPS)
3641 if (group_count == 1)
3643 if (!strcasecmp(group_base->value, distinguishedName))
3645 linklist_free(group_base);
3649 linklist_free(group_base);
3650 if (group_count == 0)
3651 return(AD_NO_GROUPS_FOUND);
3652 if (group_count == 1)
3653 return(AD_WRONG_GROUP_DN_FOUND);
3654 return(AD_MULTIPLE_GROUPS_FOUND);
3656 if (group_count == 0)
3658 return(AD_NO_GROUPS_FOUND);
3660 if (group_count > 1)
3665 if (!strcasecmp(distinguishedName, ptr->value))
3671 com_err(whoami, 0, "%d groups with moira id = %s", group_count, MoiraId);
3675 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
3678 linklist_free(group_base);
3679 return(AD_MULTIPLE_GROUPS_FOUND);
3684 if (strcasecmp(distinguishedName, ptr->value))
3685 rc = ldap_delete_s(ldap_handle, ptr->value);
3688 linklist_free(group_base);
3689 memset(filter, '\0', sizeof(filter));
3692 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3694 "distinguishedName", &group_base,
3695 &group_count, filter))
3697 if (group_count == 0)
3698 return(AD_NO_GROUPS_FOUND);
3699 if (group_count > 1)
3700 return(AD_MULTIPLE_GROUPS_FOUND);
3703 strcpy(ad_distinguishedName, group_base->value);
3704 linklist_free(group_base);
3708 attr_array[0] = "sAMAccountName";
3709 attr_array[1] = NULL;
3710 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3711 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3713 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3714 MoiraId, ldap_err2string(rc));
3717 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
3719 if (!strcasecmp(ad_distinguishedName, distinguishedName))
3721 linklist_free(group_base);
3726 linklist_free(group_base);
3729 memset(ou_both, '\0', sizeof(ou_both));
3730 memset(ou_security, '\0', sizeof(ou_security));
3731 memset(ou_distribution, '\0', sizeof(ou_distribution));
3732 memset(ou_neither, '\0', sizeof(ou_neither));
3733 memset(before_name, '\0', sizeof(before_name));
3734 memset(before_desc, '\0', sizeof(before_desc));
3735 memset(before_group_membership, '\0', sizeof(before_group_membership));
3736 attr_array[0] = "name";
3737 attr_array[1] = NULL;
3738 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3739 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3741 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
3742 MoiraId, ldap_err2string(rc));
3745 strcpy(before_name, group_base->value);
3746 linklist_free(group_base);
3749 attr_array[0] = "description";
3750 attr_array[1] = NULL;
3751 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3752 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3755 "Unable to get list description with MoiraId = %s: %s",
3756 MoiraId, ldap_err2string(rc));
3759 if (group_count != 0)
3761 strcpy(before_desc, group_base->value);
3762 linklist_free(group_base);
3766 change_to_lower_case(ad_distinguishedName);
3767 strcpy(ou_both, group_ou_both);
3768 change_to_lower_case(ou_both);
3769 strcpy(ou_security, group_ou_security);
3770 change_to_lower_case(ou_security);
3771 strcpy(ou_distribution, group_ou_distribution);
3772 change_to_lower_case(ou_distribution);
3773 strcpy(ou_neither, group_ou_neither);
3774 change_to_lower_case(ou_neither);
3775 if (strstr(ad_distinguishedName, ou_both))
3777 strcpy(before_group_ou, group_ou_both);
3778 before_group_membership[0] = 'B';
3779 before_security_flag = 1;
3781 else if (strstr(ad_distinguishedName, ou_security))
3783 strcpy(before_group_ou, group_ou_security);
3784 before_group_membership[0] = 'S';
3785 before_security_flag = 1;
3787 else if (strstr(ad_distinguishedName, ou_distribution))
3789 strcpy(before_group_ou, group_ou_distribution);
3790 before_group_membership[0] = 'D';
3791 before_security_flag = 0;
3793 else if (strstr(ad_distinguishedName, ou_neither))
3795 strcpy(before_group_ou, group_ou_neither);
3796 before_group_membership[0] = 'N';
3797 before_security_flag = 0;
3800 return(AD_NO_OU_FOUND);
3801 rc = group_rename(ldap_handle, dn_path, before_name, before_group_membership,
3802 before_group_ou, before_security_flag, before_desc,
3803 group_name, group_membership, group_ou, group_security_flag,
3804 before_desc, MoiraId, filter);
3808 void change_to_lower_case(char *ptr)
3812 for (i = 0; i < (int)strlen(ptr); i++)
3814 ptr[i] = tolower(ptr[i]);
3818 int ad_get_group(LDAP *ldap_handle, char *dn_path,
3819 char *group_name, char *group_membership,
3820 char *MoiraId, char *attribute,
3821 LK_ENTRY **linklist_base, int *linklist_count,
3826 char *attr_array[3];
3829 (*linklist_base) = NULL;
3830 (*linklist_count) = 0;
3831 if (strlen(rFilter) != 0)
3833 strcpy(filter, rFilter);
3834 attr_array[0] = attribute;
3835 attr_array[1] = NULL;
3836 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3837 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3839 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3840 MoiraId, ldap_err2string(rc));
3843 if ((*linklist_count) == 1)
3845 strcpy(rFilter, filter);
3850 linklist_free((*linklist_base));
3851 (*linklist_base) = NULL;
3852 (*linklist_count) = 0;
3853 if (strlen(MoiraId) != 0)
3855 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
3856 attr_array[0] = attribute;
3857 attr_array[1] = NULL;
3858 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3859 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3861 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3862 MoiraId, ldap_err2string(rc));
3866 if ((*linklist_count) > 1)
3868 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
3869 pPtr = (*linklist_base);
3872 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value, MoiraId);
3875 linklist_free((*linklist_base));
3876 (*linklist_base) = NULL;
3877 (*linklist_count) = 0;
3879 if ((*linklist_count) == 1)
3881 if (!memcmp(&(*linklist_base)->value[3], group_name, strlen(group_name)))
3883 strcpy(rFilter, filter);
3888 linklist_free((*linklist_base));
3889 (*linklist_base) = NULL;
3890 (*linklist_count) = 0;
3891 sprintf(filter, "(sAMAccountName=%s_group)", group_name);
3892 attr_array[0] = attribute;
3893 attr_array[1] = NULL;
3894 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3895 linklist_base, linklist_count, LDAP_SCOPE_SUBTREE)) != 0)
3897 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
3898 MoiraId, ldap_err2string(rc));
3901 if ((*linklist_count) == 1)
3903 strcpy(rFilter, filter);
3910 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
3913 char *attr_array[3];
3914 char SamAccountName[64];
3917 LK_ENTRY *group_base;
3923 if (strlen(MoiraId) != 0)
3925 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
3926 attr_array[0] = "sAMAccountName";
3927 attr_array[1] = NULL;
3928 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3929 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3931 com_err(whoami, 0, "Unable to process user %s : %s",
3932 UserName, ldap_err2string(rc));
3935 if (group_count > 1)
3937 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
3942 com_err(whoami, 0, "user %s exist with MoiraId = %s",
3943 gPtr->value, MoiraId);
3948 if (group_count != 1)
3950 linklist_free(group_base);
3953 sprintf(filter, "(sAMAccountName=%s)", UserName);
3954 attr_array[0] = "sAMAccountName";
3955 attr_array[1] = NULL;
3956 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3957 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
3959 com_err(whoami, 0, "Unable to process user %s : %s",
3960 UserName, ldap_err2string(rc));
3965 if (group_count != 1)
3967 linklist_free(group_base);
3968 return(AD_NO_USER_FOUND);
3970 strcpy(SamAccountName, group_base->value);
3971 linklist_free(group_base);
3974 if (strcmp(SamAccountName, UserName))
3976 rc = user_rename(ldap_handle, dn_path, SamAccountName,
3982 void container_get_dn(char *src, char *dest)
3989 memset(array, '\0', 20 * sizeof(array[0]));
3991 if (strlen(src) == 0)
4010 strcpy(dest, "OU=");
4013 strcat(dest, array[n-1]);
4017 strcat(dest, ",OU=");
4023 void container_get_name(char *src, char *dest)
4028 if (strlen(src) == 0)
4045 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
4052 strcpy(cName, name);
4053 for (i = 0; i < (int)strlen(cName); i++)
4055 if (cName[i] == '/')
4058 av[CONTAINER_NAME] = cName;
4059 av[CONTAINER_DESC] = "";
4060 av[CONTAINER_LOCATION] = "";
4061 av[CONTAINER_CONTACT] = "";
4062 av[CONTAINER_TYPE] = "";
4063 av[CONTAINER_ID] = "";
4064 av[CONTAINER_ROWID] = "";
4065 rc = container_create(ldap_handle, dn_path, 7, av);
4066 if (rc == LDAP_SUCCESS)
4068 com_err(whoami, 0, "container %s created without a mitMoiraId", cName);
4076 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4077 int afterc, char **after)
4082 char new_dn_path[256];
4084 char distinguishedName[256];
4089 memset(cName, '\0', sizeof(cName));
4090 container_get_name(after[CONTAINER_NAME], cName);
4091 if (!check_container_name(cName))
4093 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4094 return(AD_INVALID_NAME);
4097 memset(distinguishedName, '\0', sizeof(distinguishedName));
4098 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, beforec, before))
4100 if (strlen(distinguishedName) == 0)
4102 rc = container_create(ldap_handle, dn_path, afterc, after);
4106 strcpy(temp, after[CONTAINER_NAME]);
4108 for (i = 0; i < (int)strlen(temp); i++)
4117 container_get_dn(temp, dName);
4118 if (strlen(temp) != 0)
4119 sprintf(new_dn_path, "%s,%s", dName, dn_path);
4121 sprintf(new_dn_path, "%s", dn_path);
4122 sprintf(new_cn, "OU=%s", cName);
4124 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4126 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
4127 TRUE, NULL, NULL)) != LDAP_SUCCESS)
4129 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
4130 before[CONTAINER_NAME], after[CONTAINER_NAME], ldap_err2string(rc));
4134 memset(dName, '\0', sizeof(dName));
4135 container_get_dn(after[CONTAINER_NAME], dName);
4136 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
4140 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
4142 char distinguishedName[256];
4145 memset(distinguishedName, '\0', sizeof(distinguishedName));
4146 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, count, av))
4148 if (strlen(distinguishedName) == 0)
4150 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
4152 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
4153 container_move_objects(ldap_handle, dn_path, distinguishedName);
4155 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
4156 av[CONTAINER_NAME], ldap_err2string(rc));
4161 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
4163 char *attr_array[3];
4164 LK_ENTRY *group_base;
4167 char *objectClass_v[] = {"top",
4168 "organizationalUnit",
4171 char *ou_v[] = {NULL, NULL};
4172 char *name_v[] = {NULL, NULL};
4173 char *moiraId_v[] = {NULL, NULL};
4174 char *desc_v[] = {NULL, NULL};
4175 char *managedBy_v[] = {NULL, NULL};
4178 char managedByDN[256];
4185 memset(filter, '\0', sizeof(filter));
4186 memset(dName, '\0', sizeof(dName));
4187 memset(cName, '\0', sizeof(cName));
4188 memset(managedByDN, '\0', sizeof(managedByDN));
4189 container_get_dn(av[CONTAINER_NAME], dName);
4190 container_get_name(av[CONTAINER_NAME], cName);
4192 if ((strlen(cName) == 0) || (strlen(dName) == 0))
4194 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4195 return(AD_INVALID_NAME);
4198 if (!check_container_name(cName))
4200 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4201 return(AD_INVALID_NAME);
4205 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4207 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4209 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
4210 if (strlen(av[CONTAINER_ROWID]) != 0)
4212 moiraId_v[0] = av[CONTAINER_ROWID];
4213 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
4215 if (strlen(av[CONTAINER_DESC]) != 0)
4217 desc_v[0] = av[CONTAINER_DESC];
4218 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4220 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4222 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4224 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4226 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou,dn_path);
4227 managedBy_v[0] = managedByDN;
4228 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4233 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4235 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4237 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4239 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4241 if (strlen(filter) != 0)
4243 attr_array[0] = "distinguishedName";
4244 attr_array[1] = NULL;
4247 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4248 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4250 if (group_count == 1)
4252 strcpy(managedByDN, group_base->value);
4253 managedBy_v[0] = managedByDN;
4254 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
4256 linklist_free(group_base);
4265 sprintf(temp, "%s,%s", dName, dn_path);
4266 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
4267 for (i = 0; i < n; i++)
4269 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4271 com_err(whoami, 0, "Unable to create container %s : %s",
4272 cName, ldap_err2string(rc));
4275 if (rc == LDAP_ALREADY_EXISTS)
4277 if (strlen(av[CONTAINER_ROWID]) != 0)
4278 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
4283 int container_update(LDAP *ldap_handle, char *dn_path, int beforec, char **before,
4284 int afterc, char **after)
4286 char distinguishedName[256];
4289 memset(distinguishedName, '\0', sizeof(distinguishedName));
4290 if (rc = container_get_distinguishedName(ldap_handle, dn_path, distinguishedName, afterc, after))
4292 if (strlen(distinguishedName) == 0)
4294 rc = container_create(ldap_handle, dn_path, afterc, after);
4298 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
4299 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc, after);
4304 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path, char *distinguishedName, int count, char **av)
4306 char *attr_array[3];
4307 LK_ENTRY *group_base;
4314 memset(filter, '\0', sizeof(filter));
4315 memset(dName, '\0', sizeof(dName));
4316 memset(cName, '\0', sizeof(cName));
4317 container_get_dn(av[CONTAINER_NAME], dName);
4318 container_get_name(av[CONTAINER_NAME], cName);
4320 if (strlen(dName) == 0)
4322 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", av[CONTAINER_NAME]);
4323 return(AD_INVALID_NAME);
4326 if (!check_container_name(cName))
4328 com_err(whoami, 0, "Unable to process invalid LDAP container name %s", cName);
4329 return(AD_INVALID_NAME);
4332 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4333 attr_array[0] = "distinguishedName";
4334 attr_array[1] = NULL;
4337 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4338 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4340 if (group_count == 1)
4342 strcpy(distinguishedName, group_base->value);
4344 linklist_free(group_base);
4348 if (strlen(distinguishedName) == 0)
4350 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s,%s))", dName, dn_path);
4351 attr_array[0] = "distinguishedName";
4352 attr_array[1] = NULL;
4355 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4356 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4358 if (group_count == 1)
4360 strcpy(distinguishedName, group_base->value);
4362 linklist_free(group_base);
4370 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
4371 char *distinguishedName, int count, char **av)
4373 char *attr_array[5];
4374 LK_ENTRY *group_base;
4379 char *moiraId_v[] = {NULL, NULL};
4380 char *desc_v[] = {NULL, NULL};
4381 char *managedBy_v[] = {NULL, NULL};
4382 char managedByDN[256];
4391 strcpy(ad_path, distinguishedName);
4392 if (strlen(dName) != 0)
4393 sprintf(ad_path, "%s,%s", dName, dn_path);
4395 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))", ad_path);
4396 if (strlen(av[CONTAINER_ID]) != 0)
4397 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))", av[CONTAINER_ROWID]);
4398 attr_array[0] = "mitMoiraId";
4399 attr_array[1] = "description";
4400 attr_array[2] = "managedBy";
4401 attr_array[3] = NULL;
4404 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4405 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4407 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
4408 av[CONTAINER_NAME], ldap_err2string(rc));
4411 memset(managedByDN, '\0', sizeof(managedByDN));
4412 memset(moiraId, '\0', sizeof(moiraId));
4413 memset(desc, '\0', sizeof(desc));
4417 if (!strcasecmp(pPtr->attribute, "description"))
4418 strcpy(desc, pPtr->value);
4419 else if (!strcasecmp(pPtr->attribute, "managedBy"))
4420 strcpy(managedByDN, pPtr->value);
4421 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
4422 strcpy(moiraId, pPtr->value);
4425 linklist_free(group_base);
4430 if (strlen(av[CONTAINER_ROWID]) != 0)
4432 moiraId_v[0] = av[CONTAINER_ROWID];
4433 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
4435 if (strlen(av[CONTAINER_DESC]) != 0)
4437 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description", dName);
4441 if (strlen(desc) != 0)
4443 attribute_update(ldap_handle, ad_path, "", "description", dName);
4446 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
4448 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
4450 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID], kerberos_ou))
4452 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID], kerberos_ou, dn_path);
4453 managedBy_v[0] = managedByDN;
4454 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4458 if (strlen(managedByDN) != 0)
4460 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4466 memset(filter, '\0', sizeof(filter));
4467 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
4469 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)(objectClass=user)))", av[CONTAINER_ID]);
4471 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
4473 sprintf(filter, "(&(objectClass=group)(cn=%s))", av[CONTAINER_ID]);
4475 if (strlen(filter) != 0)
4477 attr_array[0] = "distinguishedName";
4478 attr_array[1] = NULL;
4481 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4482 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
4484 if (group_count == 1)
4486 strcpy(managedByDN, group_base->value);
4487 managedBy_v[0] = managedByDN;
4488 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
4492 if (strlen(managedByDN) != 0)
4494 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4497 linklist_free(group_base);
4504 if (strlen(managedByDN) != 0)
4506 attribute_update(ldap_handle, ad_path, "", "managedBy", dName);
4513 return(LDAP_SUCCESS);
4515 rc = ldap_modify_s(ldap_handle, ad_path, mods);
4516 for (i = 0; i < n; i++)
4518 if (rc != LDAP_SUCCESS)
4520 com_err(whoami, 0, "Unable to modify container info for %s : %s",
4521 av[CONTAINER_NAME], ldap_err2string(rc));
4527 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
4529 char *attr_array[3];
4530 LK_ENTRY *group_base;
4537 int NumberOfEntries = 10;
4541 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
4543 for (i = 0; i < 3; i++)
4545 memset(filter, '\0', sizeof(filter));
4548 strcpy(filter, "(!(|(objectClass=computer)(objectClass=organizationalUnit)))");
4549 attr_array[0] = "cn";
4550 attr_array[1] = NULL;
4554 strcpy(filter, "(objectClass=computer)");
4555 attr_array[0] = "cn";
4556 attr_array[1] = NULL;
4560 strcpy(filter, "(objectClass=organizationalUnit)");
4561 attr_array[0] = "ou";
4562 attr_array[1] = NULL;
4567 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
4568 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
4572 if (group_count == 0)
4577 if (!strcasecmp(pPtr->attribute, "cn"))
4579 sprintf(new_cn, "cn=%s", pPtr->value);
4581 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
4583 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
4587 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
4589 if (rc == LDAP_ALREADY_EXISTS)
4591 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
4598 else if (!strcasecmp(pPtr->attribute, "ou"))
4600 rc = ldap_delete_s(ldap_handle, pPtr->dn);
4604 linklist_free(group_base);
4612 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member, char *machine_ou, char *NewMachineName)
4614 LK_ENTRY *group_base;
4618 char *attr_array[3];
4625 strcpy(NewMachineName, member);
4626 rc = moira_connect();
4627 rc = GetMachineName(NewMachineName);
4629 if (strlen(NewMachineName) == 0)
4631 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", member);
4636 pPtr = strchr(NewMachineName, '.');
4642 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
4643 attr_array[0] = "cn";
4644 attr_array[1] = NULL;
4645 sprintf(temp, "%s", dn_path);
4646 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4647 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4649 com_err(whoami, 0, "Unable to process machine %s : %s",
4650 member, ldap_err2string(rc));
4653 if (group_count != 1)
4655 com_err(whoami, 0, "Unable to process machine %s : machine not found in AD",
4659 strcpy(dn, group_base->dn);
4660 strcpy(cn, group_base->value);
4661 for (i = 0; i < (int)strlen(dn); i++)
4662 dn[i] = tolower(dn[i]);
4663 for (i = 0; i < (int)strlen(cn); i++)
4664 cn[i] = tolower(cn[i]);
4665 linklist_free(group_base);
4667 pPtr = strstr(dn, cn);
4670 com_err(whoami, 0, "Unable to process machine %s",
4674 pPtr += strlen(cn) + 1;
4675 strcpy(machine_ou, pPtr);
4677 pPtr = strstr(machine_ou, "dc=");
4680 com_err(whoami, 0, "Unable to process machine %s",
4689 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path, char *MoiraMachineName, char *DestinationOu)
4694 char MachineName[128];
4696 char *attr_array[3];
4701 LK_ENTRY *group_base;
4706 strcpy(MachineName, MoiraMachineName);
4707 rc = GetMachineName(MachineName);
4708 if (strlen(MachineName) == 0)
4710 com_err(whoami, 0, "Unable to find alais for machine %s in Moira", MoiraMachineName);
4714 cPtr = strchr(MachineName, '.');
4717 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
4718 attr_array[0] = "sAMAccountName";
4719 attr_array[1] = NULL;
4720 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array, &group_base,
4721 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
4723 com_err(whoami, 0, "Unable to process machine %s : %s",
4724 MoiraMachineName, ldap_err2string(rc));
4728 if (group_count == 1)
4729 strcpy(OldDn, group_base->dn);
4730 linklist_free(group_base);
4732 if (group_count != 1)
4734 com_err(whoami, 0, "Unable to find machine %s in AD: %s", MoiraMachineName);
4737 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
4738 cPtr = strchr(OldDn, ',');
4742 if (!strcasecmp(cPtr, NewOu))
4745 sprintf(NewCn, "CN=%s", MachineName);
4746 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
4750 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
4756 memset(Name, '\0', sizeof(Name));
4757 strcpy(Name, machine_name);
4759 pPtr = strchr(Name, '.');
4763 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
4766 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path, char *machine_name, char *container_name)
4772 av[0] = machine_name;
4773 call_args[0] = (char *)container_name;
4774 rc = mr_query("get_machine_to_container_map", 1, av, machine_GetMoiraContainer,
4779 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
4784 strcpy(call_args[0], av[1]);
4788 int Moira_container_group_create(char **after)
4794 memset(GroupName, '\0', sizeof(GroupName));
4795 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
4796 after[CONTAINER_ROWID]);
4800 argv[L_NAME] = GroupName;
4801 argv[L_ACTIVE] = "1";
4802 argv[L_PUBLIC] = "0";
4803 argv[L_HIDDEN] = "0";
4804 argv[L_MAILLIST] = "0";
4805 argv[L_GROUP] = "1";
4806 argv[L_GID] = UNIQUE_GID;
4807 argv[L_NFSGROUP] = "0";
4808 argv[L_MAILMAN] = "0";
4809 argv[L_MAILMAN_SERVER] = "[NONE]";
4810 argv[L_DESC] = "auto created container group";
4811 argv[L_ACE_TYPE] = "USER";
4812 argv[L_MEMACE_TYPE] = "USER";
4813 argv[L_ACE_NAME] = "sms";
4814 argv[L_MEMACE_NAME] = "sms";
4816 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
4818 com_err(whoami, 0, "Unable to create container group %s for container %s: %s",
4819 GroupName, after[CONTAINER_NAME], error_message(rc));
4822 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
4823 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
4828 int Moira_container_group_update(char **before, char **after)
4831 char BeforeGroupName[64];
4832 char AfterGroupName[64];
4835 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
4838 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
4839 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
4840 if (strlen(BeforeGroupName) == 0)
4843 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
4844 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
4845 after[CONTAINER_ROWID]);
4849 if (strcasecmp(BeforeGroupName, AfterGroupName))
4851 argv[L_NAME] = BeforeGroupName;
4852 argv[L_NAME + 1] = AfterGroupName;
4853 argv[L_ACTIVE + 1] = "1";
4854 argv[L_PUBLIC + 1] = "0";
4855 argv[L_HIDDEN + 1] = "0";
4856 argv[L_MAILLIST + 1] = "0";
4857 argv[L_GROUP + 1] = "1";
4858 argv[L_GID + 1] = UNIQUE_GID;
4859 argv[L_NFSGROUP + 1] = "0";
4860 argv[L_MAILMAN + 1] = "0";
4861 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
4862 argv[L_DESC + 1] = "auto created container group";
4863 argv[L_ACE_TYPE + 1] = "USER";
4864 argv[L_MEMACE_TYPE + 1] = "USER";
4865 argv[L_ACE_NAME + 1] = "sms";
4866 argv[L_MEMACE_NAME + 1] = "sms";
4868 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
4870 com_err(whoami, 0, "Unable to rename container group from %s to %s: %s",
4871 BeforeGroupName, AfterGroupName, error_message(rc));
4878 int Moira_container_group_delete(char **before)
4883 char ParentGroupName[64];
4885 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
4886 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
4888 memset(GroupName, '\0', sizeof(GroupName));
4889 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
4890 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
4892 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
4894 argv[0] = ParentGroupName;
4896 argv[2] = GroupName;
4897 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
4899 com_err(whoami, 0, "Unable to delete container group %s from list: %s",
4900 GroupName, ParentGroupName, error_message(rc));
4904 if (strlen(GroupName) != 0)
4906 argv[0] = GroupName;
4907 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
4909 com_err(whoami, 0, "Unable to delete container group %s : %s",
4910 GroupName, error_message(rc));
4917 int Moira_groupname_create(char *GroupName, char *ContainerName,
4918 char *ContainerRowID)
4923 char newGroupName[64];
4924 char tempGroupName[64];
4930 strcpy(temp, ContainerName);
4932 ptr1 = strrchr(temp, '/');
4937 ptr1 = strrchr(temp, '/');
4940 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
4943 strcpy(tempgname, ptr);
4946 strcpy(tempgname, temp);
4948 if (strlen(tempgname) > 25)
4949 tempgname[25] ='\0';
4951 sprintf(newGroupName, "cnt-%s", tempgname);
4953 /* change everything to lower case */
4958 *ptr = tolower(*ptr);
4964 strcpy(tempGroupName, newGroupName);
4966 /* append 0-9 then a-z if a duplicate is found */
4969 argv[0] = newGroupName;
4970 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
4972 if (rc == MR_NO_MATCH)
4974 com_err(whoami, 0, "Moira error while creating group name for container %s : %s",
4975 ContainerName, error_message(rc));
4978 sprintf(newGroupName, "%s-%c", tempGroupName, i);
4981 com_err(whoami, 0, "Unable to find a unique group name for container %s: too many duplicate container names",
4991 strcpy(GroupName, newGroupName);
4995 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
5000 argv[0] = origContainerName;
5001 argv[1] = GroupName;
5003 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
5005 com_err(whoami, 0, "Unable to set container group %s in container %s: %s",
5006 GroupName, origContainerName, error_message(rc));
5012 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
5014 char ContainerName[64];
5015 char ParentGroupName[64];
5019 strcpy(ContainerName, origContainerName);
5021 Moira_getGroupName(ContainerName, ParentGroupName, 1);
5022 /* top-level container */
5023 if (strlen(ParentGroupName) == 0)
5026 argv[0] = ParentGroupName;
5028 argv[2] = GroupName;
5029 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
5031 com_err(whoami, 0, "Unable to add container group %s to parent group %s: %s",
5032 GroupName, ParentGroupName, error_message(rc));
5037 int Moira_getContainerGroup(int ac, char **av, void *ptr)
5042 strcpy(call_args[0], av[1]);
5046 int Moira_getGroupName(char *origContainerName, char *GroupName,
5049 char ContainerName[64];
5055 strcpy(ContainerName, origContainerName);
5059 ptr = strrchr(ContainerName, '/');
5066 argv[0] = ContainerName;
5068 call_args[0] = GroupName;
5069 call_args[1] = NULL;
5071 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
5074 if (strlen(GroupName) != 0)
5079 com_err(whoami, 0, "Unable to get container group from container %s: %s",
5080 ContainerName, error_message(rc));
5082 com_err(whoami, 0, "Unable to get container group from container %s",
5087 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
5093 if (strcmp(GroupName, "[none]") == 0)
5096 argv[0] = GroupName;
5097 argv[1] = "MACHINE";
5098 argv[2] = MachineName;
5100 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5102 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
5105 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
5106 MachineName, GroupName, error_message(rc));
5111 int GetMachineName(char *MachineName)
5114 char NewMachineName[1024];
5121 // If the address happens to be in the top-level MIT domain, great!
5122 strcpy(NewMachineName, MachineName);
5123 for (i = 0; i < (int)strlen(NewMachineName); i++)
5124 NewMachineName[i] = toupper(NewMachineName[i]);
5125 szDot = strchr(NewMachineName,'.');
5126 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
5131 // If not, see if it has a Moira alias in the top-level MIT domain.
5132 memset(NewMachineName, '\0', sizeof(NewMachineName));
5134 args[1] = MachineName;
5135 call_args[0] = NewMachineName;
5136 call_args[1] = NULL;
5137 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
5139 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
5140 MachineName, error_message(rc));
5141 strcpy(MachineName, "");
5145 if (strlen(NewMachineName) != 0)
5146 strcpy(MachineName, NewMachineName);
5148 strcpy(MachineName, "");
5153 int ProcessMachineName(int ac, char **av, void *ptr)
5156 char MachineName[1024];
5161 if (strlen(call_args[0]) == 0)
5163 strcpy(MachineName, av[0]);
5164 for (i = 0; i < (int)strlen(MachineName); i++)
5165 MachineName[i] = toupper(MachineName[i]);
5166 szDot = strchr(MachineName,'.');
5167 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
5169 strcpy(call_args[0], MachineName);
5175 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
5181 for (i = 0; i < n; i++)
5183 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
5184 mods[i]->mod_type = "uidNumber";
5190 for (i = 0; i < n; i++)
5192 if (!strcmp(mods[i]->mod_type, "uidNumber"))
5193 mods[i]->mod_type = "msSFU30UidNumber";
5199 int SetHomeDirectory(LDAP *ldap_handle, char *user_name, char *DistinguishedName,
5200 char *WinHomeDir, char *WinProfileDir,
5201 char **homedir_v, char **winProfile_v,
5202 char **drives_v, LDAPMod **mods,
5210 char winProfile[1024];
5215 LDAPMod *DelMods[20];
5217 memset(homeDrive, '\0', sizeof(homeDrive));
5218 memset(path, '\0', sizeof(path));
5219 memset(winPath, '\0', sizeof(winPath));
5220 memset(winProfile, '\0', sizeof(winProfile));
5222 if ((!strcasecmp(WinHomeDir, "[afs]")) || (!strcasecmp(WinProfileDir, "[afs]")))
5224 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
5226 memset(cWeight, 0, sizeof(cWeight));
5227 memset(cPath, 0, sizeof(cPath));
5230 while (hp[i] != NULL)
5232 if (sscanf(hp[i], "%*s %s", cPath))
5234 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
5236 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
5238 if (atoi(cWeight) < last_weight)
5240 strcpy(path, cPath);
5241 last_weight = (int)atoi(cWeight);
5245 strcpy(path, cPath);
5252 if (!strnicmp(path, AFS, strlen(AFS)))
5254 AfsToWinAfs(path, winPath);
5255 strcpy(winProfile, winPath);
5256 strcat(winProfile, "\\.winprofile");
5264 if ((!strcasecmp(WinHomeDir, "[dfs]")) || (!strcasecmp(WinProfileDir, "[dfs]")))
5266 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain, user_name[0], user_name);
5267 if (!strcasecmp(WinProfileDir, "[dfs]"))
5269 strcpy(winProfile, path);
5270 strcat(winProfile, "\\.winprofile");
5272 if (!strcasecmp(WinHomeDir, "[dfs]"))
5273 strcpy(winPath, path);
5286 if (!strcasecmp(WinHomeDir, "[local]"))
5287 memset(winPath, '\0', sizeof(winPath));
5288 else if (!strcasecmp(WinHomeDir, "[afs]") || !strcasecmp(WinHomeDir, "[dfs]"))
5290 strcpy(homeDrive, "H:");
5294 strcpy(winPath, WinHomeDir);
5295 if (!strncmp(WinHomeDir, "\\\\", 2))
5297 strcpy(homeDrive, "H:");
5301 // nothing needs to be done if WinProfileDir is [afs].
5302 if (!strcasecmp(WinProfileDir, "[local]"))
5303 memset(winProfile, '\0', sizeof(winProfile));
5304 else if (strcasecmp(WinProfileDir, "[afs]") && strcasecmp(WinProfileDir, "[dfs]"))
5306 strcpy(winProfile, WinProfileDir);
5309 if (strlen(winProfile) != 0)
5311 if (winProfile[strlen(winProfile) - 1] == '\\')
5312 winProfile[strlen(winProfile) - 1] = '\0';
5314 if (strlen(winPath) != 0)
5316 if (winPath[strlen(winPath) - 1] == '\\')
5317 winPath[strlen(winPath) - 1] = '\0';
5320 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
5321 strcat(winProfile, "\\");
5322 if ((winPath[1] == ':') && (strlen(winPath) == 2))
5323 strcat(winPath, "\\");
5325 if (strlen(winPath) == 0)
5327 if (OpType == LDAP_MOD_REPLACE)
5330 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
5332 //unset homeDirectory attribute for user.
5333 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5339 homedir_v[0] = strdup(winPath);
5340 ADD_ATTR("homeDirectory", homedir_v, OpType);
5343 if (strlen(winProfile) == 0)
5345 if (OpType == LDAP_MOD_REPLACE)
5348 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
5350 //unset profilePate attribute for user.
5351 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5357 winProfile_v[0] = strdup(winProfile);
5358 ADD_ATTR("profilePath", winProfile_v, OpType);
5361 if (strlen(homeDrive) == 0)
5363 if (OpType == LDAP_MOD_REPLACE)
5366 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
5368 //unset homeDrive attribute for user
5369 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
5375 drives_v[0] = strdup(homeDrive);
5376 ADD_ATTR("homeDrive", drives_v, OpType);
5382 int GetServerList(char *ldap_domain, char **ServerList)
5390 int ServerListFound;
5391 char default_server[256];
5393 char *attr_array[3];
5397 LK_ENTRY *group_base;
5402 memset(default_server, '\0', sizeof(default_server));
5403 memset(dn_path, '\0', sizeof(dn_path));
5404 for (i = 0; i < MAX_SERVER_NAMES; i++)
5406 if (ServerList[i] != NULL)
5408 free(ServerList[i]);
5409 ServerList[i] = NULL;
5412 if (rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 0,
5415 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
5419 ServerListFound = 0;
5421 strcpy(filter, "(&(objectClass=rIDManager)(fSMORoleOwner=*))");
5422 attr_array[0] = "fSMORoleOwner";
5423 attr_array[1] = NULL;
5424 if (!(rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5425 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5427 if (group_count != 0)
5429 sPtr = strstr(group_base->value, ",CN=");
5432 sPtr += strlen(",CN=");
5433 if (ServerList[0] == NULL)
5434 ServerList[0] = calloc(1, 256);
5435 strcpy(ServerList[0], sPtr);
5436 sPtr = strstr(ServerList[0], ",");
5440 ServerListFound = 1;
5444 linklist_free(group_base);
5448 attr_array[0] = "cn";
5449 attr_array[1] = NULL;
5450 strcpy(filter, "(cn=*)");
5451 sprintf(base, "cn=Servers,cn=Default-First-Site-Name,cn=Sites,cn=Configuration,%s", dn_path);
5453 if (!(rc = linklist_build(ldap_handle, base, filter, attr_array,
5454 &group_base, &group_count, LDAP_SCOPE_ONELEVEL)) != 0)
5456 if (group_count != 0)
5459 while (gPtr != NULL)
5461 if (ServerListFound != 0)
5463 if (!strcasecmp(ServerList[0], gPtr->value))
5469 if (Count < MAX_SERVER_NAMES)
5471 if (ServerList[Count] == NULL)
5472 ServerList[Count] = calloc(1, 256);
5473 strcpy(ServerList[Count], gPtr->value);
5480 linklist_free(group_base);
5486 strcpy(filter, "(cn=msSFU-30-Uid-Number)");
5487 sprintf(base, "cn=schema,cn=configuration,%s", dn_path);
5489 if (!(rc = linklist_build(ldap_handle, base, filter, NULL,
5490 &group_base, &group_count, LDAP_SCOPE_SUBTREE)) != 0)
5492 if (group_count != 0)
5497 linklist_free(group_base);
5501 if ((fptr = fopen(WINADCFG, "w+")) != NULL)
5503 fprintf(fptr, "%s %s\n", DOMAIN, ldap_domain);
5504 if (strlen(PrincipalName) != 0)
5505 fprintf(fptr, "%s %s\n", PRINCIPALNAME, PrincipalName);
5507 fprintf(fptr, "%s %s\n", MSSFU, SFUTYPE);
5508 for (i = 0; i < MAX_SERVER_NAMES; i++)
5510 if (ServerList[i] != NULL)
5512 fprintf(fptr, "%s %s\n", SERVER, ServerList[i]);
5517 ldap_unbind_s(ldap_handle);
5519 for (i = 0; i < MAX_SERVER_NAMES; i++)
5521 if (ServerList[i] != NULL)
5523 if (ServerList[i][strlen(ServerList[i]) - 1] == '\n')
5524 ServerList[i][strlen(ServerList[i]) - 1] = '\0';
5525 strcat(ServerList[i], ".");
5526 strcat(ServerList[i], ldap_domain);
5527 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5528 ServerList[i][k] = toupper(ServerList[i][k]);
5535 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
5536 char *attribute_value, char *attribute, char *user_name)
5538 char *mod_v[] = {NULL, NULL};
5539 LDAPMod *DelMods[20];
5545 if (strlen(attribute_value) == 0)
5548 DEL_ATTR(attribute, LDAP_MOD_DELETE);
5550 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
5556 mod_v[0] = attribute_value;
5557 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
5559 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5563 mod_v[0] = attribute_value;
5564 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
5566 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
5568 com_err(whoami, 0, "Unable to change the %s attribute for %s in the AD : %s",
5569 attribute, user_name, ldap_err2string(rc));
5577 int tickets_get_k5()
5580 char KinitPath[128];
5583 static char EnvVar[128];
5584 static char EnvVar1[128];
5586 strcpy(EnvVar, KRB5CCNAME);
5587 retval = putenv(EnvVar);
5588 strcpy(EnvVar1, KRBTKFILE);
5589 retval = putenv(EnvVar1);
5591 for (i = 0; i < (int)strlen(PrincipalName); i++)
5592 PrincipalName[i] = tolower(PrincipalName[i]);
5593 if (strlen(PrincipalName) == 0)
5595 strcpy(PrincipalName, PRODUCTION_PRINCIPAL);
5596 if (strcasecmp(ldap_domain, PRIMARY_DOMAIN))
5597 strcpy(PrincipalName, TEST_PRINCIPAL);
5600 memset(KinitPath, '\0',sizeof(KinitPath));
5602 strcpy(KinitPath, "/usr/athena/bin/");
5604 sprintf(temp, "%skinit -k -t %s %s", KinitPath, KEYTABFILE, PrincipalName);
5605 retval = system(temp);
5614 if (tickets_get_k5())
5617 if (tickets_get_k5())
5619 critical_alert("AD incremental", "%s",
5620 "winad.incr incremental failed (unable to get kerberos tickets)");
5627 int destroy_cache(void)
5629 krb5_context context;
5635 if (!krb5_init_context(&context))
5637 if (!krb5_cc_default(context, &cache))
5638 rc = krb5_cc_destroy(context, cache);
5640 if (context != NULL)
5641 krb5_free_context(context);
5648 void StringTrim(char *StringToTrim)
5654 if (strlen(StringToTrim) == 0)
5657 cPtr = StringToTrim;
5658 while (isspace(*cPtr))
5663 if (strlen(temp) == 0)
5665 strcpy(StringToTrim, temp);
5673 if (!isspace(temp[i-1]))
5678 strcpy(StringToTrim, temp);
5682 void ReadConfigFile()
5693 if ((fptr = fopen(WINADCFG, "r")) != NULL)
5695 while (fgets(temp, sizeof(temp), fptr) != 0)
5697 for (i = 0; i < (int)strlen(temp); i++)
5698 temp[i] = toupper(temp[i]);
5699 if (temp[strlen(temp) - 1] == '\n')
5700 temp[strlen(temp) - 1] = '\0';
5702 if (strlen(temp) == 0)
5704 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
5706 if (strlen(temp) > (strlen(DOMAIN)))
5708 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
5709 StringTrim(ldap_domain);
5712 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
5714 if (strlen(temp) > (strlen(PRINCIPALNAME)))
5716 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
5717 StringTrim(PrincipalName);
5720 else if (!strncmp(temp, SERVER, strlen(SERVER)))
5722 if (strlen(temp) > (strlen(SERVER)))
5724 ServerList[Count] = calloc(1, 256);
5725 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
5726 StringTrim(ServerList[Count]);
5730 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
5732 if (strlen(temp) > (strlen(MSSFU)))
5734 strcpy(temp1, &temp[strlen(MSSFU)]);
5736 if (!strcmp(temp1, SFUTYPE))
5740 else if (!strcasecmp(temp, "NOCHANGE"))
5742 NoChangeConfigFile = 1;
5746 if (strlen(ldap_domain) != 0)
5748 memset(ldap_domain, '\0', sizeof(ldap_domain));
5751 if (strlen(temp) != 0)
5752 strcpy(ldap_domain, temp);
5758 if (strlen(ldap_domain) == 0)
5760 critical_alert("incremental", "%s",
5761 "winad.incr cannot run due to a configuration error in winad.cfg");
5766 for (i = 0; i < Count; i++)
5768 if (ServerList[i] != 0)
5770 strcat(ServerList[i], ".");
5771 strcat(ServerList[i], ldap_domain);
5772 for (k = 0; k < (int)strlen(ServerList[i]); k++)
5773 ServerList[i][k] = toupper(ServerList[i][k]);