2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
295 #define CHECK_GROUPS 1
296 #define CLEANUP_GROUPS 2
298 #define AD_NO_GROUPS_FOUND -1
299 #define AD_WRONG_GROUP_DN_FOUND -2
300 #define AD_MULTIPLE_GROUPS_FOUND -3
301 #define AD_INVALID_NAME -4
302 #define AD_LDAP_FAILURE -5
303 #define AD_INVALID_FILESYS -6
304 #define AD_NO_ATTRIBUTE_FOUND -7
305 #define AD_NO_OU_FOUND -8
306 #define AD_NO_USER_FOUND -9
308 /* container arguments */
309 #define CONTAINER_NAME 0
310 #define CONTAINER_DESC 1
311 #define CONTAINER_LOCATION 2
312 #define CONTAINER_CONTACT 3
313 #define CONTAINER_TYPE 4
314 #define CONTAINER_ID 5
315 #define CONTAINER_ROWID 6
316 #define CONTAINER_GROUP_NAME 7
318 /*mcntmap arguments*/
319 #define OU_MACHINE_NAME 0
320 #define OU_CONTAINER_NAME 1
321 #define OU_MACHINE_ID 2
322 #define OU_CONTAINER_ID 3
323 #define OU_CONTAINER_GROUP 4
325 typedef struct lk_entry {
335 struct lk_entry *next;
338 #define STOP_FILE "/moira/ldap/noldap"
339 #define file_exists(file) (access((file), F_OK) == 0)
341 #define N_SD_BER_BYTES 5
342 #define LDAP_BERVAL struct berval
343 #define MAX_SERVER_NAMES 32
345 #define HIDDEN_GROUP "HiddenGroup.g"
346 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
347 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
348 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
350 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
351 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
352 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
354 #define ADD_ATTR(t, v, o) \
355 mods[n] = malloc(sizeof(LDAPMod)); \
356 mods[n]->mod_op = o; \
357 mods[n]->mod_type = t; \
358 mods[n++]->mod_values = v
360 #define DEL_ATTR(t, o) \
361 DelMods[i] = malloc(sizeof(LDAPMod)); \
362 DelMods[i]->mod_op = o; \
363 DelMods[i]->mod_type = t; \
364 DelMods[i++]->mod_values = NULL
366 #define DOMAIN_SUFFIX "MIT.EDU"
367 #define DOMAIN "DOMAIN:"
368 #define PRINCIPALNAME "PRINCIPAL:"
369 #define SERVER "SERVER:"
372 #define GROUP_SUFFIX "GROUP_SUFFIX:"
373 #define GROUP_TYPE "GROUP_TYPE:"
374 #define SET_GROUP_ACE "SET_GROUP_ACE:"
375 #define SET_PASSWORD "SET_PASSWORD:"
376 #define EXCHANGE "EXCHANGE:"
377 #define REALM "REALM:"
378 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
380 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
381 #define MAX_DOMAINS 10
382 char DomainNames[MAX_DOMAINS][128];
384 LK_ENTRY *member_base = NULL;
386 char PrincipalName[128];
387 static char tbl_buf[1024];
388 char kerberos_ou[] = "OU=kerberos,OU=moira";
389 char contact_ou[] = "OU=strings,OU=moira";
390 char user_ou[] = "OU=users,OU=moira";
391 char group_ou_distribution[1024];
392 char group_ou_root[1024];
393 char group_ou_security[1024];
394 char group_ou_neither[1024];
395 char group_ou_both[1024];
396 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
397 char orphans_other_ou[] = "OU=Other,OU=Orphans";
398 char security_template_ou[] = "OU=security_templates";
400 char ldap_domain[256];
401 char ldap_realm[256];
403 char *ServerList[MAX_SERVER_NAMES];
404 char default_server[256];
405 static char tbl_buf[1024];
406 char group_suffix[256];
407 char exchange_acl[256];
408 int mr_connections = 0;
411 int UseGroupSuffix = 1;
412 int UseGroupUniversal = 0;
416 int ProcessMachineContainer = 1;
417 int ActiveDirectory = 1;
418 int UpdateDomainList;
420 extern int set_password(char *user, char *password, char *domain);
422 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
423 char *group_membership, char *MoiraId, char *attribute,
424 LK_ENTRY **linklist_base, int *linklist_count,
426 void AfsToWinAfs(char* path, char* winPath);
427 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
428 char *Win2kPassword, char *Win2kUser, char *default_server,
429 int connect_to_kdc, char **ServerList, char *ldap_realm,
431 void ad_kdc_disconnect();
432 int ad_server_connect(char *connectedServer, char *domain);
433 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
434 char *attribute_value, char *attribute, char *user_name);
435 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
436 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
437 int check_winad(void);
438 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
441 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
442 char *distinguishedName, int count, char **av);
443 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
444 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
445 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
446 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
447 char *distinguishedName, int count,
449 void container_get_dn(char *src, char *dest);
450 void container_get_name(char *src, char *dest);
451 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
452 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
453 char **before, int afterc, char **after);
454 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
455 char **before, int afterc, char **after);
457 int GetAceInfo(int ac, char **av, void *ptr);
458 int get_group_membership(char *group_membership, char *group_ou,
459 int *security_flag, char **av);
460 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
461 char *machine_ou, char *pPtr);
462 int Moira_container_group_create(char **after);
463 int Moira_container_group_delete(char **before);
464 int Moira_groupname_create(char *GroupName, char *ContainerName,
465 char *ContainerRowID);
466 int Moira_container_group_update(char **before, char **after);
467 int Moira_process_machine_container_group(char *MachineName, char* groupName,
469 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
470 int Moira_getContainerGroup(int ac, char **av, void *ptr);
471 int Moira_getGroupName(char *origContainerName, char *GroupName,
473 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
474 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
475 int UpdateGroup, int *ProcessGroup, char *maillist);
476 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
477 char *group_name, char *group_ou, char *group_membership,
478 int group_security_flag, int type, char *maillist);
479 int process_lists(int ac, char **av, void *ptr);
480 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
481 char *TargetGroupName, int HiddenGroup,
482 char *AceType, char *AceName);
483 int ProcessMachineName(int ac, char **av, void *ptr);
484 int ReadConfigFile(char *DomainName);
485 int ReadDomainList();
486 void StringTrim(char *StringToTrim);
487 char *escape_string(char *s);
488 int save_query_info(int argc, char **argv, void *hint);
489 int user_create(int ac, char **av, void *ptr);
490 int user_change_status(LDAP *ldap_handle, char *dn_path,
491 char *user_name, char *MoiraId, int operation);
492 int user_delete(LDAP *ldap_handle, char *dn_path,
493 char *u_name, char *MoiraId);
494 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
496 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
497 char *uid, char *MitId, char *MoiraId, int State,
498 char *WinHomeDir, char *WinProfileDir, char *first,
499 char *middle, char *last, char *shell, char *class);
500 void change_to_lower_case(char *ptr);
501 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
502 int contact_remove_email(LDAP *ld, char *bind_path,
503 LK_ENTRY **linklist_entry, int linklist_current);
504 int group_create(int ac, char **av, void *ptr);
505 int group_delete(LDAP *ldap_handle, char *dn_path,
506 char *group_name, char *group_membership, char *MoiraId);
507 int group_rename(LDAP *ldap_handle, char *dn_path,
508 char *before_group_name, char *before_group_membership,
509 char *before_group_ou, int before_security_flag,
510 char *before_desc, char *after_group_name,
511 char *after_group_membership, char *after_group_ou,
512 int after_security_flag, char *after_desc,
513 char *MoiraId, char *filter, char *maillist);
514 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
515 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
516 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
517 char *machine_name, char *container_name);
518 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
519 char *MoiraMachineName, char *DestinationOu);
520 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
521 char *group_name, char *group_ou, char *group_membership,
522 int group_security_flag, int updateGroup, char *maillist);
523 int member_list_build(int ac, char **av, void *ptr);
524 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
525 char *group_ou, char *group_membership,
526 char *user_name, char *pUserOu, char *MoiraId);
527 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
528 char *group_ou, char *group_membership, char *user_name,
529 char *pUserOu, char *MoiraId);
530 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
531 char *group_ou, char *group_membership,
532 int group_security_flag, char *MoiraId);
533 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
534 char *DistinguishedName,
535 char *WinHomeDir, char *WinProfileDir,
536 char **homedir_v, char **winProfile_v,
537 char **drives_v, LDAPMod **mods,
539 int sid_update(LDAP *ldap_handle, char *dn_path);
540 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
541 int check_string(char *s);
542 int check_container_name(char* s);
544 int mr_connect_cl(char *server, char *client, int version, int auth);
545 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
546 char **before, int beforec, char **after, int afterc);
547 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
548 char **before, int beforec, char **after, int afterc);
549 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
550 char **before, int beforec, char **after, int afterc);
551 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
552 char **before, int beforec, char **after, int afterc);
553 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
554 char **before, int beforec, char **after, int afterc);
555 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
556 char **before, int beforec, char **after, int afterc);
557 int linklist_create_entry(char *attribute, char *value,
558 LK_ENTRY **linklist_entry);
559 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
560 char **attr_array, LK_ENTRY **linklist_base,
561 int *linklist_count, unsigned long ScopeType);
562 void linklist_free(LK_ENTRY *linklist_base);
564 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
565 char *distinguished_name, LK_ENTRY **linklist_current);
566 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
567 LK_ENTRY **linklist_base, int *linklist_count);
568 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
569 char *Attribute, char *distinguished_name,
570 LK_ENTRY **linklist_current);
572 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
573 char *oldValue, char *newValue,
574 char ***modvalues, int type);
575 void free_values(char **modvalues);
577 int convert_domain_to_dn(char *domain, char **bind_path);
578 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
579 char *distinguished_name);
580 int moira_disconnect(void);
581 int moira_connect(void);
582 void print_to_screen(const char *fmt, ...);
583 int GetMachineName(char *MachineName);
584 int tickets_get_k5();
585 int destroy_cache(void);
588 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
589 char **homeServerName);
591 int main(int argc, char **argv)
607 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
611 com_err(whoami, 0, "Unable to process %s", "argc < 4");
615 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
617 com_err(whoami, 0, "Unable to process %s",
618 "argc < (4 + beforec + afterc)");
622 if (!strcmp(argv[1], "filesys"))
625 for (i = 1; i < argc; i++)
627 strcat(tbl_buf, argv[i]);
628 strcat(tbl_buf, " ");
631 com_err(whoami, 0, "%s", tbl_buf);
635 com_err(whoami, 0, "%s failed", "check_winad()");
639 initialize_sms_error_table();
640 initialize_krb_error_table();
642 UpdateDomainList = 0;
643 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
645 if (ReadDomainList())
647 com_err(whoami, 0, "%s failed", "ReadDomainList()");
651 for (i = 0; i < argc; i++)
654 for (k = 0; k < MAX_DOMAINS; k++)
656 if (strlen(DomainNames[k]) == 0)
658 for (i = 0; i < argc; i++)
660 if (orig_argv[i] != NULL)
662 orig_argv[i] = strdup(argv[i]);
665 memset(PrincipalName, '\0', sizeof(PrincipalName));
666 memset(ldap_domain, '\0', sizeof(ldap_domain));
667 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
668 memset(default_server, '\0', sizeof(default_server));
669 memset(dn_path, '\0', sizeof(dn_path));
670 memset(group_suffix, '\0', sizeof(group_suffix));
671 memset(exchange_acl, '\0', sizeof(exchange_acl));
675 UseGroupUniversal = 0;
679 ProcessMachineContainer = 1;
682 sprintf(group_suffix, "%s", "_group");
683 sprintf(exchange_acl, "%s", "exchange-acl");
685 beforec = atoi(orig_argv[2]);
686 afterc = atoi(orig_argv[3]);
687 table = orig_argv[1];
688 before = &orig_argv[4];
689 after = &orig_argv[4 + beforec];
697 if (ReadConfigFile(DomainNames[k]))
702 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
703 sprintf(group_ou_root, "OU=lists,OU=moira");
704 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
705 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
706 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
710 sprintf(group_ou_distribution, "OU=lists,OU=moira");
711 sprintf(group_ou_root, "OU=lists,OU=moira");
712 sprintf(group_ou_security, "OU=lists,OU=moira");
713 sprintf(group_ou_neither, "OU=lists,OU=moira");
714 sprintf(group_ou_both, "OU=lists,OU=moira");
717 OldUseSFU30 = UseSFU30;
719 for (i = 0; i < 5; i++)
721 ldap_handle = (LDAP *)NULL;
722 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
723 default_server, SetPassword, ServerList,
724 ldap_realm, ldap_port)))
726 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
731 if ((rc) || (ldap_handle == NULL))
733 critical_alert("incremental",
734 "ldap.incr cannot connect to any server in "
735 "domain %s", DomainNames[k]);
739 for (i = 0; i < (int)strlen(table); i++)
740 table[i] = tolower(table[i]);
742 if (!strcmp(table, "users"))
743 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
745 else if (!strcmp(table, "list"))
746 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
748 else if (!strcmp(table, "imembers"))
749 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
751 else if (!strcmp(table, "containers"))
752 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
754 else if (!strcmp(table, "mcntmap"))
755 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
761 for (i = 0; i < MAX_SERVER_NAMES; i++)
763 if (ServerList[i] != NULL)
766 ServerList[i] = NULL;
770 rc = ldap_unbind_s(ldap_handle);
776 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
777 char **before, int beforec, char **after, int afterc)
779 char MoiraContainerName[128];
780 char ADContainerName[128];
781 char MachineName[1024];
782 char OriginalMachineName[1024];
785 char MoiraContainerGroup[64];
787 if (!ProcessMachineContainer)
789 com_err(whoami, 0, "Process machines and containers disabled, skipping");
794 memset(ADContainerName, '\0', sizeof(ADContainerName));
795 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
797 if ((beforec == 0) && (afterc == 0))
800 if (rc = moira_connect())
802 critical_alert("AD incremental",
803 "Error contacting Moira server : %s",
808 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
810 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
811 strcpy(MachineName, before[OU_MACHINE_NAME]);
812 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
814 com_err(whoami, 0, "removing machine %s from %s",
815 OriginalMachineName, before[OU_CONTAINER_NAME]);
817 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
819 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
820 strcpy(MachineName, after[OU_MACHINE_NAME]);
821 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
822 com_err(whoami, 0, "adding machine %s to container %s",
823 OriginalMachineName, after[OU_CONTAINER_NAME]);
831 rc = GetMachineName(MachineName);
833 if (strlen(MachineName) == 0)
836 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
837 OriginalMachineName);
841 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
844 if (machine_check(ldap_handle, dn_path, MachineName))
846 com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.",
847 OriginalMachineName, MachineName);
852 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
853 machine_get_moira_container(ldap_handle, dn_path, MachineName,
856 if (strlen(MoiraContainerName) == 0)
858 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
859 "in Moira - moving to orphans OU.",
860 OriginalMachineName, MachineName);
861 machine_move_to_ou(ldap_handle, dn_path, MachineName,
862 orphans_machines_ou);
867 container_get_dn(MoiraContainerName, ADContainerName);
869 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
870 strcat(MoiraContainerName, "/");
872 container_check(ldap_handle, dn_path, MoiraContainerName);
873 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
878 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
879 char **before, int beforec, char **after, int afterc)
883 if (!ProcessMachineContainer)
885 com_err(whoami, 0, "Process machines and containers disabled, skipping");
889 if ((beforec == 0) && (afterc == 0))
892 if (rc = moira_connect())
894 critical_alert("AD incremental", "Error contacting Moira server : %s",
899 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
901 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
902 container_delete(ldap_handle, dn_path, beforec, before);
903 Moira_container_group_delete(before);
908 if ((beforec == 0) && (afterc != 0)) /*create a container*/
910 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
911 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
912 container_create(ldap_handle, dn_path, afterc, after);
913 Moira_container_group_create(after);
918 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
920 com_err(whoami, 0, "renaming container %s to %s",
921 before[CONTAINER_NAME], after[CONTAINER_NAME]);
922 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
923 Moira_container_group_update(before, after);
928 com_err(whoami, 0, "updating container %s information",
929 after[CONTAINER_NAME]);
930 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
931 Moira_container_group_update(before, after);
936 #define L_LIST_DESC 9
939 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
940 char **before, int beforec, char **after, int afterc)
945 char group_membership[6];
950 char before_list_id[32];
951 char before_group_membership[1];
952 int before_security_flag;
953 char before_group_ou[256];
954 LK_ENTRY *ptr = NULL;
956 if (beforec == 0 && afterc == 0)
959 memset(list_id, '\0', sizeof(list_id));
960 memset(before_list_id, '\0', sizeof(before_list_id));
961 memset(before_group_ou, '\0', sizeof(before_group_ou));
962 memset(before_group_membership, '\0', sizeof(before_group_membership));
963 memset(group_ou, '\0', sizeof(group_ou));
964 memset(group_membership, '\0', sizeof(group_membership));
969 if (beforec < L_LIST_ID)
971 if (beforec > L_LIST_DESC)
973 strcpy(before_list_id, before[L_LIST_ID]);
975 before_security_flag = 0;
976 get_group_membership(before_group_membership, before_group_ou,
977 &before_security_flag, before);
982 if (afterc < L_LIST_ID)
984 if (afterc > L_LIST_DESC)
986 strcpy(list_id, after[L_LIST_ID]);
989 get_group_membership(group_membership, group_ou, &security_flag, after);
992 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1001 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1002 before[L_NAME], before_group_ou,
1003 before_group_membership,
1004 before_security_flag, CHECK_GROUPS,
1005 before[L_MAILLIST])))
1007 if (rc == AD_NO_GROUPS_FOUND)
1011 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1012 (rc == AD_MULTIPLE_GROUPS_FOUND))
1014 rc = process_group(ldap_handle, dn_path, before_list_id,
1015 before[L_NAME], before_group_ou,
1016 before_group_membership,
1017 before_security_flag, CLEANUP_GROUPS,
1018 before[L_MAILLIST]);
1020 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1022 com_err(whoami, 0, "Unable to process list %s",
1026 if (rc == AD_NO_GROUPS_FOUND)
1032 if ((beforec != 0) && (afterc != 0))
1034 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1035 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1036 (strcmp(before_group_ou, group_ou)))) &&
1039 com_err(whoami, 0, "Changing list name from %s to %s",
1040 before[L_NAME], after[L_NAME]);
1042 if ((strlen(before_group_ou) == 0) ||
1043 (strlen(before_group_membership) == 0) ||
1044 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1046 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1050 memset(filter, '\0', sizeof(filter));
1052 if ((rc = group_rename(ldap_handle, dn_path,
1053 before[L_NAME], before_group_membership,
1054 before_group_ou, before_security_flag,
1055 before[L_LIST_DESC], after[L_NAME],
1056 group_membership, group_ou, security_flag,
1058 list_id, filter, after[L_MAILLIST])))
1060 if (rc != AD_NO_GROUPS_FOUND)
1063 "Unable to change list name from %s to %s",
1064 before[L_NAME], after[L_NAME]);
1077 if ((strlen(before_group_ou) == 0) ||
1078 (strlen(before_group_membership) == 0))
1081 "Unable to find the group OU for group %s", before[L_NAME]);
1085 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1086 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1087 before_group_membership, before_list_id);
1095 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1097 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1098 group_ou, group_membership,
1099 security_flag, CHECK_GROUPS,
1102 if (rc != AD_NO_GROUPS_FOUND)
1104 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1105 (rc == AD_MULTIPLE_GROUPS_FOUND))
1107 rc = process_group(ldap_handle, dn_path, list_id,
1109 group_ou, group_membership,
1110 security_flag, CLEANUP_GROUPS,
1117 "Unable to create list %s", after[L_NAME]);
1124 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1126 if (rc = moira_connect())
1128 critical_alert("AD incremental",
1129 "Error contacting Moira server : %s",
1136 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1137 &ProcessGroup, after[L_MAILLIST]))
1142 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1143 &ProcessGroup, after[L_MAILLIST]))
1147 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1148 group_ou, group_membership, security_flag,
1149 updateGroup, after[L_MAILLIST]))
1155 if (atoi(after[L_ACTIVE]))
1157 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1158 group_membership, security_flag, list_id);
1166 #define LM_EXTRA_ACTIVE (LM_END)
1167 #define LM_EXTRA_PUBLIC (LM_END+1)
1168 #define LM_EXTRA_HIDDEN (LM_END+2)
1169 #define LM_EXTRA_MAILLIST (LM_END+3)
1170 #define LM_EXTRA_GROUP (LM_END+4)
1171 #define LM_EXTRA_GID (LM_END+5)
1172 #define LMN_LIST_ID (LM_END+6)
1173 #define LM_LIST_ID (LM_END+7)
1174 #define LM_USER_ID (LM_END+8)
1175 #define LM_EXTRA_END (LM_END+9)
1177 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1178 char **before, int beforec, char **after, int afterc)
1180 LK_ENTRY *group_base;
1183 char *attr_array[3];
1184 char group_name[128];
1185 char user_name[128];
1186 char user_type[128];
1187 char moira_list_id[32];
1188 char moira_user_id[32];
1189 char group_membership[1];
1191 char machine_ou[256];
1199 char NewMachineName[1024];
1203 char *save_argv[U_END];
1207 memset(moira_list_id, '\0', sizeof(moira_list_id));
1208 memset(moira_user_id, '\0', sizeof(moira_user_id));
1212 if (afterc < LM_EXTRA_GID)
1215 if (!atoi(after[LM_EXTRA_ACTIVE]))
1218 "Unable to add %s to group %s : group not active",
1219 after[2], after[0]);
1225 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1228 strcpy(user_name, after[LM_MEMBER]);
1229 strcpy(group_name, after[LM_LIST]);
1230 strcpy(user_type, after[LM_TYPE]);
1232 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1234 if (afterc > LM_EXTRA_GROUP)
1236 strcpy(moira_list_id, after[LMN_LIST_ID]);
1237 strcpy(moira_user_id, after[LM_LIST_ID]);
1240 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1242 if (afterc > LMN_LIST_ID)
1244 strcpy(moira_list_id, after[LM_LIST_ID]);
1245 strcpy(moira_user_id, after[LM_USER_ID]);
1250 if (afterc > LM_EXTRA_GID)
1251 strcpy(moira_list_id, after[LMN_LIST_ID]);
1256 if (beforec < LM_EXTRA_GID)
1258 if (!atoi(before[LM_EXTRA_ACTIVE]))
1261 "Unable to add %s to group %s : group not active",
1262 before[2], before[0]);
1268 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1271 strcpy(user_name, before[LM_MEMBER]);
1272 strcpy(group_name, before[LM_LIST]);
1273 strcpy(user_type, before[LM_TYPE]);
1275 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1277 if (beforec > LM_EXTRA_GROUP)
1279 strcpy(moira_list_id, before[LMN_LIST_ID]);
1280 strcpy(moira_user_id, before[LM_LIST_ID]);
1283 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1285 if (beforec > LMN_LIST_ID)
1287 strcpy(moira_list_id, before[LM_LIST_ID]);
1288 strcpy(moira_user_id, before[LM_USER_ID]);
1293 if (beforec > LM_EXTRA_GID)
1294 strcpy(moira_list_id, before[LMN_LIST_ID]);
1301 "Unable to process group : beforec = %d, afterc = %d",
1306 args[L_NAME] = ptr[LM_LIST];
1307 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1308 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1309 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1310 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1311 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1312 args[L_GID] = ptr[LM_EXTRA_GID];
1315 memset(group_ou, '\0', sizeof(group_ou));
1316 get_group_membership(group_membership, group_ou, &security_flag, args);
1318 if (strlen(group_ou) == 0)
1320 com_err(whoami, 0, "Unable to find the group OU for group %s",
1325 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1326 group_ou, group_membership, security_flag,
1327 CHECK_GROUPS, args[L_MAILLIST]))
1329 if (rc != AD_NO_GROUPS_FOUND)
1331 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1332 group_name, group_ou, group_membership,
1333 security_flag, CLEANUP_GROUPS,
1336 if (rc != AD_NO_GROUPS_FOUND)
1339 com_err(whoami, 0, "Unable to add %s to group %s - "
1340 "unable to process group", user_name, group_name);
1342 com_err(whoami, 0, "Unable to remove %s from group %s - "
1343 "unable to process group", user_name, group_name);
1350 if (rc == AD_NO_GROUPS_FOUND)
1352 if (rc = moira_connect())
1354 critical_alert("AD incremental",
1355 "Error contacting Moira server : %s",
1360 com_err(whoami, 0, "creating group %s", group_name);
1363 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1364 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1369 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1370 &ProcessGroup, ptr[LM_EXTRA_MAILLIST]))
1374 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1375 group_ou, group_membership, security_flag, 0,
1376 ptr[LM_EXTRA_MAILLIST]))
1382 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1384 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1385 group_membership, security_flag, moira_list_id);
1395 com_err(whoami, 0, "removing user %s from list %s", user_name,
1399 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1401 memset(machine_ou, '\0', sizeof(machine_ou));
1402 memset(NewMachineName, '\0', sizeof(NewMachineName));
1403 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1404 machine_ou, NewMachineName))
1406 if (ptr[LM_MEMBER] != NULL)
1407 free(ptr[LM_MEMBER]);
1408 ptr[LM_MEMBER] = strdup(NewMachineName);
1409 pUserOu = machine_ou;
1412 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1414 strcpy(member, ptr[LM_MEMBER]);
1418 if((s = strchr(member, '@')) == (char *) NULL)
1420 strcat(member, "@mit.edu");
1422 if (ptr[LM_MEMBER] != NULL)
1423 free(ptr[LM_MEMBER]);
1424 ptr[LM_MEMBER] = strdup(member);
1427 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1429 s = strrchr(member, '.');
1431 strcat(s, ".mit.edu");
1433 if (ptr[LM_MEMBER] != NULL)
1434 free(ptr[LM_MEMBER]);
1435 ptr[LM_MEMBER] = strdup(member);
1439 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1443 pUserOu = contact_ou;
1445 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1447 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1451 pUserOu = kerberos_ou;
1454 if (rc = moira_connect()) {
1455 critical_alert("AD incremental",
1456 "Error contacting Moira server : %s",
1461 if (rc = populate_group(ldap_handle, dn_path, group_name,
1462 group_ou, group_membership,
1463 security_flag, moira_list_id))
1464 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1469 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1471 if (rc = moira_connect())
1473 critical_alert("AD incremental",
1474 "Error contacting Moira server : %s",
1479 if (rc = populate_group(ldap_handle, dn_path, group_name,
1480 group_ou, group_membership, security_flag,
1482 com_err(whoami, 0, "Unable to remove %s from group %s",
1483 user_name, group_name);
1490 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1493 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1495 memset(machine_ou, '\0', sizeof(machine_ou));
1496 memset(NewMachineName, '\0', sizeof(NewMachineName));
1498 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1502 if (ptr[LM_MEMBER] != NULL)
1503 free(ptr[LM_MEMBER]);
1505 ptr[LM_MEMBER] = strdup(NewMachineName);
1506 pUserOu = machine_ou;
1508 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1510 strcpy(member, ptr[LM_MEMBER]);
1514 if((s = strchr(member, '@')) == (char *) NULL)
1516 strcat(member, "@mit.edu");
1518 if (ptr[LM_MEMBER] != NULL)
1519 free(ptr[LM_MEMBER]);
1520 ptr[LM_MEMBER] = strdup(member);
1523 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1525 s = strrchr(member, '.');
1527 strcat(s, ".mit.edu");
1529 if (ptr[LM_MEMBER] != NULL)
1530 free(ptr[LM_MEMBER]);
1531 ptr[LM_MEMBER] = strdup(member);
1535 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1539 pUserOu = contact_ou;
1541 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1543 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1547 pUserOu = kerberos_ou;
1549 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1551 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1552 moira_user_id)) == AD_NO_USER_FOUND)
1554 if (rc = moira_connect())
1556 critical_alert("AD incremental",
1557 "Error connection to Moira : %s",
1562 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1563 av[0] = ptr[LM_MEMBER];
1564 call_args[0] = (char *)ldap_handle;
1565 call_args[1] = dn_path;
1566 call_args[2] = moira_user_id;
1567 call_args[3] = NULL;
1576 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1577 attr_array[0] = "cn";
1578 attr_array[1] = NULL;
1579 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1580 attr_array, &group_base, &group_count,
1581 LDAP_SCOPE_SUBTREE)) != 0)
1583 com_err(whoami, 0, "Unable to process user %s : %s",
1584 ptr[LM_MEMBER], ldap_err2string(rc));
1590 com_err(whoami, 0, "Object already exists with name %s",
1595 linklist_free(group_base);
1600 if (rc = mr_query("get_user_account_by_login", 1, av,
1601 save_query_info, save_argv))
1604 com_err(whoami, 0, "Unable to create user %s : %s",
1605 ptr[LM_MEMBER], error_message(rc));
1609 if (rc = user_create(U_END, save_argv, call_args))
1612 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1619 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1631 if (rc = moira_connect()) {
1632 critical_alert("AD incremental",
1633 "Error contacting Moira server : %s",
1638 if (rc = populate_group(ldap_handle, dn_path, group_name,
1639 group_ou, group_membership, security_flag,
1641 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1646 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1648 if (rc = moira_connect())
1650 critical_alert("AD incremental",
1651 "Error contacting Moira server : %s",
1656 if (rc = populate_group(ldap_handle, dn_path, group_name,
1657 group_ou, group_membership, security_flag,
1659 com_err(whoami, 0, "Unable to add %s to group %s",
1660 user_name, group_name);
1669 #define U_USER_ID 10
1670 #define U_HOMEDIR 11
1671 #define U_PROFILEDIR 12
1673 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1674 char **before, int beforec, char **after,
1677 LK_ENTRY *group_base;
1680 char *attr_array[3];
1683 char after_user_id[32];
1684 char before_user_id[32];
1686 char *save_argv[U_END];
1688 if ((beforec == 0) && (afterc == 0))
1691 memset(after_user_id, '\0', sizeof(after_user_id));
1692 memset(before_user_id, '\0', sizeof(before_user_id));
1694 if (beforec > U_USER_ID)
1695 strcpy(before_user_id, before[U_USER_ID]);
1697 if (afterc > U_USER_ID)
1698 strcpy(after_user_id, after[U_USER_ID]);
1700 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1703 if ((beforec == 0) && (afterc != 0))
1705 /*this case only happens when the account*/
1706 /*account is first created but not usable*/
1708 com_err(whoami, 0, "Unable to process user %s because the user account "
1709 "is not yet usable", after[U_NAME]);
1713 /*this case only happens when the account is expunged */
1715 if ((beforec != 0) && (afterc == 0))
1717 if (atoi(before[U_STATE]) == 0)
1719 com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
1720 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1724 com_err(whoami, 0, "Unable to process because user %s has been "
1725 "previously expungeded", before[U_NAME]);
1730 /*process anything that gets here*/
1732 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1733 before_user_id)) == AD_NO_USER_FOUND)
1735 if (!check_string(after[U_NAME]))
1738 if (rc = moira_connect())
1740 critical_alert("AD incremental",
1741 "Error connection to Moira : %s",
1746 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1748 av[0] = after[U_NAME];
1749 call_args[0] = (char *)ldap_handle;
1750 call_args[1] = dn_path;
1751 call_args[2] = after_user_id;
1752 call_args[3] = NULL;
1760 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1761 attr_array[0] = "cn";
1762 attr_array[1] = NULL;
1764 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1765 &group_base, &group_count,
1766 LDAP_SCOPE_SUBTREE)) != 0)
1768 com_err(whoami, 0, "Unable to process user %s : %s",
1769 after[U_NAME], ldap_err2string(rc));
1773 if (group_count >= 1)
1775 com_err(whoami, 0, "Object already exists with name %s",
1780 linklist_free(group_base);
1785 if (rc = mr_query("get_user_account_by_login", 1, av,
1786 save_query_info, save_argv))
1789 com_err(whoami, 0, "Unable to create user %s : %s",
1790 after[U_NAME], error_message(rc));
1794 if (rc = user_create(U_END, save_argv, call_args))
1796 com_err(whoami, 0, "Unable to create user %s : %s",
1797 after[U_NAME], error_message(rc));
1804 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1816 if (strcmp(before[U_NAME], after[U_NAME]))
1818 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1820 com_err(whoami, 0, "changing user %s to %s",
1821 before[U_NAME], after[U_NAME]);
1823 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1824 after[U_NAME])) != LDAP_SUCCESS)
1831 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1832 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1833 after[U_UID], after[U_MITID],
1834 after_user_id, atoi(after[U_STATE]),
1835 after[U_HOMEDIR], after[U_PROFILEDIR],
1836 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1837 after[U_SHELL], after[U_CLASS]);
1842 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1843 char *oldValue, char *newValue,
1844 char ***modvalues, int type)
1846 LK_ENTRY *linklist_ptr;
1850 if (((*modvalues) = calloc(1,
1851 (modvalue_count + 1) * sizeof(char *))) == NULL)
1856 for (i = 0; i < (modvalue_count + 1); i++)
1857 (*modvalues)[i] = NULL;
1859 if (modvalue_count != 0)
1861 linklist_ptr = linklist_base;
1862 for (i = 0; i < modvalue_count; i++)
1864 if ((oldValue != NULL) && (newValue != NULL))
1866 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1869 if (type == REPLACE)
1871 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1874 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1875 strcpy((*modvalues)[i], newValue);
1879 if (((*modvalues)[i] = calloc(1,
1880 (int)(cPtr - linklist_ptr->value) +
1881 (linklist_ptr->length -
1883 strlen(newValue) + 1)) == NULL)
1885 memset((*modvalues)[i], '\0',
1886 (int)(cPtr - linklist_ptr->value) +
1887 (linklist_ptr->length - strlen(oldValue)) +
1888 strlen(newValue) + 1);
1889 memcpy((*modvalues)[i], linklist_ptr->value,
1890 (int)(cPtr - linklist_ptr->value));
1891 strcat((*modvalues)[i], newValue);
1892 strcat((*modvalues)[i],
1893 &linklist_ptr->value[(int)(cPtr -
1894 linklist_ptr->value) + strlen(oldValue)]);
1899 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1900 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1901 memcpy((*modvalues)[i], linklist_ptr->value,
1902 linklist_ptr->length);
1907 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1908 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1909 memcpy((*modvalues)[i], linklist_ptr->value,
1910 linklist_ptr->length);
1912 linklist_ptr = linklist_ptr->next;
1914 (*modvalues)[i] = NULL;
1920 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1921 char **attr_array, LK_ENTRY **linklist_base,
1922 int *linklist_count, unsigned long ScopeType)
1925 LDAPMessage *ldap_entry;
1929 (*linklist_base) = NULL;
1930 (*linklist_count) = 0;
1932 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1933 search_exp, attr_array, 0,
1934 &ldap_entry)) != LDAP_SUCCESS)
1936 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1940 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1943 ldap_msgfree(ldap_entry);
1947 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1948 LK_ENTRY **linklist_base, int *linklist_count)
1950 char distinguished_name[1024];
1951 LK_ENTRY *linklist_ptr;
1954 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1957 memset(distinguished_name, '\0', sizeof(distinguished_name));
1958 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1960 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1961 linklist_base)) != 0)
1964 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1966 memset(distinguished_name, '\0', sizeof(distinguished_name));
1967 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1969 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1970 distinguished_name, linklist_base)) != 0)
1974 linklist_ptr = (*linklist_base);
1975 (*linklist_count) = 0;
1977 while (linklist_ptr != NULL)
1979 ++(*linklist_count);
1980 linklist_ptr = linklist_ptr->next;
1986 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1987 char *distinguished_name, LK_ENTRY **linklist_current)
1994 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
1997 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1999 ldap_memfree(Attribute);
2000 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2003 retrieve_values(ldap_handle, ldap_entry, Attribute,
2004 distinguished_name, linklist_current);
2005 ldap_memfree(Attribute);
2009 ldap_ber_free(ptr, 0);
2014 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2015 char *Attribute, char *distinguished_name,
2016 LK_ENTRY **linklist_current)
2022 LK_ENTRY *linklist_previous;
2023 LDAP_BERVAL **ber_value;
2032 SID_IDENTIFIER_AUTHORITY *sid_auth;
2033 unsigned char *subauth_count;
2034 #endif /*LDAP_BEGUG*/
2037 memset(temp, '\0', sizeof(temp));
2039 if ((!strcmp(Attribute, "objectSid")) ||
2040 (!strcmp(Attribute, "objectGUID")))
2045 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2046 Ptr = (void **)ber_value;
2051 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2052 Ptr = (void **)str_value;
2060 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2063 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2064 linklist_previous->next = (*linklist_current);
2065 (*linklist_current) = linklist_previous;
2067 if (((*linklist_current)->attribute = calloc(1,
2068 strlen(Attribute) + 1)) == NULL)
2071 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2072 strcpy((*linklist_current)->attribute, Attribute);
2076 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2078 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2081 memset((*linklist_current)->value, '\0', ber_length);
2082 memcpy((*linklist_current)->value,
2083 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2084 (*linklist_current)->length = ber_length;
2088 if (((*linklist_current)->value = calloc(1,
2089 strlen(*Ptr) + 1)) == NULL)
2092 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2093 (*linklist_current)->length = strlen(*Ptr);
2094 strcpy((*linklist_current)->value, *Ptr);
2097 (*linklist_current)->ber_value = use_bervalue;
2099 if (((*linklist_current)->dn = calloc(1,
2100 strlen(distinguished_name) + 1)) == NULL)
2103 memset((*linklist_current)->dn, '\0',
2104 strlen(distinguished_name) + 1);
2105 strcpy((*linklist_current)->dn, distinguished_name);
2108 if (!strcmp(Attribute, "objectGUID"))
2110 guid = (GUID *)((*linklist_current)->value);
2112 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2113 guid->Data1, guid->Data2, guid->Data3,
2114 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2115 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2116 guid->Data4[6], guid->Data4[7]);
2117 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2119 else if (!strcmp(Attribute, "objectSid"))
2121 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2124 print_to_screen(" Revision = %d\n", sid->Revision);
2125 print_to_screen(" SID Identifier Authority:\n");
2126 sid_auth = &sid->IdentifierAuthority;
2127 if (sid_auth->Value[0])
2128 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2129 else if (sid_auth->Value[1])
2130 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2131 else if (sid_auth->Value[2])
2132 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2133 else if (sid_auth->Value[3])
2134 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2135 else if (sid_auth->Value[5])
2136 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2138 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2139 subauth_count = GetSidSubAuthorityCount(sid);
2140 print_to_screen(" SidSubAuthorityCount = %d\n",
2142 print_to_screen(" SidSubAuthority:\n");
2143 for (i = 0; i < *subauth_count; i++)
2145 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2146 print_to_screen(" %u\n", *subauth);
2150 else if ((!memcmp(Attribute, "userAccountControl",
2151 strlen("userAccountControl"))) ||
2152 (!memcmp(Attribute, "sAMAccountType",
2153 strlen("sAmAccountType"))))
2155 intValue = atoi(*Ptr);
2156 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2158 if (!memcmp(Attribute, "userAccountControl",
2159 strlen("userAccountControl")))
2161 if (intValue & UF_ACCOUNTDISABLE)
2162 print_to_screen(" %20s : %s\n",
2163 "", "Account disabled");
2165 print_to_screen(" %20s : %s\n",
2166 "", "Account active");
2167 if (intValue & UF_HOMEDIR_REQUIRED)
2168 print_to_screen(" %20s : %s\n",
2169 "", "Home directory required");
2170 if (intValue & UF_LOCKOUT)
2171 print_to_screen(" %20s : %s\n",
2172 "", "Account locked out");
2173 if (intValue & UF_PASSWD_NOTREQD)
2174 print_to_screen(" %20s : %s\n",
2175 "", "No password required");
2176 if (intValue & UF_PASSWD_CANT_CHANGE)
2177 print_to_screen(" %20s : %s\n",
2178 "", "Cannot change password");
2179 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2180 print_to_screen(" %20s : %s\n",
2181 "", "Temp duplicate account");
2182 if (intValue & UF_NORMAL_ACCOUNT)
2183 print_to_screen(" %20s : %s\n",
2184 "", "Normal account");
2185 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2186 print_to_screen(" %20s : %s\n",
2187 "", "Interdomain trust account");
2188 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2189 print_to_screen(" %20s : %s\n",
2190 "", "Workstation trust account");
2191 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2192 print_to_screen(" %20s : %s\n",
2193 "", "Server trust account");
2198 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2200 #endif /*LDAP_DEBUG*/
2203 if (str_value != NULL)
2204 ldap_value_free(str_value);
2206 if (ber_value != NULL)
2207 ldap_value_free_len(ber_value);
2210 (*linklist_current) = linklist_previous;
2215 int moira_connect(void)
2220 if (!mr_connections++)
2224 memset(HostName, '\0', sizeof(HostName));
2225 strcpy(HostName, "ttsp");
2226 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2230 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2239 int check_winad(void)
2243 for (i = 0; file_exists(STOP_FILE); i++)
2247 critical_alert("AD incremental",
2248 "WINAD incremental failed (%s exists): %s",
2249 STOP_FILE, tbl_buf);
2259 int moira_disconnect(void)
2262 if (!--mr_connections)
2270 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2271 char *distinguished_name)
2275 CName = ldap_get_dn(ldap_handle, ldap_entry);
2280 strcpy(distinguished_name, CName);
2281 ldap_memfree(CName);
2284 int linklist_create_entry(char *attribute, char *value,
2285 LK_ENTRY **linklist_entry)
2287 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2289 if (!(*linklist_entry))
2294 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2295 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2296 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2297 strcpy((*linklist_entry)->attribute, attribute);
2298 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2299 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2300 strcpy((*linklist_entry)->value, value);
2301 (*linklist_entry)->length = strlen(value);
2302 (*linklist_entry)->next = NULL;
2307 void print_to_screen(const char *fmt, ...)
2311 va_start(pvar, fmt);
2312 vfprintf(stderr, fmt, pvar);
2317 int get_group_membership(char *group_membership, char *group_ou,
2318 int *security_flag, char **av)
2323 maillist_flag = atoi(av[L_MAILLIST]);
2324 group_flag = atoi(av[L_GROUP]);
2326 if (security_flag != NULL)
2327 (*security_flag) = 0;
2329 if ((maillist_flag) && (group_flag))
2331 if (group_membership != NULL)
2332 group_membership[0] = 'B';
2334 if (security_flag != NULL)
2335 (*security_flag) = 1;
2337 if (group_ou != NULL)
2338 strcpy(group_ou, group_ou_both);
2340 else if ((!maillist_flag) && (group_flag))
2342 if (group_membership != NULL)
2343 group_membership[0] = 'S';
2345 if (security_flag != NULL)
2346 (*security_flag) = 1;
2348 if (group_ou != NULL)
2349 strcpy(group_ou, group_ou_security);
2351 else if ((maillist_flag) && (!group_flag))
2353 if (group_membership != NULL)
2354 group_membership[0] = 'D';
2356 if (group_ou != NULL)
2357 strcpy(group_ou, group_ou_distribution);
2361 if (group_membership != NULL)
2362 group_membership[0] = 'N';
2364 if (group_ou != NULL)
2365 strcpy(group_ou, group_ou_neither);
2371 int group_rename(LDAP *ldap_handle, char *dn_path,
2372 char *before_group_name, char *before_group_membership,
2373 char *before_group_ou, int before_security_flag,
2374 char *before_desc, char *after_group_name,
2375 char *after_group_membership, char *after_group_ou,
2376 int after_security_flag, char *after_desc,
2377 char *MoiraId, char *filter, char *maillist)
2382 char new_dn_path[512];
2385 char mail_nickname[256];
2386 char proxy_address[256];
2387 char address_book[256];
2388 char *attr_array[3];
2389 char *mitMoiraId_v[] = {NULL, NULL};
2390 char *name_v[] = {NULL, NULL};
2391 char *samAccountName_v[] = {NULL, NULL};
2392 char *groupTypeControl_v[] = {NULL, NULL};
2393 char *mail_v[] = {NULL, NULL};
2394 char *proxy_address_v[] = {NULL, NULL};
2395 char *mail_nickname_v[] = {NULL, NULL};
2396 char *report_to_originator_v[] = {NULL, NULL};
2397 char *address_book_v[] = {NULL, NULL};
2398 char *legacy_exchange_dn_v[] = {NULL, NULL};
2399 u_int groupTypeControl;
2400 char groupTypeControlStr[80];
2401 char contact_mail[256];
2405 LK_ENTRY *group_base;
2407 int MailDisabled = 0;
2409 if(UseGroupUniversal)
2410 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2412 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2414 if (!check_string(before_group_name))
2417 "Unable to process invalid LDAP list name %s",
2419 return(AD_INVALID_NAME);
2422 if (!check_string(after_group_name))
2425 "Unable to process invalid LDAP list name %s", after_group_name);
2426 return(AD_INVALID_NAME);
2436 sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
2437 attr_array[0] = "cn";
2438 attr_array[1] = NULL;
2440 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2441 &group_base, &group_count,
2442 LDAP_SCOPE_SUBTREE)) != 0)
2444 com_err(whoami, 0, "Unable to process group %s : %s",
2445 after_group_name, ldap_err2string(rc));
2451 com_err(whoami, 0, "Object already exists with name %s",
2456 linklist_free(group_base);
2465 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2466 before_group_membership,
2467 MoiraId, "samAccountName", &group_base,
2468 &group_count, filter))
2471 if (group_count == 0)
2473 return(AD_NO_GROUPS_FOUND);
2476 if (group_count != 1)
2478 com_err(whoami, 0, "Unable to process multiple groups with "
2479 "MoiraId = %s exist in the AD", MoiraId);
2480 return(AD_MULTIPLE_GROUPS_FOUND);
2483 strcpy(old_dn, group_base->dn);
2485 linklist_free(group_base);
2488 attr_array[0] = "sAMAccountName";
2489 attr_array[1] = NULL;
2491 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2492 &group_base, &group_count,
2493 LDAP_SCOPE_SUBTREE)) != 0)
2495 com_err(whoami, 0, "Unable to get list %s dn : %s",
2496 after_group_name, ldap_err2string(rc));
2500 if (group_count != 1)
2503 "Unable to get sAMAccountName for group %s",
2505 return(AD_LDAP_FAILURE);
2508 strcpy(sam_name, group_base->value);
2509 linklist_free(group_base);
2513 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2514 sprintf(new_dn, "cn=%s", after_group_name);
2515 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2516 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2517 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2518 lowercase(ldap_domain));
2519 sprintf(mail_nickname, "%s", after_group_name);
2521 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2523 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2524 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2526 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2527 before_group_name, after_group_name, ldap_err2string(rc));
2531 name_v[0] = after_group_name;
2533 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2534 group_suffix, strlen(group_suffix)))
2536 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2541 "Unable to rename list from %s to %s : sAMAccountName not found",
2542 before_group_name, after_group_name);
2546 samAccountName_v[0] = sam_name;
2548 if (after_security_flag)
2549 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2551 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2552 groupTypeControl_v[0] = groupTypeControlStr;
2553 mitMoiraId_v[0] = MoiraId;
2555 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2556 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2559 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2560 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2561 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2562 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2566 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2568 mail_nickname_v[0] = mail_nickname;
2569 proxy_address_v[0] = proxy_address;
2571 report_to_originator_v[0] = "TRUE";
2573 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2574 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2575 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2576 ADD_ATTR("reportToOriginator", report_to_originator_v,
2581 mail_nickname_v[0] = NULL;
2582 proxy_address_v[0] = NULL;
2584 legacy_exchange_dn_v[0] = NULL;
2585 address_book_v[0] = NULL;
2586 report_to_originator_v[0] = NULL;
2588 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2589 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2590 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2591 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2592 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2593 ADD_ATTR("reportToOriginator", report_to_originator_v,
2599 if(atoi(maillist) && email_isvalid(contact_mail))
2601 mail_v[0] = contact_mail;
2602 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2608 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2611 "Unable to modify list data for %s after renaming: %s",
2612 after_group_name, ldap_err2string(rc));
2615 for (i = 0; i < n; i++)
2621 int group_create(int ac, char **av, void *ptr)
2626 char new_group_name[256];
2627 char sam_group_name[256];
2628 char cn_group_name[256];
2630 char contact_mail[256];
2631 char mail_nickname[256];
2632 char proxy_address[256];
2633 char address_book[256];
2634 char *cn_v[] = {NULL, NULL};
2635 char *objectClass_v[] = {"top", "group", NULL};
2636 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2637 "group", "mailRecipient", NULL};
2639 char *samAccountName_v[] = {NULL, NULL};
2640 char *altSecurityIdentities_v[] = {NULL, NULL};
2641 char *member_v[] = {NULL, NULL};
2642 char *name_v[] = {NULL, NULL};
2643 char *desc_v[] = {NULL, NULL};
2644 char *info_v[] = {NULL, NULL};
2645 char *mitMoiraId_v[] = {NULL, NULL};
2646 char *mitMoiraPublic_v[] = {NULL, NULL};
2647 char *mitMoiraHidden_v[] = {NULL, NULL};
2648 char *groupTypeControl_v[] = {NULL, NULL};
2649 char *mail_v[] = {NULL, NULL};
2650 char *proxy_address_v[] = {NULL, NULL};
2651 char *mail_nickname_v[] = {NULL, NULL};
2652 char *report_to_originator_v[] = {NULL, NULL};
2653 char *address_book_v[] = {NULL, NULL};
2654 char *legacy_exchange_dn_v[] = {NULL, NULL};
2655 char *gidNumber_v[] = {NULL, NULL};
2656 char groupTypeControlStr[80];
2657 char group_membership[1];
2660 u_int groupTypeControl;
2664 int MailDisabled = 0;
2666 LK_ENTRY *group_base;
2669 char *attr_array[3];
2673 if(UseGroupUniversal)
2674 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2676 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2678 if (!check_string(av[L_NAME]))
2680 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2682 return(AD_INVALID_NAME);
2685 updateGroup = (int)call_args[4];
2686 memset(group_ou, 0, sizeof(group_ou));
2687 memset(group_membership, 0, sizeof(group_membership));
2690 get_group_membership(group_membership, group_ou, &security_flag, av);
2692 strcpy(new_group_name, av[L_NAME]);
2693 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2694 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2695 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2696 sprintf(mail_nickname, "%s", av[L_NAME]);
2699 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2701 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2705 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2706 groupTypeControl_v[0] = groupTypeControlStr;
2708 strcpy(cn_group_name, av[L_NAME]);
2710 samAccountName_v[0] = sam_group_name;
2711 name_v[0] = new_group_name;
2712 cn_v[0] = new_group_name;
2715 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2719 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2723 mitMoiraPublic_v[0] = av[L_PUBLIC];
2724 mitMoiraHidden_v[0] = av[L_HIDDEN];
2725 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2726 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2727 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2729 if(atoi(av[L_GROUP]))
2731 gidNumber_v[0] = av[L_GID];
2732 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2736 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2737 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2738 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2742 if(atoi(av[L_MAILLIST]))
2747 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2748 attr_array[0] = "cn";
2749 attr_array[1] = NULL;
2751 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2752 filter, attr_array, &group_base,
2754 LDAP_SCOPE_SUBTREE)) != 0)
2756 com_err(whoami, 0, "Unable to process group %s : %s",
2757 av[L_NAME], ldap_err2string(rc));
2763 com_err(whoami, 0, "Object already exists with name %s",
2768 linklist_free(group_base);
2773 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2775 mail_nickname_v[0] = mail_nickname;
2776 report_to_originator_v[0] = "TRUE";
2778 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2779 ADD_ATTR("reportToOriginator", report_to_originator_v,
2785 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2787 mail_v[0] = contact_mail;
2788 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2792 if (strlen(av[L_DESC]) != 0)
2794 desc_v[0] = av[L_DESC];
2795 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2798 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2800 if (strlen(av[L_ACE_NAME]) != 0)
2802 sprintf(info, "The Administrator of this list is: %s",
2805 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2808 if (strlen(call_args[5]) != 0)
2810 mitMoiraId_v[0] = call_args[5];
2811 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2816 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2818 for (i = 0; i < n; i++)
2821 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2823 com_err(whoami, 0, "Unable to create list %s in AD : %s",
2824 av[L_NAME], ldap_err2string(rc));
2830 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2832 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2833 "description", av[L_NAME]);
2834 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2836 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2841 if (strlen(call_args[5]) != 0)
2843 mitMoiraId_v[0] = call_args[5];
2844 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2847 if (!(atoi(av[L_ACTIVE])))
2850 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2853 if (!ActiveDirectory)
2855 mitMoiraPublic_v[0] = av[L_PUBLIC];
2856 mitMoiraHidden_v[0] = av[L_HIDDEN];
2857 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2858 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2860 if(atoi(av[L_GROUP]))
2862 gidNumber_v[0] = av[L_GID];
2863 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2867 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2873 if(atoi(av[L_MAILLIST]))
2878 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2879 attr_array[0] = "cn";
2880 attr_array[1] = NULL;
2882 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2883 filter, attr_array, &group_base,
2885 LDAP_SCOPE_SUBTREE)) != 0)
2887 com_err(whoami, 0, "Unable to process group %s : %s",
2888 av[L_NAME], ldap_err2string(rc));
2894 com_err(whoami, 0, "Object already exists with name %s",
2899 linklist_free(group_base);
2904 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2906 mail_nickname_v[0] = mail_nickname;
2907 report_to_originator_v[0] = "TRUE";
2909 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2910 ADD_ATTR("reportToOriginator", report_to_originator_v,
2916 mail_nickname_v[0] = NULL;
2917 proxy_address_v[0] = NULL;
2918 legacy_exchange_dn_v[0] = NULL;
2919 address_book_v[0] = NULL;
2920 report_to_originator_v[0] = NULL;
2922 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2923 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2924 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2925 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2927 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2928 ADD_ATTR("reportToOriginator", report_to_originator_v,
2934 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2936 mail_v[0] = contact_mail;
2937 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2942 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2951 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
2953 for (i = 0; i < n; i++)
2956 if (rc != LDAP_SUCCESS)
2958 com_err(whoami, 0, "Unable to update list %s in AD : %s",
2959 av[L_NAME], ldap_err2string(rc));
2966 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
2967 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
2969 return(LDAP_SUCCESS);
2972 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
2973 char *TargetGroupName, int HiddenGroup,
2974 char *AceType, char *AceName)
2976 char filter_exp[1024];
2977 char *attr_array[5];
2978 char search_path[512];
2980 char TemplateDn[512];
2981 char TemplateSamName[128];
2983 char TargetSamName[128];
2984 char AceSamAccountName[128];
2986 unsigned char AceSid[128];
2987 unsigned char UserTemplateSid[128];
2988 char acBERBuf[N_SD_BER_BYTES];
2989 char GroupSecurityTemplate[256];
2990 char hide_addres_lists[256];
2991 char address_book[256];
2992 char *hide_address_lists_v[] = {NULL, NULL};
2993 char *address_book_v[] = {NULL, NULL};
2994 char *owner_v[] = {NULL, NULL};
2996 int UserTemplateSidCount;
3003 int array_count = 0;
3005 LK_ENTRY *group_base;
3006 LDAP_BERVAL **ppsValues;
3007 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3008 { N_SD_BER_BYTES, acBERBuf },
3011 LDAPControl *apsServerControls[] = {&sControl, NULL};
3014 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3015 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3016 BEREncodeSecurityBits(dwInfo, acBERBuf);
3018 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3019 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3020 attr_array[0] = "sAMAccountName";
3021 attr_array[1] = NULL;
3025 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3026 &group_base, &group_count,
3027 LDAP_SCOPE_SUBTREE) != 0))
3030 if (group_count != 1)
3032 linklist_free(group_base);
3036 strcpy(TargetDn, group_base->dn);
3037 strcpy(TargetSamName, group_base->value);
3038 linklist_free(group_base);
3042 UserTemplateSidCount = 0;
3043 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3044 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3045 memset(AceSid, '\0', sizeof(AceSid));
3050 if (strlen(AceName) != 0)
3052 if (!strcmp(AceType, "LIST"))
3054 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3055 strcpy(root_ou, group_ou_root);
3057 else if (!strcmp(AceType, "USER"))
3059 sprintf(AceSamAccountName, "%s", AceName);
3060 strcpy(root_ou, user_ou);
3063 if (ActiveDirectory)
3065 if (strlen(AceSamAccountName) != 0)
3067 sprintf(search_path, "%s", dn_path);
3068 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3069 attr_array[0] = "objectSid";
3070 attr_array[1] = NULL;
3074 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3075 attr_array, &group_base, &group_count,
3076 LDAP_SCOPE_SUBTREE) != 0))
3078 if (group_count == 1)
3080 strcpy(AceDn, group_base->dn);
3081 AceSidCount = group_base->length;
3082 memcpy(AceSid, group_base->value, AceSidCount);
3084 linklist_free(group_base);
3091 if (strlen(AceSamAccountName) != 0)
3093 sprintf(search_path, "%s", dn_path);
3094 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3095 attr_array[0] = "samAccountName";
3096 attr_array[1] = NULL;
3100 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3101 attr_array, &group_base, &group_count,
3102 LDAP_SCOPE_SUBTREE) != 0))
3104 if (group_count == 1)
3106 strcpy(AceDn, group_base->dn);
3108 linklist_free(group_base);
3115 if (!ActiveDirectory)
3117 if (strlen(AceDn) != 0)
3119 owner_v[0] = strdup(AceDn);
3121 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3125 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3127 for (i = 0; i < n; i++)
3130 if (rc != LDAP_SUCCESS)
3131 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3132 TargetGroupName, ldap_err2string(rc));
3138 if (AceSidCount == 0)
3140 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3141 "have an AD SID.", TargetGroupName, AceName, AceType);
3142 com_err(whoami, 0, " Non-admin security group template will be used.");
3146 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3147 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3148 attr_array[0] = "objectSid";
3149 attr_array[1] = NULL;
3154 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3155 attr_array, &group_base, &group_count,
3156 LDAP_SCOPE_SUBTREE) != 0))
3159 if ((rc != 0) || (group_count != 1))
3161 com_err(whoami, 0, "Unable to process user security template: %s",
3167 UserTemplateSidCount = group_base->length;
3168 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3170 linklist_free(group_base);
3177 if (AceSidCount == 0)
3179 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3180 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3184 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3185 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3190 if (AceSidCount == 0)
3192 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3193 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3197 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3198 sprintf(filter_exp, "(sAMAccountName=%s)",
3199 NOT_HIDDEN_GROUP_WITH_ADMIN);
3203 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3204 attr_array[0] = "sAMAccountName";
3205 attr_array[1] = NULL;
3209 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3210 &group_base, &group_count,
3211 LDAP_SCOPE_SUBTREE) != 0))
3214 if (group_count != 1)
3216 linklist_free(group_base);
3217 com_err(whoami, 0, "Unable to process group security template: %s - "
3218 "security not set", GroupSecurityTemplate);
3222 strcpy(TemplateDn, group_base->dn);
3223 strcpy(TemplateSamName, group_base->value);
3224 linklist_free(group_base);
3228 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3229 rc = ldap_search_ext_s(ldap_handle,
3241 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3243 com_err(whoami, 0, "Unable to find group security template: %s - "
3244 "security not set", GroupSecurityTemplate);
3248 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3250 if (ppsValues == NULL)
3252 com_err(whoami, 0, "Unable to find group security descriptor for group "
3253 "%s - security not set", GroupSecurityTemplate);
3257 if (AceSidCount != 0)
3259 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3262 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3264 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3265 UserTemplateSidCount))
3267 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3275 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3276 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3282 hide_address_lists_v[0] = "TRUE";
3283 address_book_v[0] = NULL;
3284 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3286 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3288 hide_address_lists_v[0] = NULL;
3289 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3296 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3298 for (i = 0; i < n; i++)
3301 ldap_value_free_len(ppsValues);
3302 ldap_msgfree(psMsg);
3304 if (rc != LDAP_SUCCESS)
3306 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3307 TargetGroupName, ldap_err2string(rc));
3309 if (AceSidCount != 0)
3312 "Trying to set security for group %s without admin.",
3315 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3316 HiddenGroup, "", ""))
3318 com_err(whoami, 0, "Unable to set security for group %s.",
3329 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3330 char *group_membership, char *MoiraId)
3332 LK_ENTRY *group_base;
3338 if (!check_string(group_name))
3341 "Unable to process invalid LDAP list name %s", group_name);
3342 return(AD_INVALID_NAME);
3345 memset(filter, '\0', sizeof(filter));
3348 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3350 if (rc = ad_get_group(ldap_handle, temp, group_name,
3351 group_membership, MoiraId,
3352 "samAccountName", &group_base,
3353 &group_count, filter))
3356 if (group_count == 1)
3358 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3360 linklist_free(group_base);
3361 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
3362 group_name, ldap_err2string(rc));
3365 linklist_free(group_base);
3369 linklist_free(group_base);
3370 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
3371 return(AD_NO_GROUPS_FOUND);
3377 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3383 return(N_SD_BER_BYTES);
3386 int process_lists(int ac, char **av, void *ptr)
3391 char group_membership[2];
3397 memset(group_ou, '\0', sizeof(group_ou));
3398 memset(group_membership, '\0', sizeof(group_membership));
3399 get_group_membership(group_membership, group_ou, &security_flag, av);
3400 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3401 av[L_NAME], group_ou, group_membership,
3407 int member_list_build(int ac, char **av, void *ptr)
3415 strcpy(temp, av[ACE_NAME]);
3417 if (!check_string(temp))
3420 if (!strcmp(av[ACE_TYPE], "USER"))
3422 if (!((int)call_args[3] & MOIRA_USERS))
3425 else if (!strcmp(av[ACE_TYPE], "STRING"))
3429 if((s = strchr(temp, '@')) == (char *) NULL)
3431 strcat(temp, "@mit.edu");
3434 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3436 s = strrchr(temp, '.');
3438 strcat(s, ".mit.edu");
3442 if (!((int)call_args[3] & MOIRA_STRINGS))
3445 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3449 else if (!strcmp(av[ACE_TYPE], "LIST"))
3451 if (!((int)call_args[3] & MOIRA_LISTS))
3454 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3456 if (!((int)call_args[3] & MOIRA_KERBEROS))
3459 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3467 linklist = member_base;
3471 if (!strcasecmp(temp, linklist->member))
3474 linklist = linklist->next;
3477 linklist = calloc(1, sizeof(LK_ENTRY));
3479 linklist->dn = NULL;
3480 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3481 strcpy(linklist->list, call_args[2]);
3482 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3483 strcpy(linklist->type, av[ACE_TYPE]);
3484 linklist->member = calloc(1, strlen(temp) + 1);
3485 strcpy(linklist->member, temp);
3486 linklist->next = member_base;
3487 member_base = linklist;
3492 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3493 char *group_ou, char *group_membership, char *user_name,
3494 char *UserOu, char *MoiraId)
3496 char distinguished_name[1024];
3500 char *attr_array[3];
3505 LK_ENTRY *group_base;
3509 if (!check_string(group_name))
3510 return(AD_INVALID_NAME);
3512 memset(filter, '\0', sizeof(filter));
3516 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3517 group_membership, MoiraId,
3518 "samAccountName", &group_base,
3519 &group_count, filter))
3522 if (group_count != 1)
3524 com_err(whoami, 0, "Unable to find list %s in AD",
3526 linklist_free(group_base);
3532 strcpy(distinguished_name, group_base->dn);
3533 linklist_free(group_base);
3539 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3543 if(!strcmp(UserOu, user_ou))
3544 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3546 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3549 modvalues[0] = temp;
3550 modvalues[1] = NULL;
3553 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3555 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3557 for (i = 0; i < n; i++)
3560 if (rc == LDAP_UNWILLING_TO_PERFORM)
3563 if (rc != LDAP_SUCCESS)
3565 com_err(whoami, 0, "Unable to modify list %s members : %s",
3566 group_name, ldap_err2string(rc));
3570 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3574 if(!strcmp(UserOu, contact_ou) &&
3575 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3577 memset(temp, '\0', sizeof(temp));
3578 strcpy(temp, user_name);
3579 s = strchr(temp, '@');
3582 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3584 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3585 &group_base, &group_count,
3586 LDAP_SCOPE_SUBTREE) != 0))
3592 linklist_free(group_base);
3597 sprintf(filter, "(distinguishedName=%s)", temp);
3598 attr_array[0] = "memberOf";
3599 attr_array[1] = NULL;
3601 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3602 &group_base, &group_count,
3603 LDAP_SCOPE_SUBTREE) != 0))
3609 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3611 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3621 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3622 char *group_ou, char *group_membership, char *user_name,
3623 char *UserOu, char *MoiraId)
3625 char distinguished_name[1024];
3633 LK_ENTRY *group_base;
3636 if (!check_string(group_name))
3637 return(AD_INVALID_NAME);
3640 memset(filter, '\0', sizeof(filter));
3644 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3645 group_membership, MoiraId,
3646 "samAccountName", &group_base,
3647 &group_count, filter))
3650 if (group_count != 1)
3652 linklist_free(group_base);
3655 com_err(whoami, 0, "Unable to find list %s %d in AD",
3656 group_name, group_count);
3657 return(AD_MULTIPLE_GROUPS_FOUND);
3660 strcpy(distinguished_name, group_base->dn);
3661 linklist_free(group_base);
3667 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3671 if(!strcmp(UserOu, user_ou))
3672 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3674 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3677 modvalues[0] = temp;
3678 modvalues[1] = NULL;
3681 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3683 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3685 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3688 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3690 if (rc == LDAP_UNWILLING_TO_PERFORM)
3694 for (i = 0; i < n; i++)
3697 if (rc != LDAP_SUCCESS)
3699 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3700 user_name, group_name, ldap_err2string(rc));
3706 int contact_remove_email(LDAP *ld, char *bind_path,
3707 LK_ENTRY **linklist_base, int linklist_current)
3711 char *mail_v[] = {NULL, NULL};
3719 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3720 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3721 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3722 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3725 gPtr = (*linklist_base);
3728 rc = ldap_modify_s(ld, gPtr->dn, mods);
3730 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3732 com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
3733 gPtr->dn, ldap_err2string(rc));
3740 for (i = 0; i < n; i++)
3746 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3749 LK_ENTRY *group_base;
3752 char cn_user_name[256];
3753 char contact_name[256];
3754 char mail_nickname[256];
3755 char proxy_address_internal[256];
3756 char proxy_address_external[256];
3757 char target_address[256];
3758 char internal_contact_name[256];
3761 char principal[256];
3762 char mit_address_book[256];
3763 char default_address_book[256];
3764 char contact_address_book[256];
3766 char *email_v[] = {NULL, NULL};
3767 char *cn_v[] = {NULL, NULL};
3768 char *contact_v[] = {NULL, NULL};
3769 char *uid_v[] = {NULL, NULL};
3770 char *mail_nickname_v[] = {NULL, NULL};
3771 char *proxy_address_internal_v[] = {NULL, NULL};
3772 char *proxy_address_external_v[] = {NULL, NULL};
3773 char *target_address_v[] = {NULL, NULL};
3774 char *mit_address_book_v[] = {NULL, NULL};
3775 char *default_address_book_v[] = {NULL, NULL};
3776 char *contact_address_book_v[] = {NULL, NULL};
3777 char *hide_address_lists_v[] = {NULL, NULL};
3778 char *attr_array[3];
3779 char *objectClass_v[] = {"top", "person",
3780 "organizationalPerson",
3782 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3783 "inetOrgPerson", "organizationalPerson",
3784 "contact", "mailRecipient", "eduPerson",
3786 char *name_v[] = {NULL, NULL};
3787 char *desc_v[] = {NULL, NULL};
3794 char *mail_routing_v[] = {NULL, NULL};
3795 char *principal_v[] = {NULL, NULL};
3797 if (!check_string(user))
3799 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3800 return(AD_INVALID_NAME);
3804 strcpy(contact_name, mail);
3805 strcpy(internal_contact_name, mail);
3807 if((s = strchr(internal_contact_name, '@')) != NULL) {
3811 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3814 sprintf(target_address, "SMTP:%s", contact_name);
3815 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3816 sprintf(mail_nickname, "%s", internal_contact_name);
3818 cn_v[0] = cn_user_name;
3819 contact_v[0] = contact_name;
3822 desc_v[0] = "Auto account created by Moira";
3824 proxy_address_internal_v[0] = proxy_address_internal;
3825 proxy_address_external_v[0] = proxy_address_external;
3826 mail_nickname_v[0] = mail_nickname;
3827 target_address_v[0] = target_address;
3828 mit_address_book_v[0] = mit_address_book;
3829 default_address_book_v[0] = default_address_book;
3830 contact_address_book_v[0] = contact_address_book;
3831 strcpy(new_dn, cn_user_name);
3834 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3836 if(!ActiveDirectory)
3838 if(!strcmp(group_ou, contact_ou))
3839 sprintf(uid, "%s%s", contact_name, "_strings");
3841 if(!strcmp(group_ou, kerberos_ou))
3842 sprintf(uid, "%s%s", contact_name, "_kerberos");
3846 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3847 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3852 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3856 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3859 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3860 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3861 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3865 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3870 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3871 attr_array[0] = "cn";
3872 attr_array[1] = NULL;
3874 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3875 &group_base, &group_count,
3876 LDAP_SCOPE_SUBTREE)) != 0)
3878 com_err(whoami, 0, "Unable to process contact %s : %s",
3879 user, ldap_err2string(rc));
3885 com_err(whoami, 0, "Object already exists with name %s",
3890 linklist_free(group_base);
3894 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3895 attr_array[0] = "cn";
3896 attr_array[1] = NULL;
3898 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3899 &group_base, &group_count,
3900 LDAP_SCOPE_SUBTREE)) != 0)
3902 com_err(whoami, 0, "Unable to process contact %s : %s",
3903 user, ldap_err2string(rc));
3909 com_err(whoami, 0, "Object already exists with name %s",
3914 linklist_free(group_base);
3918 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
3919 attr_array[0] = "cn";
3920 attr_array[1] = NULL;
3922 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3923 &group_base, &group_count,
3924 LDAP_SCOPE_SUBTREE)) != 0)
3926 com_err(whoami, 0, "Unable to process contact %s : %s",
3927 user, ldap_err2string(rc));
3933 com_err(whoami, 0, "Object already exists with name %s",
3938 linklist_free(group_base);
3942 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
3943 attr_array[0] = "cn";
3944 attr_array[1] = NULL;
3946 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3947 &group_base, &group_count,
3948 LDAP_SCOPE_SUBTREE)) != 0)
3950 com_err(whoami, 0, "Unable to process contact %s : %s",
3951 user, ldap_err2string(rc));
3957 com_err(whoami, 0, "Object already exists with name %s",
3962 linklist_free(group_base);
3966 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
3967 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
3968 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
3969 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
3971 hide_address_lists_v[0] = "TRUE";
3972 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3977 if(!ActiveDirectory)
3979 if((c = strchr(mail, '@')) == NULL)
3980 sprintf(temp, "%s@mit.edu", mail);
3982 sprintf(temp, "%s", mail);
3984 mail_routing_v[0] = temp;
3986 principal_v[0] = principal;
3988 if(!strcmp(group_ou, contact_ou))
3990 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
3993 if(!strcmp(group_ou, contact_ou))
3995 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4001 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4003 for (i = 0; i < n; i++)
4008 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4009 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4013 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4014 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4015 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4017 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4019 hide_address_lists_v[0] = "TRUE";
4020 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4024 rc = ldap_modify_s(ld, new_dn, mods);
4028 com_err(whoami, 0, "Unable to update contact %s", mail);
4031 for (i = 0; i < n; i++)
4036 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4039 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
4043 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
4047 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
4050 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
4051 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
4052 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
4054 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4056 for (i = 0; i < n; i++)
4060 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4062 com_err(whoami, 0, "Unable to create contact %s : %s",
4063 user, ldap_err2string(rc));
4070 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4071 char *Uid, char *MitId, char *MoiraId, int State,
4072 char *WinHomeDir, char *WinProfileDir, char *first,
4073 char *middle, char *last, char *shell, char *class)
4076 LK_ENTRY *group_base;
4078 char distinguished_name[512];
4079 char displayName[256];
4080 char *mitMoiraId_v[] = {NULL, NULL};
4081 char *mitMoiraClass_v[] = {NULL, NULL};
4082 char *mitMoiraStatus_v[] = {NULL, NULL};
4083 char *uid_v[] = {NULL, NULL};
4084 char *mitid_v[] = {NULL, NULL};
4085 char *homedir_v[] = {NULL, NULL};
4086 char *winProfile_v[] = {NULL, NULL};
4087 char *drives_v[] = {NULL, NULL};
4088 char *userAccountControl_v[] = {NULL, NULL};
4089 char *alt_recipient_v[] = {NULL, NULL};
4090 char *hide_address_lists_v[] = {NULL, NULL};
4091 char *mail_v[] = {NULL, NULL};
4092 char *gid_v[] = {NULL, NULL};
4093 char *loginshell_v[] = {NULL, NULL};
4094 char *principal_v[] = {NULL, NULL};
4095 char userAccountControlStr[80];
4100 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4101 UF_PASSWD_CANT_CHANGE;
4103 char *attr_array[3];
4106 char contact_mail[256];
4107 char filter_exp[1024];
4108 char search_path[512];
4109 char TemplateDn[512];
4110 char TemplateSamName[128];
4111 char alt_recipient[256];
4112 char principal[256];
4114 char acBERBuf[N_SD_BER_BYTES];
4115 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4116 { N_SD_BER_BYTES, acBERBuf },
4118 LDAPControl *apsServerControls[] = {&sControl, NULL};
4120 LDAP_BERVAL **ppsValues;
4124 char *homeServerName;
4126 char search_string[256];
4128 char *mail_routing_v[] = {NULL, NULL};
4131 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4132 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4133 BEREncodeSecurityBits(dwInfo, acBERBuf);
4135 if (!check_string(user_name))
4137 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4139 return(AD_INVALID_NAME);
4142 memset(contact_mail, '\0', sizeof(contact_mail));
4143 sprintf(contact_mail, "%s@mit.edu", user_name);
4144 memset(mail, '\0', sizeof(mail));
4145 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4146 memset(alt_recipient, '\0', sizeof(alt_recipient));
4147 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4149 sprintf(search_string, "@%s", uppercase(ldap_domain));
4153 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4155 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4162 memset(displayName, '\0', sizeof(displayName));
4164 if (strlen(MoiraId) != 0)
4168 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4173 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4176 attr_array[0] = "cn";
4177 attr_array[1] = NULL;
4178 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4179 &group_base, &group_count,
4180 LDAP_SCOPE_SUBTREE)) != 0)
4182 com_err(whoami, 0, "Unable to process user %s : %s",
4183 user_name, ldap_err2string(rc));
4188 if (group_count != 1)
4190 linklist_free(group_base);
4193 sprintf(filter, "(sAMAccountName=%s)", user_name);
4194 attr_array[0] = "cn";
4195 attr_array[1] = NULL;
4196 sprintf(temp, "%s,%s", user_ou, dn_path);
4197 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4198 &group_base, &group_count,
4199 LDAP_SCOPE_SUBTREE)) != 0)
4201 com_err(whoami, 0, "Unable to process user %s : %s",
4202 user_name, ldap_err2string(rc));
4207 if (group_count != 1)
4209 com_err(whoami, 0, "Unable to find user %s in AD",
4211 linklist_free(group_base);
4212 return(AD_NO_USER_FOUND);
4215 strcpy(distinguished_name, group_base->dn);
4217 linklist_free(group_base);
4220 if(!ActiveDirectory)
4222 if (rc = moira_connect())
4224 critical_alert("AD incremental",
4225 "Error contacting Moira server : %s",
4230 argv[0] = user_name;
4232 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4235 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4237 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4239 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4244 "Unable to set the mailRoutingAddress for %s : %s",
4245 user_name, ldap_err2string(rc));
4247 p = strdup(save_argv[3]);
4249 if((c = strchr(p, ',')) != NULL)
4254 if ((c = strchr(q, '@')) == NULL)
4255 sprintf(temp, "%s@mit.edu", q);
4257 sprintf(temp, "%s", q);
4259 if(email_isvalid(temp) && State != US_DELETED)
4261 mail_routing_v[0] = temp;
4264 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4266 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4268 if (rc == LDAP_ALREADY_EXISTS ||
4269 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4274 "Unable to set the mailRoutingAddress for %s : %s",
4275 user_name, ldap_err2string(rc));
4278 while((q = strtok(NULL, ",")) != NULL) {
4281 if((c = strchr(q, '@')) == NULL)
4282 sprintf(temp, "%s@mit.edu", q);
4284 sprintf(temp, "%s", q);
4286 if(email_isvalid(temp) && State != US_DELETED)
4288 mail_routing_v[0] = temp;
4291 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4294 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4296 if (rc == LDAP_ALREADY_EXISTS ||
4297 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4302 "Unable to set the mailRoutingAddress for "
4304 user_name, ldap_err2string(rc));
4310 if((c = strchr(p, '@')) == NULL)
4311 sprintf(temp, "%s@mit.edu", p);
4313 sprintf(temp, "%s", p);
4315 if(email_isvalid(temp) && State != US_DELETED)
4317 mail_routing_v[0] = temp;
4320 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4322 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4324 if (rc == LDAP_ALREADY_EXISTS ||
4325 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4330 "Unable to set the mailRoutingAddress for %s : %s",
4331 user_name, ldap_err2string(rc));
4338 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4339 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4340 "employeeID", user_name);
4342 rc = attribute_update(ldap_handle, distinguished_name, "none",
4343 "employeeID", user_name);
4346 strcat(displayName, first);
4349 if(strlen(middle)) {
4351 strcat(displayName, " ");
4353 strcat(displayName, middle);
4357 if(strlen(middle) || strlen(first))
4358 strcat(displayName, " ");
4360 strcat(displayName, last);
4363 if(strlen(displayName))
4364 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4365 "displayName", user_name);
4367 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4368 "displayName", user_name);
4370 if(!ActiveDirectory)
4372 if(strlen(displayName))
4373 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4376 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4380 if(!ActiveDirectory)
4382 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4383 "eduPersonNickname", user_name);
4387 rc = attribute_update(ldap_handle, distinguished_name, first,
4388 "givenName", user_name);
4390 rc = attribute_update(ldap_handle, distinguished_name, "",
4391 "givenName", user_name);
4393 if(strlen(middle) == 1)
4394 rc = attribute_update(ldap_handle, distinguished_name, middle,
4395 "initials", user_name);
4397 rc = attribute_update(ldap_handle, distinguished_name, "",
4398 "initials", user_name);
4401 rc = attribute_update(ldap_handle, distinguished_name, last,
4404 rc = attribute_update(ldap_handle, distinguished_name, "",
4409 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4414 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4418 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4419 "mitMoiraId", user_name);
4428 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4432 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4437 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4438 sprintf(status, "%d", State);
4439 principal_v[0] = principal;
4440 loginshell_v[0] = shell;
4441 mitMoiraClass_v[0] = class;
4442 mitMoiraStatus_v[0] = status;
4444 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4445 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4446 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4447 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4448 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4449 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4452 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4454 userAccountControl |= UF_ACCOUNTDISABLE;
4458 hide_address_lists_v[0] = "TRUE";
4459 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4467 hide_address_lists_v[0] = NULL;
4468 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4473 sprintf(userAccountControlStr, "%ld", userAccountControl);
4474 userAccountControl_v[0] = userAccountControlStr;
4475 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4479 if (rc = moira_connect())
4481 critical_alert("AD incremental",
4482 "Error contacting Moira server : %s",
4487 argv[0] = user_name;
4489 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4491 if(!strcmp(save_argv[1], "EXCHANGE") ||
4492 (strstr(save_argv[3], search_string) != NULL))
4494 alt_recipient_v[0] = NULL;
4495 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4497 argv[0] = exchange_acl;
4499 argv[2] = user_name;
4501 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4503 if ((rc) && (rc != MR_EXISTS))
4505 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4506 user_name, exchange_acl, error_message(rc));
4511 alt_recipient_v[0] = alt_recipient;
4512 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4514 argv[0] = exchange_acl;
4516 argv[2] = user_name;
4518 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4520 if ((rc) && (rc != MR_NO_MATCH))
4523 "Unable to remove user %s from %s: %s, %d",
4524 user_name, exchange_acl, error_message(rc), rc);
4530 alt_recipient_v[0] = alt_recipient;
4531 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4533 argv[0] = exchange_acl;
4535 argv[2] = user_name;
4537 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4539 if ((rc) && (rc != MR_NO_MATCH))
4542 "Unable to remove user %s from %s: %s, %d",
4543 user_name, exchange_acl, error_message(rc), rc);
4551 mail_v[0] = contact_mail;
4552 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4555 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4556 WinProfileDir, homedir_v, winProfile_v,
4557 drives_v, mods, LDAP_MOD_REPLACE, n);
4561 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4562 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4563 attr_array[0] = "sAMAccountName";
4564 attr_array[1] = NULL;
4568 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4570 &group_base, &group_count,
4571 LDAP_SCOPE_SUBTREE) != 0))
4574 if (group_count != 1)
4576 com_err(whoami, 0, "Unable to process user security template: %s - "
4577 "security not set", "UserTemplate.u");
4581 strcpy(TemplateDn, group_base->dn);
4582 strcpy(TemplateSamName, group_base->value);
4583 linklist_free(group_base);
4587 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4588 filter_exp, NULL, 0, apsServerControls, NULL,
4591 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4593 com_err(whoami, 0, "Unable to find user security template: %s - "
4594 "security not set", "UserTemplate.u");
4598 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4599 "ntSecurityDescriptor");
4601 if (ppsValues == NULL)
4603 com_err(whoami, 0, "Unable to find user security template: %s - "
4604 "security not set", "UserTemplate.u");
4608 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4609 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4614 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4615 mods)) != LDAP_SUCCESS)
4617 OldUseSFU30 = UseSFU30;
4618 SwitchSFU(mods, &UseSFU30, n);
4619 if (OldUseSFU30 != UseSFU30)
4620 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4623 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4624 user_name, ldap_err2string(rc));
4628 for (i = 0; i < n; i++)
4634 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4642 char contact_mail[256];
4643 char proxy_address[256];
4644 char query_base_dn[256];
4646 char *userPrincipalName_v[] = {NULL, NULL};
4647 char *altSecurityIdentities_v[] = {NULL, NULL};
4648 char *name_v[] = {NULL, NULL};
4649 char *samAccountName_v[] = {NULL, NULL};
4650 char *mail_v[] = {NULL, NULL};
4651 char *mail_nickname_v[] = {NULL, NULL};
4652 char *proxy_address_v[] = {NULL, NULL};
4653 char *query_base_dn_v[] = {NULL, NULL};
4654 char *principal_v[] = {NULL, NULL};
4655 char principal[256];
4660 if (!check_string(before_user_name))
4663 "Unable to process invalid LDAP user name %s", before_user_name);
4664 return(AD_INVALID_NAME);
4667 if (!check_string(user_name))
4670 "Unable to process invalid LDAP user name %s", user_name);
4671 return(AD_INVALID_NAME);
4674 strcpy(user_name, user_name);
4677 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4679 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4682 sprintf(new_dn, "cn=%s", user_name);
4684 sprintf(new_dn, "uid=%s", user_name);
4686 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4687 sprintf(contact_mail, "%s@mit.edu", user_name);
4688 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4689 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4691 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4692 NULL, NULL)) != LDAP_SUCCESS)
4694 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4695 before_user_name, user_name, ldap_err2string(rc));
4701 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4704 if(rc = ldap_delete_s(ldap_handle, temp))
4706 com_err(whoami, 0, "Unable to delete user contact for %s",
4710 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4712 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4716 name_v[0] = user_name;
4717 sprintf(upn, "%s@%s", user_name, ldap_domain);
4718 userPrincipalName_v[0] = upn;
4719 principal_v[0] = principal;
4720 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4721 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4722 altSecurityIdentities_v[0] = temp;
4723 samAccountName_v[0] = user_name;
4725 mail_nickname_v[0] = user_name;
4726 proxy_address_v[0] = proxy_address;
4727 query_base_dn_v[0] = query_base_dn;
4730 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4731 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4732 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4733 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4735 if(!ActiveDirectory)
4737 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4738 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4739 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4740 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4745 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4746 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4747 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4748 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4752 mail_v[0] = contact_mail;
4753 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4759 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4761 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4763 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4766 "Unable to modify user data for %s after renaming : %s",
4767 user_name, ldap_err2string(rc));
4770 for (i = 0; i < n; i++)
4776 int user_create(int ac, char **av, void *ptr)
4780 char user_name[256];
4784 char contact_mail[256];
4785 char proxy_address[256];
4786 char mail_nickname[256];
4787 char query_base_dn[256];
4788 char displayName[256];
4789 char address_book[256];
4790 char alt_recipient[256];
4791 char *cn_v[] = {NULL, NULL};
4792 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4794 char *objectClass_ldap_v[] = {"top",
4795 "eduPerson", "posixAccount",
4796 "apple-user", "shadowAccount",
4797 "microsoftComTop", "securityPrincipal",
4798 "inetOrgPerson", "user",
4799 "organizationalPerson", "person",
4800 "mailRecipient", NULL};
4802 char *samAccountName_v[] = {NULL, NULL};
4803 char *altSecurityIdentities_v[] = {NULL, NULL};
4804 char *mitMoiraId_v[] = {NULL, NULL};
4805 char *mitMoiraClass_v[] = {NULL, NULL};
4806 char *mitMoiraStatus_v[] = {NULL, NULL};
4807 char *name_v[] = {NULL, NULL};
4808 char *desc_v[] = {NULL, NULL};
4809 char *userPrincipalName_v[] = {NULL, NULL};
4810 char *userAccountControl_v[] = {NULL, NULL};
4811 char *uid_v[] = {NULL, NULL};
4812 char *gid_v[] = {NULL, NULL};
4813 char *mitid_v[] = {NULL, NULL};
4814 char *homedir_v[] = {NULL, NULL};
4815 char *winProfile_v[] = {NULL, NULL};
4816 char *drives_v[] = {NULL, NULL};
4817 char *mail_v[] = {NULL, NULL};
4818 char *givenName_v[] = {NULL, NULL};
4819 char *sn_v[] = {NULL, NULL};
4820 char *initials_v[] = {NULL, NULL};
4821 char *displayName_v[] = {NULL, NULL};
4822 char *proxy_address_v[] = {NULL, NULL};
4823 char *mail_nickname_v[] = {NULL, NULL};
4824 char *query_base_dn_v[] = {NULL, NULL};
4825 char *address_book_v[] = {NULL, NULL};
4826 char *homeMDB_v[] = {NULL, NULL};
4827 char *homeServerName_v[] = {NULL, NULL};
4828 char *mdbUseDefaults_v[] = {NULL, NULL};
4829 char *mailbox_guid_v[] = {NULL, NULL};
4830 char *user_culture_v[] = {NULL, NULL};
4831 char *user_account_control_v[] = {NULL, NULL};
4832 char *msexch_version_v[] = {NULL, NULL};
4833 char *alt_recipient_v[] = {NULL, NULL};
4834 char *hide_address_lists_v[] = {NULL, NULL};
4835 char *principal_v[] = {NULL, NULL};
4836 char *loginshell_v[] = {NULL, NULL};
4837 char userAccountControlStr[80];
4839 char principal[256];
4840 char filter_exp[1024];
4841 char search_path[512];
4842 char *attr_array[3];
4843 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4844 UF_PASSWD_CANT_CHANGE;
4850 char WinHomeDir[1024];
4851 char WinProfileDir[1024];
4853 char *homeServerName;
4855 char acBERBuf[N_SD_BER_BYTES];
4856 LK_ENTRY *group_base;
4858 char TemplateDn[512];
4859 char TemplateSamName[128];
4860 LDAP_BERVAL **ppsValues;
4861 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4862 { N_SD_BER_BYTES, acBERBuf },
4864 LDAPControl *apsServerControls[] = {&sControl, NULL};
4868 char search_string[256];
4869 char *o_v[] = {NULL, NULL};
4871 char *mail_routing_v[] = {NULL, NULL};
4876 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4877 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4878 BEREncodeSecurityBits(dwInfo, acBERBuf);
4880 if (!check_string(av[U_NAME]))
4882 callback_rc = AD_INVALID_NAME;
4883 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4885 return(AD_INVALID_NAME);
4888 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
4889 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
4890 memset(displayName, '\0', sizeof(displayName));
4891 memset(query_base_dn, '\0', sizeof(query_base_dn));
4892 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
4893 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
4894 strcpy(user_name, av[U_NAME]);
4895 sprintf(upn, "%s@%s", user_name, ldap_domain);
4896 sprintf(sam_name, "%s", av[U_NAME]);
4898 if(strlen(av[U_FIRST])) {
4899 strcat(displayName, av[U_FIRST]);
4902 if(strlen(av[U_MIDDLE])) {
4903 if(strlen(av[U_FIRST]))
4904 strcat(displayName, " ");
4906 strcat(displayName, av[U_MIDDLE]);
4909 if(strlen(av[U_LAST])) {
4910 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
4911 strcat(displayName, " ");
4913 strcat(displayName, av[U_LAST]);
4916 samAccountName_v[0] = sam_name;
4917 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
4918 (atoi(av[U_STATE]) != US_REGISTERED))
4920 userAccountControl |= UF_ACCOUNTDISABLE;
4924 hide_address_lists_v[0] = "TRUE";
4925 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4930 sprintf(userAccountControlStr, "%ld", userAccountControl);
4931 userAccountControl_v[0] = userAccountControlStr;
4932 userPrincipalName_v[0] = upn;
4935 cn_v[0] = user_name;
4937 cn_v[0] = displayName;
4939 name_v[0] = user_name;
4940 desc_v[0] = "Auto account created by Moira";
4942 givenName_v[0] = av[U_FIRST];
4945 sn_v[0] = av[U_LAST];
4947 if(strlen(av[U_LAST]))
4948 sn_v[0] = av[U_LAST];
4950 sn_v[0] = av[U_NAME];
4952 displayName_v[0] = displayName;
4953 mail_nickname_v[0] = user_name;
4954 o_v[0] = "Massachusetts Institute of Technology";
4956 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4957 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4958 altSecurityIdentities_v[0] = temp;
4959 principal_v[0] = principal;
4962 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
4964 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
4966 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
4967 sprintf(contact_mail, "%s@mit.edu", user_name);
4968 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
4969 query_base_dn_v[0] = query_base_dn;
4970 sprintf(alt_recipient, "cn=%s@mit.edu,%s,%s", user_name, contact_ou,
4972 sprintf(search_string, "@%s", uppercase(ldap_domain));
4976 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
4979 com_err(whoami, 0, "Unable to create user contact %s",
4983 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
4986 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
4990 com_err(whoami, 0, "homeMDB:%s", homeMDB);
4991 com_err(whoami, 0, "homeServerName:%s", homeServerName);
4993 homeMDB_v[0] = homeMDB;
4994 homeServerName_v[0] = homeServerName;
4999 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5003 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5007 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5010 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5011 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5012 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5013 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5014 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5018 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5019 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5020 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5021 mdbUseDefaults_v[0] = "TRUE";
5022 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5023 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5025 argv[0] = user_name;
5027 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5029 if(!strcmp(save_argv[1], "EXCHANGE") ||
5030 (strstr(save_argv[3], search_string) != NULL))
5032 argv[0] = exchange_acl;
5034 argv[2] = user_name;
5036 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5038 if ((rc) && (rc != MR_EXISTS))
5040 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5041 user_name, exchange_acl, error_message(rc));
5046 alt_recipient_v[0] = alt_recipient;
5047 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5052 alt_recipient_v[0] = alt_recipient;
5053 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5055 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5060 mail_v[0] = contact_mail;
5061 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5064 if(strlen(av[U_FIRST])) {
5065 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5068 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5069 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5072 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5073 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5075 if(!ActiveDirectory)
5077 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5080 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5082 if(!ActiveDirectory)
5084 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5088 if (strlen(av[U_MIDDLE]) == 1) {
5089 initials_v[0] = av[U_MIDDLE];
5090 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5093 if (strlen(call_args[2]) != 0)
5095 mitMoiraId_v[0] = call_args[2];
5096 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5099 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5101 if(!ActiveDirectory)
5103 loginshell_v[0] = av[U_SHELL];
5104 mitMoiraClass_v[0] = av[U_CLASS];
5105 mitMoiraStatus_v[0] = av[U_STATE];
5106 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5107 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5108 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5109 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5110 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5111 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5114 if (strlen(av[U_UID]) != 0)
5116 uid_v[0] = av[U_UID];
5120 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5125 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5126 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5133 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5137 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5142 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5143 mitid_v[0] = av[U_MITID];
5145 mitid_v[0] = "none";
5147 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5149 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5150 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5151 drives_v, mods, LDAP_MOD_ADD, n);
5155 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5156 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5157 attr_array[0] = "sAMAccountName";
5158 attr_array[1] = NULL;
5162 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5163 attr_array, &group_base, &group_count,
5164 LDAP_SCOPE_SUBTREE) != 0))
5167 if (group_count != 1)
5169 com_err(whoami, 0, "Unable to process user security template: %s - "
5170 "security not set", "UserTemplate.u");
5174 strcpy(TemplateDn, group_base->dn);
5175 strcpy(TemplateSamName, group_base->value);
5176 linklist_free(group_base);
5180 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5181 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5182 apsServerControls, NULL,
5185 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5187 com_err(whoami, 0, "Unable to find user security template: %s - "
5188 "security not set", "UserTemplate.u");
5192 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5193 "ntSecurityDescriptor");
5194 if (ppsValues == NULL)
5196 com_err(whoami, 0, "Unable to find user security template: %s - "
5197 "security not set", "UserTemplate.u");
5201 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5202 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5207 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5209 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5211 OldUseSFU30 = UseSFU30;
5212 SwitchSFU(mods, &UseSFU30, n);
5213 if (OldUseSFU30 != UseSFU30)
5214 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5217 for (i = 0; i < n; i++)
5220 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5222 com_err(whoami, 0, "Unable to create user %s : %s",
5223 user_name, ldap_err2string(rc));
5228 if ((rc == LDAP_SUCCESS) && (SetPassword))
5230 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5232 ad_kdc_disconnect();
5233 if (!ad_server_connect(default_server, ldap_domain))
5235 com_err(whoami, 0, "Unable to set password for user %s : %s",
5237 "cannot get changepw ticket from windows domain");
5241 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5243 com_err(whoami, 0, "Unable to set password for user %s "
5244 ": %ld", user_name, rc);
5250 if(!ActiveDirectory)
5252 if (rc = moira_connect())
5254 critical_alert("AD incremental",
5255 "Error contacting Moira server : %s",
5260 argv[0] = user_name;
5262 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5264 p = strdup(save_argv[3]);
5266 if((c = strchr(p, ',')) != NULL) {
5270 if ((c = strchr(q, '@')) == NULL)
5271 sprintf(temp, "%s@mit.edu", q);
5273 sprintf(temp, "%s", q);
5275 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5277 mail_routing_v[0] = temp;
5280 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5282 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5284 if (rc == LDAP_ALREADY_EXISTS ||
5285 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5290 "Unable to set the mailRoutingAddress for %s : %s",
5291 user_name, ldap_err2string(rc));
5294 while((q = strtok(NULL, ",")) != NULL) {
5297 if((c = strchr(q, '@')) == NULL)
5298 sprintf(temp, "%s@mit.edu", q);
5300 sprintf(temp, "%s", q);
5302 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5304 mail_routing_v[0] = temp;
5307 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5309 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5311 if (rc == LDAP_ALREADY_EXISTS ||
5312 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5317 "Unable to set the mailRoutingAddress for %s : %s",
5318 user_name, ldap_err2string(rc));
5324 if((c = strchr(p, '@')) == NULL)
5325 sprintf(temp, "%s@mit.edu", p);
5327 sprintf(temp, "%s", p);
5329 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5331 mail_routing_v[0] = temp;
5334 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5336 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5338 if (rc == LDAP_ALREADY_EXISTS ||
5339 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5344 "Unable to set the mailRoutingAddress for %s : %s",
5345 user_name, ldap_err2string(rc));
5355 int user_change_status(LDAP *ldap_handle, char *dn_path,
5356 char *user_name, char *MoiraId,
5360 char *attr_array[3];
5362 char distinguished_name[1024];
5364 char *mitMoiraId_v[] = {NULL, NULL};
5366 LK_ENTRY *group_base;
5373 if (!check_string(user_name))
5375 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5377 return(AD_INVALID_NAME);
5383 if (strlen(MoiraId) != 0)
5385 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5386 attr_array[0] = "UserAccountControl";
5387 attr_array[1] = NULL;
5388 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5389 &group_base, &group_count,
5390 LDAP_SCOPE_SUBTREE)) != 0)
5392 com_err(whoami, 0, "Unable to process user %s : %s",
5393 user_name, ldap_err2string(rc));
5398 if (group_count != 1)
5400 linklist_free(group_base);
5403 sprintf(filter, "(sAMAccountName=%s)", user_name);
5404 attr_array[0] = "UserAccountControl";
5405 attr_array[1] = NULL;
5406 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5407 &group_base, &group_count,
5408 LDAP_SCOPE_SUBTREE)) != 0)
5410 com_err(whoami, 0, "Unable to process user %s : %s",
5411 user_name, ldap_err2string(rc));
5416 if (group_count != 1)
5418 linklist_free(group_base);
5419 com_err(whoami, 0, "Unable to find user %s in AD",
5421 return(LDAP_NO_SUCH_OBJECT);
5424 strcpy(distinguished_name, group_base->dn);
5425 ulongValue = atoi((*group_base).value);
5427 if (operation == MEMBER_DEACTIVATE)
5428 ulongValue |= UF_ACCOUNTDISABLE;
5430 ulongValue &= ~UF_ACCOUNTDISABLE;
5432 sprintf(temp, "%ld", ulongValue);
5434 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5435 temp, &modvalues, REPLACE)) == 1)
5438 linklist_free(group_base);
5442 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5444 if (strlen(MoiraId) != 0)
5446 mitMoiraId_v[0] = MoiraId;
5447 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5451 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5453 for (i = 0; i < n; i++)
5456 free_values(modvalues);
5458 if (rc != LDAP_SUCCESS)
5460 com_err(whoami, 0, "Unable to change status of user %s : %s",
5461 user_name, ldap_err2string(rc));
5468 int user_delete(LDAP *ldap_handle, char *dn_path,
5469 char *u_name, char *MoiraId)
5472 char *attr_array[3];
5473 char distinguished_name[1024];
5474 char user_name[512];
5475 LK_ENTRY *group_base;
5480 if (!check_string(u_name))
5481 return(AD_INVALID_NAME);
5483 strcpy(user_name, u_name);
5487 if (strlen(MoiraId) != 0)
5489 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5490 attr_array[0] = "name";
5491 attr_array[1] = NULL;
5492 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5493 &group_base, &group_count,
5494 LDAP_SCOPE_SUBTREE)) != 0)
5496 com_err(whoami, 0, "Unable to process user %s : %s",
5497 user_name, ldap_err2string(rc));
5502 if (group_count != 1)
5504 linklist_free(group_base);
5507 sprintf(filter, "(sAMAccountName=%s)", user_name);
5508 attr_array[0] = "name";
5509 attr_array[1] = NULL;
5510 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5511 &group_base, &group_count,
5512 LDAP_SCOPE_SUBTREE)) != 0)
5514 com_err(whoami, 0, "Unable to process user %s : %s",
5515 user_name, ldap_err2string(rc));
5520 if (group_count != 1)
5522 com_err(whoami, 0, "Unable to find user %s in AD",
5527 strcpy(distinguished_name, group_base->dn);
5529 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5531 com_err(whoami, 0, "Unable to process user %s : %s",
5532 user_name, ldap_err2string(rc));
5535 /* Need to add code to delete mit.edu contact */
5539 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5541 if(rc = ldap_delete_s(ldap_handle, temp))
5543 com_err(whoami, 0, "Unable to delete user contact for %s",
5549 linklist_free(group_base);
5554 void linklist_free(LK_ENTRY *linklist_base)
5556 LK_ENTRY *linklist_previous;
5558 while (linklist_base != NULL)
5560 if (linklist_base->dn != NULL)
5561 free(linklist_base->dn);
5563 if (linklist_base->attribute != NULL)
5564 free(linklist_base->attribute);
5566 if (linklist_base->value != NULL)
5567 free(linklist_base->value);
5569 if (linklist_base->member != NULL)
5570 free(linklist_base->member);
5572 if (linklist_base->type != NULL)
5573 free(linklist_base->type);
5575 if (linklist_base->list != NULL)
5576 free(linklist_base->list);
5578 linklist_previous = linklist_base;
5579 linklist_base = linklist_previous->next;
5580 free(linklist_previous);
5584 void free_values(char **modvalues)
5590 if (modvalues != NULL)
5592 while (modvalues[i] != NULL)
5595 modvalues[i] = NULL;
5602 static int illegalchars[] = {
5603 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5604 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5605 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5606 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5607 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5608 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5609 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5610 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5611 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5612 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5613 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5614 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5615 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5616 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5617 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5618 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5621 static int illegalchars_ldap[] = {
5622 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5623 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5624 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5625 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5626 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5627 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5628 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5629 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5630 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5631 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5632 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5633 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5634 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5635 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5636 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5637 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5640 int check_string(char *s)
5648 if (isupper(character))
5649 character = tolower(character);
5653 if (illegalchars[(unsigned) character])
5658 if (illegalchars_ldap[(unsigned) character])
5666 int check_container_name(char *s)
5674 if (isupper(character))
5675 character = tolower(character);
5677 if (character == ' ')
5680 if (illegalchars[(unsigned) character])
5687 int mr_connect_cl(char *server, char *client, int version, int auth)
5693 status = mr_connect(server);
5697 com_err(whoami, status, "while connecting to Moira");
5701 status = mr_motd(&motd);
5706 com_err(whoami, status, "while checking server status");
5712 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
5713 com_err(whoami, status, temp);
5718 status = mr_version(version);
5722 if (status == MR_UNKNOWN_PROC)
5725 status = MR_VERSION_HIGH;
5727 status = MR_SUCCESS;
5730 if (status == MR_VERSION_HIGH)
5732 com_err(whoami, 0, "Warning: This client is running newer code "
5733 "than the server.");
5734 com_err(whoami, 0, "Some operations may not work.");
5736 else if (status && status != MR_VERSION_LOW)
5738 com_err(whoami, status, "while setting query version number.");
5746 status = mr_krb5_auth(client);
5749 com_err(whoami, status, "while authenticating to Moira.");
5758 void AfsToWinAfs(char* path, char* winPath)
5762 strcpy(winPath, WINAFS);
5763 pathPtr = path + strlen(AFS);
5764 winPathPtr = winPath + strlen(WINAFS);
5768 if (*pathPtr == '/')
5771 *winPathPtr = *pathPtr;
5778 int GetAceInfo(int ac, char **av, void *ptr)
5785 strcpy(call_args[0], av[L_ACE_TYPE]);
5786 strcpy(call_args[1], av[L_ACE_NAME]);
5788 get_group_membership(call_args[2], call_args[3], &security_flag, av);
5789 return(LDAP_SUCCESS);
5792 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
5795 char *attr_array[3];
5798 LK_ENTRY *group_base;
5803 sprintf(filter, "(sAMAccountName=%s)", Name);
5804 attr_array[0] = "sAMAccountName";
5805 attr_array[1] = NULL;
5807 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5808 &group_base, &group_count,
5809 LDAP_SCOPE_SUBTREE)) != 0)
5811 com_err(whoami, 0, "Unable to process ACE name %s : %s",
5812 Name, ldap_err2string(rc));
5816 linklist_free(group_base);
5819 if (group_count == 0)
5827 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
5828 int UpdateGroup, int *ProcessGroup, char *maillist)
5831 char GroupName[256];
5837 char AceMembership[2];
5840 char *save_argv[U_END];
5844 com_err(whoami, 0, "ProcessAce disabled, skipping");
5848 strcpy(GroupName, Name);
5850 if (strcasecmp(Type, "LIST"))
5856 AceInfo[0] = AceType;
5857 AceInfo[1] = AceName;
5858 AceInfo[2] = AceMembership;
5860 memset(AceType, '\0', sizeof(AceType));
5861 memset(AceName, '\0', sizeof(AceName));
5862 memset(AceMembership, '\0', sizeof(AceMembership));
5863 memset(AceOu, '\0', sizeof(AceOu));
5866 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
5868 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
5869 GroupName, error_message(rc));
5875 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
5879 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
5882 strcpy(temp, AceName);
5884 if (!strcasecmp(AceType, "LIST"))
5885 sprintf(temp, "%s%s", AceName, group_suffix);
5889 if (checkADname(ldap_handle, dn_path, temp))
5892 (*ProcessGroup) = 1;
5895 if (!strcasecmp(AceInfo[0], "LIST"))
5897 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
5898 AceMembership, 0, UpdateGroup, maillist))
5901 else if (!strcasecmp(AceInfo[0], "USER"))
5904 call_args[0] = (char *)ldap_handle;
5905 call_args[1] = dn_path;
5907 call_args[3] = NULL;
5910 if (rc = mr_query("get_user_account_by_login", 1, av,
5911 save_query_info, save_argv))
5913 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5918 if (rc = user_create(U_END, save_argv, call_args))
5920 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
5927 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
5937 if (!strcasecmp(AceType, "LIST"))
5939 if (!strcasecmp(GroupName, AceName))
5943 strcpy(GroupName, AceName);
5949 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
5950 char *group_name, char *group_ou, char *group_membership,
5951 int group_security_flag, int updateGroup, char *maillist)
5956 LK_ENTRY *group_base;
5959 char *attr_array[3];
5962 call_args[0] = (char *)ldap_handle;
5963 call_args[1] = dn_path;
5964 call_args[2] = group_name;
5965 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
5966 call_args[4] = (char *)updateGroup;
5967 call_args[5] = MoiraId;
5969 call_args[7] = NULL;
5975 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
5978 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
5986 com_err(whoami, 0, "Unable to create list %s", group_name);
5987 return(callback_rc);
5993 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
5994 char *group_ou, char *group_membership,
5995 int group_security_flag, char *MoiraId)
6010 char *save_argv[U_END];
6012 com_err(whoami, 0, "Populating group %s", group_name);
6014 call_args[0] = (char *)ldap_handle;
6015 call_args[1] = dn_path;
6016 call_args[2] = group_name;
6017 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6018 call_args[4] = NULL;
6021 if (rc = mr_query("get_end_members_of_list", 1, av,
6022 member_list_build, call_args))
6024 com_err(whoami, 0, "Unable to populate list %s : %s",
6025 group_name, error_message(rc));
6029 members = (char **)malloc(sizeof(char *) * 2);
6031 if (member_base != NULL)
6037 if (!strcasecmp(ptr->type, "LIST"))
6043 if(!strcasecmp(ptr->type, "USER"))
6045 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6046 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6052 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6053 "")) == AD_NO_USER_FOUND)
6055 com_err(whoami, 0, "creating user %s", ptr->member);
6057 av[0] = ptr->member;
6058 call_args[0] = (char *)ldap_handle;
6059 call_args[1] = dn_path;
6061 call_args[3] = NULL;
6064 if (rc = mr_query("get_user_account_by_login", 1, av,
6065 save_query_info, save_argv))
6067 com_err(whoami, 0, "Unable to create user %s "
6068 "while populating group %s.", ptr->member,
6074 if (rc = user_create(U_END, save_argv, call_args))
6076 com_err(whoami, 0, "Unable to create user %s "
6077 "while populating group %s.", ptr->member,
6085 com_err(whoami, 0, "Unable to create user %s "
6086 "while populating group %s", ptr->member,
6097 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6102 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6107 else if (!strcasecmp(ptr->type, "STRING"))
6109 if (contact_create(ldap_handle, dn_path, ptr->member,
6113 pUserOu = contact_ou;
6114 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6117 else if (!strcasecmp(ptr->type, "KERBEROS"))
6119 if (contact_create(ldap_handle, dn_path, ptr->member,
6123 pUserOu = kerberos_ou;
6124 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6129 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6130 members[i++] = strdup(member);
6135 linklist_free(member_base);
6142 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6145 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6147 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6148 mods)) != LDAP_SUCCESS)
6151 "Unable to populate group membership for %s: %s",
6152 group_dn, ldap_err2string(rc));
6155 for (i = 0; i < n; i++)
6163 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6164 char *group_name, char *group_ou, char *group_membership,
6165 int group_security_flag, int type, char *maillist)
6167 char before_desc[512];
6168 char before_name[256];
6169 char before_group_ou[256];
6170 char before_group_membership[2];
6171 char distinguishedName[256];
6172 char ad_distinguishedName[256];
6174 char *attr_array[3];
6175 int before_security_flag;
6178 LK_ENTRY *group_base;
6181 char ou_security[512];
6182 char ou_distribution[512];
6183 char ou_neither[512];
6186 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6187 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6189 memset(filter, '\0', sizeof(filter));
6193 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6195 "samAccountName", &group_base,
6196 &group_count, filter))
6199 if (type == CHECK_GROUPS)
6201 if (group_count == 1)
6203 strcpy(group_dn, group_base->dn);
6205 if (!strcasecmp(group_dn, distinguishedName))
6207 linklist_free(group_base);
6212 linklist_free(group_base);
6214 if (group_count == 0)
6215 return(AD_NO_GROUPS_FOUND);
6217 if (group_count == 1)
6218 return(AD_WRONG_GROUP_DN_FOUND);
6220 return(AD_MULTIPLE_GROUPS_FOUND);
6223 if (group_count == 0)
6225 return(AD_NO_GROUPS_FOUND);
6228 if (group_count > 1)
6232 strcpy(group_dn, ptr->dn);
6236 if (!strcasecmp(group_dn, ptr->value))
6244 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6250 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6254 linklist_free(group_base);
6255 return(AD_MULTIPLE_GROUPS_FOUND);
6262 strcpy(group_dn, ptr->dn);
6264 if (strcasecmp(group_dn, ptr->value))
6265 rc = ldap_delete_s(ldap_handle, ptr->value);
6270 linklist_free(group_base);
6271 memset(filter, '\0', sizeof(filter));
6275 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6277 "samAccountName", &group_base,
6278 &group_count, filter))
6281 if (group_count == 0)
6282 return(AD_NO_GROUPS_FOUND);
6284 if (group_count > 1)
6285 return(AD_MULTIPLE_GROUPS_FOUND);
6288 strcpy(ad_distinguishedName, group_base->dn);
6289 linklist_free(group_base);
6293 attr_array[0] = "sAMAccountName";
6294 attr_array[1] = NULL;
6296 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6297 &group_base, &group_count,
6298 LDAP_SCOPE_SUBTREE)) != 0)
6300 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6301 MoiraId, ldap_err2string(rc));
6305 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6307 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6309 linklist_free(group_base);
6315 linklist_free(group_base);
6318 memset(ou_both, '\0', sizeof(ou_both));
6319 memset(ou_security, '\0', sizeof(ou_security));
6320 memset(ou_distribution, '\0', sizeof(ou_distribution));
6321 memset(ou_neither, '\0', sizeof(ou_neither));
6322 memset(before_name, '\0', sizeof(before_name));
6323 memset(before_desc, '\0', sizeof(before_desc));
6324 memset(before_group_membership, '\0', sizeof(before_group_membership));
6326 attr_array[0] = "name";
6327 attr_array[1] = NULL;
6329 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6330 &group_base, &group_count,
6331 LDAP_SCOPE_SUBTREE)) != 0)
6333 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6334 MoiraId, ldap_err2string(rc));
6338 strcpy(before_name, group_base->value);
6339 linklist_free(group_base);
6343 attr_array[0] = "description";
6344 attr_array[1] = NULL;
6346 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6347 &group_base, &group_count,
6348 LDAP_SCOPE_SUBTREE)) != 0)
6351 "Unable to get list description with MoiraId = %s: %s",
6352 MoiraId, ldap_err2string(rc));
6356 if (group_count != 0)
6358 strcpy(before_desc, group_base->value);
6359 linklist_free(group_base);
6364 change_to_lower_case(ad_distinguishedName);
6365 strcpy(ou_both, group_ou_both);
6366 change_to_lower_case(ou_both);
6367 strcpy(ou_security, group_ou_security);
6368 change_to_lower_case(ou_security);
6369 strcpy(ou_distribution, group_ou_distribution);
6370 change_to_lower_case(ou_distribution);
6371 strcpy(ou_neither, group_ou_neither);
6372 change_to_lower_case(ou_neither);
6374 if (strstr(ad_distinguishedName, ou_both))
6376 strcpy(before_group_ou, group_ou_both);
6377 before_group_membership[0] = 'B';
6378 before_security_flag = 1;
6380 else if (strstr(ad_distinguishedName, ou_security))
6382 strcpy(before_group_ou, group_ou_security);
6383 before_group_membership[0] = 'S';
6384 before_security_flag = 1;
6386 else if (strstr(ad_distinguishedName, ou_distribution))
6388 strcpy(before_group_ou, group_ou_distribution);
6389 before_group_membership[0] = 'D';
6390 before_security_flag = 0;
6392 else if (strstr(ad_distinguishedName, ou_neither))
6394 strcpy(before_group_ou, group_ou_neither);
6395 before_group_membership[0] = 'N';
6396 before_security_flag = 0;
6399 return(AD_NO_OU_FOUND);
6401 rc = group_rename(ldap_handle, dn_path, before_name,
6402 before_group_membership,
6403 before_group_ou, before_security_flag, before_desc,
6404 group_name, group_membership, group_ou,
6405 group_security_flag,
6406 before_desc, MoiraId, filter, maillist);
6411 void change_to_lower_case(char *ptr)
6415 for (i = 0; i < (int)strlen(ptr); i++)
6417 ptr[i] = tolower(ptr[i]);
6421 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6422 char *group_name, char *group_membership,
6423 char *MoiraId, char *attribute,
6424 LK_ENTRY **linklist_base, int *linklist_count,
6429 char *attr_array[3];
6433 (*linklist_base) = NULL;
6434 (*linklist_count) = 0;
6436 if (strlen(rFilter) != 0)
6438 strcpy(filter, rFilter);
6439 attr_array[0] = attribute;
6440 attr_array[1] = NULL;
6442 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6443 linklist_base, linklist_count,
6444 LDAP_SCOPE_SUBTREE)) != 0)
6446 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6447 MoiraId, ldap_err2string(rc));
6451 if ((*linklist_count) == 1)
6453 strcpy(rFilter, filter);
6458 linklist_free((*linklist_base));
6459 (*linklist_base) = NULL;
6460 (*linklist_count) = 0;
6462 if (strlen(MoiraId) != 0)
6464 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6466 attr_array[0] = attribute;
6467 attr_array[1] = NULL;
6469 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6470 linklist_base, linklist_count,
6471 LDAP_SCOPE_SUBTREE)) != 0)
6473 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6474 MoiraId, ldap_err2string(rc));
6479 if ((*linklist_count) > 1)
6481 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6482 pPtr = (*linklist_base);
6486 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6491 linklist_free((*linklist_base));
6492 (*linklist_base) = NULL;
6493 (*linklist_count) = 0;
6496 if ((*linklist_count) == 1)
6499 pPtr = (*linklist_base);
6500 dn = strdup(pPtr->dn);
6503 if (!memcmp(dn, group_name, strlen(group_name)))
6505 strcpy(rFilter, filter);
6510 linklist_free((*linklist_base));
6511 (*linklist_base) = NULL;
6512 (*linklist_count) = 0;
6513 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6515 attr_array[0] = attribute;
6516 attr_array[1] = NULL;
6518 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6519 linklist_base, linklist_count,
6520 LDAP_SCOPE_SUBTREE)) != 0)
6522 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6523 MoiraId, ldap_err2string(rc));
6527 if ((*linklist_count) == 1)
6529 strcpy(rFilter, filter);
6536 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6539 char *attr_array[3];
6540 char SamAccountName[64];
6543 LK_ENTRY *group_base;
6549 if (strlen(MoiraId) != 0)
6551 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6553 attr_array[0] = "sAMAccountName";
6554 attr_array[1] = NULL;
6555 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6556 &group_base, &group_count,
6557 LDAP_SCOPE_SUBTREE)) != 0)
6559 com_err(whoami, 0, "Unable to process user %s : %s",
6560 UserName, ldap_err2string(rc));
6564 if (group_count > 1)
6566 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6572 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6573 gPtr->value, MoiraId);
6579 if (group_count != 1)
6581 linklist_free(group_base);
6584 sprintf(filter, "(sAMAccountName=%s)", UserName);
6585 attr_array[0] = "sAMAccountName";
6586 attr_array[1] = NULL;
6588 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6589 &group_base, &group_count,
6590 LDAP_SCOPE_SUBTREE)) != 0)
6592 com_err(whoami, 0, "Unable to process user %s : %s",
6593 UserName, ldap_err2string(rc));
6598 if (group_count != 1)
6600 linklist_free(group_base);
6601 return(AD_NO_USER_FOUND);
6604 strcpy(SamAccountName, group_base->value);
6605 linklist_free(group_base);
6609 if (strcmp(SamAccountName, UserName))
6612 "User object %s with MoiraId %s has mismatched usernames "
6613 "(LDAP username %s, Moira username %s)", SamAccountName,
6614 MoiraId, SamAccountName, UserName);
6620 void container_get_dn(char *src, char *dest)
6627 memset(array, '\0', 20 * sizeof(array[0]));
6629 if (strlen(src) == 0)
6651 strcpy(dest, "OU=");
6655 strcat(dest, array[n-1]);
6659 strcat(dest, ",OU=");
6666 void container_get_name(char *src, char *dest)
6671 if (strlen(src) == 0)
6691 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
6698 strcpy(cName, name);
6700 for (i = 0; i < (int)strlen(cName); i++)
6702 if (cName[i] == '/')
6705 av[CONTAINER_NAME] = cName;
6706 av[CONTAINER_DESC] = "";
6707 av[CONTAINER_LOCATION] = "";
6708 av[CONTAINER_CONTACT] = "";
6709 av[CONTAINER_TYPE] = "";
6710 av[CONTAINER_ID] = "";
6711 av[CONTAINER_ROWID] = "";
6712 rc = container_create(ldap_handle, dn_path, 7, av);
6714 if (rc == LDAP_SUCCESS)
6716 com_err(whoami, 0, "container %s created without a mitMoiraId",
6725 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
6726 char **before, int afterc, char **after)
6731 char new_dn_path[256];
6733 char distinguishedName[256];
6738 memset(cName, '\0', sizeof(cName));
6739 container_get_name(after[CONTAINER_NAME], cName);
6741 if (!check_container_name(cName))
6743 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6745 return(AD_INVALID_NAME);
6748 memset(distinguishedName, '\0', sizeof(distinguishedName));
6750 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6751 distinguishedName, beforec, before))
6754 if (strlen(distinguishedName) == 0)
6756 rc = container_create(ldap_handle, dn_path, afterc, after);
6760 strcpy(temp, after[CONTAINER_NAME]);
6763 for (i = 0; i < (int)strlen(temp); i++)
6773 container_get_dn(temp, dName);
6775 if (strlen(temp) != 0)
6776 sprintf(new_dn_path, "%s,%s", dName, dn_path);
6778 sprintf(new_dn_path, "%s", dn_path);
6780 sprintf(new_cn, "OU=%s", cName);
6782 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6784 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
6785 TRUE, NULL, NULL)) != LDAP_SUCCESS)
6787 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
6788 before[CONTAINER_NAME], after[CONTAINER_NAME],
6789 ldap_err2string(rc));
6793 memset(dName, '\0', sizeof(dName));
6794 container_get_dn(after[CONTAINER_NAME], dName);
6795 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
6800 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
6802 char distinguishedName[256];
6805 memset(distinguishedName, '\0', sizeof(distinguishedName));
6807 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6808 distinguishedName, count, av))
6811 if (strlen(distinguishedName) == 0)
6814 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
6816 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
6817 container_move_objects(ldap_handle, dn_path, distinguishedName);
6819 com_err(whoami, 0, "Unable to delete container %s from AD : %s",
6820 av[CONTAINER_NAME], ldap_err2string(rc));
6826 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
6828 char *attr_array[3];
6829 LK_ENTRY *group_base;
6832 char *objectClass_v[] = {"top",
6833 "organizationalUnit",
6836 char *ou_v[] = {NULL, NULL};
6837 char *name_v[] = {NULL, NULL};
6838 char *moiraId_v[] = {NULL, NULL};
6839 char *desc_v[] = {NULL, NULL};
6840 char *managedBy_v[] = {NULL, NULL};
6843 char managedByDN[256];
6850 memset(filter, '\0', sizeof(filter));
6851 memset(dName, '\0', sizeof(dName));
6852 memset(cName, '\0', sizeof(cName));
6853 memset(managedByDN, '\0', sizeof(managedByDN));
6854 container_get_dn(av[CONTAINER_NAME], dName);
6855 container_get_name(av[CONTAINER_NAME], cName);
6857 if ((strlen(cName) == 0) || (strlen(dName) == 0))
6859 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6861 return(AD_INVALID_NAME);
6864 if (!check_container_name(cName))
6866 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
6868 return(AD_INVALID_NAME);
6872 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
6874 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
6876 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
6878 if (strlen(av[CONTAINER_ROWID]) != 0)
6880 moiraId_v[0] = av[CONTAINER_ROWID];
6881 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
6884 if (strlen(av[CONTAINER_DESC]) != 0)
6886 desc_v[0] = av[CONTAINER_DESC];
6887 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
6890 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
6892 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
6894 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
6897 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
6898 kerberos_ou, dn_path);
6899 managedBy_v[0] = managedByDN;
6900 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6905 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
6907 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
6908 "(objectClass=user)))", av[CONTAINER_ID]);
6911 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
6913 sprintf(filter, "(&(objectClass=group)(cn=%s))",
6917 if (strlen(filter) != 0)
6919 attr_array[0] = "distinguishedName";
6920 attr_array[1] = NULL;
6923 if ((rc = linklist_build(ldap_handle, dn_path, filter,
6925 &group_base, &group_count,
6926 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
6928 if (group_count == 1)
6930 strcpy(managedByDN, group_base->value);
6931 managedBy_v[0] = managedByDN;
6932 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
6934 linklist_free(group_base);
6944 sprintf(temp, "%s,%s", dName, dn_path);
6945 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
6947 for (i = 0; i < n; i++)
6950 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
6952 com_err(whoami, 0, "Unable to create container %s : %s",
6953 cName, ldap_err2string(rc));
6957 if (rc == LDAP_ALREADY_EXISTS)
6959 if (strlen(av[CONTAINER_ROWID]) != 0)
6960 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
6966 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
6967 char **before, int afterc, char **after)
6969 char distinguishedName[256];
6972 memset(distinguishedName, '\0', sizeof(distinguishedName));
6974 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
6975 distinguishedName, afterc, after))
6978 if (strlen(distinguishedName) == 0)
6980 rc = container_create(ldap_handle, dn_path, afterc, after);
6984 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
6985 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
6991 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
6992 char *distinguishedName, int count,
6995 char *attr_array[3];
6996 LK_ENTRY *group_base;
7003 memset(filter, '\0', sizeof(filter));
7004 memset(dName, '\0', sizeof(dName));
7005 memset(cName, '\0', sizeof(cName));
7006 container_get_dn(av[CONTAINER_NAME], dName);
7007 container_get_name(av[CONTAINER_NAME], cName);
7009 if (strlen(dName) == 0)
7011 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7012 av[CONTAINER_NAME]);
7013 return(AD_INVALID_NAME);
7016 if (!check_container_name(cName))
7018 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7020 return(AD_INVALID_NAME);
7023 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7024 av[CONTAINER_ROWID]);
7025 attr_array[0] = "distinguishedName";
7026 attr_array[1] = NULL;
7030 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7031 &group_base, &group_count,
7032 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7034 if (group_count == 1)
7036 strcpy(distinguishedName, group_base->value);
7039 linklist_free(group_base);
7044 if (strlen(distinguishedName) == 0)
7046 sprintf(filter, "(&(objectClass=organizationalUnit)"
7047 "(distinguishedName=%s,%s))", dName, dn_path);
7048 attr_array[0] = "distinguishedName";
7049 attr_array[1] = NULL;
7053 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7054 &group_base, &group_count,
7055 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7057 if (group_count == 1)
7059 strcpy(distinguishedName, group_base->value);
7062 linklist_free(group_base);
7071 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7072 char *distinguishedName, int count, char **av)
7074 char *attr_array[5];
7075 LK_ENTRY *group_base;
7080 char *moiraId_v[] = {NULL, NULL};
7081 char *desc_v[] = {NULL, NULL};
7082 char *managedBy_v[] = {NULL, NULL};
7083 char managedByDN[256];
7092 strcpy(ad_path, distinguishedName);
7094 if (strlen(dName) != 0)
7095 sprintf(ad_path, "%s,%s", dName, dn_path);
7097 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7100 if (strlen(av[CONTAINER_ID]) != 0)
7101 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7102 av[CONTAINER_ROWID]);
7104 attr_array[0] = "mitMoiraId";
7105 attr_array[1] = "description";
7106 attr_array[2] = "managedBy";
7107 attr_array[3] = NULL;
7111 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7112 &group_base, &group_count,
7113 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7115 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7116 av[CONTAINER_NAME], ldap_err2string(rc));
7120 memset(managedByDN, '\0', sizeof(managedByDN));
7121 memset(moiraId, '\0', sizeof(moiraId));
7122 memset(desc, '\0', sizeof(desc));
7127 if (!strcasecmp(pPtr->attribute, "description"))
7128 strcpy(desc, pPtr->value);
7129 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7130 strcpy(managedByDN, pPtr->value);
7131 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7132 strcpy(moiraId, pPtr->value);
7136 linklist_free(group_base);
7141 if (strlen(av[CONTAINER_ROWID]) != 0)
7143 moiraId_v[0] = av[CONTAINER_ROWID];
7144 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7147 if (strlen(av[CONTAINER_DESC]) != 0)
7149 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7154 if (strlen(desc) != 0)
7156 attribute_update(ldap_handle, ad_path, "", "description", dName);
7160 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7162 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7164 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7167 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7168 kerberos_ou, dn_path);
7169 managedBy_v[0] = managedByDN;
7170 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7174 if (strlen(managedByDN) != 0)
7176 attribute_update(ldap_handle, ad_path, "", "managedBy",
7183 memset(filter, '\0', sizeof(filter));
7185 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7187 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7188 "(objectClass=user)))", av[CONTAINER_ID]);
7191 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7193 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7197 if (strlen(filter) != 0)
7199 attr_array[0] = "distinguishedName";
7200 attr_array[1] = NULL;
7203 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7204 attr_array, &group_base, &group_count,
7205 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7207 if (group_count == 1)
7209 strcpy(managedByDN, group_base->value);
7210 managedBy_v[0] = managedByDN;
7211 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7215 if (strlen(managedByDN) != 0)
7217 attribute_update(ldap_handle, ad_path, "",
7218 "managedBy", dName);
7222 linklist_free(group_base);
7229 if (strlen(managedByDN) != 0)
7231 attribute_update(ldap_handle, ad_path, "", "managedBy",
7241 return(LDAP_SUCCESS);
7243 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7245 for (i = 0; i < n; i++)
7248 if (rc != LDAP_SUCCESS)
7250 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7251 av[CONTAINER_NAME], ldap_err2string(rc));
7258 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7260 char *attr_array[3];
7261 LK_ENTRY *group_base;
7268 int NumberOfEntries = 10;
7272 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7274 for (i = 0; i < 3; i++)
7276 memset(filter, '\0', sizeof(filter));
7280 strcpy(filter, "(!(|(objectClass=computer)"
7281 "(objectClass=organizationalUnit)))");
7282 attr_array[0] = "cn";
7283 attr_array[1] = NULL;
7287 strcpy(filter, "(objectClass=computer)");
7288 attr_array[0] = "cn";
7289 attr_array[1] = NULL;
7293 strcpy(filter, "(objectClass=organizationalUnit)");
7294 attr_array[0] = "ou";
7295 attr_array[1] = NULL;
7300 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7301 &group_base, &group_count,
7302 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7307 if (group_count == 0)
7314 if (!strcasecmp(pPtr->attribute, "cn"))
7316 sprintf(new_cn, "cn=%s", pPtr->value);
7318 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7320 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7325 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7327 if (rc == LDAP_ALREADY_EXISTS)
7329 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7336 else if (!strcasecmp(pPtr->attribute, "ou"))
7338 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7344 linklist_free(group_base);
7353 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7354 char *machine_ou, char *NewMachineName)
7356 LK_ENTRY *group_base;
7360 char *attr_array[3];
7367 strcpy(NewMachineName, member);
7368 rc = moira_connect();
7369 rc = GetMachineName(NewMachineName);
7372 if (strlen(NewMachineName) == 0)
7374 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7380 pPtr = strchr(NewMachineName, '.');
7387 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7388 attr_array[0] = "cn";
7389 attr_array[1] = NULL;
7390 sprintf(temp, "%s", dn_path);
7392 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7393 &group_base, &group_count,
7394 LDAP_SCOPE_SUBTREE)) != 0)
7396 com_err(whoami, 0, "Unable to process machine %s : %s",
7397 member, ldap_err2string(rc));
7401 if (group_count != 1)
7404 "Unable to process machine %s : machine not found in AD",
7409 strcpy(dn, group_base->dn);
7410 strcpy(cn, group_base->value);
7412 for (i = 0; i < (int)strlen(dn); i++)
7413 dn[i] = tolower(dn[i]);
7415 for (i = 0; i < (int)strlen(cn); i++)
7416 cn[i] = tolower(cn[i]);
7418 linklist_free(group_base);
7420 pPtr = strstr(dn, cn);
7424 com_err(whoami, 0, "Unable to process machine %s",
7429 pPtr += strlen(cn) + 1;
7430 strcpy(machine_ou, pPtr);
7432 pPtr = strstr(machine_ou, "dc=");
7436 com_err(whoami, 0, "Unable to process machine %s",
7447 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7448 char *MoiraMachineName, char *DestinationOu)
7452 char MachineName[128];
7454 char *attr_array[3];
7459 LK_ENTRY *group_base;
7464 strcpy(MachineName, MoiraMachineName);
7465 rc = GetMachineName(MachineName);
7467 if (strlen(MachineName) == 0)
7469 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7474 cPtr = strchr(MachineName, '.');
7479 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7480 attr_array[0] = "sAMAccountName";
7481 attr_array[1] = NULL;
7483 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7485 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7487 com_err(whoami, 0, "Unable to process machine %s : %s",
7488 MoiraMachineName, ldap_err2string(rc));
7492 if (group_count == 1)
7493 strcpy(OldDn, group_base->dn);
7495 linklist_free(group_base);
7498 if (group_count != 1)
7500 com_err(whoami, 0, "Unable to find machine %s in AD: %s",
7505 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7506 cPtr = strchr(OldDn, ',');
7511 if (!strcasecmp(cPtr, NewOu))
7515 sprintf(NewCn, "CN=%s", MachineName);
7516 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7521 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7527 memset(Name, '\0', sizeof(Name));
7528 strcpy(Name, machine_name);
7530 pPtr = strchr(Name, '.');
7536 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7539 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7540 char *machine_name, char *container_name)
7546 av[0] = machine_name;
7547 call_args[0] = (char *)container_name;
7548 rc = mr_query("get_machine_to_container_map", 1, av,
7549 machine_GetMoiraContainer, call_args);
7553 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7558 strcpy(call_args[0], av[1]);
7562 int Moira_container_group_create(char **after)
7568 memset(GroupName, '\0', sizeof(GroupName));
7569 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7570 after[CONTAINER_ROWID]);
7574 argv[L_NAME] = GroupName;
7575 argv[L_ACTIVE] = "1";
7576 argv[L_PUBLIC] = "0";
7577 argv[L_HIDDEN] = "0";
7578 argv[L_MAILLIST] = "0";
7579 argv[L_GROUP] = "1";
7580 argv[L_GID] = UNIQUE_GID;
7581 argv[L_NFSGROUP] = "0";
7582 argv[L_MAILMAN] = "0";
7583 argv[L_MAILMAN_SERVER] = "[NONE]";
7584 argv[L_DESC] = "auto created container group";
7585 argv[L_ACE_TYPE] = "USER";
7586 argv[L_MEMACE_TYPE] = "USER";
7587 argv[L_ACE_NAME] = "sms";
7588 argv[L_MEMACE_NAME] = "sms";
7590 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7593 "Unable to create container group %s for container %s: %s",
7594 GroupName, after[CONTAINER_NAME], error_message(rc));
7597 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
7598 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
7603 int Moira_container_group_update(char **before, char **after)
7606 char BeforeGroupName[64];
7607 char AfterGroupName[64];
7610 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
7613 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
7614 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
7615 if (strlen(BeforeGroupName) == 0)
7618 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
7619 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
7620 after[CONTAINER_ROWID]);
7624 if (strcasecmp(BeforeGroupName, AfterGroupName))
7626 argv[L_NAME] = BeforeGroupName;
7627 argv[L_NAME + 1] = AfterGroupName;
7628 argv[L_ACTIVE + 1] = "1";
7629 argv[L_PUBLIC + 1] = "0";
7630 argv[L_HIDDEN + 1] = "0";
7631 argv[L_MAILLIST + 1] = "0";
7632 argv[L_GROUP + 1] = "1";
7633 argv[L_GID + 1] = UNIQUE_GID;
7634 argv[L_NFSGROUP + 1] = "0";
7635 argv[L_MAILMAN + 1] = "0";
7636 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
7637 argv[L_DESC + 1] = "auto created container group";
7638 argv[L_ACE_TYPE + 1] = "USER";
7639 argv[L_MEMACE_TYPE + 1] = "USER";
7640 argv[L_ACE_NAME + 1] = "sms";
7641 argv[L_MEMACE_NAME + 1] = "sms";
7643 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
7646 "Unable to rename container group from %s to %s: %s",
7647 BeforeGroupName, AfterGroupName, error_message(rc));
7654 int Moira_container_group_delete(char **before)
7659 char ParentGroupName[64];
7661 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
7662 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
7664 memset(GroupName, '\0', sizeof(GroupName));
7666 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
7667 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
7669 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
7671 argv[0] = ParentGroupName;
7673 argv[2] = GroupName;
7675 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
7678 "Unable to delete container group %s from list: %s",
7679 GroupName, ParentGroupName, error_message(rc));
7683 if (strlen(GroupName) != 0)
7685 argv[0] = GroupName;
7687 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
7689 com_err(whoami, 0, "Unable to delete container group %s : %s",
7690 GroupName, error_message(rc));
7697 int Moira_groupname_create(char *GroupName, char *ContainerName,
7698 char *ContainerRowID)
7703 char newGroupName[64];
7704 char tempGroupName[64];
7710 strcpy(temp, ContainerName);
7712 ptr1 = strrchr(temp, '/');
7718 ptr1 = strrchr(temp, '/');
7722 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
7725 strcpy(tempgname, ptr);
7728 strcpy(tempgname, temp);
7730 if (strlen(tempgname) > 25)
7731 tempgname[25] ='\0';
7733 sprintf(newGroupName, "cnt-%s", tempgname);
7735 /* change everything to lower case */
7741 *ptr = tolower(*ptr);
7749 strcpy(tempGroupName, newGroupName);
7752 /* append 0-9 then a-z if a duplicate is found */
7755 argv[0] = newGroupName;
7757 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
7759 if (rc == MR_NO_MATCH)
7761 com_err(whoami, 0, "Moira error while creating group name for "
7762 "container %s : %s", ContainerName, error_message(rc));
7766 sprintf(newGroupName, "%s-%c", tempGroupName, i);
7770 com_err(whoami, 0, "Unable to find a unique group name for "
7771 "container %s: too many duplicate container names",
7782 strcpy(GroupName, newGroupName);
7786 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
7791 argv[0] = origContainerName;
7792 argv[1] = GroupName;
7794 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
7797 "Unable to set container group %s in container %s: %s",
7798 GroupName, origContainerName, error_message(rc));
7804 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
7806 char ContainerName[64];
7807 char ParentGroupName[64];
7811 strcpy(ContainerName, origContainerName);
7813 Moira_getGroupName(ContainerName, ParentGroupName, 1);
7815 /* top-level container */
7816 if (strlen(ParentGroupName) == 0)
7819 argv[0] = ParentGroupName;
7821 argv[2] = GroupName;
7823 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
7826 "Unable to add container group %s to parent group %s: %s",
7827 GroupName, ParentGroupName, error_message(rc));
7833 int Moira_getContainerGroup(int ac, char **av, void *ptr)
7838 strcpy(call_args[0], av[1]);
7843 int Moira_getGroupName(char *origContainerName, char *GroupName,
7846 char ContainerName[64];
7852 strcpy(ContainerName, origContainerName);
7856 ptr = strrchr(ContainerName, '/');
7864 argv[0] = ContainerName;
7866 call_args[0] = GroupName;
7867 call_args[1] = NULL;
7869 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
7872 if (strlen(GroupName) != 0)
7877 com_err(whoami, 0, "Unable to get container group from container %s: %s",
7878 ContainerName, error_message(rc));
7880 com_err(whoami, 0, "Unable to get container group from container %s",
7886 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
7892 if (strcmp(GroupName, "[none]") == 0)
7895 argv[0] = GroupName;
7896 argv[1] = "MACHINE";
7897 argv[2] = MachineName;
7900 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
7902 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
7906 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
7907 MachineName, GroupName, error_message(rc));
7913 int GetMachineName(char *MachineName)
7916 char NewMachineName[1024];
7923 // If the address happens to be in the top-level MIT domain, great!
7924 strcpy(NewMachineName, MachineName);
7926 for (i = 0; i < (int)strlen(NewMachineName); i++)
7927 NewMachineName[i] = toupper(NewMachineName[i]);
7929 szDot = strchr(NewMachineName,'.');
7931 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
7936 // If not, see if it has a Moira alias in the top-level MIT domain.
7937 memset(NewMachineName, '\0', sizeof(NewMachineName));
7939 args[1] = MachineName;
7940 call_args[0] = NewMachineName;
7941 call_args[1] = NULL;
7943 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
7945 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
7946 MachineName, error_message(rc));
7947 strcpy(MachineName, "");
7951 if (strlen(NewMachineName) != 0)
7952 strcpy(MachineName, NewMachineName);
7954 strcpy(MachineName, "");
7959 int ProcessMachineName(int ac, char **av, void *ptr)
7962 char MachineName[1024];
7968 if (strlen(call_args[0]) == 0)
7970 strcpy(MachineName, av[0]);
7972 for (i = 0; i < (int)strlen(MachineName); i++)
7973 MachineName[i] = toupper(MachineName[i]);
7975 szDot = strchr(MachineName,'.');
7977 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
7979 strcpy(call_args[0], MachineName);
7986 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
7992 for (i = 0; i < n; i++)
7994 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
7995 mods[i]->mod_type = "uidNumber";
8002 for (i = 0; i < n; i++)
8004 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8005 mods[i]->mod_type = "msSFU30UidNumber";
8012 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8013 char *DistinguishedName,
8014 char *WinHomeDir, char *WinProfileDir,
8015 char **homedir_v, char **winProfile_v,
8016 char **drives_v, LDAPMod **mods,
8024 char winProfile[1024];
8027 char apple_homedir[1024];
8028 char *apple_homedir_v[] = {NULL, NULL};
8032 LDAPMod *DelMods[20];
8034 memset(homeDrive, '\0', sizeof(homeDrive));
8035 memset(path, '\0', sizeof(path));
8036 memset(winPath, '\0', sizeof(winPath));
8037 memset(winProfile, '\0', sizeof(winProfile));
8040 if(!ActiveDirectory)
8042 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8044 memset(cWeight, 0, sizeof(cWeight));
8045 memset(cPath, 0, sizeof(cPath));
8049 while (hp[i] != NULL)
8051 if (sscanf(hp[i], "%*s %s", cPath))
8053 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8055 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8057 if (atoi(cWeight) < last_weight)
8059 strcpy(path, cPath);
8060 last_weight = (int)atoi(cWeight);
8064 strcpy(path, cPath);
8072 if (!strnicmp(path, AFS, strlen(AFS)))
8074 sprintf(homedir, "%s", path);
8075 sprintf(apple_homedir, "%s/MacData", path);
8076 homedir_v[0] = homedir;
8077 apple_homedir_v[0] = apple_homedir;
8078 ADD_ATTR("homeDirectory", homedir_v, OpType);
8079 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8085 if(user_name[0] && user_name[1])
8087 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8088 user_name[0], user_name[1], user_name);
8089 sprintf(apple_homedir, "%s/MacData", homedir);
8090 homedir_v[0] = "NONE";
8091 apple_homedir_v[0] = "NONE";
8092 ADD_ATTR("homeDirectory", homedir_v, OpType);
8093 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8100 if(user_name[0] && user_name[1])
8102 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s",
8103 user_name[0], user_name[1], user_name);
8104 sprintf(apple_homedir, "%s/MacData", homedir);
8105 homedir_v[0] = "NONE";
8106 apple_homedir_v[0] = "NONE";
8107 ADD_ATTR("homeDirectory", homedir_v, OpType);
8108 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8115 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8116 (!strcasecmp(WinProfileDir, "[afs]")))
8118 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
8120 memset(cWeight, 0, sizeof(cWeight));
8121 memset(cPath, 0, sizeof(cPath));
8125 while (hp[i] != NULL)
8127 if (sscanf(hp[i], "%*s %s", cPath))
8129 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
8131 if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
8133 if (atoi(cWeight) < last_weight)
8135 strcpy(path, cPath);
8136 last_weight = (int)atoi(cWeight);
8140 strcpy(path, cPath);
8148 if (!strnicmp(path, AFS, strlen(AFS)))
8150 AfsToWinAfs(path, winPath);
8151 strcpy(winProfile, winPath);
8152 strcat(winProfile, "\\.winprofile");
8160 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8161 (!strcasecmp(WinProfileDir, "[dfs]")))
8163 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8164 user_name[0], user_name);
8166 if (!strcasecmp(WinProfileDir, "[dfs]"))
8168 strcpy(winProfile, path);
8169 strcat(winProfile, "\\.winprofile");
8172 if (!strcasecmp(WinHomeDir, "[dfs]"))
8173 strcpy(winPath, path);
8186 if (!strcasecmp(WinHomeDir, "[local]"))
8187 memset(winPath, '\0', sizeof(winPath));
8188 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8189 !strcasecmp(WinHomeDir, "[dfs]"))
8191 strcpy(homeDrive, "H:");
8195 strcpy(winPath, WinHomeDir);
8196 if (!strncmp(WinHomeDir, "\\\\", 2))
8198 strcpy(homeDrive, "H:");
8202 // nothing needs to be done if WinProfileDir is [afs].
8203 if (!strcasecmp(WinProfileDir, "[local]"))
8204 memset(winProfile, '\0', sizeof(winProfile));
8205 else if (strcasecmp(WinProfileDir, "[afs]") &&
8206 strcasecmp(WinProfileDir, "[dfs]"))
8208 strcpy(winProfile, WinProfileDir);
8211 if (strlen(winProfile) != 0)
8213 if (winProfile[strlen(winProfile) - 1] == '\\')
8214 winProfile[strlen(winProfile) - 1] = '\0';
8217 if (strlen(winPath) != 0)
8219 if (winPath[strlen(winPath) - 1] == '\\')
8220 winPath[strlen(winPath) - 1] = '\0';
8223 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8224 strcat(winProfile, "\\");
8226 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8227 strcat(winPath, "\\");
8229 if (strlen(winPath) == 0)
8231 if (OpType == LDAP_MOD_REPLACE)
8234 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8236 //unset homeDirectory attribute for user.
8237 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8243 homedir_v[0] = strdup(winPath);
8244 ADD_ATTR("homeDirectory", homedir_v, OpType);
8247 if (strlen(winProfile) == 0)
8249 if (OpType == LDAP_MOD_REPLACE)
8252 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8254 //unset profilePate attribute for user.
8255 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8261 winProfile_v[0] = strdup(winProfile);
8262 ADD_ATTR("profilePath", winProfile_v, OpType);
8265 if (strlen(homeDrive) == 0)
8267 if (OpType == LDAP_MOD_REPLACE)
8270 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8272 //unset homeDrive attribute for user
8273 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8279 drives_v[0] = strdup(homeDrive);
8280 ADD_ATTR("homeDrive", drives_v, OpType);
8286 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8287 char *attribute_value, char *attribute, char *user_name)
8289 char *mod_v[] = {NULL, NULL};
8290 LDAPMod *DelMods[20];
8296 if (strlen(attribute_value) == 0)
8299 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8301 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8307 mod_v[0] = attribute_value;
8308 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8311 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8312 mods)) != LDAP_SUCCESS)
8316 mod_v[0] = attribute_value;
8317 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8320 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8321 mods)) != LDAP_SUCCESS)
8323 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8325 attribute, user_name, ldap_err2string(rc));
8335 void StringTrim(char *StringToTrim)
8340 save = strdup(StringToTrim);
8347 /* skip to end of string */
8352 strcpy(StringToTrim, save);
8356 for (t = s; *t; t++)
8372 strcpy(StringToTrim, s);
8376 int ReadConfigFile(char *DomainName)
8387 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8389 if ((fptr = fopen(temp, "r")) != NULL)
8391 while (fgets(temp, sizeof(temp), fptr) != 0)
8393 for (i = 0; i < (int)strlen(temp); i++)
8394 temp[i] = toupper(temp[i]);
8396 if (temp[strlen(temp) - 1] == '\n')
8397 temp[strlen(temp) - 1] = '\0';
8401 if (strlen(temp) == 0)
8404 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8406 if (strlen(temp) > (strlen(DOMAIN)))
8408 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8409 StringTrim(ldap_domain);
8412 else if (!strncmp(temp, REALM, strlen(REALM)))
8414 if (strlen(temp) > (strlen(REALM)))
8416 strcpy(ldap_realm, &temp[strlen(REALM)]);
8417 StringTrim(ldap_realm);
8420 else if (!strncmp(temp, PORT, strlen(PORT)))
8422 if (strlen(temp) > (strlen(PORT)))
8424 strcpy(ldap_port, &temp[strlen(PORT)]);
8425 StringTrim(ldap_port);
8428 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8430 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8432 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8433 StringTrim(PrincipalName);
8436 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8438 if (strlen(temp) > (strlen(SERVER)))
8440 ServerList[Count] = calloc(1, 256);
8441 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8442 StringTrim(ServerList[Count]);
8446 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8448 if (strlen(temp) > (strlen(MSSFU)))
8450 strcpy(temp1, &temp[strlen(MSSFU)]);
8452 if (!strcmp(temp1, SFUTYPE))
8456 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8458 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8460 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8462 if (!strcasecmp(temp1, "NO"))
8465 memset(group_suffix, '\0', sizeof(group_suffix));
8469 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8471 if (strlen(temp) > (strlen(GROUP_TYPE)))
8473 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8475 if (!strcasecmp(temp1, "UNIVERSAL"))
8476 UseGroupUniversal = 1;
8479 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8481 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8483 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8485 if (!strcasecmp(temp1, "NO"))
8489 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8491 if (strlen(temp) > (strlen(SET_PASSWORD)))
8493 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8495 if (!strcasecmp(temp1, "NO"))
8499 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8501 if (strlen(temp) > (strlen(EXCHANGE)))
8503 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8505 if (!strcasecmp(temp1, "YES"))
8509 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8510 strlen(PROCESS_MACHINE_CONTAINER)))
8512 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8514 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8516 if (!strcasecmp(temp1, "NO"))
8517 ProcessMachineContainer = 0;
8520 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8521 strlen(ACTIVE_DIRECTORY)))
8523 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8525 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8527 if (!strcasecmp(temp1, "NO"))
8528 ActiveDirectory = 0;
8533 if (strlen(ldap_domain) != 0)
8535 memset(ldap_domain, '\0', sizeof(ldap_domain));
8539 if (strlen(temp) != 0)
8540 strcpy(ldap_domain, temp);
8546 if (strlen(ldap_domain) == 0)
8548 strcpy(ldap_domain, DomainName);
8554 for (i = 0; i < Count; i++)
8556 if (ServerList[i] != 0)
8558 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8559 ServerList[i][k] = toupper(ServerList[i][k]);
8566 int ReadDomainList()
8573 unsigned char c[11];
8574 unsigned char stuff[256];
8579 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
8581 if ((fptr = fopen(temp, "r")) != NULL)
8583 while (fgets(temp, sizeof(temp), fptr) != 0)
8585 for (i = 0; i < (int)strlen(temp); i++)
8586 temp[i] = toupper(temp[i]);
8588 if (temp[strlen(temp) - 1] == '\n')
8589 temp[strlen(temp) - 1] = '\0';
8593 if (strlen(temp) == 0)
8596 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8598 if (strlen(temp) > (strlen(DOMAIN)))
8600 strcpy(temp1, &temp[strlen(DOMAIN)]);
8602 strcpy(temp, temp1);
8606 strcpy(DomainNames[Count], temp);
8607 StringTrim(DomainNames[Count]);
8616 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
8617 "configuration error in ldap.cfg");
8624 int email_isvalid(const char *address) {
8626 const char *c, *domain;
8627 static char *rfc822_specials = "()<>@,;:\\\"[]";
8629 if(address[strlen(address) - 1] == '.')
8632 /* first we validate the name portion (name@domain) */
8633 for (c = address; *c; c++) {
8634 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
8639 if (*c == '\\' && (*++c == ' '))
8641 if (*c <= ' ' || *c >= 127)
8656 if (*c <= ' ' || *c >= 127)
8658 if (strchr(rfc822_specials, *c))
8662 if (c == address || *(c - 1) == '.')
8665 /* next we validate the domain portion (name@domain) */
8666 if (!*(domain = ++c)) return 0;
8669 if (c == domain || *(c - 1) == '.')
8673 if (*c <= ' ' || *c >= 127)
8675 if (strchr(rfc822_specials, *c))
8679 return (count >= 1);
8682 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
8683 char **homeServerName)
8685 LK_ENTRY *group_base;
8686 LK_ENTRY *sub_group_base;
8690 int sub_group_count;
8692 char sub_filter[1024];
8693 char search_path[1024];
8695 char *attr_array[3];
8697 int homeMDB_count = -1;
8701 int rangeStep = 1500;
8703 int rangeHigh = rangeLow + (rangeStep - 1);
8706 /* Grumble..... microsoft not making it searchable from the root *grr* */
8708 memset(filter, '\0', sizeof(filter));
8709 memset(search_path, '\0', sizeof(search_path));
8711 sprintf(filter, "(objectClass=msExchMDB)");
8712 sprintf(search_path, "CN=Configuration,%s", dn_path);
8713 attr_array[0] = "distinguishedName";
8714 attr_array[1] = NULL;
8719 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
8720 &group_base, &group_count,
8721 LDAP_SCOPE_SUBTREE)) != 0)
8723 com_err(whoami, 0, "Unable to find msExchMDB %s",
8724 ldap_err2string(rc));
8733 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
8734 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
8735 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
8742 * Due to limits in active directory we need to use the LDAP
8743 * range semantics to query and return all the values in
8744 * large lists, we will stop increasing the range when
8745 * the result count is 0.
8753 memset(sub_filter, '\0', sizeof(sub_filter));
8754 memset(range, '\0', sizeof(range));
8755 sprintf(sub_filter, "(objectClass=msExchMDB)");
8758 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
8760 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
8762 attr_array[0] = range;
8763 attr_array[1] = NULL;
8765 sub_group_base = NULL;
8766 sub_group_count = 0;
8768 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
8769 attr_array, &sub_group_base,
8771 LDAP_SCOPE_SUBTREE)) != 0)
8773 com_err(whoami, 0, "Unable to find homeMDBBL %s",
8774 ldap_err2string(rc));
8778 if(!sub_group_count)
8784 rangeHigh = rangeLow + (rangeStep - 1);
8791 mdbbl_count += sub_group_count;
8792 rangeLow = rangeHigh + 1;
8793 rangeHigh = rangeLow + (rangeStep - 1);
8796 /* First time through, need to initialize or update the least used */
8798 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
8801 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
8803 homeMDB_count = mdbbl_count;
8804 *homeMDB = strdup(gPtr->dn);
8808 linklist_free(sub_group_base);
8812 linklist_free(group_base);
8815 * Ok found the server least allocated need to now query to get its
8816 * msExchHomeServerName so we can set it as a user attribute
8819 attr_array[0] = "legacyExchangeDN";
8820 attr_array[1] = NULL;
8825 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
8826 attr_array, &group_base,
8828 LDAP_SCOPE_SUBTREE)) != 0)
8830 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
8831 ldap_err2string(rc));
8837 *homeServerName = strdup(group_base->value);
8838 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
8844 linklist_free(group_base);
8849 char *lowercase(char *s)
8853 for (p = s; *p; p++)
8861 char *uppercase(char *s)
8865 for (p = s; *p; p++)
8873 char *escape_string(char *s)
8881 memset(string, '\0', sizeof(string));
8885 /* Replace leading spaces */
8887 while(isspace(*q)) {
8894 /* Escape any special characters */
8896 for(; *q != '\0'; q++) {
8919 return strdup(string);
8922 int save_query_info(int argc, char **argv, void *hint)
8925 char **nargv = hint;
8927 for(i = 0; i < argc; i++)
8928 nargv[i] = strdup(argv[i]);