2 /* test parameters for creating a user account - done
3 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 0 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
4 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
5 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
7 * test parameters for deactivating/deleting a user account - done
8 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
9 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF a_chen 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF
10 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
11 * comment: clearid is the MIT ID
13 * test parameters for reactivating a user account - done
14 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 3 950000000 STAFF testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
15 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
17 * test parameters for updating user account info - done
18 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc 31275 sh cmd newLastname Firstname Middlename 2 950000000 STAFF
19 * users 10 10 6_d0006 950 sh cmd Lastname Firstname Middlename 1 900012345 STAFF 6_d0006 950 sh cmd Lastname Firstname Middlename 1 950012345 STAFF
20 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
21 * currently, if the unix_id doesn't change, only the U_UID or U_MITID fields will be updated
23 * test parameters for changing user name - testing
24 * users 10 10 a_chen 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 2 950000000 STAFF
25 * users 10 10 testacc 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF testacc1 31275 sh cmd Lastname Firstname Middlename 1 950000000 STAFF
26 * login, unix_uid, shell, winconsoleshell, last, first, middle, status, clearid, type
28 * test parameters for add member to group/list - done
29 * imembers 0 10 pismere-team USER dtanner 1 1 0 1 1 -1 1
30 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
32 * test parameters for remove member from group/list - done
33 * imembers 10 0 pismere-team USER dtanner 1 1 0 1 1 -1 1
34 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist, gid
36 * test parameters for creating and/or populating a group/list - done
37 * list 0 10 pismere-team 1 1 0 1 0 -1 USER 95260 description
38 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
40 * test parameters for deleting a group/list - done
41 * list 10 0 pismere-team 1 1 0 1 0 -1 USER 95260 description
42 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
44 * test parameters for renaming a group/list - done
45 * list 10 10 adtestlist 1 1 0 1 0 -1 USER 95260 description pismere-team 1 1 0 1 1 -1 USER 95260 description
46 * list 10 10 pismere-team 1 1 0 1 1 -1 USER 95260 description adtestlist1 1 1 0 1 0 -1 USER 95260 description
47 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type, acl_id, description
49 * test parameters for adding a file system - done
50 * filesys 0 11 addusr5 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr5 /mit/addusr5 w UserLocker addusr5 wheel 1 HOMEDIR
52 * test parameters for deleting a file system - done
53 * filesys 11 0 addusr8 AFS ATHENA.MIT.EDU /afs/athena.mit.edu/user/a/d/addusr8 /mit/addusr8 w none dtanner wheel 1 HOMEDIR
55 #include <mit-copyright.h>
67 #include <moira_site.h>
77 #define ECONNABORTED WSAECONNABORTED
80 #define ECONNREFUSED WSAECONNREFUSED
83 #define EHOSTUNREACH WSAEHOSTUNREACH
85 #define krb5_xfree free
87 #define sleep(A) Sleep(A * 1000);
91 #include <sys/types.h>
92 #include <netinet/in.h>
93 #include <arpa/nameser.h>
95 #include <sys/utsname.h>
98 #define WINADCFG "/moira/winad/winad.cfg"
99 #define strnicmp(A,B,C) strncasecmp(A,B,C)
100 #define UCHAR unsigned char
102 #define UF_SCRIPT 0x0001
103 #define UF_ACCOUNTDISABLE 0x0002
104 #define UF_HOMEDIR_REQUIRED 0x0008
105 #define UF_LOCKOUT 0x0010
106 #define UF_PASSWD_NOTREQD 0x0020
107 #define UF_PASSWD_CANT_CHANGE 0x0040
108 #define UF_DONT_EXPIRE_PASSWD 0x10000
110 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
111 #define UF_NORMAL_ACCOUNT 0x0200
112 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
113 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
114 #define UF_SERVER_TRUST_ACCOUNT 0x2000
117 #define BYTE unsigned char
119 typedef unsigned int DWORD;
120 typedef unsigned long ULONG;
125 unsigned short Data2;
126 unsigned short Data3;
127 unsigned char Data4[8];
130 typedef struct _SID_IDENTIFIER_AUTHORITY {
132 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
134 typedef struct _SID {
136 BYTE SubAuthorityCount;
137 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
138 DWORD SubAuthority[512];
143 #define WINADCFG "winad.cfg"
147 #define WINAFS "\\\\afs\\all\\"
149 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
150 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
151 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
152 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
153 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
155 #define QUERY_VERSION -1
156 #define PRIMARY_REALM "ATHENA.MIT.EDU"
165 #define MEMBER_REMOVE 2
166 #define MEMBER_CHANGE_NAME 3
167 #define MEMBER_ACTIVATE 4
168 #define MEMBER_DEACTIVATE 5
169 #define MEMBER_CREATE 6
171 #define MOIRA_ALL 0x0
172 #define MOIRA_USERS 0x1
173 #define MOIRA_KERBEROS 0x2
174 #define MOIRA_STRINGS 0x4
175 #define MOIRA_LISTS 0x8
177 typedef struct lk_entry {
187 struct lk_entry *next;
190 #define STOP_FILE "/moira/winad/nowinad"
191 #define file_exists(file) (access((file), F_OK) == 0)
193 #define LDAP_BERVAL struct berval
194 #define MAX_SERVER_NAMES 32
196 #define ADD_ATTR(t, v, o) \
197 mods[n] = malloc(sizeof(LDAPMod)); \
198 mods[n]->mod_op = o; \
199 mods[n]->mod_type = t; \
200 mods[n++]->mod_values = v
202 LK_ENTRY *member_base = NULL;
203 LK_ENTRY *sid_base = NULL;
204 LK_ENTRY **sid_ptr = NULL;
205 static char tbl_buf[1024];
206 char kerberos_ou[] = "OU=kerberos, OU=moira";
207 char contact_ou[] = "OU=strings, OU=moira";
208 char user_ou[] = "OU=users, OU=moira";
209 char group_ou_distribution[] = "OU=mail, OU=lists, OU=moira";
210 char group_ou_root[] = "OU=lists, OU=moira";
211 char group_ou_security[] = "OU=group, OU=lists, OU=moira";
212 char group_ou_neither[] = "OU=special, OU=lists, OU=moira";
213 char group_ou_both[] = "OU=mail, OU=group, OU=lists, OU=moira";
215 char ldap_domain[256];
216 int mr_connections = 0;
218 int UserReactivate = 0;
219 char default_server[256];
220 static char tbl_buf[1024];
222 extern int set_password(char *user, char *password, char *domain);
224 void AfsToWinAfs(char* path, char* winPath);
225 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
226 char *Win2kPassword, char *Win2kUser, char *default_server,
228 void ad_kdc_disconnect();
229 void check_winad(void);
230 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
231 char *fs_type, char *fs_pack, int operation);
232 int get_group_membership(char *group_membership, char *group_ou,
233 int *security_flag, char **av);
234 int process_lists(int ac, char **av, void *ptr);
235 int user_create(int ac, char **av, void *ptr);
236 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation);
237 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name);
238 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
239 char *user_name, char *Uid, char *MitId, int State);
240 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
241 char *uid, char *MitId);
242 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
243 int group_create(int ac, char **av, void *ptr);
244 int group_delete(LDAP *ldap_handle, char *dn_path,
245 char *group_name, char *group_membership);
246 int group_rename(LDAP *ldap_handle, char *dn_path,
247 char *before_group_name, char *before_group_membership,
248 char *before_group_ou, int before_security_flag, char *before_desc,
249 char *after_group_name, char *after_group_membership,
250 char *after_group_ou, int after_security_flag, char *after_desc);
251 int member_list_build(int ac, char **av, void *ptr);
252 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
253 char *group_ou, char *group_membership,
254 char *user_name, char *pUserOu);
255 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
256 char *group_ou, char *group_membership, char *user_name,
258 int sid_update(LDAP *ldap_handle, char *dn_path);
259 int check_string(char *s);
260 void convert_b_to_a(char *string, UCHAR *binary, int length);
261 int mr_connect_cl(char *server, char *client, int version, int auth);
263 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
264 char **before, int beforec, char **after, int afterc);
265 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
266 char **before, int beforec, char **after, int afterc);
267 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
268 char **before, int beforec, char **after, int afterc);
269 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
270 char **before, int beforec, char **after, int afterc);
271 int linklist_create_entry(char *attribute, char *value,
272 LK_ENTRY **linklist_entry);
273 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
274 char **attr_array, LK_ENTRY **linklist_base,
275 int *linklist_count);
276 void linklist_free(LK_ENTRY *linklist_base);
278 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
279 char *distinguished_name, LK_ENTRY **linklist_current);
280 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
281 LK_ENTRY **linklist_base, int *linklist_count);
282 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
283 char *Attribute, char *distinguished_name,
284 LK_ENTRY **linklist_current);
286 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
287 char *oldValue, char *newValue,
288 char ***modvalues, int type);
289 void free_values(char **modvalues);
291 int convert_domain_to_dn(char *domain, char **bind_path);
292 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
293 char *distinguished_name);
294 int moira_disconnect(void);
295 int moira_connect(void);
296 void print_to_screen(const char *fmt, ...);
298 int main(int argc, char **argv)
311 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
315 com_err(whoami, 0, "%s", "argc < 4");
318 beforec = atoi(argv[2]);
319 afterc = atoi(argv[3]);
321 if (argc < (4 + beforec + afterc))
323 com_err(whoami, 0, "%s", "argc < (4 + breforec + afterc)");
329 after = &argv[4 + beforec];
331 for (i = 1; i < argc; i++)
333 strcat(tbl_buf, argv[i]);
334 strcat(tbl_buf, " ");
336 com_err(whoami, 0, "%s", tbl_buf);
340 memset(ldap_domain, '\0', sizeof(ldap_domain));
341 if ((fptr = fopen(WINADCFG, "r")) != NULL)
343 fread(ldap_domain, sizeof(char), sizeof(ldap_domain), fptr);
346 if (strlen(ldap_domain) == 0)
347 strcpy(ldap_domain, "win.mit.edu");
348 initialize_sms_error_table();
349 initialize_krb_error_table();
351 memset(default_server, '\0', sizeof(default_server));
352 memset(dn_path, '\0', sizeof(dn_path));
353 if (ad_connect(&ldap_handle, ldap_domain, dn_path, "", "", default_server, 1))
355 com_err(whoami, 0, "cannot connect to any server in domain %s", ldap_domain);
359 for (i = 0; i < (int)strlen(table); i++)
360 table[i] = tolower(table[i]);
361 if (!strcmp(table, "users"))
362 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
364 else if (!strcmp(table, "list"))
365 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
367 else if (!strcmp(table, "imembers"))
368 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
370 else if (!strcmp(table, "filesys"))
371 do_filesys(ldap_handle, dn_path, ldap_domain, before, beforec, after,
374 else if (!strcmp(table, "quota"))
375 do_quota(before, beforec, after, afterc);
379 rc = ldap_unbind_s(ldap_handle);
383 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
384 char **before, int beforec, char **after, int afterc)
397 if (afterc < FS_CREATE)
401 atype = !strcmp(after[FS_TYPE], "AFS");
402 acreate = atoi(after[FS_CREATE]);
405 if (beforec < FS_CREATE)
407 if (acreate == 0 || atype == 0)
409 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
413 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
414 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
416 if (rc != LDAP_SUCCESS)
417 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
424 if (rc = moira_connect())
426 critical_alert("AD incremental",
427 "Error contacting Moira server : %s",
431 av[0] = after[FS_NAME];
432 call_args[0] = (char *)ldap_handle;
433 call_args[1] = dn_path;
434 call_args[2] = (char *)MEMBER_ACTIVATE;
439 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
443 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
449 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
452 if (sid_base != NULL)
454 sid_update(ldap_handle, dn_path);
455 linklist_free(sid_base);
463 btype = !strcmp(before[FS_TYPE], "AFS");
464 bcreate = atoi(before[FS_CREATE]);
465 if (afterc < FS_CREATE)
467 if (btype && bcreate)
469 if (rc = filesys_process(ldap_handle, dn_path, before[FS_NAME],
470 before[FS_TYPE], before[FS_PACK], LDAP_MOD_DELETE))
472 com_err(whoami, 0, "Couldn't delete filesys %s", before[FS_NAME]);
481 if (!atype && !btype)
483 if (strcmp(before[FS_TYPE], "ERR") || strcmp(after[FS_TYPE], "ERR"))
485 com_err(whoami, 0, "Filesystem %s or %s is not AFS",
486 before[FS_NAME], after[FS_NAME]);
490 com_err(whoami, 0, "Processing filesys %s", after[FS_NAME]);
494 if ((rc = filesys_process(ldap_handle, dn_path, after[FS_NAME],
495 after[FS_TYPE], after[FS_PACK], LDAP_MOD_ADD)) != LDAP_NO_SUCH_OBJECT)
497 if (rc != LDAP_SUCCESS)
498 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
505 if (rc = moira_connect())
507 critical_alert("AD incremental",
508 "Error contacting Moira server : %s",
512 av[0] = after[FS_NAME];
513 call_args[0] = (char *)ldap_handle;
514 call_args[1] = dn_path;
515 call_args[2] = (char *)MEMBER_ACTIVATE;
520 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
524 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
530 com_err(whoami, 0, "Couldn't process filesys %s", after[FS_NAME]);
533 if (sid_base != NULL)
535 sid_update(ldap_handle, dn_path);
536 linklist_free(sid_base);
545 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
546 char **before, int beforec, char **after, int afterc)
563 char group_membership[1];
566 char before_group_membership[1];
567 int before_security_flag;
568 char before_group_ou[256];
570 LK_ENTRY *ptr = NULL;
572 if (beforec == 0 && afterc == 0)
575 astatus = bstatus = 0;
577 apublic = bpublic = 0;
578 amaillist = bmaillist = 0;
582 if (beforec > L_GID && atoi(before[L_ACTIVE]))
584 bgid = atoi(before[L_GID]);
585 bstatus = atoi(before[L_ACTIVE]);
586 bhide = atoi(before[L_HIDDEN]);
587 bpublic = atoi(before[L_PUBLIC]);
588 bmaillist = atoi(before[L_MAILLIST]);
589 bgroup = atoi(before[L_GROUP]);
590 before_security_flag = 0;
591 memset(before_group_ou, '\0', sizeof(before_group_ou));
592 memset(before_group_membership, '\0', sizeof(before_group_membership));
593 get_group_membership(before_group_membership, before_group_ou, &before_security_flag, before);
595 if (afterc > L_GID && atoi(after[L_ACTIVE]))
597 agid = atoi(after[L_GID]);
598 astatus = atoi(after[L_ACTIVE]);
599 ahide = atoi(after[L_HIDDEN]);
600 apublic = atoi(after[L_PUBLIC]);
601 amaillist = atoi(after[L_MAILLIST]);
602 agroup = atoi(after[L_GROUP]);
604 memset(group_ou, '\0', sizeof(group_ou));
605 memset(group_membership, '\0', sizeof(group_membership));
606 get_group_membership(group_membership, group_ou, &security_flag, after);
608 if (agid == 0 && bgid == 0)
613 if ((strcmp(after[L_NAME], before[L_NAME])) ||
614 ((!strcmp(after[L_NAME], before[L_NAME])) &&
615 (strcmp(before_group_ou, group_ou))))
617 if (astatus && bstatus)
619 com_err(whoami, 0, "Changing list name from %s to %s",
620 before[L_NAME], after[L_NAME]);
621 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0) ||
622 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
624 com_err(whoami, 0, "%s", "couldn't find the group OU's");
627 if ((rc = group_rename(ldap_handle, dn_path,
628 before[L_NAME], before_group_membership,
629 before_group_ou, before_security_flag, before[9],
630 after[L_NAME], group_membership,
631 group_ou, security_flag, after[9])) != LDAP_NO_SUCH_OBJECT)
633 if (rc != LDAP_SUCCESS)
634 com_err(whoami, 0, "Could not change list name from %s to %s",
650 if ((strlen(before_group_ou) == 0) || (strlen(before_group_membership) == 0))
652 com_err(whoami, 0, "couldn't find the group OU for group %s", before[L_NAME]);
655 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
656 rc = group_delete(ldap_handle, dn_path, before[L_NAME], before_group_membership);
661 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
663 if (rc = moira_connect())
665 critical_alert("AD incremental",
666 "Error contacting Moira server : %s",
671 av[0] = after[L_NAME];
672 call_args[0] = (char *)ldap_handle;
673 call_args[1] = dn_path;
674 call_args[2] = after[L_NAME];
675 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
680 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
683 com_err(whoami, 0, "Couldn't create list %s : %s", after[L_NAME], error_message(rc));
689 com_err(whoami, 0, "Couldn't create list %s", after[L_NAME]);
693 if (sid_base != NULL)
695 sid_update(ldap_handle, dn_path);
696 linklist_free(sid_base);
701 com_err(whoami, 0, "Populating group %s", after[L_NAME]);
702 av[0] = after[L_NAME];
703 call_args[0] = (char *)ldap_handle;
704 call_args[1] = dn_path;
705 call_args[2] = after[L_NAME];
706 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
709 if (rc = mr_query("get_end_members_of_list", 1, av,
710 member_list_build, call_args))
713 com_err(whoami, 0, "Couldn't populate list %s : %s",
714 after[L_NAME], error_message(rc));
717 if (member_base != NULL)
722 if (!strcasecmp(ptr->type, "LIST"))
728 if (!strcasecmp(ptr->type, "STRING"))
730 if (contact_create(ldap_handle, dn_path, ptr->member, contact_ou))
732 pUserOu = contact_ou;
734 else if (!strcasecmp(ptr->type, "KERBEROS"))
736 if (contact_create(ldap_handle, dn_path, ptr->member, kerberos_ou))
738 pUserOu = kerberos_ou;
740 rc = member_add(ldap_handle, dn_path, after[L_NAME],
741 group_ou, group_membership, ptr->member, pUserOu);
744 linklist_free(member_base);
753 #define LM_EXTRA_ACTIVE (LM_END)
754 #define LM_EXTRA_PUBLIC (LM_END+1)
755 #define LM_EXTRA_HIDDEN (LM_END+2)
756 #define LM_EXTRA_MAILLIST (LM_END+3)
757 #define LM_EXTRA_GROUP (LM_END+4)
758 #define LM_EXTRA_GID (LM_END+5)
759 #define LM_EXTRA_END (LM_END+6)
761 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
762 char **before, int beforec, char **after, int afterc)
764 char group_name[128];
768 char group_membership[1];
779 if (afterc < LM_EXTRA_END)
781 if (!atoi(after[LM_EXTRA_ACTIVE]))
784 strcpy(user_name, after[LM_MEMBER]);
785 strcpy(group_name, after[LM_LIST]);
786 strcpy(user_type, after[LM_TYPE]);
791 if (beforec < LM_EXTRA_END)
793 if (!atoi(before[LM_EXTRA_ACTIVE]))
796 strcpy(user_name, before[LM_MEMBER]);
797 strcpy(group_name, before[LM_LIST]);
798 strcpy(user_type, before[LM_TYPE]);
804 args[L_NAME] = ptr[LM_LIST];
805 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
806 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
807 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
808 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
809 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
810 args[L_GID] = ptr[LM_EXTRA_GID];
813 memset(group_ou, '\0', sizeof(group_ou));
814 get_group_membership(group_membership, group_ou, &security_flag, args);
815 if (strlen(group_ou) == 0)
817 com_err(whoami, 0, "couldn't find the group OU for group %s", group_name);
824 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
827 com_err(whoami, 0, "Removing user %s from list %s", user_name, group_name);
829 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
831 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
833 pUserOu = contact_ou;
835 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
837 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
839 pUserOu = kerberos_ou;
841 rc = member_remove(ldap_handle, dn_path, group_name,
842 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
846 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
849 com_err(whoami, 0, "Adding user %s to list %s", user_name, group_name);
851 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
853 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], contact_ou))
855 pUserOu = contact_ou;
857 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
859 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER], kerberos_ou))
861 pUserOu = kerberos_ou;
863 rc = member_add(ldap_handle, dn_path, group_name,
864 group_ou, group_membership, ptr[LM_MEMBER], pUserOu);
869 com_err(whoami, 0, "Couldn't add %s to group %s", user_name, group_name);
871 com_err(whoami, 0, "Couldn't remove %s to group %s", user_name, group_name);
877 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
878 char **before, int beforec, char **after,
887 if ((beforec == 0) && (afterc == 0))
892 if (afterc > U_STATE)
893 astate = atoi(after[U_STATE]);
894 if (beforec > U_STATE)
895 bstate = atoi(before[U_STATE]);
902 if ((bstate == 0) && (astate == 0))
905 if (astate == bstate)
907 if (!strcmp(before[U_NAME], after[U_NAME]))
909 com_err(whoami, 0, "Updating user %s info", before[U_NAME]);
910 rc = user_update(ldap_handle, dn_path, before[U_NAME],
911 before[U_UID], before[U_MITID]);
916 com_err(whoami, 0, "Changing user %s to %s", before[U_NAME],
918 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
919 after[U_NAME], after[U_UID], after[U_MITID],
920 atoi(after[U_STATE]))) != LDAP_NO_SUCH_OBJECT)
922 if (rc != LDAP_SUCCESS)
924 com_err(whoami, 0, "Could not change user %s to %s : %s",
926 after[U_NAME], error_message(rc));
936 com_err(whoami, 0, "Deactivate user %s in the AD", before[U_NAME]);
938 if ((rc = user_change_status(ldap_handle, dn_path, before[U_NAME],
939 MEMBER_DEACTIVATE)) != LDAP_SUCCESS)
941 com_err(whoami, 0, "Couldn't deactivate user %s in the AD", before[U_NAME]);
948 if (rc = moira_connect())
950 critical_alert("AD incremental",
951 "Error connection to Moira : %s",
955 com_err(whoami, 0, "Creating/Reactivating user %s", after[U_NAME]);
957 av[0] = after[U_NAME];
958 call_args[0] = (char *)ldap_handle;
959 call_args[1] = dn_path;
960 call_args[2] = (char *)MEMBER_ACTIVATE;
966 if (rc = mr_query("get_user_account_by_login", 1, av, user_create,
970 com_err(whoami, 0, "Couldn't create/activate user %s : %s",
971 after[U_NAME], error_message(rc));
977 com_err(whoami, 0, "Couldn't create/activate user %s", after[U_NAME]);
981 if (sid_base != NULL)
983 sid_update(ldap_handle, dn_path);
984 linklist_free(sid_base);
989 av[1] = after[U_NAME];
990 call_args[0] = (char *)ldap_handle;
991 call_args[1] = dn_path;
992 call_args[2] = after[U_NAME];
993 call_args[3] = user_ou;
994 rc = mr_query("get_lists_of_member", 2, av, process_lists,
996 if (rc && rc != MR_NO_MATCH)
998 com_err(whoami, 0, "Couldn't retrieve membership of user %s: %s",
999 after[U_NAME], error_message(rc));
1008 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1009 char *oldValue, char *newValue,
1010 char ***modvalues, int type)
1012 LK_ENTRY *linklist_ptr;
1016 if (((*modvalues) = calloc(1, (modvalue_count + 1) * sizeof(char *)))
1021 for (i = 0; i < (modvalue_count + 1); i++)
1022 (*modvalues)[i] = NULL;
1023 if (modvalue_count != 0)
1025 linklist_ptr = linklist_base;
1026 for (i = 0; i < modvalue_count; i++)
1028 if ((oldValue != NULL) && (newValue != NULL))
1030 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1033 if (type == REPLACE)
1035 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1038 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1039 strcpy((*modvalues)[i], newValue);
1043 if (((*modvalues)[i] = calloc(1,
1044 (int)(cPtr - linklist_ptr->value) +
1045 (linklist_ptr->length - strlen(oldValue)) +
1046 strlen(newValue) + 1)) == NULL)
1048 memset((*modvalues)[i], '\0',
1049 (int)(cPtr - linklist_ptr->value) +
1050 (linklist_ptr->length - strlen(oldValue)) +
1051 strlen(newValue) + 1);
1052 memcpy((*modvalues)[i], linklist_ptr->value,
1053 (int)(cPtr - linklist_ptr->value));
1054 strcat((*modvalues)[i], newValue);
1055 strcat((*modvalues)[i],
1056 &linklist_ptr->value[(int)(cPtr - linklist_ptr->value) + strlen(oldValue)]);
1061 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1062 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1063 memcpy((*modvalues)[i], linklist_ptr->value,
1064 linklist_ptr->length);
1069 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1070 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1071 memcpy((*modvalues)[i], linklist_ptr->value,
1072 linklist_ptr->length);
1074 linklist_ptr = linklist_ptr->next;
1076 (*modvalues)[i] = NULL;
1082 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1083 char **attr_array, LK_ENTRY **linklist_base,
1084 int *linklist_count)
1087 LDAPMessage *ldap_entry;
1091 (*linklist_base) = NULL;
1092 (*linklist_count) = 0;
1093 if ((rc = ldap_search_s(ldap_handle, dn_path, LDAP_SCOPE_SUBTREE,
1094 search_exp, attr_array, 0, &ldap_entry))
1097 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base, linklist_count);
1099 ldap_msgfree(ldap_entry);
1104 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1105 LK_ENTRY **linklist_base, int *linklist_count)
1107 char distinguished_name[1024];
1108 LK_ENTRY *linklist_ptr;
1111 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1114 memset(distinguished_name, '\0', sizeof(distinguished_name));
1115 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1117 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1118 linklist_base)) != 0)
1121 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1123 memset(distinguished_name, '\0', sizeof(distinguished_name));
1124 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1126 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1127 linklist_base)) != 0)
1131 linklist_ptr = (*linklist_base);
1132 (*linklist_count) = 0;
1133 while (linklist_ptr != NULL)
1135 ++(*linklist_count);
1136 linklist_ptr = linklist_ptr->next;
1141 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1142 char *distinguished_name, LK_ENTRY **linklist_current)
1148 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry, &ptr)) != NULL)
1150 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
1152 ldap_memfree(Attribute);
1153 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
1156 retrieve_values(ldap_handle, ldap_entry, Attribute,
1157 distinguished_name, linklist_current);
1158 ldap_memfree(Attribute);
1161 ldap_ber_free(ptr, 0);
1165 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1166 char *Attribute, char *distinguished_name,
1167 LK_ENTRY **linklist_current)
1173 LK_ENTRY *linklist_previous;
1174 LDAP_BERVAL **ber_value;
1182 SID_IDENTIFIER_AUTHORITY *sid_auth;
1183 unsigned char *subauth_count;
1184 #endif /*LDAP_BEGUG*/
1187 memset(temp, '\0', sizeof(temp));
1188 if ((!strcmp(Attribute, "objectSid")) ||
1189 (!strcmp(Attribute, "objectGUID")))
1194 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
1195 Ptr = (void **)ber_value;
1200 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
1201 Ptr = (void **)str_value;
1208 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
1210 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
1211 linklist_previous->next = (*linklist_current);
1212 (*linklist_current) = linklist_previous;
1214 if (((*linklist_current)->attribute = calloc(1,
1215 strlen(Attribute) + 1)) == NULL)
1217 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
1218 strcpy((*linklist_current)->attribute, Attribute);
1221 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
1222 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
1224 memset((*linklist_current)->value, '\0', ber_length);
1225 memcpy((*linklist_current)->value, (*(LDAP_BERVAL **)Ptr)->bv_val,
1227 (*linklist_current)->length = ber_length;
1231 if (((*linklist_current)->value = calloc(1,
1232 strlen(*Ptr) + 1)) == NULL)
1234 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
1235 (*linklist_current)->length = strlen(*Ptr);
1236 strcpy((*linklist_current)->value, *Ptr);
1238 (*linklist_current)->ber_value = use_bervalue;
1239 if (((*linklist_current)->dn = calloc(1,
1240 strlen(distinguished_name) + 1)) == NULL)
1242 memset((*linklist_current)->dn, '\0', strlen(distinguished_name) + 1);
1243 strcpy((*linklist_current)->dn, distinguished_name);
1246 if (!strcmp(Attribute, "objectGUID"))
1248 guid = (GUID *)((*linklist_current)->value);
1249 sprintf(temp, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1250 guid->Data1, guid->Data2, guid->Data3,
1251 guid->Data4[0], guid->Data4[1], guid->Data4[2],
1252 guid->Data4[3], guid->Data4[4], guid->Data4[5],
1253 guid->Data4[6], guid->Data4[7]);
1254 print_to_screen(" %20s : {%s}\n", Attribute, temp);
1256 else if (!strcmp(Attribute, "objectSid"))
1258 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
1260 print_to_screen(" Revision = %d\n", sid->Revision);
1261 print_to_screen(" SID Identifier Authority:\n");
1262 sid_auth = &sid->IdentifierAuthority;
1263 if (sid_auth->Value[0])
1264 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
1265 else if (sid_auth->Value[1])
1266 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
1267 else if (sid_auth->Value[2])
1268 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
1269 else if (sid_auth->Value[3])
1270 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
1271 else if (sid_auth->Value[5])
1272 print_to_screen(" SECURITY_NT_AUTHORITY\n");
1274 print_to_screen(" UNKNOWN SID AUTHORITY\n");
1275 subauth_count = GetSidSubAuthorityCount(sid);
1276 print_to_screen(" SidSubAuthorityCount = %d\n",
1278 print_to_screen(" SidSubAuthority:\n");
1279 for (i = 0; i < *subauth_count; i++)
1281 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
1282 print_to_screen(" %u\n", *subauth);
1286 else if ((!memcmp(Attribute, "userAccountControl",
1287 strlen("userAccountControl"))) ||
1288 (!memcmp(Attribute, "sAMAccountType",
1289 strlen("sAmAccountType"))))
1291 intValue = atoi(*Ptr);
1292 print_to_screen(" %20s : %ld\n",Attribute, intValue);
1293 if (!memcmp(Attribute, "userAccountControl",
1294 strlen("userAccountControl")))
1296 if (intValue & UF_ACCOUNTDISABLE)
1297 print_to_screen(" %20s : %s\n",
1298 "", "Account disabled");
1300 print_to_screen(" %20s : %s\n",
1301 "", "Account active");
1302 if (intValue & UF_HOMEDIR_REQUIRED)
1303 print_to_screen(" %20s : %s\n",
1304 "", "Home directory required");
1305 if (intValue & UF_LOCKOUT)
1306 print_to_screen(" %20s : %s\n",
1307 "", "Account locked out");
1308 if (intValue & UF_PASSWD_NOTREQD)
1309 print_to_screen(" %20s : %s\n",
1310 "", "No password required");
1311 if (intValue & UF_PASSWD_CANT_CHANGE)
1312 print_to_screen(" %20s : %s\n",
1313 "", "Cannot change password");
1314 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
1315 print_to_screen(" %20s : %s\n",
1316 "", "Temp duplicate account");
1317 if (intValue & UF_NORMAL_ACCOUNT)
1318 print_to_screen(" %20s : %s\n",
1319 "", "Normal account");
1320 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
1321 print_to_screen(" %20s : %s\n",
1322 "", "Interdomain trust account");
1323 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
1324 print_to_screen(" %20s : %s\n",
1325 "", "Workstation trust account");
1326 if (intValue & UF_SERVER_TRUST_ACCOUNT)
1327 print_to_screen(" %20s : %s\n",
1328 "", "Server trust account");
1333 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
1335 #endif /*LDAP_DEBUG*/
1337 if (str_value != NULL)
1338 ldap_value_free(str_value);
1339 if (ber_value != NULL)
1340 ldap_value_free_len(ber_value);
1342 (*linklist_current) = linklist_previous;
1346 int moira_connect(void)
1351 if (!mr_connections++)
1354 memset(HostName, '\0', sizeof(HostName));
1355 strcpy(HostName, "ttsp");
1356 rc = mr_connect_cl(HostName, "winad.incr", QUERY_VERSION, 1);
1358 rc = mr_connect(HostName);
1363 rc = mr_connect_cl(uts.nodename, "winad.incr", QUERY_VERSION, 1);
1365 rc = mr_connect(uts.nodename);
1370 rc = mr_auth("winad.incr");
1377 void check_winad(void)
1381 for (i = 0; file_exists(STOP_FILE); i++)
1385 critical_alert("AD incremental",
1386 "WINAD incremental failed (%s exists): %s",
1387 STOP_FILE, tbl_buf);
1394 int moira_disconnect(void)
1397 if (!--mr_connections)
1404 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1405 char *distinguished_name)
1409 CName = ldap_get_dn(ldap_handle, ldap_entry);
1412 strcpy(distinguished_name, CName);
1413 ldap_memfree(CName);
1416 int linklist_create_entry(char *attribute, char *value,
1417 LK_ENTRY **linklist_entry)
1419 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
1420 if (!(*linklist_entry))
1424 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
1425 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
1426 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
1427 strcpy((*linklist_entry)->attribute, attribute);
1428 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
1429 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
1430 strcpy((*linklist_entry)->value, value);
1431 (*linklist_entry)->length = strlen(value);
1432 (*linklist_entry)->next = NULL;
1436 void print_to_screen(const char *fmt, ...)
1440 va_start(pvar, fmt);
1441 vfprintf(stderr, fmt, pvar);
1446 int get_group_membership(char *group_membership, char *group_ou,
1447 int *security_flag, char **av)
1452 maillist_flag = atoi(av[L_MAILLIST]);
1453 group_flag = atoi(av[L_GROUP]);
1454 if (security_flag != NULL)
1455 (*security_flag) = 0;
1457 if ((maillist_flag) && (group_flag))
1459 if (group_membership != NULL)
1460 group_membership[0] = 'B';
1461 if (security_flag != NULL)
1462 (*security_flag) = 1;
1463 if (group_ou != NULL)
1464 strcpy(group_ou, group_ou_both);
1466 else if ((!maillist_flag) && (group_flag))
1468 if (group_membership != NULL)
1469 group_membership[0] = 'S';
1470 if (security_flag != NULL)
1471 (*security_flag) = 1;
1472 if (group_ou != NULL)
1473 strcpy(group_ou, group_ou_security);
1475 else if ((maillist_flag) && (!group_flag))
1477 if (group_membership != NULL)
1478 group_membership[0] = 'D';
1479 if (group_ou != NULL)
1480 strcpy(group_ou, group_ou_distribution);
1484 if (group_membership != NULL)
1485 group_membership[0] = 'N';
1486 if (group_ou != NULL)
1487 strcpy(group_ou, group_ou_neither);
1492 int group_rename(LDAP *ldap_handle, char *dn_path,
1493 char *before_group_name, char *before_group_membership,
1494 char *before_group_ou, int before_security_flag, char *before_desc,
1495 char *after_group_name, char *after_group_membership,
1496 char *after_group_ou, int after_security_flag, char *after_desc)
1501 char new_dn_path[512];
1503 char filter_exp[4096];
1504 char *attr_array[3];
1505 char *name_v[] = {NULL, NULL};
1506 char *desc_v[] = {NULL, NULL};
1507 char *samAccountName_v[] = {NULL, NULL};
1508 char *groupTypeControl_v[] = {NULL, NULL};
1509 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1510 char groupTypeControlStr[80];
1514 LK_ENTRY *group_base;
1517 if (!check_string(before_group_name))
1519 com_err(whoami, 0, "invalid LDAP list name %s", before_group_name);
1522 if (!check_string(after_group_name))
1524 com_err(whoami, 0, "invalid LDAP list name %s", after_group_name);
1528 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", before_group_name, before_group_membership[0]);
1529 attr_array[0] = "distinguishedName";
1530 attr_array[1] = NULL;
1531 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1532 &group_base, &group_count)) != 0)
1534 com_err(whoami, 0, "LDAP server unable to get list %s dn : %s",
1535 after_group_name, ldap_err2string(rc));
1538 if (group_count != 1)
1540 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1542 callback_rc = LDAP_NO_SUCH_OBJECT;
1545 strcpy(old_dn, group_base->value);
1546 linklist_free(group_base);
1550 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
1551 sprintf(new_dn, "cn=%s", after_group_name);
1552 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
1553 TRUE, NULL, NULL)) != LDAP_SUCCESS)
1555 com_err(whoami, 0, "Couldn't rename list from %s to %s : %s",
1556 after_group_name, after_group_name, ldap_err2string(rc));
1560 sprintf(sam_name, "%s_zZx%c", after_group_name, after_group_membership[0]);
1561 name_v[0] = after_group_name;
1562 samAccountName_v[0] = sam_name;
1563 desc_v[0] = after_desc;
1564 if (after_security_flag)
1565 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1566 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1567 groupTypeControl_v[0] = groupTypeControlStr;
1569 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
1570 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
1571 if (strlen(after_desc) == 0)
1573 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1574 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
1576 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
1577 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
1579 com_err(whoami, 0, "After renaming, couldn't modify list data for %s : %s",
1580 after_group_name, ldap_err2string(rc));
1582 for (i = 0; i < n; i++)
1587 int group_create(int ac, char **av, void *ptr)
1590 LK_ENTRY *group_base;
1593 char new_group_name[256];
1594 char sam_group_name[256];
1595 char cn_group_name[256];
1596 char *cn_v[] = {NULL, NULL};
1597 char *objectClass_v[] = {"top", "group", NULL};
1599 char *samAccountName_v[] = {NULL, NULL};
1600 char *managedBy_v[] = {NULL, NULL};
1601 char *altSecurityIdentities_v[] = {NULL, NULL};
1602 char *name_v[] = {NULL, NULL};
1603 char *desc_v[] = {NULL, NULL};
1604 char *info_v[] = {NULL, NULL};
1605 char *groupTypeControl_v[] = {NULL, NULL};
1606 char groupTypeControlStr[80];
1607 char group_membership[1];
1610 u_int groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
1614 char filter_exp[256];
1615 char *attr_array[3];
1620 if (!atoi(av[L_ACTIVE]))
1622 if (!check_string(av[L_NAME]))
1624 com_err(whoami, 0, "invalid LDAP list name %s", av[L_NAME]);
1628 memset(group_ou, 0, sizeof(group_ou));
1629 memset(group_membership, 0, sizeof(group_membership));
1631 get_group_membership(group_membership, group_ou, &security_flag, av);
1634 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
1635 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
1636 groupTypeControl_v[0] = groupTypeControlStr;
1638 strcpy(new_group_name, av[L_NAME]);
1639 strcpy(cn_group_name, av[L_NAME]);
1640 sprintf(sam_group_name, "%s_zZx%c", av[L_NAME], group_membership[0]);
1642 samAccountName_v[0] = sam_group_name;
1643 name_v[0] = new_group_name;
1644 cn_v[0] = new_group_name;
1646 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
1648 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
1649 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
1650 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
1651 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
1652 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
1653 if (strlen(av[L_DESC]) != 0)
1655 desc_v[0] = av[L_DESC];
1656 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
1658 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
1659 if (strlen(av[L_ACE_NAME]) != 0)
1661 sprintf(info, "The Administrator of this list is the LIST: %s", av[L_ACE_NAME]);
1663 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
1667 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
1669 for (i = 0; i < n; i++)
1671 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
1673 com_err(whoami, 0, "Unable to create list %s in AD : %s",
1674 av[L_NAME], ldap_err2string(rc));
1678 if (rc == LDAP_ALREADY_EXISTS)
1681 desc_v[0] = av[L_DESC];
1682 if (strlen(av[L_DESC]) == 0)
1684 ADD_ATTR("description", desc_v, LDAP_MOD_REPLACE);
1686 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
1687 for (i = 0; i < n; i++)
1690 sprintf(filter_exp, "(sAMAccountName=%s)", sam_group_name);
1691 attr_array[0] = "objectSid";
1692 attr_array[1] = NULL;
1695 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
1696 &group_base, &group_count)) == LDAP_SUCCESS)
1698 if (group_count == 1)
1700 (*sid_ptr) = group_base;
1701 (*sid_ptr)->member = strdup(av[L_NAME]);
1702 (*sid_ptr)->type = (char *)GROUPS;
1703 sid_ptr = &(*sid_ptr)->next;
1707 if (group_base != NULL)
1708 linklist_free(group_base);
1713 if (group_base != NULL)
1714 linklist_free(group_base);
1716 return(LDAP_SUCCESS);
1719 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name, char *group_membership)
1721 LK_ENTRY *group_base;
1722 char *attr_array[3];
1723 char filter_exp[1024];
1724 char sam_group_name[256];
1729 if (!check_string(group_name))
1731 com_err(whoami, 0, "invalid LDAP list name %s", group_name);
1737 attr_array[0] = "distinguishedName";
1738 attr_array[1] = NULL;
1739 strcpy(sam_group_name, group_name);
1740 sprintf(temp, "%s,%s", group_ou_root, dn_path);
1741 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1742 if (linklist_build(ldap_handle, temp, filter_exp, attr_array,
1743 &group_base, &group_count) != 0)
1745 if (group_count == 1)
1747 if ((rc = ldap_delete_s(ldap_handle, group_base->value)) != LDAP_SUCCESS)
1749 linklist_free(group_base);
1750 com_err(whoami, 0, "Unable to delete list %s from AD : %s",
1751 group_name, ldap_err2string(rc));
1754 linklist_free(group_base);
1758 linklist_free(group_base);
1759 com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
1766 int process_lists(int ac, char **av, void *ptr)
1771 char group_membership[2];
1777 memset(group_ou, '\0', sizeof(group_ou));
1778 memset(group_membership, '\0', sizeof(group_membership));
1779 get_group_membership(group_membership, group_ou, &security_flag, av);
1780 rc = member_add((LDAP *)call_args[0], (char *)call_args[1], av[L_NAME],
1781 group_ou, group_membership, call_args[2], (char *)call_args[3]);
1784 com_err(whoami, 0, "Couldn't add %s to group %s", call_args[2], av[L_NAME]);
1789 int member_list_build(int ac, char **av, void *ptr)
1797 strcpy(temp, av[ACE_NAME]);
1798 if (!check_string(temp))
1800 if (!strcmp(av[ACE_TYPE], "USER"))
1802 if (!((int)call_args[3] & MOIRA_USERS))
1805 else if (!strcmp(av[ACE_TYPE], "STRING"))
1807 if (!((int)call_args[3] & MOIRA_STRINGS))
1809 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
1812 else if (!strcmp(av[ACE_TYPE], "LIST"))
1814 if (!((int)call_args[3] & MOIRA_LISTS))
1817 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
1819 if (!((int)call_args[3] & MOIRA_KERBEROS))
1821 if (contact_create((LDAP *)call_args[0], call_args[1], temp, kerberos_ou))
1827 linklist = member_base;
1830 if (!strcasecmp(temp, linklist->member))
1832 linklist = linklist->next;
1834 linklist = calloc(1, sizeof(LK_ENTRY));
1836 linklist->dn = NULL;
1837 linklist->list = calloc(1, strlen(call_args[2]) + 1);
1838 strcpy(linklist->list, call_args[2]);
1839 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
1840 strcpy(linklist->type, av[ACE_TYPE]);
1841 linklist->member = calloc(1, strlen(temp) + 1);
1842 strcpy(linklist->member, temp);
1843 linklist->next = member_base;
1844 member_base = linklist;
1848 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
1849 char *group_ou, char *group_membership, char *user_name,
1852 char distinguished_name[1024];
1854 char filter_exp[4096];
1855 char *attr_array[3];
1861 LK_ENTRY *group_base;
1864 if (!check_string(group_name))
1866 strcpy(temp, group_name);
1867 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1868 attr_array[0] = "distinguishedName";
1869 attr_array[1] = NULL;
1870 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1871 &group_base, &group_count)) != 0)
1873 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1874 group_name, ldap_err2string(rc));
1877 if (group_count != 1)
1879 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1881 linklist_free(group_base);
1886 strcpy(distinguished_name, group_base->value);
1887 linklist_free(group_base);
1891 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1892 modvalues[0] = temp;
1893 modvalues[1] = NULL;
1896 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
1898 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1899 for (i = 0; i < n; i++)
1901 if (rc != LDAP_SUCCESS)
1903 com_err(whoami, 0, "LDAP server unable to modify list %s members : %s",
1904 group_name, ldap_err2string(rc));
1912 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
1913 char *group_ou, char *group_membership, char *user_name, char *UserOu)
1915 char distinguished_name[1024];
1917 char filter_exp[4096];
1918 char *attr_array[3];
1924 LK_ENTRY *group_base;
1931 if (!check_string(group_name))
1934 strcpy(temp, group_name);
1935 sprintf(filter_exp, "(sAMAccountName=%s_zZx%c)", group_name, group_membership[0]);
1936 attr_array[0] = "distinguishedName";
1937 attr_array[1] = NULL;
1938 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
1939 &group_base, &group_count)) != 0)
1941 com_err(whoami, 0, "LDAP server unable to get list %s info : %s",
1942 group_name, ldap_err2string(rc));
1945 if (group_count != 1)
1947 linklist_free(group_base);
1950 com_err(whoami, 0, "LDAP server unable to find list %s in AD",
1955 strcpy(distinguished_name, group_base->value);
1956 linklist_free(group_base);
1960 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
1961 modvalues[0] = temp;
1962 modvalues[1] = NULL;
1965 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
1967 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
1968 if (rc == LDAP_ALREADY_EXISTS)
1970 for (i = 0; i < n; i++)
1972 if (rc != LDAP_SUCCESS)
1974 com_err(whoami, 0, "LDAP server unable to modify list %s members in AD : %s",
1975 group_name, ldap_err2string(rc));
1981 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
1985 char cn_user_name[256];
1986 char contact_name[256];
1987 char *email_v[] = {NULL, NULL};
1988 char *cn_v[] = {NULL, NULL};
1989 char *contact_v[] = {NULL, NULL};
1990 char *objectClass_v[] = {"top", "person",
1991 "organizationalPerson",
1993 char *name_v[] = {NULL, NULL};
1994 char *desc_v[] = {NULL, NULL};
1999 if (!check_string(user))
2001 com_err(whoami, 0, "invalid LDAP name %s", user);
2004 strcpy(contact_name, user);
2005 sprintf(cn_user_name,"CN=%s,%s,%s", contact_name, group_ou, bind_path);
2006 cn_v[0] = cn_user_name;
2007 contact_v[0] = contact_name;
2009 desc_v[0] = "Auto account created by Moira";
2012 strcpy(new_dn, cn_user_name);
2014 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2015 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2016 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2017 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2018 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2019 if (!strcmp(group_ou, contact_ou))
2021 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
2025 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2026 for (i = 0; i < n; i++)
2028 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2031 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
2032 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2033 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2034 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2035 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2037 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
2038 for (i = 0; i < n; i++)
2041 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2043 com_err(whoami, 0, "could not create contact %s : %s",
2044 user, ldap_err2string(rc));
2050 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
2051 char *Uid, char *MitId)
2054 LK_ENTRY *group_base;
2056 char distinguished_name[256];
2057 char *uid_v[] = {NULL, NULL};
2058 char *mitid_v[] = {NULL, NULL};
2059 char *homedir_v[] = {NULL, NULL};
2060 char *winProfile_v[] = {NULL, NULL};
2061 char *drives_v[] = {NULL, NULL};
2065 char filter_exp[256];
2066 char *attr_array[3];
2070 char winProfile[256];
2072 if (!check_string(user_name))
2074 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2080 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2081 attr_array[0] = "cn";
2082 attr_array[1] = NULL;
2083 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2084 &group_base, &group_count)) != 0)
2086 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2087 user_name, ldap_err2string(rc));
2091 if (group_count != 1)
2093 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2095 linklist_free(group_base);
2096 return(LDAP_NO_SUCH_OBJECT);
2098 strcpy(distinguished_name, group_base->dn);
2100 linklist_free(group_base);
2103 if (strlen(Uid) != 0)
2106 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2107 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2109 if (strlen(MitId) != 0)
2112 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2114 if ((hp = hes_resolve(user_name, "filsys")) != NULL)
2116 memset(path, 0, sizeof(path));
2117 memset(winPath, 0, sizeof(winPath));
2118 sscanf(hp[0], "%*s %s", path);
2119 if (strlen(path) && strnicmp(path, AFS, strlen(AFS)) == 0)
2121 AfsToWinAfs(path, winPath);
2122 homedir_v[0] = winPath;
2123 ADD_ATTR("homeDirectory", homedir_v, LDAP_MOD_REPLACE);
2124 strcpy(winProfile, winPath);
2125 strcat(winProfile, "\\.winprofile");
2126 winProfile_v[0] = winProfile;
2127 ADD_ATTR("profilePath", winProfile_v, LDAP_MOD_REPLACE);
2129 ADD_ATTR("homeDrive", drives_v, LDAP_MOD_REPLACE);
2135 if ((rc = ldap_modify_s(ldap_handle, distinguished_name, mods)) != LDAP_SUCCESS)
2137 com_err(whoami, 0, "Couldn't modify user data for %s : %s",
2138 user_name, ldap_err2string(rc));
2140 for (i = 0; i < n; i++)
2156 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
2157 char *user_name, char *Uid, char *MitId, int State)
2164 char *userPrincipalName_v[] = {NULL, NULL};
2165 char *altSecurityIdentities_v[] = {NULL, NULL};
2166 char *name_v[] = {NULL, NULL};
2167 char *samAccountName_v[] = {NULL, NULL};
2168 char *uid_v[] = {NULL, NULL};
2169 char *mitid_v[] = {NULL, NULL};
2174 if ((State != US_REGISTERED) && (State != US_NO_PASSWD) && (State != US_ENROLL_NOT_ALLOWED))
2177 if (!check_string(before_user_name))
2179 com_err(whoami, 0, "invalid LDAP user name %s", before_user_name);
2182 if (!check_string(user_name))
2184 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2188 strcpy(user_name, user_name);
2189 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
2190 sprintf(new_dn, "cn=%s", user_name);
2191 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
2192 NULL, NULL)) != LDAP_SUCCESS)
2194 if (rc != LDAP_NO_SUCH_OBJECT)
2195 com_err(whoami, 0, "Couldn't rename user from %s to %s : %s",
2196 before_user_name, user_name, ldap_err2string(rc));
2200 name_v[0] = user_name;
2201 sprintf(upn, "%s@%s", user_name, ldap_domain);
2202 userPrincipalName_v[0] = upn;
2203 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2204 altSecurityIdentities_v[0] = temp;
2205 samAccountName_v[0] = user_name;
2208 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
2209 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
2210 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2211 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2212 if (strlen(Uid) != 0)
2215 ADD_ATTR("uid", uid_v, LDAP_MOD_REPLACE);
2216 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
2218 if (strlen(MitId) != 0)
2221 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_REPLACE);
2224 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
2225 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2227 com_err(whoami, 0, "After renaming, couldn't modify user data for %s : %s",
2228 user_name, ldap_err2string(rc));
2230 for (i = 0; i < n; i++)
2235 int filesys_process(LDAP *ldap_handle, char *dn_path, char *fs_name,
2236 char *fs_type, char *fs_pack, int operation)
2238 char distinguished_name[256];
2240 char winProfile[256];
2241 char filter_exp[256];
2242 char *attr_array[3];
2243 char *homedir_v[] = {NULL, NULL};
2244 char *winProfile_v[] = {NULL, NULL};
2245 char *drives_v[] = {NULL, NULL};
2251 LK_ENTRY *group_base;
2253 if (!check_string(fs_name))
2255 com_err(whoami, 0, "invalid filesys name %s", fs_name);
2259 if (strcmp(fs_type, "AFS"))
2261 com_err(whoami, 0, "invalid filesys type %s", fs_type);
2267 sprintf(filter_exp, "(sAMAccountName=%s)", fs_name);
2268 attr_array[0] = "cn";
2269 attr_array[1] = NULL;
2270 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2271 &group_base, &group_count)) != 0)
2273 com_err(whoami, 0, "LDAP server couldn't process filesys %s : %s",
2274 fs_name, ldap_err2string(rc));
2278 if (group_count != 1)
2280 linklist_free(group_base);
2281 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2283 return(LDAP_NO_SUCH_OBJECT);
2285 strcpy(distinguished_name, group_base->dn);
2286 linklist_free(group_base);
2290 if (operation == LDAP_MOD_ADD)
2292 memset(winPath, 0, sizeof(winPath));
2293 AfsToWinAfs(fs_pack, winPath);
2294 homedir_v[0] = winPath;
2296 memset(winProfile, 0, sizeof(winProfile));
2297 strcpy(winProfile, winPath);
2298 strcat(winProfile, "\\.winprofile");
2299 winProfile_v[0] = winProfile;
2303 homedir_v[0] = NULL;
2305 winProfile_v[0] = NULL;
2307 ADD_ATTR("profilePath", winProfile_v, operation);
2308 ADD_ATTR("homeDrive", drives_v, operation);
2309 ADD_ATTR("homeDirectory", homedir_v, operation);
2312 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2313 if (rc != LDAP_SUCCESS)
2315 com_err(whoami, 0, "Couldn't modify user data for filesys %s : %s",
2316 fs_name, ldap_err2string(rc));
2318 for (i = 0; i < n; i++)
2324 int user_create(int ac, char **av, void *ptr)
2326 LK_ENTRY *group_base;
2329 char user_name[256];
2332 char *cn_v[] = {NULL, NULL};
2333 char *objectClass_v[] = {"top", "person",
2334 "organizationalPerson",
2337 char *samAccountName_v[] = {NULL, NULL};
2338 char *altSecurityIdentities_v[] = {NULL, NULL};
2339 char *name_v[] = {NULL, NULL};
2340 char *desc_v[] = {NULL, NULL};
2341 char *userPrincipalName_v[] = {NULL, NULL};
2342 char *userAccountControl_v[] = {NULL, NULL};
2343 char *uid_v[] = {NULL, NULL};
2344 char *mitid_v[] = {NULL, NULL};
2345 char userAccountControlStr[80];
2347 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_PASSWD_CANT_CHANGE;
2352 char filter_exp[256];
2353 char *attr_array[3];
2358 if ((atoi(av[U_STATE]) != US_REGISTERED) && (atoi(av[U_STATE]) != US_NO_PASSWD) &&
2359 (atoi(av[U_STATE]) != US_ENROLL_NOT_ALLOWED))
2364 if (!strncmp(av[U_NAME], "#", 1))
2369 if (!check_string(av[U_NAME]))
2372 com_err(whoami, 0, "invalid LDAP user name %s", av[U_NAME]);
2376 strcpy(user_name, av[U_NAME]);
2377 sprintf(upn, "%s@%s", user_name, ldap_domain);
2378 sprintf(sam_name, "%s", av[U_NAME]);
2379 samAccountName_v[0] = sam_name;
2380 if (atoi(av[U_STATE]) == US_DELETED)
2381 userAccountControl |= UF_ACCOUNTDISABLE;
2382 sprintf(userAccountControlStr, "%ld", userAccountControl);
2383 userAccountControl_v[0] = userAccountControlStr;
2384 userPrincipalName_v[0] = upn;
2386 cn_v[0] = user_name;
2387 name_v[0] = user_name;
2388 desc_v[0] = "Auto account created by Moira";
2389 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
2390 altSecurityIdentities_v[0] = temp;
2391 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
2394 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2395 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2396 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2397 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
2398 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
2399 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2400 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2401 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2402 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
2403 if (strlen(av[U_UID]) != 0)
2405 uid_v[0] = av[U_UID];
2406 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
2407 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
2409 if (strlen(av[U_MITID]) != 0)
2410 mitid_v[0] = av[U_MITID];
2412 mitid_v[0] = "none";
2413 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
2416 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2417 for (i = 0; i < n; i++)
2419 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2421 com_err(whoami, 0, "could not create user %s : %s",
2422 user_name, ldap_err2string(rc));
2426 if (rc == LDAP_ALREADY_EXISTS)
2429 rc = user_change_status((LDAP *)call_args[0], call_args[1], av[U_NAME], MEMBER_ACTIVATE);
2432 if (rc == LDAP_SUCCESS)
2434 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
2436 com_err(whoami, 0, "Couldn't set password for user %s : %ld",
2440 sprintf(filter_exp, "(sAMAccountName=%s)", av[U_NAME]);
2441 attr_array[0] = "objectSid";
2442 attr_array[1] = NULL;
2445 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1], filter_exp, attr_array,
2446 &group_base, &group_count)) == LDAP_SUCCESS)
2448 if (group_count == 1)
2450 (*sid_ptr) = group_base;
2451 (*sid_ptr)->member = strdup(av[L_NAME]);
2452 (*sid_ptr)->type = (char *)GROUPS;
2453 sid_ptr = &(*sid_ptr)->next;
2457 if (group_base != NULL)
2458 linklist_free(group_base);
2463 if (group_base != NULL)
2464 linklist_free(group_base);
2469 int user_change_status(LDAP *ldap_handle, char *dn_path, char *user_name, int operation)
2471 char filter_exp[1024];
2472 char *attr_array[3];
2474 char distinguished_name[1024];
2477 LK_ENTRY *group_base;
2484 if (!check_string(user_name))
2486 com_err(whoami, 0, "invalid LDAP user name %s", user_name);
2492 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2493 attr_array[0] = "UserAccountControl";
2494 attr_array[1] = NULL;
2495 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2496 &group_base, &group_count)) != 0)
2498 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2499 user_name, ldap_err2string(rc));
2503 if (group_count != 1)
2505 linklist_free(group_base);
2506 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2508 return(LDAP_NO_SUCH_OBJECT);
2511 strcpy(distinguished_name, group_base->dn);
2512 ulongValue = atoi((*group_base).value);
2513 if (operation == MEMBER_DEACTIVATE)
2514 ulongValue |= UF_ACCOUNTDISABLE;
2516 ulongValue &= ~UF_ACCOUNTDISABLE;
2517 sprintf(temp, "%ld", ulongValue);
2518 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
2519 temp, &modvalues, REPLACE)) == 1)
2521 linklist_free(group_base);
2525 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
2527 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
2528 for (i = 0; i < n; i++)
2530 free_values(modvalues);
2531 if (rc != LDAP_SUCCESS)
2533 com_err(whoami, 0, "LDAP server could not change status of user %s : %s",
2534 user_name, ldap_err2string(rc));
2540 int user_delete(LDAP *ldap_handle, char *dn_path, char *u_name)
2542 char filter_exp[1024];
2543 char *attr_array[3];
2544 char distinguished_name[1024];
2545 char user_name[512];
2546 LK_ENTRY *group_base;
2550 if (!check_string(u_name))
2552 strcpy(user_name, u_name);
2555 sprintf(filter_exp, "(sAMAccountName=%s)", user_name);
2556 attr_array[0] = "name";
2557 attr_array[1] = NULL;
2558 if ((rc = linklist_build(ldap_handle, dn_path, filter_exp, attr_array,
2559 &group_base, &group_count)) != 0)
2561 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2562 user_name, ldap_err2string(rc));
2566 if (group_count != 1)
2568 com_err(whoami, 0, "LDAP server unable to find user %s in AD",
2573 strcpy(distinguished_name, group_base->dn);
2574 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
2576 com_err(whoami, 0, "LDAP server couldn't process user %s : %s",
2577 user_name, ldap_err2string(rc));
2581 linklist_free(group_base);
2585 void linklist_free(LK_ENTRY *linklist_base)
2587 LK_ENTRY *linklist_previous;
2589 while (linklist_base != NULL)
2591 if (linklist_base->dn != NULL)
2592 free(linklist_base->dn);
2593 if (linklist_base->attribute != NULL)
2594 free(linklist_base->attribute);
2595 if (linklist_base->value != NULL)
2596 free(linklist_base->value);
2597 if (linklist_base->member != NULL)
2598 free(linklist_base->member);
2599 if (linklist_base->type != NULL)
2600 free(linklist_base->type);
2601 if (linklist_base->list != NULL)
2602 free(linklist_base->list);
2603 linklist_previous = linklist_base;
2604 linklist_base = linklist_previous->next;
2605 free(linklist_previous);
2609 void free_values(char **modvalues)
2614 if (modvalues != NULL)
2616 while (modvalues[i] != NULL)
2619 modvalues[i] = NULL;
2626 int sid_update(LDAP *ldap_handle, char *dn_path)
2630 unsigned char temp[126];
2637 memset(temp, 0, sizeof(temp));
2638 convert_b_to_a(temp, ptr->value, ptr->length);
2641 av[0] = ptr->member;
2643 if (ptr->type == (char *)GROUPS)
2646 rc = mr_query("add_list_sid_by_name", 2, av, NULL, NULL);
2648 else if (ptr->type == (char *)USERS)
2651 rc = mr_query("add_user_sid_by_login", 2, av, NULL, NULL);
2658 void convert_b_to_a(char *string, UCHAR *binary, int length)
2665 for (i = 0; i < length; i++)
2672 if (string[j] > '9')
2675 string[j] = tmp & 0x0f;
2677 if (string[j] > '9')
2684 static int illegalchars[] = {
2685 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
2686 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
2687 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
2688 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
2689 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
2690 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
2691 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
2692 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
2693 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2694 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2695 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2696 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2697 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2698 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2699 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2700 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
2703 int check_string(char *s)
2710 if (isupper(character))
2711 character = tolower(character);
2712 if (illegalchars[(unsigned) character])
2718 int mr_connect_cl(char *server, char *client, int version, int auth)
2724 status = mr_connect(server);
2727 com_err(whoami, status, "while connecting to Moira");
2731 status = mr_motd(&motd);
2735 com_err(whoami, status, "while checking server status");
2740 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
2741 com_err(whoami, status, temp);
2746 status = mr_version(version);
2749 if (status == MR_UNKNOWN_PROC)
2752 status = MR_VERSION_HIGH;
2754 status = MR_SUCCESS;
2757 if (status == MR_VERSION_HIGH)
2759 com_err(whoami, 0, "Warning: This client is running newer code than the server.");
2760 com_err(whoami, 0, "Some operations may not work.");
2762 else if (status && status != MR_VERSION_LOW)
2764 com_err(whoami, status, "while setting query version number.");
2772 status = mr_auth(client);
2775 com_err(whoami, status, "while authenticating to Moira.");
2784 void AfsToWinAfs(char* path, char* winPath)
2788 strcpy(winPath, WINAFS);
2789 pathPtr = path + strlen(AFS);
2790 winPathPtr = winPath + strlen(WINAFS);
2794 if (*pathPtr == '/')
2797 *winPathPtr = *pathPtr;