2 /* ldap.incr arguments example
4 * arguments when moira creates the account - ignored by ldap.incr since the
5 * account is unusable. users 0 11 #45198 45198 /bin/cmd cmd Last First Middle
6 * 0 950000001 2000 121049
8 * login, unix_uid, shell, winconsoleshell, last,
9 * first, middle, status, mitid, type, moiraid
11 * arguments for creating or updating a user account
12 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
13 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
14 * First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
15 * users 11 11 #45206 45206 /bin/cmd cmd Last First Middle 0 950000001 STAFF
16 * 121058 PathToHomeDir PathToProfileDir newuser 45206 /bin/cmd cmd Last
17 * First Middle 2 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
19 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
20 * mitid, type, moiraid
22 * arguments for deactivating/deleting a user account
23 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
24 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
25 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
26 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF
27 * 121058 PathToHomeDir PathToProfileDir username 45206 /bin/cmd cmd Last
28 * First Middle 3 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
30 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
31 * mitid, type, moiraid
33 * arguments for reactivating a user account
34 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
35 * 121058 username 45206 /bin/cmd cmd Last First Middle 1 950000001 STAFF
37 * users 11 11 username 45206 /bin/cmd cmd Last First Middle 3 950000001 STAFF
38 * 121058 username 45206 /bin/cmd cmd Last First Middle 2 950000001 STAFF 12105
40 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
41 * mitid, type, moiraid
43 * arguments for changing user name
44 * users 11 11 oldusername 45206 /bin/cmd cmd Last First Middle 1 950000001
45 * STAFF 121058 PathToHomeDir PathToProfileDir newusername 45206 /bin/cmd cmd
46 * Last First Middle 1 950000001 STAFF 121058 PathToHomeDir PathToProfileDir
48 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
49 * mitid, type, moiraid
51 * arguments for expunging a user
52 * users 11 0 username 45198 /bin/cmd cmd Last First Middle 0 950000001 2000
55 * login, unix_uid, shell, winconsoleshell, last, first, middle, status,
56 * mitid, type, moiraid
58 * arguments for creating a "special" group/list
59 * list 0 11 listname 1 1 0 0 0 -1 NONE 0 description 92616
61 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
62 * acl_id, description, moiraid
64 * arguments for creating a "mail" group/list
65 * list 0 11 listname 1 1 0 1 0 -1 NONE 0 description 92616
67 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
68 * acl_id, description, moiraid
70 * arguments for creating a "group" group/list
71 * list 0 11 listname 1 1 0 0 1 -1 NONE 0 description 92616
73 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
74 * acl_id, description, moiraid
76 * arguments for creating a "group/mail" group/list
77 * list 0 11 listname 1 1 0 1 1 -1 NONE 0 description 92616
79 * listname, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
80 * acl_id, description, moiraid
82 * arguments to add a USER member to group/list
83 * imembers 0 12 listname USER userName 1 1 0 0 0 -1 1 92616 121047
85 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
86 * gid, userStatus, moiraListId, moiraUserId
88 * arguments to add a STRING or KERBEROS member to group/list
89 * imembers 0 10 listname STRING stringName 1 1 0 0 0 -1 92616
90 * imembers 0 10 listlistnameName KERBEROS kerberosName 1 1 0 0 0 -1 92616
92 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
95 * NOTE: group members of type LIST are ignored.
97 * arguments to remove a USER member to group/list
98 * imembers 12 0 listname USER userName 1 1 0 0 0 -1 1 92616 121047
100 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
101 * gid, userStatus, moiraListId, moiraUserId
103 * arguments to remove a STRING or KERBEROS member to group/list
104 * imembers 10 0 listname STRING stringName 1 1 0 0 0 -1 92616
105 * imembers 10 0 listname KERBEROS kerberosName 1 1 0 0 0 -1 92616
107 * list_name, user_type, name, active, publicflg, hidden, maillist, grouplist,
110 * NOTE: group members of type LIST are ignored.
112 * arguments for renaming a group/list
113 * list 11 11 oldlistname 1 1 0 0 0 -1 NONE 0 description 92616 newlistname 1
114 * 1 0 0 0 -1 description 0 92616
116 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
117 * acl_id, description, moiraListId
119 * arguments for deleting a group/list
120 * list 11 0 listname 1 1 0 0 0 -1 NONE 0 description 92616
122 * name, active, publicflg, hidden, maillist, grouplist, gid, acl_type,
123 * acl_id, description, moiraListId
125 * arguments for adding a file system
126 * filesys 0 12 username AFS ATHENA.MIT.EDU
127 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
128 * wheel 1 HOMEDIR 101727
130 * arguments for deleting a file system
131 * filesys 12 0 username AFS ATHENA.MIT.EDU
132 * /afs/athena.mit.edu/user/n/e/username /mit/username w descripton username
133 * wheel 1 HOMEDIR 101727
135 * arguments when moira creates a container (OU).
136 * containers 0 8 machines/test/bottom description location contact USER
139 * arguments when moira deletes a container (OU).
140 * containers 8 0 machines/test/bottom description location contact USER
141 * 105316 2222 groupname
143 * arguments when moira modifies a container information (OU).
144 * containers 8 8 machines/test/bottom description location contact USER
145 * 105316 2222 groupname machines/test/bottom description1 location contact
146 * USER 105316 2222 groupname
148 * arguments when moira adds a machine from an OU
149 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
150 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
152 * arguments when moira removes a machine from an OU
153 * table name, beforec, afterc, machine_name, container_name, mach_id, cnt_id
154 * mcntmap 0 5 DAVIDT.MIT.EDU dttest/dttest1 76767 46 groupname
158 #include <mit-copyright.h>
161 #include <winsock2.h>
165 #include <lmaccess.h>
173 #include <moira_site.h>
174 #include <mrclient.h>
182 #define ECONNABORTED WSAECONNABORTED
185 #define ECONNREFUSED WSAECONNREFUSED
188 #define EHOSTUNREACH WSAEHOSTUNREACH
190 #define krb5_xfree free
192 #define sleep(A) Sleep(A * 1000);
196 #include <sys/types.h>
197 #include <netinet/in.h>
198 #include <arpa/nameser.h>
200 #include <sys/utsname.h>
203 #define CFG_PATH "/moira/ldap/"
204 #define WINADCFG "ldap.cfg"
205 #define strnicmp(A,B,C) strncasecmp(A,B,C)
206 #define UCHAR unsigned char
208 #define UF_SCRIPT 0x0001
209 #define UF_ACCOUNTDISABLE 0x0002
210 #define UF_HOMEDIR_REQUIRED 0x0008
211 #define UF_LOCKOUT 0x0010
212 #define UF_PASSWD_NOTREQD 0x0020
213 #define UF_PASSWD_CANT_CHANGE 0x0040
214 #define UF_DONT_EXPIRE_PASSWD 0x10000
216 #define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
217 #define UF_NORMAL_ACCOUNT 0x0200
218 #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
219 #define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
220 #define UF_SERVER_TRUST_ACCOUNT 0x2000
222 #define OWNER_SECURITY_INFORMATION (0x00000001L)
223 #define GROUP_SECURITY_INFORMATION (0x00000002L)
224 #define DACL_SECURITY_INFORMATION (0x00000004L)
225 #define SACL_SECURITY_INFORMATION (0x00000008L)
228 #define BYTE unsigned char
230 typedef unsigned int DWORD;
231 typedef unsigned long ULONG;
236 unsigned short Data2;
237 unsigned short Data3;
238 unsigned char Data4[8];
241 typedef struct _SID_IDENTIFIER_AUTHORITY {
243 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
245 typedef struct _SID {
247 BYTE SubAuthorityCount;
248 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
249 DWORD SubAuthority[512];
254 #define WINADCFG "ldap.cfg"
262 #define WINAFS "\\\\afs\\all\\"
264 #define ADS_GROUP_TYPE_GLOBAL_GROUP 0x00000002
265 #define ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 0x00000004
266 #define ADS_GROUP_TYPE_LOCAL_GROUP 0x00000004
267 #define ADS_GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
268 #define ADS_GROUP_TYPE_SECURITY_ENABLED 0x80000000
270 #define QUERY_VERSION -1
271 #define PRIMARY_REALM "ATHENA.MIT.EDU"
272 #define PRIMARY_DOMAIN "win.mit.edu"
273 #define PRODUCTION_PRINCIPAL "sms"
274 #define TEST_PRINCIPAL "smstest"
283 #define MEMBER_REMOVE 2
284 #define MEMBER_CHANGE_NAME 3
285 #define MEMBER_ACTIVATE 4
286 #define MEMBER_DEACTIVATE 5
287 #define MEMBER_CREATE 6
289 #define MOIRA_ALL 0x0
290 #define MOIRA_USERS 0x1
291 #define MOIRA_KERBEROS 0x2
292 #define MOIRA_STRINGS 0x4
293 #define MOIRA_LISTS 0x8
294 #define MOIRA_MACHINE 0x16
296 #define CHECK_GROUPS 1
297 #define CLEANUP_GROUPS 2
299 #define AD_NO_GROUPS_FOUND -1
300 #define AD_WRONG_GROUP_DN_FOUND -2
301 #define AD_MULTIPLE_GROUPS_FOUND -3
302 #define AD_INVALID_NAME -4
303 #define AD_LDAP_FAILURE -5
304 #define AD_INVALID_FILESYS -6
305 #define AD_NO_ATTRIBUTE_FOUND -7
306 #define AD_NO_OU_FOUND -8
307 #define AD_NO_USER_FOUND -9
309 /* container arguments */
310 #define CONTAINER_NAME 0
311 #define CONTAINER_DESC 1
312 #define CONTAINER_LOCATION 2
313 #define CONTAINER_CONTACT 3
314 #define CONTAINER_TYPE 4
315 #define CONTAINER_ID 5
316 #define CONTAINER_ROWID 6
317 #define CONTAINER_GROUP_NAME 7
319 /*mcntmap arguments*/
320 #define OU_MACHINE_NAME 0
321 #define OU_CONTAINER_NAME 1
322 #define OU_MACHINE_ID 2
323 #define OU_CONTAINER_ID 3
324 #define OU_CONTAINER_GROUP 4
326 typedef struct lk_entry {
336 struct lk_entry *next;
339 #define STOP_FILE "/moira/ldap/noldap"
340 #define file_exists(file) (access((file), F_OK) == 0)
342 #define N_SD_BER_BYTES 5
343 #define LDAP_BERVAL struct berval
344 #define MAX_SERVER_NAMES 32
346 #define HIDDEN_GROUP "HiddenGroup.g"
347 #define HIDDEN_GROUP_WITH_ADMIN "HiddenGroupWithAdmin.g"
348 #define NOT_HIDDEN_GROUP "NotHiddenGroup.g"
349 #define NOT_HIDDEN_GROUP_WITH_ADMIN "NotHiddenGroupWithAdmin.g"
351 #define ADDRESS_LIST_PREFIX "CN=MIT Directory,CN=All Address Lists,\
352 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
353 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
355 #define GLOBAL_ADDRESS_LIST_PREFIX "CN=Default Global Address List,\
356 CN=All Global Address Lists,CN=Address Lists Container,\
357 CN=Massachusetts Institute of Technology,CN=Microsoft Exchange,CN=Services,\
360 #define EMAIL_ADDRESS_LIST_PREFIX "CN=Email Users,CN=All Users,\
361 CN=All Address Lists,CN=Address Lists Container,\
362 CN=Massachusetts Institute of Technology,CN=Microsoft Exchange,\
363 CN=Services,CN=Configuration,"
365 #define ALL_ADDRESS_LIST_PREFIX "CN=All Users,CN=All Address Lists,\
366 CN=Address Lists Container,CN=Massachusetts Institute of Technology,\
367 CN=Microsoft Exchange,CN=Services,CN=Configuration,"
369 #define ADD_ATTR(t, v, o) \
370 mods[n] = malloc(sizeof(LDAPMod)); \
371 mods[n]->mod_op = o; \
372 mods[n]->mod_type = t; \
373 mods[n++]->mod_values = v
375 #define DEL_ATTR(t, o) \
376 DelMods[i] = malloc(sizeof(LDAPMod)); \
377 DelMods[i]->mod_op = o; \
378 DelMods[i]->mod_type = t; \
379 DelMods[i++]->mod_values = NULL
381 #define DOMAIN_SUFFIX "MIT.EDU"
382 #define DOMAIN "DOMAIN:"
383 #define PRINCIPALNAME "PRINCIPAL:"
384 #define SERVER "SERVER:"
387 #define GROUP_SUFFIX "GROUP_SUFFIX:"
388 #define GROUP_TYPE "GROUP_TYPE:"
389 #define SET_GROUP_ACE "SET_GROUP_ACE:"
390 #define SET_PASSWORD "SET_PASSWORD:"
391 #define EXCHANGE "EXCHANGE:"
392 #define REALM "REALM:"
393 #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
395 #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
396 #define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
397 #define MAX_MEMBERS "MAX_MEMBERS:"
398 #define MAX_DOMAINS 10
399 char DomainNames[MAX_DOMAINS][128];
401 LK_ENTRY *member_base = NULL;
403 char PrincipalName[128];
404 static char tbl_buf[1024];
405 char kerberos_ou[] = "OU=kerberos,OU=moira";
406 char contact_ou[] = "OU=strings,OU=moira";
407 char user_ou[] = "OU=users,OU=moira";
408 char group_ou_distribution[1024];
409 char group_ou_root[1024];
410 char group_ou_security[1024];
411 char group_ou_neither[1024];
412 char group_ou_both[1024];
413 char orphans_machines_ou[] = "OU=Machines,OU=Orphans";
414 char orphans_other_ou[] = "OU=Other,OU=Orphans";
415 char security_template_ou[] = "OU=security_templates";
417 char ldap_domain[256];
418 char ldap_realm[256];
420 char *ServerList[MAX_SERVER_NAMES];
421 char default_server[256];
422 static char tbl_buf[1024];
423 char group_suffix[256];
424 char exchange_acl[256];
425 int mr_connections = 0;
428 int UseGroupSuffix = 1;
429 int UseGroupUniversal = 0;
433 int ProcessMachineContainer = 1;
434 int ActiveDirectory = 1;
435 int UpdateDomainList;
437 int GroupPopulateDelete = 0;
438 int group_members = 0;
439 int max_group_members = 0;
441 extern int set_password(char *user, char *password, char *domain);
443 int ad_get_group(LDAP *ldap_handle, char *dn_path, char *group_name,
444 char *group_membership, char *MoiraId, char *attribute,
445 LK_ENTRY **linklist_base, int *linklist_count,
447 void AfsToWinAfs(char* path, char* winPath);
448 int ad_connect(LDAP **ldap_handle, char *ldap_domain, char *dn_path,
449 char *Win2kPassword, char *Win2kUser, char *default_server,
450 int connect_to_kdc, char **ServerList, char *ldap_realm,
452 void ad_kdc_disconnect();
453 int ad_server_connect(char *connectedServer, char *domain);
454 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
455 char *attribute_value, char *attribute, char *user_name);
456 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer);
457 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name);
458 int check_winad(void);
459 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName,
462 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
463 char *distinguishedName, int count, char **av);
464 void container_check(LDAP *ldap_handle, char *dn_path, char *name);
465 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av);
466 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av);
467 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
468 char *distinguishedName, int count,
470 void container_get_dn(char *src, char *dest);
471 void container_get_name(char *src, char *dest);
472 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName);
473 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
474 char **before, int afterc, char **after);
475 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
476 char **before, int afterc, char **after);
478 int GetAceInfo(int ac, char **av, void *ptr);
479 int get_group_membership(char *group_membership, char *group_ou,
480 int *security_flag, char **av);
481 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
482 char *machine_ou, char *pPtr);
483 int Moira_container_group_create(char **after);
484 int Moira_container_group_delete(char **before);
485 int Moira_groupname_create(char *GroupName, char *ContainerName,
486 char *ContainerRowID);
487 int Moira_container_group_update(char **before, char **after);
488 int Moira_process_machine_container_group(char *MachineName, char* groupName,
490 int Moira_addGroupToParent(char *origContainerName, char *GroupName);
491 int Moira_getContainerGroup(int ac, char **av, void *ptr);
492 int Moira_getGroupName(char *origContainerName, char *GroupName,
494 int Moira_setContainerGroup(char *ContainerName, char *GroupName);
495 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *group_name, char *Type,
496 int UpdateGroup, int *ProcessGroup, char *maillist,
498 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
499 char *group_name, char *group_ou, char *group_membership,
500 int group_security_flag, int type, char *maillist,
502 int process_lists(int ac, char **av, void *ptr);
503 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
504 char *TargetGroupName, int HiddenGroup,
505 char *AceType, char *AceName);
506 int ProcessMachineName(int ac, char **av, void *ptr);
507 int ReadConfigFile(char *DomainName);
508 int ReadDomainList();
509 void StringTrim(char *StringToTrim);
510 char *escape_string(char *s);
511 int save_query_info(int argc, char **argv, void *hint);
512 int save_fsgroup_info(int argc, char **argv, void *hint);
513 int user_create(int ac, char **av, void *ptr);
514 int user_change_status(LDAP *ldap_handle, char *dn_path,
515 char *user_name, char *MoiraId, int operation);
516 int user_delete(LDAP *ldap_handle, char *dn_path,
517 char *u_name, char *MoiraId);
518 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
520 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
521 char *uid, char *MitId, char *MoiraId, int State,
522 char *WinHomeDir, char *WinProfileDir, char *first,
523 char *middle, char *last, char *shell, char *class);
524 void change_to_lower_case(char *ptr);
525 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou);
526 int contact_remove_email(LDAP *ld, char *bind_path,
527 LK_ENTRY **linklist_entry, int linklist_current);
528 int group_create(int ac, char **av, void *ptr);
529 int group_delete(LDAP *ldap_handle, char *dn_path,
530 char *group_name, char *group_membership, char *MoiraId);
531 int group_rename(LDAP *ldap_handle, char *dn_path,
532 char *before_group_name, char *before_group_membership,
533 char *before_group_ou, int before_security_flag,
534 char *before_desc, char *after_group_name,
535 char *after_group_membership, char *after_group_ou,
536 int after_security_flag, char *after_desc,
537 char *MoiraId, char *filter, char *maillist, char *nfsgroup);
538 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name);
539 int machine_GetMoiraContainer(int ac, char **av, void *ptr);
540 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
541 char *machine_name, char *container_name);
542 int machine_move_to_ou(LDAP *ldap_handle, char *dn_path,
543 char *MoiraMachineName, char *DestinationOu);
544 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
545 char *group_name, char *group_ou, char *group_membership,
546 int group_security_flag, int updateGroup, char *maillist,
548 int member_list_build(int ac, char **av, void *ptr);
549 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
550 char *group_ou, char *group_membership,
551 char *user_name, char *pUserOu, char *MoiraId);
552 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
553 char *group_ou, char *group_membership, char *user_name,
554 char *pUserOu, char *MoiraId);
555 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
556 char *UserOu, char *member);
557 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
558 char *group_ou, char *group_membership,
559 int group_security_flag, char *MoiraId, int synchronize);
560 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
561 char *DistinguishedName,
562 char *WinHomeDir, char *WinProfileDir,
563 char **homedir_v, char **winProfile_v,
564 char **drives_v, LDAPMod **mods,
566 int sid_update(LDAP *ldap_handle, char *dn_path);
567 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n);
568 int check_string(char *s);
569 int check_container_name(char* s);
571 int mr_connect_cl(char *server, char *client, int version, int auth);
572 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
573 char **before, int beforec, char **after, int afterc);
574 void do_filesys(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
575 char **before, int beforec, char **after, int afterc);
576 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
577 char **before, int beforec, char **after, int afterc);
578 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
579 char **before, int beforec, char **after, int afterc);
580 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
581 char **before, int beforec, char **after, int afterc);
582 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
583 char **before, int beforec, char **after, int afterc);
584 int linklist_create_entry(char *attribute, char *value,
585 LK_ENTRY **linklist_entry);
586 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
587 char **attr_array, LK_ENTRY **linklist_base,
588 int *linklist_count, unsigned long ScopeType);
589 void linklist_free(LK_ENTRY *linklist_base);
591 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
592 char *distinguished_name, LK_ENTRY **linklist_current);
593 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
594 LK_ENTRY **linklist_base, int *linklist_count);
595 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
596 char *Attribute, char *distinguished_name,
597 LK_ENTRY **linklist_current);
599 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
600 char *oldValue, char *newValue,
601 char ***modvalues, int type);
602 void free_values(char **modvalues);
604 int convert_domain_to_dn(char *domain, char **bind_path);
605 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
606 char *distinguished_name);
607 int moira_disconnect(void);
608 int moira_connect(void);
609 void print_to_screen(const char *fmt, ...);
610 int GetMachineName(char *MachineName);
611 int tickets_get_k5();
612 int destroy_cache(void);
615 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
616 char **homeServerName);
618 int main(int argc, char **argv)
634 whoami = ((whoami = (char *)strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
638 com_err(whoami, 0, "Unable to process %s", "argc < 4");
642 if (argc < (4 + atoi(argv[2]) + atoi(argv[3])))
644 com_err(whoami, 0, "Unable to process %s",
645 "argc < (4 + beforec + afterc)");
649 if (!strcmp(argv[1], "filesys"))
652 for (i = 1; i < argc; i++)
654 strcat(tbl_buf, argv[i]);
655 strcat(tbl_buf, " ");
658 com_err(whoami, 0, "%s", tbl_buf);
662 com_err(whoami, 0, "%s failed", "check_winad()");
666 initialize_sms_error_table();
667 initialize_krb_error_table();
669 UpdateDomainList = 0;
670 memset(DomainNames, '\0', sizeof(DomainNames[0]) * MAX_DOMAINS);
672 if (ReadDomainList())
674 com_err(whoami, 0, "%s failed", "ReadDomainList()");
678 for (i = 0; i < argc; i++)
681 for (k = 0; k < MAX_DOMAINS; k++)
683 if (strlen(DomainNames[k]) == 0)
685 for (i = 0; i < argc; i++)
687 if (orig_argv[i] != NULL)
689 orig_argv[i] = strdup(argv[i]);
692 memset(PrincipalName, '\0', sizeof(PrincipalName));
693 memset(ldap_domain, '\0', sizeof(ldap_domain));
694 memset(ServerList, '\0', sizeof(ServerList[0]) * MAX_SERVER_NAMES);
695 memset(default_server, '\0', sizeof(default_server));
696 memset(dn_path, '\0', sizeof(dn_path));
697 memset(group_suffix, '\0', sizeof(group_suffix));
698 memset(exchange_acl, '\0', sizeof(exchange_acl));
702 UseGroupUniversal = 0;
706 ProcessMachineContainer = 1;
709 sprintf(group_suffix, "%s", "_group");
710 sprintf(exchange_acl, "%s", "exchange-acl");
712 beforec = atoi(orig_argv[2]);
713 afterc = atoi(orig_argv[3]);
714 table = orig_argv[1];
715 before = &orig_argv[4];
716 after = &orig_argv[4 + beforec];
724 if (ReadConfigFile(DomainNames[k]))
729 sprintf(group_ou_distribution, "OU=mail,OU=lists,OU=moira");
730 sprintf(group_ou_root, "OU=lists,OU=moira");
731 sprintf(group_ou_security, "OU=group,OU=lists,OU=moira");
732 sprintf(group_ou_neither, "OU=special,OU=lists,OU=moira");
733 sprintf(group_ou_both, "OU=mail,OU=group,OU=lists,OU=moira");
737 sprintf(group_ou_distribution, "OU=lists,OU=moira");
738 sprintf(group_ou_root, "OU=lists,OU=moira");
739 sprintf(group_ou_security, "OU=lists,OU=moira");
740 sprintf(group_ou_neither, "OU=lists,OU=moira");
741 sprintf(group_ou_both, "OU=lists,OU=moira");
744 OldUseSFU30 = UseSFU30;
746 for (i = 0; i < 5; i++)
748 ldap_handle = (LDAP *)NULL;
749 if (!(rc = ad_connect(&ldap_handle, ldap_domain, dn_path, "", "",
750 default_server, SetPassword, ServerList,
751 ldap_realm, ldap_port)))
753 com_err(whoami, 0, "connected to domain %s", DomainNames[k]);
758 if ((rc) || (ldap_handle == NULL))
760 critical_alert("incremental",
761 "ldap.incr cannot connect to any server in "
762 "domain %s", DomainNames[k]);
766 for (i = 0; i < (int)strlen(table); i++)
767 table[i] = tolower(table[i]);
769 if (!strcmp(table, "users"))
770 do_user(ldap_handle, dn_path, ldap_domain, before, beforec, after,
772 else if (!strcmp(table, "list"))
773 do_list(ldap_handle, dn_path, ldap_domain, before, beforec, after,
775 else if (!strcmp(table, "imembers"))
776 do_member(ldap_handle, dn_path, ldap_domain, before, beforec, after,
778 else if (!strcmp(table, "containers"))
779 do_container(ldap_handle, dn_path, ldap_domain, before, beforec, after,
781 else if (!strcmp(table, "mcntmap"))
782 do_mcntmap(ldap_handle, dn_path, ldap_domain, before, beforec, after,
788 for (i = 0; i < MAX_SERVER_NAMES; i++)
790 if (ServerList[i] != NULL)
793 ServerList[i] = NULL;
797 rc = ldap_unbind_s(ldap_handle);
803 void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
804 char **before, int beforec, char **after, int afterc)
806 char MoiraContainerName[128];
807 char ADContainerName[128];
808 char MachineName[1024];
809 char OriginalMachineName[1024];
812 char MoiraContainerGroup[64];
814 if (!ProcessMachineContainer)
816 com_err(whoami, 0, "Process machines and containers disabled, skipping");
821 memset(ADContainerName, '\0', sizeof(ADContainerName));
822 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
824 if ((beforec == 0) && (afterc == 0))
827 if (rc = moira_connect())
829 critical_alert("Ldap incremental",
830 "Error contacting Moira server : %s",
835 if ((beforec != 0) && (afterc == 0)) /*remove a machine*/
837 strcpy(OriginalMachineName, before[OU_MACHINE_NAME]);
838 strcpy(MachineName, before[OU_MACHINE_NAME]);
839 strcpy(MoiraContainerGroup, before[OU_CONTAINER_GROUP]);
841 com_err(whoami, 0, "removing machine %s from %s",
842 OriginalMachineName, before[OU_CONTAINER_NAME]);
844 else if ((beforec == 0) && (afterc != 0)) /*add a machine*/
846 strcpy(OriginalMachineName, after[OU_MACHINE_NAME]);
847 strcpy(MachineName, after[OU_MACHINE_NAME]);
848 strcpy(MoiraContainerGroup, after[OU_CONTAINER_GROUP]);
849 com_err(whoami, 0, "adding machine %s to container %s",
850 OriginalMachineName, after[OU_CONTAINER_NAME]);
858 rc = GetMachineName(MachineName);
860 if (strlen(MachineName) == 0)
863 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
864 OriginalMachineName);
868 Moira_process_machine_container_group(MachineName, MoiraContainerGroup,
871 if (machine_check(ldap_handle, dn_path, MachineName))
873 com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.",
874 OriginalMachineName, MachineName);
879 memset(MoiraContainerName, '\0', sizeof(MoiraContainerName));
880 machine_get_moira_container(ldap_handle, dn_path, MachineName,
883 if (strlen(MoiraContainerName) == 0)
885 com_err(whoami, 0, "Unable to fine machine %s (alias %s) container "
886 "in Moira - moving to orphans OU.",
887 OriginalMachineName, MachineName);
888 machine_move_to_ou(ldap_handle, dn_path, MachineName,
889 orphans_machines_ou);
894 container_get_dn(MoiraContainerName, ADContainerName);
896 if (MoiraContainerName[strlen(MoiraContainerName) - 1] != '/')
897 strcat(MoiraContainerName, "/");
899 container_check(ldap_handle, dn_path, MoiraContainerName);
900 machine_move_to_ou(ldap_handle, dn_path, MachineName, ADContainerName);
905 void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
906 char **before, int beforec, char **after, int afterc)
910 if (!ProcessMachineContainer)
912 com_err(whoami, 0, "Process machines and containers disabled, skipping");
916 if ((beforec == 0) && (afterc == 0))
919 if (rc = moira_connect())
921 critical_alert("Ldap incremental", "Error contacting Moira server : %s",
926 if ((beforec != 0) && (afterc == 0)) /*delete a new container*/
928 com_err(whoami, 0, "deleting container %s", before[CONTAINER_NAME]);
929 container_delete(ldap_handle, dn_path, beforec, before);
930 Moira_container_group_delete(before);
935 if ((beforec == 0) && (afterc != 0)) /*create a container*/
937 com_err(whoami, 0, "creating container %s", after[CONTAINER_NAME]);
938 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
939 container_create(ldap_handle, dn_path, afterc, after);
940 Moira_container_group_create(after);
945 if (strcasecmp(before[CONTAINER_NAME], after[CONTAINER_NAME]))
947 com_err(whoami, 0, "renaming container %s to %s",
948 before[CONTAINER_NAME], after[CONTAINER_NAME]);
949 container_rename(ldap_handle, dn_path, beforec, before, afterc, after);
950 Moira_container_group_update(before, after);
955 com_err(whoami, 0, "updating container %s information",
956 after[CONTAINER_NAME]);
957 container_update(ldap_handle, dn_path, beforec, before, afterc, after);
958 Moira_container_group_update(before, after);
963 #define L_LIST_DESC 9
965 #define L_LIST_NFSGROUP 11
967 void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
968 char **before, int beforec, char **after, int afterc)
973 char group_membership[6];
978 char before_list_id[32];
979 char before_group_membership[1];
980 int before_security_flag;
981 char before_group_ou[256];
982 LK_ENTRY *ptr = NULL;
984 if (beforec == 0 && afterc == 0)
987 memset(list_id, '\0', sizeof(list_id));
988 memset(before_list_id, '\0', sizeof(before_list_id));
989 memset(before_group_ou, '\0', sizeof(before_group_ou));
990 memset(before_group_membership, '\0', sizeof(before_group_membership));
991 memset(group_ou, '\0', sizeof(group_ou));
992 memset(group_membership, '\0', sizeof(group_membership));
997 if (beforec < L_LIST_ID)
999 if (beforec > L_LIST_DESC)
1001 strcpy(before_list_id, before[L_LIST_ID]);
1003 before_security_flag = 0;
1004 get_group_membership(before_group_membership, before_group_ou,
1005 &before_security_flag, before);
1010 if (afterc < L_LIST_ID)
1012 if (afterc > L_LIST_DESC)
1014 strcpy(list_id, after[L_LIST_ID]);
1017 get_group_membership(group_membership, group_ou, &security_flag, after);
1020 if ((beforec == 0) && (afterc == 0)) /*this case should never happen*/
1029 if ((rc = process_group(ldap_handle, dn_path, before_list_id,
1030 before[L_NAME], before_group_ou,
1031 before_group_membership,
1032 before_security_flag, CHECK_GROUPS,
1033 before[L_MAILLIST], before[L_LIST_NFSGROUP])))
1035 if (rc == AD_NO_GROUPS_FOUND)
1039 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1040 (rc == AD_MULTIPLE_GROUPS_FOUND))
1042 rc = process_group(ldap_handle, dn_path, before_list_id,
1043 before[L_NAME], before_group_ou,
1044 before_group_membership,
1045 before_security_flag, CLEANUP_GROUPS,
1047 before[L_LIST_NFSGROUP]);
1049 if ((rc != AD_NO_GROUPS_FOUND) && (rc != 0))
1051 com_err(whoami, 0, "Unable to process list %s",
1055 if (rc == AD_NO_GROUPS_FOUND)
1061 if ((beforec != 0) && (afterc != 0))
1063 if (((strcmp(after[L_NAME], before[L_NAME])) ||
1064 ((!strcmp(after[L_NAME], before[L_NAME])) &&
1065 (strcmp(before_group_ou, group_ou)))) &&
1068 com_err(whoami, 0, "Changing list name from %s to %s",
1069 before[L_NAME], after[L_NAME]);
1071 if ((strlen(before_group_ou) == 0) ||
1072 (strlen(before_group_membership) == 0) ||
1073 (strlen(group_ou) == 0) || (strlen(group_membership) == 0))
1075 com_err(whoami, 0, "%s", "Unable to find the group OU's");
1079 memset(filter, '\0', sizeof(filter));
1081 if ((rc = group_rename(ldap_handle, dn_path,
1082 before[L_NAME], before_group_membership,
1083 before_group_ou, before_security_flag,
1084 before[L_LIST_DESC], after[L_NAME],
1085 group_membership, group_ou, security_flag,
1087 list_id, filter, after[L_MAILLIST],
1088 after[L_LIST_NFSGROUP])))
1090 if (rc != AD_NO_GROUPS_FOUND)
1093 "Unable to change list name from %s to %s",
1094 before[L_NAME], after[L_NAME]);
1107 if ((strlen(before_group_ou) == 0) ||
1108 (strlen(before_group_membership) == 0))
1111 "Unable to find the group OU for group %s", before[L_NAME]);
1115 com_err(whoami, 0, "Deleting group %s", before[L_NAME]);
1116 rc = group_delete(ldap_handle, dn_path, before[L_NAME],
1117 before_group_membership, before_list_id);
1125 com_err(whoami, 0, "Creating group %s", after[L_NAME]);
1127 if (rc = process_group(ldap_handle, dn_path, list_id, after[L_NAME],
1128 group_ou, group_membership,
1129 security_flag, CHECK_GROUPS,
1130 after[L_MAILLIST], after[L_LIST_NFSGROUP]))
1132 if (rc != AD_NO_GROUPS_FOUND)
1134 if ((rc == AD_WRONG_GROUP_DN_FOUND) ||
1135 (rc == AD_MULTIPLE_GROUPS_FOUND))
1137 rc = process_group(ldap_handle, dn_path, list_id,
1139 group_ou, group_membership,
1140 security_flag, CLEANUP_GROUPS,
1142 after[L_LIST_NFSGROUP]);
1148 "Unable to create list %s", after[L_NAME]);
1155 com_err(whoami, 0, "Updating group %s information", after[L_NAME]);
1157 if (rc = moira_connect())
1159 critical_alert("Ldap incremental",
1160 "Error contacting Moira server : %s",
1167 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 0,
1168 &ProcessGroup, after[L_MAILLIST], after[L_LIST_NFSGROUP]))
1173 if (ProcessAce(ldap_handle, dn_path, after[L_NAME], "LIST", 1,
1174 &ProcessGroup, after[L_MAILLIST],
1175 after[L_LIST_NFSGROUP]))
1179 if (make_new_group(ldap_handle, dn_path, list_id, after[L_NAME],
1180 group_ou, group_membership, security_flag,
1181 updateGroup, after[L_MAILLIST],
1182 after[L_LIST_NFSGROUP]))
1188 if (atoi(after[L_ACTIVE]))
1190 populate_group(ldap_handle, dn_path, after[L_NAME], group_ou,
1191 group_membership, security_flag, list_id, 1);
1199 #define LM_EXTRA_ACTIVE (LM_END)
1200 #define LM_EXTRA_PUBLIC (LM_END+1)
1201 #define LM_EXTRA_HIDDEN (LM_END+2)
1202 #define LM_EXTRA_MAILLIST (LM_END+3)
1203 #define LM_EXTRA_GROUP (LM_END+4)
1204 #define LM_EXTRA_GID (LM_END+5)
1205 #define LM_EXTRA_NFSGROUP (LM_END+6)
1206 #define LMN_LIST_ID (LM_END+7)
1207 #define LM_LIST_ID (LM_END+8)
1208 #define LM_USER_ID (LM_END+9)
1209 #define LM_EXTRA_END (LM_END+10)
1211 void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1212 char **before, int beforec, char **after, int afterc)
1214 LK_ENTRY *group_base;
1217 char *attr_array[3];
1218 char group_name[128];
1219 char user_name[128];
1220 char user_type[128];
1221 char moira_list_id[32];
1222 char moira_user_id[32];
1223 char group_membership[1];
1225 char machine_ou[256];
1233 char NewMachineName[1024];
1237 char *save_argv[U_END];
1241 memset(moira_list_id, '\0', sizeof(moira_list_id));
1242 memset(moira_user_id, '\0', sizeof(moira_user_id));
1246 if (afterc < LM_EXTRA_GID)
1249 if (!atoi(after[LM_EXTRA_ACTIVE]))
1252 "Unable to add %s to group %s : group not active",
1253 after[2], after[0]);
1259 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1262 strcpy(user_name, after[LM_MEMBER]);
1263 strcpy(group_name, after[LM_LIST]);
1264 strcpy(user_type, after[LM_TYPE]);
1266 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1268 if (afterc > LM_EXTRA_GROUP)
1270 strcpy(moira_list_id, after[LMN_LIST_ID]);
1271 strcpy(moira_user_id, after[LM_LIST_ID]);
1274 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1276 if (afterc > LMN_LIST_ID)
1278 strcpy(moira_list_id, after[LM_LIST_ID]);
1279 strcpy(moira_user_id, after[LM_USER_ID]);
1284 if (afterc > LM_EXTRA_GID)
1285 strcpy(moira_list_id, after[LMN_LIST_ID]);
1290 if (beforec < LM_EXTRA_GID)
1292 if (!atoi(before[LM_EXTRA_ACTIVE]))
1295 "Unable to remove %s from group %s : group not active",
1296 before[2], before[0]);
1302 if (!strcasecmp(ptr[LM_TYPE], "LIST"))
1305 strcpy(user_name, before[LM_MEMBER]);
1306 strcpy(group_name, before[LM_LIST]);
1307 strcpy(user_type, before[LM_TYPE]);
1309 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1311 if (beforec > LM_EXTRA_GROUP)
1313 strcpy(moira_list_id, before[LMN_LIST_ID]);
1314 strcpy(moira_user_id, before[LM_LIST_ID]);
1317 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1319 if (beforec > LMN_LIST_ID)
1321 strcpy(moira_list_id, before[LM_LIST_ID]);
1322 strcpy(moira_user_id, before[LM_USER_ID]);
1327 if (beforec > LM_EXTRA_GID)
1328 strcpy(moira_list_id, before[LMN_LIST_ID]);
1335 "Unable to process group : beforec = %d, afterc = %d",
1340 args[L_NAME] = ptr[LM_LIST];
1341 args[L_ACTIVE] = ptr[LM_EXTRA_ACTIVE];
1342 args[L_PUBLIC] = ptr[LM_EXTRA_PUBLIC];
1343 args[L_HIDDEN] = ptr[LM_EXTRA_HIDDEN];
1344 args[L_MAILLIST] = ptr[LM_EXTRA_MAILLIST];
1345 args[L_GROUP] = ptr[LM_EXTRA_GROUP];
1346 args[L_GID] = ptr[LM_EXTRA_GID];
1349 memset(group_ou, '\0', sizeof(group_ou));
1350 get_group_membership(group_membership, group_ou, &security_flag, args);
1352 if (strlen(group_ou) == 0)
1354 com_err(whoami, 0, "Unable to find the group OU for group %s",
1359 if (rc = process_group(ldap_handle, dn_path, moira_list_id, group_name,
1360 group_ou, group_membership, security_flag,
1361 CHECK_GROUPS, args[L_MAILLIST],
1362 args[L_LIST_NFSGROUP]))
1364 if (rc != AD_NO_GROUPS_FOUND)
1366 if (rc = process_group(ldap_handle, dn_path, moira_list_id,
1367 group_name, group_ou, group_membership,
1368 security_flag, CLEANUP_GROUPS,
1369 args[L_MAILLIST], args[L_LIST_NFSGROUP]))
1371 if (rc != AD_NO_GROUPS_FOUND)
1374 com_err(whoami, 0, "Unable to add %s to group %s - "
1375 "unable to process group", user_name, group_name);
1377 com_err(whoami, 0, "Unable to remove %s from group %s - "
1378 "unable to process group", user_name, group_name);
1385 if (rc == AD_NO_GROUPS_FOUND)
1387 if (rc = moira_connect())
1389 critical_alert("Ldap incremental",
1390 "Error contacting Moira server : %s",
1395 com_err(whoami, 0, "creating group %s", group_name);
1398 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 0,
1399 &ProcessGroup, ptr[LM_EXTRA_MAILLIST],
1400 ptr[LM_EXTRA_NFSGROUP]))
1405 if (ProcessAce(ldap_handle, dn_path, ptr[LM_LIST], "LIST", 1,
1406 &ProcessGroup, ptr[LM_EXTRA_MAILLIST],
1407 ptr[LM_EXTRA_NFSGROUP]))
1411 if (make_new_group(ldap_handle, dn_path, moira_list_id, ptr[LM_LIST],
1412 group_ou, group_membership, security_flag, 0,
1413 ptr[LM_EXTRA_MAILLIST], ptr[LM_EXTRA_NFSGROUP]))
1419 if (atoi(ptr[LM_EXTRA_ACTIVE]))
1421 populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou,
1422 group_membership, security_flag, moira_list_id, 1);
1432 com_err(whoami, 0, "removing user %s from list %s", user_name,
1436 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1438 if (!ProcessMachineContainer)
1440 com_err(whoami, 0, "Process machines and containers disabled, "
1445 memset(machine_ou, '\0', sizeof(machine_ou));
1446 memset(NewMachineName, '\0', sizeof(NewMachineName));
1447 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
1448 machine_ou, NewMachineName))
1450 if (ptr[LM_MEMBER] != NULL)
1451 free(ptr[LM_MEMBER]);
1452 ptr[LM_MEMBER] = strdup(NewMachineName);
1453 pUserOu = machine_ou;
1456 if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1458 strcpy(member, ptr[LM_MEMBER]);
1462 if((s = strchr(member, '@')) == (char *) NULL)
1464 strcat(member, "@mit.edu");
1466 if (ptr[LM_MEMBER] != NULL)
1467 free(ptr[LM_MEMBER]);
1468 ptr[LM_MEMBER] = strdup(member);
1471 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1473 s = strrchr(member, '.');
1475 strcat(s, ".mit.edu");
1477 if (ptr[LM_MEMBER] != NULL)
1478 free(ptr[LM_MEMBER]);
1479 ptr[LM_MEMBER] = strdup(member);
1483 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1487 pUserOu = contact_ou;
1489 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1491 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1495 pUserOu = kerberos_ou;
1498 if (rc = moira_connect()) {
1499 critical_alert("Ldap incremental",
1500 "Error contacting Moira server : %s",
1505 if (rc = populate_group(ldap_handle, dn_path, group_name,
1506 group_ou, group_membership,
1507 security_flag, moira_list_id, 0))
1508 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1513 if (rc = member_remove(ldap_handle, dn_path, group_name,
1514 group_ou, group_membership,
1515 escape_string(ptr[LM_MEMBER]),
1516 pUserOu, moira_list_id))
1517 com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
1523 com_err(whoami, 0, "Adding %s to list %s", user_name, group_name);
1526 if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
1528 memset(machine_ou, '\0', sizeof(machine_ou));
1529 memset(NewMachineName, '\0', sizeof(NewMachineName));
1531 if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], machine_ou,
1535 if (ptr[LM_MEMBER] != NULL)
1536 free(ptr[LM_MEMBER]);
1538 ptr[LM_MEMBER] = strdup(NewMachineName);
1539 pUserOu = machine_ou;
1541 else if (!strcasecmp(ptr[LM_TYPE], "STRING"))
1543 strcpy(member, ptr[LM_MEMBER]);
1547 if((s = strchr(member, '@')) == (char *) NULL)
1549 strcat(member, "@mit.edu");
1551 if (ptr[LM_MEMBER] != NULL)
1552 free(ptr[LM_MEMBER]);
1553 ptr[LM_MEMBER] = strdup(member);
1556 if(!strncasecmp(&member[strlen(member) - 6], ".LOCAL", 6))
1558 s = strrchr(member, '.');
1560 strcat(s, ".mit.edu");
1562 if (ptr[LM_MEMBER] != NULL)
1563 free(ptr[LM_MEMBER]);
1564 ptr[LM_MEMBER] = strdup(member);
1568 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1572 pUserOu = contact_ou;
1574 else if (!strcasecmp(ptr[LM_TYPE], "KERBEROS"))
1576 if (contact_create(ldap_handle, dn_path, ptr[LM_MEMBER],
1580 pUserOu = kerberos_ou;
1582 else if (!strcasecmp(ptr[LM_TYPE], "USER"))
1584 if ((rc = check_user(ldap_handle, dn_path, ptr[LM_MEMBER],
1585 moira_user_id)) == AD_NO_USER_FOUND)
1587 if (rc = moira_connect())
1589 critical_alert("Ldap incremental",
1590 "Error connection to Moira : %s",
1595 com_err(whoami, 0, "creating user %s", ptr[LM_MEMBER]);
1596 av[0] = ptr[LM_MEMBER];
1597 call_args[0] = (char *)ldap_handle;
1598 call_args[1] = dn_path;
1599 call_args[2] = moira_user_id;
1600 call_args[3] = NULL;
1609 sprintf(filter, "(&(objectClass=group)(cn=%s))", ptr[LM_MEMBER]);
1610 attr_array[0] = "cn";
1611 attr_array[1] = NULL;
1612 if ((rc = linklist_build(ldap_handle, dn_path, filter,
1613 attr_array, &group_base, &group_count,
1614 LDAP_SCOPE_SUBTREE)) != 0)
1616 com_err(whoami, 0, "Unable to process user %s : %s",
1617 ptr[LM_MEMBER], ldap_err2string(rc));
1623 com_err(whoami, 0, "Object already exists with name %s",
1628 linklist_free(group_base);
1633 if (rc = mr_query("get_user_account_by_login", 1, av,
1634 save_query_info, save_argv))
1637 com_err(whoami, 0, "Unable to create user %s : %s",
1638 ptr[LM_MEMBER], error_message(rc));
1642 if (rc = user_create(U_END, save_argv, call_args))
1645 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1652 com_err(whoami, 0, "Unable to create user %s", ptr[LM_MEMBER]);
1664 if (rc = moira_connect()) {
1665 critical_alert("Ldap incremental",
1666 "Error contacting Moira server : %s",
1671 if (rc = populate_group(ldap_handle, dn_path, group_name,
1672 group_ou, group_membership, security_flag,
1674 com_err(whoami, 0, "Unable to add %s to group %s", user_name,
1679 if (rc = member_add(ldap_handle, dn_path, group_name,
1680 group_ou, group_membership,
1681 escape_string(ptr[LM_MEMBER]),
1682 pUserOu, moira_list_id))
1683 com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
1688 #define U_USER_ID 10
1689 #define U_HOMEDIR 11
1690 #define U_PROFILEDIR 12
1693 void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
1694 char **before, int beforec, char **after,
1697 LK_ENTRY *group_base;
1700 char *attr_array[3];
1703 char after_user_id[32];
1704 char before_user_id[32];
1706 char *save_argv[U_END];
1708 if ((beforec == 0) && (afterc == 0))
1711 memset(after_user_id, '\0', sizeof(after_user_id));
1712 memset(before_user_id, '\0', sizeof(before_user_id));
1714 if (beforec > U_USER_ID)
1715 strcpy(before_user_id, before[U_USER_ID]);
1717 if (afterc > U_USER_ID)
1718 strcpy(after_user_id, after[U_USER_ID]);
1720 if ((beforec == 0) && (afterc == 0)) /*this case should never happen */
1723 if ((beforec == 0) && (afterc != 0))
1725 /*this case only happens when the account*/
1726 /*account is first created but not usable*/
1728 com_err(whoami, 0, "Unable to process user %s because the user account "
1729 "is not yet usable", after[U_NAME]);
1733 /*this case only happens when the account is expunged */
1735 if ((beforec != 0) && (afterc == 0))
1737 if (atoi(before[U_STATE]) == 0)
1739 com_err(whoami, 0, "expunging user %s from directory",
1741 user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
1745 com_err(whoami, 0, "Unable to process because user %s has been "
1746 "previously expungeded", before[U_NAME]);
1751 /*process anything that gets here*/
1753 if ((rc = check_user(ldap_handle, dn_path, before[U_NAME],
1754 before_user_id)) == AD_NO_USER_FOUND)
1756 if (!check_string(after[U_NAME]))
1759 if (rc = moira_connect())
1761 critical_alert("Ldap incremental",
1762 "Error connection to Moira : %s",
1767 com_err(whoami, 0, "creating user %s", after[U_NAME]);
1769 av[0] = after[U_NAME];
1770 call_args[0] = (char *)ldap_handle;
1771 call_args[1] = dn_path;
1772 call_args[2] = after_user_id;
1773 call_args[3] = NULL;
1781 sprintf(filter, "(&(objectClass=group)(cn=%s))", after[U_NAME]);
1782 attr_array[0] = "cn";
1783 attr_array[1] = NULL;
1785 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
1786 &group_base, &group_count,
1787 LDAP_SCOPE_SUBTREE)) != 0)
1789 com_err(whoami, 0, "Unable to process user %s : %s",
1790 after[U_NAME], ldap_err2string(rc));
1794 if (group_count >= 1)
1796 com_err(whoami, 0, "Object already exists with name %s",
1801 linklist_free(group_base);
1806 if (rc = mr_query("get_user_account_by_login", 1, av,
1807 save_query_info, save_argv))
1810 com_err(whoami, 0, "Unable to create user %s : %s",
1811 after[U_NAME], error_message(rc));
1815 if (rc = user_create(U_END, save_argv, call_args))
1817 com_err(whoami, 0, "Unable to create user %s : %s",
1818 after[U_NAME], error_message(rc));
1825 com_err(whoami, 0, "Unable to create user %s", after[U_NAME]);
1837 if (strcmp(before[U_NAME], after[U_NAME]))
1839 if ((check_string(before[U_NAME])) && (check_string(after[U_NAME])))
1841 com_err(whoami, 0, "changing user %s to %s",
1842 before[U_NAME], after[U_NAME]);
1844 if ((rc = user_rename(ldap_handle, dn_path, before[U_NAME],
1845 after[U_NAME])) != LDAP_SUCCESS)
1852 com_err(whoami, 0, "updating user %s information", after[U_NAME]);
1854 rc = user_update(ldap_handle, dn_path, after[U_NAME],
1855 after[U_UID], after[U_MITID],
1856 after_user_id, atoi(after[U_STATE]),
1857 after[U_HOMEDIR], after[U_PROFILEDIR],
1858 after[U_FIRST], after[U_MIDDLE], after[U_LAST],
1859 after[U_SHELL], after[U_CLASS]);
1864 int construct_newvalues(LK_ENTRY *linklist_base, int modvalue_count,
1865 char *oldValue, char *newValue,
1866 char ***modvalues, int type)
1868 LK_ENTRY *linklist_ptr;
1872 if (((*modvalues) = calloc(1,
1873 (modvalue_count + 1) * sizeof(char *))) == NULL)
1878 for (i = 0; i < (modvalue_count + 1); i++)
1879 (*modvalues)[i] = NULL;
1881 if (modvalue_count != 0)
1883 linklist_ptr = linklist_base;
1884 for (i = 0; i < modvalue_count; i++)
1886 if ((oldValue != NULL) && (newValue != NULL))
1888 if ((cPtr = (char *)strstr(linklist_ptr->value, oldValue))
1891 if (type == REPLACE)
1893 if (((*modvalues)[i] = calloc(1, strlen(newValue) + 1))
1896 memset((*modvalues)[i], '\0', strlen(newValue) + 1);
1897 strcpy((*modvalues)[i], newValue);
1901 if (((*modvalues)[i] = calloc(1,
1902 (int)(cPtr - linklist_ptr->value) +
1903 (linklist_ptr->length -
1905 strlen(newValue) + 1)) == NULL)
1907 memset((*modvalues)[i], '\0',
1908 (int)(cPtr - linklist_ptr->value) +
1909 (linklist_ptr->length - strlen(oldValue)) +
1910 strlen(newValue) + 1);
1911 memcpy((*modvalues)[i], linklist_ptr->value,
1912 (int)(cPtr - linklist_ptr->value));
1913 strcat((*modvalues)[i], newValue);
1914 strcat((*modvalues)[i],
1915 &linklist_ptr->value[(int)(cPtr -
1916 linklist_ptr->value) + strlen(oldValue)]);
1921 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1922 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1923 memcpy((*modvalues)[i], linklist_ptr->value,
1924 linklist_ptr->length);
1929 (*modvalues)[i] = calloc(1, linklist_ptr->length + 1);
1930 memset((*modvalues)[i], '\0', linklist_ptr->length + 1);
1931 memcpy((*modvalues)[i], linklist_ptr->value,
1932 linklist_ptr->length);
1934 linklist_ptr = linklist_ptr->next;
1936 (*modvalues)[i] = NULL;
1942 int linklist_build(LDAP *ldap_handle, char *dn_path, char *search_exp,
1943 char **attr_array, LK_ENTRY **linklist_base,
1944 int *linklist_count, unsigned long ScopeType)
1947 LDAPMessage *ldap_entry;
1951 (*linklist_base) = NULL;
1952 (*linklist_count) = 0;
1954 if ((rc = ldap_search_s(ldap_handle, dn_path, ScopeType,
1955 search_exp, attr_array, 0,
1956 &ldap_entry)) != LDAP_SUCCESS)
1958 if (rc != LDAP_SIZELIMIT_EXCEEDED)
1962 rc = retrieve_entries(ldap_handle, ldap_entry, linklist_base,
1965 ldap_msgfree(ldap_entry);
1969 int retrieve_entries(LDAP *ldap_handle, LDAPMessage *ldap_entry,
1970 LK_ENTRY **linklist_base, int *linklist_count)
1972 char distinguished_name[1024];
1973 LK_ENTRY *linklist_ptr;
1976 if ((ldap_entry = ldap_first_entry(ldap_handle, ldap_entry)) == NULL)
1979 memset(distinguished_name, '\0', sizeof(distinguished_name));
1980 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1982 if ((rc = retrieve_attributes(ldap_handle, ldap_entry, distinguished_name,
1983 linklist_base)) != 0)
1986 while ((ldap_entry = ldap_next_entry(ldap_handle, ldap_entry)) != NULL)
1988 memset(distinguished_name, '\0', sizeof(distinguished_name));
1989 get_distinguished_name(ldap_handle, ldap_entry, distinguished_name);
1991 if ((rc = retrieve_attributes(ldap_handle, ldap_entry,
1992 distinguished_name, linklist_base)) != 0)
1996 linklist_ptr = (*linklist_base);
1997 (*linklist_count) = 0;
1999 while (linklist_ptr != NULL)
2001 ++(*linklist_count);
2002 linklist_ptr = linklist_ptr->next;
2008 int retrieve_attributes(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2009 char *distinguished_name, LK_ENTRY **linklist_current)
2016 if ((Attribute = ldap_first_attribute(ldap_handle, ldap_entry,
2019 retrieve_values(ldap_handle, ldap_entry, Attribute, distinguished_name,
2021 ldap_memfree(Attribute);
2022 while ((Attribute = ldap_next_attribute(ldap_handle, ldap_entry,
2025 retrieve_values(ldap_handle, ldap_entry, Attribute,
2026 distinguished_name, linklist_current);
2027 ldap_memfree(Attribute);
2031 ldap_ber_free(ptr, 0);
2036 int retrieve_values(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2037 char *Attribute, char *distinguished_name,
2038 LK_ENTRY **linklist_current)
2044 LK_ENTRY *linklist_previous;
2045 LDAP_BERVAL **ber_value;
2054 SID_IDENTIFIER_AUTHORITY *sid_auth;
2055 unsigned char *subauth_count;
2056 #endif /*LDAP_BEGUG*/
2059 memset(temp, '\0', sizeof(temp));
2061 if ((!strcmp(Attribute, "objectSid")) ||
2062 (!strcmp(Attribute, "objectGUID")))
2067 ber_value = ldap_get_values_len(ldap_handle, ldap_entry, Attribute);
2068 Ptr = (void **)ber_value;
2073 str_value = ldap_get_values(ldap_handle, ldap_entry, Attribute);
2074 Ptr = (void **)str_value;
2082 if ((linklist_previous = calloc(1, sizeof(LK_ENTRY))) == NULL)
2085 memset(linklist_previous, '\0', sizeof(LK_ENTRY));
2086 linklist_previous->next = (*linklist_current);
2087 (*linklist_current) = linklist_previous;
2089 if (((*linklist_current)->attribute = calloc(1,
2090 strlen(Attribute) + 1)) == NULL)
2093 memset((*linklist_current)->attribute, '\0', strlen(Attribute) + 1);
2094 strcpy((*linklist_current)->attribute, Attribute);
2098 ber_length = (*(LDAP_BERVAL **)Ptr)->bv_len;
2100 if (((*linklist_current)->value = calloc(1, ber_length)) == NULL)
2103 memset((*linklist_current)->value, '\0', ber_length);
2104 memcpy((*linklist_current)->value,
2105 (*(LDAP_BERVAL **)Ptr)->bv_val, ber_length);
2106 (*linklist_current)->length = ber_length;
2110 if (((*linklist_current)->value = calloc(1,
2111 strlen(*Ptr) + 1)) == NULL)
2114 memset((*linklist_current)->value, '\0', strlen(*Ptr) + 1);
2115 (*linklist_current)->length = strlen(*Ptr);
2116 strcpy((*linklist_current)->value, *Ptr);
2119 (*linklist_current)->ber_value = use_bervalue;
2121 if (((*linklist_current)->dn = calloc(1,
2122 strlen(distinguished_name) + 1)) == NULL)
2125 memset((*linklist_current)->dn, '\0',
2126 strlen(distinguished_name) + 1);
2127 strcpy((*linklist_current)->dn, distinguished_name);
2130 if (!strcmp(Attribute, "objectGUID"))
2132 guid = (GUID *)((*linklist_current)->value);
2134 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
2135 guid->Data1, guid->Data2, guid->Data3,
2136 guid->Data4[0], guid->Data4[1], guid->Data4[2],
2137 guid->Data4[3], guid->Data4[4], guid->Data4[5],
2138 guid->Data4[6], guid->Data4[7]);
2139 print_to_screen(" %20s : {%s}\n", Attribute, temp);
2141 else if (!strcmp(Attribute, "objectSid"))
2143 sid = (SID *)((*(LDAP_BERVAL **)Ptr)->bv_val);
2146 print_to_screen(" Revision = %d\n", sid->Revision);
2147 print_to_screen(" SID Identifier Authority:\n");
2148 sid_auth = &sid->IdentifierAuthority;
2149 if (sid_auth->Value[0])
2150 print_to_screen(" SECURITY_NULL_SID_AUTHORITY\n");
2151 else if (sid_auth->Value[1])
2152 print_to_screen(" SECURITY_WORLD_SID_AUTHORITY\n");
2153 else if (sid_auth->Value[2])
2154 print_to_screen(" SECURITY_LOCAL_SID_AUTHORITY\n");
2155 else if (sid_auth->Value[3])
2156 print_to_screen(" SECURITY_CREATOR_SID_AUTHORITY\n");
2157 else if (sid_auth->Value[5])
2158 print_to_screen(" SECURITY_NT_AUTHORITY\n");
2160 print_to_screen(" UNKNOWN SID AUTHORITY\n");
2161 subauth_count = GetSidSubAuthorityCount(sid);
2162 print_to_screen(" SidSubAuthorityCount = %d\n",
2164 print_to_screen(" SidSubAuthority:\n");
2165 for (i = 0; i < *subauth_count; i++)
2167 if ((subauth = GetSidSubAuthority(sid, i)) != NULL)
2168 print_to_screen(" %u\n", *subauth);
2172 else if ((!memcmp(Attribute, "userAccountControl",
2173 strlen("userAccountControl"))) ||
2174 (!memcmp(Attribute, "sAMAccountType",
2175 strlen("sAmAccountType"))))
2177 intValue = atoi(*Ptr);
2178 print_to_screen(" %20s : %ld\n",Attribute, intValue);
2180 if (!memcmp(Attribute, "userAccountControl",
2181 strlen("userAccountControl")))
2183 if (intValue & UF_ACCOUNTDISABLE)
2184 print_to_screen(" %20s : %s\n",
2185 "", "Account disabled");
2187 print_to_screen(" %20s : %s\n",
2188 "", "Account active");
2189 if (intValue & UF_HOMEDIR_REQUIRED)
2190 print_to_screen(" %20s : %s\n",
2191 "", "Home directory required");
2192 if (intValue & UF_LOCKOUT)
2193 print_to_screen(" %20s : %s\n",
2194 "", "Account locked out");
2195 if (intValue & UF_PASSWD_NOTREQD)
2196 print_to_screen(" %20s : %s\n",
2197 "", "No password required");
2198 if (intValue & UF_PASSWD_CANT_CHANGE)
2199 print_to_screen(" %20s : %s\n",
2200 "", "Cannot change password");
2201 if (intValue & UF_TEMP_DUPLICATE_ACCOUNT)
2202 print_to_screen(" %20s : %s\n",
2203 "", "Temp duplicate account");
2204 if (intValue & UF_NORMAL_ACCOUNT)
2205 print_to_screen(" %20s : %s\n",
2206 "", "Normal account");
2207 if (intValue & UF_INTERDOMAIN_TRUST_ACCOUNT)
2208 print_to_screen(" %20s : %s\n",
2209 "", "Interdomain trust account");
2210 if (intValue & UF_WORKSTATION_TRUST_ACCOUNT)
2211 print_to_screen(" %20s : %s\n",
2212 "", "Workstation trust account");
2213 if (intValue & UF_SERVER_TRUST_ACCOUNT)
2214 print_to_screen(" %20s : %s\n",
2215 "", "Server trust account");
2220 print_to_screen(" %20s : %s\n",Attribute, *Ptr);
2222 #endif /*LDAP_DEBUG*/
2225 if (str_value != NULL)
2226 ldap_value_free(str_value);
2228 if (ber_value != NULL)
2229 ldap_value_free_len(ber_value);
2232 (*linklist_current) = linklist_previous;
2237 int moira_connect(void)
2242 if (!mr_connections++)
2246 memset(HostName, '\0', sizeof(HostName));
2247 strcpy(HostName, "ttsp");
2248 rc = mr_connect_cl(HostName, "ldap.incr", QUERY_VERSION, 1);
2252 rc = mr_connect_cl(uts.nodename, "ldap.incr", QUERY_VERSION, 1);
2261 int check_winad(void)
2265 for (i = 0; file_exists(STOP_FILE); i++)
2269 critical_alert("Ldap incremental",
2270 "Ldap incremental failed (%s exists): %s",
2271 STOP_FILE, tbl_buf);
2281 int moira_disconnect(void)
2284 if (!--mr_connections)
2292 void get_distinguished_name(LDAP *ldap_handle, LDAPMessage *ldap_entry,
2293 char *distinguished_name)
2297 CName = ldap_get_dn(ldap_handle, ldap_entry);
2302 strcpy(distinguished_name, CName);
2303 ldap_memfree(CName);
2306 int linklist_create_entry(char *attribute, char *value,
2307 LK_ENTRY **linklist_entry)
2309 (*linklist_entry) = calloc(1, sizeof(LK_ENTRY));
2311 if (!(*linklist_entry))
2316 memset((*linklist_entry), '\0', sizeof(LK_ENTRY));
2317 (*linklist_entry)->attribute = calloc(1, strlen(attribute) + 1);
2318 memset((*linklist_entry)->attribute, '\0', strlen(attribute) + 1);
2319 strcpy((*linklist_entry)->attribute, attribute);
2320 (*linklist_entry)->value = calloc(1, strlen(value) + 1);
2321 memset((*linklist_entry)->value, '\0', strlen(value) + 1);
2322 strcpy((*linklist_entry)->value, value);
2323 (*linklist_entry)->length = strlen(value);
2324 (*linklist_entry)->next = NULL;
2329 void print_to_screen(const char *fmt, ...)
2333 va_start(pvar, fmt);
2334 vfprintf(stderr, fmt, pvar);
2339 int get_group_membership(char *group_membership, char *group_ou,
2340 int *security_flag, char **av)
2345 maillist_flag = atoi(av[L_MAILLIST]);
2346 group_flag = atoi(av[L_GROUP]);
2348 if (security_flag != NULL)
2349 (*security_flag) = 0;
2351 if ((maillist_flag) && (group_flag))
2353 if (group_membership != NULL)
2354 group_membership[0] = 'B';
2356 if (security_flag != NULL)
2357 (*security_flag) = 1;
2359 if (group_ou != NULL)
2360 strcpy(group_ou, group_ou_both);
2362 else if ((!maillist_flag) && (group_flag))
2364 if (group_membership != NULL)
2365 group_membership[0] = 'S';
2367 if (security_flag != NULL)
2368 (*security_flag) = 1;
2370 if (group_ou != NULL)
2371 strcpy(group_ou, group_ou_security);
2373 else if ((maillist_flag) && (!group_flag))
2375 if (group_membership != NULL)
2376 group_membership[0] = 'D';
2378 if (group_ou != NULL)
2379 strcpy(group_ou, group_ou_distribution);
2383 if (group_membership != NULL)
2384 group_membership[0] = 'N';
2386 if (group_ou != NULL)
2387 strcpy(group_ou, group_ou_neither);
2393 int group_rename(LDAP *ldap_handle, char *dn_path,
2394 char *before_group_name, char *before_group_membership,
2395 char *before_group_ou, int before_security_flag,
2396 char *before_desc, char *after_group_name,
2397 char *after_group_membership, char *after_group_ou,
2398 int after_security_flag, char *after_desc,
2399 char *MoiraId, char *filter, char *maillist, char *nfsgroup)
2404 char new_dn_path[512];
2407 char mail_nickname[256];
2408 char proxy_address[256];
2409 char address_book[256];
2410 char *attr_array[3];
2411 char *mitMoiraId_v[] = {NULL, NULL};
2412 char *name_v[] = {NULL, NULL};
2413 char *samAccountName_v[] = {NULL, NULL};
2414 char *groupTypeControl_v[] = {NULL, NULL};
2415 char *mail_v[] = {NULL, NULL};
2416 char *proxy_address_v[] = {NULL, NULL};
2417 char *mail_nickname_v[] = {NULL, NULL};
2418 char *report_to_originator_v[] = {NULL, NULL};
2419 char *address_book_v[] = {NULL, NULL};
2420 char *legacy_exchange_dn_v[] = {NULL, NULL};
2421 char *null_v[] = {NULL, NULL};
2422 u_int groupTypeControl;
2423 char groupTypeControlStr[80];
2424 char contact_mail[256];
2428 LK_ENTRY *group_base;
2430 int MailDisabled = 0;
2431 char search_filter[1024];
2433 if(UseGroupUniversal)
2434 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2436 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2438 if (!check_string(before_group_name))
2441 "Unable to process invalid LDAP list name %s",
2443 return(AD_INVALID_NAME);
2446 if (!check_string(after_group_name))
2449 "Unable to process invalid LDAP list name %s", after_group_name);
2450 return(AD_INVALID_NAME);
2460 sprintf(search_filter, "(&(objectClass=user)(cn=%s))",
2462 attr_array[0] = "cn";
2463 attr_array[1] = NULL;
2465 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
2466 attr_array, &group_base, &group_count,
2467 LDAP_SCOPE_SUBTREE)) != 0)
2469 com_err(whoami, 0, "Unable to process group %s : %s",
2470 after_group_name, ldap_err2string(rc));
2476 com_err(whoami, 0, "Object already exists with name %s",
2481 linklist_free(group_base);
2490 if (rc = ad_get_group(ldap_handle, dn_path, before_group_name,
2491 before_group_membership,
2492 MoiraId, "samAccountName", &group_base,
2493 &group_count, filter))
2496 if (group_count == 0)
2498 return(AD_NO_GROUPS_FOUND);
2501 if (group_count != 1)
2503 com_err(whoami, 0, "Unable to process multiple groups with "
2504 "MoiraId = %s exist in the directory", MoiraId);
2505 return(AD_MULTIPLE_GROUPS_FOUND);
2508 strcpy(old_dn, group_base->dn);
2510 linklist_free(group_base);
2513 attr_array[0] = "sAMAccountName";
2514 attr_array[1] = NULL;
2516 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
2517 &group_base, &group_count,
2518 LDAP_SCOPE_SUBTREE)) != 0)
2520 com_err(whoami, 0, "Unable to get list %s dn : %s",
2521 after_group_name, ldap_err2string(rc));
2525 if (group_count != 1)
2528 "Unable to get sAMAccountName for group %s",
2530 return(AD_LDAP_FAILURE);
2533 strcpy(sam_name, group_base->value);
2534 linklist_free(group_base);
2538 sprintf(new_dn_path, "%s,%s", after_group_ou, dn_path);
2539 sprintf(new_dn, "cn=%s", after_group_name);
2540 sprintf(mail, "%s@%s", after_group_name, lowercase(ldap_domain));
2541 sprintf(contact_mail, "%s@mit.edu", after_group_name);
2542 sprintf(proxy_address, "SMTP:%s@%s", after_group_name,
2543 lowercase(ldap_domain));
2544 sprintf(mail_nickname, "%s", after_group_name);
2546 com_err(whoami, 0, "Old %s New %s,%s", old_dn, new_dn, new_dn_path);
2548 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, new_dn_path,
2549 TRUE, NULL, NULL)) != LDAP_SUCCESS)
2551 com_err(whoami, 0, "Unable to rename list from %s to %s : %s",
2552 before_group_name, after_group_name, ldap_err2string(rc));
2556 name_v[0] = after_group_name;
2558 if (!strncmp(&sam_name[strlen(sam_name) - strlen(group_suffix)],
2559 group_suffix, strlen(group_suffix)))
2561 sprintf(sam_name, "%s%s", after_group_name, group_suffix);
2566 "Unable to rename list from %s to %s : sAMAccountName not found",
2567 before_group_name, after_group_name);
2571 samAccountName_v[0] = sam_name;
2573 if (after_security_flag)
2574 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2576 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2577 groupTypeControl_v[0] = groupTypeControlStr;
2578 mitMoiraId_v[0] = MoiraId;
2580 sprintf(new_dn, "cn=%s,%s,%s", after_group_name, after_group_ou, dn_path);
2581 rc = attribute_update(ldap_handle, new_dn, after_desc, "description",
2584 ADD_ATTR("samAccountName", samAccountName_v, LDAP_MOD_REPLACE);
2585 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
2586 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2587 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_REPLACE);
2591 if(atoi(maillist) && !MailDisabled && email_isvalid(mail))
2593 mail_nickname_v[0] = mail_nickname;
2594 proxy_address_v[0] = proxy_address;
2596 report_to_originator_v[0] = "TRUE";
2598 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2599 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2600 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2601 ADD_ATTR("reportToOriginator", report_to_originator_v,
2606 mail_nickname_v[0] = NULL;
2607 proxy_address_v[0] = NULL;
2609 legacy_exchange_dn_v[0] = NULL;
2610 address_book_v[0] = NULL;
2611 report_to_originator_v[0] = NULL;
2613 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2614 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2615 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2616 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v, LDAP_MOD_REPLACE);
2617 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2618 ADD_ATTR("reportToOriginator", report_to_originator_v,
2624 if(atoi(maillist) && email_isvalid(contact_mail))
2626 mail_v[0] = contact_mail;
2627 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2629 if(!ActiveDirectory)
2631 null_v[0] = "/dev/null";
2632 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2633 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
2640 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
2643 "Unable to modify list data for %s after renaming: %s",
2644 after_group_name, ldap_err2string(rc));
2647 for (i = 0; i < n; i++)
2653 int group_create(int ac, char **av, void *ptr)
2658 char new_group_name[256];
2659 char sam_group_name[256];
2660 char cn_group_name[256];
2662 char contact_mail[256];
2663 char mail_nickname[256];
2664 char proxy_address[256];
2665 char address_book[256];
2666 char *cn_v[] = {NULL, NULL};
2667 char *objectClass_v[] = {"top", "group", NULL};
2668 char *objectClass_ldap_v[] = {"top", "microsoftComTop", "securityPrincipal",
2669 "group", "mailRecipient", NULL};
2671 char *samAccountName_v[] = {NULL, NULL};
2672 char *altSecurityIdentities_v[] = {NULL, NULL};
2673 char *member_v[] = {NULL, NULL};
2674 char *name_v[] = {NULL, NULL};
2675 char *desc_v[] = {NULL, NULL};
2676 char *info_v[] = {NULL, NULL};
2677 char *mitMoiraId_v[] = {NULL, NULL};
2678 char *mitMoiraPublic_v[] = {NULL, NULL};
2679 char *mitMoiraHidden_v[] = {NULL, NULL};
2680 char *mitMoiraActive_v[] = {NULL, NULL};
2681 char *mitMoiraNFSGroup_v[] = {NULL, NULL};
2682 char *groupTypeControl_v[] = {NULL, NULL};
2683 char *mail_v[] = {NULL, NULL};
2684 char *proxy_address_v[] = {NULL, NULL};
2685 char *mail_nickname_v[] = {NULL, NULL};
2686 char *report_to_originator_v[] = {NULL, NULL};
2687 char *address_book_v[] = {NULL, NULL};
2688 char *legacy_exchange_dn_v[] = {NULL, NULL};
2689 char *gidNumber_v[] = {NULL, NULL};
2690 char *null_v[] = {NULL, NULL};
2691 char groupTypeControlStr[80];
2692 char group_membership[1];
2695 u_int groupTypeControl;
2699 int MailDisabled = 0;
2701 LK_ENTRY *group_base;
2704 char *attr_array[3];
2708 if(UseGroupUniversal)
2709 groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
2711 groupTypeControl = ADS_GROUP_TYPE_GLOBAL_GROUP;
2713 if (!check_string(av[L_NAME]))
2715 com_err(whoami, 0, "Unable to process invalid LDAP list name %s",
2717 return(AD_INVALID_NAME);
2720 updateGroup = (int)call_args[4];
2721 memset(group_ou, 0, sizeof(group_ou));
2722 memset(group_membership, 0, sizeof(group_membership));
2725 get_group_membership(group_membership, group_ou, &security_flag, av);
2727 strcpy(new_group_name, av[L_NAME]);
2728 sprintf(new_dn, "cn=%s,%s,%s", new_group_name, group_ou, call_args[1]);
2729 sprintf(contact_mail, "%s@mit.edu", av[L_NAME]);
2730 sprintf(mail, "%s@%s", av[L_NAME], lowercase(ldap_domain));
2731 sprintf(mail_nickname, "%s", av[L_NAME]);
2734 groupTypeControl |= ADS_GROUP_TYPE_SECURITY_ENABLED;
2736 sprintf(sam_group_name, "%s%s", av[L_NAME], group_suffix);
2740 sprintf(groupTypeControlStr, "%ld", groupTypeControl);
2741 groupTypeControl_v[0] = groupTypeControlStr;
2743 strcpy(cn_group_name, av[L_NAME]);
2745 samAccountName_v[0] = sam_group_name;
2746 name_v[0] = new_group_name;
2747 cn_v[0] = new_group_name;
2750 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
2754 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
2758 mitMoiraPublic_v[0] = av[L_PUBLIC];
2759 mitMoiraHidden_v[0] = av[L_HIDDEN];
2760 mitMoiraActive_v[0] = av[L_ACTIVE];
2761 mitMoiraNFSGroup_v[0] = av[L_NFSGROUP];
2762 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
2763 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
2764 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
2765 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD);
2766 ADD_ATTR("mitMoiraNFSGroup", mitMoiraNFSGroup_v, LDAP_MOD_ADD);
2768 if(atoi(av[L_GROUP]))
2770 gidNumber_v[0] = av[L_GID];
2771 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_ADD);
2775 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
2776 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
2777 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
2781 if(atoi(av[L_MAILLIST]))
2786 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2787 attr_array[0] = "cn";
2788 attr_array[1] = NULL;
2790 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2791 filter, attr_array, &group_base,
2793 LDAP_SCOPE_SUBTREE)) != 0)
2795 com_err(whoami, 0, "Unable to process group %s : %s",
2796 av[L_NAME], ldap_err2string(rc));
2802 com_err(whoami, 0, "Object already exists with name %s",
2807 linklist_free(group_base);
2812 if(atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2814 mail_nickname_v[0] = mail_nickname;
2815 report_to_originator_v[0] = "TRUE";
2817 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
2818 ADD_ATTR("reportToOriginator", report_to_originator_v,
2824 if(atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2826 mail_v[0] = contact_mail;
2827 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
2829 if(!ActiveDirectory)
2831 null_v[0] = "/dev/null";
2832 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
2833 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
2838 if (strlen(av[L_DESC]) != 0)
2840 desc_v[0] = av[L_DESC];
2841 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
2844 ADD_ATTR("groupType", groupTypeControl_v, LDAP_MOD_ADD);
2846 if (strlen(av[L_ACE_NAME]) != 0)
2848 sprintf(info, "The Administrator of this list is: %s",
2851 ADD_ATTR("info", info_v, LDAP_MOD_ADD);
2854 if (strlen(call_args[5]) != 0)
2856 mitMoiraId_v[0] = call_args[5];
2857 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
2862 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
2864 for (i = 0; i < n; i++)
2867 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
2869 com_err(whoami, 0, "Unable to create list %s in directory : %s",
2870 av[L_NAME], ldap_err2string(rc));
2876 if ((rc == LDAP_ALREADY_EXISTS) || (updateGroup))
2878 rc = attribute_update((LDAP *)call_args[0], new_dn, av[L_DESC],
2879 "description", av[L_NAME]);
2880 sprintf(info, "The Administrator of this list is: %s", av[L_ACE_NAME]);
2882 rc = attribute_update((LDAP *)call_args[0], new_dn, info, "info",
2887 if (strlen(call_args[5]) != 0)
2889 mitMoiraId_v[0] = call_args[5];
2890 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
2893 if (!(atoi(av[L_ACTIVE])))
2896 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
2899 if (!ActiveDirectory)
2901 mitMoiraPublic_v[0] = av[L_PUBLIC];
2902 mitMoiraHidden_v[0] = av[L_HIDDEN];
2903 mitMoiraActive_v[0] = av[L_ACTIVE];
2904 mitMoiraNFSGroup_v[0] = av[L_NFSGROUP];
2905 ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
2906 ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
2907 ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE);
2908 ADD_ATTR("mitMoiraNFSGroup", mitMoiraNFSGroup_v, LDAP_MOD_REPLACE);
2910 if(atoi(av[L_GROUP]))
2912 gidNumber_v[0] = av[L_GID];
2913 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2917 ADD_ATTR("gidNumber", gidNumber_v, LDAP_MOD_REPLACE);
2923 if(atoi(av[L_MAILLIST]))
2928 sprintf(filter, "(&(objectClass=user)(cn=%s))", av[L_NAME]);
2929 attr_array[0] = "cn";
2930 attr_array[1] = NULL;
2932 if ((rc = linklist_build((LDAP *)call_args[0], call_args[1],
2933 filter, attr_array, &group_base,
2935 LDAP_SCOPE_SUBTREE)) != 0)
2937 com_err(whoami, 0, "Unable to process group %s : %s",
2938 av[L_NAME], ldap_err2string(rc));
2944 com_err(whoami, 0, "Object already exists with name %s",
2949 linklist_free(group_base);
2954 if (atoi(av[L_MAILLIST]) && !MailDisabled && email_isvalid(mail))
2956 mail_nickname_v[0] = mail_nickname;
2957 report_to_originator_v[0] = "TRUE";
2959 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2960 ADD_ATTR("reportToOriginator", report_to_originator_v,
2966 mail_nickname_v[0] = NULL;
2967 proxy_address_v[0] = NULL;
2968 legacy_exchange_dn_v[0] = NULL;
2969 address_book_v[0] = NULL;
2970 report_to_originator_v[0] = NULL;
2972 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
2973 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
2974 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2975 ADD_ATTR("legacyExchangeDN", legacy_exchange_dn_v,
2977 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
2978 ADD_ATTR("reportToOriginator", report_to_originator_v,
2984 if (atoi(av[L_MAILLIST]) && email_isvalid(contact_mail))
2986 mail_v[0] = contact_mail;
2987 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
2989 if(!ActiveDirectory)
2991 null_v[0] = "/dev/null";
2992 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
2993 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
2999 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3001 if(!ActiveDirectory)
3004 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
3005 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
3015 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
3017 for (i = 0; i < n; i++)
3020 if (rc != LDAP_SUCCESS)
3022 com_err(whoami, 0, "Unable to update list %s in directory : %s",
3023 av[L_NAME], ldap_err2string(rc));
3030 ProcessGroupSecurity((LDAP *)call_args[0], call_args[1], av[L_NAME],
3031 atoi(av[L_HIDDEN]), av[L_ACE_TYPE], av[L_ACE_NAME]);
3033 return(LDAP_SUCCESS);
3036 int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
3037 char *TargetGroupName, int HiddenGroup,
3038 char *AceType, char *AceName)
3040 char filter_exp[1024];
3041 char *attr_array[5];
3042 char search_path[512];
3044 char TemplateDn[512];
3045 char TemplateSamName[128];
3047 char TargetSamName[128];
3048 char AceSamAccountName[128];
3050 unsigned char AceSid[128];
3051 unsigned char UserTemplateSid[128];
3052 char acBERBuf[N_SD_BER_BYTES];
3053 char GroupSecurityTemplate[256];
3054 char hide_addres_lists[256];
3055 char address_book[256];
3056 char *hide_address_lists_v[] = {NULL, NULL};
3057 char *address_book_v[] = {NULL, NULL};
3058 char *owner_v[] = {NULL, NULL};
3060 int UserTemplateSidCount;
3067 int array_count = 0;
3069 LK_ENTRY *group_base;
3070 LDAP_BERVAL **ppsValues;
3071 LDAPControl sControl = {"1.2.840.113556.1.4.801",
3072 { N_SD_BER_BYTES, acBERBuf },
3075 LDAPControl *apsServerControls[] = {&sControl, NULL};
3078 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
3079 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
3080 BEREncodeSecurityBits(dwInfo, acBERBuf);
3082 sprintf(search_path, "%s,%s", group_ou_root, dn_path);
3083 sprintf(filter_exp, "(sAMAccountName=%s%s)", TargetGroupName, group_suffix);
3084 attr_array[0] = "sAMAccountName";
3085 attr_array[1] = NULL;
3089 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3090 &group_base, &group_count,
3091 LDAP_SCOPE_SUBTREE) != 0))
3094 if (group_count != 1)
3096 linklist_free(group_base);
3100 strcpy(TargetDn, group_base->dn);
3101 strcpy(TargetSamName, group_base->value);
3102 linklist_free(group_base);
3106 UserTemplateSidCount = 0;
3107 memset(UserTemplateSid, '\0', sizeof(UserTemplateSid));
3108 memset(AceSamAccountName, '\0', sizeof(AceSamAccountName));
3109 memset(AceSid, '\0', sizeof(AceSid));
3114 if (strlen(AceName) != 0)
3116 if (!strcmp(AceType, "LIST"))
3118 sprintf(AceSamAccountName, "%s%s", AceName, group_suffix);
3119 strcpy(root_ou, group_ou_root);
3121 else if (!strcmp(AceType, "USER"))
3123 sprintf(AceSamAccountName, "%s", AceName);
3124 strcpy(root_ou, user_ou);
3127 if (ActiveDirectory)
3129 if (strlen(AceSamAccountName) != 0)
3131 sprintf(search_path, "%s", dn_path);
3132 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3133 attr_array[0] = "objectSid";
3134 attr_array[1] = NULL;
3138 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3139 attr_array, &group_base, &group_count,
3140 LDAP_SCOPE_SUBTREE) != 0))
3142 if (group_count == 1)
3144 strcpy(AceDn, group_base->dn);
3145 AceSidCount = group_base->length;
3146 memcpy(AceSid, group_base->value, AceSidCount);
3148 linklist_free(group_base);
3155 if (strlen(AceSamAccountName) != 0)
3157 sprintf(search_path, "%s", dn_path);
3158 sprintf(filter_exp, "(sAMAccountName=%s)", AceSamAccountName);
3159 attr_array[0] = "samAccountName";
3160 attr_array[1] = NULL;
3164 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3165 attr_array, &group_base, &group_count,
3166 LDAP_SCOPE_SUBTREE) != 0))
3168 if (group_count == 1)
3170 strcpy(AceDn, group_base->dn);
3172 linklist_free(group_base);
3179 if (!ActiveDirectory)
3181 if (strlen(AceDn) != 0)
3183 owner_v[0] = strdup(AceDn);
3185 ADD_ATTR("owner", owner_v, LDAP_MOD_REPLACE);
3189 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3191 for (i = 0; i < n; i++)
3194 if (rc != LDAP_SUCCESS)
3195 com_err(whoami, 0, "Unable to set owner for group %s : %s",
3196 TargetGroupName, ldap_err2string(rc));
3202 if (AceSidCount == 0)
3204 com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
3205 "have a directory SID.", TargetGroupName, AceName, AceType);
3206 com_err(whoami, 0, " Non-admin security group template will be used.");
3210 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3211 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
3212 attr_array[0] = "objectSid";
3213 attr_array[1] = NULL;
3218 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
3219 attr_array, &group_base, &group_count,
3220 LDAP_SCOPE_SUBTREE) != 0))
3223 if ((rc != 0) || (group_count != 1))
3225 com_err(whoami, 0, "Unable to process user security template: %s",
3231 UserTemplateSidCount = group_base->length;
3232 memcpy(UserTemplateSid, group_base->value, UserTemplateSidCount);
3234 linklist_free(group_base);
3241 if (AceSidCount == 0)
3243 strcpy(GroupSecurityTemplate, HIDDEN_GROUP);
3244 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP);
3248 strcpy(GroupSecurityTemplate, HIDDEN_GROUP_WITH_ADMIN);
3249 sprintf(filter_exp, "(sAMAccountName=%s)", HIDDEN_GROUP_WITH_ADMIN);
3254 if (AceSidCount == 0)
3256 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP);
3257 sprintf(filter_exp, "(sAMAccountName=%s)", NOT_HIDDEN_GROUP);
3261 strcpy(GroupSecurityTemplate, NOT_HIDDEN_GROUP_WITH_ADMIN);
3262 sprintf(filter_exp, "(sAMAccountName=%s)",
3263 NOT_HIDDEN_GROUP_WITH_ADMIN);
3267 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
3268 attr_array[0] = "sAMAccountName";
3269 attr_array[1] = NULL;
3273 if ((rc = linklist_build(ldap_handle, search_path, filter_exp, attr_array,
3274 &group_base, &group_count,
3275 LDAP_SCOPE_SUBTREE) != 0))
3278 if (group_count != 1)
3280 linklist_free(group_base);
3281 com_err(whoami, 0, "Unable to process group security template: %s - "
3282 "security not set", GroupSecurityTemplate);
3286 strcpy(TemplateDn, group_base->dn);
3287 strcpy(TemplateSamName, group_base->value);
3288 linklist_free(group_base);
3292 sprintf(filter_exp, "(sAMAccountName=%s)", TemplateSamName);
3293 rc = ldap_search_ext_s(ldap_handle,
3305 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
3307 com_err(whoami, 0, "Unable to find group security template: %s - "
3308 "security not set", GroupSecurityTemplate);
3312 ppsValues = ldap_get_values_len(ldap_handle, psMsg, "ntSecurityDescriptor");
3314 if (ppsValues == NULL)
3316 com_err(whoami, 0, "Unable to find group security descriptor for group "
3317 "%s - security not set", GroupSecurityTemplate);
3321 if (AceSidCount != 0)
3323 for (nVal = 0; ppsValues[nVal] != NULL; nVal++)
3326 i < (int)(ppsValues[nVal]->bv_len - UserTemplateSidCount); i++)
3328 if (!memcmp(&ppsValues[nVal]->bv_val[i], UserTemplateSid,
3329 UserTemplateSidCount))
3331 memcpy(&ppsValues[nVal]->bv_val[i], AceSid, AceSidCount);
3339 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
3340 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
3346 hide_address_lists_v[0] = "TRUE";
3347 address_book_v[0] = NULL;
3348 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3350 ADD_ATTR("showInAddressBook", address_book_v, LDAP_MOD_REPLACE);
3352 hide_address_lists_v[0] = NULL;
3353 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
3360 rc = ldap_modify_s(ldap_handle, TargetDn, mods);
3362 for (i = 0; i < n; i++)
3365 ldap_value_free_len(ppsValues);
3366 ldap_msgfree(psMsg);
3368 if (rc != LDAP_SUCCESS)
3370 com_err(whoami, 0, "Unable to set security settings for group %s : %s",
3371 TargetGroupName, ldap_err2string(rc));
3373 if (AceSidCount != 0)
3376 "Trying to set security for group %s without admin.",
3379 if (rc = ProcessGroupSecurity(ldap_handle, dn_path, TargetGroupName,
3380 HiddenGroup, "", ""))
3382 com_err(whoami, 0, "Unable to set security for group %s.",
3393 int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
3394 char *group_membership, char *MoiraId)
3396 LK_ENTRY *group_base;
3402 if (!check_string(group_name))
3405 "Unable to process invalid LDAP list name %s", group_name);
3406 return(AD_INVALID_NAME);
3409 memset(filter, '\0', sizeof(filter));
3412 sprintf(temp, "%s,%s", group_ou_root, dn_path);
3414 if (rc = ad_get_group(ldap_handle, temp, group_name,
3415 group_membership, MoiraId,
3416 "samAccountName", &group_base,
3417 &group_count, filter))
3420 if (group_count == 1)
3422 if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
3424 linklist_free(group_base);
3425 com_err(whoami, 0, "Unable to delete list %s from directory : %s",
3426 group_name, ldap_err2string(rc));
3429 linklist_free(group_base);
3433 linklist_free(group_base);
3434 com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
3435 return(AD_NO_GROUPS_FOUND);
3441 int BEREncodeSecurityBits(ULONG uBits, char *pBuffer)
3447 return(N_SD_BER_BYTES);
3450 int process_lists(int ac, char **av, void *ptr)
3455 char group_membership[2];
3461 memset(group_ou, '\0', sizeof(group_ou));
3462 memset(group_membership, '\0', sizeof(group_membership));
3463 get_group_membership(group_membership, group_ou, &security_flag, av);
3464 rc = populate_group((LDAP *)call_args[0], (char *)call_args[1],
3465 av[L_NAME], group_ou, group_membership,
3466 security_flag, "", 1);
3471 int member_list_build(int ac, char **av, void *ptr)
3479 strcpy(temp, av[ACE_NAME]);
3482 if (!check_string(temp))
3485 if (!strcmp(av[ACE_TYPE], "USER"))
3487 if (!((int)call_args[3] & MOIRA_USERS))
3490 else if (!strcmp(av[ACE_TYPE], "STRING"))
3494 if((s = strchr(temp, '@')) == (char *) NULL)
3496 strcat(temp, "@mit.edu");
3499 if(!strncasecmp(&temp[strlen(temp) - 6], ".LOCAL", 6))
3501 s = strrchr(temp, '.');
3503 strcat(s, ".mit.edu");
3507 if (!((int)call_args[3] & MOIRA_STRINGS))
3510 if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
3513 else if (!strcmp(av[ACE_TYPE], "LIST"))
3515 if (!((int)call_args[3] & MOIRA_LISTS))
3518 else if (!strcmp(av[ACE_TYPE], "KERBEROS"))
3520 if (!((int)call_args[3] & MOIRA_KERBEROS))
3523 if (contact_create((LDAP *)call_args[0], call_args[1], temp,
3528 else if (!strcmp(av[ACE_TYPE], "MACHINE"))
3530 if (!((int)call_args[3] & MOIRA_MACHINE))
3536 linklist = member_base;
3540 if (!strcasecmp(temp, linklist->member) &&
3541 !strcasecmp(av[ACE_TYPE], linklist->type))
3544 linklist = linklist->next;
3547 linklist = calloc(1, sizeof(LK_ENTRY));
3549 linklist->dn = NULL;
3550 linklist->list = calloc(1, strlen(call_args[2]) + 1);
3551 strcpy(linklist->list, call_args[2]);
3552 linklist->type = calloc(1, strlen(av[ACE_TYPE]) + 1);
3553 strcpy(linklist->type, av[ACE_TYPE]);
3554 linklist->member = calloc(1, strlen(temp) + 1);
3555 strcpy(linklist->member, temp);
3556 linklist->next = member_base;
3557 member_base = linklist;
3562 int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
3563 char *group_ou, char *group_membership, char *user_name,
3564 char *UserOu, char *MoiraId)
3566 char distinguished_name[1024];
3570 char *attr_array[3];
3575 LK_ENTRY *group_base;
3579 if (max_group_members && (group_members < max_group_members))
3582 if (!check_string(group_name))
3583 return(AD_INVALID_NAME);
3585 if(!contains_member(ldap_handle, dn_path, group_name, UserOu,
3586 escape_string(user_name)))
3589 memset(filter, '\0', sizeof(filter));
3593 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3594 group_membership, MoiraId,
3595 "samAccountName", &group_base,
3596 &group_count, filter))
3599 if (group_count != 1)
3601 com_err(whoami, 0, "Unable to find list %s in directory",
3603 linklist_free(group_base);
3609 strcpy(distinguished_name, group_base->dn);
3610 linklist_free(group_base);
3616 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3620 if(!strcmp(UserOu, user_ou))
3621 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3623 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3626 modvalues[0] = temp;
3627 modvalues[1] = NULL;
3630 ADD_ATTR("member", modvalues, LDAP_MOD_DELETE);
3632 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3634 for (i = 0; i < n; i++)
3637 if (rc == LDAP_UNWILLING_TO_PERFORM)
3640 if (rc != LDAP_SUCCESS)
3642 com_err(whoami, 0, "Unable to modify list %s members : %s",
3643 group_name, ldap_err2string(rc));
3647 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3651 if(!strcmp(UserOu, contact_ou) &&
3652 ((s = strstr(user_name, "@mit.edu")) != (char *) NULL))
3654 memset(temp, '\0', sizeof(temp));
3655 strcpy(temp, user_name);
3656 s = strchr(temp, '@');
3659 sprintf(filter, "(&(objectClass=user)(mailNickName=%s))", temp);
3661 if ((rc = linklist_build(ldap_handle, dn_path, filter, NULL,
3662 &group_base, &group_count,
3663 LDAP_SCOPE_SUBTREE) != 0))
3669 linklist_free(group_base);
3674 sprintf(filter, "(distinguishedName=%s)", temp);
3675 attr_array[0] = "memberOf";
3676 attr_array[1] = NULL;
3678 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
3679 &group_base, &group_count,
3680 LDAP_SCOPE_SUBTREE) != 0))
3686 com_err(whoami, 0, "Removing unreferenced object %s", temp);
3688 if ((rc = ldap_delete_s(ldap_handle, temp)) != 0)
3698 int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
3699 char *group_ou, char *group_membership, char *user_name,
3700 char *UserOu, char *MoiraId)
3702 char distinguished_name[1024];
3710 LK_ENTRY *group_base;
3713 if (max_group_members && (group_members < max_group_members))
3716 if (!check_string(group_name))
3717 return(AD_INVALID_NAME);
3719 if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0)
3723 memset(filter, '\0', sizeof(filter));
3727 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
3728 group_membership, MoiraId,
3729 "samAccountName", &group_base,
3730 &group_count, filter))
3733 if (group_count != 1)
3735 linklist_free(group_base);
3738 com_err(whoami, 0, "Unable to find list %s %d in directory",
3739 group_name, group_count);
3740 return(AD_MULTIPLE_GROUPS_FOUND);
3743 strcpy(distinguished_name, group_base->dn);
3744 linklist_free(group_base);
3750 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
3754 if(!strcmp(UserOu, user_ou))
3755 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
3757 sprintf(temp, "cn=%s,%s,%s", user_name, UserOu, dn_path);
3760 modvalues[0] = temp;
3761 modvalues[1] = NULL;
3764 ADD_ATTR("member", modvalues, LDAP_MOD_ADD);
3766 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
3768 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
3771 if ((!strcmp(UserOu, contact_ou)) || (!strcmp(UserOu, kerberos_ou)))
3773 if (rc == LDAP_UNWILLING_TO_PERFORM)
3777 for (i = 0; i < n; i++)
3780 if (rc != LDAP_SUCCESS)
3782 com_err(whoami, 0, "Unable to add %s to list %s as a member : %s",
3783 user_name, group_name, ldap_err2string(rc));
3789 int contact_remove_email(LDAP *ld, char *bind_path,
3790 LK_ENTRY **linklist_base, int linklist_current)
3794 char *mail_v[] = {NULL, NULL};
3802 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
3803 ADD_ATTR("mailNickName", mail_v, LDAP_MOD_REPLACE);
3804 ADD_ATTR("proxyAddresses", mail_v, LDAP_MOD_REPLACE);
3805 ADD_ATTR("targetAddress", mail_v, LDAP_MOD_REPLACE);
3808 gPtr = (*linklist_base);
3811 rc = ldap_modify_s(ld, gPtr->dn, mods);
3813 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
3815 com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
3816 gPtr->dn, ldap_err2string(rc));
3823 for (i = 0; i < n; i++)
3829 int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
3832 LK_ENTRY *group_base;
3835 char cn_user_name[256];
3836 char contact_name[256];
3837 char mail_nickname[256];
3838 char proxy_address_internal[256];
3839 char proxy_address_external[256];
3840 char target_address[256];
3841 char internal_contact_name[256];
3844 char principal[256];
3845 char mit_address_book[256];
3846 char default_address_book[256];
3847 char contact_address_book[256];
3849 char *email_v[] = {NULL, NULL};
3850 char *cn_v[] = {NULL, NULL};
3851 char *contact_v[] = {NULL, NULL};
3852 char *uid_v[] = {NULL, NULL};
3853 char *mail_nickname_v[] = {NULL, NULL};
3854 char *proxy_address_internal_v[] = {NULL, NULL};
3855 char *proxy_address_external_v[] = {NULL, NULL};
3856 char *target_address_v[] = {NULL, NULL};
3857 char *mit_address_book_v[] = {NULL, NULL};
3858 char *default_address_book_v[] = {NULL, NULL};
3859 char *contact_address_book_v[] = {NULL, NULL};
3860 char *hide_address_lists_v[] = {NULL, NULL};
3861 char *attr_array[3];
3862 char *objectClass_v[] = {"top", "person",
3863 "organizationalPerson",
3865 char *objectClass_ldap_v[] = {"top", "person", "microsoftComTop",
3866 "inetOrgPerson", "organizationalPerson",
3867 "contact", "mailRecipient", "eduPerson",
3869 char *name_v[] = {NULL, NULL};
3870 char *desc_v[] = {NULL, NULL};
3877 char *mail_routing_v[] = {NULL, NULL};
3878 char *principal_v[] = {NULL, NULL};
3880 if (!check_string(user))
3882 com_err(whoami, 0, "Unable to process invalid LDAP name %s", user);
3883 return(AD_INVALID_NAME);
3887 strcpy(contact_name, mail);
3888 strcpy(internal_contact_name, mail);
3890 if((s = strchr(internal_contact_name, '@')) != NULL) {
3894 sprintf(cn_user_name,"CN=%s,%s,%s", escape_string(contact_name), group_ou,
3897 sprintf(target_address, "SMTP:%s", contact_name);
3898 sprintf(proxy_address_external, "SMTP:%s", contact_name);
3899 sprintf(mail_nickname, "%s", internal_contact_name);
3901 cn_v[0] = cn_user_name;
3902 contact_v[0] = contact_name;
3905 desc_v[0] = "Auto account created by Moira";
3907 proxy_address_internal_v[0] = proxy_address_internal;
3908 proxy_address_external_v[0] = proxy_address_external;
3909 mail_nickname_v[0] = mail_nickname;
3910 target_address_v[0] = target_address;
3911 mit_address_book_v[0] = mit_address_book;
3912 default_address_book_v[0] = default_address_book;
3913 contact_address_book_v[0] = contact_address_book;
3914 strcpy(new_dn, cn_user_name);
3917 ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
3919 if(!ActiveDirectory)
3921 if(!strcmp(group_ou, contact_ou))
3922 sprintf(uid, "%s%s", contact_name, "_strings");
3924 if(!strcmp(group_ou, kerberos_ou))
3925 sprintf(uid, "%s%s", contact_name, "_kerberos");
3929 ADD_ATTR("sn", contact_v, LDAP_MOD_ADD);
3930 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
3935 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
3939 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
3942 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
3943 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
3944 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
3948 if (!strcmp(group_ou, contact_ou) && email_isvalid(mail))
3953 sprintf(filter, "(&(objectClass=user)(cn=%s))", mail);
3954 attr_array[0] = "cn";
3955 attr_array[1] = NULL;
3957 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3958 &group_base, &group_count,
3959 LDAP_SCOPE_SUBTREE)) != 0)
3961 com_err(whoami, 0, "Unable to process contact %s : %s",
3962 user, ldap_err2string(rc));
3968 com_err(whoami, 0, "Object already exists with name %s",
3973 linklist_free(group_base);
3977 sprintf(filter, "(&(objectClass=group)(cn=%s))", mail);
3978 attr_array[0] = "cn";
3979 attr_array[1] = NULL;
3981 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
3982 &group_base, &group_count,
3983 LDAP_SCOPE_SUBTREE)) != 0)
3985 com_err(whoami, 0, "Unable to process contact %s : %s",
3986 user, ldap_err2string(rc));
3992 com_err(whoami, 0, "Object already exists with name %s",
3997 linklist_free(group_base);
4001 sprintf(filter, "(&(objectClass=user)(mail=%s))", mail);
4002 attr_array[0] = "cn";
4003 attr_array[1] = NULL;
4005 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
4006 &group_base, &group_count,
4007 LDAP_SCOPE_SUBTREE)) != 0)
4009 com_err(whoami, 0, "Unable to process contact %s : %s",
4010 user, ldap_err2string(rc));
4016 com_err(whoami, 0, "Object already exists with name %s",
4021 linklist_free(group_base);
4025 sprintf(filter, "(&(objectClass=group)(mail=%s))", mail);
4026 attr_array[0] = "cn";
4027 attr_array[1] = NULL;
4029 if ((rc = linklist_build(ld, bind_path, filter, attr_array,
4030 &group_base, &group_count,
4031 LDAP_SCOPE_SUBTREE)) != 0)
4033 com_err(whoami, 0, "Unable to process contact %s : %s",
4034 user, ldap_err2string(rc));
4040 com_err(whoami, 0, "Object already exists with name %s",
4045 linklist_free(group_base);
4049 ADD_ATTR("mail", email_v, LDAP_MOD_ADD);
4050 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
4051 ADD_ATTR("proxyAddresses", proxy_address_external_v, LDAP_MOD_ADD);
4052 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_ADD);
4054 hide_address_lists_v[0] = "TRUE";
4055 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4060 if(!ActiveDirectory)
4062 if((c = strchr(mail, '@')) == NULL)
4063 sprintf(temp, "%s@mit.edu", mail);
4065 sprintf(temp, "%s", mail);
4067 mail_routing_v[0] = temp;
4069 principal_v[0] = principal;
4071 if(!strcmp(group_ou, contact_ou))
4073 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4074 ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
4080 rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
4082 for (i = 0; i < n; i++)
4087 if ((rc != LDAP_SUCCESS) && (rc == LDAP_ALREADY_EXISTS) &&
4088 !strcmp(group_ou, contact_ou) && email_isvalid(mail))
4092 ADD_ATTR("mail", email_v, LDAP_MOD_REPLACE);
4093 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4094 ADD_ATTR("proxyAddresses", proxy_address_external_v,
4096 ADD_ATTR("targetAddress", target_address_v, LDAP_MOD_REPLACE);
4098 hide_address_lists_v[0] = "TRUE";
4099 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4103 rc = ldap_modify_s(ld, new_dn, mods);
4107 com_err(whoami, 0, "Unable to update contact %s", mail);
4110 for (i = 0; i < n; i++)
4115 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
4117 com_err(whoami, 0, "Unable to create contact %s : %s",
4118 user, ldap_err2string(rc));
4125 int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
4126 char *Uid, char *MitId, char *MoiraId, int State,
4127 char *WinHomeDir, char *WinProfileDir, char *first,
4128 char *middle, char *last, char *shell, char *class)
4131 LK_ENTRY *group_base;
4133 char distinguished_name[512];
4134 char displayName[256];
4135 char address_book[1024];
4136 char *mitMoiraId_v[] = {NULL, NULL};
4137 char *mitMoiraClass_v[] = {NULL, NULL};
4138 char *mitMoiraStatus_v[] = {NULL, NULL};
4139 char *uid_v[] = {NULL, NULL};
4140 char *mitid_v[] = {NULL, NULL};
4141 char *homedir_v[] = {NULL, NULL};
4142 char *winProfile_v[] = {NULL, NULL};
4143 char *drives_v[] = {NULL, NULL};
4144 char *userAccountControl_v[] = {NULL, NULL};
4145 char *alt_recipient_v[] = {NULL, NULL};
4146 char *hide_address_lists_v[] = {NULL, NULL};
4147 char *mail_v[] = {NULL, NULL};
4148 char *gid_v[] = {NULL, NULL};
4149 char *loginshell_v[] = {NULL, NULL};
4150 char *principal_v[] = {NULL, NULL};
4151 char *address_book_v[] = {NULL, NULL, NULL, NULL, NULL};
4152 char userAccountControlStr[80];
4157 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
4158 UF_PASSWD_CANT_CHANGE;
4160 char *attr_array[3];
4163 char filesys_name[256];
4164 char contact_mail[256];
4165 char filter_exp[1024];
4166 char search_path[512];
4167 char TemplateDn[512];
4168 char TemplateSamName[128];
4169 char alt_recipient[256];
4170 char principal[256];
4172 char acBERBuf[N_SD_BER_BYTES];
4173 LDAPControl sControl = {"1.2.840.113556.1.4.801",
4174 { N_SD_BER_BYTES, acBERBuf },
4176 LDAPControl *apsServerControls[] = {&sControl, NULL};
4178 LDAP_BERVAL **ppsValues;
4182 char *homeServerName;
4184 char search_string[256];
4186 char *mail_routing_v[] = {NULL, NULL};
4187 char *mail_alternate_v[] = {NULL, NULL};
4188 char *mit_moira_imap_address_v[] = {NULL, NULL};
4189 char *deliver_and_redirect_v[] = {NULL, NULL};
4192 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
4193 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
4194 BEREncodeSecurityBits(dwInfo, acBERBuf);
4196 if (!check_string(user_name))
4198 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
4200 return(AD_INVALID_NAME);
4203 memset(contact_mail, '\0', sizeof(contact_mail));
4205 sprintf(contact_mail, "%s@exchange-forwarding.mit.edu", user_name);
4207 sprintf(contact_mail, "%s@mit.edu", user_name);
4208 memset(mail, '\0', sizeof(mail));
4209 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4210 memset(alt_recipient, '\0', sizeof(alt_recipient));
4211 sprintf(alt_recipient, "cn=%s@exchange-forwarding.mit.edu,%s,%s", user_name,
4212 contact_ou, dn_path);
4213 sprintf(search_string, "@%s", uppercase(ldap_domain));
4214 memset(filesys_name, '\0', sizeof(filesys_name));
4215 sprintf(filesys_name, "%s.po", user_name);
4219 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4221 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4228 memset(displayName, '\0', sizeof(displayName));
4230 if (strlen(MoiraId) != 0)
4234 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
4239 "(&(objectClass=mitPerson)(mitMoiraId=%s))", MoiraId);
4242 attr_array[0] = "cn";
4243 attr_array[1] = NULL;
4244 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
4245 &group_base, &group_count,
4246 LDAP_SCOPE_SUBTREE)) != 0)
4248 com_err(whoami, 0, "Unable to process user %s : %s",
4249 user_name, ldap_err2string(rc));
4254 if (group_count != 1)
4256 linklist_free(group_base);
4259 sprintf(filter, "(sAMAccountName=%s)", user_name);
4260 attr_array[0] = "cn";
4261 attr_array[1] = NULL;
4262 sprintf(temp, "%s,%s", user_ou, dn_path);
4263 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
4264 &group_base, &group_count,
4265 LDAP_SCOPE_SUBTREE)) != 0)
4267 com_err(whoami, 0, "Unable to process user %s : %s",
4268 user_name, ldap_err2string(rc));
4273 if (group_count != 1)
4275 com_err(whoami, 0, "Unable to find user %s in directory",
4277 linklist_free(group_base);
4278 return(AD_NO_USER_FOUND);
4281 strcpy(distinguished_name, group_base->dn);
4283 linklist_free(group_base);
4286 if(!ActiveDirectory)
4288 if (rc = moira_connect())
4290 critical_alert("Ldap incremental",
4291 "Error contacting Moira server : %s",
4296 argv[0] = filesys_name;
4298 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
4302 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
4305 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4307 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4312 "Unable to set the mitMoiraIMAPAddress for %s : %s",
4313 user_name, ldap_err2string(rc));
4315 sprintf(temp, "%s@%s", user_name, save_argv[FS_MACHINE]);
4317 mit_moira_imap_address_v[0] = temp;
4320 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
4323 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4325 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4329 com_err(whoami, 0, "Unable to set the mitMoiraIMAPAddress for "
4330 "%s : %s", user_name, ldap_err2string(rc));
4331 } else if(rc==MR_NO_MATCH) {
4334 ADD_ATTR("mitMoiraIMAPServer", mit_moira_imap_address_v,
4337 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4339 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4344 "Unable to set the mitMoiraIMAPAddress for %s : %s",
4345 user_name, ldap_err2string(rc));
4349 argv[0] = user_name;
4351 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4354 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4356 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4358 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4363 "Unable to set the mailRoutingAddress for %s : %s",
4364 user_name, ldap_err2string(rc));
4366 p = strdup(save_argv[3]);
4368 if((c = strchr(p, ',')) != NULL)
4373 if ((c = strchr(q, '@')) == NULL)
4374 sprintf(temp, "%s@mit.edu", q);
4376 sprintf(temp, "%s", q);
4378 if(email_isvalid(temp) && State != US_DELETED)
4380 mail_routing_v[0] = temp;
4383 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4385 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4387 if (rc == LDAP_ALREADY_EXISTS ||
4388 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4393 "Unable to set the mailRoutingAddress for %s : %s",
4394 user_name, ldap_err2string(rc));
4397 while((q = strtok(NULL, ",")) != NULL) {
4400 if((c = strchr(q, '@')) == NULL)
4401 sprintf(temp, "%s@mit.edu", q);
4403 sprintf(temp, "%s", q);
4405 if(email_isvalid(temp) && State != US_DELETED)
4407 mail_routing_v[0] = temp;
4410 ADD_ATTR("mailRoutingAddress", mail_routing_v,
4413 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4415 if (rc == LDAP_ALREADY_EXISTS ||
4416 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4421 "Unable to set the mailRoutingAddress for "
4423 user_name, ldap_err2string(rc));
4429 if((c = strchr(p, '@')) == NULL)
4430 sprintf(temp, "%s@mit.edu", p);
4432 sprintf(temp, "%s", p);
4434 if(email_isvalid(temp) && State != US_DELETED)
4436 mail_routing_v[0] = temp;
4439 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
4441 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4443 if (rc == LDAP_ALREADY_EXISTS ||
4444 rc == LDAP_TYPE_OR_VALUE_EXISTS)
4449 "Unable to set the mailRoutingAddress for %s : %s",
4450 user_name, ldap_err2string(rc));
4453 } else if(rc==MR_NO_MATCH) {
4456 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
4458 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4460 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
4465 "Unable to set the mailRoutingAddress for %s : %s",
4466 user_name, ldap_err2string(rc));
4471 if ((strlen(MitId) != 0) && (MitId[0] == '9'))
4472 rc = attribute_update(ldap_handle, distinguished_name, MitId,
4473 "employeeID", user_name);
4475 rc = attribute_update(ldap_handle, distinguished_name, "none",
4476 "employeeID", user_name);
4479 strcat(displayName, first);
4482 if(strlen(middle)) {
4484 strcat(displayName, " ");
4486 strcat(displayName, middle);
4490 if(strlen(middle) || strlen(first))
4491 strcat(displayName, " ");
4493 strcat(displayName, last);
4496 if(strlen(displayName))
4497 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4498 "displayName", user_name);
4500 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4501 "displayName", user_name);
4503 if(!ActiveDirectory)
4505 if(strlen(displayName))
4506 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4509 rc = attribute_update(ldap_handle, distinguished_name, user_name,
4513 if(!ActiveDirectory)
4515 rc = attribute_update(ldap_handle, distinguished_name, displayName,
4516 "eduPersonNickname", user_name);
4520 rc = attribute_update(ldap_handle, distinguished_name, first,
4521 "givenName", user_name);
4523 rc = attribute_update(ldap_handle, distinguished_name, "",
4524 "givenName", user_name);
4526 if(strlen(middle) == 1)
4527 rc = attribute_update(ldap_handle, distinguished_name, middle,
4528 "initials", user_name);
4530 rc = attribute_update(ldap_handle, distinguished_name, "",
4531 "initials", user_name);
4534 rc = attribute_update(ldap_handle, distinguished_name, last,
4537 rc = attribute_update(ldap_handle, distinguished_name, "",
4542 rc = attribute_update(ldap_handle, distinguished_name, Uid, "uid",
4547 rc = attribute_update(ldap_handle, distinguished_name, user_name, "uid",
4551 rc = attribute_update(ldap_handle, distinguished_name, MoiraId,
4552 "mitMoiraId", user_name);
4561 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4565 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_REPLACE);
4570 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4571 sprintf(status, "%d", State);
4572 principal_v[0] = principal;
4573 loginshell_v[0] = shell;
4574 mitMoiraClass_v[0] = class;
4575 mitMoiraStatus_v[0] = status;
4577 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_REPLACE);
4578 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_REPLACE);
4579 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_REPLACE);
4580 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4581 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_REPLACE);
4582 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_REPLACE);
4585 if ((State != US_NO_PASSWD) && (State != US_REGISTERED))
4587 userAccountControl |= UF_ACCOUNTDISABLE;
4591 hide_address_lists_v[0] = "TRUE";
4592 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4600 hide_address_lists_v[0] = NULL;
4601 address_book_v[0] = address_book;
4602 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
4606 sprintf(address_book, "%s%s", GLOBAL_ADDRESS_LIST_PREFIX, dn_path);
4607 address_book_v[0] = strdup(address_book);
4608 memset(address_book, '\0', sizeof(address_book));
4609 sprintf(address_book, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4610 address_book_v[1] = strdup(address_book);
4611 memset(address_book, '\0', sizeof(address_book));
4612 sprintf(address_book, "%s%s", EMAIL_ADDRESS_LIST_PREFIX, dn_path);
4613 address_book_v[2] = strdup(address_book);
4614 memset(address_book, '\0', sizeof(address_book));
4615 sprintf(address_book, "%s%s", ALL_ADDRESS_LIST_PREFIX, dn_path);
4616 address_book_v[3] = strdup(address_book);
4617 memset(address_book, '\0', sizeof(address_book));
4619 ADD_ATTR("showInAddressBook", address_book_v,
4625 sprintf(userAccountControlStr, "%ld", userAccountControl);
4626 userAccountControl_v[0] = userAccountControlStr;
4627 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_REPLACE);
4631 if (rc = moira_connect())
4633 critical_alert("Ldap incremental",
4634 "Error contacting Moira server : %s",
4639 argv[0] = user_name;
4641 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
4643 if(!strcmp(save_argv[1], "EXCHANGE") ||
4644 (strstr(save_argv[3], search_string) != NULL))
4646 alt_recipient_v[0] = NULL;
4647 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4649 argv[0] = exchange_acl;
4651 argv[2] = user_name;
4653 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
4655 if ((rc) && (rc != MR_EXISTS))
4657 com_err(whoami, 0, "Unable to add user %s to %s: %s",
4658 user_name, exchange_acl, error_message(rc));
4661 if(!strcmp(save_argv[1], "SPLIT") ||
4662 !strcmp(save_argv[1], "SMTP")) {
4664 deliver_and_redirect_v[0] = "TRUE";
4665 alt_recipient_v[0] = alt_recipient;
4666 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4667 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4673 deliver_and_redirect_v[0] = "FALSE";
4674 alt_recipient_v[0] = alt_recipient;
4675 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4676 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4679 argv[0] = exchange_acl;
4681 argv[2] = user_name;
4683 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4685 if ((rc) && (rc != MR_NO_MATCH))
4688 "Unable to remove user %s from %s: %s, %d",
4689 user_name, exchange_acl, error_message(rc), rc);
4695 deliver_and_redirect_v[0] = "FALSE";
4696 alt_recipient_v[0] = alt_recipient;
4697 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_REPLACE);
4698 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
4701 argv[0] = exchange_acl;
4703 argv[2] = user_name;
4705 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
4707 if ((rc) && (rc != MR_NO_MATCH))
4710 "Unable to remove user %s from %s: %s, %d",
4711 user_name, exchange_acl, error_message(rc), rc);
4719 mail_v[0] = contact_mail;
4720 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4722 if(!ActiveDirectory)
4724 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4728 n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir,
4729 WinProfileDir, homedir_v, winProfile_v,
4730 drives_v, mods, LDAP_MOD_REPLACE, n);
4734 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
4735 sprintf(search_path, "%s,%s", security_template_ou, dn_path);
4736 attr_array[0] = "sAMAccountName";
4737 attr_array[1] = NULL;
4741 if ((rc = linklist_build(ldap_handle, search_path, filter_exp,
4743 &group_base, &group_count,
4744 LDAP_SCOPE_SUBTREE) != 0))
4747 if (group_count != 1)
4749 com_err(whoami, 0, "Unable to process user security template: %s - "
4750 "security not set", "UserTemplate.u");
4754 strcpy(TemplateDn, group_base->dn);
4755 strcpy(TemplateSamName, group_base->value);
4756 linklist_free(group_base);
4760 rc = ldap_search_ext_s(ldap_handle, search_path, LDAP_SCOPE_SUBTREE,
4761 filter_exp, NULL, 0, apsServerControls, NULL,
4764 if ((psMsg = ldap_first_entry(ldap_handle, psMsg)) == NULL)
4766 com_err(whoami, 0, "Unable to find user security template: %s - "
4767 "security not set", "UserTemplate.u");
4771 ppsValues = ldap_get_values_len(ldap_handle, psMsg,
4772 "ntSecurityDescriptor");
4774 if (ppsValues == NULL)
4776 com_err(whoami, 0, "Unable to find user security template: %s - "
4777 "security not set", "UserTemplate.u");
4781 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
4782 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
4787 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
4788 mods)) != LDAP_SUCCESS)
4790 OldUseSFU30 = UseSFU30;
4791 SwitchSFU(mods, &UseSFU30, n);
4792 if (OldUseSFU30 != UseSFU30)
4793 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
4796 com_err(whoami, 0, "Unable to modify user data for %s : %s",
4797 user_name, ldap_err2string(rc));
4801 for (i = 0; i < n; i++)
4807 int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
4815 char contact_mail[256];
4816 char proxy_address[256];
4817 char query_base_dn[256];
4819 char *userPrincipalName_v[] = {NULL, NULL};
4820 char *altSecurityIdentities_v[] = {NULL, NULL};
4821 char *name_v[] = {NULL, NULL};
4822 char *samAccountName_v[] = {NULL, NULL};
4823 char *mail_v[] = {NULL, NULL};
4824 char *mail_nickname_v[] = {NULL, NULL};
4825 char *proxy_address_v[] = {NULL, NULL};
4826 char *query_base_dn_v[] = {NULL, NULL};
4827 char *principal_v[] = {NULL, NULL};
4828 char principal[256];
4833 if (!check_string(before_user_name))
4836 "Unable to process invalid LDAP user name %s", before_user_name);
4837 return(AD_INVALID_NAME);
4840 if (!check_string(user_name))
4843 "Unable to process invalid LDAP user name %s", user_name);
4844 return(AD_INVALID_NAME);
4847 strcpy(user_name, user_name);
4850 sprintf(old_dn, "cn=%s,%s,%s", before_user_name, user_ou, dn_path);
4852 sprintf(old_dn, "uid=%s,%s,%s", before_user_name, user_ou, dn_path);
4855 sprintf(new_dn, "cn=%s", user_name);
4857 sprintf(new_dn, "uid=%s", user_name);
4859 sprintf(mail, "%s@%s", user_name, lowercase(ldap_domain));
4860 sprintf(contact_mail, "%s@mit.edu", user_name);
4861 sprintf(proxy_address, "SMTP:%s@%s", user_name, lowercase(ldap_domain));
4862 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
4864 if ((rc = ldap_rename_s(ldap_handle, old_dn, new_dn, NULL, TRUE,
4865 NULL, NULL)) != LDAP_SUCCESS)
4867 com_err(whoami, 0, "Unable to rename user from %s to %s : %s",
4868 before_user_name, user_name, ldap_err2string(rc));
4874 sprintf(temp, "cn=%s@mit.edu,%s,%s", before_user_name, contact_ou,
4877 if(rc = ldap_delete_s(ldap_handle, temp))
4879 com_err(whoami, 0, "Unable to delete user contact for %s",
4883 if(contact_create(ldap_handle, dn_path, contact_mail, contact_ou))
4885 com_err(whoami, 0, "Unable to create user contact %s", contact_mail);
4889 name_v[0] = user_name;
4890 sprintf(upn, "%s@%s", user_name, ldap_domain);
4891 userPrincipalName_v[0] = upn;
4892 principal_v[0] = principal;
4893 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
4894 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, dn_path);
4895 altSecurityIdentities_v[0] = temp;
4896 samAccountName_v[0] = user_name;
4898 mail_nickname_v[0] = user_name;
4899 proxy_address_v[0] = proxy_address;
4900 query_base_dn_v[0] = query_base_dn;
4903 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_REPLACE);
4904 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_REPLACE);
4905 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4906 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_REPLACE);
4908 if(!ActiveDirectory)
4910 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_REPLACE);
4911 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_REPLACE);
4912 ADD_ATTR("displayName", name_v, LDAP_MOD_REPLACE);
4913 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_REPLACE);
4918 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_REPLACE);
4919 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_REPLACE);
4920 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4921 ADD_ATTR("proxyAddresses", proxy_address_v, LDAP_MOD_REPLACE);
4925 mail_v[0] = contact_mail;
4926 ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
4928 if(!ActiveDirectory)
4930 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
4937 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, dn_path);
4939 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, dn_path);
4941 if ((rc = ldap_modify_s(ldap_handle, new_dn, mods)) != LDAP_SUCCESS)
4944 "Unable to modify user data for %s after renaming : %s",
4945 user_name, ldap_err2string(rc));
4948 for (i = 0; i < n; i++)
4954 int user_create(int ac, char **av, void *ptr)
4958 char user_name[256];
4962 char contact_mail[256];
4963 char proxy_address[256];
4964 char mail_nickname[256];
4965 char query_base_dn[256];
4966 char displayName[256];
4967 char address_book[1024];
4968 char alt_recipient[256];
4969 char filesys_name[256];
4970 char *cn_v[] = {NULL, NULL};
4971 char *objectClass_v[] = {"top", "person", "organizationalPerson",
4973 char *objectClass_ldap_v[] = {"top",
4974 "eduPerson", "posixAccount",
4975 "apple-user", "shadowAccount",
4976 "microsoftComTop", "securityPrincipal",
4977 "inetOrgPerson", "user",
4978 "organizationalPerson", "person",
4979 "mailRecipient", NULL};
4981 char *samAccountName_v[] = {NULL, NULL};
4982 char *altSecurityIdentities_v[] = {NULL, NULL};
4983 char *mitMoiraId_v[] = {NULL, NULL};
4984 char *mitMoiraClass_v[] = {NULL, NULL};
4985 char *mitMoiraStatus_v[] = {NULL, NULL};
4986 char *name_v[] = {NULL, NULL};
4987 char *desc_v[] = {NULL, NULL};
4988 char *userPrincipalName_v[] = {NULL, NULL};
4989 char *userAccountControl_v[] = {NULL, NULL};
4990 char *uid_v[] = {NULL, NULL};
4991 char *gid_v[] = {NULL, NULL};
4992 char *mitid_v[] = {NULL, NULL};
4993 char *homedir_v[] = {NULL, NULL};
4994 char *winProfile_v[] = {NULL, NULL};
4995 char *drives_v[] = {NULL, NULL};
4996 char *mail_v[] = {NULL, NULL};
4997 char *givenName_v[] = {NULL, NULL};
4998 char *sn_v[] = {NULL, NULL};
4999 char *initials_v[] = {NULL, NULL};
5000 char *displayName_v[] = {NULL, NULL};
5001 char *proxy_address_v[] = {NULL, NULL};
5002 char *mail_nickname_v[] = {NULL, NULL};
5003 char *query_base_dn_v[] = {NULL, NULL};
5004 char *address_book_v[] = {NULL, NULL, NULL, NULL, NULL};
5005 char *homeMDB_v[] = {NULL, NULL};
5006 char *homeServerName_v[] = {NULL, NULL};
5007 char *mdbUseDefaults_v[] = {NULL, NULL};
5008 char *mailbox_guid_v[] = {NULL, NULL};
5009 char *user_culture_v[] = {NULL, NULL};
5010 char *user_account_control_v[] = {NULL, NULL};
5011 char *msexch_version_v[] = {NULL, NULL};
5012 char *alt_recipient_v[] = {NULL, NULL};
5013 char *hide_address_lists_v[] = {NULL, NULL};
5014 char *principal_v[] = {NULL, NULL};
5015 char *loginshell_v[] = {NULL, NULL};
5016 char userAccountControlStr[80];
5018 char principal[256];
5019 char filter_exp[1024];
5020 char search_path[512];
5021 char *attr_array[3];
5022 u_int userAccountControl = UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
5023 UF_PASSWD_CANT_CHANGE;
5029 char WinHomeDir[1024];
5030 char WinProfileDir[1024];
5032 char *homeServerName;
5034 char acBERBuf[N_SD_BER_BYTES];
5035 LK_ENTRY *group_base;
5037 char TemplateDn[512];
5038 char TemplateSamName[128];
5039 LDAP_BERVAL **ppsValues;
5040 LDAPControl sControl = {"1.2.840.113556.1.4.801",
5041 { N_SD_BER_BYTES, acBERBuf },
5043 LDAPControl *apsServerControls[] = {&sControl, NULL};
5047 char search_string[256];
5048 char *o_v[] = {NULL, NULL};
5050 char *mail_routing_v[] = {NULL, NULL};
5051 char *mail_alternate_v[] = {NULL, NULL};
5052 char *mit_moira_imap_address_v[] = {NULL, NULL};
5053 char *deliver_and_redirect_v[] = {NULL, NULL};
5058 dwInfo = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
5059 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
5060 BEREncodeSecurityBits(dwInfo, acBERBuf);
5062 if (!check_string(av[U_NAME]))
5064 callback_rc = AD_INVALID_NAME;
5065 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5067 return(AD_INVALID_NAME);
5070 memset(WinHomeDir, '\0', sizeof(WinHomeDir));
5071 memset(WinProfileDir, '\0', sizeof(WinProfileDir));
5072 memset(displayName, '\0', sizeof(displayName));
5073 memset(query_base_dn, '\0', sizeof(query_base_dn));
5074 memset(filesys_name, '\0', sizeof(filesys_name));
5075 strcpy(WinHomeDir, av[U_WINHOMEDIR]);
5076 strcpy(WinProfileDir, av[U_WINPROFILEDIR]);
5077 strcpy(user_name, av[U_NAME]);
5078 sprintf(upn, "%s@%s", user_name, ldap_domain);
5079 sprintf(sam_name, "%s", av[U_NAME]);
5080 sprintf(filesys_name, "%s.po", user_name);
5082 if(strlen(av[U_FIRST])) {
5083 strcat(displayName, av[U_FIRST]);
5086 if(strlen(av[U_MIDDLE])) {
5087 if(strlen(av[U_FIRST]))
5088 strcat(displayName, " ");
5090 strcat(displayName, av[U_MIDDLE]);
5093 if(strlen(av[U_LAST])) {
5094 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]))
5095 strcat(displayName, " ");
5097 strcat(displayName, av[U_LAST]);
5100 samAccountName_v[0] = sam_name;
5101 if ((atoi(av[U_STATE]) != US_NO_PASSWD) &&
5102 (atoi(av[U_STATE]) != US_REGISTERED))
5104 userAccountControl |= UF_ACCOUNTDISABLE;
5108 hide_address_lists_v[0] = "TRUE";
5110 ADD_ATTR("msExchHideFromAddressLists", hide_address_lists_v,
5114 sprintf(address_book, "%s%s", GLOBAL_ADDRESS_LIST_PREFIX,
5116 address_book_v[0] = strdup(address_book);
5117 memset(address_book, '\0', sizeof(address_book));
5118 sprintf(address_book, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5119 address_book_v[1] = strdup(address_book);
5120 memset(address_book, '\0', sizeof(address_book));
5121 sprintf(address_book, "%s%s", EMAIL_ADDRESS_LIST_PREFIX,
5123 address_book_v[2] = strdup(address_book);
5124 memset(address_book, '\0', sizeof(address_book));
5125 sprintf(address_book, "%s%s", ALL_ADDRESS_LIST_PREFIX,
5127 address_book_v[3] = strdup(address_book);
5128 memset(address_book, '\0', sizeof(address_book));
5130 ADD_ATTR("showInAddressBook", address_book_v,
5136 sprintf(userAccountControlStr, "%ld", userAccountControl);
5137 userAccountControl_v[0] = userAccountControlStr;
5138 userPrincipalName_v[0] = upn;
5141 cn_v[0] = user_name;
5143 cn_v[0] = displayName;
5145 name_v[0] = user_name;
5146 desc_v[0] = "Auto account created by Moira";
5148 givenName_v[0] = av[U_FIRST];
5151 sn_v[0] = av[U_LAST];
5153 if(strlen(av[U_LAST]))
5154 sn_v[0] = av[U_LAST];
5156 sn_v[0] = av[U_NAME];
5158 displayName_v[0] = displayName;
5159 mail_nickname_v[0] = user_name;
5160 o_v[0] = "Massachusetts Institute of Technology";
5162 sprintf(temp, "Kerberos:%s@%s", user_name, PRIMARY_REALM);
5163 sprintf(principal, "%s@%s", user_name, PRIMARY_REALM);
5164 altSecurityIdentities_v[0] = temp;
5165 principal_v[0] = principal;
5168 sprintf(new_dn, "cn=%s,%s,%s", user_name, user_ou, call_args[1]);
5170 sprintf(new_dn, "uid=%s,%s,%s", user_name, user_ou, call_args[1]);
5172 sprintf(mail,"%s@%s", user_name, lowercase(ldap_domain));
5174 sprintf(contact_mail, "%s@exchange-forwarding.mit.edu", user_name);
5176 sprintf(contact_mail, "%s@mit.edu", user_name);
5177 sprintf(query_base_dn, "%s%s", ADDRESS_LIST_PREFIX, call_args[1]);
5178 query_base_dn_v[0] = query_base_dn;
5179 sprintf(alt_recipient, "cn=%s@exchange-forwarding.mit.edu,%s,%s", user_name,
5180 contact_ou, call_args[1]);
5181 sprintf(search_string, "@%s", uppercase(ldap_domain));
5185 if(contact_create((LDAP *)call_args[0], call_args[1], contact_mail,
5188 com_err(whoami, 0, "Unable to create user contact %s",
5192 if(find_homeMDB((LDAP *)call_args[0], call_args[1], &homeMDB,
5195 com_err(whoami, 0, "Unable to locate homeMB and homeServerName");
5199 com_err(whoami, 0, "homeMDB:%s", homeMDB);
5200 com_err(whoami, 0, "homeServerName:%s", homeServerName);
5202 homeMDB_v[0] = homeMDB;
5203 homeServerName_v[0] = homeServerName;
5208 ADD_ATTR("cn", cn_v, LDAP_MOD_ADD);
5212 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
5216 ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
5219 ADD_ATTR("sAMAccountName", samAccountName_v, LDAP_MOD_ADD);
5220 ADD_ATTR("userPrincipalName", userPrincipalName_v, LDAP_MOD_ADD);
5221 ADD_ATTR("userAccountControl", userAccountControl_v, LDAP_MOD_ADD);
5222 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
5223 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
5227 ADD_ATTR("msExchQueryBaseDN", query_base_dn_v, LDAP_MOD_ADD);
5228 ADD_ATTR("mailNickName", mail_nickname_v, LDAP_MOD_ADD);
5229 ADD_ATTR("homeMDB", homeMDB_v, LDAP_MOD_ADD);
5230 mdbUseDefaults_v[0] = "TRUE";
5231 ADD_ATTR("mdbUseDefaults", mdbUseDefaults_v, LDAP_MOD_ADD);
5232 ADD_ATTR("msExchHomeServerName", homeServerName_v, LDAP_MOD_ADD);
5234 argv[0] = user_name;
5236 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5238 if(!strcmp(save_argv[1], "EXCHANGE") ||
5239 (strstr(save_argv[3], search_string) != NULL))
5241 argv[0] = exchange_acl;
5243 argv[2] = user_name;
5245 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
5247 if ((rc) && (rc != MR_EXISTS))
5249 com_err(whoami, 0, "Unable to add user %s to %s: %s",
5250 user_name, exchange_acl, error_message(rc));
5253 if(!strcmp(save_argv[1], "SPLIT") ||
5254 !strcmp(save_argv[1], "SMTP")) {
5256 deliver_and_redirect_v[0] = "TRUE";
5257 alt_recipient_v[0] = alt_recipient;
5259 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5260 ADD_ATTR("deliverAndRedirect", deliver_and_redirect_v,
5266 alt_recipient_v[0] = alt_recipient;
5267 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5272 alt_recipient_v[0] = alt_recipient;
5273 ADD_ATTR("altRecipient", alt_recipient_v, LDAP_MOD_ADD);
5275 com_err(whoami, 0, "Unable to fetch pobox for %s", user_name);
5280 mail_v[0] = contact_mail;
5281 ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
5283 if(!ActiveDirectory)
5285 ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
5289 if(strlen(av[U_FIRST])) {
5290 ADD_ATTR("givenName", givenName_v, LDAP_MOD_ADD);
5293 if(strlen(av[U_LAST]) || strlen(av[U_NAME])) {
5294 ADD_ATTR("sn", sn_v, LDAP_MOD_ADD);
5297 if(strlen(av[U_FIRST]) || strlen(av[U_MIDDLE]) || strlen(av[U_LAST])) {
5298 ADD_ATTR("displayName", displayName_v, LDAP_MOD_ADD);
5300 if(!ActiveDirectory)
5302 ADD_ATTR("eduPersonNickname", displayName_v, LDAP_MOD_ADD);
5305 ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
5307 if(!ActiveDirectory)
5309 ADD_ATTR("eduPersonNickname", name_v, LDAP_MOD_ADD);
5313 if (strlen(av[U_MIDDLE]) == 1) {
5314 initials_v[0] = av[U_MIDDLE];
5315 ADD_ATTR("initials", initials_v, LDAP_MOD_ADD);
5318 if (strlen(call_args[2]) != 0)
5320 mitMoiraId_v[0] = call_args[2];
5321 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_ADD);
5324 ADD_ATTR("altSecurityIdentities", altSecurityIdentities_v, LDAP_MOD_ADD);
5326 if(!ActiveDirectory)
5328 loginshell_v[0] = av[U_SHELL];
5329 mitMoiraClass_v[0] = av[U_CLASS];
5330 mitMoiraStatus_v[0] = av[U_STATE];
5331 ADD_ATTR("loginShell", loginshell_v, LDAP_MOD_ADD);
5332 ADD_ATTR("uid", samAccountName_v, LDAP_MOD_ADD);
5333 ADD_ATTR("eduPersonPrincipalName", mail_v, LDAP_MOD_ADD);
5334 ADD_ATTR("o", o_v, LDAP_MOD_ADD);
5335 ADD_ATTR("mitMoiraClass", mitMoiraClass_v, LDAP_MOD_ADD);
5336 ADD_ATTR("mitMoiraStatus", mitMoiraStatus_v, LDAP_MOD_ADD);
5339 if (strlen(av[U_UID]) != 0)
5341 uid_v[0] = av[U_UID];
5345 ADD_ATTR("uid", uid_v, LDAP_MOD_ADD);
5350 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5351 ADD_ATTR("gidNumber", gid_v, LDAP_MOD_ADD);
5358 ADD_ATTR("uidNumber", uid_v, LDAP_MOD_ADD);
5362 ADD_ATTR("msSFU30UidNumber", uid_v, LDAP_MOD_ADD);
5367 if ((strlen(av[U_MITID]) != 0) && (av[U_MITID][0] == '9'))
5368 mitid_v[0] = av[U_MITID];
5370 mitid_v[0] = "none";
5372 ADD_ATTR("employeeID", mitid_v, LDAP_MOD_ADD);
5374 n = SetHomeDirectory((LDAP *)call_args[0], user_name, new_dn,
5375 WinHomeDir, WinProfileDir, homedir_v, winProfile_v,
5376 drives_v, mods, LDAP_MOD_ADD, n);
5380 sprintf(filter_exp, "(sAMAccountName=%s)", "UserTemplate.u");
5381 sprintf(search_path, "%s,%s", security_template_ou, call_args[1]);
5382 attr_array[0] = "sAMAccountName";
5383 attr_array[1] = NULL;
5387 if ((rc = linklist_build((LDAP *)call_args[0], search_path, filter_exp,
5388 attr_array, &group_base, &group_count,
5389 LDAP_SCOPE_SUBTREE) != 0))
5392 if (group_count != 1)
5394 com_err(whoami, 0, "Unable to process user security template: %s - "
5395 "security not set", "UserTemplate.u");
5399 strcpy(TemplateDn, group_base->dn);
5400 strcpy(TemplateSamName, group_base->value);
5401 linklist_free(group_base);
5405 rc = ldap_search_ext_s((LDAP *)call_args[0], search_path,
5406 LDAP_SCOPE_SUBTREE, filter_exp, NULL, 0,
5407 apsServerControls, NULL,
5410 if ((psMsg = ldap_first_entry((LDAP *)call_args[0], psMsg)) == NULL)
5412 com_err(whoami, 0, "Unable to find user security template: %s - "
5413 "security not set", "UserTemplate.u");
5417 ppsValues = ldap_get_values_len((LDAP *)call_args[0], psMsg,
5418 "ntSecurityDescriptor");
5419 if (ppsValues == NULL)
5421 com_err(whoami, 0, "Unable to find user security template: %s - "
5422 "security not set", "UserTemplate.u");
5426 ADD_ATTR("ntSecurityDescriptor", (char **)ppsValues,
5427 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
5432 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5434 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5436 OldUseSFU30 = UseSFU30;
5437 SwitchSFU(mods, &UseSFU30, n);
5438 if (OldUseSFU30 != UseSFU30)
5439 rc = ldap_add_ext_s((LDAP *)call_args[0], new_dn, mods, NULL, NULL);
5442 for (i = 0; i < n; i++)
5445 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
5447 com_err(whoami, 0, "Unable to create user %s : %s",
5448 user_name, ldap_err2string(rc));
5453 if ((rc == LDAP_SUCCESS) && (SetPassword))
5455 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5457 ad_kdc_disconnect();
5458 if (!ad_server_connect(default_server, ldap_domain))
5460 com_err(whoami, 0, "Unable to set password for user %s : %s",
5462 "cannot get changepw ticket from windows domain");
5466 if ((rc = set_password(sam_name, "", ldap_domain)) != 0)
5468 com_err(whoami, 0, "Unable to set password for user %s "
5469 ": %ld", user_name, rc);
5475 if(!ActiveDirectory)
5477 if (rc = moira_connect())
5479 critical_alert("Ldap incremental",
5480 "Error contacting Moira server : %s",
5485 argv[0] = filesys_name;
5487 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
5491 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5494 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5496 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5501 "Unable to set the mitMoiraIMAPAddress for %s : %s",
5502 user_name, ldap_err2string(rc));
5504 sprintf(temp, "%s@%s", user_name, save_argv[FS_MACHINE]);
5506 mit_moira_imap_address_v[0] = temp;
5509 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5512 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5514 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5518 com_err(whoami, 0, "Unable to set the mitMoiraIMAPAddress for "
5519 "%s : %s", user_name, ldap_err2string(rc));
5520 } else if(rc==MR_NO_MATCH) {
5523 ADD_ATTR("mitMoiraIMAPAddress", mit_moira_imap_address_v,
5526 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5528 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5533 "Unable to set the mitMoiraIMAPAddress for %s : %s",
5534 user_name, ldap_err2string(rc));
5538 argv[0] = user_name;
5540 if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
5543 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
5545 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5547 if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
5552 "Unable to set the mailRoutingAddress for %s : %s",
5553 user_name, ldap_err2string(rc));
5555 p = strdup(save_argv[3]);
5557 if((c = strchr(p, ',')) != NULL) {
5561 if ((c = strchr(q, '@')) == NULL)
5562 sprintf(temp, "%s@mit.edu", q);
5564 sprintf(temp, "%s", q);
5566 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5568 mail_routing_v[0] = temp;
5571 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5573 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5575 if (rc == LDAP_ALREADY_EXISTS ||
5576 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5581 "Unable to set the mailRoutingAddress for %s : %s",
5582 user_name, ldap_err2string(rc));
5585 while((q = strtok(NULL, ",")) != NULL) {
5588 if((c = strchr(q, '@')) == NULL)
5589 sprintf(temp, "%s@mit.edu", q);
5591 sprintf(temp, "%s", q);
5593 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5595 mail_routing_v[0] = temp;
5598 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5600 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5602 if (rc == LDAP_ALREADY_EXISTS ||
5603 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5608 "Unable to set the mailRoutingAddress for %s : %s",
5609 user_name, ldap_err2string(rc));
5615 if((c = strchr(p, '@')) == NULL)
5616 sprintf(temp, "%s@mit.edu", p);
5618 sprintf(temp, "%s", p);
5620 if(email_isvalid(temp) && atoi(av[U_STATE]) != US_DELETED)
5622 mail_routing_v[0] = temp;
5625 ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
5627 rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
5629 if (rc == LDAP_ALREADY_EXISTS ||
5630 rc == LDAP_TYPE_OR_VALUE_EXISTS)
5635 "Unable to set the mailRoutingAddress for %s : %s",
5636 user_name, ldap_err2string(rc));
5646 int user_change_status(LDAP *ldap_handle, char *dn_path,
5647 char *user_name, char *MoiraId,
5651 char *attr_array[3];
5653 char distinguished_name[1024];
5655 char *mitMoiraId_v[] = {NULL, NULL};
5657 LK_ENTRY *group_base;
5664 if (!check_string(user_name))
5666 com_err(whoami, 0, "Unable to process invalid LDAP user name %s",
5668 return(AD_INVALID_NAME);
5674 if (strlen(MoiraId) != 0)
5676 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5677 attr_array[0] = "UserAccountControl";
5678 attr_array[1] = NULL;
5679 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5680 &group_base, &group_count,
5681 LDAP_SCOPE_SUBTREE)) != 0)
5683 com_err(whoami, 0, "Unable to process user %s : %s",
5684 user_name, ldap_err2string(rc));
5689 if (group_count != 1)
5691 linklist_free(group_base);
5694 sprintf(filter, "(sAMAccountName=%s)", user_name);
5695 attr_array[0] = "UserAccountControl";
5696 attr_array[1] = NULL;
5697 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5698 &group_base, &group_count,
5699 LDAP_SCOPE_SUBTREE)) != 0)
5701 com_err(whoami, 0, "Unable to process user %s : %s",
5702 user_name, ldap_err2string(rc));
5707 if (group_count != 1)
5709 linklist_free(group_base);
5710 com_err(whoami, 0, "Unable to find user %s in directory",
5712 return(LDAP_NO_SUCH_OBJECT);
5715 strcpy(distinguished_name, group_base->dn);
5716 ulongValue = atoi((*group_base).value);
5718 if (operation == MEMBER_DEACTIVATE)
5719 ulongValue |= UF_ACCOUNTDISABLE;
5721 ulongValue &= ~UF_ACCOUNTDISABLE;
5723 sprintf(temp, "%ld", ulongValue);
5725 if ((rc = construct_newvalues(group_base, group_count, (*group_base).value,
5726 temp, &modvalues, REPLACE)) == 1)
5729 linklist_free(group_base);
5733 ADD_ATTR("UserAccountControl", modvalues, LDAP_MOD_REPLACE);
5735 if (strlen(MoiraId) != 0)
5737 mitMoiraId_v[0] = MoiraId;
5738 ADD_ATTR("mitMoiraId", mitMoiraId_v, LDAP_MOD_REPLACE);
5742 rc = ldap_modify_s(ldap_handle, distinguished_name, mods);
5744 for (i = 0; i < n; i++)
5747 free_values(modvalues);
5749 if (rc != LDAP_SUCCESS)
5751 com_err(whoami, 0, "Unable to change status of user %s : %s",
5752 user_name, ldap_err2string(rc));
5759 int user_delete(LDAP *ldap_handle, char *dn_path,
5760 char *u_name, char *MoiraId)
5763 char *attr_array[3];
5764 char distinguished_name[1024];
5765 char user_name[512];
5766 LK_ENTRY *group_base;
5771 if (!check_string(u_name))
5772 return(AD_INVALID_NAME);
5774 strcpy(user_name, u_name);
5778 if (strlen(MoiraId) != 0)
5780 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
5781 attr_array[0] = "name";
5782 attr_array[1] = NULL;
5783 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5784 &group_base, &group_count,
5785 LDAP_SCOPE_SUBTREE)) != 0)
5787 com_err(whoami, 0, "Unable to process user %s : %s",
5788 user_name, ldap_err2string(rc));
5793 if (group_count != 1)
5795 linklist_free(group_base);
5798 sprintf(filter, "(sAMAccountName=%s)", user_name);
5799 attr_array[0] = "name";
5800 attr_array[1] = NULL;
5801 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
5802 &group_base, &group_count,
5803 LDAP_SCOPE_SUBTREE)) != 0)
5805 com_err(whoami, 0, "Unable to process user %s : %s",
5806 user_name, ldap_err2string(rc));
5811 if (group_count != 1)
5816 strcpy(distinguished_name, group_base->dn);
5818 if (rc = ldap_delete_s(ldap_handle, distinguished_name))
5820 com_err(whoami, 0, "Unable to process user %s : %s",
5821 user_name, ldap_err2string(rc));
5824 /* Need to add code to delete mit.edu contact */
5828 sprintf(temp, "cn=%s@mit.edu,%s,%s", user_name, contact_ou, dn_path);
5830 if(rc = ldap_delete_s(ldap_handle, temp))
5832 com_err(whoami, 0, "Unable to delete user contact for %s",
5838 linklist_free(group_base);
5843 void linklist_free(LK_ENTRY *linklist_base)
5845 LK_ENTRY *linklist_previous;
5847 while (linklist_base != NULL)
5849 if (linklist_base->dn != NULL)
5850 free(linklist_base->dn);
5852 if (linklist_base->attribute != NULL)
5853 free(linklist_base->attribute);
5855 if (linklist_base->value != NULL)
5856 free(linklist_base->value);
5858 if (linklist_base->member != NULL)
5859 free(linklist_base->member);
5861 if (linklist_base->type != NULL)
5862 free(linklist_base->type);
5864 if (linklist_base->list != NULL)
5865 free(linklist_base->list);
5867 linklist_previous = linklist_base;
5868 linklist_base = linklist_previous->next;
5869 free(linklist_previous);
5873 void free_values(char **modvalues)
5879 if (modvalues != NULL)
5881 while (modvalues[i] != NULL)
5884 modvalues[i] = NULL;
5891 static int illegalchars[] = {
5892 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5893 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5894 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, /* SPACE - / */
5895 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, /* 0 - ? */
5896 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5897 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, /* P - _ */
5898 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5899 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5900 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5901 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5902 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5903 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5904 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5905 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5906 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5907 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5910 static int illegalchars_ldap[] = {
5911 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
5912 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
5913 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
5914 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
5915 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
5916 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
5917 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* ` - o */
5918 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* p - ^? */
5919 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5920 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5921 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5922 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5923 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5924 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5925 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5926 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
5929 int check_string(char *s)
5940 if (isupper(character))
5941 character = tolower(character);
5945 if (illegalchars[(unsigned) character])
5947 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5948 character, (unsigned) character, string);
5954 if (illegalchars_ldap[(unsigned) character])
5956 com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
5957 character, (unsigned) character, string);
5966 int check_container_name(char *s)
5974 if (isupper(character))
5975 character = tolower(character);
5977 if (character == ' ')
5980 if (illegalchars[(unsigned) character])
5987 int mr_connect_cl(char *server, char *client, int version, int auth)
5993 status = mr_connect(server);
5997 com_err(whoami, status, "while connecting to Moira");
6001 status = mr_motd(&motd);
6006 com_err(whoami, status, "while checking server status");
6012 sprintf(temp, "The Moira server is currently unavailable: %s", motd);
6013 com_err(whoami, status, temp);
6018 status = mr_version(version);
6022 if (status == MR_UNKNOWN_PROC)
6025 status = MR_VERSION_HIGH;
6027 status = MR_SUCCESS;
6030 if (status == MR_VERSION_HIGH)
6032 com_err(whoami, 0, "Warning: This client is running newer code "
6033 "than the server.");
6034 com_err(whoami, 0, "Some operations may not work.");
6036 else if (status && status != MR_VERSION_LOW)
6038 com_err(whoami, status, "while setting query version number.");
6046 status = mr_krb5_auth(client);
6049 com_err(whoami, status, "while authenticating to Moira.");
6058 void AfsToWinAfs(char* path, char* winPath)
6062 strcpy(winPath, WINAFS);
6063 pathPtr = path + strlen(AFS);
6064 winPathPtr = winPath + strlen(WINAFS);
6068 if (*pathPtr == '/')
6071 *winPathPtr = *pathPtr;
6078 int GetAceInfo(int ac, char **av, void *ptr)
6085 strcpy(call_args[0], av[L_ACE_TYPE]);
6086 strcpy(call_args[1], av[L_ACE_NAME]);
6088 get_group_membership(call_args[2], call_args[3], &security_flag, av);
6089 return(LDAP_SUCCESS);
6092 int checkADname(LDAP *ldap_handle, char *dn_path, char *Name)
6095 char *attr_array[3];
6098 LK_ENTRY *group_base;
6103 sprintf(filter, "(sAMAccountName=%s)", Name);
6104 attr_array[0] = "sAMAccountName";
6105 attr_array[1] = NULL;
6107 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6108 &group_base, &group_count,
6109 LDAP_SCOPE_SUBTREE)) != 0)
6111 com_err(whoami, 0, "Unable to process ACE name %s : %s",
6112 Name, ldap_err2string(rc));
6116 linklist_free(group_base);
6119 if (group_count == 0)
6127 int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
6128 int UpdateGroup, int *ProcessGroup, char *maillist,
6132 char GroupName[256];
6138 char AceMembership[2];
6141 char *save_argv[U_END];
6145 com_err(whoami, 0, "ProcessAce disabled, skipping");
6149 strcpy(GroupName, Name);
6151 if (strcasecmp(Type, "LIST"))
6157 AceInfo[0] = AceType;
6158 AceInfo[1] = AceName;
6159 AceInfo[2] = AceMembership;
6161 memset(AceType, '\0', sizeof(AceType));
6162 memset(AceName, '\0', sizeof(AceName));
6163 memset(AceMembership, '\0', sizeof(AceMembership));
6164 memset(AceOu, '\0', sizeof(AceOu));
6167 if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
6169 if(rc != MR_NO_MATCH)
6170 com_err(whoami, 0, "Unable to get ACE info for list %s : %s",
6171 GroupName, error_message(rc));
6178 com_err(whoami, 0, "Unable to get ACE info for list %s", GroupName);
6182 if ((strcasecmp(AceType, "USER")) && (strcasecmp(AceType, "LIST")))
6185 strcpy(temp, AceName);
6187 if (!strcasecmp(AceType, "LIST"))
6188 sprintf(temp, "%s%s", AceName, group_suffix);
6192 if (checkADname(ldap_handle, dn_path, temp))
6195 (*ProcessGroup) = 1;
6198 if (!strcasecmp(AceInfo[0], "LIST"))
6200 if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu,
6201 AceMembership, 0, UpdateGroup, maillist,
6205 populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
6208 else if (!strcasecmp(AceInfo[0], "USER"))
6211 call_args[0] = (char *)ldap_handle;
6212 call_args[1] = dn_path;
6214 call_args[3] = NULL;
6217 if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
6218 !strcasecmp(AceName, TEST_PRINCIPAL))
6223 if (rc = mr_query("get_user_account_by_login", 1, av,
6224 save_query_info, save_argv))
6226 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6231 if (rc = user_create(U_END, save_argv, call_args))
6233 com_err(whoami, 0, "Unable to process user ACE %s for group %s.",
6240 com_err(whoami, 0, "Unable to process user Ace %s for group %s",
6250 if (!strcasecmp(AceType, "LIST"))
6252 if (!strcasecmp(GroupName, AceName))
6256 strcpy(GroupName, AceName);
6262 int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6263 char *group_name, char *group_ou, char *group_membership,
6264 int group_security_flag, int updateGroup, char *maillist,
6270 LK_ENTRY *group_base;
6273 char *attr_array[3];
6276 call_args[0] = (char *)ldap_handle;
6277 call_args[1] = dn_path;
6278 call_args[2] = group_name;
6279 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
6280 call_args[4] = (char *)updateGroup;
6281 call_args[5] = MoiraId;
6283 call_args[7] = NULL;
6289 if (rc = mr_query("get_list_info", 1, av, group_create, call_args))
6292 com_err(whoami, 0, "Unable to create list %s : %s", group_name,
6300 com_err(whoami, 0, "Unable to create list %s", group_name);
6301 return(callback_rc);
6307 int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
6308 char *group_ou, char *group_membership,
6309 int group_security_flag, char *MoiraId,
6325 char *member_v[] = {NULL, NULL};
6326 char *save_argv[U_END];
6327 char machine_ou[256];
6328 char NewMachineName[1024];
6330 com_err(whoami, 0, "Populating group %s", group_name);
6332 call_args[0] = (char *)ldap_handle;
6333 call_args[1] = dn_path;
6334 call_args[2] = group_name;
6335 call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
6337 call_args[4] = NULL;
6341 if (rc = mr_query("get_end_members_of_list", 1, av,
6342 member_list_build, call_args))
6347 com_err(whoami, 0, "Unable to populate list %s : %s",
6348 group_name, error_message(rc));
6352 if (member_base != NULL)
6358 if (!strcasecmp(ptr->type, "LIST"))
6364 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6370 if(!strcasecmp(ptr->type, "USER"))
6372 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6373 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6385 if(max_group_members && !synchronize && (group_members > max_group_members))
6388 "Group %s membership of %d exceeds maximum %d, skipping",
6389 group_name, group_members, max_group_members);
6393 members = (char **)malloc(sizeof(char *) * 2);
6395 if (member_base != NULL)
6401 if (!strcasecmp(ptr->type, "LIST"))
6407 if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
6413 if(!strcasecmp(ptr->type, "USER"))
6415 if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
6416 !strcasecmp(ptr->member, TEST_PRINCIPAL))
6422 if ((rc = check_user(ldap_handle, dn_path, ptr->member,
6423 "")) == AD_NO_USER_FOUND)
6425 com_err(whoami, 0, "creating user %s", ptr->member);
6427 av[0] = ptr->member;
6428 call_args[0] = (char *)ldap_handle;
6429 call_args[1] = dn_path;
6431 call_args[3] = NULL;
6434 if (rc = mr_query("get_user_account_by_login", 1, av,
6435 save_query_info, save_argv))
6437 com_err(whoami, 0, "Unable to create user %s "
6438 "while populating group %s.", ptr->member,
6444 if (rc = user_create(U_END, save_argv, call_args))
6446 com_err(whoami, 0, "Unable to create user %s "
6447 "while populating group %s.", ptr->member,
6455 com_err(whoami, 0, "Unable to create user %s "
6456 "while populating group %s", ptr->member,
6467 sprintf(member, "cn=%s,%s,%s", ptr->member, pUserOu,
6472 sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu,
6476 else if (!strcasecmp(ptr->type, "STRING"))
6478 if (contact_create(ldap_handle, dn_path, ptr->member,
6482 pUserOu = contact_ou;
6483 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6486 else if (!strcasecmp(ptr->type, "KERBEROS"))
6488 if (contact_create(ldap_handle, dn_path, ptr->member,
6492 pUserOu = kerberos_ou;
6493 sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
6496 else if (!strcasecmp(ptr->type, "MACHINE"))
6498 memset(machine_ou, '\0', sizeof(machine_ou));
6499 memset(NewMachineName, '\0', sizeof(NewMachineName));
6501 if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
6502 machine_ou, NewMachineName))
6504 pUserOu = machine_ou;
6505 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
6516 members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
6517 members[i++] = strdup(member);
6522 linklist_free(member_base);
6528 sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
6530 if(GroupPopulateDelete)
6533 ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
6536 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6537 mods)) != LDAP_SUCCESS)
6540 "Unable to populate group membership for %s: %s",
6541 group_dn, ldap_err2string(rc));
6544 for (i = 0; i < n; i++)
6549 ADD_ATTR("member", members, LDAP_MOD_REPLACE);
6552 if ((rc = ldap_modify_s(ldap_handle, group_dn,
6553 mods)) != LDAP_SUCCESS)
6556 "Unable to populate group membership for %s: %s",
6557 group_dn, ldap_err2string(rc));
6560 for (i = 0; i < n; i++)
6568 int process_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
6569 char *group_name, char *group_ou, char *group_membership,
6570 int group_security_flag, int type, char *maillist,
6573 char before_desc[512];
6574 char before_name[256];
6575 char before_group_ou[256];
6576 char before_group_membership[2];
6577 char distinguishedName[256];
6578 char ad_distinguishedName[256];
6580 char *attr_array[3];
6581 int before_security_flag;
6584 LK_ENTRY *group_base;
6587 char ou_security[512];
6588 char ou_distribution[512];
6589 char ou_neither[512];
6592 memset(ad_distinguishedName, '\0', sizeof(ad_distinguishedName));
6593 sprintf(distinguishedName, "CN=%s,%s,%s", group_name, group_ou, dn_path);
6595 memset(filter, '\0', sizeof(filter));
6599 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6601 "samAccountName", &group_base,
6602 &group_count, filter))
6605 if (type == CHECK_GROUPS)
6607 if (group_count == 1)
6609 strcpy(group_dn, group_base->dn);
6611 if (!strcasecmp(group_dn, distinguishedName))
6613 linklist_free(group_base);
6618 linklist_free(group_base);
6620 if (group_count == 0)
6621 return(AD_NO_GROUPS_FOUND);
6623 if (group_count == 1)
6624 return(AD_WRONG_GROUP_DN_FOUND);
6626 return(AD_MULTIPLE_GROUPS_FOUND);
6629 if (group_count == 0)
6631 return(AD_NO_GROUPS_FOUND);
6634 if (group_count > 1)
6638 strcpy(group_dn, ptr->dn);
6642 if (!strcasecmp(group_dn, ptr->value))
6650 com_err(whoami, 0, "%d groups with moira id = %s", group_count,
6656 com_err(whoami, 0, "%s with moira id = %s", ptr->value, MoiraId);
6660 linklist_free(group_base);
6661 return(AD_MULTIPLE_GROUPS_FOUND);
6668 strcpy(group_dn, ptr->dn);
6670 if (strcasecmp(group_dn, ptr->value))
6671 rc = ldap_delete_s(ldap_handle, ptr->value);
6676 linklist_free(group_base);
6677 memset(filter, '\0', sizeof(filter));
6681 if (rc = ad_get_group(ldap_handle, dn_path, group_name,
6683 "samAccountName", &group_base,
6684 &group_count, filter))
6687 if (group_count == 0)
6688 return(AD_NO_GROUPS_FOUND);
6690 if (group_count > 1)
6691 return(AD_MULTIPLE_GROUPS_FOUND);
6694 strcpy(ad_distinguishedName, group_base->dn);
6695 linklist_free(group_base);
6699 attr_array[0] = "sAMAccountName";
6700 attr_array[1] = NULL;
6702 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6703 &group_base, &group_count,
6704 LDAP_SCOPE_SUBTREE)) != 0)
6706 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6707 MoiraId, ldap_err2string(rc));
6711 sprintf(filter, "(sAMAccountName=%s)", group_base->value);
6713 if (!strcasecmp(ad_distinguishedName, distinguishedName))
6715 linklist_free(group_base);
6721 linklist_free(group_base);
6724 memset(ou_both, '\0', sizeof(ou_both));
6725 memset(ou_security, '\0', sizeof(ou_security));
6726 memset(ou_distribution, '\0', sizeof(ou_distribution));
6727 memset(ou_neither, '\0', sizeof(ou_neither));
6728 memset(before_name, '\0', sizeof(before_name));
6729 memset(before_desc, '\0', sizeof(before_desc));
6730 memset(before_group_membership, '\0', sizeof(before_group_membership));
6732 attr_array[0] = "name";
6733 attr_array[1] = NULL;
6735 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6736 &group_base, &group_count,
6737 LDAP_SCOPE_SUBTREE)) != 0)
6739 com_err(whoami, 0, "Unable to get list name with MoiraId = %s: %s",
6740 MoiraId, ldap_err2string(rc));
6744 strcpy(before_name, group_base->value);
6745 linklist_free(group_base);
6749 attr_array[0] = "description";
6750 attr_array[1] = NULL;
6752 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6753 &group_base, &group_count,
6754 LDAP_SCOPE_SUBTREE)) != 0)
6757 "Unable to get list description with MoiraId = %s: %s",
6758 MoiraId, ldap_err2string(rc));
6762 if (group_count != 0)
6764 strcpy(before_desc, group_base->value);
6765 linklist_free(group_base);
6770 change_to_lower_case(ad_distinguishedName);
6771 strcpy(ou_both, group_ou_both);
6772 change_to_lower_case(ou_both);
6773 strcpy(ou_security, group_ou_security);
6774 change_to_lower_case(ou_security);
6775 strcpy(ou_distribution, group_ou_distribution);
6776 change_to_lower_case(ou_distribution);
6777 strcpy(ou_neither, group_ou_neither);
6778 change_to_lower_case(ou_neither);
6780 if (strstr(ad_distinguishedName, ou_both))
6782 strcpy(before_group_ou, group_ou_both);
6783 before_group_membership[0] = 'B';
6784 before_security_flag = 1;
6786 else if (strstr(ad_distinguishedName, ou_security))
6788 strcpy(before_group_ou, group_ou_security);
6789 before_group_membership[0] = 'S';
6790 before_security_flag = 1;
6792 else if (strstr(ad_distinguishedName, ou_distribution))
6794 strcpy(before_group_ou, group_ou_distribution);
6795 before_group_membership[0] = 'D';
6796 before_security_flag = 0;
6798 else if (strstr(ad_distinguishedName, ou_neither))
6800 strcpy(before_group_ou, group_ou_neither);
6801 before_group_membership[0] = 'N';
6802 before_security_flag = 0;
6805 return(AD_NO_OU_FOUND);
6807 rc = group_rename(ldap_handle, dn_path, before_name,
6808 before_group_membership,
6809 before_group_ou, before_security_flag, before_desc,
6810 group_name, group_membership, group_ou,
6811 group_security_flag,
6812 before_desc, MoiraId, filter, maillist, nfsgroup);
6817 void change_to_lower_case(char *ptr)
6821 for (i = 0; i < (int)strlen(ptr); i++)
6823 ptr[i] = tolower(ptr[i]);
6827 int ad_get_group(LDAP *ldap_handle, char *dn_path,
6828 char *group_name, char *group_membership,
6829 char *MoiraId, char *attribute,
6830 LK_ENTRY **linklist_base, int *linklist_count,
6835 char *attr_array[3];
6839 (*linklist_base) = NULL;
6840 (*linklist_count) = 0;
6842 if (strlen(rFilter) != 0)
6844 strcpy(filter, rFilter);
6845 attr_array[0] = attribute;
6846 attr_array[1] = NULL;
6848 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6849 linklist_base, linklist_count,
6850 LDAP_SCOPE_SUBTREE)) != 0)
6852 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6853 MoiraId, ldap_err2string(rc));
6857 if ((*linklist_count) == 1)
6859 strcpy(rFilter, filter);
6864 linklist_free((*linklist_base));
6865 (*linklist_base) = NULL;
6866 (*linklist_count) = 0;
6868 if (strlen(MoiraId) != 0)
6870 sprintf(filter, "(&(objectClass=group)(mitMoiraId=%s))", MoiraId);
6872 attr_array[0] = attribute;
6873 attr_array[1] = NULL;
6875 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6876 linklist_base, linklist_count,
6877 LDAP_SCOPE_SUBTREE)) != 0)
6879 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6880 MoiraId, ldap_err2string(rc));
6885 if ((*linklist_count) > 1)
6887 com_err(whoami, 0, "multiple groups with mitMoiraId = %s", MoiraId);
6888 pPtr = (*linklist_base);
6892 com_err(whoami, 0, "groups %s has mitMoiraId = %s", pPtr->value,
6897 linklist_free((*linklist_base));
6898 (*linklist_base) = NULL;
6899 (*linklist_count) = 0;
6902 if ((*linklist_count) == 1)
6905 pPtr = (*linklist_base);
6906 dn = strdup(pPtr->dn);
6909 if (!memcmp(dn, group_name, strlen(group_name)))
6911 strcpy(rFilter, filter);
6916 linklist_free((*linklist_base));
6917 (*linklist_base) = NULL;
6918 (*linklist_count) = 0;
6919 sprintf(filter, "(sAMAccountName=%s%s)", group_name, group_suffix);
6921 attr_array[0] = attribute;
6922 attr_array[1] = NULL;
6924 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6925 linklist_base, linklist_count,
6926 LDAP_SCOPE_SUBTREE)) != 0)
6928 com_err(whoami, 0, "Unable to get list info with MoiraId = %s: %s",
6929 MoiraId, ldap_err2string(rc));
6933 if ((*linklist_count) == 1)
6935 strcpy(rFilter, filter);
6942 int check_user(LDAP *ldap_handle, char *dn_path, char *UserName, char *MoiraId)
6945 char *attr_array[3];
6946 char SamAccountName[64];
6949 LK_ENTRY *group_base;
6955 if (strlen(MoiraId) != 0)
6957 sprintf(filter, "(&(objectClass=user)(mitMoiraId=%s))", MoiraId);
6959 attr_array[0] = "sAMAccountName";
6960 attr_array[1] = NULL;
6961 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6962 &group_base, &group_count,
6963 LDAP_SCOPE_SUBTREE)) != 0)
6965 com_err(whoami, 0, "Unable to process user %s : %s",
6966 UserName, ldap_err2string(rc));
6970 if (group_count > 1)
6972 com_err(whoami, 0, "multiple users exist with MoiraId = %s",
6978 com_err(whoami, 0, "user %s exist with MoiraId = %s",
6979 gPtr->value, MoiraId);
6985 if (group_count != 1)
6987 linklist_free(group_base);
6990 sprintf(filter, "(sAMAccountName=%s)", UserName);
6991 attr_array[0] = "sAMAccountName";
6992 attr_array[1] = NULL;
6994 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
6995 &group_base, &group_count,
6996 LDAP_SCOPE_SUBTREE)) != 0)
6998 com_err(whoami, 0, "Unable to process user %s : %s",
6999 UserName, ldap_err2string(rc));
7004 if (group_count != 1)
7006 linklist_free(group_base);
7007 return(AD_NO_USER_FOUND);
7010 strcpy(SamAccountName, group_base->value);
7011 linklist_free(group_base);
7015 if (strcmp(SamAccountName, UserName))
7018 "User object %s with MoiraId %s has mismatched usernames "
7019 "(LDAP username %s, Moira username %s)", SamAccountName,
7020 MoiraId, SamAccountName, UserName);
7026 void container_get_dn(char *src, char *dest)
7033 memset(array, '\0', 20 * sizeof(array[0]));
7035 if (strlen(src) == 0)
7057 strcpy(dest, "OU=");
7061 strcat(dest, array[n-1]);
7065 strcat(dest, ",OU=");
7072 void container_get_name(char *src, char *dest)
7077 if (strlen(src) == 0)
7097 void container_check(LDAP *ldap_handle, char *dn_path, char *name)
7104 strcpy(cName, name);
7106 for (i = 0; i < (int)strlen(cName); i++)
7108 if (cName[i] == '/')
7111 av[CONTAINER_NAME] = cName;
7112 av[CONTAINER_DESC] = "";
7113 av[CONTAINER_LOCATION] = "";
7114 av[CONTAINER_CONTACT] = "";
7115 av[CONTAINER_TYPE] = "";
7116 av[CONTAINER_ID] = "";
7117 av[CONTAINER_ROWID] = "";
7118 rc = container_create(ldap_handle, dn_path, 7, av);
7120 if (rc == LDAP_SUCCESS)
7122 com_err(whoami, 0, "container %s created without a mitMoiraId",
7131 int container_rename(LDAP *ldap_handle, char *dn_path, int beforec,
7132 char **before, int afterc, char **after)
7137 char new_dn_path[256];
7139 char distinguishedName[256];
7144 memset(cName, '\0', sizeof(cName));
7145 container_get_name(after[CONTAINER_NAME], cName);
7147 if (!check_container_name(cName))
7149 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7151 return(AD_INVALID_NAME);
7154 memset(distinguishedName, '\0', sizeof(distinguishedName));
7156 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7157 distinguishedName, beforec, before))
7160 if (strlen(distinguishedName) == 0)
7162 rc = container_create(ldap_handle, dn_path, afterc, after);
7166 strcpy(temp, after[CONTAINER_NAME]);
7169 for (i = 0; i < (int)strlen(temp); i++)
7179 container_get_dn(temp, dName);
7181 if (strlen(temp) != 0)
7182 sprintf(new_dn_path, "%s,%s", dName, dn_path);
7184 sprintf(new_dn_path, "%s", dn_path);
7186 sprintf(new_cn, "OU=%s", cName);
7188 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7190 if ((rc = ldap_rename_s(ldap_handle, distinguishedName, new_cn, new_dn_path,
7191 TRUE, NULL, NULL)) != LDAP_SUCCESS)
7193 com_err(whoami, 0, "Unable to rename container from %s to %s : %s",
7194 before[CONTAINER_NAME], after[CONTAINER_NAME],
7195 ldap_err2string(rc));
7199 memset(dName, '\0', sizeof(dName));
7200 container_get_dn(after[CONTAINER_NAME], dName);
7201 rc = container_adupdate(ldap_handle, dn_path, dName, "", afterc, after);
7206 int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
7208 char distinguishedName[256];
7211 memset(distinguishedName, '\0', sizeof(distinguishedName));
7213 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7214 distinguishedName, count, av))
7217 if (strlen(distinguishedName) == 0)
7220 if ((rc = ldap_delete_s(ldap_handle, distinguishedName)) != LDAP_SUCCESS)
7222 if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
7223 container_move_objects(ldap_handle, dn_path, distinguishedName);
7225 com_err(whoami, 0, "Unable to delete container %s from directory : %s",
7226 av[CONTAINER_NAME], ldap_err2string(rc));
7232 int container_create(LDAP *ldap_handle, char *dn_path, int count, char **av)
7234 char *attr_array[3];
7235 LK_ENTRY *group_base;
7238 char *objectClass_v[] = {"top",
7239 "organizationalUnit",
7242 char *ou_v[] = {NULL, NULL};
7243 char *name_v[] = {NULL, NULL};
7244 char *moiraId_v[] = {NULL, NULL};
7245 char *desc_v[] = {NULL, NULL};
7246 char *managedBy_v[] = {NULL, NULL};
7249 char managedByDN[256];
7256 memset(filter, '\0', sizeof(filter));
7257 memset(dName, '\0', sizeof(dName));
7258 memset(cName, '\0', sizeof(cName));
7259 memset(managedByDN, '\0', sizeof(managedByDN));
7260 container_get_dn(av[CONTAINER_NAME], dName);
7261 container_get_name(av[CONTAINER_NAME], cName);
7263 if ((strlen(cName) == 0) || (strlen(dName) == 0))
7265 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7267 return(AD_INVALID_NAME);
7270 if (!check_container_name(cName))
7272 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7274 return(AD_INVALID_NAME);
7278 ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
7280 ADD_ATTR("name", name_v, LDAP_MOD_ADD);
7282 ADD_ATTR("ou", ou_v, LDAP_MOD_ADD);
7284 if (strlen(av[CONTAINER_ROWID]) != 0)
7286 moiraId_v[0] = av[CONTAINER_ROWID];
7287 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_ADD);
7290 if (strlen(av[CONTAINER_DESC]) != 0)
7292 desc_v[0] = av[CONTAINER_DESC];
7293 ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
7296 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7298 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7300 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7303 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7304 kerberos_ou, dn_path);
7305 managedBy_v[0] = managedByDN;
7306 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7311 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7313 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7314 "(objectClass=user)))", av[CONTAINER_ID]);
7317 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7319 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7323 if (strlen(filter) != 0)
7325 attr_array[0] = "distinguishedName";
7326 attr_array[1] = NULL;
7329 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7331 &group_base, &group_count,
7332 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7334 if (group_count == 1)
7336 strcpy(managedByDN, group_base->value);
7337 managedBy_v[0] = managedByDN;
7338 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_ADD);
7340 linklist_free(group_base);
7350 sprintf(temp, "%s,%s", dName, dn_path);
7351 rc = ldap_add_ext_s(ldap_handle, temp, mods, NULL, NULL);
7353 for (i = 0; i < n; i++)
7356 if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
7358 com_err(whoami, 0, "Unable to create container %s : %s",
7359 cName, ldap_err2string(rc));
7363 if (rc == LDAP_ALREADY_EXISTS)
7365 if (strlen(av[CONTAINER_ROWID]) != 0)
7366 rc = container_adupdate(ldap_handle, dn_path, dName, "", count, av);
7372 int container_update(LDAP *ldap_handle, char *dn_path, int beforec,
7373 char **before, int afterc, char **after)
7375 char distinguishedName[256];
7378 memset(distinguishedName, '\0', sizeof(distinguishedName));
7380 if (rc = container_get_distinguishedName(ldap_handle, dn_path,
7381 distinguishedName, afterc, after))
7384 if (strlen(distinguishedName) == 0)
7386 rc = container_create(ldap_handle, dn_path, afterc, after);
7390 container_check(ldap_handle, dn_path, after[CONTAINER_NAME]);
7391 rc = container_adupdate(ldap_handle, dn_path, "", distinguishedName, afterc,
7397 int container_get_distinguishedName(LDAP *ldap_handle, char *dn_path,
7398 char *distinguishedName, int count,
7401 char *attr_array[3];
7402 LK_ENTRY *group_base;
7409 memset(filter, '\0', sizeof(filter));
7410 memset(dName, '\0', sizeof(dName));
7411 memset(cName, '\0', sizeof(cName));
7412 container_get_dn(av[CONTAINER_NAME], dName);
7413 container_get_name(av[CONTAINER_NAME], cName);
7415 if (strlen(dName) == 0)
7417 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7418 av[CONTAINER_NAME]);
7419 return(AD_INVALID_NAME);
7422 if (!check_container_name(cName))
7424 com_err(whoami, 0, "Unable to process invalid LDAP container name %s",
7426 return(AD_INVALID_NAME);
7429 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7430 av[CONTAINER_ROWID]);
7431 attr_array[0] = "distinguishedName";
7432 attr_array[1] = NULL;
7436 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7437 &group_base, &group_count,
7438 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7440 if (group_count == 1)
7442 strcpy(distinguishedName, group_base->value);
7445 linklist_free(group_base);
7450 if (strlen(distinguishedName) == 0)
7452 sprintf(filter, "(&(objectClass=organizationalUnit)"
7453 "(distinguishedName=%s,%s))", dName, dn_path);
7454 attr_array[0] = "distinguishedName";
7455 attr_array[1] = NULL;
7459 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7460 &group_base, &group_count,
7461 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7463 if (group_count == 1)
7465 strcpy(distinguishedName, group_base->value);
7468 linklist_free(group_base);
7477 int container_adupdate(LDAP *ldap_handle, char *dn_path, char *dName,
7478 char *distinguishedName, int count, char **av)
7480 char *attr_array[5];
7481 LK_ENTRY *group_base;
7486 char *moiraId_v[] = {NULL, NULL};
7487 char *desc_v[] = {NULL, NULL};
7488 char *managedBy_v[] = {NULL, NULL};
7489 char managedByDN[256];
7498 strcpy(ad_path, distinguishedName);
7500 if (strlen(dName) != 0)
7501 sprintf(ad_path, "%s,%s", dName, dn_path);
7503 sprintf(filter, "(&(objectClass=organizationalUnit)(distinguishedName=%s))",
7506 if (strlen(av[CONTAINER_ID]) != 0)
7507 sprintf(filter, "(&(objectClass=organizationalUnit)(mitMoiraId=%s))",
7508 av[CONTAINER_ROWID]);
7510 attr_array[0] = "mitMoiraId";
7511 attr_array[1] = "description";
7512 attr_array[2] = "managedBy";
7513 attr_array[3] = NULL;
7517 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7518 &group_base, &group_count,
7519 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7521 com_err(whoami, 0, "Unable to retreive container info for %s : %s",
7522 av[CONTAINER_NAME], ldap_err2string(rc));
7526 memset(managedByDN, '\0', sizeof(managedByDN));
7527 memset(moiraId, '\0', sizeof(moiraId));
7528 memset(desc, '\0', sizeof(desc));
7533 if (!strcasecmp(pPtr->attribute, "description"))
7534 strcpy(desc, pPtr->value);
7535 else if (!strcasecmp(pPtr->attribute, "managedBy"))
7536 strcpy(managedByDN, pPtr->value);
7537 else if (!strcasecmp(pPtr->attribute, "mitMoiraId"))
7538 strcpy(moiraId, pPtr->value);
7542 linklist_free(group_base);
7547 if (strlen(av[CONTAINER_ROWID]) != 0)
7549 moiraId_v[0] = av[CONTAINER_ROWID];
7550 ADD_ATTR("mitMoiraId", moiraId_v, LDAP_MOD_REPLACE);
7553 if (strlen(av[CONTAINER_DESC]) != 0)
7555 attribute_update(ldap_handle, ad_path, av[CONTAINER_DESC], "description",
7560 if (strlen(desc) != 0)
7562 attribute_update(ldap_handle, ad_path, "", "description", dName);
7566 if ((strlen(av[CONTAINER_TYPE]) != 0) && (strlen(av[CONTAINER_ID]) != 0))
7568 if (!strcasecmp(av[CONTAINER_TYPE], "KERBEROS"))
7570 if (!contact_create(ldap_handle, dn_path, av[CONTAINER_ID],
7573 sprintf(managedByDN, "CN=%s,%s,%s", av[CONTAINER_ID],
7574 kerberos_ou, dn_path);
7575 managedBy_v[0] = managedByDN;
7576 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7580 if (strlen(managedByDN) != 0)
7582 attribute_update(ldap_handle, ad_path, "", "managedBy",
7589 memset(filter, '\0', sizeof(filter));
7591 if (!strcasecmp(av[CONTAINER_TYPE], "USER"))
7593 sprintf(filter, "(&(cn=%s)(&(objectCategory=person)"
7594 "(objectClass=user)))", av[CONTAINER_ID]);
7597 if (!strcasecmp(av[CONTAINER_TYPE], "LIST"))
7599 sprintf(filter, "(&(objectClass=group)(cn=%s))",
7603 if (strlen(filter) != 0)
7605 attr_array[0] = "distinguishedName";
7606 attr_array[1] = NULL;
7609 if ((rc = linklist_build(ldap_handle, dn_path, filter,
7610 attr_array, &group_base, &group_count,
7611 LDAP_SCOPE_SUBTREE)) == LDAP_SUCCESS)
7613 if (group_count == 1)
7615 strcpy(managedByDN, group_base->value);
7616 managedBy_v[0] = managedByDN;
7617 ADD_ATTR("managedBy", managedBy_v, LDAP_MOD_REPLACE);
7621 if (strlen(managedByDN) != 0)
7623 attribute_update(ldap_handle, ad_path, "",
7624 "managedBy", dName);
7628 linklist_free(group_base);
7635 if (strlen(managedByDN) != 0)
7637 attribute_update(ldap_handle, ad_path, "", "managedBy",
7647 return(LDAP_SUCCESS);
7649 rc = ldap_modify_s(ldap_handle, ad_path, mods);
7651 for (i = 0; i < n; i++)
7654 if (rc != LDAP_SUCCESS)
7656 com_err(whoami, 0, "Unable to modify container info for %s : %s",
7657 av[CONTAINER_NAME], ldap_err2string(rc));
7664 int container_move_objects(LDAP *ldap_handle, char *dn_path, char *dName)
7666 char *attr_array[3];
7667 LK_ENTRY *group_base;
7674 int NumberOfEntries = 10;
7678 rc = ldap_set_option(ldap_handle, LDAP_OPT_SIZELIMIT, &NumberOfEntries);
7680 for (i = 0; i < 3; i++)
7682 memset(filter, '\0', sizeof(filter));
7686 strcpy(filter, "(!(|(objectClass=computer)"
7687 "(objectClass=organizationalUnit)))");
7688 attr_array[0] = "cn";
7689 attr_array[1] = NULL;
7693 strcpy(filter, "(objectClass=computer)");
7694 attr_array[0] = "cn";
7695 attr_array[1] = NULL;
7699 strcpy(filter, "(objectClass=organizationalUnit)");
7700 attr_array[0] = "ou";
7701 attr_array[1] = NULL;
7706 if ((rc = linklist_build(ldap_handle, dName, filter, attr_array,
7707 &group_base, &group_count,
7708 LDAP_SCOPE_SUBTREE)) != LDAP_SUCCESS)
7713 if (group_count == 0)
7720 if (!strcasecmp(pPtr->attribute, "cn"))
7722 sprintf(new_cn, "cn=%s", pPtr->value);
7724 sprintf(temp, "%s,%s", orphans_other_ou, dn_path);
7726 sprintf(temp, "%s,%s", orphans_machines_ou, dn_path);
7731 rc = ldap_rename_s(ldap_handle, pPtr->dn, new_cn, temp,
7733 if (rc == LDAP_ALREADY_EXISTS)
7735 sprintf(new_cn, "cn=%s_%d", pPtr->value, count);
7742 else if (!strcasecmp(pPtr->attribute, "ou"))
7744 rc = ldap_delete_s(ldap_handle, pPtr->dn);
7750 linklist_free(group_base);
7759 int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
7760 char *machine_ou, char *NewMachineName)
7762 LK_ENTRY *group_base;
7766 char *attr_array[3];
7773 strcpy(NewMachineName, member);
7774 rc = moira_connect();
7775 rc = GetMachineName(NewMachineName);
7778 if (strlen(NewMachineName) == 0)
7780 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7786 pPtr = strchr(NewMachineName, '.');
7793 sprintf(filter, "(sAMAccountName=%s$)", NewMachineName);
7794 attr_array[0] = "cn";
7795 attr_array[1] = NULL;
7796 sprintf(temp, "%s", dn_path);
7798 if ((rc = linklist_build(ldap_handle, temp, filter, attr_array,
7799 &group_base, &group_count,
7800 LDAP_SCOPE_SUBTREE)) != 0)
7802 com_err(whoami, 0, "Unable to process machine %s : %s",
7803 member, ldap_err2string(rc));
7807 if (group_count != 1)
7812 strcpy(dn, group_base->dn);
7813 strcpy(cn, group_base->value);
7815 for (i = 0; i < (int)strlen(dn); i++)
7816 dn[i] = tolower(dn[i]);
7818 for (i = 0; i < (int)strlen(cn); i++)
7819 cn[i] = tolower(cn[i]);
7821 linklist_free(group_base);
7823 pPtr = strstr(dn, cn);
7827 com_err(whoami, 0, "Unable to process machine %s",
7832 pPtr += strlen(cn) + 1;
7833 strcpy(machine_ou, pPtr);
7835 pPtr = strstr(machine_ou, "dc=");
7839 com_err(whoami, 0, "Unable to process machine %s",
7850 int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
7851 char *MoiraMachineName, char *DestinationOu)
7855 char MachineName[128];
7857 char *attr_array[3];
7862 LK_ENTRY *group_base;
7867 strcpy(MachineName, MoiraMachineName);
7868 rc = GetMachineName(MachineName);
7870 if (strlen(MachineName) == 0)
7872 com_err(whoami, 0, "Unable to find alais for machine %s in Moira",
7877 cPtr = strchr(MachineName, '.');
7882 sprintf(filter, "(sAMAccountName=%s$)", MachineName);
7883 attr_array[0] = "sAMAccountName";
7884 attr_array[1] = NULL;
7886 if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
7888 &group_count, LDAP_SCOPE_SUBTREE)) != 0)
7890 com_err(whoami, 0, "Unable to process machine %s : %s",
7891 MoiraMachineName, ldap_err2string(rc));
7895 if (group_count == 1)
7896 strcpy(OldDn, group_base->dn);
7898 linklist_free(group_base);
7901 if (group_count != 1)
7903 com_err(whoami, 0, "Unable to find machine %s in directory: %s",
7908 sprintf(NewOu, "%s,%s", DestinationOu, dn_path);
7909 cPtr = strchr(OldDn, ',');
7914 if (!strcasecmp(cPtr, NewOu))
7918 sprintf(NewCn, "CN=%s", MachineName);
7919 rc = ldap_rename_s(ldap_handle, OldDn, NewCn, NewOu, TRUE, NULL, NULL);
7924 int machine_check(LDAP *ldap_handle, char *dn_path, char *machine_name)
7930 memset(Name, '\0', sizeof(Name));
7931 strcpy(Name, machine_name);
7933 pPtr = strchr(Name, '.');
7939 return(!(rc = checkADname(ldap_handle, dn_path, Name)));
7942 int machine_get_moira_container(LDAP *ldap_handle, char *dn_path,
7943 char *machine_name, char *container_name)
7949 av[0] = machine_name;
7950 call_args[0] = (char *)container_name;
7951 rc = mr_query("get_machine_to_container_map", 1, av,
7952 machine_GetMoiraContainer, call_args);
7956 int machine_GetMoiraContainer(int ac, char **av, void *ptr)
7961 strcpy(call_args[0], av[1]);
7965 int Moira_container_group_create(char **after)
7971 memset(GroupName, '\0', sizeof(GroupName));
7972 rc = Moira_groupname_create(GroupName, after[CONTAINER_NAME],
7973 after[CONTAINER_ROWID]);
7977 argv[L_NAME] = GroupName;
7978 argv[L_ACTIVE] = "1";
7979 argv[L_PUBLIC] = "0";
7980 argv[L_HIDDEN] = "0";
7981 argv[L_MAILLIST] = "0";
7982 argv[L_GROUP] = "1";
7983 argv[L_GID] = UNIQUE_GID;
7984 argv[L_NFSGROUP] = "0";
7985 argv[L_MAILMAN] = "0";
7986 argv[L_MAILMAN_SERVER] = "[NONE]";
7987 argv[L_DESC] = "auto created container group";
7988 argv[L_ACE_TYPE] = "USER";
7989 argv[L_MEMACE_TYPE] = "USER";
7990 argv[L_ACE_NAME] = "sms";
7991 argv[L_MEMACE_NAME] = "sms";
7993 if (rc = mr_query("add_list", 15, argv, NULL, NULL))
7996 "Unable to create container group %s for container %s: %s",
7997 GroupName, after[CONTAINER_NAME], error_message(rc));
8000 Moira_setContainerGroup(after[CONTAINER_NAME], GroupName);
8001 Moira_addGroupToParent(after[CONTAINER_NAME], GroupName);
8006 int Moira_container_group_update(char **before, char **after)
8009 char BeforeGroupName[64];
8010 char AfterGroupName[64];
8013 if (!strcasecmp(after[CONTAINER_NAME], before[CONTAINER_NAME]))
8016 memset(BeforeGroupName, '\0', sizeof(BeforeGroupName));
8017 Moira_getGroupName(after[CONTAINER_NAME], BeforeGroupName, 0);
8018 if (strlen(BeforeGroupName) == 0)
8021 memset(AfterGroupName, '\0', sizeof(AfterGroupName));
8022 rc = Moira_groupname_create(AfterGroupName, after[CONTAINER_NAME],
8023 after[CONTAINER_ROWID]);
8027 if (strcasecmp(BeforeGroupName, AfterGroupName))
8029 argv[L_NAME] = BeforeGroupName;
8030 argv[L_NAME + 1] = AfterGroupName;
8031 argv[L_ACTIVE + 1] = "1";
8032 argv[L_PUBLIC + 1] = "0";
8033 argv[L_HIDDEN + 1] = "0";
8034 argv[L_MAILLIST + 1] = "0";
8035 argv[L_GROUP + 1] = "1";
8036 argv[L_GID + 1] = UNIQUE_GID;
8037 argv[L_NFSGROUP + 1] = "0";
8038 argv[L_MAILMAN + 1] = "0";
8039 argv[L_MAILMAN_SERVER + 1] = "[NONE]";
8040 argv[L_DESC + 1] = "auto created container group";
8041 argv[L_ACE_TYPE + 1] = "USER";
8042 argv[L_MEMACE_TYPE + 1] = "USER";
8043 argv[L_ACE_NAME + 1] = "sms";
8044 argv[L_MEMACE_NAME + 1] = "sms";
8046 if (rc = mr_query("update_list", 16, argv, NULL, NULL))
8049 "Unable to rename container group from %s to %s: %s",
8050 BeforeGroupName, AfterGroupName, error_message(rc));
8057 int Moira_container_group_delete(char **before)
8062 char ParentGroupName[64];
8064 memset(ParentGroupName, '\0', sizeof(ParentGroupName));
8065 Moira_getGroupName(before[CONTAINER_NAME], ParentGroupName, 1);
8067 memset(GroupName, '\0', sizeof(GroupName));
8069 if (strcmp(before[CONTAINER_GROUP_NAME], "[none]"))
8070 strcpy(GroupName, before[CONTAINER_GROUP_NAME]);
8072 if ((strlen(ParentGroupName) != 0) && (strlen(GroupName) != 0))
8074 argv[0] = ParentGroupName;
8076 argv[2] = GroupName;
8078 if (rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL))
8081 "Unable to delete container group %s from list: %s",
8082 GroupName, ParentGroupName, error_message(rc));
8086 if (strlen(GroupName) != 0)
8088 argv[0] = GroupName;
8090 if (rc = mr_query("delete_list", 1, argv, NULL, NULL))
8092 com_err(whoami, 0, "Unable to delete container group %s : %s",
8093 GroupName, error_message(rc));
8100 int Moira_groupname_create(char *GroupName, char *ContainerName,
8101 char *ContainerRowID)
8106 char newGroupName[64];
8107 char tempGroupName[64];
8113 strcpy(temp, ContainerName);
8115 ptr1 = strrchr(temp, '/');
8121 ptr1 = strrchr(temp, '/');
8125 sprintf(tempgname, "%s-%s", ++ptr1, ptr);
8128 strcpy(tempgname, ptr);
8131 strcpy(tempgname, temp);
8133 if (strlen(tempgname) > 25)
8134 tempgname[25] ='\0';
8136 sprintf(newGroupName, "cnt-%s", tempgname);
8138 /* change everything to lower case */
8144 *ptr = tolower(*ptr);
8152 strcpy(tempGroupName, newGroupName);
8155 /* append 0-9 then a-z if a duplicate is found */
8158 argv[0] = newGroupName;
8160 if (rc = mr_query("get_list_info", 1, argv, NULL, NULL))
8162 if (rc == MR_NO_MATCH)
8164 com_err(whoami, 0, "Moira error while creating group name for "
8165 "container %s : %s", ContainerName, error_message(rc));
8169 sprintf(newGroupName, "%s-%c", tempGroupName, i);
8173 com_err(whoami, 0, "Unable to find a unique group name for "
8174 "container %s: too many duplicate container names",
8185 strcpy(GroupName, newGroupName);
8189 int Moira_setContainerGroup(char *origContainerName, char *GroupName)
8194 argv[0] = origContainerName;
8195 argv[1] = GroupName;
8197 if ((rc = mr_query("set_container_list", 2, argv, NULL, NULL)))
8200 "Unable to set container group %s in container %s: %s",
8201 GroupName, origContainerName, error_message(rc));
8207 int Moira_addGroupToParent(char *origContainerName, char *GroupName)
8209 char ContainerName[64];
8210 char ParentGroupName[64];
8214 strcpy(ContainerName, origContainerName);
8216 Moira_getGroupName(ContainerName, ParentGroupName, 1);
8218 /* top-level container */
8219 if (strlen(ParentGroupName) == 0)
8222 argv[0] = ParentGroupName;
8224 argv[2] = GroupName;
8226 if ((rc = mr_query("add_member_to_list", 3, argv, NULL, NULL)))
8229 "Unable to add container group %s to parent group %s: %s",
8230 GroupName, ParentGroupName, error_message(rc));
8236 int Moira_getContainerGroup(int ac, char **av, void *ptr)
8241 strcpy(call_args[0], av[1]);
8246 int Moira_getGroupName(char *origContainerName, char *GroupName,
8249 char ContainerName[64];
8255 strcpy(ContainerName, origContainerName);
8259 ptr = strrchr(ContainerName, '/');
8267 argv[0] = ContainerName;
8269 call_args[0] = GroupName;
8270 call_args[1] = NULL;
8272 if (!(rc = mr_query("get_container_list", 1, argv, Moira_getContainerGroup,
8275 if (strlen(GroupName) != 0)
8280 com_err(whoami, 0, "Unable to get container group from container %s: %s",
8281 ContainerName, error_message(rc));
8283 com_err(whoami, 0, "Unable to get container group from container %s",
8289 int Moira_process_machine_container_group(char *MachineName, char* GroupName,
8295 if (strcmp(GroupName, "[none]") == 0)
8298 argv[0] = GroupName;
8299 argv[1] = "MACHINE";
8300 argv[2] = MachineName;
8303 rc = mr_query("add_member_to_list", 3, argv, NULL, NULL);
8305 rc = mr_query("delete_member_from_list", 3, argv, NULL, NULL);
8309 com_err(whoami, 0, "Unable to add machine %s to container group%s: %s",
8310 MachineName, GroupName, error_message(rc));
8316 int GetMachineName(char *MachineName)
8319 char NewMachineName[1024];
8326 // If the address happens to be in the top-level MIT domain, great!
8327 strcpy(NewMachineName, MachineName);
8329 for (i = 0; i < (int)strlen(NewMachineName); i++)
8330 NewMachineName[i] = toupper(NewMachineName[i]);
8332 szDot = strchr(NewMachineName,'.');
8334 if ((szDot) && (!strcasecmp(szDot+1, DOMAIN_SUFFIX)))
8339 // If not, see if it has a Moira alias in the top-level MIT domain.
8340 memset(NewMachineName, '\0', sizeof(NewMachineName));
8342 args[1] = MachineName;
8343 call_args[0] = NewMachineName;
8344 call_args[1] = NULL;
8346 if (rc = mr_query("get_hostalias", 2, args, ProcessMachineName, call_args))
8348 com_err(whoami, 0, "Unable to resolve machine name %s : %s",
8349 MachineName, error_message(rc));
8350 strcpy(MachineName, "");
8354 if (strlen(NewMachineName) != 0)
8355 strcpy(MachineName, NewMachineName);
8357 strcpy(MachineName, "");
8362 int ProcessMachineName(int ac, char **av, void *ptr)
8365 char MachineName[1024];
8371 if (strlen(call_args[0]) == 0)
8373 strcpy(MachineName, av[0]);
8375 for (i = 0; i < (int)strlen(MachineName); i++)
8376 MachineName[i] = toupper(MachineName[i]);
8378 szDot = strchr(MachineName,'.');
8380 if ((szDot) && (!strcasecmp(szDot+1,DOMAIN_SUFFIX)))
8382 strcpy(call_args[0], MachineName);
8389 void SwitchSFU(LDAPMod **mods, int *UseSFU30, int n)
8395 for (i = 0; i < n; i++)
8397 if (!strcmp(mods[i]->mod_type, "msSFU30UidNumber"))
8398 mods[i]->mod_type = "uidNumber";
8405 for (i = 0; i < n; i++)
8407 if (!strcmp(mods[i]->mod_type, "uidNumber"))
8408 mods[i]->mod_type = "msSFU30UidNumber";
8415 int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
8416 char *DistinguishedName,
8417 char *WinHomeDir, char *WinProfileDir,
8418 char **homedir_v, char **winProfile_v,
8419 char **drives_v, LDAPMod **mods,
8426 char winProfile[1024];
8429 char apple_homedir[1024];
8430 char *apple_homedir_v[] = {NULL, NULL};
8434 LDAPMod *DelMods[20];
8436 char *save_argv[FS_END];
8437 char *fsgroup_save_argv[2];
8439 memset(homeDrive, '\0', sizeof(homeDrive));
8440 memset(path, '\0', sizeof(path));
8441 memset(winPath, '\0', sizeof(winPath));
8442 memset(winProfile, '\0', sizeof(winProfile));
8444 if(!ActiveDirectory)
8446 if (rc = moira_connect())
8448 critical_alert("Ldap incremental",
8449 "Error contacting Moira server : %s",
8454 argv[0] = user_name;
8456 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8459 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8460 !strcmp(save_argv[FS_TYPE], "MUL"))
8463 argv[0] = save_argv[FS_NAME];
8466 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8467 save_fsgroup_info, fsgroup_save_argv)))
8471 argv[0] = fsgroup_save_argv[0];
8473 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8474 save_query_info, save_argv)))
8476 strcpy(path, save_argv[FS_PACK]);
8483 strcpy(path, save_argv[FS_PACK]);
8491 if (!strnicmp(path, AFS, strlen(AFS)))
8493 sprintf(homedir, "%s", path);
8494 sprintf(apple_homedir, "%s/MacData", path);
8495 homedir_v[0] = homedir;
8496 apple_homedir_v[0] = apple_homedir;
8497 ADD_ATTR("homeDirectory", homedir_v, OpType);
8498 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8504 homedir_v[0] = "NONE";
8505 apple_homedir_v[0] = "NONE";
8506 ADD_ATTR("homeDirectory", homedir_v, OpType);
8507 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v,
8514 if ((!strcasecmp(WinHomeDir, "[afs]")) ||
8515 (!strcasecmp(WinProfileDir, "[afs]")))
8517 if (rc = moira_connect())
8519 critical_alert("Ldap incremental",
8520 "Error contacting Moira server : %s",
8525 argv[0] = user_name;
8527 if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info,
8530 if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
8531 !strcmp(save_argv[FS_TYPE], "MUL"))
8534 argv[0] = save_argv[FS_NAME];
8537 if (!(rc = mr_query("get_fsgroup_members", 1, argv,
8538 save_fsgroup_info, fsgroup_save_argv)))
8542 argv[0] = fsgroup_save_argv[0];
8544 if (!(rc = mr_query("get_filesys_by_label", 1, argv,
8545 save_query_info, save_argv)))
8547 strcpy(path, save_argv[FS_PACK]);
8554 strcpy(path, save_argv[FS_PACK]);
8562 if (!strnicmp(path, AFS, strlen(AFS)))
8564 AfsToWinAfs(path, winPath);
8565 strcpy(winProfile, winPath);
8566 strcat(winProfile, "\\.winprofile");
8573 if ((!strcasecmp(WinHomeDir, "[dfs]")) ||
8574 (!strcasecmp(WinProfileDir, "[dfs]")))
8576 sprintf(path, "\\\\%s\\dfs\\profiles\\%c\\%s", ldap_domain,
8577 user_name[0], user_name);
8579 if (!strcasecmp(WinProfileDir, "[dfs]"))
8581 strcpy(winProfile, path);
8582 strcat(winProfile, "\\.winprofile");
8585 if (!strcasecmp(WinHomeDir, "[dfs]"))
8586 strcpy(winPath, path);
8589 if (!strcasecmp(WinHomeDir, "[local]"))
8590 memset(winPath, '\0', sizeof(winPath));
8591 else if (!strcasecmp(WinHomeDir, "[afs]") ||
8592 !strcasecmp(WinHomeDir, "[dfs]"))
8594 strcpy(homeDrive, "H:");
8598 strcpy(winPath, WinHomeDir);
8599 if (!strncmp(WinHomeDir, "\\\\", 2))
8601 strcpy(homeDrive, "H:");
8605 // nothing needs to be done if WinProfileDir is [afs].
8606 if (!strcasecmp(WinProfileDir, "[local]"))
8607 memset(winProfile, '\0', sizeof(winProfile));
8608 else if (strcasecmp(WinProfileDir, "[afs]") &&
8609 strcasecmp(WinProfileDir, "[dfs]"))
8611 strcpy(winProfile, WinProfileDir);
8614 if (strlen(winProfile) != 0)
8616 if (winProfile[strlen(winProfile) - 1] == '\\')
8617 winProfile[strlen(winProfile) - 1] = '\0';
8620 if (strlen(winPath) != 0)
8622 if (winPath[strlen(winPath) - 1] == '\\')
8623 winPath[strlen(winPath) - 1] = '\0';
8626 if ((winProfile[1] == ':') && (strlen(winProfile) == 2))
8627 strcat(winProfile, "\\");
8629 if ((winPath[1] == ':') && (strlen(winPath) == 2))
8630 strcat(winPath, "\\");
8632 if (strlen(winPath) == 0)
8634 if (OpType == LDAP_MOD_REPLACE)
8637 DEL_ATTR("homeDirectory", LDAP_MOD_DELETE);
8639 //unset homeDirectory attribute for user.
8640 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8646 homedir_v[0] = strdup(winPath);
8647 ADD_ATTR("homeDirectory", homedir_v, OpType);
8650 if (strlen(winProfile) == 0)
8652 if (OpType == LDAP_MOD_REPLACE)
8655 DEL_ATTR("profilePath", LDAP_MOD_DELETE);
8657 //unset profilePate attribute for user.
8658 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8664 winProfile_v[0] = strdup(winProfile);
8665 ADD_ATTR("profilePath", winProfile_v, OpType);
8668 if (strlen(homeDrive) == 0)
8670 if (OpType == LDAP_MOD_REPLACE)
8673 DEL_ATTR("homeDrive", LDAP_MOD_DELETE);
8675 //unset homeDrive attribute for user
8676 rc = ldap_modify_s(ldap_handle, DistinguishedName, DelMods);
8682 drives_v[0] = strdup(homeDrive);
8683 ADD_ATTR("homeDrive", drives_v, OpType);
8689 int attribute_update(LDAP *ldap_handle, char *distinguished_name,
8690 char *attribute_value, char *attribute, char *user_name)
8692 char *mod_v[] = {NULL, NULL};
8693 LDAPMod *DelMods[20];
8699 if (strlen(attribute_value) == 0)
8702 DEL_ATTR(attribute, LDAP_MOD_DELETE);
8704 rc = ldap_modify_s(ldap_handle, distinguished_name, DelMods);
8710 mod_v[0] = attribute_value;
8711 ADD_ATTR(attribute, mod_v, LDAP_MOD_REPLACE);
8714 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8715 mods)) != LDAP_SUCCESS)
8719 mod_v[0] = attribute_value;
8720 ADD_ATTR(attribute, mod_v, LDAP_MOD_ADD);
8723 if ((rc = ldap_modify_s(ldap_handle, distinguished_name,
8724 mods)) != LDAP_SUCCESS)
8726 com_err(whoami, 0, "Unable to change the %s attribute for %s "
8727 "in the directory : %s",
8728 attribute, user_name, ldap_err2string(rc));
8738 void StringTrim(char *StringToTrim)
8743 save = strdup(StringToTrim);
8750 /* skip to end of string */
8755 strcpy(StringToTrim, save);
8759 for (t = s; *t; t++)
8775 strcpy(StringToTrim, s);
8779 int ReadConfigFile(char *DomainName)
8790 sprintf(temp, "%s%s.cfg", CFG_PATH, DomainName);
8792 if ((fptr = fopen(temp, "r")) != NULL)
8794 while (fgets(temp, sizeof(temp), fptr) != 0)
8796 for (i = 0; i < (int)strlen(temp); i++)
8797 temp[i] = toupper(temp[i]);
8799 if (temp[strlen(temp) - 1] == '\n')
8800 temp[strlen(temp) - 1] = '\0';
8804 if (strlen(temp) == 0)
8807 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
8809 if (strlen(temp) > (strlen(DOMAIN)))
8811 strcpy(ldap_domain, &temp[strlen(DOMAIN)]);
8812 StringTrim(ldap_domain);
8815 else if (!strncmp(temp, REALM, strlen(REALM)))
8817 if (strlen(temp) > (strlen(REALM)))
8819 strcpy(ldap_realm, &temp[strlen(REALM)]);
8820 StringTrim(ldap_realm);
8823 else if (!strncmp(temp, PORT, strlen(PORT)))
8825 if (strlen(temp) > (strlen(PORT)))
8827 strcpy(ldap_port, &temp[strlen(PORT)]);
8828 StringTrim(ldap_port);
8831 else if (!strncmp(temp, PRINCIPALNAME, strlen(PRINCIPALNAME)))
8833 if (strlen(temp) > (strlen(PRINCIPALNAME)))
8835 strcpy(PrincipalName, &temp[strlen(PRINCIPALNAME)]);
8836 StringTrim(PrincipalName);
8839 else if (!strncmp(temp, SERVER, strlen(SERVER)))
8841 if (strlen(temp) > (strlen(SERVER)))
8843 ServerList[Count] = calloc(1, 256);
8844 strcpy(ServerList[Count], &temp[strlen(SERVER)]);
8845 StringTrim(ServerList[Count]);
8849 else if (!strncmp(temp, MSSFU, strlen(MSSFU)))
8851 if (strlen(temp) > (strlen(MSSFU)))
8853 strcpy(temp1, &temp[strlen(MSSFU)]);
8855 if (!strcmp(temp1, SFUTYPE))
8859 else if (!strncmp(temp, GROUP_SUFFIX, strlen(GROUP_SUFFIX)))
8861 if (strlen(temp) > (strlen(GROUP_SUFFIX)))
8863 strcpy(temp1, &temp[strlen(GROUP_SUFFIX)]);
8865 if (!strcasecmp(temp1, "NO"))
8868 memset(group_suffix, '\0', sizeof(group_suffix));
8872 else if (!strncmp(temp, GROUP_TYPE, strlen(GROUP_TYPE)))
8874 if (strlen(temp) > (strlen(GROUP_TYPE)))
8876 strcpy(temp1, &temp[strlen(GROUP_TYPE)]);
8878 if (!strcasecmp(temp1, "UNIVERSAL"))
8879 UseGroupUniversal = 1;
8882 else if (!strncmp(temp, SET_GROUP_ACE, strlen(SET_GROUP_ACE)))
8884 if (strlen(temp) > (strlen(SET_GROUP_ACE)))
8886 strcpy(temp1, &temp[strlen(SET_GROUP_ACE)]);
8888 if (!strcasecmp(temp1, "NO"))
8892 else if (!strncmp(temp, SET_PASSWORD, strlen(SET_PASSWORD)))
8894 if (strlen(temp) > (strlen(SET_PASSWORD)))
8896 strcpy(temp1, &temp[strlen(SET_PASSWORD)]);
8898 if (!strcasecmp(temp1, "NO"))
8902 else if (!strncmp(temp, EXCHANGE, strlen(EXCHANGE)))
8904 if (strlen(temp) > (strlen(EXCHANGE)))
8906 strcpy(temp1, &temp[strlen(EXCHANGE)]);
8908 if (!strcasecmp(temp1, "YES"))
8912 else if (!strncmp(temp, PROCESS_MACHINE_CONTAINER,
8913 strlen(PROCESS_MACHINE_CONTAINER)))
8915 if (strlen(temp) > (strlen(PROCESS_MACHINE_CONTAINER)))
8917 strcpy(temp1, &temp[strlen(PROCESS_MACHINE_CONTAINER)]);
8919 if (!strcasecmp(temp1, "NO"))
8920 ProcessMachineContainer = 0;
8923 else if (!strncmp(temp, ACTIVE_DIRECTORY,
8924 strlen(ACTIVE_DIRECTORY)))
8926 if (strlen(temp) > (strlen(ACTIVE_DIRECTORY)))
8928 strcpy(temp1, &temp[strlen(ACTIVE_DIRECTORY)]);
8930 if (!strcasecmp(temp1, "NO"))
8931 ActiveDirectory = 0;
8934 else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
8935 strlen(GROUP_POPULATE_MEMBERS)))
8937 if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
8939 strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
8941 if (!strcasecmp(temp1, "DELETE"))
8943 GroupPopulateDelete = 1;
8947 else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
8949 if (strlen(temp) > (strlen(MAX_MEMBERS)))
8951 strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
8953 max_group_members = atoi(temp1);
8958 if (strlen(ldap_domain) != 0)
8960 memset(ldap_domain, '\0', sizeof(ldap_domain));
8964 if (strlen(temp) != 0)
8965 strcpy(ldap_domain, temp);
8971 if (strlen(ldap_domain) == 0)
8973 strcpy(ldap_domain, DomainName);
8979 for (i = 0; i < Count; i++)
8981 if (ServerList[i] != 0)
8983 for (k = 0; k < (int)strlen(ServerList[i]); k++)
8984 ServerList[i][k] = toupper(ServerList[i][k]);
8991 int ReadDomainList()
8998 unsigned char c[11];
8999 unsigned char stuff[256];
9004 sprintf(temp, "%s%s", CFG_PATH, WINADCFG);
9006 if ((fptr = fopen(temp, "r")) != NULL)
9008 while (fgets(temp, sizeof(temp), fptr) != 0)
9010 for (i = 0; i < (int)strlen(temp); i++)
9011 temp[i] = toupper(temp[i]);
9013 if (temp[strlen(temp) - 1] == '\n')
9014 temp[strlen(temp) - 1] = '\0';
9018 if (strlen(temp) == 0)
9021 if (!strncmp(temp, DOMAIN, strlen(DOMAIN)))
9023 if (strlen(temp) > (strlen(DOMAIN)))
9025 strcpy(temp1, &temp[strlen(DOMAIN)]);
9027 strcpy(temp, temp1);
9031 strcpy(DomainNames[Count], temp);
9032 StringTrim(DomainNames[Count]);
9041 critical_alert("incremental", "%s", "ldap.incr cannot run due to a "
9042 "configuration error in ldap.cfg");
9049 int email_isvalid(const char *address) {
9051 const char *c, *domain;
9052 static char *rfc822_specials = "()<>@,;:\\\"[]";
9054 if(address[strlen(address) - 1] == '.')
9057 /* first we validate the name portion (name@domain) */
9058 for (c = address; *c; c++) {
9059 if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==
9064 if (*c == '\\' && (*++c == ' '))
9066 if (*c <= ' ' || *c >= 127)
9081 if (*c <= ' ' || *c >= 127)
9083 if (strchr(rfc822_specials, *c))
9087 if (c == address || *(c - 1) == '.')
9090 /* next we validate the domain portion (name@domain) */
9091 if (!*(domain = ++c)) return 0;
9094 if (c == domain || *(c - 1) == '.')
9098 if (*c <= ' ' || *c >= 127)
9100 if (strchr(rfc822_specials, *c))
9104 return (count >= 1);
9107 int find_homeMDB(LDAP *ldap_handle, char *dn_path, char **homeMDB,
9108 char **homeServerName)
9110 LK_ENTRY *group_base;
9111 LK_ENTRY *sub_group_base;
9115 int sub_group_count;
9117 char sub_filter[1024];
9118 char search_path[1024];
9120 char *attr_array[3];
9122 int homeMDB_count = -1;
9126 int rangeStep = 1500;
9128 int rangeHigh = rangeLow + (rangeStep - 1);
9131 /* Grumble..... microsoft not making it searchable from the root *grr* */
9133 memset(filter, '\0', sizeof(filter));
9134 memset(search_path, '\0', sizeof(search_path));
9136 sprintf(filter, "(objectClass=msExchMDB)");
9137 sprintf(search_path, "CN=Configuration,%s", dn_path);
9138 attr_array[0] = "distinguishedName";
9139 attr_array[1] = NULL;
9144 if ((rc = linklist_build(ldap_handle, search_path, filter, attr_array,
9145 &group_base, &group_count,
9146 LDAP_SCOPE_SUBTREE)) != 0)
9148 com_err(whoami, 0, "Unable to find msExchMDB %s",
9149 ldap_err2string(rc));
9158 if (((s = strstr(gPtr->dn, "Public")) != (char *) NULL) ||
9159 ((s = strstr(gPtr->dn, "Recover")) != (char *) NULL) ||
9160 ((s = strstr(gPtr->dn, "Reserve")) != (char *) NULL))
9167 * Due to limits in active directory we need to use the LDAP
9168 * range semantics to query and return all the values in
9169 * large lists, we will stop increasing the range when
9170 * the result count is 0.
9178 memset(sub_filter, '\0', sizeof(sub_filter));
9179 memset(range, '\0', sizeof(range));
9180 sprintf(sub_filter, "(objectClass=msExchMDB)");
9183 sprintf(range, "homeMDBBL;Range=%d-*", rangeLow);
9185 sprintf(range, "homeMDBBL;Range=%d-%d", rangeLow, rangeHigh);
9187 attr_array[0] = range;
9188 attr_array[1] = NULL;
9190 sub_group_base = NULL;
9191 sub_group_count = 0;
9193 if ((rc = linklist_build(ldap_handle, gPtr->dn, sub_filter,
9194 attr_array, &sub_group_base,
9196 LDAP_SCOPE_SUBTREE)) != 0)
9198 com_err(whoami, 0, "Unable to find homeMDBBL %s",
9199 ldap_err2string(rc));
9203 if(!sub_group_count)
9209 rangeHigh = rangeLow + (rangeStep - 1);
9216 mdbbl_count += sub_group_count;
9217 rangeLow = rangeHigh + 1;
9218 rangeHigh = rangeLow + (rangeStep - 1);
9221 /* First time through, need to initialize or update the least used */
9223 com_err(whoami, 0, "Mail store %s, count %d", gPtr->dn,
9226 if(mdbbl_count < homeMDB_count || homeMDB_count == -1)
9228 homeMDB_count = mdbbl_count;
9229 *homeMDB = strdup(gPtr->dn);
9233 linklist_free(sub_group_base);
9237 linklist_free(group_base);
9240 * Ok found the server least allocated need to now query to get its
9241 * msExchHomeServerName so we can set it as a user attribute
9244 attr_array[0] = "legacyExchangeDN";
9245 attr_array[1] = NULL;
9250 if ((rc = linklist_build(ldap_handle, *homeMDB, filter,
9251 attr_array, &group_base,
9253 LDAP_SCOPE_SUBTREE)) != 0)
9255 com_err(whoami, 0, "Unable to find msExchHomeServerName %s",
9256 ldap_err2string(rc));
9262 *homeServerName = strdup(group_base->value);
9263 if((s = strrchr(*homeServerName, '/')) != (char *) NULL)
9269 linklist_free(group_base);
9274 char *lowercase(char *s)
9278 for (p = s; *p; p++)
9286 char *uppercase(char *s)
9290 for (p = s; *p; p++)
9298 char *escape_string(char *s)
9306 if(ActiveDirectory) {
9310 memset(string, '\0', sizeof(string));
9314 /* Escape any special characters */
9316 for(; *q != '\0'; q++) {
9339 return strdup(string);
9342 int save_query_info(int argc, char **argv, void *hint)
9345 char **nargv = hint;
9347 for(i = 0; i < argc; i++)
9348 nargv[i] = strdup(argv[i]);
9353 int save_fsgroup_info(int argc, char **argv, void *hint)
9356 char **nargv = hint;
9360 for(i = 0; i < argc; i++)
9361 nargv[i] = strdup(argv[i]);
9369 int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
9370 char *UserOu, char *user_name)
9372 char search_filter[1024];
9373 char *attr_array[3];
9374 LK_ENTRY *group_base;
9381 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9385 if(!strcmp(UserOu, user_ou))
9386 sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
9388 sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
9394 sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))",
9397 attr_array[0] = "mitMoiraId";
9398 attr_array[1] = NULL;
9400 if ((rc = linklist_build(ldap_handle, dn_path, search_filter,
9401 attr_array, &group_base, &group_count,
9402 LDAP_SCOPE_SUBTREE)) != 0)
9404 com_err(whoami, 0, "Unable to check group %s for membership of %s : %s",
9405 group_name, user_name, ldap_err2string(rc));
9418 linklist_free(group_base);