2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define ADD_ATTR(t, v, o) \
356 mods[n] = malloc(sizeof(LDAPMod)); \
357 mods[n]->mod_op = o; \
358 mods[n]->mod_type = t; \
359 mods[n++]->mod_values = v
361 #define DEL_ATTR(t, o) \
362 DelMods[i] = malloc(sizeof(LDAPMod)); \
363 DelMods[i]->mod_op = o; \
364 DelMods[i]->mod_type = t; \
365 DelMods[i++]->mod_values = NULL
367 #define DOMAIN_SUFFIX "MIT.EDU"
368 #define DOMAIN "DOMAIN:"
369 #define PRINCIPALNAME "PRINCIPAL:"
370 #define SERVER "SERVER:"
373 #define GROUP_SUFFIX "GROUP_SUFFIX:"
374 #define GROUP_TYPE "GROUP_TYPE:"
375 #define SET_GROUP_ACE "SET_GROUP_ACE:"
376 #define SET_PASSWORD "SET_PASSWORD:"
377 #define EXCHANGE "EXCHANGE:"
378 #define REALM "REALM:"
379 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
381 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
382 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
383 #define MAX_DOMAINS 10
384 char DomainNames[MAX_DOMAINS][128];
386 LK_ENTRY *member_base = NULL;
388 char PrincipalName[128];
389 static char tbl_buf[1024];
390 char kerberos_ou[] = "OU=kerberos,OU=moira";
391 char contact_ou[] = "OU=strings,OU=moira";
392 char user_ou[] = "OU=users,OU=moira";
393 char group_ou_distribution[1024];
394 char group_ou_root[1024];
395 char group_ou_security[1024];
396 char group_ou_neither[1024];
397 char group_ou_both[1024];
398 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
399 char orphans_other_ou[] = "OU=Other,OU=Orphans";
400 char security_template_ou[] = "OU=security_templates";
402 char ldap_domain[256];
403 char ldap_realm[256];
405 char *ServerList[MAX_SERVER_NAMES];
406 char default_server[256];
407 static char tbl_buf[1024];
408 char group_suffix[256];
409 char exchange_acl[256];
410 int mr_connections = 0;
413 int UseGroupSuffix = 1;
414 int UseGroupUniversal = 0;
418 int ProcessMachineContainer = 1;
419 int ActiveDirectory = 1;
420 int UpdateDomainList;
422 int GroupPopulateDelete = 0;
424 extern int set_password(char *user, char *password, char *domain);
426 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
427 char *group_membership, char *MoiraId, char *attribute,
428 LK_ENTRY **linklist_base, int *linklist_count,
430 void AfsToWinAfs(char* path, char* winPath);
431 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
432 char *Win2kPassword, char *Win2kUser, char *default_server,
433 int connect_to_kdc, char **ServerList, char *ldap_realm,
435 void ad_kdc_disconnect();
436 int ad_server_connect(char *connectedServer, char *domain);
437 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
438 char *attribute_value, char *attribute, char *user_name);
439 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
440 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
441 int check_winad(void);
442 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
445 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
446 char *distinguishedName, int count, char **av);
447 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
448 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
449 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
450 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
451 char *distinguishedName, int count,
453 void container_get_dn(char *src, char *dest);
454 void container_get_name(char *src, char *dest);
455 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
456 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
457 char **before, int afterc, char **after);
458 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
459 char **before, int afterc, char **after);
461 int GetAceInfo(int ac, char **av, void *ptr);
462 int get_group_membership(char *group_membership, char *group_ou,
463 int *security_flag, char **av);
464 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
465 char *machine_ou, char *pPtr);
466 int Moira_container_group_create(char **after);
467 int Moira_container_group_delete(char **before);
468 int Moira_groupname_create(char *GroupName, char *ContainerName,
469 char *ContainerRowID);
470 int Moira_container_group_update(char **before, char **after);
471 int Moira_process_machine_container_group(char *MachineName, char* groupName,
473 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
474 int Moira_getContainerGroup(int ac, char **av, void *ptr);
475 int Moira_getGroupName(char *origContainerName, char *GroupName,
477 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
478 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
479 int UpdateGroup, int *ProcessGroup, char *maillist);
480 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
481 char *group_name, char *group_ou, char *group_membership,
482 int group_security_flag, int type, char *maillist);
483 int process_lists(int ac, char **av, void *ptr);
484 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
485 char *TargetGroupName, int HiddenGroup,
486 char *AceType, char *AceName);
487 int ProcessMachineName(int ac, char **av, void *ptr);
488 int ReadConfigFile(char *DomainName);
489 int ReadDomainList();
490 void StringTrim(char *StringToTrim);
491 char *escape_string(char *s);
492 int save_query_info(int argc, char **argv, void *hint);
493 int save_fsgroup_info(int argc, char **argv, void *hint);
494 int user_create(int ac, char **av, void *ptr);
495 int user_change_status(LDAP *ldap_handle, char *dn_path,
496 char *user_name, char *MoiraId, int operation);
497 int user_delete(LDAP *ldap_handle, char *dn_path,
498 char *u_name, char *MoiraId);
499 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
501 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
502 char *uid, char *MitId, char *MoiraId, int State,
503 char *WinHomeDir, char *WinProfileDir, char *first,
504 char *middle, char *last, char *shell, char *class);
505 void change_to_lower_case(char *ptr);
506 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
507 int contact_remove_email(LDAP *ld, char *bind_path,
508 LK_ENTRY **linklist_entry, int linklist_current);
509 int group_create(int ac, char **av, void *ptr);
510 int group_delete(LDAP *ldap_handle, char *dn_path,
511 char *group_name, char *group_membership, char *MoiraId);
512 int group_rename(LDAP *ldap_handle, char *dn_path,
513 char *before_group_name, char *before_group_membership,
514 char *before_group_ou, int before_security_flag,
515 char *before_desc, char *after_group_name,
516 char *after_group_membership, char *after_group_ou,
517 int after_security_flag, char *after_desc,
518 char *MoiraId, char *filter, char *maillist);
519 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
520 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
521 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
522 char *machine_name, char *container_name);
523 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
524 char *MoiraMachineName, char *DestinationOu);
525 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
526 char *group_name, char *group_ou, char *group_membership,
527 int group_security_flag, int updateGroup, char *maillist);
528 int member_list_build(int ac, char **av, void *ptr);
529 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
530 char *group_ou, char *group_membership,
531 char *user_name, char *pUserOu, char *MoiraId);
532 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
533 char *group_ou, char *group_membership, char *user_name,
534 char *pUserOu, char *MoiraId);
535 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
536 char *group_ou, char *group_membership,
537 int group_security_flag, char *MoiraId);
538 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
539 char *DistinguishedName,
540 char *WinHomeDir, char *WinProfileDir,
541 char **homedir_v, char **winProfile_v,
542 char **drives_v, LDAPMod **mods,
544 int sid_update(LDAP *ldap_handle, char *dn_path);
545 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
546 int check_string(char *s);
547 int check_container_name(char* s);
549 int mr_connect_cl(char *server, char *client, int version, int auth);
550 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
551 char **before, int beforec, char **after, int afterc);
552 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
553 char **before, int beforec, char **after, int afterc);
554 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
555 char **before, int beforec, char **after, int afterc);
556 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
557 char **before, int beforec, char **after, int afterc);
558 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
559 char **before, int beforec, char **after, int afterc);
560 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
561 char **before, int beforec, char **after, int afterc);
562 int linklist_create_entry(char *attribute, char *value,
563 LK_ENTRY **linklist_entry);
564 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
565 char **attr_array, LK_ENTRY **linklist_base,
566 int *linklist_count, unsigned long ScopeType);
567 void linklist_free(LK_ENTRY *linklist_base);
569 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
570 char *distinguished_name, LK_ENTRY **linklist_current);
571 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
572 LK_ENTRY **linklist_base, int *linklist_count);
573 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
574 char *Attribute, char *distinguished_name,
575 LK_ENTRY **linklist_current);
577 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
578 char *oldValue, char *newValue,
579 char ***modvalues, int type);
580 void free_values(char **modvalues);
582 int convert_domain_to_dn(char *domain, char **bind_path);
583 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
584 char *distinguished_name);
585 int moira_disconnect(void);
586 int moira_connect(void);
587 void print_to_screen(const char *fmt, ...);
588 int GetMachineName(char *MachineName);
589 int tickets_get_k5();
590 int destroy_cache(void);
593 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
594 char **homeServerName);
596 int main(int argc, char **argv)
612 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
616 com_err(whoami, 0, "Unable to process %s", "argc < 4");
620 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
622 com_err(whoami, 0, "Unable to process %s",
623 "argc < (4 + beforec + afterc)");
627 if (!strcmp(argv[1], "filesys"))
630 for (i = 1; i < argc; i++)
632 strcat(tbl_buf, argv[i]);
633 strcat(tbl_buf, " ");
636 com_err(whoami, 0, "%s", tbl_buf);
640 com_err(whoami, 0, "%s failed", "check_winad()");
644 initialize_sms_error_table();
645 initialize_krb_error_table();
647 UpdateDomainList = 0;
648 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
650 if (ReadDomainList())
652 com_err(whoami, 0, "%s failed", "ReadDomainList()");
656 for (i = 0; i < argc; i++)
659 for (k = 0; k < MAX_DOMAINS; k++)
661 if (strlen(DomainNames[k]) == 0)
663 for (i = 0; i < argc; i++)
665 if (orig_argv[i] != NULL)
667 orig_argv[i] = strdup(argv[i]);
670 memset(PrincipalName, '\0', sizeof(PrincipalName));
671 memset(ldap_domain, '\0', sizeof(ldap_domain));
672 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
673 memset(default_server, '\0', sizeof(default_server));
674 memset(dn_path, '\0', sizeof(dn_path));
675 memset(group_suffix, '\0', sizeof(group_suffix));
676 memset(exchange_acl, '\0', sizeof(exchange_acl));
680 UseGroupUniversal = 0;
684 ProcessMachineContainer = 1;
687 sprintf(group_suffix, "%s", "_group");
688 sprintf(exchange_acl, "%s", "exchange-acl");
690 beforec = atoi(orig_argv[2]);
691 afterc = atoi(orig_argv[3]);
692 table = orig_argv[1];
693 before = &orig_argv[4];
694 after = &orig_argv[4 + beforec];
702 if (ReadConfigFile(DomainNames[k]))
707 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
708 sprintf(group_ou_root, "OU=lists,OU=moira");
709 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
711 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
715 sprintf(group_ou_distribution, "OU=lists,OU=moira");
716 sprintf(group_ou_root, "OU=lists,OU=moira");
717 sprintf(group_ou_security, "OU=lists,OU=moira");
718 sprintf(group_ou_neither, "OU=lists,OU=moira");
719 sprintf(group_ou_both, "OU=lists,OU=moira");
722 OldUseSFU30 = UseSFU30;
724 for (i = 0; i < 5; i++)
726 ldap_handle = (LDAP *)NULL;
727 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
728 default_server, SetPassword, ServerList,
729 ldap_realm, ldap_port)))
731 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
736 if ((rc) || (ldap_handle == NULL))
738 critical_alert("incremental",
739 "ldap.incr cannot connect to any server in "
740 "domain %s", DomainNames[k]);
744 for (i = 0; i < (int)strlen(table); i++)
745 table[i] = tolower(table[i]);
747 if (!strcmp(table, "users"))
748 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
750 else if (!strcmp(table, "list"))
751 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
753 else if (!strcmp(table, "imembers"))
754 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
756 else if (!strcmp(table, "containers"))
757 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
759 else if (!strcmp(table, "mcntmap"))
760 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
766 for (i = 0; i < MAX_SERVER_NAMES; i++)
768 if (ServerList[i] != NULL)
771 ServerList[i] = NULL;
775 rc = ldap_unbind_s(ldap_handle);
781 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
782 char **before, int beforec, char **after, int afterc)
784 char MoiraContainerName[128];
785 char ADContainerName[128];
786 char MachineName[1024];
787 char OriginalMachineName[1024];
790 char MoiraContainerGroup[64];
792 if (!ProcessMachineContainer)
794 com_err(whoami, 0, "Process machines and containers disabled, skipping");
799 memset(ADContainerName, '\0', sizeof(ADContainerName));
800 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
802 if ((beforec == 0) && (afterc == 0))
805 if (rc = moira_connect())
807 critical_alert("Ldap incremental",
808 "Error contacting Moira server : %s",
813 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
815 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
816 strcpy(MachineName, before[OU_MACHINE_NAME]);
817 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
819 com_err(whoami, 0, "removing machine %s from %s",
820 OriginalMachineName, before[OU_CONTAINER_NAME]);
822 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
824 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
825 strcpy(MachineName, after[OU_MACHINE_NAME]);
826 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
827 com_err(whoami, 0, "adding machine %s to container %s",
828 OriginalMachineName, after[OU_CONTAINER_NAME]);
836 rc = GetMachineName(MachineName);
838 if (strlen(MachineName) == 0)
841 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
842 OriginalMachineName);
846 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
849 if (machine_check(ldap_handle, dn_path, MachineName))
851 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
852 OriginalMachineName, MachineName);
857 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
858 machine_get_moira_container(ldap_handle, dn_path, MachineName,
861 if (strlen(MoiraContainerName) == 0)
863 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
864 "in Moira - moving to orphans OU.",
865 OriginalMachineName, MachineName);
866 machine_move_to_ou(ldap_handle, dn_path, MachineName,
867 orphans_machines_ou);
872 container_get_dn(MoiraContainerName, ADContainerName);
874 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
875 strcat(MoiraContainerName, "/");
877 container_check(ldap_handle, dn_path, MoiraContainerName);
878 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
883 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
884 char **before, int beforec, char **after, int afterc)
888 if (!ProcessMachineContainer)
890 com_err(whoami, 0, "Process machines and containers disabled, skipping");
894 if ((beforec == 0) && (afterc == 0))
897 if (rc = moira_connect())
899 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
904 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
906 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
907 container_delete(ldap_handle, dn_path, beforec, before);
908 Moira_container_group_delete(before);
913 if ((beforec == 0) && (afterc != 0)) /*create a container*/
915 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
916 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
917 container_create(ldap_handle, dn_path, afterc, after);
918 Moira_container_group_create(after);
923 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
925 com_err(whoami, 0, "renaming container %s to %s",
926 before[CONTAINER_NAME], after[CONTAINER_NAME]);
927 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
928 Moira_container_group_update(before, after);
933 com_err(whoami, 0, "updating container %s information",
934 after[CONTAINER_NAME]);
935 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
936 Moira_container_group_update(before, after);
941 #define L_LIST_DESC 9
944 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
945 char **before, int beforec, char **after, int afterc)
950 char group_membership[6];
955 char before_list_id[32];
956 char before_group_membership[1];
957 int before_security_flag;
958 char before_group_ou[256];
959 LK_ENTRY *ptr = NULL;
961 if (beforec == 0 && afterc == 0)
964 memset(list_id, '\0', sizeof(list_id));
965 memset(before_list_id, '\0', sizeof(before_list_id));
966 memset(before_group_ou, '\0', sizeof(before_group_ou));
967 memset(before_group_membership, '\0', sizeof(before_group_membership));
968 memset(group_ou, '\0', sizeof(group_ou));
969 memset(group_membership, '\0', sizeof(group_membership));
974 if (beforec < L_LIST_ID)
976 if (beforec > L_LIST_DESC)
978 strcpy(before_list_id, before[L_LIST_ID]);
980 before_security_flag = 0;
981 get_group_membership(before_group_membership, before_group_ou,
982 &before_security_flag, before);
987 if (afterc < L_LIST_ID)
989 if (afterc > L_LIST_DESC)
991 strcpy(list_id, after[L_LIST_ID]);
994 get_group_membership(group_membership, group_ou, &security_flag, after);
997 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1006 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1007 before[L_NAME], before_group_ou,
1008 before_group_membership,
1009 before_security_flag, CHECK_GROUPS,
1010 before[L_MAILLIST])))
1012 if (rc == AD_NO_GROUPS_FOUND)
1016 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1017 (rc == AD_MULTIPLE_GROUPS_FOUND))
1019 rc = process_group(ldap_handle, dn_path, before_list_id,
1020 before[L_NAME], before_group_ou,
1021 before_group_membership,
1022 before_security_flag, CLEANUP_GROUPS,
1023 before[L_MAILLIST]);
1025 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1027 com_err(whoami, 0, "Unable to process list %s",
1031 if (rc == AD_NO_GROUPS_FOUND)
1037 if ((beforec != 0) && (afterc != 0))
1039 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1040 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1041 (strcmp(before_group_ou, group_ou)))) &&
1044 com_err(whoami, 0, "Changing list name from %s to %s",
1045 before[L_NAME], after[L_NAME]);
1047 if ((strlen(before_group_ou) == 0) ||
1048 (strlen(before_group_membership) == 0) ||
1049 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1051 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1055 memset(filter, '\0', sizeof(filter));
1057 if ((rc = group_rename(ldap_handle, dn_path,
1058 before[L_NAME], before_group_membership,
1059 before_group_ou, before_security_flag,
1060 before[L_LIST_DESC], after[L_NAME],
1061 group_membership, group_ou, security_flag,
1063 list_id, filter, after[L_MAILLIST])))
1065 if (rc != AD_NO_GROUPS_FOUND)
1068 "Unable to change list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1082 if ((strlen(before_group_ou) == 0) ||
1083 (strlen(before_group_membership) == 0))
1086 "Unable to find the group OU for group %s", before[L_NAME]);
1090 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1091 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1092 before_group_membership, before_list_id);
1100 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1102 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1103 group_ou, group_membership,
1104 security_flag, CHECK_GROUPS,
1107 if (rc != AD_NO_GROUPS_FOUND)
1109 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1110 (rc == AD_MULTIPLE_GROUPS_FOUND))
1112 rc = process_group(ldap_handle, dn_path, list_id,
1114 group_ou, group_membership,
1115 security_flag, CLEANUP_GROUPS,
1122 "Unable to create list %s", after[L_NAME]);
1129 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1131 if (rc = moira_connect())
1133 critical_alert("Ldap incremental",
1134 "Error contacting Moira server : %s",
1141 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1142 &ProcessGroup, after[L_MAILLIST]))
1147 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1148 &ProcessGroup, after[L_MAILLIST]))
1152 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1153 group_ou, group_membership, security_flag,
1154 updateGroup, after[L_MAILLIST]))
1160 if (atoi(after[L_ACTIVE]))
1162 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1163 group_membership, security_flag, list_id);
1171 #define LM_EXTRA_ACTIVE (LM_END)
1172 #define LM_EXTRA_PUBLIC (LM_END+1)
1173 #define LM_EXTRA_HIDDEN (LM_END+2)
1174 #define LM_EXTRA_MAILLIST (LM_END+3)
1175 #define LM_EXTRA_GROUP (LM_END+4)
1176 #define LM_EXTRA_GID (LM_END+5)
1177 #define LMN_LIST_ID (LM_END+6)
1178 #define LM_LIST_ID (LM_END+7)
1179 #define LM_USER_ID (LM_END+8)
1180 #define LM_EXTRA_END (LM_END+9)
1182 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1183 char **before, int beforec, char **after, int afterc)
1185 LK_ENTRY *group_base;
1188 char *attr_array[3];
1189 char group_name[128];
1190 char user_name[128];
1191 char user_type[128];
1192 char moira_list_id[32];
1193 char moira_user_id[32];
1194 char group_membership[1];
1196 char machine_ou[256];
1204 char NewMachineName[1024];
1208 char *save_argv[U_END];
1212 memset(moira_list_id, '\0', sizeof(moira_list_id));
1213 memset(moira_user_id, '\0', sizeof(moira_user_id));
1217 if (afterc < LM_EXTRA_GID)
1220 if (!atoi(after[LM_EXTRA_ACTIVE]))
1223 "Unable to add %s to group %s : group not active",
1224 after[2], after[0]);
1230 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1233 strcpy(user_name, after[LM_MEMBER]);
1234 strcpy(group_name, after[LM_LIST]);
1235 strcpy(user_type, after[LM_TYPE]);
1237 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1239 if (afterc > LM_EXTRA_GROUP)
1241 strcpy(moira_list_id, after[LMN_LIST_ID]);
1242 strcpy(moira_user_id, after[LM_LIST_ID]);
1245 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1247 if (afterc > LMN_LIST_ID)
1249 strcpy(moira_list_id, after[LM_LIST_ID]);
1250 strcpy(moira_user_id, after[LM_USER_ID]);
1255 if (afterc > LM_EXTRA_GID)
1256 strcpy(moira_list_id, after[LMN_LIST_ID]);
1261 if (beforec < LM_EXTRA_GID)
1263 if (!atoi(before[LM_EXTRA_ACTIVE]))
1266 "Unable to remove %s from group %s : group not active",
1267 before[2], before[0]);
1273 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1276 strcpy(user_name, before[LM_MEMBER]);
1277 strcpy(group_name, before[LM_LIST]);
1278 strcpy(user_type, before[LM_TYPE]);
1280 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1282 if (beforec > LM_EXTRA_GROUP)
1284 strcpy(moira_list_id, before[LMN_LIST_ID]);
1285 strcpy(moira_user_id, before[LM_LIST_ID]);
1288 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1290 if (beforec > LMN_LIST_ID)
1292 strcpy(moira_list_id, before[LM_LIST_ID]);
1293 strcpy(moira_user_id, before[LM_USER_ID]);
1298 if (beforec > LM_EXTRA_GID)
1299 strcpy(moira_list_id, before[LMN_LIST_ID]);
1306 "Unable to process group : beforec = %d, afterc = %d",
1311 args[L_NAME] = ptr[LM_LIST];
1312 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1313 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1314 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1315 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1316 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1317 args[L_GID] = ptr[LM_EXTRA_GID];
1320 memset(group_ou, '\0', sizeof(group_ou));
1321 get_group_membership(group_membership, group_ou, &security_flag, args);
1323 if (strlen(group_ou) == 0)
1325 com_err(whoami, 0, "Unable to find the group OU for group %s",
1330 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1331 group_ou, group_membership, security_flag,
1332 CHECK_GROUPS, args[L_MAILLIST]))
1334 if (rc != AD_NO_GROUPS_FOUND)
1336 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1337 group_name, group_ou, group_membership,
1338 security_flag, CLEANUP_GROUPS,
1341 if (rc != AD_NO_GROUPS_FOUND)
1344 com_err(whoami, 0, "Unable to add %s to group %s - "
1345 "unable to process group", user_name, group_name);
1347 com_err(whoami, 0, "Unable to remove %s from group %s - "
1348 "unable to process group", user_name, group_name);
1355 if (rc == AD_NO_GROUPS_FOUND)
1357 if (rc = moira_connect())
1359 critical_alert("Ldap incremental",
1360 "Error contacting Moira server : %s",
1365 com_err(whoami, 0, "creating group %s", group_name);
1368 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1369 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1375 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1379 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1380 group_ou, group_membership, security_flag, 0,
1381 ptr[LM_EXTRA_MAILLIST]))
1387 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1389 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1390 group_membership, security_flag, moira_list_id);
1400 com_err(whoami, 0, "removing user %s from list %s", user_name,
1404 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1406 if (!ProcessMachineContainer)
1408 com_err(whoami, 0, "Process machines and containers disabled, "
1413 memset(machine_ou, '\0', sizeof(machine_ou));
1414 memset(NewMachineName, '\0', sizeof(NewMachineName));
1415 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1416 machine_ou, NewMachineName))
1418 if (ptr[LM_MEMBER] != NULL)
1419 free(ptr[LM_MEMBER]);
1420 ptr[LM_MEMBER] = strdup(NewMachineName);
1421 pUserOu = machine_ou;
1424 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1426 strcpy(member, ptr[LM_MEMBER]);
1430 if((s = strchr(member, '@')) == (char *) NULL)
1432 strcat(member, "@mit.edu");
1434 if (ptr[LM_MEMBER] != NULL)
1435 free(ptr[LM_MEMBER]);
1436 ptr[LM_MEMBER] = strdup(member);
1439 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1441 s = strrchr(member, '.');
1443 strcat(s, ".mit.edu");
1445 if (ptr[LM_MEMBER] != NULL)
1446 free(ptr[LM_MEMBER]);
1447 ptr[LM_MEMBER] = strdup(member);
1451 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1455 pUserOu = contact_ou;
1457 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1459 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1463 pUserOu = kerberos_ou;
1466 if (rc = moira_connect()) {
1467 critical_alert("Ldap incremental",
1468 "Error contacting Moira server : %s",
1473 if (rc = populate_group(ldap_handle, dn_path, group_name,
1474 group_ou, group_membership,
1475 security_flag, moira_list_id))
1476 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1481 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1483 if (rc = moira_connect())
1485 critical_alert("Ldap incremental",
1486 "Error contacting Moira server : %s",
1491 if (rc = populate_group(ldap_handle, dn_path, group_name,
1492 group_ou, group_membership, security_flag,
1494 com_err(whoami, 0, "Unable to remove %s from group %s",
1495 user_name, group_name);
1502 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1505 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1507 memset(machine_ou, '\0', sizeof(machine_ou));
1508 memset(NewMachineName, '\0', sizeof(NewMachineName));
1510 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1514 if (ptr[LM_MEMBER] != NULL)
1515 free(ptr[LM_MEMBER]);
1517 ptr[LM_MEMBER] = strdup(NewMachineName);
1518 pUserOu = machine_ou;
1520 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1522 strcpy(member, ptr[LM_MEMBER]);
1526 if((s = strchr(member, '@')) == (char *) NULL)
1528 strcat(member, "@mit.edu");
1530 if (ptr[LM_MEMBER] != NULL)
1531 free(ptr[LM_MEMBER]);
1532 ptr[LM_MEMBER] = strdup(member);
1535 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1537 s = strrchr(member, '.');
1539 strcat(s, ".mit.edu");
1541 if (ptr[LM_MEMBER] != NULL)
1542 free(ptr[LM_MEMBER]);
1543 ptr[LM_MEMBER] = strdup(member);
1547 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1551 pUserOu = contact_ou;
1553 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1555 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1559 pUserOu = kerberos_ou;
1561 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1563 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1564 moira_user_id)) == AD_NO_USER_FOUND)
1566 if (rc = moira_connect())
1568 critical_alert("Ldap incremental",
1569 "Error connection to Moira : %s",
1574 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1575 av[0] = ptr[LM_MEMBER];
1576 call_args[0] = (char *)ldap_handle;
1577 call_args[1] = dn_path;
1578 call_args[2] = moira_user_id;
1579 call_args[3] = NULL;
1588 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1589 attr_array[0] = "cn";
1590 attr_array[1] = NULL;
1591 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1592 attr_array, &group_base, &group_count,
1593 LDAP_SCOPE_SUBTREE)) != 0)
1595 com_err(whoami, 0, "Unable to process user %s : %s",
1596 ptr[LM_MEMBER], ldap_err2string(rc));
1602 com_err(whoami, 0, "Object already exists with name %s",
1607 linklist_free(group_base);
1612 if (rc = mr_query("get_user_account_by_login", 1, av,
1613 save_query_info, save_argv))
1616 com_err(whoami, 0, "Unable to create user %s : %s",
1617 ptr[LM_MEMBER], error_message(rc));
1621 if (rc = user_create(U_END, save_argv, call_args))
1624 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1643 if (rc = moira_connect()) {
1644 critical_alert("Ldap incremental",
1645 "Error contacting Moira server : %s",
1650 if (rc = populate_group(ldap_handle, dn_path, group_name,
1651 group_ou, group_membership, security_flag,
1653 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1658 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1660 if (rc = moira_connect())
1662 critical_alert("Ldap incremental",
1663 "Error contacting Moira server : %s",
1668 if (rc = populate_group(ldap_handle, dn_path, group_name,
1669 group_ou, group_membership, security_flag,
1671 com_err(whoami, 0, "Unable to add %s to group %s",
1672 user_name, group_name);
1681 #define U_USER_ID 10
1682 #define U_HOMEDIR 11
1683 #define U_PROFILEDIR 12
1685 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1686 char **before, int beforec, char **after,
1689 LK_ENTRY *group_base;
1692 char *attr_array[3];
1695 char after_user_id[32];
1696 char before_user_id[32];
1698 char *save_argv[U_END];
1700 if ((beforec == 0) && (afterc == 0))
1703 memset(after_user_id, '\0', sizeof(after_user_id));
1704 memset(before_user_id, '\0', sizeof(before_user_id));
1706 if (beforec > U_USER_ID)
1707 strcpy(before_user_id, before[U_USER_ID]);
1709 if (afterc > U_USER_ID)
1710 strcpy(after_user_id, after[U_USER_ID]);
1712 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1715 if ((beforec == 0) && (afterc != 0))
1717 /*this case only happens when the account*/
1718 /*account is first created but not usable*/
1720 com_err(whoami, 0, "Unable to process user %s because the user account "
1721 "is not yet usable", after[U_NAME]);
1725 /*this case only happens when the account is expunged */
1727 if ((beforec != 0) && (afterc == 0))
1729 if (atoi(before[U_STATE]) == 0)
1731 com_err(whoami, 0, "expunging user %s from directory",
1733 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1737 com_err(whoami, 0, "Unable to process because user %s has been "
1738 "previously expungeded", before[U_NAME]);
1743 /*process anything that gets here*/
1745 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1746 before_user_id)) == AD_NO_USER_FOUND)
1748 if (!check_string(after[U_NAME]))
1751 if (rc = moira_connect())
1753 critical_alert("Ldap incremental",
1754 "Error connection to Moira : %s",
1759 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1761 av[0] = after[U_NAME];
1762 call_args[0] = (char *)ldap_handle;
1763 call_args[1] = dn_path;
1764 call_args[2] = after_user_id;
1765 call_args[3] = NULL;
1773 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1774 attr_array[0] = "cn";
1775 attr_array[1] = NULL;
1777 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1778 &group_base, &group_count,
1779 LDAP_SCOPE_SUBTREE)) != 0)
1781 com_err(whoami, 0, "Unable to process user %s : %s",
1782 after[U_NAME], ldap_err2string(rc));
1786 if (group_count >= 1)
1788 com_err(whoami, 0, "Object already exists with name %s",
1793 linklist_free(group_base);
1798 if (rc = mr_query("get_user_account_by_login", 1, av,
1799 save_query_info, save_argv))
1802 com_err(whoami, 0, "Unable to create user %s : %s",
1803 after[U_NAME], error_message(rc));
1807 if (rc = user_create(U_END, save_argv, call_args))
1809 com_err(whoami, 0, "Unable to create user %s : %s",
1810 after[U_NAME], error_message(rc));
1817 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1829 if (strcmp(before[U_NAME], after[U_NAME]))
1831 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1833 com_err(whoami, 0, "changing user %s to %s",
1834 before[U_NAME], after[U_NAME]);
1836 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1837 after[U_NAME])) != LDAP_SUCCESS)
1844 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1845 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1846 after[U_UID], after[U_MITID],
1847 after_user_id, atoi(after[U_STATE]),
1848 after[U_HOMEDIR], after[U_PROFILEDIR],
1849 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1850 after[U_SHELL], after[U_CLASS]);
1855 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1856 char *oldValue, char *newValue,
1857 char ***modvalues, int type)
1859 LK_ENTRY *linklist_ptr;
1863 if (((*modvalues) = calloc(1,
1864 (modvalue_count + 1) * sizeof(char *))) == NULL)
1869 for (i = 0; i < (modvalue_count + 1); i++)
1870 (*modvalues)[i] = NULL;
1872 if (modvalue_count != 0)
1874 linklist_ptr = linklist_base;
1875 for (i = 0; i < modvalue_count; i++)
1877 if ((oldValue != NULL) && (newValue != NULL))
1879 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1882 if (type == REPLACE)
1884 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1887 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1888 strcpy((*modvalues)[i], newValue);
1892 if (((*modvalues)[i] = calloc(1,
1893 (int)(cPtr - linklist_ptr->value) +
1894 (linklist_ptr->length -
1896 strlen(newValue) + 1)) == NULL)
1898 memset((*modvalues)[i], '\0',
1899 (int)(cPtr - linklist_ptr->value) +
1900 (linklist_ptr->length - strlen(oldValue)) +
1901 strlen(newValue) + 1);
1902 memcpy((*modvalues)[i], linklist_ptr->value,
1903 (int)(cPtr - linklist_ptr->value));
1904 strcat((*modvalues)[i], newValue);
1905 strcat((*modvalues)[i],
1906 &linklist_ptr->value[(int)(cPtr -
1907 linklist_ptr->value) + strlen(oldValue)]);
1912 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1913 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1914 memcpy((*modvalues)[i], linklist_ptr->value,
1915 linklist_ptr->length);
1920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1922 memcpy((*modvalues)[i], linklist_ptr->value,
1923 linklist_ptr->length);
1925 linklist_ptr = linklist_ptr->next;
1927 (*modvalues)[i] = NULL;
1933 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1934 char **attr_array, LK_ENTRY **linklist_base,
1935 int *linklist_count, unsigned long ScopeType)
1938 LDAPMessage *ldap_entry;
1942 (*linklist_base) = NULL;
1943 (*linklist_count) = 0;
1945 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1946 search_exp, attr_array, 0,
1947 &ldap_entry)) != LDAP_SUCCESS)
1949 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1953 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1956 ldap_msgfree(ldap_entry);
1960 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1961 LK_ENTRY **linklist_base, int *linklist_count)
1963 char distinguished_name[1024];
1964 LK_ENTRY *linklist_ptr;
1967 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1970 memset(distinguished_name, '\0', sizeof(distinguished_name));
1971 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1973 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1974 linklist_base)) != 0)
1977 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1983 distinguished_name, linklist_base)) != 0)
1987 linklist_ptr = (*linklist_base);
1988 (*linklist_count) = 0;
1990 while (linklist_ptr != NULL)
1992 ++(*linklist_count);
1993 linklist_ptr = linklist_ptr->next;
1999 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2000 char *distinguished_name, LK_ENTRY **linklist_current)
2007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2010 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2012 ldap_memfree(Attribute);
2013 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2016 retrieve_values(ldap_handle, ldap_entry, Attribute,
2017 distinguished_name, linklist_current);
2018 ldap_memfree(Attribute);
2022 ldap_ber_free(ptr, 0);
2027 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2028 char *Attribute, char *distinguished_name,
2029 LK_ENTRY **linklist_current)
2035 LK_ENTRY *linklist_previous;
2036 LDAP_BERVAL **ber_value;
2045 SID_IDENTIFIER_AUTHORITY *sid_auth;
2046 unsigned char *subauth_count;
2047 #endif /*LDAP_BEGUG*/
2050 memset(temp, '\0', sizeof(temp));
2052 if ((!strcmp(Attribute, "objectSid")) ||
2053 (!strcmp(Attribute, "objectGUID")))
2058 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2059 Ptr = (void **)ber_value;
2064 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2065 Ptr = (void **)str_value;
2073 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2076 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2077 linklist_previous->next = (*linklist_current);
2078 (*linklist_current) = linklist_previous;
2080 if (((*linklist_current)->attribute = calloc(1,
2081 strlen(Attribute) + 1)) == NULL)
2084 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2085 strcpy((*linklist_current)->attribute, Attribute);
2089 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2091 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2094 memset((*linklist_current)->value, '\0', ber_length);
2095 memcpy((*linklist_current)->value,
2096 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2097 (*linklist_current)->length = ber_length;
2101 if (((*linklist_current)->value = calloc(1,
2102 strlen(*Ptr) + 1)) == NULL)
2105 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2106 (*linklist_current)->length = strlen(*Ptr);
2107 strcpy((*linklist_current)->value, *Ptr);
2110 (*linklist_current)->ber_value = use_bervalue;
2112 if (((*linklist_current)->dn = calloc(1,
2113 strlen(distinguished_name) + 1)) == NULL)
2116 memset((*linklist_current)->dn, '\0',
2117 strlen(distinguished_name) + 1);
2118 strcpy((*linklist_current)->dn, distinguished_name);
2121 if (!strcmp(Attribute, "objectGUID"))
2123 guid = (GUID *)((*linklist_current)->value);
2125 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2126 guid->Data1, guid->Data2, guid->Data3,
2127 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2128 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2129 guid->Data4[6], guid->Data4[7]);
2130 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2132 else if (!strcmp(Attribute, "objectSid"))
2134 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2137 print_to_screen(" Revision = %d\n", sid->Revision);
2138 print_to_screen(" SID Identifier Authority:\n");
2139 sid_auth = &sid->IdentifierAuthority;
2140 if (sid_auth->Value[0])
2141 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2142 else if (sid_auth->Value[1])
2143 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2144 else if (sid_auth->Value[2])
2145 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2146 else if (sid_auth->Value[3])
2147 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2148 else if (sid_auth->Value[5])
2149 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2151 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2152 subauth_count = GetSidSubAuthorityCount(sid);
2153 print_to_screen(" SidSubAuthorityCount = %d\n",
2155 print_to_screen(" SidSubAuthority:\n");
2156 for (i = 0; i < *subauth_count; i++)
2158 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2159 print_to_screen(" %u\n", *subauth);
2163 else if ((!memcmp(Attribute, "userAccountControl",
2164 strlen("userAccountControl"))) ||
2165 (!memcmp(Attribute, "sAMAccountType",
2166 strlen("sAmAccountType"))))
2168 intValue = atoi(*Ptr);
2169 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2171 if (!memcmp(Attribute, "userAccountControl",
2172 strlen("userAccountControl")))
2174 if (intValue & UF_ACCOUNTDISABLE)
2175 print_to_screen(" %20s : %s\n",
2176 "", "Account disabled");
2178 print_to_screen(" %20s : %s\n",
2179 "", "Account active");
2180 if (intValue & UF_HOMEDIR_REQUIRED)
2181 print_to_screen(" %20s : %s\n",
2182 "", "Home directory required");
2183 if (intValue & UF_LOCKOUT)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account locked out");
2186 if (intValue & UF_PASSWD_NOTREQD)
2187 print_to_screen(" %20s : %s\n",
2188 "", "No password required");
2189 if (intValue & UF_PASSWD_CANT_CHANGE)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Cannot change password");
2192 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Temp duplicate account");
2195 if (intValue & UF_NORMAL_ACCOUNT)
2196 print_to_screen(" %20s : %s\n",
2197 "", "Normal account");
2198 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Interdomain trust account");
2201 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Workstation trust account");
2204 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Server trust account");
2211 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2213 #endif /*LDAP_DEBUG*/
2216 if (str_value != NULL)
2217 ldap_value_free(str_value);
2219 if (ber_value != NULL)
2220 ldap_value_free_len(ber_value);
2223 (*linklist_current) = linklist_previous;
2228 int moira_connect(void)
2233 if (!mr_connections++)
2237 memset(HostName, '\0', sizeof(HostName));
2238 strcpy(HostName, "ttsp");
2239 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2243 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2252 int check_winad(void)
2256 for (i = 0; file_exists(STOP_FILE); i++)
2260 critical_alert("Ldap incremental",
2261 "Ldap incremental failed (%s exists): %s",
2262 STOP_FILE, tbl_buf);
2272 int moira_disconnect(void)
2275 if (!--mr_connections)
2283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2284 char *distinguished_name)
2288 CName = ldap_get_dn(ldap_handle, ldap_entry);
2293 strcpy(distinguished_name, CName);
2294 ldap_memfree(CName);
2297 int linklist_create_entry(char *attribute, char *value,
2298 LK_ENTRY **linklist_entry)
2300 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2302 if (!(*linklist_entry))
2307 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2308 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2309 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2310 strcpy((*linklist_entry)->attribute, attribute);
2311 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2312 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2313 strcpy((*linklist_entry)->value, value);
2314 (*linklist_entry)->length = strlen(value);
2315 (*linklist_entry)->next = NULL;
2320 void print_to_screen(const char *fmt, ...)
2324 va_start(pvar, fmt);
2325 vfprintf(stderr, fmt, pvar);
2330 int get_group_membership(char *group_membership, char *group_ou,
2331 int *security_flag, char **av)
2336 maillist_flag = atoi(av[L_MAILLIST]);
2337 group_flag = atoi(av[L_GROUP]);
2339 if (security_flag != NULL)
2340 (*security_flag) = 0;
2342 if ((maillist_flag) && (group_flag))
2344 if (group_membership != NULL)
2345 group_membership[0] = 'B';
2347 if (security_flag != NULL)
2348 (*security_flag) = 1;
2350 if (group_ou != NULL)
2351 strcpy(group_ou, group_ou_both);
2353 else if ((!maillist_flag) && (group_flag))
2355 if (group_membership != NULL)
2356 group_membership[0] = 'S';
2358 if (security_flag != NULL)
2359 (*security_flag) = 1;
2361 if (group_ou != NULL)
2362 strcpy(group_ou, group_ou_security);
2364 else if ((maillist_flag) && (!group_flag))
2366 if (group_membership != NULL)
2367 group_membership[0] = 'D';
2369 if (group_ou != NULL)
2370 strcpy(group_ou, group_ou_distribution);
2374 if (group_membership != NULL)
2375 group_membership[0] = 'N';
2377 if (group_ou != NULL)
2378 strcpy(group_ou, group_ou_neither);
2384 int group_rename(LDAP *ldap_handle, char *dn_path,
2385 char *before_group_name, char *before_group_membership,
2386 char *before_group_ou, int before_security_flag,
2387 char *before_desc, char *after_group_name,
2388 char *after_group_membership, char *after_group_ou,
2389 int after_security_flag, char *after_desc,
2390 char *MoiraId, char *filter, char *maillist)
2395 char new_dn_path[512];
2398 char mail_nickname[256];
2399 char proxy_address[256];
2400 char address_book[256];
2401 char *attr_array[3];
2402 char *mitMoiraId_v[] = {NULL, NULL};
2403 char *name_v[] = {NULL, NULL};
2404 char *samAccountName_v[] = {NULL, NULL};
2405 char *groupTypeControl_v[] = {NULL, NULL};
2406 char *mail_v[] = {NULL, NULL};
2407 char *proxy_address_v[] = {NULL, NULL};
2408 char *mail_nickname_v[] = {NULL, NULL};
2409 char *report_to_originator_v[] = {NULL, NULL};
2410 char *address_book_v[] = {NULL, NULL};
2411 char *legacy_exchange_dn_v[] = {NULL, NULL};
2412 char *null_v[] = {NULL, NULL};
2413 u_int groupTypeControl;
2414 char groupTypeControlStr[80];
2415 char contact_mail[256];
2419 LK_ENTRY *group_base;
2421 int MailDisabled = 0;
2423 if(UseGroupUniversal)
2424 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2426 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2428 if (!check_string(before_group_name))
2431 "Unable to process invalid LDAP list name %s",
2433 return(AD_INVALID_NAME);
2436 if (!check_string(after_group_name))
2439 "Unable to process invalid LDAP list name %s", after_group_name);
2440 return(AD_INVALID_NAME);
2450 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2451 attr_array[0] = "cn";
2452 attr_array[1] = NULL;
2454 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2455 &group_base, &group_count,
2456 LDAP_SCOPE_SUBTREE)) != 0)
2458 com_err(whoami, 0, "Unable to process group %s : %s",
2459 after_group_name, ldap_err2string(rc));
2465 com_err(whoami, 0, "Object already exists with name %s",
2470 linklist_free(group_base);
2479 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2480 before_group_membership,
2481 MoiraId, "samAccountName", &group_base,
2482 &group_count, filter))
2485 if (group_count == 0)
2487 return(AD_NO_GROUPS_FOUND);
2490 if (group_count != 1)
2492 com_err(whoami, 0, "Unable to process multiple groups with "
2493 "MoiraId = %s exist in the directory", MoiraId);
2494 return(AD_MULTIPLE_GROUPS_FOUND);
2497 strcpy(old_dn, group_base->dn);
2499 linklist_free(group_base);
2502 attr_array[0] = "sAMAccountName";
2503 attr_array[1] = NULL;
2505 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2506 &group_base, &group_count,
2507 LDAP_SCOPE_SUBTREE)) != 0)
2509 com_err(whoami, 0, "Unable to get list %s dn : %s",
2510 after_group_name, ldap_err2string(rc));
2514 if (group_count != 1)
2517 "Unable to get sAMAccountName for group %s",
2519 return(AD_LDAP_FAILURE);
2522 strcpy(sam_name, group_base->value);
2523 linklist_free(group_base);
2527 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2528 sprintf(new_dn, "cn=%s", after_group_name);
2529 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2530 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2531 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2532 lowercase(ldap_domain));
2533 sprintf(mail_nickname, "%s", after_group_name);
2535 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2537 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2538 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2540 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2541 before_group_name, after_group_name, ldap_err2string(rc));
2545 name_v[0] = after_group_name;
2547 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2548 group_suffix, strlen(group_suffix)))
2550 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2555 "Unable to rename list from %s to %s : sAMAccountName not found",
2556 before_group_name, after_group_name);
2560 samAccountName_v[0] = sam_name;
2562 if (after_security_flag)
2563 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2565 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2566 groupTypeControl_v[0] = groupTypeControlStr;
2567 mitMoiraId_v[0] = MoiraId;
2569 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2570 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2573 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2580 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2582 mail_nickname_v[0] = mail_nickname;
2583 proxy_address_v[0] = proxy_address;
2585 report_to_originator_v[0] = "TRUE";
2587 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2588 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("reportToOriginator", report_to_originator_v,
2595 mail_nickname_v[0] = NULL;
2596 proxy_address_v[0] = NULL;
2598 legacy_exchange_dn_v[0] = NULL;
2599 address_book_v[0] = NULL;
2600 report_to_originator_v[0] = NULL;
2602 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2603 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2604 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2605 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2606 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2607 ADD_ATTR("reportToOriginator", report_to_originator_v,
2613 if(atoi(maillist) && email_isvalid(contact_mail))
2615 mail_v[0] = contact_mail;
2616 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2618 if(!ActiveDirectory)
2620 null_v[0] = "/dev/null";
2621 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2628 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2631 "Unable to modify list data for %s after renaming: %s",
2632 after_group_name, ldap_err2string(rc));
2635 for (i = 0; i < n; i++)
2641 int group_create(int ac, char **av, void *ptr)
2646 char new_group_name[256];
2647 char sam_group_name[256];
2648 char cn_group_name[256];
2650 char contact_mail[256];
2651 char mail_nickname[256];
2652 char proxy_address[256];
2653 char address_book[256];
2654 char *cn_v[] = {NULL, NULL};
2655 char *objectClass_v[] = {"top", "group", NULL};
2656 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2657 "group", "mailRecipient", NULL};
2659 char *samAccountName_v[] = {NULL, NULL};
2660 char *altSecurityIdentities_v[] = {NULL, NULL};
2661 char *member_v[] = {NULL, NULL};
2662 char *name_v[] = {NULL, NULL};
2663 char *desc_v[] = {NULL, NULL};
2664 char *info_v[] = {NULL, NULL};
2665 char *mitMoiraId_v[] = {NULL, NULL};
2666 char *mitMoiraPublic_v[] = {NULL, NULL};
2667 char *mitMoiraHidden_v[] = {NULL, NULL};
2668 char *groupTypeControl_v[] = {NULL, NULL};
2669 char *mail_v[] = {NULL, NULL};
2670 char *proxy_address_v[] = {NULL, NULL};
2671 char *mail_nickname_v[] = {NULL, NULL};
2672 char *report_to_originator_v[] = {NULL, NULL};
2673 char *address_book_v[] = {NULL, NULL};
2674 char *legacy_exchange_dn_v[] = {NULL, NULL};
2675 char *gidNumber_v[] = {NULL, NULL};
2676 char *null_v[] = {NULL, NULL};
2677 char groupTypeControlStr[80];
2678 char group_membership[1];
2681 u_int groupTypeControl;
2685 int MailDisabled = 0;
2687 LK_ENTRY *group_base;
2690 char *attr_array[3];
2694 if(UseGroupUniversal)
2695 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2697 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2699 if (!check_string(av[L_NAME]))
2701 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2703 return(AD_INVALID_NAME);
2706 updateGroup = (int)call_args[4];
2707 memset(group_ou, 0, sizeof(group_ou));
2708 memset(group_membership, 0, sizeof(group_membership));
2711 get_group_membership(group_membership, group_ou, &security_flag, av);
2713 strcpy(new_group_name, av[L_NAME]);
2714 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2715 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2716 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2717 sprintf(mail_nickname, "%s", av[L_NAME]);
2720 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2722 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2726 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2727 groupTypeControl_v[0] = groupTypeControlStr;
2729 strcpy(cn_group_name, av[L_NAME]);
2731 samAccountName_v[0] = sam_group_name;
2732 name_v[0] = new_group_name;
2733 cn_v[0] = new_group_name;
2736 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2740 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2744 mitMoiraPublic_v[0] = av[L_PUBLIC];
2745 mitMoiraHidden_v[0] = av[L_HIDDEN];
2746 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2747 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2748 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2750 if(atoi(av[L_GROUP]))
2752 gidNumber_v[0] = av[L_GID];
2753 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2757 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2758 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2759 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2763 if(atoi(av[L_MAILLIST]))
2768 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2769 attr_array[0] = "cn";
2770 attr_array[1] = NULL;
2772 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2773 filter, attr_array, &group_base,
2775 LDAP_SCOPE_SUBTREE)) != 0)
2777 com_err(whoami, 0, "Unable to process group %s : %s",
2778 av[L_NAME], ldap_err2string(rc));
2784 com_err(whoami, 0, "Object already exists with name %s",
2789 linklist_free(group_base);
2794 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2796 mail_nickname_v[0] = mail_nickname;
2797 report_to_originator_v[0] = "TRUE";
2799 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2800 ADD_ATTR("reportToOriginator", report_to_originator_v,
2806 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2808 mail_v[0] = contact_mail;
2809 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2811 if(!ActiveDirectory)
2813 null_v[0] = "/dev/null";
2814 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2819 if (strlen(av[L_DESC]) != 0)
2821 desc_v[0] = av[L_DESC];
2822 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2825 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2827 if (strlen(av[L_ACE_NAME]) != 0)
2829 sprintf(info, "The Administrator of this list is: %s",
2832 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2835 if (strlen(call_args[5]) != 0)
2837 mitMoiraId_v[0] = call_args[5];
2838 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2843 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2845 for (i = 0; i < n; i++)
2848 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2850 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2851 av[L_NAME], ldap_err2string(rc));
2857 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2859 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2860 "description", av[L_NAME]);
2861 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2863 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2868 if (strlen(call_args[5]) != 0)
2870 mitMoiraId_v[0] = call_args[5];
2871 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2874 if (!(atoi(av[L_ACTIVE])))
2877 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2880 if (!ActiveDirectory)
2882 mitMoiraPublic_v[0] = av[L_PUBLIC];
2883 mitMoiraHidden_v[0] = av[L_HIDDEN];
2884 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2885 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2887 if(atoi(av[L_GROUP]))
2889 gidNumber_v[0] = av[L_GID];
2890 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2894 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2900 if(atoi(av[L_MAILLIST]))
2905 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2906 attr_array[0] = "cn";
2907 attr_array[1] = NULL;
2909 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2910 filter, attr_array, &group_base,
2912 LDAP_SCOPE_SUBTREE)) != 0)
2914 com_err(whoami, 0, "Unable to process group %s : %s",
2915 av[L_NAME], ldap_err2string(rc));
2921 com_err(whoami, 0, "Object already exists with name %s",
2926 linklist_free(group_base);
2931 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2933 mail_nickname_v[0] = mail_nickname;
2934 report_to_originator_v[0] = "TRUE";
2936 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2937 ADD_ATTR("reportToOriginator", report_to_originator_v,
2943 mail_nickname_v[0] = NULL;
2944 proxy_address_v[0] = NULL;
2945 legacy_exchange_dn_v[0] = NULL;
2946 address_book_v[0] = NULL;
2947 report_to_originator_v[0] = NULL;
2949 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2950 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2951 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2952 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2954 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2955 ADD_ATTR("reportToOriginator", report_to_originator_v,
2961 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2963 mail_v[0] = contact_mail;
2964 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2966 if(!ActiveDirectory)
2968 null_v[0] = "/dev/null";
2969 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2975 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2977 if(!ActiveDirectory)
2980 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2990 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2992 for (i = 0; i < n; i++)
2995 if (rc != LDAP_SUCCESS)
2997 com_err(whoami, 0, "Unable to update list %s in directory : %s",
2998 av[L_NAME], ldap_err2string(rc));
3005 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3006 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3008 return(LDAP_SUCCESS);
3011 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3012 char *TargetGroupName, int HiddenGroup,
3013 char *AceType, char *AceName)
3015 char filter_exp[1024];
3016 char *attr_array[5];
3017 char search_path[512];
3019 char TemplateDn[512];
3020 char TemplateSamName[128];
3022 char TargetSamName[128];
3023 char AceSamAccountName[128];
3025 unsigned char AceSid[128];
3026 unsigned char UserTemplateSid[128];
3027 char acBERBuf[N_SD_BER_BYTES];
3028 char GroupSecurityTemplate[256];
3029 char hide_addres_lists[256];
3030 char address_book[256];
3031 char *hide_address_lists_v[] = {NULL, NULL};
3032 char *address_book_v[] = {NULL, NULL};
3033 char *owner_v[] = {NULL, NULL};
3035 int UserTemplateSidCount;
3042 int array_count = 0;
3044 LK_ENTRY *group_base;
3045 LDAP_BERVAL **ppsValues;
3046 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3047 { N_SD_BER_BYTES, acBERBuf },
3050 LDAPControl *apsServerControls[] = {&sControl, NULL};
3053 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3054 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3055 BEREncodeSecurityBits(dwInfo, acBERBuf);
3057 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3058 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3059 attr_array[0] = "sAMAccountName";
3060 attr_array[1] = NULL;
3064 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3065 &group_base, &group_count,
3066 LDAP_SCOPE_SUBTREE) != 0))
3069 if (group_count != 1)
3071 linklist_free(group_base);
3075 strcpy(TargetDn, group_base->dn);
3076 strcpy(TargetSamName, group_base->value);
3077 linklist_free(group_base);
3081 UserTemplateSidCount = 0;
3082 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3083 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3084 memset(AceSid, '\0', sizeof(AceSid));
3089 if (strlen(AceName) != 0)
3091 if (!strcmp(AceType, "LIST"))
3093 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3094 strcpy(root_ou, group_ou_root);
3096 else if (!strcmp(AceType, "USER"))
3098 sprintf(AceSamAccountName, "%s", AceName);
3099 strcpy(root_ou, user_ou);
3102 if (ActiveDirectory)
3104 if (strlen(AceSamAccountName) != 0)
3106 sprintf(search_path, "%s", dn_path);
3107 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3108 attr_array[0] = "objectSid";
3109 attr_array[1] = NULL;
3113 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3114 attr_array, &group_base, &group_count,
3115 LDAP_SCOPE_SUBTREE) != 0))
3117 if (group_count == 1)
3119 strcpy(AceDn, group_base->dn);
3120 AceSidCount = group_base->length;
3121 memcpy(AceSid, group_base->value, AceSidCount);
3123 linklist_free(group_base);
3130 if (strlen(AceSamAccountName) != 0)
3132 sprintf(search_path, "%s", dn_path);
3133 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3134 attr_array[0] = "samAccountName";
3135 attr_array[1] = NULL;
3139 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3140 attr_array, &group_base, &group_count,
3141 LDAP_SCOPE_SUBTREE) != 0))
3143 if (group_count == 1)
3145 strcpy(AceDn, group_base->dn);
3147 linklist_free(group_base);
3154 if (!ActiveDirectory)
3156 if (strlen(AceDn) != 0)
3158 owner_v[0] = strdup(AceDn);
3160 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3164 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3166 for (i = 0; i < n; i++)
3169 if (rc != LDAP_SUCCESS)
3170 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3171 TargetGroupName, ldap_err2string(rc));
3177 if (AceSidCount == 0)
3179 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3180 "have a directory SID.", TargetGroupName, AceName, AceType);
3181 com_err(whoami, 0, " Non-admin security group template will be used.");
3185 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3186 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3187 attr_array[0] = "objectSid";
3188 attr_array[1] = NULL;
3193 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3194 attr_array, &group_base, &group_count,
3195 LDAP_SCOPE_SUBTREE) != 0))
3198 if ((rc != 0) || (group_count != 1))
3200 com_err(whoami, 0, "Unable to process user security template: %s",
3206 UserTemplateSidCount = group_base->length;
3207 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3209 linklist_free(group_base);
3216 if (AceSidCount == 0)
3218 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3219 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3223 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3224 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3229 if (AceSidCount == 0)
3231 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3232 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3236 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3237 sprintf(filter_exp, "(sAMAccountName=%s)",
3238 NOT_HIDDEN_GROUP_WITH_ADMIN);
3242 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3243 attr_array[0] = "sAMAccountName";
3244 attr_array[1] = NULL;
3248 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3249 &group_base, &group_count,
3250 LDAP_SCOPE_SUBTREE) != 0))
3253 if (group_count != 1)
3255 linklist_free(group_base);
3256 com_err(whoami, 0, "Unable to process group security template: %s - "
3257 "security not set", GroupSecurityTemplate);
3261 strcpy(TemplateDn, group_base->dn);
3262 strcpy(TemplateSamName, group_base->value);
3263 linklist_free(group_base);
3267 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3268 rc = ldap_search_ext_s(ldap_handle,
3280 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3282 com_err(whoami, 0, "Unable to find group security template: %s - "
3283 "security not set", GroupSecurityTemplate);
3287 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3289 if (ppsValues == NULL)
3291 com_err(whoami, 0, "Unable to find group security descriptor for group "
3292 "%s - security not set", GroupSecurityTemplate);
3296 if (AceSidCount != 0)
3298 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3301 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3303 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3304 UserTemplateSidCount))
3306 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3314 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3315 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3321 hide_address_lists_v[0] = "TRUE";
3322 address_book_v[0] = NULL;
3323 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3325 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3327 hide_address_lists_v[0] = NULL;
3328 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3335 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3337 for (i = 0; i < n; i++)
3340 ldap_value_free_len(ppsValues);
3341 ldap_msgfree(psMsg);
3343 if (rc != LDAP_SUCCESS)
3345 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3346 TargetGroupName, ldap_err2string(rc));
3348 if (AceSidCount != 0)
3351 "Trying to set security for group %s without admin.",
3354 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3355 HiddenGroup, "", ""))
3357 com_err(whoami, 0, "Unable to set security for group %s.",
3368 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3369 char *group_membership, char *MoiraId)
3371 LK_ENTRY *group_base;
3377 if (!check_string(group_name))
3380 "Unable to process invalid LDAP list name %s", group_name);
3381 return(AD_INVALID_NAME);
3384 memset(filter, '\0', sizeof(filter));
3387 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3389 if (rc = ad_get_group(ldap_handle, temp, group_name,
3390 group_membership, MoiraId,
3391 "samAccountName", &group_base,
3392 &group_count, filter))
3395 if (group_count == 1)
3397 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3399 linklist_free(group_base);
3400 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3401 group_name, ldap_err2string(rc));
3404 linklist_free(group_base);
3408 linklist_free(group_base);
3409 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3410 return(AD_NO_GROUPS_FOUND);
3416 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3422 return(N_SD_BER_BYTES);
3425 int process_lists(int ac, char **av, void *ptr)
3430 char group_membership[2];
3436 memset(group_ou, '\0', sizeof(group_ou));
3437 memset(group_membership, '\0', sizeof(group_membership));
3438 get_group_membership(group_membership, group_ou, &security_flag, av);
3439 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3440 av[L_NAME], group_ou, group_membership,
3446 int member_list_build(int ac, char **av, void *ptr)
3454 strcpy(temp, av[ACE_NAME]);
3457 if (!check_string(temp))
3460 if (!strcmp(av[ACE_TYPE], "USER"))
3462 if (!((int)call_args[3] & MOIRA_USERS))
3465 else if (!strcmp(av[ACE_TYPE], "STRING"))
3469 if((s = strchr(temp, '@')) == (char *) NULL)
3471 strcat(temp, "@mit.edu");
3474 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3476 s = strrchr(temp, '.');
3478 strcat(s, ".mit.edu");
3482 if (!((int)call_args[3] & MOIRA_STRINGS))
3485 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3488 else if (!strcmp(av[ACE_TYPE], "LIST"))
3490 if (!((int)call_args[3] & MOIRA_LISTS))
3493 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3495 if (!((int)call_args[3] & MOIRA_KERBEROS))
3498 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3503 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3505 if (!((int)call_args[3] & MOIRA_MACHINE))
3511 linklist = member_base;
3515 if (!strcasecmp(temp, linklist->member) &&
3516 !strcasecmp(av[ACE_TYPE], linklist->type))
3519 linklist = linklist->next;
3522 linklist = calloc(1, sizeof(LK_ENTRY));
3524 linklist->dn = NULL;
3525 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3526 strcpy(linklist->list, call_args[2]);
3527 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3528 strcpy(linklist->type, av[ACE_TYPE]);
3529 linklist->member = calloc(1, strlen(temp) + 1);
3530 strcpy(linklist->member, temp);
3531 linklist->next = member_base;
3532 member_base = linklist;
3537 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3538 char *group_ou, char *group_membership, char *user_name,
3539 char *UserOu, char *MoiraId)
3541 char distinguished_name[1024];
3545 char *attr_array[3];
3550 LK_ENTRY *group_base;
3554 if (!check_string(group_name))
3555 return(AD_INVALID_NAME);
3557 memset(filter, '\0', sizeof(filter));
3561 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3562 group_membership, MoiraId,
3563 "samAccountName", &group_base,
3564 &group_count, filter))
3567 if (group_count != 1)
3569 com_err(whoami, 0, "Unable to find list %s in directory",
3571 linklist_free(group_base);
3577 strcpy(distinguished_name, group_base->dn);
3578 linklist_free(group_base);
3584 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3588 if(!strcmp(UserOu, user_ou))
3589 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3591 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3594 modvalues[0] = temp;
3595 modvalues[1] = NULL;
3598 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3600 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3602 for (i = 0; i < n; i++)
3605 if (rc == LDAP_UNWILLING_TO_PERFORM)
3608 if (rc != LDAP_SUCCESS)
3610 com_err(whoami, 0, "Unable to modify list %s members : %s",
3611 group_name, ldap_err2string(rc));
3615 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3619 if(!strcmp(UserOu, contact_ou) &&
3620 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3622 memset(temp, '\0', sizeof(temp));
3623 strcpy(temp, user_name);
3624 s = strchr(temp, '@');
3627 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3629 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3630 &group_base, &group_count,
3631 LDAP_SCOPE_SUBTREE) != 0))
3637 linklist_free(group_base);
3642 sprintf(filter, "(distinguishedName=%s)", temp);
3643 attr_array[0] = "memberOf";
3644 attr_array[1] = NULL;
3646 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3647 &group_base, &group_count,
3648 LDAP_SCOPE_SUBTREE) != 0))
3654 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3656 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3666 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3667 char *group_ou, char *group_membership, char *user_name,
3668 char *UserOu, char *MoiraId)
3670 char distinguished_name[1024];
3678 LK_ENTRY *group_base;
3681 if (!check_string(group_name))
3682 return(AD_INVALID_NAME);
3685 memset(filter, '\0', sizeof(filter));
3689 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3690 group_membership, MoiraId,
3691 "samAccountName", &group_base,
3692 &group_count, filter))
3695 if (group_count != 1)
3697 linklist_free(group_base);
3700 com_err(whoami, 0, "Unable to find list %s %d in directory",
3701 group_name, group_count);
3702 return(AD_MULTIPLE_GROUPS_FOUND);
3705 strcpy(distinguished_name, group_base->dn);
3706 linklist_free(group_base);
3712 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3716 if(!strcmp(UserOu, user_ou))
3717 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3719 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3722 modvalues[0] = temp;
3723 modvalues[1] = NULL;
3726 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3728 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3730 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3733 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3735 if (rc == LDAP_UNWILLING_TO_PERFORM)
3739 for (i = 0; i < n; i++)
3742 if (rc != LDAP_SUCCESS)
3744 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3745 user_name, group_name, ldap_err2string(rc));
3751 int contact_remove_email(LDAP *ld, char *bind_path,
3752 LK_ENTRY **linklist_base, int linklist_current)
3756 char *mail_v[] = {NULL, NULL};
3764 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3765 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3766 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3767 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3770 gPtr = (*linklist_base);
3773 rc = ldap_modify_s(ld, gPtr->dn, mods);
3775 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3777 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3778 gPtr->dn, ldap_err2string(rc));
3785 for (i = 0; i < n; i++)
3791 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3794 LK_ENTRY *group_base;
3797 char cn_user_name[256];
3798 char contact_name[256];
3799 char mail_nickname[256];
3800 char proxy_address_internal[256];
3801 char proxy_address_external[256];
3802 char target_address[256];
3803 char internal_contact_name[256];
3806 char principal[256];
3807 char mit_address_book[256];
3808 char default_address_book[256];
3809 char contact_address_book[256];
3811 char *email_v[] = {NULL, NULL};
3812 char *cn_v[] = {NULL, NULL};
3813 char *contact_v[] = {NULL, NULL};
3814 char *uid_v[] = {NULL, NULL};
3815 char *mail_nickname_v[] = {NULL, NULL};
3816 char *proxy_address_internal_v[] = {NULL, NULL};
3817 char *proxy_address_external_v[] = {NULL, NULL};
3818 char *target_address_v[] = {NULL, NULL};
3819 char *mit_address_book_v[] = {NULL, NULL};
3820 char *default_address_book_v[] = {NULL, NULL};
3821 char *contact_address_book_v[] = {NULL, NULL};
3822 char *hide_address_lists_v[] = {NULL, NULL};
3823 char *attr_array[3];
3824 char *objectClass_v[] = {"top", "person",
3825 "organizationalPerson",
3827 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3828 "inetOrgPerson", "organizationalPerson",
3829 "contact", "mailRecipient", "eduPerson",
3831 char *name_v[] = {NULL, NULL};
3832 char *desc_v[] = {NULL, NULL};
3839 char *mail_routing_v[] = {NULL, NULL};
3840 char *principal_v[] = {NULL, NULL};
3842 if (!check_string(user))
3844 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3845 return(AD_INVALID_NAME);
3849 strcpy(contact_name, mail);
3850 strcpy(internal_contact_name, mail);
3852 if((s = strchr(internal_contact_name, '@')) != NULL) {
3856 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3859 sprintf(target_address, "SMTP:%s", contact_name);
3860 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3861 sprintf(mail_nickname, "%s", internal_contact_name);
3863 cn_v[0] = cn_user_name;
3864 contact_v[0] = contact_name;
3867 desc_v[0] = "Auto account created by Moira";
3869 proxy_address_internal_v[0] = proxy_address_internal;
3870 proxy_address_external_v[0] = proxy_address_external;
3871 mail_nickname_v[0] = mail_nickname;
3872 target_address_v[0] = target_address;
3873 mit_address_book_v[0] = mit_address_book;
3874 default_address_book_v[0] = default_address_book;
3875 contact_address_book_v[0] = contact_address_book;
3876 strcpy(new_dn, cn_user_name);
3879 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3881 if(!ActiveDirectory)
3883 if(!strcmp(group_ou, contact_ou))
3884 sprintf(uid, "%s%s", contact_name, "_strings");
3886 if(!strcmp(group_ou, kerberos_ou))
3887 sprintf(uid, "%s%s", contact_name, "_kerberos");
3891 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3892 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3897 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3901 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3904 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3905 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3906 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3910 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3915 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3916 attr_array[0] = "cn";
3917 attr_array[1] = NULL;
3919 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3920 &group_base, &group_count,
3921 LDAP_SCOPE_SUBTREE)) != 0)
3923 com_err(whoami, 0, "Unable to process contact %s : %s",
3924 user, ldap_err2string(rc));
3930 com_err(whoami, 0, "Object already exists with name %s",
3935 linklist_free(group_base);
3939 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3940 attr_array[0] = "cn";
3941 attr_array[1] = NULL;
3943 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3944 &group_base, &group_count,
3945 LDAP_SCOPE_SUBTREE)) != 0)
3947 com_err(whoami, 0, "Unable to process contact %s : %s",
3948 user, ldap_err2string(rc));
3954 com_err(whoami, 0, "Object already exists with name %s",
3959 linklist_free(group_base);
3963 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3964 attr_array[0] = "cn";
3965 attr_array[1] = NULL;
3967 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3968 &group_base, &group_count,
3969 LDAP_SCOPE_SUBTREE)) != 0)
3971 com_err(whoami, 0, "Unable to process contact %s : %s",
3972 user, ldap_err2string(rc));
3978 com_err(whoami, 0, "Object already exists with name %s",
3983 linklist_free(group_base);
3987 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3988 attr_array[0] = "cn";
3989 attr_array[1] = NULL;
3991 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3992 &group_base, &group_count,
3993 LDAP_SCOPE_SUBTREE)) != 0)
3995 com_err(whoami, 0, "Unable to process contact %s : %s",
3996 user, ldap_err2string(rc));
4002 com_err(whoami, 0, "Object already exists with name %s",
4007 linklist_free(group_base);
4011 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4012 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4013 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4014 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4016 hide_address_lists_v[0] = "TRUE";
4017 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4022 if(!ActiveDirectory)
4024 if((c = strchr(mail, '@')) == NULL)
4025 sprintf(temp, "%s@mit.edu", mail);
4027 sprintf(temp, "%s", mail);
4029 mail_routing_v[0] = temp;
4031 principal_v[0] = principal;
4033 if(!strcmp(group_ou, contact_ou))
4035 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4036 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4042 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4044 for (i = 0; i < n; i++)
4049 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4050 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4054 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4055 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4056 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4058 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4060 hide_address_lists_v[0] = "TRUE";
4061 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4065 rc = ldap_modify_s(ld, new_dn, mods);
4069 com_err(whoami, 0, "Unable to update contact %s", mail);
4072 for (i = 0; i < n; i++)
4077 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4079 com_err(whoami, 0, "Unable to create contact %s : %s",
4080 user, ldap_err2string(rc));
4087 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4088 char *Uid, char *MitId, char *MoiraId, int State,
4089 char *WinHomeDir, char *WinProfileDir, char *first,
4090 char *middle, char *last, char *shell, char *class)
4093 LK_ENTRY *group_base;
4095 char distinguished_name[512];
4096 char displayName[256];
4097 char *mitMoiraId_v[] = {NULL, NULL};
4098 char *mitMoiraClass_v[] = {NULL, NULL};
4099 char *mitMoiraStatus_v[] = {NULL, NULL};
4100 char *uid_v[] = {NULL, NULL};
4101 char *mitid_v[] = {NULL, NULL};
4102 char *homedir_v[] = {NULL, NULL};
4103 char *winProfile_v[] = {NULL, NULL};
4104 char *drives_v[] = {NULL, NULL};
4105 char *userAccountControl_v[] = {NULL, NULL};
4106 char *alt_recipient_v[] = {NULL, NULL};
4107 char *hide_address_lists_v[] = {NULL, NULL};
4108 char *mail_v[] = {NULL, NULL};
4109 char *gid_v[] = {NULL, NULL};
4110 char *loginshell_v[] = {NULL, NULL};
4111 char *principal_v[] = {NULL, NULL};
4112 char userAccountControlStr[80];
4117 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4118 UF_PASSWD_CANT_CHANGE;
4120 char *attr_array[3];
4123 char contact_mail[256];
4124 char filter_exp[1024];
4125 char search_path[512];
4126 char TemplateDn[512];
4127 char TemplateSamName[128];
4128 char alt_recipient[256];
4129 char principal[256];
4131 char acBERBuf[N_SD_BER_BYTES];
4132 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4133 { N_SD_BER_BYTES, acBERBuf },
4135 LDAPControl *apsServerControls[] = {&sControl, NULL};
4137 LDAP_BERVAL **ppsValues;
4141 char *homeServerName;
4143 char search_string[256];
4145 char *mail_routing_v[] = {NULL, NULL};
4148 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4149 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4150 BEREncodeSecurityBits(dwInfo, acBERBuf);
4152 if (!check_string(user_name))
4154 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4156 return(AD_INVALID_NAME);
4159 memset(contact_mail, '\0', sizeof(contact_mail));
4160 sprintf(contact_mail, "%s@mit.edu", user_name);
4161 memset(mail, '\0', sizeof(mail));
4162 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4163 memset(alt_recipient, '\0', sizeof(alt_recipient));
4164 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4166 sprintf(search_string, "@%s", uppercase(ldap_domain));
4170 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4172 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4179 memset(displayName, '\0', sizeof(displayName));
4181 if (strlen(MoiraId) != 0)
4185 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4190 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4193 attr_array[0] = "cn";
4194 attr_array[1] = NULL;
4195 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4196 &group_base, &group_count,
4197 LDAP_SCOPE_SUBTREE)) != 0)
4199 com_err(whoami, 0, "Unable to process user %s : %s",
4200 user_name, ldap_err2string(rc));
4205 if (group_count != 1)
4207 linklist_free(group_base);
4210 sprintf(filter, "(sAMAccountName=%s)", user_name);
4211 attr_array[0] = "cn";
4212 attr_array[1] = NULL;
4213 sprintf(temp, "%s,%s", user_ou, dn_path);
4214 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4215 &group_base, &group_count,
4216 LDAP_SCOPE_SUBTREE)) != 0)
4218 com_err(whoami, 0, "Unable to process user %s : %s",
4219 user_name, ldap_err2string(rc));
4224 if (group_count != 1)
4226 com_err(whoami, 0, "Unable to find user %s in directory",
4228 linklist_free(group_base);
4229 return(AD_NO_USER_FOUND);
4232 strcpy(distinguished_name, group_base->dn);
4234 linklist_free(group_base);
4237 if(!ActiveDirectory)
4239 if (rc = moira_connect())
4241 critical_alert("Ldap incremental",
4242 "Error contacting Moira server : %s",
4247 argv[0] = user_name;
4249 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4252 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4254 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4256 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4261 "Unable to set the mailRoutingAddress for %s : %s",
4262 user_name, ldap_err2string(rc));
4264 p = strdup(save_argv[3]);
4266 if((c = strchr(p, ',')) != NULL)
4271 if ((c = strchr(q, '@')) == NULL)
4272 sprintf(temp, "%s@mit.edu", q);
4274 sprintf(temp, "%s", q);
4276 if(email_isvalid(temp) && State != US_DELETED)
4278 mail_routing_v[0] = temp;
4281 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4283 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4285 if (rc == LDAP_ALREADY_EXISTS ||
4286 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4291 "Unable to set the mailRoutingAddress for %s : %s",
4292 user_name, ldap_err2string(rc));
4295 while((q = strtok(NULL, ",")) != NULL) {
4298 if((c = strchr(q, '@')) == NULL)
4299 sprintf(temp, "%s@mit.edu", q);
4301 sprintf(temp, "%s", q);
4303 if(email_isvalid(temp) && State != US_DELETED)
4305 mail_routing_v[0] = temp;
4308 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4311 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4313 if (rc == LDAP_ALREADY_EXISTS ||
4314 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4319 "Unable to set the mailRoutingAddress for "
4321 user_name, ldap_err2string(rc));
4327 if((c = strchr(p, '@')) == NULL)
4328 sprintf(temp, "%s@mit.edu", p);
4330 sprintf(temp, "%s", p);
4332 if(email_isvalid(temp) && State != US_DELETED)
4334 mail_routing_v[0] = temp;
4337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4339 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4341 if (rc == LDAP_ALREADY_EXISTS ||
4342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4347 "Unable to set the mailRoutingAddress for %s : %s",
4348 user_name, ldap_err2string(rc));
4355 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4356 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4357 "employeeID", user_name);
4359 rc = attribute_update(ldap_handle, distinguished_name, "none",
4360 "employeeID", user_name);
4363 strcat(displayName, first);
4366 if(strlen(middle)) {
4368 strcat(displayName, " ");
4370 strcat(displayName, middle);
4374 if(strlen(middle) || strlen(first))
4375 strcat(displayName, " ");
4377 strcat(displayName, last);
4380 if(strlen(displayName))
4381 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4382 "displayName", user_name);
4384 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4385 "displayName", user_name);
4387 if(!ActiveDirectory)
4389 if(strlen(displayName))
4390 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4393 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4397 if(!ActiveDirectory)
4399 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4400 "eduPersonNickname", user_name);
4404 rc = attribute_update(ldap_handle, distinguished_name, first,
4405 "givenName", user_name);
4407 rc = attribute_update(ldap_handle, distinguished_name, "",
4408 "givenName", user_name);
4410 if(strlen(middle) == 1)
4411 rc = attribute_update(ldap_handle, distinguished_name, middle,
4412 "initials", user_name);
4414 rc = attribute_update(ldap_handle, distinguished_name, "",
4415 "initials", user_name);
4418 rc = attribute_update(ldap_handle, distinguished_name, last,
4421 rc = attribute_update(ldap_handle, distinguished_name, "",
4426 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4431 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4435 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4436 "mitMoiraId", user_name);
4445 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4454 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4455 sprintf(status, "%d", State);
4456 principal_v[0] = principal;
4457 loginshell_v[0] = shell;
4458 mitMoiraClass_v[0] = class;
4459 mitMoiraStatus_v[0] = status;
4461 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4462 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4463 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4464 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4465 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4466 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4469 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4471 userAccountControl |= UF_ACCOUNTDISABLE;
4475 hide_address_lists_v[0] = "TRUE";
4476 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4484 hide_address_lists_v[0] = NULL;
4485 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4490 sprintf(userAccountControlStr, "%ld", userAccountControl);
4491 userAccountControl_v[0] = userAccountControlStr;
4492 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4496 if (rc = moira_connect())
4498 critical_alert("Ldap incremental",
4499 "Error contacting Moira server : %s",
4504 argv[0] = user_name;
4506 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4508 if(!strcmp(save_argv[1], "EXCHANGE") ||
4509 (strstr(save_argv[3], search_string) != NULL))
4511 alt_recipient_v[0] = NULL;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_EXISTS))
4522 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4523 user_name, exchange_acl, error_message(rc));
4528 alt_recipient_v[0] = alt_recipient;
4529 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4531 argv[0] = exchange_acl;
4533 argv[2] = user_name;
4535 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4537 if ((rc) && (rc != MR_NO_MATCH))
4540 "Unable to remove user %s from %s: %s, %d",
4541 user_name, exchange_acl, error_message(rc), rc);
4547 alt_recipient_v[0] = alt_recipient;
4548 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4550 argv[0] = exchange_acl;
4552 argv[2] = user_name;
4554 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4556 if ((rc) && (rc != MR_NO_MATCH))
4559 "Unable to remove user %s from %s: %s, %d",
4560 user_name, exchange_acl, error_message(rc), rc);
4568 mail_v[0] = contact_mail;
4569 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4572 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4573 WinProfileDir, homedir_v, winProfile_v,
4574 drives_v, mods, LDAP_MOD_REPLACE, n);
4578 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4579 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4580 attr_array[0] = "sAMAccountName";
4581 attr_array[1] = NULL;
4585 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4587 &group_base, &group_count,
4588 LDAP_SCOPE_SUBTREE) != 0))
4591 if (group_count != 1)
4593 com_err(whoami, 0, "Unable to process user security template: %s - "
4594 "security not set", "UserTemplate.u");
4598 strcpy(TemplateDn, group_base->dn);
4599 strcpy(TemplateSamName, group_base->value);
4600 linklist_free(group_base);
4604 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4605 filter_exp, NULL, 0, apsServerControls, NULL,
4608 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4610 com_err(whoami, 0, "Unable to find user security template: %s - "
4611 "security not set", "UserTemplate.u");
4615 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4616 "ntSecurityDescriptor");
4618 if (ppsValues == NULL)
4620 com_err(whoami, 0, "Unable to find user security template: %s - "
4621 "security not set", "UserTemplate.u");
4625 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4626 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4631 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4632 mods)) != LDAP_SUCCESS)
4634 OldUseSFU30 = UseSFU30;
4635 SwitchSFU(mods, &UseSFU30, n);
4636 if (OldUseSFU30 != UseSFU30)
4637 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4640 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4641 user_name, ldap_err2string(rc));
4645 for (i = 0; i < n; i++)
4651 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4659 char contact_mail[256];
4660 char proxy_address[256];
4661 char query_base_dn[256];
4663 char *userPrincipalName_v[] = {NULL, NULL};
4664 char *altSecurityIdentities_v[] = {NULL, NULL};
4665 char *name_v[] = {NULL, NULL};
4666 char *samAccountName_v[] = {NULL, NULL};
4667 char *mail_v[] = {NULL, NULL};
4668 char *mail_nickname_v[] = {NULL, NULL};
4669 char *proxy_address_v[] = {NULL, NULL};
4670 char *query_base_dn_v[] = {NULL, NULL};
4671 char *principal_v[] = {NULL, NULL};
4672 char principal[256];
4677 if (!check_string(before_user_name))
4680 "Unable to process invalid LDAP user name %s", before_user_name);
4681 return(AD_INVALID_NAME);
4684 if (!check_string(user_name))
4687 "Unable to process invalid LDAP user name %s", user_name);
4688 return(AD_INVALID_NAME);
4691 strcpy(user_name, user_name);
4694 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4696 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4699 sprintf(new_dn, "cn=%s", user_name);
4701 sprintf(new_dn, "uid=%s", user_name);
4703 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4704 sprintf(contact_mail, "%s@mit.edu", user_name);
4705 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4706 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4708 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4709 NULL, NULL)) != LDAP_SUCCESS)
4711 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4712 before_user_name, user_name, ldap_err2string(rc));
4718 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4721 if(rc = ldap_delete_s(ldap_handle, temp))
4723 com_err(whoami, 0, "Unable to delete user contact for %s",
4727 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4729 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4733 name_v[0] = user_name;
4734 sprintf(upn, "%s@%s", user_name, ldap_domain);
4735 userPrincipalName_v[0] = upn;
4736 principal_v[0] = principal;
4737 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4738 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4739 altSecurityIdentities_v[0] = temp;
4740 samAccountName_v[0] = user_name;
4742 mail_nickname_v[0] = user_name;
4743 proxy_address_v[0] = proxy_address;
4744 query_base_dn_v[0] = query_base_dn;
4747 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4749 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4750 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4752 if(!ActiveDirectory)
4754 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4755 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4756 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4757 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4762 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4763 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4764 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4765 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4769 mail_v[0] = contact_mail;
4770 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4776 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4778 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4780 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4783 "Unable to modify user data for %s after renaming : %s",
4784 user_name, ldap_err2string(rc));
4787 for (i = 0; i < n; i++)
4793 int user_create(int ac, char **av, void *ptr)
4797 char user_name[256];
4801 char contact_mail[256];
4802 char proxy_address[256];
4803 char mail_nickname[256];
4804 char query_base_dn[256];
4805 char displayName[256];
4806 char address_book[256];
4807 char alt_recipient[256];
4808 char *cn_v[] = {NULL, NULL};
4809 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4811 char *objectClass_ldap_v[] = {"top",
4812 "eduPerson", "posixAccount",
4813 "apple-user", "shadowAccount",
4814 "microsoftComTop", "securityPrincipal",
4815 "inetOrgPerson", "user",
4816 "organizationalPerson", "person",
4817 "mailRecipient", NULL};
4819 char *samAccountName_v[] = {NULL, NULL};
4820 char *altSecurityIdentities_v[] = {NULL, NULL};
4821 char *mitMoiraId_v[] = {NULL, NULL};
4822 char *mitMoiraClass_v[] = {NULL, NULL};
4823 char *mitMoiraStatus_v[] = {NULL, NULL};
4824 char *name_v[] = {NULL, NULL};
4825 char *desc_v[] = {NULL, NULL};
4826 char *userPrincipalName_v[] = {NULL, NULL};
4827 char *userAccountControl_v[] = {NULL, NULL};
4828 char *uid_v[] = {NULL, NULL};
4829 char *gid_v[] = {NULL, NULL};
4830 char *mitid_v[] = {NULL, NULL};
4831 char *homedir_v[] = {NULL, NULL};
4832 char *winProfile_v[] = {NULL, NULL};
4833 char *drives_v[] = {NULL, NULL};
4834 char *mail_v[] = {NULL, NULL};
4835 char *givenName_v[] = {NULL, NULL};
4836 char *sn_v[] = {NULL, NULL};
4837 char *initials_v[] = {NULL, NULL};
4838 char *displayName_v[] = {NULL, NULL};
4839 char *proxy_address_v[] = {NULL, NULL};
4840 char *mail_nickname_v[] = {NULL, NULL};
4841 char *query_base_dn_v[] = {NULL, NULL};
4842 char *address_book_v[] = {NULL, NULL};
4843 char *homeMDB_v[] = {NULL, NULL};
4844 char *homeServerName_v[] = {NULL, NULL};
4845 char *mdbUseDefaults_v[] = {NULL, NULL};
4846 char *mailbox_guid_v[] = {NULL, NULL};
4847 char *user_culture_v[] = {NULL, NULL};
4848 char *user_account_control_v[] = {NULL, NULL};
4849 char *msexch_version_v[] = {NULL, NULL};
4850 char *alt_recipient_v[] = {NULL, NULL};
4851 char *hide_address_lists_v[] = {NULL, NULL};
4852 char *principal_v[] = {NULL, NULL};
4853 char *loginshell_v[] = {NULL, NULL};
4854 char userAccountControlStr[80];
4856 char principal[256];
4857 char filter_exp[1024];
4858 char search_path[512];
4859 char *attr_array[3];
4860 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4861 UF_PASSWD_CANT_CHANGE;
4867 char WinHomeDir[1024];
4868 char WinProfileDir[1024];
4870 char *homeServerName;
4872 char acBERBuf[N_SD_BER_BYTES];
4873 LK_ENTRY *group_base;
4875 char TemplateDn[512];
4876 char TemplateSamName[128];
4877 LDAP_BERVAL **ppsValues;
4878 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4879 { N_SD_BER_BYTES, acBERBuf },
4881 LDAPControl *apsServerControls[] = {&sControl, NULL};
4885 char search_string[256];
4886 char *o_v[] = {NULL, NULL};
4888 char *mail_routing_v[] = {NULL, NULL};
4893 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4894 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4895 BEREncodeSecurityBits(dwInfo, acBERBuf);
4897 if (!check_string(av[U_NAME]))
4899 callback_rc = AD_INVALID_NAME;
4900 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4902 return(AD_INVALID_NAME);
4905 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4906 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4907 memset(displayName, '\0', sizeof(displayName));
4908 memset(query_base_dn, '\0', sizeof(query_base_dn));
4909 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4910 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4911 strcpy(user_name, av[U_NAME]);
4912 sprintf(upn, "%s@%s", user_name, ldap_domain);
4913 sprintf(sam_name, "%s", av[U_NAME]);
4915 if(strlen(av[U_FIRST])) {
4916 strcat(displayName, av[U_FIRST]);
4919 if(strlen(av[U_MIDDLE])) {
4920 if(strlen(av[U_FIRST]))
4921 strcat(displayName, " ");
4923 strcat(displayName, av[U_MIDDLE]);
4926 if(strlen(av[U_LAST])) {
4927 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4928 strcat(displayName, " ");
4930 strcat(displayName, av[U_LAST]);
4933 samAccountName_v[0] = sam_name;
4934 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4935 (atoi(av[U_STATE]) != US_REGISTERED))
4937 userAccountControl |= UF_ACCOUNTDISABLE;
4941 hide_address_lists_v[0] = "TRUE";
4942 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4947 sprintf(userAccountControlStr, "%ld", userAccountControl);
4948 userAccountControl_v[0] = userAccountControlStr;
4949 userPrincipalName_v[0] = upn;
4952 cn_v[0] = user_name;
4954 cn_v[0] = displayName;
4956 name_v[0] = user_name;
4957 desc_v[0] = "Auto account created by Moira";
4959 givenName_v[0] = av[U_FIRST];
4962 sn_v[0] = av[U_LAST];
4964 if(strlen(av[U_LAST]))
4965 sn_v[0] = av[U_LAST];
4967 sn_v[0] = av[U_NAME];
4969 displayName_v[0] = displayName;
4970 mail_nickname_v[0] = user_name;
4971 o_v[0] = "Massachusetts Institute of Technology";
4973 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4974 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4975 altSecurityIdentities_v[0] = temp;
4976 principal_v[0] = principal;
4979 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4981 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4983 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4984 sprintf(contact_mail, "%s@mit.edu", user_name);
4985 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4986 query_base_dn_v[0] = query_base_dn;
4987 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4989 sprintf(search_string, "@%s", uppercase(ldap_domain));
4993 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4996 com_err(whoami, 0, "Unable to create user contact %s",
5000 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5003 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5007 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5008 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5010 homeMDB_v[0] = homeMDB;
5011 homeServerName_v[0] = homeServerName;
5016 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5020 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5024 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5027 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5028 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5029 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5030 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5031 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5035 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5036 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5037 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5038 mdbUseDefaults_v[0] = "TRUE";
5039 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5040 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5042 argv[0] = user_name;
5044 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5046 if(!strcmp(save_argv[1], "EXCHANGE") ||
5047 (strstr(save_argv[3], search_string) != NULL))
5049 argv[0] = exchange_acl;
5051 argv[2] = user_name;
5053 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5055 if ((rc) && (rc != MR_EXISTS))
5057 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5058 user_name, exchange_acl, error_message(rc));
5063 alt_recipient_v[0] = alt_recipient;
5064 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5069 alt_recipient_v[0] = alt_recipient;
5070 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5072 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5077 mail_v[0] = contact_mail;
5078 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5081 if(strlen(av[U_FIRST])) {
5082 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5085 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5086 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5089 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5090 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5092 if(!ActiveDirectory)
5094 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5097 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5099 if(!ActiveDirectory)
5101 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5105 if (strlen(av[U_MIDDLE]) == 1) {
5106 initials_v[0] = av[U_MIDDLE];
5107 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5110 if (strlen(call_args[2]) != 0)
5112 mitMoiraId_v[0] = call_args[2];
5113 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5116 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5118 if(!ActiveDirectory)
5120 loginshell_v[0] = av[U_SHELL];
5121 mitMoiraClass_v[0] = av[U_CLASS];
5122 mitMoiraStatus_v[0] = av[U_STATE];
5123 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5124 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5125 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5126 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5127 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5128 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5131 if (strlen(av[U_UID]) != 0)
5133 uid_v[0] = av[U_UID];
5137 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5142 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5143 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5150 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5154 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5159 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5160 mitid_v[0] = av[U_MITID];
5162 mitid_v[0] = "none";
5164 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5166 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5167 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5168 drives_v, mods, LDAP_MOD_ADD, n);
5172 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5173 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5174 attr_array[0] = "sAMAccountName";
5175 attr_array[1] = NULL;
5179 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5180 attr_array, &group_base, &group_count,
5181 LDAP_SCOPE_SUBTREE) != 0))
5184 if (group_count != 1)
5186 com_err(whoami, 0, "Unable to process user security template: %s - "
5187 "security not set", "UserTemplate.u");
5191 strcpy(TemplateDn, group_base->dn);
5192 strcpy(TemplateSamName, group_base->value);
5193 linklist_free(group_base);
5197 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5198 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5199 apsServerControls, NULL,
5202 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5204 com_err(whoami, 0, "Unable to find user security template: %s - "
5205 "security not set", "UserTemplate.u");
5209 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5210 "ntSecurityDescriptor");
5211 if (ppsValues == NULL)
5213 com_err(whoami, 0, "Unable to find user security template: %s - "
5214 "security not set", "UserTemplate.u");
5218 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5219 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5224 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5226 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5228 OldUseSFU30 = UseSFU30;
5229 SwitchSFU(mods, &UseSFU30, n);
5230 if (OldUseSFU30 != UseSFU30)
5231 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5234 for (i = 0; i < n; i++)
5237 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5239 com_err(whoami, 0, "Unable to create user %s : %s",
5240 user_name, ldap_err2string(rc));
5245 if ((rc == LDAP_SUCCESS) && (SetPassword))
5247 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5249 ad_kdc_disconnect();
5250 if (!ad_server_connect(default_server, ldap_domain))
5252 com_err(whoami, 0, "Unable to set password for user %s : %s",
5254 "cannot get changepw ticket from windows domain");
5258 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5260 com_err(whoami, 0, "Unable to set password for user %s "
5261 ": %ld", user_name, rc);
5267 if(!ActiveDirectory)
5269 if (rc = moira_connect())
5271 critical_alert("Ldap incremental",
5272 "Error contacting Moira server : %s",
5277 argv[0] = user_name;
5279 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5282 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5284 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5286 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5291 "Unable to set the mailRoutingAddress for %s : %s",
5292 user_name, ldap_err2string(rc));
5294 p = strdup(save_argv[3]);
5296 if((c = strchr(p, ',')) != NULL) {
5300 if ((c = strchr(q, '@')) == NULL)
5301 sprintf(temp, "%s@mit.edu", q);
5303 sprintf(temp, "%s", q);
5305 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5307 mail_routing_v[0] = temp;
5310 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5312 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5314 if (rc == LDAP_ALREADY_EXISTS ||
5315 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5320 "Unable to set the mailRoutingAddress for %s : %s",
5321 user_name, ldap_err2string(rc));
5324 while((q = strtok(NULL, ",")) != NULL) {
5327 if((c = strchr(q, '@')) == NULL)
5328 sprintf(temp, "%s@mit.edu", q);
5330 sprintf(temp, "%s", q);
5332 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5334 mail_routing_v[0] = temp;
5337 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5339 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5341 if (rc == LDAP_ALREADY_EXISTS ||
5342 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5347 "Unable to set the mailRoutingAddress for %s : %s",
5348 user_name, ldap_err2string(rc));
5354 if((c = strchr(p, '@')) == NULL)
5355 sprintf(temp, "%s@mit.edu", p);
5357 sprintf(temp, "%s", p);
5359 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5361 mail_routing_v[0] = temp;
5364 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5366 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5368 if (rc == LDAP_ALREADY_EXISTS ||
5369 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5374 "Unable to set the mailRoutingAddress for %s : %s",
5375 user_name, ldap_err2string(rc));
5385 int user_change_status(LDAP *ldap_handle, char *dn_path,
5386 char *user_name, char *MoiraId,
5390 char *attr_array[3];
5392 char distinguished_name[1024];
5394 char *mitMoiraId_v[] = {NULL, NULL};
5396 LK_ENTRY *group_base;
5403 if (!check_string(user_name))
5405 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5407 return(AD_INVALID_NAME);
5413 if (strlen(MoiraId) != 0)
5415 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5416 attr_array[0] = "UserAccountControl";
5417 attr_array[1] = NULL;
5418 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5419 &group_base, &group_count,
5420 LDAP_SCOPE_SUBTREE)) != 0)
5422 com_err(whoami, 0, "Unable to process user %s : %s",
5423 user_name, ldap_err2string(rc));
5428 if (group_count != 1)
5430 linklist_free(group_base);
5433 sprintf(filter, "(sAMAccountName=%s)", user_name);
5434 attr_array[0] = "UserAccountControl";
5435 attr_array[1] = NULL;
5436 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5437 &group_base, &group_count,
5438 LDAP_SCOPE_SUBTREE)) != 0)
5440 com_err(whoami, 0, "Unable to process user %s : %s",
5441 user_name, ldap_err2string(rc));
5446 if (group_count != 1)
5448 linklist_free(group_base);
5449 com_err(whoami, 0, "Unable to find user %s in directory",
5451 return(LDAP_NO_SUCH_OBJECT);
5454 strcpy(distinguished_name, group_base->dn);
5455 ulongValue = atoi((*group_base).value);
5457 if (operation == MEMBER_DEACTIVATE)
5458 ulongValue |= UF_ACCOUNTDISABLE;
5460 ulongValue &= ~UF_ACCOUNTDISABLE;
5462 sprintf(temp, "%ld", ulongValue);
5464 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5465 temp, &modvalues, REPLACE)) == 1)
5468 linklist_free(group_base);
5472 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5474 if (strlen(MoiraId) != 0)
5476 mitMoiraId_v[0] = MoiraId;
5477 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5481 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5483 for (i = 0; i < n; i++)
5486 free_values(modvalues);
5488 if (rc != LDAP_SUCCESS)
5490 com_err(whoami, 0, "Unable to change status of user %s : %s",
5491 user_name, ldap_err2string(rc));
5498 int user_delete(LDAP *ldap_handle, char *dn_path,
5499 char *u_name, char *MoiraId)
5502 char *attr_array[3];
5503 char distinguished_name[1024];
5504 char user_name[512];
5505 LK_ENTRY *group_base;
5510 if (!check_string(u_name))
5511 return(AD_INVALID_NAME);
5513 strcpy(user_name, u_name);
5517 if (strlen(MoiraId) != 0)
5519 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5520 attr_array[0] = "name";
5521 attr_array[1] = NULL;
5522 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5523 &group_base, &group_count,
5524 LDAP_SCOPE_SUBTREE)) != 0)
5526 com_err(whoami, 0, "Unable to process user %s : %s",
5527 user_name, ldap_err2string(rc));
5532 if (group_count != 1)
5534 linklist_free(group_base);
5537 sprintf(filter, "(sAMAccountName=%s)", user_name);
5538 attr_array[0] = "name";
5539 attr_array[1] = NULL;
5540 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5541 &group_base, &group_count,
5542 LDAP_SCOPE_SUBTREE)) != 0)
5544 com_err(whoami, 0, "Unable to process user %s : %s",
5545 user_name, ldap_err2string(rc));
5550 if (group_count != 1)
5552 com_err(whoami, 0, "Unable to find user %s in directory",
5557 strcpy(distinguished_name, group_base->dn);
5559 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5561 com_err(whoami, 0, "Unable to process user %s : %s",
5562 user_name, ldap_err2string(rc));
5565 /* Need to add code to delete mit.edu contact */
5569 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5571 if(rc = ldap_delete_s(ldap_handle, temp))
5573 com_err(whoami, 0, "Unable to delete user contact for %s",
5579 linklist_free(group_base);
5584 void linklist_free(LK_ENTRY *linklist_base)
5586 LK_ENTRY *linklist_previous;
5588 while (linklist_base != NULL)
5590 if (linklist_base->dn != NULL)
5591 free(linklist_base->dn);
5593 if (linklist_base->attribute != NULL)
5594 free(linklist_base->attribute);
5596 if (linklist_base->value != NULL)
5597 free(linklist_base->value);
5599 if (linklist_base->member != NULL)
5600 free(linklist_base->member);
5602 if (linklist_base->type != NULL)
5603 free(linklist_base->type);
5605 if (linklist_base->list != NULL)
5606 free(linklist_base->list);
5608 linklist_previous = linklist_base;
5609 linklist_base = linklist_previous->next;
5610 free(linklist_previous);
5614 void free_values(char **modvalues)
5620 if (modvalues != NULL)
5622 while (modvalues[i] != NULL)
5625 modvalues[i] = NULL;
5632 static int illegalchars[] = {
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5635 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5636 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5637 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5638 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5639 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5640 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5641 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5642 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5643 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5644 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5645 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5646 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5647 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5648 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5651 static int illegalchars_ldap[] = {
5652 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5653 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5654 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5655 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5656 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5657 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5658 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5659 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5660 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5661 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5662 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5663 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5664 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5665 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5666 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5667 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5670 int check_string(char *s)
5678 if (isupper(character))
5679 character = tolower(character);
5683 if (illegalchars[(unsigned) character])
5685 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5686 character, (unsigned) character, s);
5692 if (illegalchars_ldap[(unsigned) character])
5694 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5695 character, (unsigned) character, s);
5704 int check_container_name(char *s)
5712 if (isupper(character))
5713 character = tolower(character);
5715 if (character == ' ')
5718 if (illegalchars[(unsigned) character])
5725 int mr_connect_cl(char *server, char *client, int version, int auth)
5731 status = mr_connect(server);
5735 com_err(whoami, status, "while connecting to Moira");
5739 status = mr_motd(&motd);
5744 com_err(whoami, status, "while checking server status");
5750 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5751 com_err(whoami, status, temp);
5756 status = mr_version(version);
5760 if (status == MR_UNKNOWN_PROC)
5763 status = MR_VERSION_HIGH;
5765 status = MR_SUCCESS;
5768 if (status == MR_VERSION_HIGH)
5770 com_err(whoami, 0, "Warning: This client is running newer code "
5771 "than the server.");
5772 com_err(whoami, 0, "Some operations may not work.");
5774 else if (status && status != MR_VERSION_LOW)
5776 com_err(whoami, status, "while setting query version number.");
5784 status = mr_krb5_auth(client);
5787 com_err(whoami, status, "while authenticating to Moira.");
5796 void AfsToWinAfs(char* path, char* winPath)
5800 strcpy(winPath, WINAFS);
5801 pathPtr = path + strlen(AFS);
5802 winPathPtr = winPath + strlen(WINAFS);
5806 if (*pathPtr == '/')
5809 *winPathPtr = *pathPtr;
5816 int GetAceInfo(int ac, char **av, void *ptr)
5823 strcpy(call_args[0], av[L_ACE_TYPE]);
5824 strcpy(call_args[1], av[L_ACE_NAME]);
5826 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5827 return(LDAP_SUCCESS);
5830 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5833 char *attr_array[3];
5836 LK_ENTRY *group_base;
5841 sprintf(filter, "(sAMAccountName=%s)", Name);
5842 attr_array[0] = "sAMAccountName";
5843 attr_array[1] = NULL;
5845 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5846 &group_base, &group_count,
5847 LDAP_SCOPE_SUBTREE)) != 0)
5849 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5850 Name, ldap_err2string(rc));
5854 linklist_free(group_base);
5857 if (group_count == 0)
5865 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5866 int UpdateGroup, int *ProcessGroup, char *maillist)
5869 char GroupName[256];
5875 char AceMembership[2];
5878 char *save_argv[U_END];
5882 com_err(whoami, 0, "ProcessAce disabled, skipping");
5886 strcpy(GroupName, Name);
5888 if (strcasecmp(Type, "LIST"))
5894 AceInfo[0] = AceType;
5895 AceInfo[1] = AceName;
5896 AceInfo[2] = AceMembership;
5898 memset(AceType, '\0', sizeof(AceType));
5899 memset(AceName, '\0', sizeof(AceName));
5900 memset(AceMembership, '\0', sizeof(AceMembership));
5901 memset(AceOu, '\0', sizeof(AceOu));
5904 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5906 if(rc != MR_NO_MATCH)
5907 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5908 GroupName, error_message(rc));
5915 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5919 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5922 strcpy(temp, AceName);
5924 if (!strcasecmp(AceType, "LIST"))
5925 sprintf(temp, "%s%s", AceName, group_suffix);
5929 if (checkADname(ldap_handle, dn_path, temp))
5932 (*ProcessGroup) = 1;
5935 if (!strcasecmp(AceInfo[0], "LIST"))
5937 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5938 AceMembership, 0, UpdateGroup, maillist))
5941 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
5944 else if (!strcasecmp(AceInfo[0], "USER"))
5947 call_args[0] = (char *)ldap_handle;
5948 call_args[1] = dn_path;
5950 call_args[3] = NULL;
5953 if (rc = mr_query("get_user_account_by_login", 1, av,
5954 save_query_info, save_argv))
5956 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5961 if (rc = user_create(U_END, save_argv, call_args))
5963 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5970 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5980 if (!strcasecmp(AceType, "LIST"))
5982 if (!strcasecmp(GroupName, AceName))
5986 strcpy(GroupName, AceName);
5992 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5993 char *group_name, char *group_ou, char *group_membership,
5994 int group_security_flag, int updateGroup, char *maillist)
5999 LK_ENTRY *group_base;
6002 char *attr_array[3];
6005 call_args[0] = (char *)ldap_handle;
6006 call_args[1] = dn_path;
6007 call_args[2] = group_name;
6008 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6009 call_args[4] = (char *)updateGroup;
6010 call_args[5] = MoiraId;
6012 call_args[7] = NULL;
6018 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6021 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6029 com_err(whoami, 0, "Unable to create list %s", group_name);
6030 return(callback_rc);
6036 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6037 char *group_ou, char *group_membership,
6038 int group_security_flag, char *MoiraId)
6053 char *member_v[] = {NULL, NULL};
6054 char *save_argv[U_END];
6055 char machine_ou[256];
6056 char NewMachineName[1024];
6058 com_err(whoami, 0, "Populating group %s", group_name);
6060 call_args[0] = (char *)ldap_handle;
6061 call_args[1] = dn_path;
6062 call_args[2] = group_name;
6063 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6065 call_args[4] = NULL;
6068 if (rc = mr_query("get_end_members_of_list", 1, av,
6069 member_list_build, call_args))
6074 com_err(whoami, 0, "Unable to populate list %s : %s",
6075 group_name, error_message(rc));
6079 members = (char **)malloc(sizeof(char *) * 2);
6081 if (member_base != NULL)
6087 com_err(whoami, 0, "Processing member %s:%s", ptr->type,
6090 if (!strcasecmp(ptr->type, "LIST"))
6096 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6102 if(!strcasecmp(ptr->type, "USER"))
6104 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6105 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6111 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6112 "")) == AD_NO_USER_FOUND)
6114 com_err(whoami, 0, "creating user %s", ptr->member);
6116 av[0] = ptr->member;
6117 call_args[0] = (char *)ldap_handle;
6118 call_args[1] = dn_path;
6120 call_args[3] = NULL;
6123 if (rc = mr_query("get_user_account_by_login", 1, av,
6124 save_query_info, save_argv))
6126 com_err(whoami, 0, "Unable to create user %s "
6127 "while populating group %s.", ptr->member,
6133 if (rc = user_create(U_END, save_argv, call_args))
6135 com_err(whoami, 0, "Unable to create user %s "
6136 "while populating group %s.", ptr->member,
6144 com_err(whoami, 0, "Unable to create user %s "
6145 "while populating group %s", ptr->member,
6156 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6161 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6165 else if (!strcasecmp(ptr->type, "STRING"))
6167 if (contact_create(ldap_handle, dn_path, ptr->member,
6171 pUserOu = contact_ou;
6172 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6175 else if (!strcasecmp(ptr->type, "KERBEROS"))
6177 if (contact_create(ldap_handle, dn_path, ptr->member,
6181 pUserOu = kerberos_ou;
6182 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6185 else if (!strcasecmp(ptr->type, "MACHINE"))
6187 memset(machine_ou, '\0', sizeof(machine_ou));
6188 memset(NewMachineName, '\0', sizeof(NewMachineName));
6190 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6191 machine_ou, NewMachineName))
6193 pUserOu = machine_ou;
6194 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6205 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6206 members[i++] = strdup(member);
6211 linklist_free(member_base);
6217 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6219 if(GroupPopulateDelete)
6222 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6225 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6226 mods)) != LDAP_SUCCESS)
6229 "Unable to populate group membership for %s: %s",
6230 group_dn, ldap_err2string(rc));
6233 for (i = 0; i < n; i++)
6238 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6241 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6242 mods)) != LDAP_SUCCESS)
6245 "Unable to populate group membership for %s: %s",
6246 group_dn, ldap_err2string(rc));
6249 for (i = 0; i < n; i++)
6257 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6258 char *group_name, char *group_ou, char *group_membership,
6259 int group_security_flag, int type, char *maillist)
6261 char before_desc[512];
6262 char before_name[256];
6263 char before_group_ou[256];
6264 char before_group_membership[2];
6265 char distinguishedName[256];
6266 char ad_distinguishedName[256];
6268 char *attr_array[3];
6269 int before_security_flag;
6272 LK_ENTRY *group_base;
6275 char ou_security[512];
6276 char ou_distribution[512];
6277 char ou_neither[512];
6280 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6281 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6283 memset(filter, '\0', sizeof(filter));
6287 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6289 "samAccountName", &group_base,
6290 &group_count, filter))
6293 if (type == CHECK_GROUPS)
6295 if (group_count == 1)
6297 strcpy(group_dn, group_base->dn);
6299 if (!strcasecmp(group_dn, distinguishedName))
6301 linklist_free(group_base);
6306 linklist_free(group_base);
6308 if (group_count == 0)
6309 return(AD_NO_GROUPS_FOUND);
6311 if (group_count == 1)
6312 return(AD_WRONG_GROUP_DN_FOUND);
6314 return(AD_MULTIPLE_GROUPS_FOUND);
6317 if (group_count == 0)
6319 return(AD_NO_GROUPS_FOUND);
6322 if (group_count > 1)
6326 strcpy(group_dn, ptr->dn);
6330 if (!strcasecmp(group_dn, ptr->value))
6338 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6344 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6348 linklist_free(group_base);
6349 return(AD_MULTIPLE_GROUPS_FOUND);
6356 strcpy(group_dn, ptr->dn);
6358 if (strcasecmp(group_dn, ptr->value))
6359 rc = ldap_delete_s(ldap_handle, ptr->value);
6364 linklist_free(group_base);
6365 memset(filter, '\0', sizeof(filter));
6369 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6371 "samAccountName", &group_base,
6372 &group_count, filter))
6375 if (group_count == 0)
6376 return(AD_NO_GROUPS_FOUND);
6378 if (group_count > 1)
6379 return(AD_MULTIPLE_GROUPS_FOUND);
6382 strcpy(ad_distinguishedName, group_base->dn);
6383 linklist_free(group_base);
6387 attr_array[0] = "sAMAccountName";
6388 attr_array[1] = NULL;
6390 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6391 &group_base, &group_count,
6392 LDAP_SCOPE_SUBTREE)) != 0)
6394 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6395 MoiraId, ldap_err2string(rc));
6399 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6401 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6403 linklist_free(group_base);
6409 linklist_free(group_base);
6412 memset(ou_both, '\0', sizeof(ou_both));
6413 memset(ou_security, '\0', sizeof(ou_security));
6414 memset(ou_distribution, '\0', sizeof(ou_distribution));
6415 memset(ou_neither, '\0', sizeof(ou_neither));
6416 memset(before_name, '\0', sizeof(before_name));
6417 memset(before_desc, '\0', sizeof(before_desc));
6418 memset(before_group_membership, '\0', sizeof(before_group_membership));
6420 attr_array[0] = "name";
6421 attr_array[1] = NULL;
6423 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6424 &group_base, &group_count,
6425 LDAP_SCOPE_SUBTREE)) != 0)
6427 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6428 MoiraId, ldap_err2string(rc));
6432 strcpy(before_name, group_base->value);
6433 linklist_free(group_base);
6437 attr_array[0] = "description";
6438 attr_array[1] = NULL;
6440 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6441 &group_base, &group_count,
6442 LDAP_SCOPE_SUBTREE)) != 0)
6445 "Unable to get list description with MoiraId = %s: %s",
6446 MoiraId, ldap_err2string(rc));
6450 if (group_count != 0)
6452 strcpy(before_desc, group_base->value);
6453 linklist_free(group_base);
6458 change_to_lower_case(ad_distinguishedName);
6459 strcpy(ou_both, group_ou_both);
6460 change_to_lower_case(ou_both);
6461 strcpy(ou_security, group_ou_security);
6462 change_to_lower_case(ou_security);
6463 strcpy(ou_distribution, group_ou_distribution);
6464 change_to_lower_case(ou_distribution);
6465 strcpy(ou_neither, group_ou_neither);
6466 change_to_lower_case(ou_neither);
6468 if (strstr(ad_distinguishedName, ou_both))
6470 strcpy(before_group_ou, group_ou_both);
6471 before_group_membership[0] = 'B';
6472 before_security_flag = 1;
6474 else if (strstr(ad_distinguishedName, ou_security))
6476 strcpy(before_group_ou, group_ou_security);
6477 before_group_membership[0] = 'S';
6478 before_security_flag = 1;
6480 else if (strstr(ad_distinguishedName, ou_distribution))
6482 strcpy(before_group_ou, group_ou_distribution);
6483 before_group_membership[0] = 'D';
6484 before_security_flag = 0;
6486 else if (strstr(ad_distinguishedName, ou_neither))
6488 strcpy(before_group_ou, group_ou_neither);
6489 before_group_membership[0] = 'N';
6490 before_security_flag = 0;
6493 return(AD_NO_OU_FOUND);
6495 rc = group_rename(ldap_handle, dn_path, before_name,
6496 before_group_membership,
6497 before_group_ou, before_security_flag, before_desc,
6498 group_name, group_membership, group_ou,
6499 group_security_flag,
6500 before_desc, MoiraId, filter, maillist);
6505 void change_to_lower_case(char *ptr)
6509 for (i = 0; i < (int)strlen(ptr); i++)
6511 ptr[i] = tolower(ptr[i]);
6515 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6516 char *group_name, char *group_membership,
6517 char *MoiraId, char *attribute,
6518 LK_ENTRY **linklist_base, int *linklist_count,
6523 char *attr_array[3];
6527 (*linklist_base) = NULL;
6528 (*linklist_count) = 0;
6530 if (strlen(rFilter) != 0)
6532 strcpy(filter, rFilter);
6533 attr_array[0] = attribute;
6534 attr_array[1] = NULL;
6536 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6537 linklist_base, linklist_count,
6538 LDAP_SCOPE_SUBTREE)) != 0)
6540 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6541 MoiraId, ldap_err2string(rc));
6545 if ((*linklist_count) == 1)
6547 strcpy(rFilter, filter);
6552 linklist_free((*linklist_base));
6553 (*linklist_base) = NULL;
6554 (*linklist_count) = 0;
6556 if (strlen(MoiraId) != 0)
6558 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6560 attr_array[0] = attribute;
6561 attr_array[1] = NULL;
6563 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6564 linklist_base, linklist_count,
6565 LDAP_SCOPE_SUBTREE)) != 0)
6567 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6568 MoiraId, ldap_err2string(rc));
6573 if ((*linklist_count) > 1)
6575 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6576 pPtr = (*linklist_base);
6580 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6585 linklist_free((*linklist_base));
6586 (*linklist_base) = NULL;
6587 (*linklist_count) = 0;
6590 if ((*linklist_count) == 1)
6593 pPtr = (*linklist_base);
6594 dn = strdup(pPtr->dn);
6597 if (!memcmp(dn, group_name, strlen(group_name)))
6599 strcpy(rFilter, filter);
6604 linklist_free((*linklist_base));
6605 (*linklist_base) = NULL;
6606 (*linklist_count) = 0;
6607 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6609 attr_array[0] = attribute;
6610 attr_array[1] = NULL;
6612 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6613 linklist_base, linklist_count,
6614 LDAP_SCOPE_SUBTREE)) != 0)
6616 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6617 MoiraId, ldap_err2string(rc));
6621 if ((*linklist_count) == 1)
6623 strcpy(rFilter, filter);
6630 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6633 char *attr_array[3];
6634 char SamAccountName[64];
6637 LK_ENTRY *group_base;
6643 if (strlen(MoiraId) != 0)
6645 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6647 attr_array[0] = "sAMAccountName";
6648 attr_array[1] = NULL;
6649 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6650 &group_base, &group_count,
6651 LDAP_SCOPE_SUBTREE)) != 0)
6653 com_err(whoami, 0, "Unable to process user %s : %s",
6654 UserName, ldap_err2string(rc));
6658 if (group_count > 1)
6660 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6666 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6667 gPtr->value, MoiraId);
6673 if (group_count != 1)
6675 linklist_free(group_base);
6678 sprintf(filter, "(sAMAccountName=%s)", UserName);
6679 attr_array[0] = "sAMAccountName";
6680 attr_array[1] = NULL;
6682 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6683 &group_base, &group_count,
6684 LDAP_SCOPE_SUBTREE)) != 0)
6686 com_err(whoami, 0, "Unable to process user %s : %s",
6687 UserName, ldap_err2string(rc));
6692 if (group_count != 1)
6694 linklist_free(group_base);
6695 return(AD_NO_USER_FOUND);
6698 strcpy(SamAccountName, group_base->value);
6699 linklist_free(group_base);
6703 if (strcmp(SamAccountName, UserName))
6706 "User object %s with MoiraId %s has mismatched usernames "
6707 "(LDAP username %s, Moira username %s)", SamAccountName,
6708 MoiraId, SamAccountName, UserName);
6714 void container_get_dn(char *src, char *dest)
6721 memset(array, '\0', 20 * sizeof(array[0]));
6723 if (strlen(src) == 0)
6745 strcpy(dest, "OU=");
6749 strcat(dest, array[n-1]);
6753 strcat(dest, ",OU=");
6760 void container_get_name(char *src, char *dest)
6765 if (strlen(src) == 0)
6785 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6792 strcpy(cName, name);
6794 for (i = 0; i < (int)strlen(cName); i++)
6796 if (cName[i] == '/')
6799 av[CONTAINER_NAME] = cName;
6800 av[CONTAINER_DESC] = "";
6801 av[CONTAINER_LOCATION] = "";
6802 av[CONTAINER_CONTACT] = "";
6803 av[CONTAINER_TYPE] = "";
6804 av[CONTAINER_ID] = "";
6805 av[CONTAINER_ROWID] = "";
6806 rc = container_create(ldap_handle, dn_path, 7, av);
6808 if (rc == LDAP_SUCCESS)
6810 com_err(whoami, 0, "container %s created without a mitMoiraId",
6819 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6820 char **before, int afterc, char **after)
6825 char new_dn_path[256];
6827 char distinguishedName[256];
6832 memset(cName, '\0', sizeof(cName));
6833 container_get_name(after[CONTAINER_NAME], cName);
6835 if (!check_container_name(cName))
6837 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6839 return(AD_INVALID_NAME);
6842 memset(distinguishedName, '\0', sizeof(distinguishedName));
6844 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6845 distinguishedName, beforec, before))
6848 if (strlen(distinguishedName) == 0)
6850 rc = container_create(ldap_handle, dn_path, afterc, after);
6854 strcpy(temp, after[CONTAINER_NAME]);
6857 for (i = 0; i < (int)strlen(temp); i++)
6867 container_get_dn(temp, dName);
6869 if (strlen(temp) != 0)
6870 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6872 sprintf(new_dn_path, "%s", dn_path);
6874 sprintf(new_cn, "OU=%s", cName);
6876 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6878 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6879 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6881 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6882 before[CONTAINER_NAME], after[CONTAINER_NAME],
6883 ldap_err2string(rc));
6887 memset(dName, '\0', sizeof(dName));
6888 container_get_dn(after[CONTAINER_NAME], dName);
6889 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6894 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6896 char distinguishedName[256];
6899 memset(distinguishedName, '\0', sizeof(distinguishedName));
6901 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6902 distinguishedName, count, av))
6905 if (strlen(distinguishedName) == 0)
6908 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6910 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6911 container_move_objects(ldap_handle, dn_path, distinguishedName);
6913 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
6914 av[CONTAINER_NAME], ldap_err2string(rc));
6920 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6922 char *attr_array[3];
6923 LK_ENTRY *group_base;
6926 char *objectClass_v[] = {"top",
6927 "organizationalUnit",
6930 char *ou_v[] = {NULL, NULL};
6931 char *name_v[] = {NULL, NULL};
6932 char *moiraId_v[] = {NULL, NULL};
6933 char *desc_v[] = {NULL, NULL};
6934 char *managedBy_v[] = {NULL, NULL};
6937 char managedByDN[256];
6944 memset(filter, '\0', sizeof(filter));
6945 memset(dName, '\0', sizeof(dName));
6946 memset(cName, '\0', sizeof(cName));
6947 memset(managedByDN, '\0', sizeof(managedByDN));
6948 container_get_dn(av[CONTAINER_NAME], dName);
6949 container_get_name(av[CONTAINER_NAME], cName);
6951 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6953 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6955 return(AD_INVALID_NAME);
6958 if (!check_container_name(cName))
6960 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6962 return(AD_INVALID_NAME);
6966 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6968 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6970 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6972 if (strlen(av[CONTAINER_ROWID]) != 0)
6974 moiraId_v[0] = av[CONTAINER_ROWID];
6975 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6978 if (strlen(av[CONTAINER_DESC]) != 0)
6980 desc_v[0] = av[CONTAINER_DESC];
6981 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6984 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6986 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6988 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6991 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6992 kerberos_ou, dn_path);
6993 managedBy_v[0] = managedByDN;
6994 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6999 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7001 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7002 "(objectClass=user)))", av[CONTAINER_ID]);
7005 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7007 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7011 if (strlen(filter) != 0)
7013 attr_array[0] = "distinguishedName";
7014 attr_array[1] = NULL;
7017 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7019 &group_base, &group_count,
7020 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7022 if (group_count == 1)
7024 strcpy(managedByDN, group_base->value);
7025 managedBy_v[0] = managedByDN;
7026 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7028 linklist_free(group_base);
7038 sprintf(temp, "%s,%s", dName, dn_path);
7039 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7041 for (i = 0; i < n; i++)
7044 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7046 com_err(whoami, 0, "Unable to create container %s : %s",
7047 cName, ldap_err2string(rc));
7051 if (rc == LDAP_ALREADY_EXISTS)
7053 if (strlen(av[CONTAINER_ROWID]) != 0)
7054 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7060 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7061 char **before, int afterc, char **after)
7063 char distinguishedName[256];
7066 memset(distinguishedName, '\0', sizeof(distinguishedName));
7068 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7069 distinguishedName, afterc, after))
7072 if (strlen(distinguishedName) == 0)
7074 rc = container_create(ldap_handle, dn_path, afterc, after);
7078 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7079 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7085 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7086 char *distinguishedName, int count,
7089 char *attr_array[3];
7090 LK_ENTRY *group_base;
7097 memset(filter, '\0', sizeof(filter));
7098 memset(dName, '\0', sizeof(dName));
7099 memset(cName, '\0', sizeof(cName));
7100 container_get_dn(av[CONTAINER_NAME], dName);
7101 container_get_name(av[CONTAINER_NAME], cName);
7103 if (strlen(dName) == 0)
7105 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7106 av[CONTAINER_NAME]);
7107 return(AD_INVALID_NAME);
7110 if (!check_container_name(cName))
7112 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7114 return(AD_INVALID_NAME);
7117 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7118 av[CONTAINER_ROWID]);
7119 attr_array[0] = "distinguishedName";
7120 attr_array[1] = NULL;
7124 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7125 &group_base, &group_count,
7126 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7128 if (group_count == 1)
7130 strcpy(distinguishedName, group_base->value);
7133 linklist_free(group_base);
7138 if (strlen(distinguishedName) == 0)
7140 sprintf(filter, "(&(objectClass=organizationalUnit)"
7141 "(distinguishedName=%s,%s))", dName, dn_path);
7142 attr_array[0] = "distinguishedName";
7143 attr_array[1] = NULL;
7147 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7148 &group_base, &group_count,
7149 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7151 if (group_count == 1)
7153 strcpy(distinguishedName, group_base->value);
7156 linklist_free(group_base);
7165 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7166 char *distinguishedName, int count, char **av)
7168 char *attr_array[5];
7169 LK_ENTRY *group_base;
7174 char *moiraId_v[] = {NULL, NULL};
7175 char *desc_v[] = {NULL, NULL};
7176 char *managedBy_v[] = {NULL, NULL};
7177 char managedByDN[256];
7186 strcpy(ad_path, distinguishedName);
7188 if (strlen(dName) != 0)
7189 sprintf(ad_path, "%s,%s", dName, dn_path);
7191 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7194 if (strlen(av[CONTAINER_ID]) != 0)
7195 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7196 av[CONTAINER_ROWID]);
7198 attr_array[0] = "mitMoiraId";
7199 attr_array[1] = "description";
7200 attr_array[2] = "managedBy";
7201 attr_array[3] = NULL;
7205 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7206 &group_base, &group_count,
7207 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7209 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7210 av[CONTAINER_NAME], ldap_err2string(rc));
7214 memset(managedByDN, '\0', sizeof(managedByDN));
7215 memset(moiraId, '\0', sizeof(moiraId));
7216 memset(desc, '\0', sizeof(desc));
7221 if (!strcasecmp(pPtr->attribute, "description"))
7222 strcpy(desc, pPtr->value);
7223 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7224 strcpy(managedByDN, pPtr->value);
7225 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7226 strcpy(moiraId, pPtr->value);
7230 linklist_free(group_base);
7235 if (strlen(av[CONTAINER_ROWID]) != 0)
7237 moiraId_v[0] = av[CONTAINER_ROWID];
7238 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7241 if (strlen(av[CONTAINER_DESC]) != 0)
7243 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7248 if (strlen(desc) != 0)
7250 attribute_update(ldap_handle, ad_path, "", "description", dName);
7254 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7256 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7258 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7261 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7262 kerberos_ou, dn_path);
7263 managedBy_v[0] = managedByDN;
7264 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7268 if (strlen(managedByDN) != 0)
7270 attribute_update(ldap_handle, ad_path, "", "managedBy",
7277 memset(filter, '\0', sizeof(filter));
7279 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7281 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7282 "(objectClass=user)))", av[CONTAINER_ID]);
7285 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7287 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7291 if (strlen(filter) != 0)
7293 attr_array[0] = "distinguishedName";
7294 attr_array[1] = NULL;
7297 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7298 attr_array, &group_base, &group_count,
7299 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7301 if (group_count == 1)
7303 strcpy(managedByDN, group_base->value);
7304 managedBy_v[0] = managedByDN;
7305 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7309 if (strlen(managedByDN) != 0)
7311 attribute_update(ldap_handle, ad_path, "",
7312 "managedBy", dName);
7316 linklist_free(group_base);
7323 if (strlen(managedByDN) != 0)
7325 attribute_update(ldap_handle, ad_path, "", "managedBy",
7335 return(LDAP_SUCCESS);
7337 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7339 for (i = 0; i < n; i++)
7342 if (rc != LDAP_SUCCESS)
7344 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7345 av[CONTAINER_NAME], ldap_err2string(rc));
7352 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7354 char *attr_array[3];
7355 LK_ENTRY *group_base;
7362 int NumberOfEntries = 10;
7366 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7368 for (i = 0; i < 3; i++)
7370 memset(filter, '\0', sizeof(filter));
7374 strcpy(filter, "(!(|(objectClass=computer)"
7375 "(objectClass=organizationalUnit)))");
7376 attr_array[0] = "cn";
7377 attr_array[1] = NULL;
7381 strcpy(filter, "(objectClass=computer)");
7382 attr_array[0] = "cn";
7383 attr_array[1] = NULL;
7387 strcpy(filter, "(objectClass=organizationalUnit)");
7388 attr_array[0] = "ou";
7389 attr_array[1] = NULL;
7394 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7395 &group_base, &group_count,
7396 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7401 if (group_count == 0)
7408 if (!strcasecmp(pPtr->attribute, "cn"))
7410 sprintf(new_cn, "cn=%s", pPtr->value);
7412 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7414 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7419 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7421 if (rc == LDAP_ALREADY_EXISTS)
7423 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7430 else if (!strcasecmp(pPtr->attribute, "ou"))
7432 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7438 linklist_free(group_base);
7447 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7448 char *machine_ou, char *NewMachineName)
7450 LK_ENTRY *group_base;
7454 char *attr_array[3];
7461 strcpy(NewMachineName, member);
7462 rc = moira_connect();
7463 rc = GetMachineName(NewMachineName);
7466 if (strlen(NewMachineName) == 0)
7468 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7474 pPtr = strchr(NewMachineName, '.');
7481 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7482 attr_array[0] = "cn";
7483 attr_array[1] = NULL;
7484 sprintf(temp, "%s", dn_path);
7486 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7487 &group_base, &group_count,
7488 LDAP_SCOPE_SUBTREE)) != 0)
7490 com_err(whoami, 0, "Unable to process machine %s : %s",
7491 member, ldap_err2string(rc));
7495 if (group_count != 1)
7500 strcpy(dn, group_base->dn);
7501 strcpy(cn, group_base->value);
7503 for (i = 0; i < (int)strlen(dn); i++)
7504 dn[i] = tolower(dn[i]);
7506 for (i = 0; i < (int)strlen(cn); i++)
7507 cn[i] = tolower(cn[i]);
7509 linklist_free(group_base);
7511 pPtr = strstr(dn, cn);
7515 com_err(whoami, 0, "Unable to process machine %s",
7520 pPtr += strlen(cn) + 1;
7521 strcpy(machine_ou, pPtr);
7523 pPtr = strstr(machine_ou, "dc=");
7527 com_err(whoami, 0, "Unable to process machine %s",
7538 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7539 char *MoiraMachineName, char *DestinationOu)
7543 char MachineName[128];
7545 char *attr_array[3];
7550 LK_ENTRY *group_base;
7555 strcpy(MachineName, MoiraMachineName);
7556 rc = GetMachineName(MachineName);
7558 if (strlen(MachineName) == 0)
7560 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7565 cPtr = strchr(MachineName, '.');
7570 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7571 attr_array[0] = "sAMAccountName";
7572 attr_array[1] = NULL;
7574 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7576 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7578 com_err(whoami, 0, "Unable to process machine %s : %s",
7579 MoiraMachineName, ldap_err2string(rc));
7583 if (group_count == 1)
7584 strcpy(OldDn, group_base->dn);
7586 linklist_free(group_base);
7589 if (group_count != 1)
7591 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7596 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7597 cPtr = strchr(OldDn, ',');
7602 if (!strcasecmp(cPtr, NewOu))
7606 sprintf(NewCn, "CN=%s", MachineName);
7607 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7612 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7618 memset(Name, '\0', sizeof(Name));
7619 strcpy(Name, machine_name);
7621 pPtr = strchr(Name, '.');
7627 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7630 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7631 char *machine_name, char *container_name)
7637 av[0] = machine_name;
7638 call_args[0] = (char *)container_name;
7639 rc = mr_query("get_machine_to_container_map", 1, av,
7640 machine_GetMoiraContainer, call_args);
7644 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7649 strcpy(call_args[0], av[1]);
7653 int Moira_container_group_create(char **after)
7659 memset(GroupName, '\0', sizeof(GroupName));
7660 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7661 after[CONTAINER_ROWID]);
7665 argv[L_NAME] = GroupName;
7666 argv[L_ACTIVE] = "1";
7667 argv[L_PUBLIC] = "0";
7668 argv[L_HIDDEN] = "0";
7669 argv[L_MAILLIST] = "0";
7670 argv[L_GROUP] = "1";
7671 argv[L_GID] = UNIQUE_GID;
7672 argv[L_NFSGROUP] = "0";
7673 argv[L_MAILMAN] = "0";
7674 argv[L_MAILMAN_SERVER] = "[NONE]";
7675 argv[L_DESC] = "auto created container group";
7676 argv[L_ACE_TYPE] = "USER";
7677 argv[L_MEMACE_TYPE] = "USER";
7678 argv[L_ACE_NAME] = "sms";
7679 argv[L_MEMACE_NAME] = "sms";
7681 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7684 "Unable to create container group %s for container %s: %s",
7685 GroupName, after[CONTAINER_NAME], error_message(rc));
7688 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7689 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7694 int Moira_container_group_update(char **before, char **after)
7697 char BeforeGroupName[64];
7698 char AfterGroupName[64];
7701 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7704 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7705 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7706 if (strlen(BeforeGroupName) == 0)
7709 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7710 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7711 after[CONTAINER_ROWID]);
7715 if (strcasecmp(BeforeGroupName, AfterGroupName))
7717 argv[L_NAME] = BeforeGroupName;
7718 argv[L_NAME + 1] = AfterGroupName;
7719 argv[L_ACTIVE + 1] = "1";
7720 argv[L_PUBLIC + 1] = "0";
7721 argv[L_HIDDEN + 1] = "0";
7722 argv[L_MAILLIST + 1] = "0";
7723 argv[L_GROUP + 1] = "1";
7724 argv[L_GID + 1] = UNIQUE_GID;
7725 argv[L_NFSGROUP + 1] = "0";
7726 argv[L_MAILMAN + 1] = "0";
7727 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7728 argv[L_DESC + 1] = "auto created container group";
7729 argv[L_ACE_TYPE + 1] = "USER";
7730 argv[L_MEMACE_TYPE + 1] = "USER";
7731 argv[L_ACE_NAME + 1] = "sms";
7732 argv[L_MEMACE_NAME + 1] = "sms";
7734 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7737 "Unable to rename container group from %s to %s: %s",
7738 BeforeGroupName, AfterGroupName, error_message(rc));
7745 int Moira_container_group_delete(char **before)
7750 char ParentGroupName[64];
7752 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7753 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7755 memset(GroupName, '\0', sizeof(GroupName));
7757 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7758 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7760 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7762 argv[0] = ParentGroupName;
7764 argv[2] = GroupName;
7766 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7769 "Unable to delete container group %s from list: %s",
7770 GroupName, ParentGroupName, error_message(rc));
7774 if (strlen(GroupName) != 0)
7776 argv[0] = GroupName;
7778 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7780 com_err(whoami, 0, "Unable to delete container group %s : %s",
7781 GroupName, error_message(rc));
7788 int Moira_groupname_create(char *GroupName, char *ContainerName,
7789 char *ContainerRowID)
7794 char newGroupName[64];
7795 char tempGroupName[64];
7801 strcpy(temp, ContainerName);
7803 ptr1 = strrchr(temp, '/');
7809 ptr1 = strrchr(temp, '/');
7813 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7816 strcpy(tempgname, ptr);
7819 strcpy(tempgname, temp);
7821 if (strlen(tempgname) > 25)
7822 tempgname[25] ='\0';
7824 sprintf(newGroupName, "cnt-%s", tempgname);
7826 /* change everything to lower case */
7832 *ptr = tolower(*ptr);
7840 strcpy(tempGroupName, newGroupName);
7843 /* append 0-9 then a-z if a duplicate is found */
7846 argv[0] = newGroupName;
7848 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7850 if (rc == MR_NO_MATCH)
7852 com_err(whoami, 0, "Moira error while creating group name for "
7853 "container %s : %s", ContainerName, error_message(rc));
7857 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7861 com_err(whoami, 0, "Unable to find a unique group name for "
7862 "container %s: too many duplicate container names",
7873 strcpy(GroupName, newGroupName);
7877 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7882 argv[0] = origContainerName;
7883 argv[1] = GroupName;
7885 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7888 "Unable to set container group %s in container %s: %s",
7889 GroupName, origContainerName, error_message(rc));
7895 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7897 char ContainerName[64];
7898 char ParentGroupName[64];
7902 strcpy(ContainerName, origContainerName);
7904 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7906 /* top-level container */
7907 if (strlen(ParentGroupName) == 0)
7910 argv[0] = ParentGroupName;
7912 argv[2] = GroupName;
7914 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7917 "Unable to add container group %s to parent group %s: %s",
7918 GroupName, ParentGroupName, error_message(rc));
7924 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7929 strcpy(call_args[0], av[1]);
7934 int Moira_getGroupName(char *origContainerName, char *GroupName,
7937 char ContainerName[64];
7943 strcpy(ContainerName, origContainerName);
7947 ptr = strrchr(ContainerName, '/');
7955 argv[0] = ContainerName;
7957 call_args[0] = GroupName;
7958 call_args[1] = NULL;
7960 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7963 if (strlen(GroupName) != 0)
7968 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7969 ContainerName, error_message(rc));
7971 com_err(whoami, 0, "Unable to get container group from container %s",
7977 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7983 if (strcmp(GroupName, "[none]") == 0)
7986 argv[0] = GroupName;
7987 argv[1] = "MACHINE";
7988 argv[2] = MachineName;
7991 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7993 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7997 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7998 MachineName, GroupName, error_message(rc));
8004 int GetMachineName(char *MachineName)
8007 char NewMachineName[1024];
8014 // If the address happens to be in the top-level MIT domain, great!
8015 strcpy(NewMachineName, MachineName);
8017 for (i = 0; i < (int)strlen(NewMachineName); i++)
8018 NewMachineName[i] = toupper(NewMachineName[i]);
8020 szDot = strchr(NewMachineName,'.');
8022 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8027 // If not, see if it has a Moira alias in the top-level MIT domain.
8028 memset(NewMachineName, '\0', sizeof(NewMachineName));
8030 args[1] = MachineName;
8031 call_args[0] = NewMachineName;
8032 call_args[1] = NULL;
8034 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8036 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8037 MachineName, error_message(rc));
8038 strcpy(MachineName, "");
8042 if (strlen(NewMachineName) != 0)
8043 strcpy(MachineName, NewMachineName);
8045 strcpy(MachineName, "");
8050 int ProcessMachineName(int ac, char **av, void *ptr)
8053 char MachineName[1024];
8059 if (strlen(call_args[0]) == 0)
8061 strcpy(MachineName, av[0]);
8063 for (i = 0; i < (int)strlen(MachineName); i++)
8064 MachineName[i] = toupper(MachineName[i]);
8066 szDot = strchr(MachineName,'.');
8068 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8070 strcpy(call_args[0], MachineName);
8077 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8083 for (i = 0; i < n; i++)
8085 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8086 mods[i]->mod_type = "uidNumber";
8093 for (i = 0; i < n; i++)
8095 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8096 mods[i]->mod_type = "msSFU30UidNumber";
8103 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8104 char *DistinguishedName,
8105 char *WinHomeDir, char *WinProfileDir,
8106 char **homedir_v, char **winProfile_v,
8107 char **drives_v, LDAPMod **mods,
8114 char winProfile[1024];
8117 char apple_homedir[1024];
8118 char *apple_homedir_v[] = {NULL, NULL};
8122 LDAPMod *DelMods[20];
8124 char *save_argv[FS_END];
8125 char *fsgroup_save_argv[2];
8127 memset(homeDrive, '\0', sizeof(homeDrive));
8128 memset(path, '\0', sizeof(path));
8129 memset(winPath, '\0', sizeof(winPath));
8130 memset(winProfile, '\0', sizeof(winProfile));
8132 if(!ActiveDirectory)
8134 if (rc = moira_connect())
8136 critical_alert("Ldap incremental",
8137 "Error contacting Moira server : %s",
8142 argv[0] = user_name;
8144 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8147 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8148 !strcmp(save_argv[FS_TYPE], "MUL"))
8151 argv[0] = save_argv[FS_NAME];
8154 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8155 save_fsgroup_info, fsgroup_save_argv)))
8159 argv[0] = fsgroup_save_argv[0];
8161 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8162 save_query_info, save_argv)))
8164 strcpy(path, save_argv[FS_PACK]);
8171 strcpy(path, save_argv[FS_PACK]);
8179 if (!strnicmp(path, AFS, strlen(AFS)))
8181 sprintf(homedir, "%s", path);
8182 sprintf(apple_homedir, "%s/MacData", path);
8183 homedir_v[0] = homedir;
8184 apple_homedir_v[0] = apple_homedir;
8185 ADD_ATTR("homeDirectory", homedir_v, OpType);
8186 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8192 homedir_v[0] = "NONE";
8193 apple_homedir_v[0] = "NONE";
8194 ADD_ATTR("homeDirectory", homedir_v, OpType);
8195 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8202 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8203 (!strcasecmp(WinProfileDir, "[afs]")))
8205 if (rc = moira_connect())
8207 critical_alert("Ldap incremental",
8208 "Error contacting Moira server : %s",
8213 argv[0] = user_name;
8215 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8218 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8219 !strcmp(save_argv[FS_TYPE], "MUL"))
8222 argv[0] = save_argv[FS_NAME];
8225 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8226 save_fsgroup_info, fsgroup_save_argv)))
8230 argv[0] = fsgroup_save_argv[0];
8232 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8233 save_query_info, save_argv)))
8235 strcpy(path, save_argv[FS_PACK]);
8242 strcpy(path, save_argv[FS_PACK]);
8250 if (!strnicmp(path, AFS, strlen(AFS)))
8252 AfsToWinAfs(path, winPath);
8253 strcpy(winProfile, winPath);
8254 strcat(winProfile, "\\.winprofile");
8261 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8262 (!strcasecmp(WinProfileDir, "[dfs]")))
8264 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8265 user_name[0], user_name);
8267 if (!strcasecmp(WinProfileDir, "[dfs]"))
8269 strcpy(winProfile, path);
8270 strcat(winProfile, "\\.winprofile");
8273 if (!strcasecmp(WinHomeDir, "[dfs]"))
8274 strcpy(winPath, path);
8277 if (!strcasecmp(WinHomeDir, "[local]"))
8278 memset(winPath, '\0', sizeof(winPath));
8279 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8280 !strcasecmp(WinHomeDir, "[dfs]"))
8282 strcpy(homeDrive, "H:");
8286 strcpy(winPath, WinHomeDir);
8287 if (!strncmp(WinHomeDir, "\\\\", 2))
8289 strcpy(homeDrive, "H:");
8293 // nothing needs to be done if WinProfileDir is [afs].
8294 if (!strcasecmp(WinProfileDir, "[local]"))
8295 memset(winProfile, '\0', sizeof(winProfile));
8296 else if (strcasecmp(WinProfileDir, "[afs]") &&
8297 strcasecmp(WinProfileDir, "[dfs]"))
8299 strcpy(winProfile, WinProfileDir);
8302 if (strlen(winProfile) != 0)
8304 if (winProfile[strlen(winProfile) - 1] == '\\')
8305 winProfile[strlen(winProfile) - 1] = '\0';
8308 if (strlen(winPath) != 0)
8310 if (winPath[strlen(winPath) - 1] == '\\')
8311 winPath[strlen(winPath) - 1] = '\0';
8314 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8315 strcat(winProfile, "\\");
8317 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8318 strcat(winPath, "\\");
8320 if (strlen(winPath) == 0)
8322 if (OpType == LDAP_MOD_REPLACE)
8325 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8327 //unset homeDirectory attribute for user.
8328 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8334 homedir_v[0] = strdup(winPath);
8335 ADD_ATTR("homeDirectory", homedir_v, OpType);
8338 if (strlen(winProfile) == 0)
8340 if (OpType == LDAP_MOD_REPLACE)
8343 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8345 //unset profilePate attribute for user.
8346 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8352 winProfile_v[0] = strdup(winProfile);
8353 ADD_ATTR("profilePath", winProfile_v, OpType);
8356 if (strlen(homeDrive) == 0)
8358 if (OpType == LDAP_MOD_REPLACE)
8361 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8363 //unset homeDrive attribute for user
8364 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8370 drives_v[0] = strdup(homeDrive);
8371 ADD_ATTR("homeDrive", drives_v, OpType);
8377 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8378 char *attribute_value, char *attribute, char *user_name)
8380 char *mod_v[] = {NULL, NULL};
8381 LDAPMod *DelMods[20];
8387 if (strlen(attribute_value) == 0)
8390 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8392 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8398 mod_v[0] = attribute_value;
8399 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8402 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8403 mods)) != LDAP_SUCCESS)
8407 mod_v[0] = attribute_value;
8408 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8411 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8412 mods)) != LDAP_SUCCESS)
8414 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8415 "in the directory : %s",
8416 attribute, user_name, ldap_err2string(rc));
8426 void StringTrim(char *StringToTrim)
8431 save = strdup(StringToTrim);
8438 /* skip to end of string */
8443 strcpy(StringToTrim, save);
8447 for (t = s; *t; t++)
8463 strcpy(StringToTrim, s);
8467 int ReadConfigFile(char *DomainName)
8478 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8480 if ((fptr = fopen(temp, "r")) != NULL)
8482 while (fgets(temp, sizeof(temp), fptr) != 0)
8484 for (i = 0; i < (int)strlen(temp); i++)
8485 temp[i] = toupper(temp[i]);
8487 if (temp[strlen(temp) - 1] == '\n')
8488 temp[strlen(temp) - 1] = '\0';
8492 if (strlen(temp) == 0)
8495 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8497 if (strlen(temp) > (strlen(DOMAIN)))
8499 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8500 StringTrim(ldap_domain);
8503 else if (!strncmp(temp, REALM, strlen(REALM)))
8505 if (strlen(temp) > (strlen(REALM)))
8507 strcpy(ldap_realm, &temp[strlen(REALM)]);
8508 StringTrim(ldap_realm);
8511 else if (!strncmp(temp, PORT, strlen(PORT)))
8513 if (strlen(temp) > (strlen(PORT)))
8515 strcpy(ldap_port, &temp[strlen(PORT)]);
8516 StringTrim(ldap_port);
8519 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8521 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8523 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8524 StringTrim(PrincipalName);
8527 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8529 if (strlen(temp) > (strlen(SERVER)))
8531 ServerList[Count] = calloc(1, 256);
8532 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8533 StringTrim(ServerList[Count]);
8537 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8539 if (strlen(temp) > (strlen(MSSFU)))
8541 strcpy(temp1, &temp[strlen(MSSFU)]);
8543 if (!strcmp(temp1, SFUTYPE))
8547 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8549 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8551 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8553 if (!strcasecmp(temp1, "NO"))
8556 memset(group_suffix, '\0', sizeof(group_suffix));
8560 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8562 if (strlen(temp) > (strlen(GROUP_TYPE)))
8564 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8566 if (!strcasecmp(temp1, "UNIVERSAL"))
8567 UseGroupUniversal = 1;
8570 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8572 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8574 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8576 if (!strcasecmp(temp1, "NO"))
8580 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8582 if (strlen(temp) > (strlen(SET_PASSWORD)))
8584 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8586 if (!strcasecmp(temp1, "NO"))
8590 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8592 if (strlen(temp) > (strlen(EXCHANGE)))
8594 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8596 if (!strcasecmp(temp1, "YES"))
8600 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8601 strlen(PROCESS_MACHINE_CONTAINER)))
8603 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8605 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8607 if (!strcasecmp(temp1, "NO"))
8608 ProcessMachineContainer = 0;
8611 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8612 strlen(ACTIVE_DIRECTORY)))
8614 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8616 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8618 if (!strcasecmp(temp1, "NO"))
8619 ActiveDirectory = 0;
8622 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8623 strlen(GROUP_POPULATE_MEMBERS)))
8625 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8627 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8629 if (!strcasecmp(temp1, "DELETE"))
8631 GroupPopulateDelete = 1;
8637 if (strlen(ldap_domain) != 0)
8639 memset(ldap_domain, '\0', sizeof(ldap_domain));
8643 if (strlen(temp) != 0)
8644 strcpy(ldap_domain, temp);
8650 if (strlen(ldap_domain) == 0)
8652 strcpy(ldap_domain, DomainName);
8658 for (i = 0; i < Count; i++)
8660 if (ServerList[i] != 0)
8662 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8663 ServerList[i][k] = toupper(ServerList[i][k]);
8670 int ReadDomainList()
8677 unsigned char c[11];
8678 unsigned char stuff[256];
8683 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8685 if ((fptr = fopen(temp, "r")) != NULL)
8687 while (fgets(temp, sizeof(temp), fptr) != 0)
8689 for (i = 0; i < (int)strlen(temp); i++)
8690 temp[i] = toupper(temp[i]);
8692 if (temp[strlen(temp) - 1] == '\n')
8693 temp[strlen(temp) - 1] = '\0';
8697 if (strlen(temp) == 0)
8700 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8702 if (strlen(temp) > (strlen(DOMAIN)))
8704 strcpy(temp1, &temp[strlen(DOMAIN)]);
8706 strcpy(temp, temp1);
8710 strcpy(DomainNames[Count], temp);
8711 StringTrim(DomainNames[Count]);
8720 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8721 "configuration error in ldap.cfg");
8728 int email_isvalid(const char *address) {
8730 const char *c, *domain;
8731 static char *rfc822_specials = "()<>@,;:\\\"[]";
8733 if(address[strlen(address) - 1] == '.')
8736 /* first we validate the name portion (name@domain) */
8737 for (c = address; *c; c++) {
8738 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8743 if (*c == '\\' && (*++c == ' '))
8745 if (*c <= ' ' || *c >= 127)
8760 if (*c <= ' ' || *c >= 127)
8762 if (strchr(rfc822_specials, *c))
8766 if (c == address || *(c - 1) == '.')
8769 /* next we validate the domain portion (name@domain) */
8770 if (!*(domain = ++c)) return 0;
8773 if (c == domain || *(c - 1) == '.')
8777 if (*c <= ' ' || *c >= 127)
8779 if (strchr(rfc822_specials, *c))
8783 return (count >= 1);
8786 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8787 char **homeServerName)
8789 LK_ENTRY *group_base;
8790 LK_ENTRY *sub_group_base;
8794 int sub_group_count;
8796 char sub_filter[1024];
8797 char search_path[1024];
8799 char *attr_array[3];
8801 int homeMDB_count = -1;
8805 int rangeStep = 1500;
8807 int rangeHigh = rangeLow + (rangeStep - 1);
8810 /* Grumble..... microsoft not making it searchable from the root *grr* */
8812 memset(filter, '\0', sizeof(filter));
8813 memset(search_path, '\0', sizeof(search_path));
8815 sprintf(filter, "(objectClass=msExchMDB)");
8816 sprintf(search_path, "CN=Configuration,%s", dn_path);
8817 attr_array[0] = "distinguishedName";
8818 attr_array[1] = NULL;
8823 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8824 &group_base, &group_count,
8825 LDAP_SCOPE_SUBTREE)) != 0)
8827 com_err(whoami, 0, "Unable to find msExchMDB %s",
8828 ldap_err2string(rc));
8837 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8838 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8839 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8846 * Due to limits in active directory we need to use the LDAP
8847 * range semantics to query and return all the values in
8848 * large lists, we will stop increasing the range when
8849 * the result count is 0.
8857 memset(sub_filter, '\0', sizeof(sub_filter));
8858 memset(range, '\0', sizeof(range));
8859 sprintf(sub_filter, "(objectClass=msExchMDB)");
8862 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8864 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8866 attr_array[0] = range;
8867 attr_array[1] = NULL;
8869 sub_group_base = NULL;
8870 sub_group_count = 0;
8872 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8873 attr_array, &sub_group_base,
8875 LDAP_SCOPE_SUBTREE)) != 0)
8877 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8878 ldap_err2string(rc));
8882 if(!sub_group_count)
8888 rangeHigh = rangeLow + (rangeStep - 1);
8895 mdbbl_count += sub_group_count;
8896 rangeLow = rangeHigh + 1;
8897 rangeHigh = rangeLow + (rangeStep - 1);
8900 /* First time through, need to initialize or update the least used */
8902 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8905 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8907 homeMDB_count = mdbbl_count;
8908 *homeMDB = strdup(gPtr->dn);
8912 linklist_free(sub_group_base);
8916 linklist_free(group_base);
8919 * Ok found the server least allocated need to now query to get its
8920 * msExchHomeServerName so we can set it as a user attribute
8923 attr_array[0] = "legacyExchangeDN";
8924 attr_array[1] = NULL;
8929 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8930 attr_array, &group_base,
8932 LDAP_SCOPE_SUBTREE)) != 0)
8934 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8935 ldap_err2string(rc));
8941 *homeServerName = strdup(group_base->value);
8942 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8948 linklist_free(group_base);
8953 char *lowercase(char *s)
8957 for (p = s; *p; p++)
8965 char *uppercase(char *s)
8969 for (p = s; *p; p++)
8977 char *escape_string(char *s)
8985 memset(string, '\0', sizeof(string));
8989 /* Escape any special characters */
8991 for(; *q != '\0'; q++) {
9014 return strdup(string);
9017 int save_query_info(int argc, char **argv, void *hint)
9020 char **nargv = hint;
9022 for(i = 0; i < argc; i++)
9023 nargv[i] = strdup(argv[i]);
9028 int save_fsgroup_info(int argc, char **argv, void *hint)
9031 char **nargv = hint;
9035 for(i = 0; i < argc; i++)
9036 nargv[i] = strdup(argv[i]);