2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * imembers 0 9 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
31 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
33 * test parameters for remove member from group/list - done
34 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
35 * imembers 9 0 pismere-team STRING hope@ful.net 1 1 0 1 1 -1
36 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
38 * test parameters for creating and/or populating a group/list - done
39 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
40 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
42 * test parameters for deleting a group/list - done
43 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
44 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
46 * test parameters for renaming a group/list - done
47 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
48 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
49 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
51 #include <mit-copyright.h>
63 #include <moira_site.h>
73 #define ECONNABORTED WSAECONNABORTED
76 #define ECONNREFUSED WSAECONNREFUSED
79 #define EHOSTUNREACH WSAEHOSTUNREACH
81 #define krb5_xfree free
83 #define sleep(A) Sleep(A * 1000);
87 #include <sys/types.h>
88 #include <netinet/in.h>
89 #include <arpa/nameser.h>
91 #include <sys/utsname.h>
94 #define strnicmp(A,B,C) strncasecmp(A,B,C)
95 #define UCHAR unsigned char
97 #define UF_SCRIPT 0x0001
98 #define UF_ACCOUNTDISABLE 0x0002
99 #define UF_HOMEDIR_REQUIRED 0x0008
100 #define UF_LOCKOUT 0x0010
101 #define UF_PASSWD_NOTREQD 0x0020
102 #define UF_PASSWD_CANT_CHANGE 0x0040
103 #define UF_DONT_EXPIRE_PASSWD 0x10000
105 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
106 #define UF_NORMAL_ACCOUNT 0x0200
107 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
108 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
109 #define UF_SERVER_TRUST_ACCOUNT 0x2000
112 #define BYTE unsigned char
114 typedef unsigned int DWORD;
115 typedef unsigned long ULONG;
120 unsigned short Data2;
121 unsigned short Data3;
122 unsigned char Data4[8];
125 typedef struct _SID_IDENTIFIER_AUTHORITY {
127 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
129 typedef struct _SID {
131 BYTE SubAuthorityCount;
132 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
133 DWORD SubAuthority[512];
138 #define WINAFS "\\\\afs\\all\\"
140 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
141 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
142 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
143 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
144 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
146 #define QUERY_VERSION -1
147 #define PRIMARY_REALM "ATHENA.MIT.EDU"
156 #define MEMBER_REMOVE 2
157 #define MEMBER_CHANGE_NAME 3
158 #define MEMBER_ACTIVATE 4
159 #define MEMBER_DEACTIVATE 5
160 #define MEMBER_CREATE 6
162 #define MOIRA_ALL 0x0
163 #define MOIRA_USERS 0x1
164 #define MOIRA_KERBEROS 0x2
165 #define MOIRA_STRINGS 0x4
166 #define MOIRA_LISTS 0x8
169 #define ADFS_DELETE 2
171 typedef struct lk_entry {
181 struct lk_entry *next;
184 #define STOP_FILE "/moira/winad/nowinad"
185 #define file_exists(file) (access((file), F_OK) == 0)
187 #define LDAP_BERVAL struct berval
188 #define MAX_SERVER_NAMES 32
190 #define ADD_ATTR(t, v, o) \
191 mods[n] = malloc(sizeof(LDAPMod)); \
192 mods[n]->mod_op = o; \
193 mods[n]->mod_type = t; \
194 mods[n++]->mod_values = v
196 LK_ENTRY *member_base = NULL;
197 LK_ENTRY *sid_base = NULL;
198 LK_ENTRY **sid_ptr = NULL;
199 static char tbl_buf[1024];
200 char kerberos_ou[] = "OU=kerberos, OU=moira";
201 char contact_ou[] = "OU=strings, OU=moira";
202 char user_ou[] = "OU=users, OU=moira";
203 char group_ou_distribution[] = "OU=mail, OU=lists, OU=moira";
204 char group_ou_root[] = "OU=lists, OU=moira";
205 char group_ou_security[] = "OU=group, OU=lists, OU=moira";
206 char group_ou_neither[] = "OU=special, OU=lists, OU=moira";
207 char group_ou_both[] = "OU=mail, OU=group, OU=lists, OU=moira";
209 char group_manager[64];
210 char ldap_domain[256];
215 int mr_connections = 0;
217 char default_server[256];
218 static char tbl_buf[1024];
220 extern int set_password(char *user, char *password, char *domain);
222 void AfsToWinAfs(char* path, char* winPath);
223 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
224 char *Win2kPassword, char *Win2kUser, char *default_server,
226 void ad_kdc_disconnect();
227 void check_winad(void);
228 void expand_groups(LDAP *ldap_handle, char *dn_path, char *group_name);
229 int filesys_process(int ac, char **av, void *ptr);
230 int user_create(int ac, char **av, void *ptr);
231 int user_change_status(int ac, char **av, void *ptr);
232 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
233 int user_rename(int ac, char **av, void *ptr);
234 int user_update(int ac, char **av, void *ptr);
235 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
236 int get_group_info(int ac, char**av, void *ptr);
237 int group_create(int ac, char **av, void *ptr);
238 int group_delete(int ac, char **av, void *ptr);
239 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name);
240 int group_list_build(int ac, char **av, void *ptr);
241 int group_rename(int ac, char **av, void *ptr);
242 int list_list_build(int ac, char **av, void *ptr);
243 int member_list_build(int ac, char **av, void *ptr);
244 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
245 char *group_ou, char *group_membership, char *group_gid,
247 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
248 char *group_ou, char *group_membership, char *group_gid);
249 int sid_update(LDAP *ldap_handle, char *dn_path);
250 int check_string(char *s);
251 void convert_b_to_a(char *string, UCHAR *binary, int length);
252 int mr_connect_cl(char *server, char *client, int version, int auth);
254 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
255 char **before, int beforec, char **after, int afterc);
256 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
257 char **before, int beforec, char **after, int afterc);
258 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
259 char **before, int beforec, char **after, int afterc);
260 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
261 char **before, int beforec, char **after, int afterc);
262 int linklist_create_entry(char *attribute, char *value,
263 LK_ENTRY **linklist_entry);
264 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
265 char **attr_array, LK_ENTRY **linklist_base,
266 int *linklist_count);
267 void linklist_free(LK_ENTRY *linklist_base);
269 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
270 char *distinguished_name, LK_ENTRY **linklist_current);
271 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
272 LK_ENTRY **linklist_base, int *linklist_count);
273 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
274 char *Attribute, char *distinguished_name,
275 LK_ENTRY **linklist_current);
277 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
278 char *oldValue, char *newValue,
279 char ***modvalues, int type);
280 void free_values(char **modvalues);
282 int convert_domain_to_dn(char *domain, char **bind_path);
283 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
284 char *distinguished_name);
285 int moira_disconnect(void);
286 int moira_connect(void);
287 void print_to_screen(const char *fmt, ...);
289 int main(int argc, char **argv)
302 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
306 com_err(whoami, 0, "%s", "argc < 4");
309 beforec = atoi(argv[2]);
310 afterc = atoi(argv[3]);
312 if (argc < (4 + beforec + afterc))
314 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
320 after = &argv[4 + beforec];
322 for (i = 1; i < argc; i++)
324 strcat(tbl_buf, argv[i]);
325 strcat(tbl_buf, " ");
327 com_err(whoami, 0, "%s", tbl_buf);
331 memset(ldap_domain, '\0', sizeof(ldap_domain));
332 if ((fptr = fopen("/moira/winad/winad.cfg", "r")) != NULL)
334 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
337 if (strlen(ldap_domain) == 0)
338 strcpy(ldap_domain, "win.mit.edu");
339 initialize_sms_error_table();
340 initialize_krb_error_table();
342 memset(default_server, '\0', sizeof(default_server));
343 memset(dn_path, '\0', sizeof(dn_path));
344 if (ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))
346 com_err(whoami, 0, "%s %s", "cannot connect to any server in domain ",
351 for (i = 0; i < (int)strlen(table); i++)
352 table[i] = tolower(table[i]);
353 if (!strcmp(table, "users"))
354 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
356 else if (!strcmp(table, "list"))
357 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
359 else if (!strcmp(table, "imembers"))
360 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
362 else if (!strcmp(table, "filesys"))
363 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
366 else if (!strcmp(table, "quota"))
367 do_quota(before, beforec, after, afterc);
371 rc = ldap_unbind_s(ldap_handle);
375 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
376 char **before, int beforec, char **after, int afterc)
386 if (rc = moira_connect())
388 critical_alert("AD incremental",
389 "Error contacting Moira server : %s",
394 if (afterc < FS_CREATE)
398 atype = !strcmp(after[FS_TYPE], "AFS");
399 acreate = atoi(after[FS_CREATE]);
402 if (beforec < FS_CREATE)
404 if (acreate == 0 || atype == 0)
406 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
407 av[0] = after[FS_NAME];
408 call_args[0] = (char *)ldap_handle;
409 call_args[1] = dn_path;
410 call_args[2] = after[FS_NAME];
411 call_args[3] = (char *)ADFS_ADD;
412 if (rc = mr_query("get_filesys_by_label", 1, av, filesys_process, call_args))
414 critical_alert("AD incremental", "Couldn't process filesys %s : %s",
415 after[FS_NAME], error_message(rc));
421 btype = !strcmp(before[FS_TYPE], "AFS");
422 bcreate = atoi(before[FS_CREATE]);
423 if (afterc < FS_CREATE)
425 if (btype && bcreate)
427 av[0] = before[FS_NAME];
428 av[1] = before[FS_TYPE];
429 call_args[0] = (char *)ldap_handle;
430 call_args[1] = dn_path;
431 call_args[2] = before[FS_NAME];
432 call_args[3] = (char *)ADFS_DELETE;
433 if (filesys_process(beforec, before, (void *)call_args))
435 critical_alert("AD incremental", "Couldn't delete filesys %s : %s",
436 before[FS_NAME], error_message(rc));
445 if (!atype && !btype)
447 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
449 critical_alert("incremental", "Filesystem %s or %s is not AFS: "
450 "Operation not supported", before[FS_NAME], after[FS_NAME]);
454 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
455 av[0] = after[FS_NAME];
456 call_args[0] = (char *)ldap_handle;
457 call_args[1] = dn_path;
458 call_args[2] = after[FS_NAME];
459 call_args[3] = (char *)ADFS_ADD;
460 if (rc = mr_query("get_filesys_by_label", 1, av, filesys_process, call_args))
462 critical_alert("AD incremental", "Couldn't process filesys %s : %s",
463 after[FS_NAME], error_message(rc));
470 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
471 char **before, int beforec, char **after, int afterc)
487 if (beforec == 0 && afterc == 0)
490 astatus = bstatus = 0;
492 apublic = bpublic = 0;
493 amaillist = bmaillist = 0;
496 if (atoi(before[L_ACTIVE]))
498 bstatus = atoi(before[L_ACTIVE]);
499 bhide = atoi(before[L_HIDDEN]);
500 bpublic = atoi(before[L_PUBLIC]);
501 bmaillist = atoi(before[L_MAILLIST]);
502 bgroup = atoi(before[L_GROUP]);
507 if (atoi(after[L_ACTIVE]))
509 astatus = atoi(after[L_ACTIVE]);
510 ahide = atoi(after[L_HIDDEN]);
511 apublic = atoi(after[L_PUBLIC]);
512 amaillist = atoi(after[L_MAILLIST]);
513 agroup = atoi(after[L_GROUP]);
517 if (rc = moira_connect())
519 critical_alert("AD incremental",
520 "Error contacting Moira server : %s",
525 if (astatus && bstatus)
527 if ((bmaillist == amaillist) && (bgroup == agroup) &&
528 (!strcmp(before[L_NAME], after[L_NAME])))
530 com_err(whoami, 0, "Changing group %s to %s",
531 before[L_NAME], after[L_NAME]);
533 av[0] = after[L_NAME];
534 call_args[0] = (char *)ldap_handle;
535 call_args[1] = dn_path;
536 call_args[2] = before[L_NAME];
537 call_args[3] = before[L_MAILLIST];
538 call_args[4] = before[L_GROUP];
541 if (rc = mr_query("get_list_info", 1, av, group_rename, call_args))
543 if (callback_rc != LDAP_NO_SUCH_OBJECT)
545 critical_alert("AD incremental",
546 "Could not change list %s to %s : %s",
548 after[L_NAME], error_message(rc));
551 callback_rc = LDAP_NO_SUCH_OBJECT;
553 if (callback_rc != LDAP_NO_SUCH_OBJECT)
559 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
560 rc = group_ad_delete(ldap_handle, dn_path, before[L_NAME]);
565 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
568 av[0] = after[L_NAME];
569 call_args[0] = (char *)ldap_handle;
570 call_args[1] = dn_path;
571 call_args[2] = after[L_NAME];
575 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
578 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
580 critical_alert("AD incremental", "Couldn't create list %s : %s",
581 after[L_NAME], error_message(rc));
584 if ((call_args[3] == NULL) || (call_args[4] == NULL) || (call_args[5] == NULL))
586 linklist_free(member_base);
587 linklist_free(sid_base);
592 if (sid_base != NULL)
594 sid_update(ldap_handle, dn_path);
595 linklist_free(sid_base);
604 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
607 if (member_base != NULL)
609 rc = member_list_process(ldap_handle, dn_path, after[L_NAME],
610 call_args[3], call_args[4], call_args[5],
611 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
612 expand_groups(ldap_handle, dn_path, after[L_NAME]);
617 critical_alert("AD incremental",
618 "Error contacting Moira server to resolve %s : %s",
619 after[L_NAME], error_message(rc));
621 linklist_free(member_base);
629 #define LM_EXTRA_ACTIVE (LM_END)
631 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
632 char **before, int beforec, char **after, int afterc)
636 char group_name[128];
643 if (!atoi(after[LM_EXTRA_ACTIVE]))
645 strcpy(user_name, after[LM_MEMBER]);
646 strcpy(group_name, after[LM_LIST]);
647 strcpy(user_type, after[LM_TYPE]);
652 if (!atoi(before[LM_EXTRA_ACTIVE]))
654 strcpy(user_name, before[LM_MEMBER]);
655 strcpy(group_name, before[LM_LIST]);
656 strcpy(user_type, before[LM_TYPE]);
659 if (rc = moira_connect())
661 critical_alert("AD incremental",
662 "Moira error retrieving grouplist of user %s : %s",
663 user_name, error_message(rc));
666 com_err(whoami, 0, "Updating list %s membership for user %s.", group_name,
669 call_args[0] = (char *)ldap_handle;
670 call_args[1] = dn_path;
671 call_args[2] = group_name;
675 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
679 if (!(rc = mr_query("get_list_info", 1, av, group_create, call_args)))
682 if ((call_args[3] != NULL) && (call_args[4] != NULL) && (call_args[5]
686 if (sid_base != NULL)
688 sid_update(ldap_handle, dn_path);
689 linklist_free(sid_base);
695 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
698 if (member_base == NULL)
700 member_remove(ldap_handle, dn_path, group_name,
701 call_args[3], call_args[4], call_args[5]);
705 rc = member_list_process(ldap_handle, dn_path, group_name,
706 call_args[3], call_args[4], call_args[5],
707 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
708 expand_groups(ldap_handle, dn_path, group_name);
716 critical_alert("AD incremental", "Couldn't add %s to group %s ",
717 user_name, group_name);
719 critical_alert("AD incremental", "Couldn't remove %s from group %s ",
720 user_name, group_name);
722 linklist_free(member_base);
723 linklist_free(sid_base);
725 if (call_args[3] != NULL)
727 if (call_args[4] != NULL)
733 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
734 char **before, int beforec, char **after,
743 if ((beforec == 0) || (afterc == 0))
748 if (afterc > U_STATE)
749 astate = atoi(after[U_STATE]);
750 if (beforec > U_STATE)
751 bstate = atoi(before[U_STATE]);
758 if ((bstate == 0) && (astate == 0))
761 if (rc = moira_connect())
763 critical_alert("AD incremental",
764 "Error connection to Moira : %s",
769 if (astate == bstate)
771 if (!strcmp(before[U_NAME], after[U_NAME]))
773 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
774 av[0] = before[U_NAME];
775 call_args[0] = (char *)ldap_handle;
776 call_args[1] = dn_path;
780 if (rc = mr_query("get_user_account_by_login", 1, av, user_update,
783 if (callback_rc != LDAP_NO_SUCH_OBJECT)
785 critical_alert("AD incremental",
786 "Could not update user %s info : %s",
795 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
797 av[0] = after[U_NAME];
798 call_args[0] = (char *)ldap_handle;
799 call_args[1] = dn_path;
800 call_args[2] = (char *)MEMBER_ACTIVATE;
801 call_args[3] = before[U_NAME];
805 if (rc = mr_query("get_user_account_by_login", 1, av, user_rename,
808 if (callback_rc != LDAP_NO_SUCH_OBJECT)
810 critical_alert("AD incremental",
811 "Could not change user %s to %s : %s",
813 after[U_NAME], error_message(rc));
818 if (callback_rc != LDAP_NO_SUCH_OBJECT)
824 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
825 av[0] = before[U_NAME];
826 call_args[0] = (char *)ldap_handle;
827 call_args[1] = dn_path;
828 call_args[2] = (char *)MEMBER_DEACTIVATE;
829 if (rc = mr_query("get_user_account_by_login", 1, av, user_change_status,
832 critical_alert("AD incremental",
833 "Couldn't deactivate user %s in the AD : %s",
834 before[U_NAME], error_message(rc));
840 com_err(whoami, 0, "%s user %s", "Creating/Reactivating",
843 av[0] = after[U_NAME];
844 call_args[0] = (char *)ldap_handle;
845 call_args[1] = dn_path;
846 call_args[2] = (char *)MEMBER_ACTIVATE;
850 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
853 critical_alert("AD incremental", "Couldn't create/activate user %s : %s",
854 after[U_NAME], error_message(rc));
857 if (sid_base != NULL)
859 sid_update(ldap_handle, dn_path);
860 linklist_free(sid_base);
867 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
868 char *oldValue, char *newValue,
869 char ***modvalues, int type)
871 LK_ENTRY *linklist_ptr;
875 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
880 for (i = 0; i < (modvalue_count + 1); i++)
881 (*modvalues)[i] = NULL;
882 if (modvalue_count != 0)
884 linklist_ptr = linklist_base;
885 for (i = 0; i < modvalue_count; i++)
887 if ((oldValue != NULL) && (newValue != NULL))
889 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
894 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
897 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
898 strcpy((*modvalues)[i], newValue);
902 if (((*modvalues)[i] = calloc(1,
903 (int)(cPtr - linklist_ptr->value) +
904 (linklist_ptr->length - strlen(oldValue)) +
905 strlen(newValue) + 1)) == NULL)
907 memset((*modvalues)[i], '\0',
908 (int)(cPtr - linklist_ptr->value) +
909 (linklist_ptr->length - strlen(oldValue)) +
910 strlen(newValue) + 1);
911 memcpy((*modvalues)[i], linklist_ptr->value,
912 (int)(cPtr - linklist_ptr->value));
913 strcat((*modvalues)[i], newValue);
914 strcat((*modvalues)[i],
915 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
920 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
921 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
922 memcpy((*modvalues)[i], linklist_ptr->value,
923 linklist_ptr->length);
928 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
929 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
930 memcpy((*modvalues)[i], linklist_ptr->value,
931 linklist_ptr->length);
933 linklist_ptr = linklist_ptr->next;
935 (*modvalues)[i] = NULL;
941 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
942 char **attr_array, LK_ENTRY **linklist_base,
946 LDAPMessage *ldap_entry;
950 (*linklist_base) = NULL;
951 (*linklist_count) = 0;
952 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
953 search_exp, attr_array, 0, &ldap_entry))
956 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
958 ldap_msgfree(ldap_entry);
963 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
964 LK_ENTRY **linklist_base, int *linklist_count)
966 char distinguished_name[1024];
967 LK_ENTRY *linklist_ptr;
970 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
973 memset(distinguished_name, '\0', sizeof(distinguished_name));
974 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
976 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
977 linklist_base)) != 0)
980 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
982 memset(distinguished_name, '\0', sizeof(distinguished_name));
983 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
985 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
986 linklist_base)) != 0)
990 linklist_ptr = (*linklist_base);
991 (*linklist_count) = 0;
992 while (linklist_ptr != NULL)
995 linklist_ptr = linklist_ptr->next;
1000 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1001 char *distinguished_name, LK_ENTRY **linklist_current)
1007 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1009 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1011 ldap_memfree(Attribute);
1012 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1015 retrieve_values(ldap_handle, ldap_entry, Attribute,
1016 distinguished_name, linklist_current);
1017 ldap_memfree(Attribute);
1020 ldap_ber_free(ptr, 0);
1024 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1025 char *Attribute, char *distinguished_name,
1026 LK_ENTRY **linklist_current)
1032 LK_ENTRY *linklist_previous;
1033 LDAP_BERVAL **ber_value;
1041 SID_IDENTIFIER_AUTHORITY *sid_auth;
1042 unsigned char *subauth_count;
1043 #endif /*LDAP_BEGUG*/
1046 memset(temp, '\0', sizeof(temp));
1047 if ((!strcmp(Attribute, "objectSid")) ||
1048 (!strcmp(Attribute, "objectGUID")))
1053 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1054 Ptr = (void **)ber_value;
1059 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1060 Ptr = (void **)str_value;
1067 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1069 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1070 linklist_previous->next = (*linklist_current);
1071 (*linklist_current) = linklist_previous;
1073 if (((*linklist_current)->attribute = calloc(1,
1074 strlen(Attribute) + 1)) == NULL)
1076 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1077 strcpy((*linklist_current)->attribute, Attribute);
1080 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1081 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1083 memset((*linklist_current)->value, '\0', ber_length);
1084 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1086 (*linklist_current)->length = ber_length;
1090 if (((*linklist_current)->value = calloc(1,
1091 strlen(*Ptr) + 1)) == NULL)
1093 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1094 (*linklist_current)->length = strlen(*Ptr);
1095 strcpy((*linklist_current)->value, *Ptr);
1097 (*linklist_current)->ber_value = use_bervalue;
1098 if (((*linklist_current)->dn = calloc(1,
1099 strlen(distinguished_name) + 1)) == NULL)
1101 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1102 strcpy((*linklist_current)->dn, distinguished_name);
1105 if (!strcmp(Attribute, "objectGUID"))
1107 guid = (GUID *)((*linklist_current)->value);
1108 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1109 guid->Data1, guid->Data2, guid->Data3,
1110 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1111 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1112 guid->Data4[6], guid->Data4[7]);
1113 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1115 else if (!strcmp(Attribute, "objectSid"))
1117 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1119 print_to_screen(" Revision = %d\n", sid->Revision);
1120 print_to_screen(" SID Identifier Authority:\n");
1121 sid_auth = &sid->IdentifierAuthority;
1122 if (sid_auth->Value[0])
1123 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1124 else if (sid_auth->Value[1])
1125 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1126 else if (sid_auth->Value[2])
1127 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1128 else if (sid_auth->Value[3])
1129 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1130 else if (sid_auth->Value[5])
1131 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1133 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1134 subauth_count = GetSidSubAuthorityCount(sid);
1135 print_to_screen(" SidSubAuthorityCount = %d\n",
1137 print_to_screen(" SidSubAuthority:\n");
1138 for (i = 0; i < *subauth_count; i++)
1140 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1141 print_to_screen(" %u\n", *subauth);
1145 else if ((!memcmp(Attribute, "userAccountControl",
1146 strlen("userAccountControl"))) ||
1147 (!memcmp(Attribute, "sAMAccountType",
1148 strlen("sAmAccountType"))))
1150 intValue = atoi(*Ptr);
1151 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1152 if (!memcmp(Attribute, "userAccountControl",
1153 strlen("userAccountControl")))
1155 if (intValue & UF_ACCOUNTDISABLE)
1156 print_to_screen(" %20s : %s\n",
1157 "", "Account disabled");
1159 print_to_screen(" %20s : %s\n",
1160 "", "Account active");
1161 if (intValue & UF_HOMEDIR_REQUIRED)
1162 print_to_screen(" %20s : %s\n",
1163 "", "Home directory required");
1164 if (intValue & UF_LOCKOUT)
1165 print_to_screen(" %20s : %s\n",
1166 "", "Account locked out");
1167 if (intValue & UF_PASSWD_NOTREQD)
1168 print_to_screen(" %20s : %s\n",
1169 "", "No password required");
1170 if (intValue & UF_PASSWD_CANT_CHANGE)
1171 print_to_screen(" %20s : %s\n",
1172 "", "Cannot change password");
1173 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1174 print_to_screen(" %20s : %s\n",
1175 "", "Temp duplicate account");
1176 if (intValue & UF_NORMAL_ACCOUNT)
1177 print_to_screen(" %20s : %s\n",
1178 "", "Normal account");
1179 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1180 print_to_screen(" %20s : %s\n",
1181 "", "Interdomain trust account");
1182 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1183 print_to_screen(" %20s : %s\n",
1184 "", "Workstation trust account");
1185 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1186 print_to_screen(" %20s : %s\n",
1187 "", "Server trust account");
1192 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1194 #endif /*LDAP_DEBUG*/
1196 if (str_value != NULL)
1197 ldap_value_free(str_value);
1198 if (ber_value != NULL)
1199 ldap_value_free_len(ber_value);
1201 (*linklist_current) = linklist_previous;
1205 int moira_connect(void)
1210 if (!mr_connections++)
1213 memset(HostName, '\0', sizeof(HostName));
1214 strcpy(HostName, "ttsp");
1215 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1217 rc = mr_connect(HostName);
1222 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1224 rc = mr_connect(uts.nodename);
1229 rc = mr_auth("winad.incr");
1236 void check_winad(void)
1240 for (i = 0; file_exists(STOP_FILE); i++)
1244 critical_alert("incremental",
1245 "WINAD incremental failed (%s exists): %s",
1246 STOP_FILE, tbl_buf);
1253 int moira_disconnect(void)
1256 if (!--mr_connections)
1263 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1264 char *distinguished_name)
1268 CName = ldap_get_dn(ldap_handle, ldap_entry);
1271 strcpy(distinguished_name, CName);
1272 ldap_memfree(CName);
1275 int linklist_create_entry(char *attribute, char *value,
1276 LK_ENTRY **linklist_entry)
1278 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1279 if (!(*linklist_entry))
1283 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1284 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1285 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1286 strcpy((*linklist_entry)->attribute, attribute);
1287 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1288 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1289 strcpy((*linklist_entry)->value, value);
1290 (*linklist_entry)->length = strlen(value);
1291 (*linklist_entry)->next = NULL;
1295 void print_to_screen(const char *fmt, ...)
1299 va_start(pvar, fmt);
1300 vfprintf(stderr, fmt, pvar);
1305 int get_group_membership(char *group_membership, char *group_ou,
1306 int *security_flag, char **av)
1311 maillist_flag = atoi(av[L_MAILLIST]);
1312 group_flag = atoi(av[L_GROUP]);
1313 if (security_flag != NULL)
1314 (*security_flag) = 0;
1316 if ((maillist_flag) && (group_flag))
1318 if (group_membership != NULL)
1319 group_membership[0] = 'B';
1320 if (security_flag != NULL)
1321 (*security_flag) = 1;
1322 if (group_ou != NULL)
1323 strcpy(group_ou, group_ou_both);
1325 else if ((!maillist_flag) && (group_flag))
1327 if (group_membership != NULL)
1328 group_membership[0] = 'S';
1329 if (security_flag != NULL)
1330 (*security_flag) = 1;
1331 if (group_ou != NULL)
1332 strcpy(group_ou, group_ou_security);
1334 else if ((maillist_flag) && (!group_flag))
1336 if (group_membership != NULL)
1337 group_membership[0] = 'D';
1338 if (group_ou != NULL)
1339 strcpy(group_ou, group_ou_distribution);
1343 if (group_membership != NULL)
1344 group_membership[0] = 'N';
1345 if (group_ou != NULL)
1346 strcpy(group_ou, group_ou_neither);
1351 int get_group_info(int ac, char**av, void *ptr)
1357 if (!atoi(av[L_ACTIVE]))
1361 get_group_membership(GroupType, NULL, NULL, av);
1365 call_args[5] = av[L_NAME];
1366 get_group_membership(call_args[4], call_args[3], NULL, av);
1372 int group_rename(int ac, char **av, void *ptr)
1377 char new_dn_path[512];
1380 char group_membership[2];
1381 char filter_exp[4096];
1382 char *attr_array[3];
1383 char *name_v[] = {NULL, NULL};
1384 char *samAccountName_v[] = {NULL, NULL};
1389 LK_ENTRY *group_base;
1392 char *maillist_flag = NULL;
1393 char *group_flag = NULL;
1397 if (!check_string(call_args[2]))
1399 callback_rc = LDAP_NO_SUCH_OBJECT;
1402 if (!check_string(av[L_NAME]))
1404 critical_alert("AD incremental - list rename",
1405 "invalid LDAP list name %s",
1410 memset(group_ou, 0, sizeof(group_ou));
1411 memset(group_membership, 0, sizeof(group_membership));
1414 maillist_flag = av[L_MAILLIST];
1415 group_flag = av[L_GROUP];
1416 av[L_MAILLIST] = call_args[3];
1417 av[L_GROUP] = call_args[4];
1418 get_group_membership(group_membership, NULL, NULL, av);
1419 av[L_MAILLIST] = maillist_flag;
1420 av[L_GROUP] = group_flag;
1422 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", call_args[2], group_membership[0]);
1423 attr_array[0] = "distinguishedName";
1424 attr_array[1] = NULL;
1425 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1426 &group_base, &group_count)) != 0)
1428 critical_alert("AD incremental - list rename",
1429 "LDAP server unable to get list %s dn : %s",
1430 call_args[2], ldap_err2string(rc));
1433 if (group_count != 1)
1435 critical_alert("AD incremental - list rename",
1436 "LDAP server unable to find list %s in AD.",
1438 callback_rc = LDAP_NO_SUCH_OBJECT;
1441 strcpy(old_dn, group_base->value);
1442 linklist_free(group_base);
1446 get_group_membership(group_membership, group_ou, &security_flag, av);
1447 sprintf(sam_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1448 sprintf(new_dn_path, "%s,%s", group_ou, call_args[1]);
1449 sprintf(new_dn, "cn=%s", av[L_NAME]);
1450 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, new_dn_path,
1451 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1453 critical_alert("AD incremental - list rename",
1454 "Couldn't rename list from %s to %s : %s",
1455 call_args[2], av[L_NAME], ldap_err2string(rc));
1459 name_v[0] = av[L_NAME];
1460 samAccountName_v[0] = sam_name;
1462 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1463 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1465 sprintf(new_dn, "cn=%s,%s,%s", av[L_NAME], group_ou, call_args[1]);
1466 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
1468 critical_alert("AD incremental - list rename",
1469 "After renaming, couldn't modify list data for %s : %s",
1470 av[L_NAME], ldap_err2string(rc));
1472 for (i = 0; i < n; i++)
1477 int group_create(int ac, char **av, void *ptr)
1482 char new_group_name[256];
1483 char sam_group_name[256];
1484 char cn_group_name[256];
1485 char *cn_v[] = {NULL, NULL};
1486 char *objectClass_v[] = {"top", "group", NULL};
1488 char *samAccountName_v[] = {NULL, NULL};
1489 char *managedBy_v[] = {NULL, NULL};
1490 char *altSecurityIdentities_v[] = {NULL, NULL};
1491 char *name_v[] = {NULL, NULL};
1492 char *desc_v[] = {NULL, NULL};
1493 char *info_v[] = {NULL, NULL};
1494 char *groupTypeControl_v[] = {NULL, NULL};
1495 char groupTypeControlStr[80];
1496 char group_membership[1];
1499 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1503 char filter_exp[256];
1504 char *attr_array[3];
1509 if (!atoi(av[L_ACTIVE]))
1511 if (!check_string(av[L_NAME]))
1513 critical_alert("AD incremental - list create",
1514 "invalid LDAP list name %s",
1518 memset(group_ou, 0, sizeof(group_ou));
1519 memset(group_membership, 0, sizeof(group_membership));
1521 get_group_membership(group_membership, group_ou, &security_flag, av);
1522 call_args[3] = strdup(group_ou);
1523 call_args[4] = strdup(group_membership);
1524 call_args[5] = strdup(av[L_NAME]);
1527 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1528 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1529 groupTypeControl_v[0] = groupTypeControlStr;
1531 strcpy(new_group_name, av[L_NAME]);
1532 strcpy(sam_group_name, av[L_NAME]);
1533 strcpy(cn_group_name, av[L_NAME]);
1534 sprintf(&sam_group_name[strlen(sam_group_name)],
1535 "_zZx%c", group_membership[0]);
1537 samAccountName_v[0] = sam_group_name;
1538 name_v[0] = new_group_name;
1539 cn_v[0] = new_group_name;
1541 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1543 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1544 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1545 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1546 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1547 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1548 if (strlen(av[L_DESC]) != 0)
1550 desc_v[0] = av[L_DESC];
1551 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1553 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1554 if (strlen(av[L_ACE_NAME]) != 0)
1556 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1558 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1562 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1564 for (i = 0; i < n; i++)
1566 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1568 critical_alert("AD incremental - list rename",
1569 "Unable to create list %s in AD : %s",
1570 av[L_NAME], ldap_err2string(rc));
1573 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1574 attr_array[0] = "objectSid";
1575 attr_array[1] = NULL;
1577 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1578 sid_ptr, &sid_count)) == LDAP_SUCCESS)
1582 (*sid_ptr)->member = strdup(av[L_NAME]);
1583 (*sid_ptr)->type = (char *)GROUPS;
1584 sid_ptr = &(*sid_ptr)->next;
1590 int group_delete(int ac, char **av, void *ptr)
1592 LK_ENTRY *group_base;
1594 char *attr_array[3];
1595 char filter_exp[1024];
1596 char group_membership[1];
1598 char sam_group_name[256];
1605 if (!check_string(av[L_NAME]))
1607 critical_alert("AD incremental - list delete",
1608 "invalid LDAP list name %s",
1612 memset(group_ou, 0, sizeof(group_ou));
1613 memset(group_membership, 0, sizeof(group_membership));
1615 get_group_membership(group_membership, group_ou, &security_flag, av);
1619 attr_array[0] = "distinguishedName";
1620 attr_array[1] = NULL;
1621 strcpy(sam_group_name, av[L_NAME]);
1622 sprintf(&sam_group_name[strlen(sam_group_name)], "_zZx%c",
1623 group_membership[0]);
1624 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1625 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp,
1626 attr_array, &group_base, &group_count)) != 0)
1628 if (group_count == 1)
1630 if ((rc = ldap_delete_s((LDAP *)call_args[0], group_base->value)) != LDAP_SUCCESS)
1632 critical_alert("AD incremental - list delete",
1633 "Couldn't delete group %s : %s",
1634 av[L_NAME], ldap_err2string(rc));
1639 critical_alert("AD incremental - list delete",
1640 "Unable to find list %s in AD.",
1644 linklist_free(group_base);
1648 int group_ad_delete(LDAP *ldap_handle, char *dn_path, char *group_name)
1650 LK_ENTRY *group_base;
1651 char *attr_array[3];
1652 char filter_exp[1024];
1653 char sam_group_name[256];
1658 if (!check_string(group_name))
1660 critical_alert("AD incremental - list AD delete",
1661 "invalid LDAP list name %s",
1668 attr_array[0] = "distinguishedName";
1669 attr_array[1] = NULL;
1670 strcpy(sam_group_name, group_name);
1671 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1672 sprintf(filter_exp, "(sAMAccountName=%s_zZx*)", sam_group_name);
1673 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1674 &group_base, &group_count) != 0)
1676 if (group_count == 1)
1678 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1680 critical_alert("AD incremental - list AD delete",
1681 "Unable to delete list %s from AD : %s",
1682 group_name, ldap_err2string(rc));
1688 critical_alert("AD incremental - list AD delete",
1689 "Unable to find list %s in AD.",
1693 linklist_free(group_base);
1697 int group_list_build(int ac, char **av, void *ptr)
1704 if (!atoi(av[L_ACTIVE]))
1706 if (!check_string(av[L_NAME]))
1708 linklist = calloc(1, sizeof(LK_ENTRY));
1711 critical_alert("AD incremental", "Out of memory");
1714 memset(linklist, '\0', sizeof(LK_ENTRY));
1716 linklist->dn = NULL;
1717 linklist->list = calloc(1, strlen(av[L_NAME]) + 1);
1718 strcpy(linklist->list, av[L_NAME]);
1719 linklist->type = calloc(1, strlen("USER") + 1);
1720 strcpy(linklist->type, "USER");
1721 linklist->member = calloc(1, strlen(call_args[0]) + 1);
1722 strcpy(linklist->member, call_args[0]);
1723 linklist->next = member_base;
1724 member_base = linklist;
1728 int member_list_build(int ac, char **av, void *ptr)
1736 strcpy(temp, av[ACE_NAME]);
1737 if (!check_string(temp))
1739 if (!strcmp(av[ACE_TYPE], "USER"))
1741 if (!((int)call_args[6] & MOIRA_USERS))
1744 else if (!strcmp(av[ACE_TYPE], "STRING"))
1746 if (!((int)call_args[6] & MOIRA_STRINGS))
1748 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1751 else if (!strcmp(av[ACE_TYPE], "LIST"))
1753 if (!((int)call_args[6] & MOIRA_LISTS))
1756 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
1758 if (!((int)call_args[6] & MOIRA_KERBEROS))
1760 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1766 linklist = member_base;
1769 if (!strcasecmp(temp, linklist->member))
1771 linklist = linklist->next;
1773 linklist = calloc(1, sizeof(LK_ENTRY));
1775 linklist->dn = NULL;
1776 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1777 strcpy(linklist->list, call_args[2]);
1778 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1779 strcpy(linklist->type, av[ACE_TYPE]);
1780 linklist->member = calloc(1, strlen(temp) + 1);
1781 strcpy(linklist->member, temp);
1782 linklist->next = member_base;
1783 member_base = linklist;
1787 int list_list_build(int ac, char **av, void *ptr)
1795 strcpy(temp, av[L_NAME]);
1796 if (!check_string(temp))
1799 linklist = member_base;
1802 if (!strcasecmp(temp, linklist->member))
1804 linklist = linklist->next;
1806 linklist = calloc(1, sizeof(LK_ENTRY));
1808 linklist->dn = NULL;
1809 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1810 strcpy(linklist->list, call_args[2]);
1811 linklist->type = calloc(1, strlen("LIST") + 1);
1812 strcpy(linklist->type, "LIST");
1813 linklist->member = calloc(1, strlen(temp) + 1);
1814 strcpy(linklist->member, temp);
1815 linklist->next = member_base;
1816 member_base = linklist;
1820 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1821 char *group_ou, char *group_membership, char *group_gid)
1823 char distinguished_name[1024];
1825 char filter_exp[4096];
1826 char *attr_array[3];
1832 LK_ENTRY *group_base;
1835 if (!check_string(group_name))
1837 strcpy(temp, group_name);
1838 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1839 attr_array[0] = "distinguishedName";
1840 attr_array[1] = NULL;
1841 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1842 &group_base, &group_count)) != 0)
1844 critical_alert("AD incremental - member remove",
1845 "LDAP server unable to get list %s info : %s",
1846 group_name, ldap_err2string(rc));
1849 if (group_count != 1)
1851 critical_alert("AD incremental - member remove",
1852 "LDAP server unable to find list %s in AD.",
1856 strcpy(distinguished_name, group_base->value);
1857 linklist_free(group_base);
1860 attr_array[0] = "member";
1861 attr_array[1] = NULL;
1862 if ((rc = linklist_build(ldap_handle, distinguished_name, filter_exp, attr_array,
1863 &group_base, &group_count)) != 0)
1865 critical_alert("AD incremental - member remove",
1866 "LDAP server unable to get list %s info : %s",
1867 group_name, ldap_err2string(rc));
1872 if (group_count != 0)
1874 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
1875 &modvalues, REPLACE)) == 1)
1878 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1880 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1881 for (i = 0; i < n; i++)
1883 if (rc != LDAP_SUCCESS)
1885 critical_alert("AD incremental - member remove",
1886 "LDAP server unable to modify list %s members : %s",
1887 group_name, ldap_err2string(rc));
1890 linklist_free(group_base);
1896 free_values(modvalues);
1897 linklist_free(group_base);
1901 #define USER_COUNT 5
1903 int member_list_process(LDAP *ldap_handle, char *dn_path, char *group_name,
1904 char *group_ou, char *group_membership, char *group_gid,
1907 char distinguished_name[1024];
1909 char filter_exp[4096];
1910 char *attr_array[3];
1912 char group_member[256];
1922 LK_ENTRY *group_base;
1939 j = group_count/USER_COUNT;
1942 if (!check_string(group_name))
1944 strcpy(temp, group_name);
1945 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_gid, group_membership[0]);
1946 attr_array[0] = "distinguishedName";
1947 attr_array[1] = NULL;
1948 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1949 &group_base, &group_count)) != 0)
1951 critical_alert("AD incremental - member list process",
1952 "LDAP server unable to get list %s info : %s",
1953 group_name, ldap_err2string(rc));
1956 if (group_count != 1)
1958 critical_alert("AD incremental - member list process",
1959 "LDAP server unable to find list %s in AD.",
1963 strcpy(distinguished_name, group_base->value);
1964 linklist_free(group_base);
1969 for (i = 0; i < j; i++)
1973 memset(filter_exp, 0, sizeof(filter_exp));
1974 strcpy(filter_exp, "(|");
1976 for (k = 0; k < USER_COUNT; k++)
1978 strcpy(group_member, pPtr->member);
1979 if (!check_string(group_member))
1986 if (!strcmp(pPtr->type, "LIST"))
1988 if (!(operation & MOIRA_LISTS))
1990 args[0] = pPtr->member;
1991 rc = mr_query("get_list_info", 1, args, get_group_info, NULL);
1992 sprintf(temp, "(sAMAccountName=%s_zZx%c)", group_member, GroupType[0]);
1994 else if (!strcmp(pPtr->type, "USER"))
1996 if (!(operation & MOIRA_USERS))
1998 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, user_ou, dn_path);
2000 else if (!strcmp(pPtr->type, "STRING"))
2002 if (!(operation & MOIRA_STRINGS))
2004 if ((group_membership[0] != 'B') && (group_membership[0] != 'D'))
2006 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, contact_ou, dn_path);
2010 if (!(operation & MOIRA_KERBEROS))
2012 sprintf(temp, "(distinguishedName=cn=%s,%s,%s)", group_member, kerberos_ou, dn_path);
2014 strcat(filter_exp, temp);
2020 if (filter_count == 0)
2022 strcat(filter_exp, ")");
2023 attr_array[0] = "distinguishedName";
2024 attr_array[1] = NULL;
2027 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2028 &new_list, &new_list_count)) != 0)
2030 critical_alert("AD incremental - member list process",
2031 "LDAP server unable to get list %s members from AD : %s",
2032 group_name, ldap_err2string(rc));
2035 group_count += new_list_count;
2036 if (group_base == NULL)
2037 group_base = new_list;
2043 if (sPtr->next != NULL)
2048 sPtr->next = new_list;
2055 if (group_count != 0)
2057 if ((rc = construct_newvalues(group_base, group_count, NULL, NULL,
2058 &modvalues, REPLACE)) == 1)
2061 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
2063 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods))
2066 mods[0]->mod_op = LDAP_MOD_REPLACE;
2067 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2069 if (rc == LDAP_ALREADY_EXISTS)
2071 for (i = 0; i < n; i++)
2073 linklist_free(group_base);
2076 if (rc != LDAP_SUCCESS)
2078 critical_alert("AD incremental - member list process",
2079 "LDAP server unable to modify list %s members in AD : %s",
2080 group_name, ldap_err2string(rc));
2086 free_values(modvalues);
2087 linklist_free(group_base);
2091 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
2095 char cn_user_name[256];
2096 char contact_name[256];
2097 char *email_v[] = {NULL, NULL};
2098 char *cn_v[] = {NULL, NULL};
2099 char *contact_v[] = {NULL, NULL};
2100 char *objectClass_v[] = {"top", "person",
2101 "organizationalPerson",
2103 char *name_v[] = {NULL, NULL};
2104 char *desc_v[] = {NULL, NULL};
2109 if (!check_string(user))
2111 critical_alert("AD incremental - contact create",
2112 "invalid LDAP name %s",
2116 strcpy(contact_name, user);
2117 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2118 cn_v[0] = cn_user_name;
2119 contact_v[0] = contact_name;
2121 desc_v[0] = "Auto account created by Moira";
2124 strcpy(new_dn, cn_user_name);
2126 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2127 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2128 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2129 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2130 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2131 if (!strcmp(group_ou, contact_ou))
2133 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2137 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2138 for (i = 0; i < n; i++)
2140 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2143 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2144 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2145 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2146 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2147 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2149 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2150 for (i = 0; i < n; i++)
2153 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2155 critical_alert("AD incremental - contact create",
2156 "could not create contact %s : %s",
2157 user, ldap_err2string(rc));
2163 int user_update(int ac, char **av, void *ptr)
2166 LK_ENTRY *group_base;
2168 char distinguished_name[256];
2169 char user_name[256];
2170 char *uid_v[] = {NULL, NULL};
2171 char *mitid_v[] = {NULL, NULL};
2172 char *homedir_v[] = {NULL, NULL};
2173 char *winProfile_v[] = {NULL, NULL};
2174 char *drives_v[] = {NULL, NULL};
2179 char filter_exp[256];
2180 char *attr_array[3];
2184 char winProfile[256];
2188 if (!check_string(av[U_NAME]))
2190 critical_alert("AD incremental - user update",
2191 "invalid LDAP user name %s",
2196 strcpy(user_name, av[U_NAME]);
2199 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2200 attr_array[0] = "cn";
2201 attr_array[1] = NULL;
2202 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2203 &group_base, &group_count)) != 0)
2205 critical_alert("AD incremental - user update",
2206 "LDAP server couldn't process user %s : %s",
2207 user_name, ldap_err2string(rc));
2211 if (group_count != 1)
2213 critical_alert("AD incremental - user update",
2214 "LDAP server unable to find user %s in AD.",
2216 callback_rc = LDAP_NO_SUCH_OBJECT;
2219 strcpy(distinguished_name, group_base->dn);
2222 if (strlen(av[U_UID]) != 0)
2224 uid_v[0] = av[U_UID];
2225 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2226 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2228 if (strlen(av[U_MITID]) != 0)
2230 mitid_v[0] = av[U_MITID];
2231 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2233 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2235 memset(path, 0, sizeof(path));
2236 memset(winPath, 0, sizeof(winPath));
2237 sscanf(hp[0], "%*s %s", path);
2238 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2240 AfsToWinAfs(path, winPath);
2241 homedir_v[0] = winPath;
2242 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2243 strcpy(winProfile, winPath);
2244 strcat(winProfile, "\\.winprofile");
2245 winProfile_v[0] = winProfile;
2246 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2248 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2254 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) != LDAP_SUCCESS)
2256 critical_alert("AD incremental - user update",
2257 "Couldn't modify user data for %s : %s",
2258 user_name, ldap_err2string(rc));
2260 for (i = 0; i < n; i++)
2274 linklist_free(group_base);
2278 int user_rename(int ac, char **av, void *ptr)
2283 char user_name[256];
2286 char *userPrincipalName_v[] = {NULL, NULL};
2287 char *altSecurityIdentities_v[] = {NULL, NULL};
2288 char *name_v[] = {NULL, NULL};
2289 char *samAccountName_v[] = {NULL, NULL};
2290 char *uid_v[] = {NULL, NULL};
2291 char *mitid_v[] = {NULL, NULL};
2299 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2300 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2302 if (!strncmp(av[U_NAME], "#", 1))
2304 if (!check_string(call_args[3]))
2306 callback_rc = LDAP_NO_SUCH_OBJECT;
2309 if (!check_string(av[U_NAME]))
2311 critical_alert("AD incremental - user rename",
2312 "invalid LDAP user name %s",
2317 strcpy(user_name, av[U_NAME]);
2318 sprintf(old_dn, "cn=%s,%s,%s", call_args[3], user_ou, call_args[1]);
2319 sprintf(new_dn, "cn=%s", user_name);
2321 if ((rc = ldap_rename_s((LDAP *)call_args[0], old_dn, new_dn, NULL, TRUE,
2322 NULL, NULL)) != LDAP_SUCCESS)
2324 if (rc == LDAP_NO_SUCH_OBJECT)
2326 callback_rc = LDAP_NO_SUCH_OBJECT;
2329 critical_alert("AD incremental - user rename",
2330 "Couldn't rename user from %s to %s : %s",
2331 call_args[3], user_name, ldap_err2string(rc));
2335 name_v[0] = user_name;
2336 sprintf(upn, "%s@%s", user_name, ldap_domain);
2337 userPrincipalName_v[0] = upn;
2338 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2339 altSecurityIdentities_v[0] = temp;
2340 samAccountName_v[0] = user_name;
2343 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2344 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2345 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2346 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2347 if (strlen(av[U_UID]) != 0)
2349 uid_v[0] = av[U_UID];
2350 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2351 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2353 if (strlen(av[U_MITID]) != 0)
2355 mitid_v[0] = av[U_MITID];
2356 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2359 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2360 if ((rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods)) != LDAP_SUCCESS)
2362 critical_alert("AD incremental - user rename",
2363 "After renaming, couldn't modify user data for %s : %s",
2364 user_name, ldap_err2string(rc));
2366 for (i = 0; i < n; i++)
2371 int filesys_process(int ac, char **av, void *ptr)
2373 char distinguished_name[256];
2375 char winProfile[256];
2377 char filter_exp[256];
2378 char *attr_array[3];
2379 char *homedir_v[] = {NULL, NULL};
2380 char *winProfile_v[] = {NULL, NULL};
2381 char *drives_v[] = {NULL, NULL};
2389 LK_ENTRY *group_base;
2393 if (!check_string(av[FS_NAME]))
2395 critical_alert("AD incremental - user filesys",
2396 "invalid filesys name %s",
2402 if (strcmp(av[FS_TYPE], "AFS"))
2404 critical_alert("AD incremental - user filesys",
2405 "invalid filesys type %s",
2411 strcpy(fs_name, av[FS_NAME]);
2414 sprintf(filter_exp, "(sAMAccountName=%s)", av[FS_NAME]);
2415 attr_array[0] = "cn";
2416 attr_array[1] = NULL;
2417 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2418 &group_base, &group_count)) != 0)
2420 critical_alert("AD incremental - user update",
2421 "LDAP server couldn't process filesys %s : %s",
2422 fs_name, ldap_err2string(rc));
2426 if (group_count != 1)
2428 critical_alert("AD incremental - user update",
2429 "LDAP server unable to find user %s in AD.",
2431 callback_rc = LDAP_NO_SUCH_OBJECT;
2434 strcpy(distinguished_name, group_base->dn);
2436 operation = LDAP_MOD_ADD;
2437 if ((int)call_args[3] == ADFS_DELETE)
2438 operation = LDAP_MOD_DELETE;
2441 if (operation == LDAP_MOD_ADD)
2443 memset(winPath, 0, sizeof(winPath));
2444 AfsToWinAfs(av[FS_PACK], winPath);
2445 homedir_v[0] = winPath;
2447 memset(winProfile, 0, sizeof(winProfile));
2448 strcpy(winProfile, winPath);
2449 strcat(winProfile, "\\.winprofile");
2450 winProfile_v[0] = winProfile;
2454 homedir_v[0] = NULL;
2456 winProfile_v[0] = NULL;
2458 ADD_ATTR("profilePath", winProfile_v, operation);
2459 ADD_ATTR("homeDrive", drives_v, operation);
2460 ADD_ATTR("homeDirectory", homedir_v, operation);
2463 for (i = 1; i < 6; i++)
2465 if ((rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods)) == LDAP_SUCCESS)
2469 if (rc != LDAP_SUCCESS)
2471 critical_alert("AD incremental - filesys update",
2472 "Couldn't modify user data for filesys %s : %s",
2473 fs_name, ldap_err2string(rc));
2475 for (i = 0; i < n; i++)
2482 int user_create(int ac, char **av, void *ptr)
2486 char user_name[256];
2488 char *cn_v[] = {NULL, NULL};
2489 char *objectClass_v[] = {"top", "person",
2490 "organizationalPerson",
2493 char *samAccountName_v[] = {NULL, NULL};
2494 char *altSecurityIdentities_v[] = {NULL, NULL};
2495 char *name_v[] = {NULL, NULL};
2496 char *desc_v[] = {NULL, NULL};
2498 char *userPrincipalName_v[] = {NULL, NULL};
2499 char *userAccountControl_v[] = {NULL, NULL};
2500 char *uid_v[] = {NULL, NULL};
2501 char *mitid_v[] = {NULL, NULL};
2502 char userAccountControlStr[80];
2504 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2509 char filter_exp[256];
2510 char *attr_array[3];
2515 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2516 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2518 if (!strncmp(av[U_NAME], "#", 1))
2520 if (!check_string(av[U_NAME]))
2522 critical_alert("AD incremental - user create",
2523 "invalid LDAP user name %s",
2528 strcpy(user_name, av[U_NAME]);
2529 sprintf(upn, "%s@%s", user_name, ldap_domain);
2530 sprintf(sam_name, "%s", av[U_NAME]);
2531 samAccountName_v[0] = sam_name;
2532 if (atoi(av[U_STATE]) == US_DELETED)
2533 userAccountControl |= UF_ACCOUNTDISABLE;
2534 sprintf(userAccountControlStr, "%ld", userAccountControl);
2535 userAccountControl_v[0] = userAccountControlStr;
2536 userPrincipalName_v[0] = upn;
2538 cn_v[0] = user_name;
2539 name_v[0] = user_name;
2540 desc_v[0] = "Auto account created by Moira";
2541 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2542 altSecurityIdentities_v[0] = temp;
2543 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2546 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2547 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2548 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2549 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2550 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2551 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2552 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2553 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2554 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2555 if (strlen(av[U_UID]) != 0)
2557 uid_v[0] = av[U_UID];
2558 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2559 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2561 if (strlen(av[U_MITID]) != 0)
2562 mitid_v[0] = av[U_MITID];
2564 mitid_v[0] = "none";
2565 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2568 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2569 for (i = 0; i < n; i++)
2571 if (rc == LDAP_ALREADY_EXISTS)
2573 rc = user_change_status(ac, av, ptr);
2576 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2578 critical_alert("AD incremental - user create",
2579 "could not create user %s : %s",
2580 user_name, ldap_err2string(rc));
2583 if (rc == LDAP_SUCCESS)
2585 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2587 critical_alert("AD incremental - user create",
2588 "Couldn't set password for user %s : %ld",
2592 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2593 attr_array[0] = "objectSid";
2594 attr_array[1] = NULL;
2596 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2597 sid_ptr, &sid_count)) == LDAP_SUCCESS)
2601 (*sid_ptr)->member = strdup(av[U_NAME]);
2602 (*sid_ptr)->type = (char *)USERS;
2603 sid_ptr = &(*sid_ptr)->next;
2609 int user_change_status(int ac, char **av, void *ptr)
2611 char filter_exp[1024];
2612 char *attr_array[3];
2614 char distinguished_name[1024];
2615 char user_name[512];
2618 LK_ENTRY *group_base;
2629 if (!check_string(av[U_NAME]))
2631 critical_alert("AD incremental - user change status",
2632 "invalid LDAP user name %s",
2636 strcpy(user_name, av[U_NAME]);
2637 operation = (int)call_args[2];
2640 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2641 attr_array[0] = "UserAccountControl";
2642 attr_array[1] = NULL;
2643 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2644 &group_base, &group_count)) != 0)
2646 critical_alert("AD incremental - user change status",
2647 "LDAP server couldn't process user %s : %s",
2648 user_name, ldap_err2string(rc));
2652 if (group_count != 1)
2654 critical_alert("AD incremental - user change status",
2655 "LDAP server unable to find user %s in AD.",
2660 strcpy(distinguished_name, group_base->dn);
2661 ulongValue = atoi((*group_base).value);
2662 if (operation == MEMBER_DEACTIVATE)
2663 ulongValue |= UF_ACCOUNTDISABLE;
2665 ulongValue &= ~UF_ACCOUNTDISABLE;
2666 sprintf(temp, "%ld", ulongValue);
2667 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2668 temp, &modvalues, REPLACE)) == 1)
2670 linklist_free(group_base);
2674 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2676 rc = ldap_modify_s((LDAP *)call_args[0], distinguished_name, mods);
2677 for (i = 0; i < n; i++)
2679 free_values(modvalues);
2680 if (rc != LDAP_SUCCESS)
2682 critical_alert("AD incremental - user change status",
2683 "LDAP server could not change status of user %s : %s",
2684 user_name, ldap_err2string(rc));
2687 linklist_free(group_base);
2691 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2693 char filter_exp[1024];
2694 char *attr_array[3];
2695 char distinguished_name[1024];
2696 char user_name[512];
2697 LK_ENTRY *group_base;
2701 if (!check_string(u_name))
2703 strcpy(user_name, u_name);
2706 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2707 attr_array[0] = "name";
2708 attr_array[1] = NULL;
2709 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2710 &group_base, &group_count)) != 0)
2712 critical_alert("AD incremental",
2713 "LDAP server couldn't process user %s : %s",
2714 user_name, ldap_err2string(rc));
2718 if (group_count != 1)
2720 critical_alert("AD incremental - user change status",
2721 "LDAP server unable to find user %s in AD.",
2726 strcpy(distinguished_name, group_base->dn);
2727 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2729 critical_alert("AD incremental",
2730 "LDAP server couldn't process user %s : %s",
2731 user_name, ldap_err2string(rc));
2735 linklist_free(group_base);
2739 void linklist_free(LK_ENTRY *linklist_base)
2741 LK_ENTRY *linklist_previous;
2743 while (linklist_base != NULL)
2745 if (linklist_base->dn != NULL)
2746 free(linklist_base->dn);
2747 if (linklist_base->attribute != NULL)
2748 free(linklist_base->attribute);
2749 if (linklist_base->value != NULL)
2750 free(linklist_base->value);
2751 if (linklist_base->member != NULL)
2752 free(linklist_base->member);
2753 if (linklist_base->type != NULL)
2754 free(linklist_base->type);
2755 if (linklist_base->list != NULL)
2756 free(linklist_base->list);
2757 linklist_previous = linklist_base;
2758 linklist_base = linklist_previous->next;
2759 free(linklist_previous);
2763 void free_values(char **modvalues)
2768 if (modvalues != NULL)
2770 while (modvalues[i] != NULL)
2773 modvalues[i] = NULL;
2780 int sid_update(LDAP *ldap_handle, char *dn_path)
2784 unsigned char temp[126];
2791 memset(temp, 0, sizeof(temp));
2792 convert_b_to_a(temp, ptr->value, ptr->length);
2793 av[0] = ptr->member;
2795 if (ptr->type == (char *)GROUPS)
2798 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2800 else if (ptr->type == (char *)USERS)
2803 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2810 void convert_b_to_a(char *string, UCHAR *binary, int length)
2817 for (i = 0; i < length; i++)
2824 if (string[j] > '9')
2827 string[j] = tmp & 0x0f;
2829 if (string[j] > '9')
2836 static int illegalchars[] = {
2837 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2838 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2839 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2840 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2841 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2842 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2843 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2844 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2845 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2846 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2847 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2848 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2849 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2850 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2851 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2852 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2855 int check_string(char *s)
2862 if (isupper(character))
2863 character = tolower(character);
2864 if (illegalchars[(unsigned) character])
2870 int mr_connect_cl(char *server, char *client, int version, int auth)
2876 status = mr_connect(server);
2879 com_err(whoami, status, "while connecting to Moira");
2883 status = mr_motd(&motd);
2887 com_err(whoami, status, "while checking server status");
2892 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2893 com_err(whoami, status, temp);
2898 status = mr_version(version);
2901 if (status == MR_UNKNOWN_PROC)
2904 status = MR_VERSION_HIGH;
2906 status = MR_SUCCESS;
2909 if (status == MR_VERSION_HIGH)
2911 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2912 com_err(whoami, 0, "Some operations may not work.");
2914 else if (status && status != MR_VERSION_LOW)
2916 com_err(whoami, status, "while setting query version number.");
2924 status = mr_auth(client);
2927 com_err(whoami, status, "while authenticating to Moira.");
2936 void expand_groups(LDAP *ldap_handle, char *dn_path, char *group_name)
2938 LK_ENTRY *group_base = NULL;
2939 LK_ENTRY *ptr = NULL;
2948 call_args[0] = (char *)ldap_handle;
2949 call_args[1] = dn_path;
2950 call_args[2] = group_name;
2951 call_args[3] = NULL;
2953 linklist_free(member_base);
2955 linklist_free(sid_base);
2957 if (mr_query("get_lists_of_member", 2, av, list_list_build, call_args) == MR_NO_MATCH)
2959 if (member_base == NULL)
2963 group_base = member_base;
2976 av[1] = ptr->member;
2977 call_args[0] = (char *)ldap_handle;
2978 call_args[1] = dn_path;
2979 call_args[2] = ptr->member;
2980 call_args[3] = NULL;
2981 mr_query("get_lists_of_member", 2, av, list_list_build, call_args);
2991 if (before_count == after_count)
2995 group_base = member_base;
3002 sid_ptr = &sid_base;
3003 av[0] = ptr->member;
3005 call_args[0] = (char *)ldap_handle;
3006 call_args[1] = dn_path;
3007 call_args[2] = ptr->member;
3008 call_args[3] = NULL;
3009 call_args[4] = NULL;
3010 call_args[5] = NULL;
3011 call_args[6] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3012 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
3014 linklist_free(member_base);
3015 linklist_free(sid_base);
3021 if ((call_args[3] == NULL) || (call_args[4] == NULL) || (call_args[5] == NULL))
3023 linklist_free(member_base);
3024 linklist_free(sid_base);
3030 if (sid_base != NULL)
3032 sid_update(ldap_handle, dn_path);
3033 linklist_free(sid_base);
3038 if (!(rc = mr_query("get_end_members_of_list", 1, av, member_list_build,
3041 if (member_base == NULL)
3043 member_remove(ldap_handle, dn_path, ptr->member,
3044 call_args[3], call_args[4], call_args[5]);
3048 rc = member_list_process(ldap_handle, dn_path, ptr->member,
3049 call_args[3], call_args[4], call_args[5],
3050 MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
3053 linklist_free(member_base);
3055 if (call_args[3] != NULL)
3057 if (call_args[4] != NULL)
3059 call_args[3] = NULL;
3060 call_args[4] = NULL;
3061 call_args[5] = NULL;
3062 call_args[6] = NULL;
3065 linklist_free(group_base);
3070 void AfsToWinAfs(char* path, char* winPath)
3074 strcpy(winPath, WINAFS);
3075 pathPtr = path + strlen(AFS);
3076 winPathPtr = winPath + strlen(WINAFS);
3080 if (*pathPtr == '/')
3083 *winPathPtr = *pathPtr;
andersk / moira.git / blob